diff options
Diffstat (limited to 'kernels/linux-libre-grsec/PKGBUILD')
-rw-r--r-- | kernels/linux-libre-grsec/PKGBUILD | 444 |
1 files changed, 444 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD new file mode 100644 index 000000000..a13d09dd5 --- /dev/null +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -0,0 +1,444 @@ +# $Id: PKGBUILD 202239 2013-12-20 19:15:03Z tpowa $ +# Maintainer: Tobias Powalowski <tpowa@archlinux.org> +# Maintainer: Thomas Baechler <thomas@archlinux.org> +# Maintainer (Parabola): André Silva <emulatorman@parabola.nu> +# Contributor (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar> +# Contributor (Parabola): Sorin-Mihai Vârgolici <smv@yobicore.org> +# Contributor (Parabola): Michał Masłowski <mtjm@mtjm.eu> +# Contributor (Parabola): Márcio Silva <coadde@parabola.nu> + +pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel +#pkgbase=linux-libre-custom # Build kernel with a different name +_basekernel=3.12 +_sublevel=6 +_grsecver=3.0 +_timestamp=201401021726 +pkgver=${_basekernel}.${_sublevel} +pkgrel=1 +_lxopkgver=${_basekernel}.6 # nearly always the same as pkgver +arch=('i686' 'x86_64' 'mips64el') +url="http://linux-libre.fsfla.org/" +license=('GPL2') +makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') +options=('!strip') +source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gnu/linux-libre-${_basekernel}-gnu.tar.xz" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver}-gnu/patch-${_basekernel}-gnu-${pkgver}-gnu.xz" + "http://grsecurity.net/test/grsecurity-${_grsecver}-${pkgver}-${_timestamp}.patch" + # the main kernel config files + 'config.i686' 'config.x86_64' + # standard config files for mkinitcpio ramdisk + "${pkgbase}.preset" + 'Kbuild' + 'Kbuild.platforms' + 'boot-logo.patch' + 'change-default-console-loglevel.patch' + 'criu-no-expert.patch' + 'module-blacklist.conf' + 'sysctl.conf' + 'known-exploit-detection.patch' + "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") +md5sums=('254f59707b6676b59ce5ca5c3c698319' + '4b18ce60daff87504e6740670edf6b50' + 'c07003578d875828e730c5d3a903616b' + '178c1df5bf88e78df7d8629c78cb3b2c' + '8fc653f7adbfcc6de676cbd5ba659517' + '5f66bed97a5c37e48eb2f71b2d354b9a' + '2967cecc3af9f954ccc822fd63dca6ff' + '8267264d9a8966e57fdacd1fa1fc65c4' + '14bb375a8a1d86d2875f72fcbaa03f3e' + '0892ce6045478bea4a005a6d82c0819e' + 'b5509f6c3889a1b32f2e1f90ee2508f1' + 'f93ef6157fbb23820bd5ae08fd3f451e' + '0db7629711f4ed76bd1f9da9f97bc4ea' + '34f7e421a25ebc3c1406e04db56accfa' + '71bbddd5f9799aa045660d92baa05845') +if [ "$CARCH" != "mips64el" ]; then + # don't use the Loongson-specific patches on non-mips64el arches. + unset source[${#source[@]}-1] + unset md5sums[${#md5sums[@]}-1] +fi + +_kernelname=${pkgbase#linux-libre} +_localversionname=-LIBRE-GRSEC + +prepare() { + cd "${srcdir}/linux-${_basekernel}" + + if [ "${_basekernel}" != "${pkgver}" ]; then + patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" + fi + + # add grsecurity patches + patch -Np1 -i "${srcdir}/grsecurity-${_grsecver}-${pkgver}-${_timestamp}.patch" + + # add freedo as boot logo + patch -Np1 -i "${srcdir}/boot-logo.patch" + + # fix issue on Hal8188EFWImg_CE.c deblobbed file + sed -i "\|DEBLOBBED| s|,||" drivers/staging/rtl8188eu/hal/Hal8188EFWImg_CE.c + + # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) + # remove this when a Kconfig knob is made available by upstream + # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) + patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" + + # allow criu without expert option set + # patch from fedora + patch -Np1 -i "${srcdir}/criu-no-expert.patch" + + # add known exploit detection patch + # http://lkml.org/lkml/2013/12/12/358 + patch -Np1 -i "${srcdir}/known-exploit-detection.patch" + + if [ "$CARCH" == "mips64el" ]; then + sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile + sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ + < "${srcdir}/lxo-config.patch" > lxo-config.patch + msg2 "Adding loongson-community patches" + patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch + patch -Np0 -i lxo-config.patch + + # ensure N32, add localversion, remove uevent helper as per + # https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README + # and make USB storage support builtin (e.g. for booting from USB + # disks without slowly loading an initramfs) + sed -ri \ + -e "s|CONFIG_MIPS32_N32=.*|CONFIG_MIPS32_N32=y|g" \ + -e "s|CONFIG_UEVENT_HELPER_PATH=.*|CONFIG_UEVENT_HELPER_PATH=\"\"|g" \ + -e "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" \ + -e "s;(CONFIG_USB(_COMMON|_EHCI_HCD|_OHCI_HCD|_STORAGE.*|_UAS)?)=.*;\1=y;g" \ + ./.config + else + cat "${srcdir}/config.${CARCH}" > ./.config # simpler + fi + + if [ "${_kernelname}" != "" ]; then + sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" ./.config + sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config + fi + + # set extraversion to pkgrel + sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile + + # don't run depmod on 'make install'. We'll do this ourselves in packaging + sed -i '2iexit 0' scripts/depmod.sh +} + +build() { + cd "${srcdir}/linux-${_basekernel}" + + # get kernel version + make prepare + + # load configuration + # Configure the kernel. Replace the line below with one of your choice. + #make menuconfig # CLI menu for configuration + #make nconfig # new CLI menu for configuration + #make xconfig # X-based configuration + #make oldconfig # using old config from previous kernel version + # ... or manually edit .config + + # rewrite configuration + yes "" | make config >/dev/null + + # save configuration for later reuse + if [ "${CARCH}" = "x86_64" ]; then + cat .config > "${startdir}/config.x86_64.last" + else + cat .config > "${startdir}/config.i686.last" + fi + + #################### + # stop here + # this is useful to configure the kernel + #msg "Stopping build"; return 1 + #################### + + # build! + if [ "$CARCH" == "mips64el" ]; then + # The build system passes it directly to linker, disable to avoid + # having unknown -Wl,... options. + export LDFLAGS="" + # bzImage is arch-specific and not supported on mips; vmlinux is + # useful for oprofile. + make ${MAKEFLAGS} LOCALVERSION= vmlinux vmlinuz modules + else + make ${MAKEFLAGS} LOCALVERSION= bzImage modules + fi +} + +_package() { + pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX support" + [ "${pkgbase}" = "linux-libre" ] && groups=('base') + depends=('coreutils' 'linux-libre-firmware' 'kmod' 'gradm' 'pax-flags-libre') + optdepends=('crda: to set the correct wireless channels of your country') + provides=("kernel26${_kernelname}=${pkgver}" "linux${_kernelname}=${pkgver}") + conflicts=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") + replaces=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") + backup=("etc/mkinitcpio.d/${pkgbase}.preset" + "etc/modprobe.d/dma.conf" + "etc/sysctl.d/05-grsecurity.conf") + install=${pkgbase}.install + if [ "$CARCH" = "mips64el" ]; then + optdepends+=('mkinitcpio: to make the initramfs (needs reinstall of this package)') + conflicts+=('mkinitcpio<0.7') + else + depends+=('mkinitcpio>=0.7') + fi + + cd "${srcdir}/linux-${_basekernel}" + + KARCH=x86 + [ $CARCH = "mips64el" ] && KARCH=mips + + # get kernel version + _kernver="$(make LOCALVERSION= kernelrelease)" + _basekernel=${_kernver%%-*} + _basekernel=${_basekernel%.*} + + mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} + make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install + + if [ "$CARCH" == "mips64el" ]; then + cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}" + else + cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}" + fi + + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux" + + # set correct depmod command for install + cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" + true && install=${install}.pkg + sed \ + -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \ + -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ + -i "${startdir}/${install}" + + # install mkinitcpio preset file for kernel + install -D -m644 "${srcdir}/${pkgbase}.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + sed \ + -e "1s|'linux*.*'|'${pkgbase}'|" \ + -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ + -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ + -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + + # mkinitcpio 0.7 relies on bzImage to find the kernel version + if [ "$CARCH" == "mips64el" ]; then + sed -e "s|ALL_kver=.*|ALL_kver=\"${_kernver}\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + fi + + # remove build and source links + rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} + # remove the firmware + rm -rf "${pkgdir}/lib/firmware" + # gzip -9 all modules to save 100MB of space + find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \; + # make room for external modules + ln -s "../extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" "${pkgdir}/lib/modules/${_kernver}/extramodules" + # add real version for building modules and running depmod from post_install/upgrade + mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" + echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}/version" + + # Now we call depmod... + depmod -b "$pkgdir" -F System.map "$_kernver" + + # move module tree /lib -> /usr/lib + mv "$pkgdir/lib" "$pkgdir/usr" + + # copy sysctl configuration + install -Dm600 "$srcdir/sysctl.conf" "$pkgdir/etc/sysctl.d/05-grsecurity.conf" + + # copy kernel module blacklist + install -Dm600 "$srcdir/module-blacklist.conf" "$pkgdir/etc/modprobe.d/dma.conf" +} + +_package-headers() { + pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" + provides=("kernel26${_kernelname}-headers=${pkgver}" "linux${_kernelname}-headers=${pkgver}") + conflicts=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers") + replaces=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers") + + KARCH=x86 + [ $CARCH = "mips64el" ] && KARCH=mips + + # in case of repackaging this is empty + if [ -z "${_kernver}" ]; then + cd "${srcdir}/linux-${_basekernel}" + _kernver="$(make LOCALVERSION= kernelrelease)" + fi + + install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" + + cd "${pkgdir}/usr/lib/modules/${_kernver}" + ln -sf ../../../src/linux-${_kernver} build + + cd "${srcdir}/linux-${_basekernel}" + install -D -m644 Makefile \ + "${pkgdir}/usr/src/linux-${_kernver}/Makefile" + install -D -m644 kernel/Makefile \ + "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile" + install -D -m644 .config \ + "${pkgdir}/usr/src/linux-${_kernver}/.config" + + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" + + for i in acpi asm-generic config crypto drm generated keys linux math-emu \ + media net pcmcia scsi sound trace uapi video xen; do + cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" + done + + # copy arch includes for external modules + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}" + cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + + # copy files necessary for later builds + cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}" + cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}" + + if [ "$CARCH" = "mips64el" ]; then + cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/" + fi + + # fix permissions on scripts dir + chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions" + + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel" + + cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + + if [ "${CARCH}" = "i686" ]; then + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + fi + + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/" + + # add headers for lirc package + # pci + for i in bt8xx cx88 saa7134; do + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" + cp -a drivers/media/pci/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/pci/${i}" + done + # usb + for i in cpia2 em28xx pwc sn9c102; do + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" + cp -a drivers/media/usb/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/${i}" + done + # i2c + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c" + cp drivers/media/i2c/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" + for i in cx25840; do + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" + cp -a drivers/media/i2c/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/${i}" + done + + # add docbook makefile + install -D -m644 Documentation/DocBook/Makefile \ + "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" + + # add dm headers + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + + # add inotify.h + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/" + + # add wireless headers + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + + # add dvb headers for external modules + # in reference to: + # http://bugs.archlinux.org/task/9912 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-core/" + # and... + # http://bugs.archlinux.org/task/11194 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + + # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new + # in reference to: + # http://bugs.archlinux.org/task/13146 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/i2c/" + + # add dvb headers + # in reference to: + # http://bugs.archlinux.org/task/20402 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/tuners/" + + # add xfs and shmem for aufs building + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm" + cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h" + + # copy in Kconfig files + for i in `find . -name "Kconfig*"`; do + mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}" + done + + chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}" + find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \; + + # strip scripts directory + find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + case "$(file -bi "${binary}")" in + *application/x-sharedlib*) # Libraries (.so) + /usr/bin/strip ${STRIP_SHARED} "${binary}";; + *application/x-archive*) # Libraries (.a) + /usr/bin/strip ${STRIP_STATIC} "${binary}";; + *application/x-executable*) # Binaries + /usr/bin/strip ${STRIP_BINARIES} "${binary}";; + esac + done + + # remove unneeded architectures + rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} + if [ "$CARCH" = "mips64el" ]; then + rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86 + else + rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips + fi +} + +_package-docs() { + pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" + provides=("kernel26${_kernelname}-docs=${pkgver}" "linux${_kernelname}-docs=${pkgver}") + conflicts=("kernel26${_kernelname}-docs" "kernel26-libre${_kernelname}-docs" "linux${_kernelname}-docs") + replaces=("kernel26${_kernelname}-docs" "kernel26-libre${_kernelname}-docs" "linux${_kernelname}-docs") + + cd "${srcdir}/linux-${_basekernel}" + + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}" + cp -al Documentation "${pkgdir}/usr/src/linux-${_kernver}" + find "${pkgdir}" -type f -exec chmod 444 {} \; + find "${pkgdir}" -type d -exec chmod 755 {} \; + + # remove a file already in linux package + rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" +} + +pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") +for _p in ${pkgname[@]}; do + eval "package_${_p}() { + _package${_p#${pkgbase}} + }" +done + +# vim:set ts=8 sts=2 sw=2 et: |