summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-grsec/PKGBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-grsec/PKGBUILD')
-rwxr-xr-xkernels/linux-libre-grsec/PKGBUILD399
1 files changed, 399 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD
new file mode 100755
index 000000000..c22a208d5
--- /dev/null
+++ b/kernels/linux-libre-grsec/PKGBUILD
@@ -0,0 +1,399 @@
+# Maintainer: Joakim Hernberg <jbh@alchemy.lu>
+# Contributor: Ray Rashif <schiv@archlinux.org>
+# Contributor: timbosa <tinny_tim@dodo.com.au>
+# Contributor: Tobias Powalowski <tpowa@archlinux.org>
+# Contributor: Thomas Baechler <thomas@archlinux.org>
+# Maintainer (Parabola): André Silva <emulatorman@lavabit.com>
+# Maintainer (Parabola): Márcio Silva <coadde@lavabit.com>
+
+pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel
+#pkgbase=linux-libre-custom # Build kernel with a different name
+_basekernel=3.6
+_sublevel=7
+_grsecver=2.9.1
+_timestamp=201211181105
+pkgver=${_basekernel}.${_sublevel}
+pkgrel=3
+_lxopkgver=${_basekernel}.7 # nearly always the same as pkgver
+arch=('i686' 'x86_64' 'mips64el')
+url="http://linux-libre.fsfla.org/"
+license=('GPL2')
+makedepends=('xmlto' 'docbook-xsl')
+options=('!strip')
+source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gnu/linux-libre-${_basekernel}-gnu.tar.xz"
+ "http://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver}-gnu/patch-${_basekernel}-gnu-${pkgver}-gnu.xz"
+ "http://grsecurity.net/test/grsecurity-$_grsecver-$pkgver-$_timestamp.patch"
+ # the main kernel config files
+ 'config.i686' 'config.x86_64'
+ # standard config files for mkinitcpio ramdisk
+ "${pkgbase}.preset"
+ 'Kbuild'
+ 'Kbuild.platforms'
+ 'boot-logo.patch'
+ 'change-default-console-loglevel.patch'
+ #'module-symbol-waiting-3.6.patch'
+ #'module-init-wait-3.6.patch'
+ #'irq_cfg_pointer-3.6.6.patch'
+ "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
+md5sums=('a2312edd0265b5b07bd4b50afae2b380'
+ 'a4e642180c7d757a642175fe32e4a264'
+ 'af1f2097a6e26d36801188193d3eb185'
+ '508ce60a46a36c65d847c4759ac5f6c7'
+ 'ec6b214e3744cc5fb38bcafb0c6218d6'
+ '5f66bed97a5c37e48eb2f71b2d354b9a'
+ '2967cecc3af9f954ccc822fd63dca6ff'
+ '8267264d9a8966e57fdacd1fa1fc65c4'
+ '86d3c12bdb77173617d2b9e170522ee0'
+ '9d3c56a4b999c8bfbd4018089a62f662'
+ #'670931649c60fcb3ef2e0119ed532bd4'
+ #'8a71abc4224f575008f974a099b5cf6f'
+ #'4909a0271af4e5f373136b382826717f'
+ '1dd80f353c705fef988346a8ef05d13f')
+if [ "$CARCH" != "mips64el" ]; then
+ # Don't use the Loongson-specific patches on non-mips64el arches.
+ unset source[${#source[@]}-1]
+ unset md5sums[${#md5sums[@]}-1]
+fi
+
+_kernelname=${pkgbase#linux-libre}
+_localversionname=-LIBRE-GRSEC
+
+build() {
+ cd "${srcdir}/linux-${_basekernel}"
+
+ if [ "${_basekernel}" != "${pkgver}" ]; then
+ patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu"
+ fi
+
+ # Add grsecurity patches
+ patch -Np1 -i ${srcdir}/grsecurity-${_grsecver}-${pkgver}-${_timestamp}.patch
+ rm localversion-grsec
+
+ # Add freedo as boot logo
+ patch -Np1 -i "${srcdir}/boot-logo.patch"
+
+ # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
+ # remove this when a Kconfig knob is made available by upstream
+ # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
+ patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch"
+
+# # fix module initialisation
+# # https://bugs.archlinux.org/task/32122
+# patch -Np1 -i "${srcdir}/module-symbol-waiting-3.6.patch"
+# patch -Np1 -i "${srcdir}/module-init-wait-3.6.patch"
+
+# # fix FS#32615 - Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt
+# patch -Np1 -i "${srcdir}/irq_cfg_pointer-3.6.6.patch"
+
+ if [ "$CARCH" == "mips64el" ]; then
+ sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile
+ sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \
+ < "${srcdir}/lxo-config.patch" > lxo-config.patch
+ msg2 "Adding loongson-community patches"
+ patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch
+ patch -Np0 -i lxo-config.patch
+
+# ensure N32, add localversion, remove uevent helper as per
+# https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README
+# and make USB storage support builtin (e.g. for booting from USB
+# disks without slowly loading an initramfs)
+ sed -ri \
+ -e "s|CONFIG_MIPS32_N32=.*|CONFIG_MIPS32_N32=y|g" \
+ -e "s|CONFIG_UEVENT_HELPER_PATH=.*|CONFIG_UEVENT_HELPER_PATH=\"\"|g" \
+ -e "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" \
+ -e "s;(CONFIG_USB(_COMMON|_EHCI_HCD|_OHCI_HCD|_STORAGE.*|_UAS)?)=.*;\1=y;g" \
+ ./.config
+ else
+ cat "${srcdir}/config.${CARCH}" > ./.config # simpler
+ fi
+
+ if [ "${_kernelname}" != "" ]; then
+ sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" ./.config
+ sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config
+ fi
+
+ # set extraversion to pkgrel
+ sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile
+
+ # don't run depmod on 'make install'. We'll do this ourselves in packaging
+ sed -i '2iexit 0' scripts/depmod.sh
+
+ # get kernel version
+ make prepare
+
+ # load configuration
+ # Configure the kernel. Replace the line below with one of your choice.
+ #make menuconfig # CLI menu for configuration
+ #make nconfig # new CLI menu for configuration
+ #make xconfig # X-based configuration
+ #make oldconfig # using old config from previous kernel version
+ # ... or manually edit .config
+
+ # rewrite configuration
+ yes "" | make config >/dev/null
+
+ # save configuration for later reuse
+ if [ "${CARCH}" = "x86_64" ]; then
+ cat .config > "${startdir}/config.x86_64.last"
+ else
+ cat .config > "${startdir}/config.i686.last"
+ fi
+
+ ####################
+ # stop here
+ # this is useful to configure the kernel
+ #msg "Stopping build"; return 1
+ ####################
+
+ # build!
+ if [ "$CARCH" == "mips64el" ]; then
+ # The build system passes it directly to linker, disable to avoid
+ # having unknown -Wl,... options.
+ export LDFLAGS=""
+ # bzImage is arch-specific and not supported on mips; vmlinux is
+ # useful for oprofile.
+ make ${MAKEFLAGS} LOCALVERSION= vmlinux vmlinuz modules
+ else
+ make ${MAKEFLAGS} LOCALVERSION= bzImage modules
+ fi
+}
+
+_package() {
+ pkgdesc="The ${pkgbase} kernel and modules with grsecurity/PaX patches"
+ [ "${pkgbase}" = "linux-libre" ] && groups=('base')
+ depends=('gradm' 'linux-libre-pax-flags' 'coreutils' 'linux-libre-firmware' 'kmod')
+ optdepends=('crda: to set the correct wireless channels of your country')
+ provides=("kernel26${_kernelname}=${pkgver}" "linux${_kernelname}=${pkgver}")
+ conflicts=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}")
+ replaces=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}")
+ backup=("etc/mkinitcpio.d/${pkgbase}.preset")
+ install=${pkgbase}.install
+ if [ "$CARCH" = "mips64el" ]; then
+ optdepends+=('mkinitcpio: to make the initramfs (needs reinstall of this package)')
+ conflicts+=('mkinitcpio<0.7')
+ else
+ depends+=('mkinitcpio>=0.7')
+ fi
+
+ cd "${srcdir}/linux-${_basekernel}"
+
+ KARCH=x86
+ [ $CARCH = "mips64el" ] && KARCH=mips
+
+ # get kernel version
+ _kernver="$(make LOCALVERSION= kernelrelease)"
+ _basekernel=${_kernver%%-*}
+ _basekernel=${_basekernel%.*}
+
+ mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot}
+ make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install
+
+ if [ "$CARCH" == "mips64el" ]; then
+ cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}"
+ cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}"
+ else
+ cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}"
+ fi
+
+ # add vmlinux
+ install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux"
+
+ # install fallback mkinitcpio.conf file and preset file for kernel
+ install -D -m644 "${srcdir}/${pkgbase}.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+
+ # set correct depmod command for install
+ sed \
+ -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \
+ -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \
+ -i "${startdir}/${pkgbase}.install"
+ sed \
+ -e "1s|'linux*.*'|'${pkgbase}'|" \
+ -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \
+ -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \
+ -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \
+ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+
+# mkinitcpio 0.7 relies on bzImage to find the kernel version
+ if [ "$CARCH" == "mips64el" ]; then
+ sed -e "s|ALL_kver=.*|ALL_kver=\"${_kernver}\"|" \
+ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+ fi
+
+ # remove build and source links
+ rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build}
+ # remove the firmware
+ rm -rf "${pkgdir}/lib/firmware"
+ # gzip -9 all modules to save 100MB of space
+ find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \;
+ # make room for external modules
+ ln -s "../extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" "${pkgdir}/lib/modules/${_kernver}/extramodules"
+ # add real version for building modules and running depmod from post_install/upgrade
+ mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}"
+ echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}/version"
+
+ # Now we call depmod...
+ depmod -b "$pkgdir" -F System.map "$_kernver"
+
+ # move module tree /lib -> /usr/lib
+ mv "$pkgdir/lib" "$pkgdir/usr"
+}
+
+_package-headers() {
+ pkgdesc="Header files and scripts for building modules for ${pkgbase} kernel"
+ provides=("kernel26${_kernelname}-headers=${pkgver}" "linux${_kernelname}-headers=${pkgver}")
+ conflicts=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers")
+ replaces=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers")
+
+ KARCH=x86
+ [ $CARCH = "mips64el" ] && KARCH=mips
+
+# In case of repackaging this is empty
+ if [ -z "${_kernver}" ]; then
+ cd "${srcdir}/linux-${_basekernel}"
+ _kernver="$(make LOCALVERSION= kernelrelease)"
+ fi
+
+ install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}"
+
+ cd "${pkgdir}/usr/lib/modules/${_kernver}"
+ ln -sf ../../../src/linux-${_kernver} build
+
+ cd "${srcdir}/linux-${_basekernel}"
+ install -D -m644 Makefile \
+ "${pkgdir}/usr/src/linux-${_kernver}/Makefile"
+ install -D -m644 kernel/Makefile \
+ "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile"
+ install -D -m644 .config \
+ "${pkgdir}/usr/src/linux-${_kernver}/.config"
+
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include"
+
+ for i in acpi asm-generic config crypto drm generated linux math-emu \
+ media mtd net pcmcia scsi sound trace video xen; do
+ cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/"
+ done
+
+ # copy arch includes for external modules
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}"
+ cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+
+ # copy files necessary for later builds
+ cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}"
+ cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}"
+
+ if [ "$CARCH" = "mips64el" ]; then
+ cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+ cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+ cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/"
+ fi
+
+ # fix permissions on scripts dir
+ chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions"
+
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel"
+
+ cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+
+ if [ "${CARCH}" = "i686" ]; then
+ cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/"
+ fi
+
+ cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/"
+
+ # add headers for lirc package
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video"
+
+ cp drivers/media/video/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video/"
+
+ for i in bt8xx cpia2 cx25840 cx88 em28xx pwc saa7134 sn9c102; do
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video/${i}"
+ cp -a drivers/media/video/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video/${i}"
+ done
+
+ # add docbook makefile
+ install -D -m644 Documentation/DocBook/Makefile \
+ "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile"
+
+ # add dm headers
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md"
+ cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md"
+
+ # add inotify.h
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux"
+ cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/"
+
+ # add wireless headers
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/"
+ cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/"
+
+ # add dvb headers for external modules
+ # in reference to:
+ # http://bugs.archlinux.org/task/9912
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-core"
+ cp drivers/media/dvb/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-core/"
+ # and...
+ # http://bugs.archlinux.org/task/11194
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/"
+ cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/"
+
+ # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new
+ # in reference to:
+ # http://bugs.archlinux.org/task/13146
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/"
+ cp drivers/media/dvb/frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/"
+ cp drivers/media/video/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/"
+
+ # add dvb headers
+ # in reference to:
+ # http://bugs.archlinux.org/task/20402
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-usb"
+ cp drivers/media/dvb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-usb/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends"
+ cp drivers/media/dvb/frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/common/tuners"
+ cp drivers/media/common/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/common/tuners/"
+
+ # add xfs and shmem for aufs building
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs"
+ mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm"
+ cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h"
+
+ # copy in Kconfig files
+ for i in `find . -name "Kconfig*"`; do
+ mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'`
+ cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}"
+ done
+
+ chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}"
+ find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \;
+
+ # strip scripts directory
+ find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
+ case "$(file -bi "${binary}")" in
+ *application/x-sharedlib*) # Libraries (.so)
+ /usr/bin/strip ${STRIP_SHARED} "${binary}";;
+ *application/x-archive*) # Libraries (.a)
+ /usr/bin/strip ${STRIP_STATIC} "${binary}";;
+ *application/x-executable*) # Binaries
+ /usr/bin/strip ${STRIP_BINARIES} "${binary}";;
+ esac
+ done
+
+ # remove unneeded architectures
+ rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arm,arm26,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa}
+ if [ "$CARCH" = "mips64el" ]; then
+ rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86
+ else
+ rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips
+ fi
+}
+
+pkgname=("${pkgbase}" "${pkgbase}-headers")
+for _p in ${pkgname[@]}; do
+ eval "package_${_p}() {
+ _package${_p#${pkgbase}}
+ }"
+done
+
+# vim:set ts=8 sts=2 sw=2 et: