Custom kernel to match chroot, efistub for embedded bootloader and RO sandbox for root only [Solved as incompatible]

For issues with MX that has been modified from the initial install. Example: adding packages that then cause issues.
Forum rules
Post Reply
Message
Author
1mouse3
Posts: 10
Joined: Mon Mar 10, 2025 7:55 am

Re: Custom kernel to match chroot, efistub for embedded bootloader and RO sandbox for root not home (using respin))

#11 Post by 1mouse3 »

Searching for info on that source tarball, I found this on a older kernel.

https://debian-handbook.info/browse/sta ... ation.html

What I see there is running me in circles with commands to make that tarball, and are something similar to what I have in the gentoo ebuild.

Code: Select all

restore_config .config
emake ${MAKECONF[@]} olddefconfig
emake ${MAKECONF[@]} bzImage
emake ${MAKECONF[@]} modules_prepare modules 
emake ${MAKECONF[@]} all
make prepare
make scripts
installkernel ${KERNELTAGS} ${S}/arch/x86/boot/bzImage ${S}/System.map ${D}/boot/
sbsing --key /root/secureboot/MOK.key --cert /root/secureboot/MOK.crt /boot/vmlinuz-${KERNELTAGS}
rsync -ar /usr/src/linux-${KERNELTAGS}/video/ ${image}/lib/modules/${KERNELTAGS}/video
depmod -b ${D} -ae -F System.map ${KERNELTAGS}
I dont see the boot part but this is what I have in the ebuild

Code: Select all

emake ${MAKECONF[@]} install INSTALL_PATH=${D}/boot/
emake ${MAKECONF[@]} ${TARGETS[@]} INSTALL_MOD_PATH=${D} INSTALL_PATH=${D}/boot/
So whats in this, is made with ebuild. So though is to make a addition to it, so that it will make this tarball of image.

Code: Select all

linux-source-6.1.tar.xz
Then have MX linux run "make deb-pkg" on that tarball, to make this .deb. Am I correct on this path to get the custom kernel, or is there something I missing here?

Code: Select all

linux-source-6.1_6.1.124-1_all.deb
This is in the debian patch tarball

Code: Select all

Missing debian/certs/debian-uefi-certs.pem
So is this needed in the .config, to go with that?

Code: Select all

#
# Certificates for signature checking
#
CONFIG_MODULE_SIG_KEY=""
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/debian-uefi-certs.pem"
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
# end of Certificates for signature checking
EDIT: Im seeing this looking more into it.

https://www.dwarmstrong.org/kernel/

Its making the .deb off the unpacked source that the ebuild makes and uses this command to do so.

Code: Select all

make deb-pkg LOCALVERSION=-custom
Then says this symlink string should do this

Code: Select all

$ ls -l ../*.deb
../linux-headers-6.1.124-custom-6.1.124-custom-1_amd64.deb
../linux-image-6.1.124-custom-6.1.124-custom-1_amd64.deb
../linux-libc-dev_6.1.124-custom-1_amd64.deb
Then this to install.

Code: Select all

$ sudo dpkg -i ../linux-image-6.1.124-custom_6.1.124-custom-1_amd64.deb
$ sudo dpkg -i ../linux-headers-6.1.124-custom_6.1.124-custom-1_amd64.deb

EDIT:EDIT:

Was looking over the gentoo patches that came with the ebuild, to see what sets it for use on gentoo and found this.

https://github.com/1mouse3/liguros-xxx/ ... nfig.patch

Looking in the debian patch tarball and found this python scripte to make the same.

Code: Select all

from collections import OrderedDict

__all__ = (
    "KconfigFile",
)


class KConfigEntry(object):
    __slots__ = 'name', 'value', 'comments'

    def __init__(self, name, value, comments=None):
        self.name, self.value = name, value
        self.comments = comments or []

    def __eq__(self, other):
        return self.name == other.name and self.value == other.value

    def __hash__(self):
        return hash(self.name) | hash(self.value)

    def __repr__(self):
        return ('<{}({!r}, {!r}, {!r})>'
                .format(self.__class__.__name__, self.name, self.value,
                        self.comments))

    def __str__(self):
        return 'CONFIG_{}={}'.format(self.name, self.value)

    def write(self):
        for comment in self.comments:
            yield '#. ' + comment
        yield str(self)


class KConfigEntryTristate(KConfigEntry):
    __slots__ = ()

    VALUE_NO = False
    VALUE_YES = True
    VALUE_MOD = object()

    def __init__(self, name, value, comments=None):
        if value == 'n' or value is None:
            value = self.VALUE_NO
        elif value == 'y':
            value = self.VALUE_YES
        elif value == 'm':
            value = self.VALUE_MOD
        else:
            raise NotImplementedError
        super(KConfigEntryTristate, self).__init__(name, value, comments)

    def __str__(self):
        if self.value is self.VALUE_MOD:
            return 'CONFIG_{}=m'.format(self.name)
        if self.value:
            return 'CONFIG_{}=y'.format(self.name)
        return '# CONFIG_{} is not set'.format(self.name)


class KconfigFile(OrderedDict):
    def __str__(self):
        ret = []
        for i in self.str_iter():
            ret.append(i)
        return '\n'.join(ret) + '\n'

    def read(self, f):
        for line in iter(f.readlines()):
            line = line.strip()
            if line.startswith("CONFIG_"):
                i = line.find('=')
                option = line[7:i]
                value = line[i + 1:]
                self.set(option, value)
            elif line.startswith("# CONFIG_"):
                option = line[9:-11]
                self.set(option, 'n')
            elif line.startswith("#") or not line:
                pass
            else:
                raise RuntimeError("Can't recognize %s" % line)

    def set(self, key, value):
        if value in ('y', 'm', 'n'):
            entry = KConfigEntryTristate(key, value)
        else:
            entry = KConfigEntry(key, value)
        self[key] = entry

    def str_iter(self):
        for key, value in self.items():
            yield str(value)
Top
1mouse3
Posts: 10
Joined: Mon Mar 10, 2025 7:55 am

Re: Custom kernel to match chroot, efistub for embedded bootloader and RO sandbox for root not home (using respin))

#12 Post by 1mouse3 »

Doing that would mean the core packages would have to match but there is a vast version difference, this would make gcc different and incompatible. Also there is glibc vs klibc, where both would need switched to uclibc-ng. Im not sure I can get that old of packages for gentoo and newer ones in the debian sid, dont quite come that new and are marked unstable.

Code: Select all

# Gentoo linux
binutils 2.43-r2
gcc 14.2.1_p20241221
boost 1.85.0-r1
ninja 1.12.1
nodejs 22.13.1
python 3.11.11

# MX linux
binutils 2-40-2
gcc 12.2.0-14
boost mia
ninja 1.11.1-2 but uninstalled
nodejs 18.19.0 but uninstalled
python 3.11.2
Top
1mouse3
Posts: 10
Joined: Mon Mar 10, 2025 7:55 am

Re: Custom kernel to match chroot, efistub for embedded bootloader and RO sandbox for root not home (using respin))

#13 Post by 1mouse3 »

MX linux is incompatible with what I need for a RO sandbox rescue USB, it is not possible for core program versions to be made a match. It would be more viable to find something closer in version history like alpine, and port these three programs over to that distro with there dependencys. Thanks to who ever made these, these are useful tools.

# Chroot rescue
https://github.com/BitJam/chroot-rescue
https://github.com/BitJam/cli-shell-utils

# ISO snapshot
https://github.com/MX-Linux/mx-snapshot ... an/control
https://github.com/MX-Linux/mx-remaster ... an/control
https://github.com/antiX-Linux/antix-li ... an/control

# USB maker
https://github.com/MX-Linux/lum-qt-appi ... g/19.11.02
https://github.com/MX-Linux/lum-qt-appi ... xcludelist
https://github.com/AppImage/AppImageKit/issues/1015 (musl in alpine will be a issue best solved by switching to uclibc-ng)
Top
Post Reply

Return to “MX Modified”