Re: [Fedora-xen] Easiest way to compile custom kernel, for fedora +openswan+xen+patchomatic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-05-30 at 08:04 -0500, Tom Bishop wrote:
> That would be grea tif you could send that, but I would also like to
> know how to do this myself.  Could you explain in more detail how you
> did this?  So it looks like you took the FC5 SRPM, and the endian SRPM
> and ported the changes (how did you arrive at the changes).  You also
> stated that you got patch-o-matic from SVN (not sure what that is) and
> updated a few things, I take it that you ran patch-o-matic and
> installed some options?  
> 
> I really appreciate your reply and I hop it isn't too much trouble to
> provide some more detail.  Thanks.

No problem...  This is involved and you will need an understanding of
rpm, rpmbuild, patching and C, it is not something easily covered in a
single email but I will do my best to give you direction.  Hey we all
have to start somewhere :-)

1) I grabbed a SPEC file from the Endian kernel SRPM and looked through
for source & patches that are not in the stock Fedora kernel.  This is
not obvious to some, but I have spent a lot of years customising Red
Hat/Fedora kernel SRPMS so I had a sense of what was added.

You could also compare a FC3 kernel SPEC file:
  $ diff -u kernel-2.6.spec kernel26-endian.spec

Now a number of the patches are no longer required, this is something
you can find by trial and error.  Basically I did:

  $ rpmbuild -bp --target i686 mykernel.spec

And looked for what patches would not apply and as it turned out I could
leave them out as they had been either merged upstream or the code had
changed that much they were useless.

2) I went looking for any changed additions to the build/install
sections of the spec.  Fortunately the changes were all confined to a
single block that basically untared patch-o-matic (p-o-m) into the
kernel source tree, removed any patches that were not required and then
applied the rest of them.

3) I updated each of the kernel*config files in the SOURCES directory to
included the extra kernel modules patched in from p-o-m.

4) I grabbed the iptables 1.3.5 tarball from www.netfilter.org and an
updated openswan-2.x.x.kernel-2.6-natt.patch.gz from www.openswan.org
and dropped those into the SOURCES directory and updated
  %define iptables_version

at the top of the spec file.

5) I checked out a current p-o-m from the netfilter.org subversion
repository.  You will need subversion installed and then do:

  $ svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng
  $ find patch-o-matic-ng -type d -name \.svn | xargs rm -rf
  $ mv patch-o-matic-ng patch-o-matic-ng-20060529
  $ tar cjvf patch-o-matic-ng-20060529.tar.bz2 patch-o-matic-ng-20060529

(to anyone else reading this, I know about -exec I have just seen too
many bad keystrokes do damage in the wrong hands)

Then you should copy the patch-o-matic-ng-20060529.tar.bz2 to the
SOURCES directory.

6) As the version of p-o-m used by Endian was quite old I had to
manually go through and update the list of patches removed in the spec
file.

7) Kept trying to build the RPM until it worked.  This required a bit of
investigation each time and experience will guide you as to how to fix
each one.  But in this case each build failure was a p-o-m module that
did not build as I had not removed its patch directory (it was getting
late)

I also disabled the build of "normal" kernels to save time.  You can do
this by changing some parameters in the SPEC file from:
  %define buildup 1
  %define buildsmp 1

To:
  %define buildup 0
  %define buildsmp 0

To launch the build you can do the following:
  $ rpmbuild -bb --target i686 mykernel.spec

------

And that is it.  I have attached a diff of the stock Fedora
kernel-2.6.16-1.2122_FC5 SPEC file and the updated one so you can get a
handle on exactly what is new.

The full SRPM is 43MiB, so do you have anywhere I could FTP it to?

I am happy to help if you get stuck on specific details, but that is
starting to get off topic for these lists so you may want to email me
directly.

Take care,

Gawain

--- kernel-2.6.spec	2006-05-22 04:54:08.000000000 +1000
+++ kernel-firewall.spec	2006-05-30 02:07:59.000000000 +1000
@@ -3,15 +3,20 @@
 # What parts do we want to build?  We must build at least one kernel.
 # These are the kernels that are built IF the architecture allows it.
 
-%define buildup 1
-%define buildsmp 1
+%define buildup 0
+%define buildsmp 0
 # Whether to apply the Xen patches, leave this enabled.
 %define includexen 1
 # Whether to build the Xen kernels, disable if you want.
 %define buildxen 1
 %define buildxenPAE 0
 %define builddoc 0
-%define buildkdump 1
+%define buildkdump 0
+%define buildprepom 0
+
+%define iptables_version 1.3.5
+%define patchomatic_version 20060529
+%define openswan_version 2.4.5
 
 # Versions of various parts
 
@@ -153,6 +158,9 @@
 #
 %define kernel_prereq  fileutils, module-init-tools, initscripts >= 8.11.1-1, mkinitrd >= 4.2.21-1
 
+%define KERNEL_PATH ${RPM_BUILD_DIR}/%{name}-%{version}/linux-%{kversion}
+%define IPTABLES_PATH ${RPM_BUILD_DIR}/%{name}-%{version}/iptables-%{iptables_version}
+
 Name: kernel
 Group: System Environment/Kernel
 License: GPLv2
@@ -211,6 +219,10 @@
 Source41: kernel-%{kversion}-x86_64-xen0.config
 Source42: kernel-%{kversion}-x86_64-xenU.config
 
+Source100: http://www.netfilter.org/files/iptables-%{iptables_version}.tar.bz2
+Source101: http://ftp.netfilter.org/pub/path-o-matic-ng/snapshot/patch-o-matic-ng-%{patchomatic_version}.tar.bz2
+
+
 #
 # Patches 0 through 100 are meant for core subsystem upgrades
 #
@@ -432,6 +444,9 @@
 # Xen hypervisor patches
 Patch20000: xen-sched-sedf.patch
 
+# Firewall stuff
+Patch90000: http://www.openswan.org/download/openswan-%{openswan_version}.kernel-2.6-natt.patch.gz
+Patch90001: http://www.openswan.org/download/openswan-%{openswan_version}.kernel-2.6-klips.patch.gz
 
 # END OF PATCH DEFINITIONS
 
@@ -1093,8 +1108,70 @@
 %patch10001 -p1
 
 
+# Firewall stuff - OpenSWAN
+%patch90000 -p1
+#%patch90001 -p1
+
 # END OF PATCH APPLICATIONS
 
+
+# Firewall stuff
+%if %{buildprepom}
+cp -R %{KERNEL_PATH}.%{_target_cpu} ${RPM_BUILD_DIR}/%{name}-%{version}/linux-prepom-%{kversion}.%{_target_cpu}
+%endif
+
+# iptables source
+%setup -q -n %{name}-%{version} -c -a 100 -T -D
+
+# patch-o-matic
+%setup -q -n %{name}-%{version} -c -a 101 -T -D
+
+
+echo -n We are in
+echo `pwd`
+
+cd patch-o-matic-ng-%{patchomatic_version}
+sed -i -e 's/head\ -1/head\ -n\ 1/' runme
+
+pushd patchlets
+
+# mainline
+
+# base
+rm -rf IPV4OPTSSTRIP
+rm -rf connlimit
+rm -rf set
+rm -rf iprange
+rm -rf u32
+
+# extra
+rm -rf IPMARK
+rm -rf ROUTE
+rm -rf TARPIT
+rm -rf conntrack_nonat
+rm -rf directx8-conntrack-nat
+rm -rf eggdrop-conntrack
+#rm -rf ipv4options
+rm -rf layer2-hooks
+rm -rf msnp-conntrack-nat
+rm -rf quake3-conntrack-nat
+rm -rf rpc
+rm -rf rsh
+rm -rf talk-conntrack-nat
+
+# Why oh why won't you work...
+rm -rf rtsp-conntrack
+
+popd
+
+# patches of the base repository or do apply well or are already applied
+./runme --batch --kernel-path=%{KERNEL_PATH}.%{_target_cpu} --iptables-path=%{IPTABLES_PATH} extra
+
+cd %{KERNEL_PATH}.%{_target_cpu}
+
+# End firewall stuff
+
+
 cp %{SOURCE10} Documentation/
 
 mkdir configs

[Index of Archives]     [Fedora General]     [Fedora Music]     [Linux Kernel]     [Fedora Desktop]     [Fedora Directory]     [PAM]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux