summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-grsec-knock/PKGBUILD
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2014-11-24 18:46:52 -0200
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2014-11-24 18:46:52 -0200
commita4af99635944a5a800ff084c69066e0077a95bdc (patch)
treea4f26d652080ddb9a7f05da32249ce3368eeea46 /kernels/linux-libre-grsec-knock/PKGBUILD
parentefe1fb0bafd5adad6f1d5421a86753d5618c21fa (diff)
downloadabslibre-a4af99635944a5a800ff084c69066e0077a95bdc.tar.gz
abslibre-a4af99635944a5a800ff084c69066e0077a95bdc.tar.bz2
abslibre-a4af99635944a5a800ff084c69066e0077a95bdc.zip
linux-libre-grsec-knock: add new package to [kernels]
Diffstat (limited to 'kernels/linux-libre-grsec-knock/PKGBUILD')
-rw-r--r--kernels/linux-libre-grsec-knock/PKGBUILD353
1 files changed, 353 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec-knock/PKGBUILD b/kernels/linux-libre-grsec-knock/PKGBUILD
new file mode 100644
index 000000000..321f8d78f
--- /dev/null
+++ b/kernels/linux-libre-grsec-knock/PKGBUILD
@@ -0,0 +1,353 @@
+# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
+# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
+# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>
+# Contributor (Arch): henning mueller <henning@orgizm.net>
+# Contributor (Arch): Thomas Dwyer http://tomd.tel
+# Maintainer: André Silva <emulatorman@parabola.nu>
+# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar>
+# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org>
+# Contributor: Michał Masłowski <mtjm@mtjm.eu>
+# Contributor: Márcio Silva <coadde@parabola.nu>
+# Contributor: Luke Shumaker <lukeshu@sbcglobal.net>
+
+pkgbase=linux-libre-grsec-knock # Build kernel with -grsec-knock localname
+_pkgbasever=3.17-gnu
+_pkgver=3.17.4-gnu
+_grsecver=3.0
+_timestamp=201411231452
+_knockpatchver=3.18_0
+
+_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
+_replacesoldkernels=('kernel26%' 'kernel26-libre%') # '%' gets replaced with _kernelname
+_replacesoldmodules=() # '%' gets replaced with _kernelname
+
+_srcname=linux-${_pkgbasever%-*}
+_archpkgver=${_pkgver%-*}.${_timestamp}
+pkgver=${_pkgver//-/_}.${_timestamp}
+pkgrel=1
+arch=('i686' 'x86_64' 'mips64el')
+url="https://wiki.parabola.nu/Grsecurity%2BKnock"
+license=('GPL2')
+makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc')
+options=('!strip')
+source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz"
+ "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}/patch-${_pkgbasever}-${_pkgver}.xz"
+ "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch"
+ "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch.sig"
+ "http://gnunet.org/sites/default/files/tcp_stealth_${_knockpatchver}.diff"
+ # the main kernel config files
+ 'config.i686' 'config.x86_64' 'config.mips64el'
+ # standard config files for mkinitcpio ramdisk
+ 'linux.preset'
+ 'logo_linux_'{clut224.ppm,vga16.ppm,mono.pbm}
+ 'change-default-console-loglevel.patch'
+ # loongson-community patch: http://linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/
+ # Note: Makefile patching was removed due which we are using specific flags from grsecurity patch
+ '3.17-rc6-5358c5e4e5-loongson-community.patch')
+sha256sums=('3b2e9a862ada390a318f95d5a436d07dd32664434f4f383e27fd5cc0b4f41f0e'
+ '4ab0090546aec3fe9cbe144b69af907ffdb41fbd7ba85b00db335e56429e543d'
+ '4db8d062a6acdbbcf23067f945608836acc0ab47e8ab3ac5dc1e2f1a428d48db'
+ 'SKIP'
+ '6f38bbc5fd3b4cf59898a02b4d9523f9a49f0a2a27d13aa7a96178cc790c4e19'
+ 'b9836ca1d935c57f0fdc8c9003498cc81ef9e2673b81b58c1daa9c9b1bbe54dd'
+ '2c7fca5da9f5455172ec59ab323b9934023e67e3bef46fb016d0b21d7c922239'
+ '52ba1de365d5dad8f14ae6ae5e30251d78d22f44009ad9cc547d5fcc61469e61'
+ 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c'
+ '074b67818582874146c389c029bc43648d145891a27e47aa2c5c42d3571f0264'
+ '2e87a8ec1cc0c91938cac24992d8a3d4362b3e9d939767e4c9d2ec8e6d969d53'
+ 'f67f60a30bcf2e9a2ba88ad97cace308da7a7f94919bb95c3dc030f5885a8015'
+ '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
+ '95b933f692c982496d2d7a16e9d44d72beb2f7fa664a3321b2fa71b37029d0fc')
+
+_kernelname=${pkgbase#linux-libre}
+_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
+_replacesoldkernels=("${_replacesoldkernels[@]/\%/${_kernelname}}")
+_replacesoldmodules=("${_replacesoldmodules[@]/\%/${_kernelname}}")
+
+case "$CARCH" in
+ i686|x86_64) KARCH=x86;;
+ mips64el) KARCH=mips;;
+esac
+
+prepare() {
+ cd "${srcdir}/${_srcname}"
+
+ # add upstream patch
+ if [ "${_pkgbasever}" != "${_pkgver}" ]; then
+ patch -p1 -i "${srcdir}/patch-${_pkgbasever}-${_pkgver}"
+ fi
+
+ # add grsecurity patches
+ patch -Np1 -i "${srcdir}/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch"
+ rm localversion-grsec
+
+ # add knock patch
+ patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff"
+
+ # add freedo as boot logo
+ install -m644 -t drivers/video/logo \
+ "${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}
+
+ # add latest fixes from stable queue, if needed
+ # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
+
+ # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
+ # remove this when a Kconfig knob is made available by upstream
+ # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
+ patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
+
+ # Adding loongson-community patch
+ if [ "${CARCH}" == "mips64el" ]; then
+ patch -p1 -i ${srcdir}/3.16-7981337ad0-loongson-community.patch
+ fi
+
+ cat "${srcdir}/config.${CARCH}" > ./.config
+
+ # append pkgrel to extraversion
+ sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${_timestamp}-${pkgrel}|" Makefile
+
+ # don't run depmod on 'make install'. We'll do this ourselves in packaging
+ sed -i '2iexit 0' scripts/depmod.sh
+
+ # get kernel version
+ make prepare
+
+ # load configuration
+ # Configure the kernel. Replace the line below with one of your choice.
+ #make menuconfig # CLI menu for configuration
+ #make nconfig # new CLI menu for configuration
+ #make xconfig # X-based configuration
+ #make oldconfig # using old config from previous kernel version
+ # ... or manually edit .config
+
+ # rewrite configuration
+ yes "" | make config >/dev/null
+}
+
+build() {
+ cd "${srcdir}/${_srcname}"
+
+ make ${MAKEFLAGS} LOCALVERSION= bzImage modules
+}
+
+_package() {
+ pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches and support for stealth TCP sockets"
+ [ "${pkgbase}" = "linux-libre" ] && groups=('base')
+ depends=('coreutils' 'linux-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7')
+ optdepends=('crda: to set the correct wireless channels of your country'
+ 'gradm: to configure and enable Role Based Access Control (RBAC)'
+ 'paxd: to enable PaX exploit mitigations and apply exceptions automatically'
+ 'systemd-knock: to use system and service manager with TCP Stealth support'
+ 'openssh-knock: to use SSH with TCP Stealth support')
+ provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
+ replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
+ backup=("etc/mkinitcpio.d/${pkgbase}.preset")
+ install=linux.install
+
+ cd "${srcdir}/${_srcname}"
+
+ # get kernel version
+ _kernver="$(make LOCALVERSION= kernelrelease)"
+ _basekernel=${_kernver%%-*}
+ _basekernel=${_basekernel%.*}
+
+ mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot}
+ make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install
+ cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
+
+ # set correct depmod command for install
+ cp -f "${startdir}/${install}" "${startdir}/${install}.pkg"
+ true && install=${install}.pkg
+ sed \
+ -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \
+ -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \
+ -i "${startdir}/${install}"
+
+ # install mkinitcpio preset file for kernel
+ install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+ sed \
+ -e "1s|'linux.*'|'${pkgbase}'|" \
+ -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \
+ -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \
+ -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \
+ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+
+ # remove build and source links
+ rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build}
+ # remove the firmware
+ rm -rf "${pkgdir}/lib/firmware"
+ # gzip -9 all modules to save 100MB of space
+ find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \;
+ # make room for external modules
+ ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules"
+ # add real version for building modules and running depmod from post_install/upgrade
+ mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}"
+ echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}/version"
+
+ # Now we call depmod...
