Jump to content

Recommended Posts

Posted (edited)

I hope you can understand my question just from the title but here's more information in case you need it.

BACKGROUND ON MY END GOAL IN CASE YOU HAVE ADVICE:

I'm attempting to create a hardened linux image for running on my nanoPC-t4.   I gotta give you guys props because Armbian appears to be wayyyyy ahead of the alternative distributions I checked out (gentoo/arch/lubuntu) in terms of support/customizability/documentation for ARM development.  As a first step, I'm trying to build & boot a hardened Linux kernel.  After some googling, I settled on this repo as my best option for free & open-source hardened kernel sources (unless anyone has a better suggestion).

 

ON MY ORIGINAL QUESTION:

I've already booted a manually built image using the Armbian Build Tools.  Now I'm trying to create an image with custom linux sources but I'm not very familiar yet with the build scripts and the development guide doesn't detail the process of adding new kernel sources into the tool.  I tried the naive option of simply editing the sources configuration file to point to a different repo:
    - KERNELSOURCE='https://github.com/ayufan-rock64/linux-mainline-kernel'

    - KERNELBRANCH='tag:5.2.0-1116-ayufan'

    - KERNELDIR='linux-rockchip64'

    + KERNELSOURCE='https://github.com/anthraxx/linux-hardened'

    + KERNELBRANCH='tag:5.2.a'

    + KERNELDIR='linux-hardened'

 

And this worked up to a point - obviously all the patches failed to apply but the tool continued anyway.   `make oldconfig` had me update the config with the missing options and I was eventually dropped into menuconfig.  That went fine but eventually the build failed and the script stopped (sorry I don't have the exact error right now because I'm at work).

But most importantly I noticed the script DIDN'T FAIL because of a kernel compilation error.  So something else went wrong/is needed to get this source integrated into the build system.  I'm just wondering what the process is for doing that.

Edited by ethDreamer
Posted
34 minutes ago, ethDreamer said:

to create a hardened linux image for running on my nanoPC-t4


Images build from that sources (mainline + something, https://github.com/anthraxx/linux-hardened) will probably not even boot on this board since upstream mainline support for RK3399 is fairly basic. 5.2.y stuff for 3399 found in @ayufan branch hasn't landed upstream yet.

Right way is perhaps to extract hardened Linux patches and add them to userpatches/rockchip64-dev subdir ... and build image as usual. If you encounter build errors, check files in debug directory.

Posted
43 minutes ago, Igor said:


Images build from that sources (mainline + something, https://github.com/anthraxx/linux-hardened) will probably not even boot on this board since upstream mainline support for RK3399 is fairly basic. 5.2.y stuff for 3399 found in @ayufan branch hasn't landed upstream yet.

Right way is perhaps to extract hardened Linux patches and add them to userpatches/rockchip64-dev subdir ... and build image as usual. If you encounter build errors, check files in debug directory.


I was actually able to successfully do the opposite (merge commits from ayufan-rock64/linux-mainline-kernel into anthraxx/linux-hardened).  I thought this might be easier since there wasn't a whole lot of commits to aufan's branch after forking from torvalds/linux.  Either way I can't test either kernel until I know how to integrate a new kernel source into the Armbian build system.

Posted
13 minutes ago, ethDreamer said:

Either way I can't test either kernel until I know how to integrate a new kernel source into the Armbian build system.


If you were able to merge either way, then proceed by changing kernel sources with overriding variables in userpatches/lib.config or the dirty way as you already did. 

But 5.2.y kernel patches might not be completely adjusted. This is bleeding edge - we are still working on it.

Posted

Okay so if I understand you right (and for anyone who might read this in the future) I just need to create the file userpatches/lib.config containing:

KERNELSOURCE=[github url of kernel source]
KERNELBRANCH=[existing branch]
LINUXCONFIG=[existing config file]

assuming that repository hosts a bootable kernel on that branch that can be successfully compiled with that config - then this is all I need to do to have the build system continue as usual and create the image for me?

Thanks for your help I'll try this when I get home.
 

Posted
12 minutes ago, ethDreamer said:

assuming that repository hosts a bootable kernel on that branch that can be successfully compiled with that config - then this is all I need to do to have the build system continue as usual and create the image for me?


I rarely use external sources but I think it should work this way, yes.

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines