Skip to content

Instantly share code, notes, and snippets.

@bassu
Created April 2, 2014 18:17
Show Gist options
  • Save bassu/9939924 to your computer and use it in GitHub Desktop.
Save bassu/9939924 to your computer and use it in GitHub Desktop.
Optimized kernel 3.5 rpmbuild spec (similar to Joyent's but for 32 bit CentOS), to be run on SmartOS Illumus-kvm Hypervisor
## Hacked by Bassu
## For CentOS 5.x. May have to recompile iptables.
## Modificatons:
# with_hdr 1
# kernel-lt is kernel-opt
# removed NoSource: 0
# Sources configs are new
# srpm with: mock -v --buildsrpm -r epel-5-i386 --target i686 --spec ~/rpmbuild/SPECS/kernel-opt-3.5.spec --sources ~/rpmbuild/SOURCES/ --resultdir ~/kernel-opt
# rpm with: mock -v --rebuild -r epel-5-i386 --target i686 --resultdir ~/kernel-opt ~/kernel-opt/kernel-opt-3.5.4-1.el5.centos.src.rpm
#
# That's pretty much it!
# Define the version of the Linux Kernel Archive tarball.
%define LKAver 3.5.4
# Define the buildid, if required.
#define buildid .
# The following build options are enabled by default.
# Use either --without <option> on your rpmbuild command line
# or force the values to 0, here, to disable them.
# standard kernel
%define with_std %{?_without_std:0} %{?!_without_std:1}
# kernel-PAE
##%define with_pae %{?_without_pae:0} %{?!_without_pae:1}
%define with_pae 0
# kernel-doc
%define with_doc %{?_without_doc:0} %{?!_without_doc:1}
# kernel-headers
##%define with_hdr %{?_without_hdr:0} %{?!_without_hdr:1}
%define with_hdr 1
# Build only the kernel-doc package.
%ifarch noarch
%define with_std 0
%define with_pae 0
%define with_hdr 0
%endif
# Build only the 32-bit kernel-headers package.
%ifarch i386
%define with_std 1
%define with_hdr 1
%define with_pae 0
%define with_doc 0
%endif
# Build just the 32-bit kernel & kernel-PAE packages.
%ifarch i686
%define with_doc 0
%define with_hdr 1
%endif
# Build just the 64-bit kernel & kernel-headers packages.
%ifarch x86_64
%define with_pae 0
%define with_hdr 1
%define with_doc 0
%endif
# Define the correct buildarch.
%define buildarch x86_64
%ifarch i386 i686
%define buildarch i386
%endif
# Packages that need to be installed before the kernel because the %post scripts make use of them.
%define kernel_prereq fileutils, module-init-tools, initscripts >= 8.11.1-1, mkinitrd >= 4.2.21-1
# Determine the sublevel number and set pkg_version.
%define sublevel %(echo %{LKAver} | %{__awk} -F\. '{ print $3 }')
%if "%{sublevel}" == ""
%define pkg_version %{LKAver}.0
%else
%define pkg_version %{LKAver}
%endif
# Set pkg_release.
%define pkg_release 1%{?buildid}%{?dist}
Name: kernel-opt
Summary: The Linux kernel. (The core of any Linux-based operating system.)
Group: System Environment/Kernel
License: GPLv2
URL: http://www.kernel.org/
Version: %{pkg_version}
Release: %{pkg_release}
ExclusiveArch: noarch i386 i686 x86_64
ExclusiveOS: Linux
Provides: kernel = %{version}
Provides: kernel-%{_target_cpu} = %{version}-%{release}
Provides: kernel-opt = %{version}
Provides: kernel-opt-%{_target_cpu} = %{version}-%{release}
Prereq: %{kernel_prereq}
# We can't let RPM do the dependencies automatically because it'll then pick up
# a correct but undesirable perl dependency from the module headers which
# isn't required for the kernel proper to function.
AutoReq: no
AutoProv: yes
# List the packages used during the kernel build.
BuildPreReq: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar
BuildPreReq: bzip2, findutils, gzip, m4, perl, make >= 3.78, diffutils
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config, unifdef
BuildConflicts: rhbuildsys(DiskFree) < 500Mb
# Sources.
Source0: ftp://ftp.kernel.org/pub/linux/kernel/v3.x/linux-%{LKAver}.tar.xz
Source1: config-%{version}-i686
Source2: config-%{version}-i686-PAE
Source3: config-%{version}-x86_64
# Do not package the source tarball.
#NoSource: 0
%define KVERREL %{PACKAGE_VERSION}-%{PACKAGE_RELEASE}
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root-%(%{__id_u} -n)
# Disable the building of the debug package.
%define debug_package %{nil}
%description
This package provides the Linux kernel (vmlinuz), the core of any
Linux-based operating system. The kernel handles the basic functions
of the OS: memory allocation, process allocation, device I/O, etc.
%package devel
Summary: Development package for building kernel modules to match the kernel.
Group: System Environment/Kernel
Provides: kernel-devel = %{version}
Provides: kernel-devel-%{_target_cpu} = %{version}-%{release}
Provides: kernel-opt-devel = %{version}
Provides: kernel-opt-devel-%{_target_cpu} = %{version}-%{release}
Prereq: /usr/bin/find
AutoReqProv: no
%description devel
This package provides the kernel header files and makefiles
sufficient to build modules against the kernel package.
%package PAE
Summary: The Linux kernel for PAE capable processors.
Group: System Environment/Kernel
Provides: kernel = %{version}
Provides: kernel-%{_target_cpu} = %{version}-%{release}PAE
Provides: kernel-PAE = %{version}
Provides: kernel-PAE-%{_target_cpu} = %{version}-%{release}PAE
Provides: kernel-opt = %{version}
Provides: kernel-opt-%{_target_cpu} = %{version}-%{release}PAE
Provides: kernel-opt-PAE = %{version}
Provides: kernel-opt-PAE-%{_target_cpu} = %{version}-%{release}PAE
Prereq: %{kernel_prereq}
# We can't let RPM do the dependencies automatically because it'll then pick up
# a correct but undesirable perl dependency from the module headers which
# isn't required for the kernel proper to function.
AutoReq: no
AutoProv: yes
%description PAE
This package provides a version of the Linux kernel with support for up to 16GB of memory.
It requires processors with Physical Address Extension (PAE) ability.
The non-PAE kernel can only address up to 4GB of memory.
%package PAE-devel
Summary: Development package for building kernel modules to match the PAE kernel.
Group: System Environment/Kernel
Provides: kernel-PAE-devel = %{version}
Provides: kernel-PAE-devel-%{_target_cpu} = %{version}-%{release}PAE
Provides: kernel-opt-PAE-devel = %{version}
Provides: kernel-opt-PAE-devel-%{_target_cpu} = %{version}-%{release}PAE
Prereq: /usr/bin/find
AutoReqProv: no
%description PAE-devel
This package provides the kernel header files and makefiles
sufficient to build modules against the PAE kernel package.
%package doc
Summary: Various bits of documentation found in the kernel source.
Group: Documentation
Provides: kernel-opt-doc = %{version}-%{release}
%description doc
This package provides documentation files from the kernel source.
Various bits of information about the Linux kernel and the device
drivers shipped with it are documented in these files.
You'll want to install this package if you need a reference to the
options that can be passed to the kernel modules at load time.
%package headers
Summary: Kernel C header files for use by glibc.
Group: Development/System
Conflicts: kernel-headers < %{version}-%{release}
Provides: kernel-opt-headers = %{version}-%{release}
%description headers
This package provides the C header files that specify the interface
between the Linux kernel and userspace libraries & programs. The
header files define structures and constants that are needed when
building most standard programs. They are also required when
rebuilding the glibc package.
%prep
%setup -q -n %{name}-%{version} -c
%{__mv} linux-%{LKAver} linux-%{version}.%{_target_cpu}
pushd linux-%{version}.%{_target_cpu} > /dev/null
%{__cp} %{SOURCE1} .
%{__cp} %{SOURCE2} .
%{__cp} %{SOURCE3} .
popd > /dev/null
%build
BuildKernel() {
Flavour=$1
# Select the correct flavour configuration file and set the development directory / symbolic link.
if [ -n "$Flavour" ]; then
Config=config-%{version}-%{_target_cpu}-$Flavour
DevelDir=/usr/src/kernels/%{KVERREL}-$Flavour-%{_target_cpu}
DevelLink=/usr/src/kernels/%{KVERREL}$Flavour-%{_target_cpu}
else
Config=config-%{version}-%{_target_cpu}
DevelDir=/usr/src/kernels/%{KVERREL}-%{_target_cpu}
DevelLink=
fi
KernelVer=%{version}-%{release}$Flavour
# Set the EXTRAVERSION string in the main Makefile.
%{__perl} -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}$Flavour/" Makefile
%{__make} -s distclean
%{__cp} $Config .config
%{__make} -s CONFIG_DEBUG_SECTION_MISMATCH=y ARCH=%{buildarch} %{?_smp_mflags} bzImage
%{__make} -s CONFIG_DEBUG_SECTION_MISMATCH=y ARCH=%{buildarch} %{?_smp_mflags} modules
# Install the results into the RPM_BUILD_ROOT directory.
%{__mkdir_p} $RPM_BUILD_ROOT/boot
%{__install} -m 644 .config $RPM_BUILD_ROOT/boot/config-$KernelVer
touch $RPM_BUILD_ROOT/boot/initrd-$KernelVer.img
%{__gzip} -c9 < Module.symvers > $RPM_BUILD_ROOT/boot/symvers-$KernelVer.gz
%{__install} -m 644 System.map $RPM_BUILD_ROOT/boot/System.map-$KernelVer
%{__cp} arch/%{buildarch}/boot/bzImage $RPM_BUILD_ROOT/boot/vmlinuz-$KernelVer
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer
%{__make} -s INSTALL_MOD_PATH=$RPM_BUILD_ROOT KERNELRELEASE=$KernelVer ARCH=%{buildarch} modules_install
# Set the modules to be executable, so that they will be stripped when packaged.
find $RPM_BUILD_ROOT/lib/modules/$KernelVer -type f -name "*.ko" -exec %{__chmod} u+x "{}" ";"
# Remove all the files that will be auto generated by depmod at the kernel install time.
%{__rm} -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/modules.*
# Remove the two symbolic links.
%{__rm} -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__rm} -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/source
# Create the four directories and the one symbolic link.
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates
pushd $RPM_BUILD_ROOT/lib/modules/$KernelVer > /dev/null
%{__ln_s} build source
popd > /dev/null
# Collect the required development files.
%{__cp} -a --parents `find -type f -name "Makefile*" -o -name "Kconfig*"` $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__cp} -a --parents kernel/bounds.[cs] $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__cp} -a --parents arch/x86/kernel/*.[cs] $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__cp} -a --parents `find security -type f -name "*.h"` $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__cp} -a Kbuild $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__cp} -a .config $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__cp} -a Module.* $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
%{__rm} -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Documentation
%{__rm} -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include
%{__rm} -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include
%{__cp} -a --parents arch/x86/include $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/
%{__cp} -a --parents include/generated/*.h $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
pushd include > /dev/null
%{__cp} -a * $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include
popd > /dev/null
%{__rm} -f $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include/Kbuild
%{__cp} -a include/generated/*.h $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include/linux
%{__mkdir_p} $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts
%{__cp} -a scripts $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
find $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts -type f -name "*.o" -exec %{__rm} -f "{}" ";"
# Now ensure that the Makefile, Kbuild, .config, version.h, autoconf.h and auto.conf files
# all have matching timestamps so that external modules can be built.
touch -r $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Kbuild
touch -r $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/.config
touch -r $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include/linux/version.h
touch -r $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include/linux/autoconf.h
touch -r $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include/generated/autoconf.h
touch -r $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Makefile $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include/config/auto.conf
# Move the development files out of the /lib/modules/ file system.
%{__mkdir_p} $RPM_BUILD_ROOT/usr/src/kernels
%{__mv} $RPM_BUILD_ROOT/lib/modules/$KernelVer/build $RPM_BUILD_ROOT$DevelDir
%{__ln_s} -f ../../..$DevelDir $RPM_BUILD_ROOT/lib/modules/$KernelVer/build
[ -z "$DevelLink" ] || %{__ln_s} -f `basename $DevelDir` $RPM_BUILD_ROOT$DevelLink
}
%{__rm} -rf $RPM_BUILD_ROOT
pushd linux-%{version}.%{_target_cpu} > /dev/null
%if %{with_std}
BuildKernel
%endif
%if %{with_pae}
BuildKernel PAE
%endif
popd > /dev/null
%install
pushd linux-%{version}.%{_target_cpu} > /dev/null
%if %{with_doc}
%{__mkdir_p} $RPM_BUILD_ROOT/usr/share/doc/%{name}-doc-%{version}/Documentation
# Sometimes non-world-readable files sneak into the kernel source tree.
%{__chmod} -R a+r *
# Copy the documentation over.
%{__tar} cf - Documentation | %{__tar} xf - -C $RPM_BUILD_ROOT/usr/share/doc/%{name}-doc-%{version}
# Remove the unrequired file.
%{__rm} -f $RPM_BUILD_ROOT/usr/share/doc/%{name}-doc-%{version}/Documentation/.gitignore
%endif
%if %{with_hdr}
# Install the kernel headers.
%{__make} -s INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr ARCH=%{buildarch} headers_install
find $RPM_BUILD_ROOT/usr/include -type f ! -name "*.h" -exec %{__rm} -f "{}" ";"
# For now, glibc provides the scsi headers.
%{__rm} -rf $RPM_BUILD_ROOT/usr/include/scsi
%endif
popd > /dev/null
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%post
/sbin/new-kernel-pkg --package kernel-opt --mkinitrd --depmod --install %{KVERREL} || exit $?
if [ -x /sbin/weak-modules ]; then
/sbin/weak-modules --add-kernel %{KVERREL} || exit $?
fi
%post devel
if [ -f /etc/sysconfig/kernel ]; then
. /etc/sysconfig/kernel || exit $?
fi
if [ "$HARDLINK" != "no" -a -x /usr/sbin/hardlink ]; then
pushd /usr/src/kernels/%{KVERREL}-%{_target_cpu} > /dev/null
/usr/bin/find . -type f | while read f; do hardlink -c /usr/src/kernels/*FC*/$f $f; done
popd > /dev/null
fi
%post PAE
/sbin/new-kernel-pkg --package kernel-opt-PAE --mkinitrd --depmod --install %{KVERREL}PAE || exit $?
if [ -x /sbin/weak-modules ]; then
/sbin/weak-modules --add-kernel %{KVERREL}PAE || exit $?
fi
%post PAE-devel
if [ -f /etc/sysconfig/kernel ]; then
. /etc/sysconfig/kernel || exit $?
fi
if [ "$HARDLINK" != "no" -a -x /usr/sbin/hardlink ]; then
pushd /usr/src/kernels/%{KVERREL}-PAE-%{_target_cpu} > /dev/null
/usr/bin/find . -type f | while read f; do hardlink -c /usr/src/kernels/*FC*/$f $f; done
popd > /dev/null
fi
%preun
/sbin/new-kernel-pkg --rminitrd --rmmoddep --remove %{KVERREL} || exit $?
if [ -x /sbin/weak-modules ]; then
/sbin/weak-modules --remove-kernel %{KVERREL} || exit $?
fi
%preun PAE
/sbin/new-kernel-pkg --rminitrd --rmmoddep --remove %{KVERREL}PAE || exit $?
if [ -x /sbin/weak-modules ]; then
/sbin/weak-modules --remove-kernel %{KVERREL}PAE || exit $?
fi
# Files section.
%if %{with_doc}
%files doc
%defattr(-,root,root)
%{_datadir}/doc/%{name}-doc-%{version}/Documentation/*
%dir %{_datadir}/doc/%{name}-doc-%{version}/Documentation
%dir %{_datadir}/doc/%{name}-doc-%{version}
%endif
%if %{with_hdr}
%files headers
%defattr(-,root,root)
/usr/include/*
%endif
%if %{with_std}
%files
%defattr(-,root,root)
/boot/vmlinuz-%{KVERREL}
/boot/System.map-%{KVERREL}
/boot/symvers-%{KVERREL}.gz
/boot/config-%{KVERREL}
/lib/firmware
%dir /lib/modules/%{KVERREL}
/lib/modules/%{KVERREL}/kernel
/lib/modules/%{KVERREL}/build
/lib/modules/%{KVERREL}/source
/lib/modules/%{KVERREL}/extra
/lib/modules/%{KVERREL}/updates
/lib/modules/%{KVERREL}/weak-updates
%ghost /boot/initrd-%{KVERREL}.img
%files devel
%defattr(-,root,root)
%dir /usr/src/kernels
%verify(not mtime) /usr/src/kernels/%{KVERREL}-%{_target_cpu}
%endif
%if %{with_pae}
%files PAE
%defattr(-,root,root)
/boot/vmlinuz-%{KVERREL}PAE
/boot/System.map-%{KVERREL}PAE
/boot/symvers-%{KVERREL}PAE.gz
/boot/config-%{KVERREL}PAE
/lib/firmware
%dir /lib/modules/%{KVERREL}PAE
/lib/modules/%{KVERREL}PAE/kernel
/lib/modules/%{KVERREL}PAE/build
/lib/modules/%{KVERREL}PAE/source
/lib/modules/%{KVERREL}PAE/extra
/lib/modules/%{KVERREL}PAE/updates
/lib/modules/%{KVERREL}PAE/weak-updates
%ghost /boot/initrd-%{KVERREL}PAE.img
%files PAE-devel
%defattr(-,root,root)
%dir /usr/src/kernels
%verify(not mtime) /usr/src/kernels/%{KVERREL}-PAE-%{_target_cpu}
/usr/src/kernels/%{KVERREL}PAE-%{_target_cpu}
%endif
%changelog
* Wed Apr 2 2014 Abbas Khan <bassu@phi9.com> - 3.5.4
- First build with optimized config to be run on SmartOS hypervisor
- [http://linux.joyent.com/joyent_optimized_kernels/centos/5.7/]
- Updated with the 3.5.4 source tarball.
- [https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4]
@bassu
Copy link
Author

