Skip to content

Releases: alsyundawy/DebianKernelBuild

Debian Kernel Build 2026.06.14-r5

14 Jun 12:27
@alsyundawy alsyundawy
2026.06.14-r5
36908e4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Debian Kernel Build 2026.06.14-r5 Latest
Latest

🐧 ALSYUNDAWY Linux Kernel DEB Builder

Production-grade shell script to download, verify, configure, build, and optionally install upstream vanilla Linux kernel Debian packages — fully automated, VM-aware, and security-hardened.

Latest Version
ShellCheck
Bash
Maintenance Status
License
GitHub Issues
GitHub Pull Requests
GitHub Stars
GitHub Forks
GitHub Contributors
Donate with PayPal
Sponsor with GitHub

✨ Overview

This script builds an upstream vanilla Linux kernel directly from kernel.org into Debian packages using the in-tree Kbuild target make bindeb-pkg. It handles the entire lifecycle — from downloading and cryptographically verifying the source tarball to configuring, compiling, packaging, and installing the resulting .deb files.

Designed for Debian, Ubuntu, Proxmox VE, and all Debian-based distributions.

🚀 Key Features

🔐 Security and Integrity

  • OpenPGP signature verification of kernel.org tarballs before extraction using WKD-imported developer keys (Torvalds, Kroah-Hartman, Levin)
  • Hardened GPG invocation with --no-auto-key-import and --no-auto-key-retrieve to prevent silent key injection
  • Debian certificate sanitization for vanilla upstream sources (SYSTEM_TRUSTED_KEYS, SYSTEM_REVOCATION_KEYS, MODULE_SIG_KEY)
  • Input validation with regex-based kernel version checks to prevent path or command injection
  • Strict Bash mode (set -Eeuo pipefail) with ERR, INT, and TERM signal traps
  • Path canonicalization via readlink -f to prevent symlink-based path traversal

⚙️ Build Pipeline

  • Isolated build directory per kernel version and timestamp — no cross-contamination between builds
  • Flexible config seeding: seed from running kernel (/boot/config-*), defconfig, localmodconfig, or none
  • Interactive and non-interactive modes: menuconfig, nconfig, oldconfig, olddefconfig, or skip entirely
  • Debug info control: disabled by default to dramatically reduce build time and package size
  • Parallel compilation with configurable job count (defaults to nproc)
  • Custom versioning: set LOCALVERSION suffix and KDEB_PKGVERSION override
  • Release-candidate support: versions like 6.15-rc7 automatically use kernel.org /testing directory

🖥️ VM Guest Optimization

Automatically detects the hypervisor at runtime using systemd-detect-virt and DMI/SMBIOS data, then applies hypervisor-specific kernel configuration:

Hypervisor Detection Kernel Options Enabled
KVM / QEMU / Proxmox kvm, qemu, bochs, proxmox Full VirtIO stack: virtio-pci, virtio-blk, virtio-scsi, virtio-net, virtio-balloon, virtio-console, virtio-input, virtio-rng, virtio-crypto, virtio-vsock, virtio-fs, 9p, net-failover
VMware vmware VMXNET3, PVSCSI, VMware Balloon, VMCI, VMCI vsock, vmwgfx, vmmouse
Generic VM virtualbox, xen, microsoft HYPERVISOR_GUEST, PARAVIRT, PARAVIRT_CLOCK, HIGH_RES_TIMERS, PCI_MSI, VSOCKETS
  • Driver mode control: choose between loadable module or builtin for paravirtual drivers
  • Guest tools auto-install: optionally installs and enables qemu-guest-agent or open-vm-tools

📦 Package Management

  • Smart package discovery from actual build artifacts (no fragile filename globs)
  • Automatic dependency repair with apt-get -f install fallback after dpkg -i
  • GRUB bootloader refresh via update-grub after successful installation
  • Selective installation: install linux-image + linux-headers by default, optionally include linux-libc-dev
  • Safe cleanup: removes source tree and archives after build while preserving all generated .deb packages

🧪 Dry-Run Mode

Validate all inputs, paths, and environment configuration without making any system changes:

sudo DRY_RUN=1 ./debian_kernel_build.sh 6.12.93

📋 Requirements

  • OS: Debian, Ubuntu, Proxmox VE, or any Debian-based distribution
  • Shell: Bash 5.0+
  • Privileges: Root access (sudo)
  • Network: Internet access to download kernel sources from cdn.kernel.org
  • Disk space: At least 20–30 GB free (kernel source + build artifacts)
  • RAM: Minimum 2 GB, recommended 4 GB+ for parallel builds

All build dependencies are installed automatically by the script:

bc binutils bison build-essential ca-certificates cpio dirmngr dpkg-dev fakeroot flex git gnupg kmod libelf-dev libncurses-dev libssl-dev openssl paxctl perl python3 wget xz-utils zstd

Optional: dwarves (pahole) · lz4 · liblz4-tool

📖 Quick Start — Step by Step

This guide walks you through the entire process. No prior kernel-building experience is required.

Step 1 — Download the Script

Open a terminal on your Debian-based system and run:

wget https://raw.githubusercontent.com/alsyundawy/DebianKernelBuild/master/debian_kernel_build.sh
chmod +x debian_kernel_build.sh

Step 2 — Choose Your Kernel Version

Visit kernel.org to find the latest stable version (e.g., 6.12.93). You can also use release candidates like 6.15-rc7.

Step 3 — Run the Build

Run the script with sudo and pass the kernel version as the argument:

sudo ./debian_kernel_build.sh 6.12.93

The script will automatically:

  1. Install all required build dependencies via APT (you do not need to install anything manually)
  2. Detect your VM hypervisor (KVM, VMware, etc.) if you are running inside a virtual machine
  3. Install VM guest tools (qemu-guest-agent or open-vm-tools) when a supported hypervisor is detected
  4. Download the kernel source tarball from cdn.kernel.org over HTTPS
  5. Verify the OpenPGP signature to ensure the source has not been tampered with
  6. Extract the source tree into an isolated, timestamped build directory
  7. Seed .config from your currently running kernel (/boot/config-*)
  8. Open menuconfig for you to review and customize kernel options — just save and exit when done
  9. Sanitize the config (disable debug info, clear Debian cert paths, apply VM optimizations)
  10. Compile the kernel using all available CPU cores (make -j$(nproc) bindeb-pkg)
  11. Install the generated .deb packages (linux-image and linux-headers)
  12. Refresh the GRUB bootloader so the new kernel appears in the boot menu
  13. Clean up the source tree and archives (the .deb packages are preserved)

Step 4 — Reboot

sudo reboot

Step 5 — Verify

After rebooting, confirm the new kernel is active:

uname -r

You should see the version you just built (e.g., 6.12.93).

💡 Usage Examples

Basic Usage

# Standard interactive build with menuconfig
sudo ./debian_kernel_build.sh 6.12.93

Non-Interactive / Automation

# Fully non-interactive build — ideal for CI pipelines or scripted deployments
sudo CONFIG_MODE=olddefconfig INSTALL_AFTER_BUILD=0 ./debian_kernel_build.sh 6.12.93

VM Guest Builds

# VMware guest with modular paravirtual drivers
sudo VM_GUEST_OPTIMIZE=vmware VM_DRIVER_MODE=module ./debian_kernel_build.sh 6.12.93

# KVM/Proxmox guest with built-in drivers and custom kernel suffix
sudo VM_GUEST_OPTIMIZE=kvm VM_DRIVER_MODE=builtin LOCALVERSION=-pvefast ./debian_kernel_build.sh 6.12.93

Release Candidate Kernels

# Build a release candidate kernel (automatically uses kernel.org /testing directory)
sudo ./debian_kernel_build.sh 6.15-rc7

Build Only (No Install)

# Build packages but do not install them, and keep the source tree
sudo INSTALL_AFTER_BUILD=0 CLEANUP_SOURCE=0 ./debian_kernel_build.sh 6.12.93

Testing and Debugging

# Skip OpenPGP verification (use only for emergency testing)
sudo VERIFY_TARBALL=0 ./debian_kernel_build.sh 6.12.93

# Dry-run — validate inputs and environment without making any changes
sudo DRY_RUN=1 ./debian_kernel_build.sh 6.12.93

# Build with debug symbols enabled (for crash analysis, kgdb, BTF, SystemTap)
sudo DISABLE_DEBUG_INFO=0 ./debian_kernel_build.sh 6.12.93

Custom Branding

# Add a custom suffix to the kernel v...
Read more
Assets 2
Loading