Complete Guide to Compiling kernel7.0.7 on OpenEuler 25.09 System

Kernel
1

Complete Guide to Compiling Kernel 7.0.7 on OpenEuler 25.09

I. Compiling the Kernel

1. Prepare the Build Environment

First, install the essential tools and dependencies required for kernel compilation.

Run the following commands in the terminal:

# 1. Install the "Development Tools" group, which includes gcc, make, and other basic build tools
sudo dnf groupinstall "Development Tools"

# 2. Install specific dependencies for kernel compilation
# ncurses-devel: Enables graphical interface support for make menuconfig
# elfutils-libelf-devel: Handles ELF format files
# bc: Mathematical computation tool used during compilation
# openssl-devel: Required for kernel signing and other security features
# bison, flex: Tools for generating parsers

sudo dnf install ncurses-devel elfutils-libelf-devel bc openssl-devel bison flex

If compilation fails due to missing headers or tools, try using sudo dnf builddep kernel to automatically install all build dependencies for the kernel source package.

2. Obtain Kernel Source Code

Since no pre-compiled 7.0.7 RPM source package is available in the OpenEuler 25.09 repository, we will manually download the official source from kernel.org.

2.1 Download the Kernel Source Archive

Visit https://www.kernel.org to find the desired version:

wget https://cdn.kernel.org/pub/linux/kernel/v7.x/linux-7.0.7.tar.xz

2.2 Extract the Source Code

tar -xvf linux-7.0.7.tar.xz

2.3 Enter the Source Directory

cd linux-7.0.7

3. Configure Kernel Options

Reusing the current system configuration and making minor adjustments ensures the new kernel includes all necessary drivers and features, simplifying customization.

3.1 Reuse Current Configuration

Copy the running kernel’s configuration file to the source directory as a base:

cp /boot/config-$(uname -r) .config

3.2 Modify Kernel Configuration (Critical Step)

Use sed to clear certificate paths and prevent compilation errors:

sed -i 's|CONFIG_SYSTEM_TRUSTED_KEYS=.*|CONFIG_SYSTEM_TRUSTED_KEYS=\"\"|' .config
sed -i 's|CONFIG_SYSTEM_EXTRA_CERTIFICATE=.*|CONFIG_SYSTEM_EXTRA_CERTIFICATE=\"\"|' .config
make olddefconfig

Note: These changes are essential. Without them, compilation will fail.

3.3 Update Configuration Items (Optional)

Newer kernel versions introduce new configuration options. Run this command to update .config and be prompted for each new option. Press Enter to accept default values:

make menuconfig

Interface Instructions:

  • Use arrow keys to navigate
  • Press Spacebar to toggle selection ( * = built into kernel, M = built as module, [ ] = not compiled)
  • Select Save to save the configuration, then Exit to leave

3.4 Customize Configuration (Optional)

For further module pruning or enabling specific features, use the graphical interface to fine-tune settings.

4. Compile the Kernel

After configuration, begin compilation:

make -j$(nproc)

Note: Compilation takes a long time (30 minutes to several hours). If errors occur, remove the -j flag to see error messages clearly and pinpoint issues.

5. Install Kernel and Modules

Upon successful compilation, install the kernel image, modules, and other files to the system.

5.1 Install Kernel Modules

sudo make modules_install

5.2 Install Kernel Files (vmlinuz, System.map, etc.) to /boot

sudo make install

After running sudo make install, it will automatically:

  • Copy the kernel image to /boot
  • Generate the corresponding initramfs
  • Add a new boot entry to the GRUB menu

5.3 Update Configuration File

cp .config /boot/config-7.0.7

6. Update Bootloader and Reboot for Validation

6.1 Manually Update GRUB to Ensure Configuration Takes Effect

For UEFI-based systems:
The GRUB config file is typically located at /boot/efi/EFI/openEuler/grub.cfg. If unsure, check the actual directory under /boot/efi/EFI/:

# Replace the path with your actual GRUB configuration file
sudo grub2-mkconfig -o /boot/efi/EFI/openEuler/grub.cfg

For traditional BIOS systems:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

6.2 Reboot the System

sudo reboot

7. Verification

After successfully logging in, run the following command. If the output is 7.0.7, the new kernel is running correctly:

uname -r

II. Troubleshooting Compilation Errors

1. Re-run Compilation with Detailed Logs

In the source directory (/opt/linux-7.0.7), execute:

# Clean up (optional but recommended)
make clean

# Compile with single thread, show full commands, and log output
make -j1 V=1 2>&1 | tee build.log
  • -j1: Uses only one CPU core to ensure error messages are displayed in order (no interference from parallel output).
  • V=1: Shows complete compilation commands for precise error tracking.
  • tee build.log: Displays output on screen and saves it to build.log for later analysis.

After compilation stops, check the last few errors:

grep -i "error:" build.log | tail -20

Paste this output here, and I can immediately identify the issue.

2. Root Cause Analysis

The log ends with:

make[3]: *** No rule to make target 'certs/openeuler-cert.pem', needed by 'certs/x509_certificate_list'.  Stop.
make[2]: *** [scripts/Makefile.build:546: certs] Error 2
make[1]: *** [/opt/linux-6.19.14/Makefile:2065: .] Error 2

Root Cause:
Your .config file sets CONFIG_SYSTEM_TRUSTED_KEYS to certs/openeuler-cert.pem, but this file does not exist in the mainline kernel source — it is a custom certificate used exclusively by OpenEuler’s distribution kernel.

The .config was likely copied from /boot/config-* in an OpenEuler system, carrying over the OpenEuler-specific certificate reference.

3. Solution

Method 1: Directly Edit .config to Clear Certificate Path

sed -i 's|CONFIG_SYSTEM_TRUSTED_KEYS=.*|CONFIG_SYSTEM_TRUSTED_KEYS=\"\"|' .config
# Also check this one:
sed -i 's|CONFIG_SYSTEM_EXTRA_CERTIFICATE=.*|CONFIG_SYSTEM_EXTRA_CERTIFICATE=\"\"|' .config
# Regenerate full config
make olddefconfig
make -j6

Method 2: Use menuconfig / nconfig (Interactive Configuration)

make menuconfig

Navigate to:
Cryptographic API → Certificates for signature checking

Clear the following fields (remove the path and leave blank):

  • Additional X.509 keys for default system keyring — remove certs/openeuler-cert.pem
  • X.509 certificate to be preloaded into the system blacklist keyring — if present, clear it too

Save and exit, then run:

make -j6

III. Security Notes

  • Avoid executing untrusted commands: Compilation may generate sensitive files. Always operate in a secure environment.
  • Update GRUB: Use the latest GRUB version to ensure compatibility with the new kernel.
  • Credit the source: When sharing or reusing this content, clearly credit the original source (Huawei Cloud Community), article link, and author. Failure to do so may result in legal action by the author or community.

IV. Reference Information

[Disclaimer] This content is from a Huawei Cloud Developer Community blog and does not represent the views or positions of Huawei Cloud or the Huawei Cloud Developer Community.

V. Important Notes

  1. Build Environment Requirements

    • Install Development Tools group (includes gcc, make, etc.)
    • Required dependencies: ncurses-devel, elfutils-libelf-devel, bc, openssl-devel, bison, flex

  2. Critical Configuration Settings

    • CONFIG_SYSTEM_TRUSTED_KEYS must be an empty string (""), not a file path
    • CONFIG_SYSTEM_EXTRA_CERTIFICATE must also be an empty string

  3. Compilation Time

    • Use -j$(nproc) to speed up compilation
    • Always clean and recompile with detailed logging when debugging

  4. Verification Steps

    • After successful compilation, run uname -r — output should be 7.0.7
    • After reboot, run sudo systemctl status openeuler to confirm kernel loads properly

  5. Error Diagnosis

    • Check build.log for specific error lines:
      • make[3]: *** No rule to make target 'certs/openeuler-cert.pem'
      • make[2]: *** [certs] Error 2

VI. Reference Resources

  • Official Kernel Download: https://www.kernel.org/pub/linux/kernel/v7.x/
  • Install Build Tools: Use sudo dnf groupinstall "Development Tools"
  • Install Dependencies: Use sudo dnf install <package-name>-devel
  • Extract Source: Use tar -xvf <filename>.tar.xz

Document Generation Date: 2026-05-21
Source: Huawei Cloud Developer Community Blog (bbs.huaweicloud.com)
Author: AutoClaw + Deepseek (Generated Example Content)