bassu commented Apr 2, 2014

Kernel config is here https://gist.github.com/bassu/9939658

Not compiling iptables for newer filter kernel mod may throw up errors like iptables: Unknown error 4294967295

Red Hat keeps really old dinosaur iptables, has ip* prefixed modules instead of latest xt*, requires kernel-headers which conflict with the headers created by above rpm and thus building iptables rpm on RHEL derivatives is a real pain in the ass.

Thank you Red Hat for making backporting tougher than mowing a lawn 😡

Thankfully, below few lines save your day 😜

yum install gcc
cd /tmp
wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.20.tar.bz2
tar -xjf iptables-1.4.20.tar.bz2
rpm --nodeps -e iptables iptables-ipv6
cd iptables-1.4.20
./configure && make && make install
ln -s /usr/local/sbin/iptables /sbin/iptables
ln -s /usr/local/sbin/iptables-save /sbin/iptables-save
ln -s /usr/local/sbin/iptables-restore /sbin/iptables-restore
ln -s /usr/local/sbin/ip6tables /sbin/ip6tables
ln -s /usr/local/sbin/ip6tables-save /sbin/ip6tables-save
ln -s /usr/local/sbin/ip6tables-restore /sbin/ip6tables-restore

cd /etc/init.d
wget http://www.squldvision.info/download/iptables/iptables
chmod +x /etc/init.d/iptables
cp /etc/init.d/iptables /etc/init.d/ip6tables
sed -i 's/IPTABLES=iptables/IPTABLES=ip6tables/' /etc/init.d/ip6tables
chkconfig --add iptables && chkconfig --level 2345 iptables on
chkconfig --add ip6tables && chkconfig --level 2345 ip6tables on

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment