This message is not from us, it is from the kernel developers because many of the options depend on others so you have to use “make (menu)config” of the linux kernel.
To edit the kernel config you have run a full build of ipfire to have the build environment.
add ENABLE_RAMDISK=off to .config (without the source will go to a ramdisk that will erased at break.)
erase the log file for the kernel to trigger a fresh compile (rm log/linux-6.6.15-ipfire)
run “./make.sh build” and let the buildsystem unpack the sources. Open a second shell and run “tail -f log/_build.ipfire.log” to see when the real compile has started. If it is compiling run press CTRL+C to break the build and go into the build shell
./make.sh shell
in the new shell go to /usr/src/linux and run “make menuconfig” to edit the kernel configureation and after this copy the config to the correct place for ipfire buildscripts.
I want to enable BPF/BTF related kernel config like below so I could run BPF program for packet filtering at XDP/TC layer before netfilter, I already finished a full build of ipfire which took about 7 hours :). could I copy config/kernel/kernel.config.x86_64-ipfire to my local upstream kernel git repo, then run a merge bash script to create a kernel config file that includes both config/kernel/kernel.config.x86_64-ipfire and BPF/BTF related kernel config, then copy the new created kernel config file back to config/kernel/kernel.config.x86_64-ipfire, remove log/linux-6.6.15-ipfire, and run ./make.sh build ? would that work?
CONFIG_DEBUG_INFO_BTF=y
CONFIG_PAHOLE_HAS_SPLIT_BTF=y
CONFIG_DEBUG_INFO_BTF_MODULES=y
# CONFIG_MODULE_ALLOW_BTF_MISMATCH is not set
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT_DEFAULT_ON=y
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
# CONFIG_BPF_PRELOAD is not set
CONFIG_BPF_LSM=y
# end of BPF subsystem
CONFIG_CGROUP_BPF=y
CONFIG_IPV6_SEG6_BPF=y
CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_BPFILTER=y
CONFIG_BPFILTER_UMH=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_ACT_BPF=m
CONFIG_BPF_STREAM_PARSER=y
CONFIG_LWTUNNEL_BPF=y
CONFIG_BPF_EVENTS=y
CONFIG_BPF_KPROBE_OVERRIDE=y
CONFIG_TEST_BPF=m
I could enable CONFIG_DEBUG_INFO_BTF=y in config/kernel/kernel.config.x86_64-ipfire with the above method, but now I ran into another error while building the kernel
BTF: .tmp_vmlinux.btf: pahole (pahole) is not available
Failed to generate BTF for vmlinux
Try to disable CONFIG_DEBUG_INFO_BTF
the build says pahole is not available, but I do have pahole installed in my system, fyi, pahole is used to generate BTF type info for kernel image when building kernel image when CONFIG_DEBUG_INFO_BTF is enabled
# which pahole
/usr/bin/pahole
the kernel source has scripts/link-vmlinux.sh with
# generate .BTF typeinfo from DWARF debuginfo
# ${1} - vmlinux image
# ${2} - file to dump raw BTF data into
gen_btf()
{
local pahole_ver
if ! [ -x "$(command -v ${PAHOLE})" ]; then
echo >&2 "BTF: ${1}: pahole (${PAHOLE}) is not available"
return 1
fi
it appears ipfire build system could not locate pahole installed in my system, I tried to run
by the way, here is my methods to customize config/kernel/kernel.config.x86_64-ipfire
1, manually copy ipfire-2.x/cache/linux-6.6.15.tar.xz** to /usr/src/ and untar the package
2, copy ipfire-2.x/config/kernel/kernel.config.x86_64-ipfire to /usr/src/linux-6.6.15
3, merge kernel.config.x86_64-ipfire and BPF/BTF related config in /usr/src/linux-6.6.15
make.sh buildipfire() has following which I assume is where the kernel get built
# Kernelbuild ... current we have no platform that need
# multi kernel builds so KCFG is empty
lfsmake2 linux KCFG=""
lfsmake2 rtl8812au KCFG=""
lfsmake2 linux-initrd KCFG=""
enterchroot() {
# Install QEMU helper, if needed
qemu_install_helper
local PATH="${TOOLS_DIR}/ccache/bin:/bin:/usr/bin:/sbin:/usr/sbin:${TOOLS_DIR}/sbin:${TOOLS_DIR}/bin"
# Prepend any custom changes to PATH
if [ -n "${CUSTOM_PATH}" ]; then
PATH="${CUSTOM_PATH}:${PATH}"
fi
PATH="${PATH}" chroot ${LFS} env -i \
HOME="/root" \
TERM="${TERM}" \
PS1="${PS1}" \
PATH="${PATH}" \
SYSTEM_RELEASE="${SYSTEM_RELEASE}" \
PAKFIRE_TREE="${PAKFIRE_TREE}" \
NAME="${NAME}" \
it looks /usr/bin path is passed to chroot, why the kernel build in chroot could not locate /usr/bin/pahole? I am not familiar how chroot works, any suggestion to workaround this would be great
after reading Creating a Chrooted Environment - DEV Community, I realized the ipfire-2.x/build is the chroot environment root directory, the system /usr/bin/pahole would have been ipfire-2.x/build/usr/bin/pahole, and ipfire-2.x/build/usr/bin/pahole is missing apparently, so I copied /usr/bin/pahole to ipfire-2.x/build/usr/bin/pahole, also since /usr/bin/pahole is linked to
root@r210:/home/vincent/go/src/github.com/vincentmli# ls -l ipfire-2.x/build/lib/x86_64-linux-gnu
lrwxrwxrwx 1 root root 21 Feb 16 15:24 ipfire-2.x/build/lib/x86_64-linux-gnu -> /lib/x86_64-linux-gnu
this resolved the pahole not available issue in chroot environment. this is hack, I wonder if ipfire could consider support kernel BTF config officially.