内核下载与编译

文章目录

  • 内核下载与编译
      • 1.内核下载
      • 2.验证kernel签名
      • 3.编译选项配置
    • 总结

1.内核下载

可以直接在官网下载:https://www.kernel.org

~/Desktop/kernel_pwn_environment$ curl -O -L <https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-5.4.98.tar.xz>% Total    % Received % Xferd  Average Speed   Time    Time     Time  CurrentDload  Upload   Total   Spent    Left  Speed
100  104M  100  104M    0     0   376k      0  0:04:42  0:04:42 --:--:--  333k

下载完后直接解压:

~# unxz linux-5.4.98.tar.xz

2.验证kernel签名

内核签名的作用:

为了防止内核被恶意修改,在发布内核时,发布者会对内核进行签名。这里我们也对内核的签名进行校验。

rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ curl -O -L <https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-5.4.98.tar.sign>% Total    % Received % Xferd  Average Speed   Time    Time     Time  CurrentDload  Upload   Total   Spent    Left  Speed
100   989  100   989    0     0   2491      0 --:--:-- --:--:-- --:--:--  2491
rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ gpg --verify linux-5.4.98.tar.sign
gpg: assuming signed data in 'linux-5.4.98.tar'
gpg: Signature made Sat 13 Feb 2021 04:54:47 AM PST
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Can't check signature: No public key

同样也是遇到了ctfwiki上出现的问题,“can’t check signature: No public key”

这主要是因为我们没有相应的公钥来验证签名。此时我们可以下载相应内核版本发布者的公钥

我在下载公钥时报错,猜测应该是网速的问题,换成热点后直接下载下来了:

rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ gpg --locate-keys torvalds@kernel.org gregkh@kernel.org
gpg: error retrieving 'gregkh@kernel.org' via WKD: Server indicated a failure
gpg: error reading key: Server indicated a failure
gpg: error retrieving 'torvalds@kernel.org' via WKD: Server indicated a failure
gpg: error reading key: Server indicated a failure
rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ gpg --locate-keys torvalds@kernel.org gregkh@kernel.org
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <gregkh@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: key 79BE3E4300411886: public key "Linus Torvalds <torvalds@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2011-09-23 [SC]647F28654894E3BD457199BE38DBBDC86092693E
uid           [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
sub   rsa4096 2011-09-23 [E]pub   rsa2048 2011-09-20 [SC]ABAF11C65A2970B130ABE3C479BE3E4300411886
uid           [ unknown] Linus Torvalds <torvalds@kernel.org>
sub   rsa2048 2011-09-20 [E]

为了方便,我们也导入了 torvalds 的公钥。下面验证内核的签名

rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ gpg --verify linux-5.4.98.tar.sign
gpg: assuming signed data in 'linux-5.4.98.tar'
gpg: Signature made Sat 13 Feb 2021 04:54:47 AM PST
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

这里报了一个 WARNING。为了消除这个问题,我们可以选择使用 TOFU 信任对应的密钥

警告这里显示:公钥没有被信任的签名认证

rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ gpg --tofu-policy good 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Setting TOFU trust policy for new binding <key: 647F28654894E3BD457199BE38DBBDC86092693E, user id: Greg Kroah-Hartman <gregkh@kernel.org>> to good.
rencvn@ubuntu:~/Desktop/kernel_pwn_environment$ gpg --trust-model tofu --verify linux-5.4.98.tar.sign
gpg: assuming signed data in 'linux-5.4.98.tar'
gpg: Signature made Sat 13 Feb 2021 04:54:47 AM PST
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [full]
gpg: gregkh@kernel.org: Verified 1 signature in the past 0 seconds.  Encrypted0 messages.

信任过后没有再报错,已验证成功.

在验证成功后,我们就可以解压缩压缩包得到内核源码。

tar -xf linux-5.4.98.tar

3.编译选项配置

在正式编译之前,我们可以配置内核的编译选项。

通过 make menuconfig来配置,但我输入后直接报错,上网查阅资料后,得知缺少了libncurses-dev库,flex,bison,安装后即可:

sudo apt-get install libncurses5-dev
apt-get install flex
apt-get install bison

安装后再次输入make menuconfig,

这里我们主要关注调试方面的选项,依次进入到 Kernel hacking -> Compile-time checks and compiler options,然后勾选如下选项Compile the kernel with debug info,以便于调试。不过似乎现在是默认开启的,如果要使用 kgdb 调试内核,则需要选中 KGDB: kernel debugger,并选中 KGDB 下的所有选项.

接着开始正式编译内核:

~# make -j3 bzImage

我输入后直接报错,好家伙,

rencvn@ubuntu:~/Desktop/kernel_pwn_environment/linux-5.4.98$ make -j3 bzImage
Makefile:632: include/config/auto.conf: No such file or directory
Makefile:678: include/config/auto.conf.cmd: No such file or directoryHOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --syncconfig KconfigSYSTBL  arch/x86/include/generated/asm/syscalls_32.hWRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.hWRAP    arch/x86/include/generated/uapi/asm/errno.hWRAP    arch/x86/include/generated/uapi/asm/fcntl.hWRAP    arch/x86/include/generated/uapi/asm/ioctl.hWRAP    arch/x86/include/generated/uapi/asm/ioctls.hWRAP    arch/x86/include/generated/uapi/asm/ipcbuf.hWRAP    arch/x86/include/generated/uapi/asm/param.hWRAP    arch/x86/include/generated/uapi/asm/poll.hWRAP    arch/x86/include/generated/uapi/asm/resource.hWRAP    arch/x86/include/generated/uapi/asm/socket.hWRAP    arch/x86/include/generated/uapi/asm/sockios.hWRAP    arch/x86/include/generated/uapi/asm/termbits.hWRAP    arch/x86/include/generated/uapi/asm/termios.hWRAP    arch/x86/include/generated/uapi/asm/types.hUPD     include/generated/uapi/linux/version.hUPD     include/config/kernel.releaseHOSTCC  arch/x86/tools/relocs_32.oWRAP    arch/x86/include/generated/asm/dma-contiguous.hWRAP    arch/x86/include/generated/asm/early_ioremap.hWRAP    arch/x86/include/generated/asm/export.hWRAP    arch/x86/include/generated/asm/mcs_spinlock.hWRAP    arch/x86/include/generated/asm/mm-arch-hooks.hWRAP    arch/x86/include/generated/asm/mmiowb.hUPD     include/generated/utsrelease.h
warning: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-develHOSTCC  scripts/genksyms/genksyms.oHOSTCC  arch/x86/tools/relocs_64.oYACC    scripts/genksyms/parse.tab.[ch]HOSTCC  arch/x86/tools/relocs_common.oLEX     scripts/genksyms/lex.lex.cHOSTCC  scripts/genksyms/parse.tab.oHOSTLD  arch/x86/tools/relocsHOSTCC  scripts/genksyms/lex.lex.oSYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.hSYSHDR  arch/x86/include/generated/asm/unistd_64_x32.hSYSTBL  arch/x86/include/generated/asm/syscalls_64.hHOSTLD  scripts/genksyms/genksymsHOSTCC  scripts/selinux/genheaders/genheadersHOSTCC  scripts/selinux/mdp/mdpHOSTCC  scripts/bin2cHOSTCC  scripts/kallsymsHYPERCALLS arch/x86/include/generated/asm/xen-hypercalls.hHOSTCC  scripts/conmakehashSYSHDR  arch/x86/include/generated/uapi/asm/unistd_32.hSYSHDR  arch/x86/include/generated/uapi/asm/unistd_64.hSYSHDR  arch/x86/include/generated/uapi/asm/unistd_x32.hHOSTCC  scripts/recordmcountHOSTCC  scripts/sortextableHOSTCC  scripts/asn1_compilerHOSTCC  scripts/sign-file
scripts/sign-file.c:25:10: fatal error: openssl/opensslv.h: No such file or directory#include <openssl/opensslv.h>^~~~~~~~~~~~~~~~~~~~
compilation terminated.
scripts/Makefile.host:107: recipe for target 'scripts/sign-file' failed
make[1]: *** [scripts/sign-file] Error 1
make[1]: *** Waiting for unfinished jobs....
Makefile:1120: recipe for target 'scripts' failed
make: *** [scripts] Error 2

根据这行提示:

warning: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel

#### 解决1

安装libelf-dev库:

~# sudo apt install libelf-dev

#### 解决2

安装好后执行make -j3 bzImage再次尝试编译,但还是报错:

scripts/extract-cert.c:21:10: fatal error: openssl/bio.h: No such file or directory

上网查看解决办法:

知道了出现scripts/extract-cert.c:21:25: fatal error: openssl /bio.h: No such file or directory 是因为没有安装libssl-dev或者已安装的libssl1.0.0版本太高, 无法支持

继续安装:

sudo apt install libssl-dev

安装好后,编译内核:

~#  make -j3 bzlmage

最后验证是否编译成功:

rencvn@ubuntu:~/Desktop/kernel_pwn_environment/linux-5.4.98$ uname -a
Linux ubuntu 5.4.0-109-generic #123~18.04.1-Ubuntu SMP Fri Apr 8 09:48:52 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

感觉像是成功了,但跟着ctfwiki的接下来的目录,没找到bzlmage,离谱!!

#### 3.再次解决报错

报错:

No rule to make target ‘debian/canonical-certs.pem‘, needed by ‘certs/x509_certificate_list

网上查到:

编辑.config文件(刚才在终端中执行过配置内核的命令#make menuconfig 后

会在该目录下生成一个隐藏文件.config)

~# vim .config

修改CONFIG_SYSTEM_TRUSTED_KEYS,将其赋空值

修改前:

CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"

修改后:

CONFIG_SYSTEM_TRUSTED_KEYS=""

再次在终端输入:

~# make -j3 bzlmage

键入回车,看到在正常进行编译,终于成功!!

#### 4.高兴太早了,又出现报错

BTF: .tmp_vmlinux.btf: pahole (pahole) is not available
Failed to generate BTF for vmlinux
Try to disable CONFIG_DEBUG_INFO_BTF
Makefile:1100: recipe for target 'vmlinux' failed
make: *** [vmlinux] Error 1

一般是系统缺少dwarves软件包导致。

rencvn@ubuntu:~/Desktop/kernel_pwn_environment/linux-5.4.98$ sudo apt-get install dwarves

安装即可,继续执行:

~# make -j3 bzlmage

希望不要再出报错。

rencvn@ubuntu:~/Desktop/kernel_pwn_environment/linux-5.4.98$ make -j3 bzImageDESCEND  objtoolCALL    scripts/atomic/check-atomics.shCALL    scripts/checksyscalls.shCHK     include/generated/compile.hGEN     .versionCHK     include/generated/compile.hUPD     include/generated/compile.hCC      init/version.oAR      init/built-in.aLD      vmlinux.oMODPOST vmlinux.oMODINFO modules.builtin.modinfoLD      .tmp_vmlinux.btfBTF     .btf.vmlinux.bin.o
KilledLD      .tmp_vmlinux.kallsyms1KSYM    .tmp_vmlinux.kallsyms1.oLD      .tmp_vmlinux.kallsyms2KSYM    .tmp_vmlinux.kallsyms2.oLD      vmlinuxSORTEX  vmlinuxSYSMAP  System.mapAS      arch/x86/boot/bioscall.oCC      arch/x86/boot/cmdline.oCC      arch/x86/boot/a20.oAS      arch/x86/boot/copy.oHOSTCC  arch/x86/boot/mkcpustrCC      arch/x86/boot/cpuflags.oCC      arch/x86/boot/cpucheck.oCC      arch/x86/boot/early_serial_console.oCC      arch/x86/boot/edd.oCC      arch/x86/boot/main.oCC      arch/x86/boot/memory.oLDS     arch/x86/boot/compressed/vmlinux.ldsAS      arch/x86/boot/compressed/head_64.oCC      arch/x86/boot/pm.oVOFFSET arch/x86/boot/compressed/../voffset.hCC      arch/x86/boot/compressed/string.oAS      arch/x86/boot/pmjump.oCC      arch/x86/boot/printf.oCC      arch/x86/boot/compressed/cmdline.oCC      arch/x86/boot/compressed/error.oCC      arch/x86/boot/regs.oCC      arch/x86/boot/string.oOBJCOPY arch/x86/boot/compressed/vmlinux.binCC      arch/x86/boot/tty.oRELOCS  arch/x86/boot/compressed/vmlinux.relocsCC      arch/x86/boot/video.oHOSTCC  arch/x86/boot/compressed/mkpiggyCC      arch/x86/boot/video-mode.oCC      arch/x86/boot/compressed/cpuflags.oCC      arch/x86/boot/compressed/early_serial_console.oCC      arch/x86/boot/version.oCC      arch/x86/boot/video-vga.oCC      arch/x86/boot/video-vesa.oCC      arch/x86/boot/compressed/kaslr.oCC      arch/x86/boot/video-bios.oHOSTCC  arch/x86/boot/tools/buildCC      arch/x86/boot/compressed/kaslr_64.oCPUSTR  arch/x86/boot/cpustr.hAS      arch/x86/boot/compressed/mem_encrypt.oCC      arch/x86/boot/compressed/pgtable_64.oCC      arch/x86/boot/compressed/acpi.oCC      arch/x86/boot/compressed/eboot.oAS      arch/x86/boot/compressed/efi_stub_64.oAS      arch/x86/boot/compressed/efi_thunk_64.oCC      arch/x86/boot/compressed/misc.oGZIP    arch/x86/boot/compressed/vmlinux.bin.gzCC      arch/x86/boot/cpu.oMKPIGGY arch/x86/boot/compressed/piggy.SAS      arch/x86/boot/compressed/piggy.oLD      arch/x86/boot/compressed/vmlinuxOBJCOPY arch/x86/boot/vmlinux.binZOFFSET arch/x86/boot/zoffset.hAS      arch/x86/boot/header.oLD      arch/x86/boot/setup.elfOBJCOPY arch/x86/boot/setup.binBUILD   arch/x86/boot/bzImage
Setup is 17692 bytes (padded to 17920 bytes).
System is 9177 kB
CRC 54e6943b
Kernel: arch/x86/boot/bzImage is ready  (#3)

出现表示成功:

Setup is 17692 bytes (padded to 17920 bytes).
System is 9177 kB
CRC 54e6943b
Kernel: arch/x86/boot/bzImage is ready  (#3)

并找到编译好的 bzlmage镜像.

终于成功!!!

编译内核太不容易!

【kernel学习】内核下载与编译相关推荐

  1. 龙芯linux内核,龙芯的linux kernel,内核开发与编译

    在很久很久以前,linux被视为geek极客的玩具.自行升级Linux内核,对普通用户来说,简直是天方夜谭.曾经的曾经,升级内核需要很多纷繁复杂的步骤,也需要花费很多的时间.但是,现在不一样了.内核的 ...

  2. rock64linux,RockPI 4A Linux内核下载与编译

    本文介绍RockPI 4A单板Debian系统Linux内核的下载和编译方法,为后续介绍RockPI 4A单板Linux内核调试进行抛砖引玉. 一.代码下载 Rockpi 4A Debian版本SDK ...

  3. Android kernel源码下载与编译

    构建内核 本页详细介绍了为 Android 设备构建自定义内核的流程.以下说明会逐步指导您如何选择正确的源代码,编译内核,以及将结果嵌入到根据 Android 开源项目 (AOSP) 编译的系统映像中 ...

  4. *迟来的爱*——《Foursquare》应用源码学习(一) 下载、编译、运行

    做Android项目做到好几年的程序,发现技术进步很慢,逐渐往管理发展..于是, 要看开源项目,学习别人的成功经验,来解决项目中遇到的棘手问题. 于是看到了别人推荐的android的开源源码,找了一个 ...

  5. 海思HiKey 970内核下载与编译

    1.下载内核代码: git clone https://github.com/96boards-hikey/linux.git -b hikey970-v4.9 2.编译内核 #!/bin/sh ex ...

  6. Linux内核学习①:内核的下载、编译及过程中的问题处理

    Linux内核学习①:内核的下载.编译及过程中的问题处理 Linux内核文件下载 内核下载网址: http://ftp.sjtu.edu.cn/sites/ftp.kernel.org/pub/lin ...

  7. 在Ubuntu上下载、编译和安装Android 4.2 最新内核源代码(Linux Kernel)

    根据http://blog.csdn.net/luoshengyang/article/details/6564592博客内容对android4.2的编译 从源代码树下载下来的最新Android源代码 ...

  8. Linux内核学习之路_1_编译Linux内核

    1.准备工作 1.1 学习环境 1.2 下载Linux内核源码 1.3 解压Linux内核 1.4 目录结构介绍 1.2.2 Linux内核配置 1.1 学习环境 本系列教程使用的环境如下: 操作系统 ...

  9. 《深入理解Android内核设计思想(第2版)(上下册)》之Android源码下载及编译

    本文摘自人民邮电出版社异步社区<深入理解Android内核设计思想(第2版)(上下册)> 购书地址:http://item.jd.com/12212640.html 试读地址:http:/ ...

最新文章

  1. mysql ls命令,Linux 常用 ls命令详解
  2. hbase的HA模式配置和维护
  3. 2022.9.19-9.25 AI行业周刊(第116期):告别
  4. 浏览器被劫持怎么解决?关于浏览器被劫持主页的处理方法
  5. python 列表拆分_python列表拆分
  6. Centos删除乱码文件或文件夹
  7. reactive、ref、toRef、toRefs
  8. 网页下载Google Play 的App
  9. 监控摄像头RTSP低延时无插件直播解决方案
  10. 【Linux应用编程】Linux编程中常见错误码含义及查询方式
  11. 汉字简体繁体转换|GB国标码|Big5码
  12. ps保存web格式,报“系统找不到指定路径”错误
  13. Java SE核心API(2) —— 正则表达式、Object、包装类
  14. 物流信息管理系统MySQL设计_案例分析第六章:物流管理系统的数据库设计(六个基本步骤)案例分析...
  15. html文字边框环绕,使用css的文本边框(围绕文本的边框)
  16. java编写一个ATM取款机小程序
  17. 至商3000服务器信息,至商软件怎么使用
  18. 鸟哥-Linux私房菜-基础学习篇-习题解答-第1章
  19. Java再爆漏洞,甲骨文紧急修复
  20. 背熟这9条你就是CPU专家

热门文章

  1. 你还不清楚某个系统文件的作用吗?Windows系统文件详解【大全】
  2. 精密注塑制件表面缺陷检测
  3. google海底光缆图_2019全球海底光缆分布图
  4. CTF-Web入门-get_post
  5. linux 内存大页,Linux大页内存管理等---菜鸟初学
  6. 涂料品牌排行榜前十名有哪些?
  7. 怎样才能获得积分啊??
  8. 抽象类、接口、Objext 详解
  9. 最近云端上MySql服务器被黑了,狠心把密码加密后花了20分钟修改好了。这回再被黑跟你姓
  10. 写魔兽改键时遇到的问题