Table of Contents
Compiling the Linux kernel does not require much in the way of extra steps, and is not hard at all for someone who is experienced in compiling the Linux kernel. This description will not conver compiling the Linux kernel, but rather what needs to be done to compile the kernel for LRP.
First come the patches. Two are required:
initrd-archive*diff — this patch provides support for using compressed tar files for the initial RAM disks instead of compressed filesystem images.
linuxrc-always*diff — this patch permits linuxrc to always run, instead of just when the root volume isn't /dev/ram0.
Then comes any additional patches desired. Materhorn and LRP have taken different approaches to kernel patches; Materhorn and Eiger appear to have many more patches available whereas LRP has kept the patches to a minimum.
Oxygen has taken yet another approach. The current Oxygen distribution (March 2001) is using Linux 2.2.18 with the OpenWall [17] patches to make the system more secure; Linux Intrusion Detection System (LIDS) [18] is another possible set of patches that are able to work with OpenWall to provide very solid kernel-based security. Another common patch is the VPN+Masq [19] patch.
Patching a kernel is much simpler than it might appear at first
glance. A typical patch installation will be done within the Linux kernel
source tree, at the top directory (typically /usr/src/linux), and this
command will be executed: patch -p1 < ../mypatch.diff
At times, the patch may be called a *.patch (not entirely correct)
instead of a *.diff — the name comes from the program used to create the
patch (diff). The -p1 option specifies that
the first directory name should be removed from the patch. This is normally
desirable; occasionally (almost never) it will be necessary to use
-p0.
It can shorten the time to configure a kernel if a currently existing kernel configuration is downloaded and used for the initial settings. Once the kernel configuration has been saved, this downloaded file is no longer needed except for backup.
Once patches have been applied, remember to check for options in the kernel configuration. For the LRP patches, select the following options in the Block Devices section:
<*> RAM disk support (4096) Default RAM disk size [*] Initial RAM disk (initrd) support [*] Initial RAM disk archive (untar) support [*] Initial RAM disk minix auto fs support [ ] Initial RAM disk ext2 auto fs support (broken!)
There will probably be options for other patches as well; select the appropriate options as desired. As an example, consider Openwall — a new section in the main menu labeled Security appears:
[*] Non-executable user stack area [*] Autodetect and emulate GCC trampolines [*] Restricted links in /tmp [*] Restricted FIFOs in /tmp [ ] Restricted /proc [*] Special handling of fd 0, 1, and 2 [*] Enforce RLIMIT_NPROC on execve(2) [ ] Destroy shared memory segments not in use
Don't forget to configure the modules, such as networking and so forth. If this kernel is to be a distribution kernel of some kind, compile practically everything (as modules). Otherwise, selecting only that which is necessary for system operation will shorten compile time of the modules. Also, not compiling support for something will save space over compiling support with everything as modules.
A good size kernel will be about 480-490k; a "big" kernel is over 500-520k. The kernel is the second biggest thing on the disk; every byte counts — so it is important to try and keep it as small as practicable.
Be sure to not strip the modules; this will cause segmentation faults in insmod. It is critical the symbols are left in; take the modules unchanged from the kernel compilation.