Tutorial
How To Customize and Recompile Your Kernel on FreeBSD 10.1
Introduction
The FreeBSD operating system utilizes the GENERIC
kernel by default. This is a default configuration used to support a large variety of hardware out of the box. However, there are many different reasons for compiling a custom kernel, which include security, enhanced functionality, or better performance.
FreeBSD utilizes two branches of code for its operating system: stable and current. Stable is the current code release that is that is production ready. Current is the latest code release from the development team and has some of the latest bleeding edge features but is more prone to bugs and system instability. This guide will utilize the stable branch.
In this tutorial, we will recompile a FreeBSD kernel with a custom configuration.
Prerequisites
To follow this tutorial, all you will need is:
- One FreeBSD 10.1 Droplet.
If you’re new to FreeBSD, you can check out the Getting Started with FreeBSD series of tutorials.
Step 1 — Obtaining the Source Code
In this step, we will pull the OS source code.
FreeBSD, like many other flavors of UNIX, provides the source code for its operating system for public download and modification. In order to recompile the kernel, first you will need to pull this source code from FreeBSD’s version control system.
The FreeBSD foundation utilizes Subversion for its code repositories, so let’s first install Subversion’s binary port.
sudo pkg install subversion
The default shell for FreeBSD is tcsh, which utilizes an internal hash table for commands in $PATH
. After subversion installs, you should rehash the directory tables.
rehash
Finally, check out a copy of the latest stable branch to the /usr/src
directory.
sudo svn co https://svn0.us-east.FreeBSD.org/base/stable/10 /usr/src
You may be prompted to accept a server certificate. Enter p to accept it after checking that the fingerprint matches the one toward the bottom of this page.
Step 2 — Creating Your Custom Configuration
In this step, we will customize our new kernel configuration.
The standard naming convention for kernel configuration files is the name of the kernel in all caps. This tutorial’s configuration will be called EXAMPLE
. Kernel configuration files live inside the /usr/src/sys/architecture/conf
directory; the architecture used at DigitalOcean is AMD64.
Change to the configuration directory.
cd /usr/src/sys/amd64/conf
Create and open the EXAMPLE
file for editing using ee or your favorite text editor.
sudo ee EXAMPLE
You can find the example configuration located here. Copy and paste the contents into EXAMPLE
, then save and close the file.
This example kernel configuration is for a minimal kernel build tailored for a DigitalOcean Droplet. Specifically, the GENERIC
kernel configuration has support enabled for a lot of different hardware; EXAMPLE
has all legacy and unneeded devices removed, leaving only the required device drivers needed to run a Droplet. There is also support enabled for the packet filter firewall (pf), traffic shaping (altq), file system encryption (geom_eli), and IP security (IPsec).
However, you can read more about the configuration options in the FreeBSD documentation and experiment on your own!
Step 3 — Building and Installing Your New Kernel
In this step, we will begin the kernel recompilation.
Change back to the /usr/src
directory and issue a make buildkernel
utilizing your new configuration file.
cd /usr/src
sudo make buildkernel KERNCONF=EXAMPLE
This can take some time depending on the amount of resources you utilize for your Droplet. The average time on a 1 GB Droplet is about 90 minutes.
Once your kernel recompilation has finished, it is time to begin the install.
sudo make installkernel KERNCONF=EXAMPLE
When that completes, reboot your system.
sudo shutdown -r now
Your server should now begin to shut down its currently running services, sync its disks, and reboot into your new kernel. You can log in to your Droplet’s console to watch the boot process.
Once your server reboots, log back in. You can check that your new kernel config is being used with the following command:
sysctl kern.conftxt | grep ident
The output should be:
ident EXAMPLE
Conclusion
Congratulations! You have successfully reconfigured and recompiled your kernel.