Xen users - May 2006 - Easiest way to compile custom kernel, for fedora +openswan+xen+patchomatic

I want to compile a custom xenU kernel for a firewall distribution
(endianfw, version of ipcop), I can get it to load up but the kernel is
missing some modules that aren''t resident.  So I want to make a custom
version for this domU, I know what I need kernel+openswan+xen+patch-o-matic
but I not sure the best way to go about this, do I patch a fedora source or
start with a vanilla kernel?  I know what I want but am unsure what is the
best way?  I have read that this has been done under cool configurations but
they didn''t go into much detail.  Any guidance would be appreciated.
Thanks.

On Sun, 2006-05-28 at 00:19 -0500, Tom Bishop wrote:
> I want to compile a custom xenU kernel for a firewall distribution
> (endianfw, version of ipcop), I can get it to load up but the kernel
> is missing some modules that aren''t resident.  So I want to make a
> custom version for this domU, I know what I need kernel+openswan+xen
> +patch-o-matic but I not sure the best way to go about this, do I
> patch a fedora source or start with a vanilla kernel?  I know what I
> want but am unsure what is the best way?  I have read that this has
> been done under cool configurations but they didn''t go into much
> detail.  Any guidance would be appreciated.  Thanks. 
Hi Tom,

I am working on a similar thing.  What I have done is taken the FC5
kernel SRPM and ported the changes from the one from Endian developer
SRPMS (based on FC3).

You will need to grab patch-o-matic from SVN and update a few things but
all will build and boot OK.

If you like I can send you the updated SRPM I have built (based on
2122).

Take care,

Gawain

On May 29, 2006, at 7:25 PM, Gawain Lynch wrote:
> On Sun, 2006-05-28 at 00:19 -0500, Tom Bishop wrote:
>> [...] do I patch a fedora source or start with a vanilla kernel?   
>> I know what I
>> want but am unsure what is the best way?
There''s a how-to here that leads you most of the way:
	http://fedoranews.org/cms/node/414

To add patches, just add them to the SOURCES directory and then  
reference them in the .spec file (you have to reference the patches  
twice in the .spec file, first to define that "patch 123" is  
"filename.patch" and then later when and how to apply "patch
123").

When you run rpmbuild it helpfully builds all the different versions  
of the kernel (no xen, xen0, xenU, ...) for the specified target  
architecture.



  - ask

-- 
http://www.askbjoernhansen.com/

That would be grea tif you could send that, but I would also like to know
how to do this myself.  Could you explain in more detail how you did this?
So it looks like you took the FC5 SRPM, and the endian SRPM and ported the
changes (how did you arrive at the changes).  You also stated that you got
patch-o-matic from SVN (not sure what that is) and updated a few things, I
take it that you ran patch-o-matic and installed some options?

I really appreciate your reply and I hop it isn''t too much trouble to
provide some more detail.  Thanks.

On 5/29/06, Gawain Lynch <gawain.lynch@bigpond.com>
wrote:
>
> On Sun, 2006-05-28 at 00:19 -0500, Tom Bishop wrote:
> > I want to compile a custom xenU kernel for a firewall distribution
> > (endianfw, version of ipcop), I can get it to load up but the kernel
> > is missing some modules that aren''t resident.  So I want to
make a
> > custom version for this domU, I know what I need kernel+openswan+xen
> > +patch-o-matic but I not sure the best way to go about this, do I
> > patch a fedora source or start with a vanilla kernel?  I know what I
> > want but am unsure what is the best way?  I have read that this has
> > been done under cool configurations but they didn''t go into
much
> > detail.  Any guidance would be appreciated.  Thanks.
>
> Hi Tom,
>
> I am working on a similar thing.  What I have done is taken the FC5
> kernel SRPM and ported the changes from the one from Endian developer
> SRPMS (based on FC3).
>
> You will need to grab patch-o-matic from SVN and update a few things but
> all will build and boot OK.
>
> If you like I can send you the updated SRPM I have built (based on
> 2122).
>
> Take care,
>
> Gawain
>
>

On Tue, 2006-05-30 at 08:04 -0500, Tom Bishop wrote:
> That would be grea tif you could send that, but I would also like to
> know how to do this myself.  Could you explain in more detail how you
> did this?  So it looks like you took the FC5 SRPM, and the endian SRPM
> and ported the changes (how did you arrive at the changes).  You also
> stated that you got patch-o-matic from SVN (not sure what that is) and
> updated a few things, I take it that you ran patch-o-matic and
> installed some options?  
> 
> I really appreciate your reply and I hop it isn''t too much trouble
to
> provide some more detail.  Thanks.
No problem...  This is involved and you will need an understanding of
rpm, rpmbuild, patching and C, it is not something easily covered in a
single email but I will do my best to give you direction.  Hey we all
have to start somewhere :-)

1) I grabbed a SPEC file from the Endian kernel SRPM and looked through
for source & patches that are not in the stock Fedora kernel.  This is
not obvious to some, but I have spent a lot of years customising Red
Hat/Fedora kernel SRPMS so I had a sense of what was added.

You could also compare a FC3 kernel SPEC file:
  $ diff -u kernel-2.6.spec kernel26-endian.spec

Now a number of the patches are no longer required, this is something
you can find by trial and error.  Basically I did:

  $ rpmbuild -bp --target i686 mykernel.spec

And looked for what patches would not apply and as it turned out I could
leave them out as they had been either merged upstream or the code had
changed that much they were useless.

2) I went looking for any changed additions to the build/install
sections of the spec.  Fortunately the changes were all confined to a
single block that basically untared patch-o-matic (p-o-m) into the
kernel source tree, removed any patches that were not required and then
applied the rest of them.

3) I updated each of the kernel*config files in the SOURCES directory to
included the extra kernel modules patched in from p-o-m.

4) I grabbed the iptables 1.3.5 tarball from www.netfilter.org and an
updated openswan-2.x.x.kernel-2.6-natt.patch.gz from www.openswan.org
and dropped those into the SOURCES directory and updated
  %define iptables_version

at the top of the spec file.

5) I checked out a current p-o-m from the netfilter.org subversion
repository.  You will need subversion installed and then do:

  $ svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng
  $ find patch-o-matic-ng -type d -name \.svn | xargs rm -rf
  $ mv patch-o-matic-ng patch-o-matic-ng-20060529
  $ tar cjvf patch-o-matic-ng-20060529.tar.bz2 patch-o-matic-ng-20060529

(to anyone else reading this, I know about -exec I have just seen too
many bad keystrokes do damage in the wrong hands)

Then you should copy the patch-o-matic-ng-20060529.tar.bz2 to the
SOURCES directory.

6) As the version of p-o-m used by Endian was quite old I had to
manually go through and update the list of patches removed in the spec
file.

7) Kept trying to build the RPM until it worked.  This required a bit of
investigation each time and experience will guide you as to how to fix
each one.  But in this case each build failure was a p-o-m module that
did not build as I had not removed its patch directory (it was getting
late)

I also disabled the build of "normal" kernels to save time.  You can
do
this by changing some parameters in the SPEC file from:
  %define buildup 1
  %define buildsmp 1

To:
  %define buildup 0
  %define buildsmp 0

To launch the build you can do the following:
  $ rpmbuild -bb --target i686 mykernel.spec

------

And that is it.  I have attached a diff of the stock Fedora
kernel-2.6.16-1.2122_FC5 SPEC file and the updated one so you can get a
handle on exactly what is new.

The full SRPM is 43MiB, so do you have anywhere I could FTP it to?

I am happy to help if you get stuck on specific details, but that is
starting to get off topic for these lists so you may want to email me
directly.

Take care,

Gawain

Hi Folks,

We''re getting ready to deploy a couple of new servers (web, email, dns,
etc.) - and I''ve been thinking of running over Xen. 

Judging from traffic on this list, people seem to be having a lot of 
problems with Xen 3.  Then again, it''s just as likely that only people 
with problems are posting.

So... any opinions: is Xen 3 ready for production use? In the alternate, 
is Xen 2, and is it still reasonably well supported by the community?

Thanks very much,

Miles Fidelman




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users