diff options
author | David P <megver83@parabola.nu> | 2020-04-27 18:24:44 -0400 |
---|---|---|
committer | David P <megver83@parabola.nu> | 2020-04-27 18:28:38 -0400 |
commit | a5dea4f2300de846d3d9967ffdfd3b3bea4e8d70 (patch) | |
tree | 8fdf7e40b41e26cf8a1249fd3d384ae2bfac6823 /kernels/linux-libre-xtreme/PKGBUILD | |
parent | 940cbcb215b3a06b0f6a85c0700d6d642d1bebc8 (diff) | |
download | abslibre-a5dea4f2300de846d3d9967ffdfd3b3bea4e8d70.tar.gz abslibre-a5dea4f2300de846d3d9967ffdfd3b3bea4e8d70.tar.bz2 abslibre-a5dea4f2300de846d3d9967ffdfd3b3bea4e8d70.zip |
rmpkg: kernels/linux-libre-xtreme
Reason: Linux-libre{-hardened} enables all LSM by default in i686 and x86_64 since a long time.
Although it kinda made sense because it had AppArmor enabled by default, it's not worth to maintain
it since anyone can enable it by passing a kernel parameter, as explained in the AppArmor page in
ArchWiki. This isn't the case for armv7h, but will see if users want AppArmor for ARM in the future.
Signed-off-by: David P <megver83@parabola.nu>
Diffstat (limited to 'kernels/linux-libre-xtreme/PKGBUILD')
-rw-r--r-- | kernels/linux-libre-xtreme/PKGBUILD | 371 |
1 files changed, 0 insertions, 371 deletions
diff --git a/kernels/linux-libre-xtreme/PKGBUILD b/kernels/linux-libre-xtreme/PKGBUILD deleted file mode 100644 index ea07b3d51..000000000 --- a/kernels/linux-libre-xtreme/PKGBUILD +++ /dev/null @@ -1,371 +0,0 @@ -# Maintainer: David P. <megver83@parabola.nu> - -# Based on linux package - -_replacesarchkernel=('linux%') # '%' gets replaced with kernel suffix -_replacesoldkernels=() # '%' gets replaced with kernel suffix -_replacesoldmodules=() # '%' gets replaced with kernel suffix - -pkgbase=linux-libre-xtreme -pkgver=5.5.13 -_hrdedrel=a -pkgrel=1 -pkgdesc='Security-Hardened Linux-libre (with Apparmor by default)' -rcnver=5.5.11 -rcnrel=armv7-x14 -url='https://wiki.parabola.nu/Xtreme' -arch=(i686 x86_64 armv7h) -license=(GPL2) -makedepends=( - bc kmod libelf - xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick -) -options=('!strip') -_srcname=linux-5.5 -source=( - "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcname##*-}-gnu/linux-libre-${_srcname##*-}-gnu.tar.xz"{,.sign} - "https://linux-libre.fsfla.org/pub/linux-libre/releases/$pkgver-gnu/patch-${_srcname##*-}-gnu-$pkgver-gnu.xz"{,.sign} - "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig} - config.i686 config.x86_64 config.armv7h # the main kernel config files - linux-armv7h.preset # armv7h preset file for mkinitcpio ramdisk - - # maintain the TTY over USB disconnects - # http://www.coreboot.org/EHCI_Gadget_Debug - 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch - # fix Atmel maXTouch touchscreen support - # https://labs.parabola.nu/issues/877 - # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html - 0002-fix-Atmel-maXTouch-touchscreen-support.patch - # extracted patches from Arch Linux kernel sources - 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch - 0003-drm-Remove-PageReserved-manipulation-from-drm_pci_al.patch - 0004-drm-i915-Serialise-i915_active_acquire-with-__active.patch - 0005-drm-i915-gem-Take-runtime-pm-wakeref-prior-to-unbind.patch - 0006-drm-i915-gem-Avoid-parking-the-vma-as-we-unbind.patch - 0007-drm-i915-gem-Try-to-flush-pending-unbind-events.patch - 0008-drm-i915-gem-Reinitialise-the-local-list-before-repe.patch - 0009-drm-i915-Add-a-simple-is-bound-check-before-unbindin.patch - 0010-drm-i915-Introduce-a-vma.kref.patch - 0011-iwlwifi-don-t-send-GEO_TX_POWER_LIMIT-if-no-wgds-tab.patch -) -source_armv7h=( - # RCN patch (CM3 firmware deblobbed and bloatware removed) - "https://repo.parabola.nu/other/rcn-libre/patches/$rcnver/rcn-libre-$rcnver-$rcnrel.patch"{,.sig} - # Arch Linux ARM patches - 0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch - 0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch - 0003-SMILE-Plug-device-tree-file.patch - 0004-fix-mvsdio-eMMC-timing.patch - 0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch - 0006-set-default-cubietruck-led-triggers.patch - 0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch - 0008-ARM-dove-enable-ethernet-on-D3Plug.patch - 0009-USB-Armory-MkII-support.patch - 0010-Revert-ARM-8947-1-Fix-__arch_get_hw_counter-access-t.patch -) -source_x86_64=("https://github.com/anthraxx/linux-hardened/releases/download/$pkgver.$_hrdedrel/linux-hardened-$pkgver.$_hrdedrel.patch"{,.sig}) -validpgpkeys=( - '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva - '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay - '6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78' # David P. - 'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak -) -sha512sums=('187368a8fb4e04acfd7d18a024d6cdbc2841bcc06dcfbc3a053706e8512c3e3f573755228347c11bd791b296ec60eb2d67d5075ece2aef234a847e72f2b3e746' - 'SKIP' - '2c882f6256bb9409b59fde28183e71701e969aab8a0e36821550a639a5c5de3e3b129a708f0f9c83135653cfccc837601850b631fb6d63449e2083319aba1d30' - 'SKIP' - '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' - 'SKIP' - '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78' - 'SKIP' - '267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1' - 'SKIP' - 'a5b2c5c1f3ef457b61d63c6df4a4d13b5020ab6317e4c66b280306d19de7ef56f5eb93e3b80fa8dc63a19660da47b070368acf3e65171913b17ed8aafd4bf178' - '6b3b28e59d40f78239bfda230a55182e53b32dd530a2cc1da5e4f19606aad9b6c20d1a5150a2faa4013a6881080577eb85442ee6831627984f48791b19ed6477' - '2390b976f5c7fb4044d079ee38129e9fbf793c9e93a4b4033c7e4df9d8482eb4f1ec436895500912f4d4301fd3339b1dbcdad80667c2d6521f240b4d63497744' - 'aca591b5a2e838754e3c5fd2c0e50098ad54c2d0f990de5bf9cff8608e881daf0e37132294ed1a0e0a7b9e1c194c0b89f95da001d94febdb25a01c409060e3ac' - '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af' - 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168' - 'dfe4fb9f41247bde1c0b7b53922f98d30efe6e2fa810673b4f897f3a54c02ea6aa2a37a0532a8b5d4e6a0e0b016d931757bd4d3e6b2e3ef03cf05e61fc748b20' - 'fb8a16c9c5cc398f2ce0bacdad37adcd740a6e48829a29f2991a5451f8ef455060d39ead11030ca7bff8d6317faff5a705b811eae935a33c990972840a74befa' - '7904b2463445f7bd6cbae2325d189cba99b61f363eb8b34decbd0074d9e54fbc5d2077b63491ba10a3a02021ce7f35dd8ee86561f523d032b1ce50193f83c0ac' - '96ad606769ef0d3b1dd7c86444675908ed79c10b4db82d6c8090d33ee1945da9c166f516dc2394ea0fe03e9333194c225239f8f5e712dd3d1fa490ddc461f655' - '3ad7761dbdf10b857239765cd72179d0fe95d5dd654dd83591f177886bc3f5b52d4c82994e77f86ac2a250003ca707003e8b576d37923f1412822ca8b44110b9' - 'af8823fd0a61177f31866e89050554b145cea13b73e9f907dda8dd8d07d1448b01bfb8057795f3ec83764639d1a5abc0d51c03fe4b7c9dd54a067568f488f04b' - '74009876f1ea4e5e3a705659ed0af28d1535c1dd4a42b478fafd75d7a2879a0138e67d29783252833ddda84c7703f155025f7cd4b2d775f385df3f4fa9bb8f02' - '0b4a6fdaaf9e4b65aca8910c78cf30749db0deaa2dbf8e38786e0483b81fdf7862e8bcb4c18e1612432c5a1f307e318a18df8c2e3410217d0e3aded1c1d917be' - '7dda55bfaf3b4f77901e6378ff7c6617cb65b1c731f908f6e64371aed02dee17f15530e74c4243255bb27a4a7d0db0254ea93de191b599e541501f726883bd7f' - '4f4bc1de6375276d38207d0a82aab58c422c0bb7f8565791f984693f4254bc1a1b5989b39fb765457294f56e6b2d17d1e753bd56b98c5c17f556b7992a08afac' - '8cabc3719077e6c2fc092b746f030182aeff2373fc670726fd96df1f9004f507f5631b47ee7c7e4ddf37fc11e90180308c1969285411558e18fda3818d74d9fb') -sha512sums_x86_64=('5356887d1d0ad4406ff1e090947e5c107b072fe4edb040ac5dc6f431c276ee24297f4a4b485ff016ea9024dea861bb4817cf07dcfb39e922e3caa5e4c069d185' - 'SKIP') -sha512sums_armv7h=('53b5ab4baaf9e58f31e72d5395a7bbb187bc90c75c3ef00a927e282a336e2f5dfe9e54c0d4ad5ab901037ddd7d5c472ae2539f5a6d44a02105bce95b2c23269c' - 'SKIP' - '4ad93d447d8671402dd7a2886b5c1329ffd5dd7b7f87e895f792ae937258c5016c7c0512ad03c4065da7520e656d0764d565171be463a378320fb210b54e3dee' - '780e4ce45b35b271dd3459b543681603c1f112f68d5f3500b7c01fdcac205a9d06e9ec13700e8841d4beb831e3e2dda1664a0ac38ef23bb5a47e2df0534767d7' - '7b5faabd9f4a766f92a285857ff750eff4ae08abb8435483ca5bc9a38c4852d373a960ed272ea35b6a055c7ca53d2f3ff869023f91b9dcd0c5adac912c16b109' - '1a75ee9c6a51a95f39a6cbe5b27c034b239dad232961033df0ce9ce01dea8aaa3aa819a0a6b724a468bee8b275f2d7c8a5c56992f3237a18c19cd8ecb3a930e8' - '42e8fa85e9aee0624a120c1260c187b6402d48334dc5db78f753ce5c4edab6d2f8c3d0bfcd65e8fc638c448c7a0ddec9c4f0f9fc6236651c30a5eba1d092453c' - '13e3f21591cd0952d0c29e99998edad4a594225007d3fbb2486a92c235f85246b68030dfb5d5d427cfc82627f85d60dd561add8dcc5570e431706394c14145a0' - 'e253bc19cd306a7b435d507761f3534677136c448885e7b6bf92b5bb28e79e2aad794a0e0b0874828a75146cbeb8586df7ab052effafb8484747c4d4d43f89a4' - 'a8203472a924b720c9f4d8eb05976028cf3ca1e595fddee1801f7594c0bef00b1cd788410b5f8fa28ee2d6ebf1403b6052334f777c53fce0b8958e8e66931d98' - 'dfdd22d4cb803e7dd3fd3455689147c5441392001d8695993f5e7dcad02ff0b4846dd6c53a1fdb67134022ef77e6433c52d38cbbbaccb9d9d849acb8d19c854e' - 'b1eb6025017cb5d73d330e3bf304252c8ec4ae607350d358cc2a78ac765982dec6029b94e85966c34f015d50a39e639caf27c5907bc8dd1a36a5e1f9de206f7f') - -_replacesarchkernel=("${_replacesarchkernel[@]/\%/${pkgbase#linux-libre}}") -_replacesoldkernels=("${_replacesoldkernels[@]/\%/${pkgbase#linux-libre}}") -_replacesoldmodules=("${_replacesoldmodules[@]/\%/${pkgbase#linux-libre}}") - -case "$CARCH" in - i686|x86_64) KARCH=x86;; - armv7h) KARCH=arm;; -esac - -export KBUILD_BUILD_HOST=parabola -export KBUILD_BUILD_USER=$pkgbase -export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" - -prepare() { - cd $_srcname - - if [ "${_srcname##*-}" != "$pkgver" ]; then - echo "Applying upstream patch..." - patch -Np1 < "../patch-${_srcname##*-}-gnu-$pkgver-gnu" - fi - - echo "Adding freedo as boot logo..." - install -m644 -t drivers/video/logo \ - ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm} - - echo "Setting version..." - scripts/setlocalversion --save-scmversion - echo "-$pkgrel" > localversion.10-pkgrel - echo "${pkgbase#linux-libre}" > localversion.20-pkgname - - if [ "$CARCH" = "armv7h" ]; then - local src_armv7h - for src_armv7h in "${source_armv7h[@]}"; do - src_armv7h="${src_armv7h%%::*}" - src_armv7h="${src_armv7h##*/}" - [[ $src_armv7h = *.patch ]] || continue - echo "Applying patch $src_armv7h..." - patch -Np1 < "../$src_armv7h" - done - fi - - if [ "$CARCH" = "x86_64" ]; then - local src_x86_64 - for src_x86_64 in "${source_x86_64[@]}"; do - src_x86_64="${src_x86_64%%::*}" - src_x86_64="${src_x86_64##*/}" - [[ src_x86_64 = *.patch ]] || continue - echo "Applying patch $src_x86_64..." - patch -Np1 < "../$src_x86_64" - done - else - local src - for src in "${source[@]}"; do - src="${src%%::*}" - src="${src##*/}" - [[ $src = *.patch ]] || continue - echo "Applying patch $src..." - patch -Np1 < "../$src" - done - fi - - echo "Setting config..." - cp ../config.$CARCH .config - make olddefconfig - - make -s kernelrelease > version - echo "Prepared $pkgbase version $(<version)" -} - -build() { - cd $_srcname - make all - make htmldocs -} - -_package() { - pkgdesc="The $pkgdesc kernel and modules" - depends=(coreutils kmod initramfs) - optdepends=('crda: to set the correct wireless channels of your country' - 'linux-libre-firmware: firmware images needed for some devices' - 'apparmor: to configure and enable mandatory access control for programs' - 'tomoyo-tools: to manage tomoyo userspace tools') - optdepends_x86_64=('usbctl: deny_new_usb control') - provides=("${_replacesarchkernel[@]/%/=$pkgver}" "LINUX-ABI_VERSION=$pkgver") - conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") - replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") - - cd $_srcname - local kernver="$(<version)" - local modulesdir="$pkgdir/usr/lib/modules/$kernver" - - echo "Installing boot image..." - # systemd expects to find the kernel here to allow hibernation - # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 - install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" - - # Used by mkinitcpio to name the kernel - echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" - - echo "Installing modules..." - make INSTALL_MOD_PATH="$pkgdir/usr" modules_install - - # remove build and source links - rm "$modulesdir"/{source,build} - - if [ "$CARCH" = "armv7h" ]; then - echo "Installing device tree binaries..." - make INSTALL_DTBS_PATH="$pkgdir/boot/dtbs/$pkgbase" dtbs_install - - # armv7h presets only work with ALL_kver=$kernver - backup=("etc/mkinitcpio.d/$pkgbase.preset") - echo "Installing mkinitcpio preset..." - sed "s|%PKGBASE%|$pkgbase|g;s|%KERNVER%|$kernver|g" ../linux-armv7h.preset \ - | install -Dm644 /dev/stdin "$pkgdir/etc/mkinitcpio.d/$pkgbase.preset" - fi - - echo "Fixing permissions..." - chmod -Rc u=rwX,go=rX "$pkgdir" -} - -_package-headers() { - pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel" - provides=("${_replacesarchkernel[@]/%/-headers=$pkgver}") - conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") - replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") - - cd $_srcname - local builddir="$pkgdir/usr/lib/modules/$(<version)/build" - - echo "Installing build files..." - install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \ - localversion.* version vmlinux - install -Dt "$builddir/kernel" -m644 kernel/Makefile - install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile - if [[ $CARCH = i686 ]]; then - install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile_32.cpu - fi - cp -t "$builddir" -a scripts - - # add objtool for external module building and enabled VALIDATION_STACK option - if [[ -e tools/objtool/objtool ]]; then - install -Dt "$builddir/tools/objtool" tools/objtool/objtool - fi - - # add xfs and shmem for aufs building - mkdir -p "$builddir"/{fs/xfs,mm} - - echo "Installing headers..." - cp -t "$builddir" -a include - cp -t "$builddir/arch/$KARCH" -a arch/$KARCH/include - install -Dt "$builddir/arch/$KARCH/kernel" -m644 arch/$KARCH/kernel/asm-offsets.s - - install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h - install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h - - # http://bugs.archlinux.org/task/13146 - install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h - - # http://bugs.archlinux.org/task/20402 - install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h - install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h - install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h - - echo "Installing KConfig files..." - find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \; - - echo "Removing unneeded architectures..." - local arch - for arch in "$builddir"/arch/*/; do - [[ $arch = */$KARCH/ ]] && continue - echo "Removing $(basename "$arch")" - rm -r "$arch" - done - - echo "Removing documentation..." - rm -r "$builddir/Documentation" - - # Parabola changes - # - # since we don't want to diverge too much from Arch's PKGBUILD, we'll - # start marking our changes as such - if [ "$CARCH" = "armv7h" ]; then - for i in dove exynos omap2; do - mkdir -p "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/mach-$i" - cp -a arch/$KARCH/mach-$i/include "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/mach-$i/" - done - for i in omap orion samsung versatile; do - mkdir -p "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/plat-$i" - cp -a arch/$KARCH/plat-$i/include "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/plat-$i/" - done - fi - # end of Parabola changes - - echo "Removing broken symlinks..." - find -L "$builddir" -type l -printf 'Removing %P\n' -delete - - echo "Removing loose objects..." - find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete - - echo "Stripping build tools..." - local file - while read -rd '' file; do - case "$(file -bi "$file")" in - application/x-sharedlib\;*) # Libraries (.so) - strip -v $STRIP_SHARED "$file" ;; - application/x-archive\;*) # Libraries (.a) - strip -v $STRIP_STATIC "$file" ;; - application/x-executable\;*) # Binaries - strip -v $STRIP_BINARIES "$file" ;; - application/x-pie-executable\;*) # Relocatable binaries - strip -v $STRIP_SHARED "$file" ;; - esac - done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) - - echo "Adding symlink..." - mkdir -p "$pkgdir/usr/src" - ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" - - echo "Fixing permissions..." - chmod -Rc u=rwX,go=rX "$pkgdir" -} - -_package-docs() { - pkgdesc="Documentation for the $pkgdesc kernel" - provides=("${_replacesarchkernel[@]/%/-docs=$pkgver}") - conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") - replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") - - cd $_srcname - local builddir="$pkgdir/usr/lib/modules/$(<version)/build" - - echo "Installing documentation..." - local src dst - while read -rd '' src; do - dst="${src#Documentation/}" - dst="$builddir/Documentation/${dst#output/}" - install -Dm644 "$src" "$dst" - done < <(find Documentation -name '.*' -prune -o ! -type d -print0) - - echo "Adding symlink..." - mkdir -p "$pkgdir/usr/share/doc" - ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase" - - echo "Fixing permissions..." - chmod -Rc u=rwX,go=rX "$pkgdir" -} - -pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs") -for _p in "${pkgname[@]}"; do - eval "package_$_p() { - $(declare -f "_package${_p#$pkgbase}") - _package${_p#$pkgbase} - }" -done - -# vim:set ts=8 sts=2 sw=2 et: |