diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-11-24 18:46:52 -0200 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-11-24 18:46:52 -0200 |
commit | a4af99635944a5a800ff084c69066e0077a95bdc (patch) | |
tree | a4f26d652080ddb9a7f05da32249ce3368eeea46 /kernels/linux-libre-grsec-knock/PKGBUILD | |
parent | efe1fb0bafd5adad6f1d5421a86753d5618c21fa (diff) | |
download | abslibre-a4af99635944a5a800ff084c69066e0077a95bdc.tar.gz abslibre-a4af99635944a5a800ff084c69066e0077a95bdc.tar.bz2 abslibre-a4af99635944a5a800ff084c69066e0077a95bdc.zip |
linux-libre-grsec-knock: add new package to [kernels]
Diffstat (limited to 'kernels/linux-libre-grsec-knock/PKGBUILD')
-rw-r--r-- | kernels/linux-libre-grsec-knock/PKGBUILD | 353 |
1 files changed, 353 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec-knock/PKGBUILD b/kernels/linux-libre-grsec-knock/PKGBUILD new file mode 100644 index 000000000..321f8d78f --- /dev/null +++ b/kernels/linux-libre-grsec-knock/PKGBUILD @@ -0,0 +1,353 @@ +# Contributor (Arch): Daniel Micay <danielmicay@gmail.com> +# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org> +# Contributor (Arch): Thomas Baechler <thomas@archlinux.org> +# Contributor (Arch): henning mueller <henning@orgizm.net> +# Contributor (Arch): Thomas Dwyer http://tomd.tel +# Maintainer: André Silva <emulatorman@parabola.nu> +# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar> +# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org> +# Contributor: Michał Masłowski <mtjm@mtjm.eu> +# Contributor: Márcio Silva <coadde@parabola.nu> +# Contributor: Luke Shumaker <lukeshu@sbcglobal.net> + +pkgbase=linux-libre-grsec-knock # Build kernel with -grsec-knock localname +_pkgbasever=3.17-gnu +_pkgver=3.17.4-gnu +_grsecver=3.0 +_timestamp=201411231452 +_knockpatchver=3.18_0 + +_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname +_replacesoldkernels=('kernel26%' 'kernel26-libre%') # '%' gets replaced with _kernelname +_replacesoldmodules=() # '%' gets replaced with _kernelname + +_srcname=linux-${_pkgbasever%-*} +_archpkgver=${_pkgver%-*}.${_timestamp} +pkgver=${_pkgver//-/_}.${_timestamp} +pkgrel=1 +arch=('i686' 'x86_64' 'mips64el') +url="https://wiki.parabola.nu/Grsecurity%2BKnock" +license=('GPL2') +makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') +options=('!strip') +source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}/patch-${_pkgbasever}-${_pkgver}.xz" + "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch" + "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch.sig" + "http://gnunet.org/sites/default/files/tcp_stealth_${_knockpatchver}.diff" + # the main kernel config files + 'config.i686' 'config.x86_64' 'config.mips64el' + # standard config files for mkinitcpio ramdisk + 'linux.preset' + 'logo_linux_'{clut224.ppm,vga16.ppm,mono.pbm} + 'change-default-console-loglevel.patch' + # loongson-community patch: http://linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/ + # Note: Makefile patching was removed due which we are using specific flags from grsecurity patch + '3.17-rc6-5358c5e4e5-loongson-community.patch') +sha256sums=('3b2e9a862ada390a318f95d5a436d07dd32664434f4f383e27fd5cc0b4f41f0e' + '4ab0090546aec3fe9cbe144b69af907ffdb41fbd7ba85b00db335e56429e543d' + '4db8d062a6acdbbcf23067f945608836acc0ab47e8ab3ac5dc1e2f1a428d48db' + 'SKIP' + '6f38bbc5fd3b4cf59898a02b4d9523f9a49f0a2a27d13aa7a96178cc790c4e19' + 'b9836ca1d935c57f0fdc8c9003498cc81ef9e2673b81b58c1daa9c9b1bbe54dd' + '2c7fca5da9f5455172ec59ab323b9934023e67e3bef46fb016d0b21d7c922239' + '52ba1de365d5dad8f14ae6ae5e30251d78d22f44009ad9cc547d5fcc61469e61' + 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c' + '074b67818582874146c389c029bc43648d145891a27e47aa2c5c42d3571f0264' + '2e87a8ec1cc0c91938cac24992d8a3d4362b3e9d939767e4c9d2ec8e6d969d53' + 'f67f60a30bcf2e9a2ba88ad97cace308da7a7f94919bb95c3dc030f5885a8015' + '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99' + '95b933f692c982496d2d7a16e9d44d72beb2f7fa664a3321b2fa71b37029d0fc') + +_kernelname=${pkgbase#linux-libre} +_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}") +_replacesoldkernels=("${_replacesoldkernels[@]/\%/${_kernelname}}") +_replacesoldmodules=("${_replacesoldmodules[@]/\%/${_kernelname}}") + +case "$CARCH" in + i686|x86_64) KARCH=x86;; + mips64el) KARCH=mips;; +esac + +prepare() { + cd "${srcdir}/${_srcname}" + + # add upstream patch + if [ "${_pkgbasever}" != "${_pkgver}" ]; then + patch -p1 -i "${srcdir}/patch-${_pkgbasever}-${_pkgver}" + fi + + # add grsecurity patches + patch -Np1 -i "${srcdir}/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch" + rm localversion-grsec + + # add knock patch + patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff" + + # add freedo as boot logo + install -m644 -t drivers/video/logo \ + "${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm} + + # add latest fixes from stable queue, if needed + # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git + + # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) + # remove this when a Kconfig knob is made available by upstream + # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) + patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" + + # Adding loongson-community patch + if [ "${CARCH}" == "mips64el" ]; then + patch -p1 -i ${srcdir}/3.16-7981337ad0-loongson-community.patch + fi + + cat "${srcdir}/config.${CARCH}" > ./.config + + # append pkgrel to extraversion + sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${_timestamp}-${pkgrel}|" Makefile + + # don't run depmod on 'make install'. We'll do this ourselves in packaging + sed -i '2iexit 0' scripts/depmod.sh + + # get kernel version + make prepare + + # load configuration + # Configure the kernel. Replace the line below with one of your choice. + #make menuconfig # CLI menu for configuration + #make nconfig # new CLI menu for configuration + #make xconfig # X-based configuration + #make oldconfig # using old config from previous kernel version + # ... or manually edit .config + + # rewrite configuration + yes "" | make config >/dev/null +} + +build() { + cd "${srcdir}/${_srcname}" + + make ${MAKEFLAGS} LOCALVERSION= bzImage modules +} + +_package() { + pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches and support for stealth TCP sockets" + [ "${pkgbase}" = "linux-libre" ] && groups=('base') + depends=('coreutils' 'linux-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7') + optdepends=('crda: to set the correct wireless channels of your country' + 'gradm: to configure and enable Role Based Access Control (RBAC)' + 'paxd: to enable PaX exploit mitigations and apply exceptions automatically' + 'systemd-knock: to use system and service manager with TCP Stealth support' + 'openssh-knock: to use SSH with TCP Stealth support') + provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") + replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") + backup=("etc/mkinitcpio.d/${pkgbase}.preset") + install=linux.install + + cd "${srcdir}/${_srcname}" + + # get kernel version + _kernver="$(make LOCALVERSION= kernelrelease)" + _basekernel=${_kernver%%-*} + _basekernel=${_basekernel%.*} + + mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} + make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install + cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" + + # set correct depmod command for install + cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" + true && install=${install}.pkg + sed \ + -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \ + -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ + -i "${startdir}/${install}" + + # install mkinitcpio preset file for kernel + install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + sed \ + -e "1s|'linux.*'|'${pkgbase}'|" \ + -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ + -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ + -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + + # remove build and source links + rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} + # remove the firmware + rm -rf "${pkgdir}/lib/firmware" + # gzip -9 all modules to save 100MB of space + find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \; + # make room for external modules + ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules" + # add real version for building modules and running depmod from post_install/upgrade + mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}" + echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}/version" + + # Now we call depmod... + depmod -b "${pkgdir}" -F System.map "${_kernver}" + + # move module tree /lib -> /usr/lib + mkdir -p "${pkgdir}/usr" + mv "${pkgdir}/lib" "${pkgdir}/usr/" + + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" + + # add grsecurity gcc plugins + mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc" + cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin" + install -m644 tools/gcc/size_overflow_plugin/Makefile tools/gcc/size_overflow_plugin/*.so \ + "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin" +} + +_package-headers() { + pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" + provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") + replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") + + install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" + + cd "${srcdir}/${_srcname}" + install -D -m644 Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" + install -D -m644 kernel/Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" + install -D -m644 .config \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" + + for i in acpi asm-generic config crypto drm generated keys linux math-emu \ + media net pcmcia scsi sound trace uapi video xen; do + cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" + done + + # copy arch includes for external modules + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" + cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + + # copy files necessary for later builds + cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" + + # fix permissions on scripts dir + chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" + + cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + + if [ "${CARCH}" = "i686" ]; then + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + fi + + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" + + # add docbook makefile + install -D -m644 Documentation/DocBook/Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" + + # add dm headers + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + + # add inotify.h + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" + + # add wireless headers + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + + # add dvb headers for external modules + # in reference to: + # http://bugs.archlinux.org/task/9912 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" + # and... + # http://bugs.archlinux.org/task/11194 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + + # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new + # in reference to: + # http://bugs.archlinux.org/task/13146 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + + # add dvb headers + # in reference to: + # http://bugs.archlinux.org/task/20402 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" + + # add xfs and shmem for aufs building + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" + # removed in 3.17-gnu series + # cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" + + # copy in Kconfig files + for i in $(find . -name "Kconfig*"); do + mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" + done + + chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; + + # strip scripts directory + find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + case "$(file -bi "${binary}")" in + *application/x-sharedlib*) # Libraries (.so) + /usr/bin/strip ${STRIP_SHARED} "${binary}";; + *application/x-archive*) # Libraries (.a) + /usr/bin/strip ${STRIP_STATIC} "${binary}";; + *application/x-executable*) # Binaries + /usr/bin/strip ${STRIP_BINARIES} "${binary}";; + esac + done + + # remove unneeded architectures + find "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch -mindepth 1 -maxdepth 1 -type d -not -name "$KARCH" -exec rm -rf {} + +} + +_package-docs() { + pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" + provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") + replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") + + cd "${srcdir}/${_srcname}" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}" -type f -exec chmod 444 {} \; + find "${pkgdir}" -type d -exec chmod 755 {} \; + + # remove a file already in linux package + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" +} + +pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") +for _p in ${pkgname[@]}; do + eval "package_${_p}() { + $(declare -f "_package${_p#${pkgbase}}") + _package${_p#${pkgbase}} + }" +done + +# vim:set ts=8 sts=2 sw=2 et: |