+ depmod -b "${pkgdir}" -F System.map "${_kernver}"
+
+ # move module tree /lib -> /usr/lib
+ mkdir -p "${pkgdir}/usr"
+ mv "${pkgdir}/lib" "${pkgdir}/usr/"
+
+ # add vmlinux
+ install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux"
+
+ # add grsecurity gcc plugins
+ mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc"
+ cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+ cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+ install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+ mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin"
+ install -m644 tools/gcc/size_overflow_plugin/Makefile tools/gcc/size_overflow_plugin/*.so \
+ "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin"
+}
+
+_package-headers() {
+ pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel"
+ provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
+ replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
+
+ install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}"
+
+ cd "${srcdir}/${_srcname}"
+ install -D -m644 Makefile \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile"
+ install -D -m644 kernel/Makefile \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile"
+ install -D -m644 .config \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/.config"
+
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include"
+
+ for i in acpi asm-generic config crypto drm generated keys linux math-emu \
+ media net pcmcia scsi sound trace uapi video xen; do
+ cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/"
+ done
+
+ # copy arch includes for external modules
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}"
+ cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+
+ # copy files necessary for later builds
+ cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build"
+
+ # fix permissions on scripts dir
+ chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions"
+
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel"
+
+ cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+
+ if [ "${CARCH}" = "i686" ]; then
+ cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+ fi
+
+ cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/"
+
+ # add docbook makefile
+ install -D -m644 Documentation/DocBook/Makefile \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+
+ # add dm headers
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
+ cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
+
+ # add inotify.h
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux"
+ cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/"
+
+ # add wireless headers
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
+ cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
+
+ # add dvb headers for external modules
+ # in reference to:
+ # http://bugs.archlinux.org/task/9912
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core"
+ cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/"
+ # and...
+ # http://bugs.archlinux.org/task/11194
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
+ cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
+
+ # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new
+ # in reference to:
+ # http://bugs.archlinux.org/task/13146
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
+ cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+ cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+
+ # add dvb headers
+ # in reference to:
+ # http://bugs.archlinux.org/task/20402
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb"
+ cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends"
+ cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners"
+ cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/"
+
+ # add xfs and shmem for aufs building
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm"
+ # removed in 3.17-gnu series
+ # cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h"
+
+ # copy in Kconfig files
+ for i in $(find . -name "Kconfig*"); do
+ mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'`
+ cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}"
+ done
+
+ chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \;
+
+ # strip scripts directory
+ find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
+ case "$(file -bi "${binary}")" in
+ *application/x-sharedlib*) # Libraries (.so)
+ /usr/bin/strip ${STRIP_SHARED} "${binary}";;
+ *application/x-archive*) # Libraries (.a)
+ /usr/bin/strip ${STRIP_STATIC} "${binary}";;
+ *application/x-executable*) # Binaries
+ /usr/bin/strip ${STRIP_BINARIES} "${binary}";;
+ esac
+ done
+
+ # remove unneeded architectures
+ find "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch -mindepth 1 -maxdepth 1 -type d -not -name "$KARCH" -exec rm -rf {} +
+}
+
+_package-docs() {
+ pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel"
+ provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
+ replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
+
+ cd "${srcdir}/${_srcname}"
+
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ find "${pkgdir}" -type f -exec chmod 444 {} \;
+ find "${pkgdir}" -type d -exec chmod 755 {} \;
+
+ # remove a file already in linux package
+ rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+}
+
+pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
+for _p in ${pkgname[@]}; do
+ eval "package_${_p}() {
+ $(declare -f "_package${_p#${pkgbase}}")
+ _package${_p#${pkgbase}}
+ }"
+done
+
+# vim:set ts=8 sts=2 sw=2 et: