evilKumara
Posts: 1
Joined: Wed Jul 17, 2019 1:23 am

How to Package Custom RPI Kernel into *.deb?

Wed Jul 17, 2019 1:27 am

I have compiled a custom Raspbian kernel from source because i need to enable the CONFIG_AUDIT flags for installing SELinux & Auditd.

Following the Official Kernel Documentation (https://www.raspberrypi.org/documentati ... uilding.md) i was able to do this and it works well.


I now need to package this into a `*.deb` so i am able to install it on other Pi's with without having to manually copy the `*.dtb` and `*.img` and run `sudo make modules_install` on every pi i want to deploy this to.


----------
This is where i run into problems

I have done some investigations and found a few ways to do this on Standard Debian following this Guide (https://www.linode.com/docs/tools-refer ... an-ubuntu/)and using the recommended `make deb-pkg` although when i run `dpkg -i linux-*.deb` on a fresh Pi and reboot it bricks it.

I have also tried to create my own `*.deb` file. By copying the `zImage modules dtbs` into the custom `dpkg-deb` along with redirecting the modules install path to that package too with `make INSTALL_MOD_PATH=$INSTALLDIR modules_install` and running ` dpkg-deb --build [custom-dir]`. This also failed

i have not been able to find out how to create a rpikernelhack pkg either as seen here ( https://raspberrypi.stackexchange.com/ ... kernelhack)

----------

Any help in packaging a custom kernel for the Raspberry Pi 3b+ would be appreciated.

zehubbadude
Posts: 2
Joined: Wed Jan 22, 2020 8:07 am

Re: How to Package Custom RPI Kernel into *.deb?

Wed Jan 22, 2020 8:21 am

Hi, I need to have CONFIG_AUDIT enabled as well in the (latest) Raspbian kernel because this is one of the requirements to use the Pi as a Microsoft Edge device with full security features. The Edge basically requires auditd to run. Although it is possible to install auditd it fails because it is not enabled in the kernel.
I would really appreciate how I can add the CONFIG_AUDIT settings when compiling a new kernel.
Is it as simple as adding:
CONFIG_AUDIT=y
to the .config file located in the root of the source branch? Or should I add it to one of the Makefiles (like security/Makefile)?

Thanks in advance,
E

Return to “Advanced users”