Bering is based on a 2.4.18 kernel. The recommended compiler for this kernel is GCC 2.95.3 or 2.95.4

GCC 3.x can be used as well but according to the kernel Documentation Change file you might get some trouble using it. I have never experienced such problems but the reason why I do not use GCC 3.x is that it leads to a larger kernel image than the 2.95.x compiler. Also note that the 2.7 compiler provided with Debian/slink CANNOT be used with 2.4.x kernels. That is why you have to use a more recent development environment. I personally use Debian/Woody ("stable").

You also need GNU make 3.77 or later and a recent binutils release. On my machine I have:

leafdoc@samsung:~$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-linux/2.95.4/specs
gcc version 2.95.4 20011002 (Debian prerelease)

leafdoc@samsung:~$ make --version
GNU Make version 3.79.1, by Richard Stallman and Roland McGrath.

leafdoc@samsung:~$ ld -v
GNU ld version 2.12.90.0.1 20020307 Debian/GNU Linux
leafdoc@samsung:~$ 

This development environment is the one which has been used to compile the kernel and the corresponding "modules.lrp" package of the Bering distro. But once again, you can use any "modern" linux distribution (that is offering a GCC 2.95.3 or better compiler) to do that.

For the Bering developers who want a "ready-to-go" compilation environment, they can use a Debian/woody virtual machine. This machine is provided with a Bering patched (rc4) 2.4.18 linux source file.

The Debian/woody virtual machine provides a Bering source kernel that is already patched and compiled. So most of the steps described below are unnecessary. Just install your virtual machine as explained in the Leaf UML documentation and login. Then any modification to the kernel is as easy as:

mkdir /tmp/Bering_modules_2.4.18
cd /usr/src/linux
make menuconfig
 (make your changes here and save)
make dep;make bzImage;
make modules;make modules_install INSTALL_MOD_PATH=/tmp/Bering_modules_2.4.18;

The only thing that cannot be done on the virtual machine is kernel compression through UPX. For some strange reason the UPX binary segfault on the UML machine. That has to be done on the host machine.

Sections 1.3 to 1.6 below only apply to those who want to install the kernel development environment on their own "real" machine.

You will need to download in any directory (assumed to be named /download/directory the following files:

Login as root. In /usr/src unpack the following files:

cd /usr/src
tar xzvf /download/directory/linux-2.4.18.tar.gz
tar xzvf /download/directory/freeswan-1.99.tar.gz
tar xzvf /download/directory/pcmcia_cs-3.2.3.tar.gz

Once this is done, apply the linux directory the Bering patches in the following order: (here /download/directory = /home/leafdoc/patches-stable:

leafdoc@samsung:~$ cd linux
leafdoc@samsung:~/linux$ gunzip /home/leafdoc/patches-stable/newnat13-and-helpers-2.4.18.gz -c | patch -p1
patching file Documentation/Configure.help
patching file Makefile
patching file include/linux/netfilter_arp.h
patching file include/linux/netfilter_ipv4/ip_conntrack.h
patching file include/linux/netfilter_ipv4/ip_conntrack_core.h
patching file include/linux/netfilter_ipv4/ip_conntrack_ftp.h
patching file include/linux/netfilter_ipv4/ip_conntrack_h323.h
patching file include/linux/netfilter_ipv4/ip_conntrack_helper.h
patching file include/linux/netfilter_ipv4/ip_conntrack_irc.h
patching file include/linux/netfilter_ipv4/ip_conntrack_pptp.h
patching file include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
patching file include/linux/netfilter_ipv4/ip_conntrack_protocol.h
patching file include/linux/netfilter_ipv4/ip_conntrack_rpc.h
patching file include/linux/netfilter_ipv4/ip_conntrack_talk.h
patching file include/linux/netfilter_ipv4/ip_conntrack_tftp.h
patching file include/linux/netfilter_ipv4/ip_conntrack_tuple.h
patching file include/linux/netfilter_ipv4/ip_nat.h
patching file include/linux/netfilter_ipv4/ip_nat_helper.h
patching file include/linux/netfilter_ipv4/ip_nat_pptp.h
patching file include/linux/netfilter_ipv4/ip_nat_rule.h
patching file include/linux/netfilter_ipv4/ipt_helper.h
patching file net/ipv4/arp.c
patching file net/ipv4/netfilter/Config.in
patching file net/ipv4/netfilter/Makefile
patching file net/ipv4/netfilter/ip_conntrack_core.c
patching file net/ipv4/netfilter/ip_conntrack_ftp.c
patching file net/ipv4/netfilter/ip_conntrack_h323.c
patching file net/ipv4/netfilter/ip_conntrack_irc.c
patching file net/ipv4/netfilter/ip_conntrack_pptp.c
patching file net/ipv4/netfilter/ip_conntrack_proto_generic.c
patching file net/ipv4/netfilter/ip_conntrack_proto_gre.c
patching file net/ipv4/netfilter/ip_conntrack_proto_icmp.c
patching file net/ipv4/netfilter/ip_conntrack_proto_tcp.c
patching file net/ipv4/netfilter/ip_conntrack_proto_udp.c
patching file net/ipv4/netfilter/ip_conntrack_rpc_tcp.c
patching file net/ipv4/netfilter/ip_conntrack_rpc_udp.c
patching file net/ipv4/netfilter/ip_conntrack_standalone.c
patching file net/ipv4/netfilter/ip_conntrack_talk.c
patching file net/ipv4/netfilter/ip_conntrack_tftp.c
patching file net/ipv4/netfilter/ip_fw_compat_masq.c
patching file net/ipv4/netfilter/ip_fw_compat_redir.c
patching file net/ipv4/netfilter/ip_nat_core.c
patching file net/ipv4/netfilter/ip_nat_ftp.c
patching file net/ipv4/netfilter/ip_nat_h323.c
patching file net/ipv4/netfilter/ip_nat_helper.c
patching file net/ipv4/netfilter/ip_nat_irc.c
patching file net/ipv4/netfilter/ip_nat_pptp.c
patching file net/ipv4/netfilter/ip_nat_proto_gre.c
patching file net/ipv4/netfilter/ip_nat_proto_tcp.c
patching file net/ipv4/netfilter/ip_nat_proto_unknown.c
patching file net/ipv4/netfilter/ip_nat_rule.c
patching file net/ipv4/netfilter/ip_nat_snmp_basic.c
patching file net/ipv4/netfilter/ip_nat_standalone.c
patching file net/ipv4/netfilter/ip_nat_talk.c
patching file net/ipv4/netfilter/ip_nat_tftp.c
patching file net/ipv4/netfilter/ip_queue.c
patching file net/ipv4/netfilter/ipt_REJECT.c
patching file net/ipv4/netfilter/ipt_ULOG.c
patching file net/ipv4/netfilter/ipt_helper.c
patching file net/ipv4/netfilter/ipt_record_rpc.c
patching file net/ipv6/netfilter/ip6_queue.c
leafdoc@samsung:~/linux$ cat /home/leafdoc/patches-stable/unclean1.patch | patch -p1
patching file net/ipv4/netfilter/ipt_unclean.c
leafdoc@samsung:~/linux$ cat /home/leafdoc/patches-stable/htb2_2.4.17.diff | patch -p1
patching file net/sched/Config.in
patching file net/sched/Makefile
patching file net/sched/sch_htb.c
patching file include/linux/pkt_sched.h
patching file net/sched/sch_api.c
leafdoc@samsung:~/linux$ cat /home/leafdoc/patches-stable/bridge-nf-0.0.7-against-2.4.18.diff | patch -p1
patching file include/linux/netfilter.h
patching file include/linux/netfilter_ipv4.h
patching file include/linux/skbuff.h
patching file net/Config.in
patching file net/bridge/Makefile
patching file net/bridge/br.c
patching file net/bridge/br_forward.c
patching file net/bridge/br_input.c
patching file net/bridge/br_netfilter.c
patching file net/bridge/br_private.h
patching file net/core/netfilter.c
patching file net/core/skbuff.c
patching file net/ipv4/ip_output.c
patching file net/ipv4/netfilter/ip_tables.c
patching file net/ipv4/netfilter/ipt_LOG.c
leafdoc@samsung:~/linux$ gunzip /home/leafdoc/patches-stable/linux-2.4.16-openssl-0.9.6b-mppe-patch.gz -c | patch -p1
patching file drivers/net/Makefile
patching file drivers/net/Makefile.orig
patching file drivers/net/md32_common.h
patching file drivers/net/mppe.h
patching file drivers/net/ppp_generic.c
patching file drivers/net/ppp_mppe.c
patching file drivers/net/rc4_enc.c
patching file drivers/net/rc4_locl.h
patching file drivers/net/rc4_skey.c
patching file drivers/net/sha1dgst.c
patching file drivers/net/sha_locl.h
patching file include/linux/ppp-comp.h
patching file include/openssl/opensslconf.h
patching file include/openssl/opensslv.h
patching file include/openssl/rc4.h
patching file include/openssl/sha.h
leafdoc@samsung:~/linux$ gunzip /home/leafdoc/patches-stable/grsecurity-1.9.5-2.4.18.patch.gz -c | patch -p1
patching file Documentation/Configure.help
Hunk #1 succeeded at 2439 (offset 35 lines).
Hunk #2 succeeded at 20029 (offset 69 lines).
patching file Makefile
Hunk #1 FAILED at 1.
1 out of 4 hunks FAILED -- saving rejects to file Makefile.rej
patching file arch/alpha/config.in
patching file arch/arm/config.in
patching file arch/cris/config.in
patching file arch/i386/config.in
patching file arch/i386/kernel/entry.S
patching file arch/i386/kernel/head.S
patching file arch/i386/kernel/ptrace.c
patching file arch/i386/kernel/signal.c
patching file arch/i386/kernel/traps.c
patching file arch/i386/mm/fault.c
patching file arch/ia64/config.in
patching file arch/m68k/config.in
patching file arch/mips/config.in
patching file arch/mips64/config.in
patching file arch/parisc/config.in
patching file arch/ppc/config.in
patching file arch/s390/config.in
patching file arch/s390x/config.in
patching file arch/sh/config.in
patching file arch/sparc/config.in
patching file arch/sparc64/config.in
patching file drivers/char/mem.c
patching file drivers/pci/proc.c
patching file fs/binfmt_aout.c
patching file fs/binfmt_elf.c
patching file fs/exec.c
patching file fs/namei.c
patching file fs/namespace.c
patching file fs/open.c
patching file fs/proc/base.c
patching file fs/proc/generic.c
patching file fs/proc/inode.c
patching file fs/proc/proc_misc.c
patching file fs/proc/proc_tty.c
patching file fs/proc/root.c
patching file fs/readdir.c
patching file grsecurity/Config.in
patching file grsecurity/Makefile
patching file grsecurity/gracl.c
patching file grsecurity/grsecurity.c
patching file grsecurity/grsum.c
patching file include/asm-i386/a.out.h
patching file include/asm-i386/pgtable.h
patching file include/asm-i386/processor.h
patching file include/linux/a.out.h
patching file include/linux/binfmts.h
patching file include/linux/dcache.h
patching file include/linux/elf.h
patching file include/linux/fs.h
patching file include/linux/gracl.h
patching file include/linux/grdefs.h
patching file include/linux/grsecurity.h
patching file include/linux/grsum.h
patching file include/linux/kernel.h
patching file include/linux/mm.h
patching file include/linux/proc_fs.h
patching file include/linux/sched.h
patching file include/linux/sysctl.h
patching file include/net/inetpeer.h
patching file include/net/ip.h
patching file init/main.c
patching file ipc/msg.c
patching file ipc/sem.c
patching file ipc/shm.c
patching file kernel/capability.c
patching file kernel/fork.c
patching file kernel/ksyms.c
patching file kernel/printk.c
patching file kernel/sched.c
patching file kernel/signal.c
patching file kernel/sys.c
patching file kernel/sysctl.c
patching file kernel/time.c
patching file mm/mmap.c
patching file mm/mprotect.c
patching file net/ipv4/Makefile
patching file net/ipv4/af_inet.c
patching file net/ipv4/icmp.c
patching file net/ipv4/ip_id.c
patching file net/ipv4/ip_output.c
patching file net/ipv4/netfilter/Config.in
Hunk #1 succeeded at 30 with fuzz 2 (offset 5 lines).
patching file net/ipv4/netfilter/Makefile
Hunk #1 succeeded at 105 (offset 41 lines).
patching file net/ipv4/netfilter/ipt_stealth.c
patching file net/ipv4/tcp_ipv4.c
patching file net/ipv4/udp.c
patching file net/netsyms.c
patching file net/socket.c
patching file net/sunrpc/xprt.c
leafdoc@samsung:~/linux$

You will notice a Makefile error for the grsecurity patch. It does not hurt. Just ignore it.

None of the above patches are mandatory to have a working Bering distro. Those patches only add extra functionalities. You may consider that you do not need any of them.

First, download the Bering kernel configuration file in the /usr/src/linux directory and rename it .config.

Then do the following:

cd /usr/src/linux
make dep
cd /usr/src/freeswan-1.99
make menugo (or make xgo if compilation is done within an xterm)

Notice that the kernel compilation is started from within the freeswan-1.99 directory. The make menugo (or xgo) command will create the necessary symlinks, apply the freeswan patches to the kernel, compile the kernel and the modules. Go for coffee, that can take a while. Also you will have to save and exit the kernel configuration menu that will popup in the process. This is the safest procedure to install freeswan. The problem is that it will install ipsec on your development machine so you will have to remove some files in the /etc directory if you do not want ipsec to start when you next log on:

cd /etc
rm -f init.d/ipsec
rm -f rc?.d/???ipsec

You now have to install the modules and to compress the kernel image:

mkdir /tmp/Bering_modules_2.4.18
cd /usr/src/linux
make modules_install INSTALL_MOD_PATH=/tmp/Bering_modules_2.4.18
upx --best -o linux.upx arch/i386/boot/bzImage

Well you are now done! Your modules are available in the /lib/modules/2.4.18 directory and your floppy linux is the linux.upx you have just generated.

Now that you have learned how to create your own Bering kernel, you can tune it so that you won't need any module at all. You will save space since you won't need to load the modules.lrp package anymore but it is also a nice security feature since you will generate an image that will not allow to load any module.

You can now work from the /usr/src/linux directory (since your freeswan patches are applied). Go through the kernel configuration menu and type make xconfig (or make menuconfig. Go through each section starting with the "Processor types and features one" (leave the "Loadable module support" one for the time being). For all the modules that are generated decide which one you include or which one you do not need. At the end go to the Loadable module support section and answer NO to "Enable loadable module support". Save your configuration file and exit. Then you just have to:

cd /usr/src/linux
make dep
make bzImage
upx --best -o linux.upx arch/i386/boot/bzImage

You now have a Bering kernel image tailored to your needs and you can get rid of the modules.lrp package !