diff options
Diffstat (limited to 'kernels/linux-libre-grsec/PKGBUILD')
-rwxr-xr-x | kernels/linux-libre-grsec/PKGBUILD | 399 |
1 files changed, 399 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec/PKGBUILD b/kernels/linux-libre-grsec/PKGBUILD new file mode 100755 index 000000000..23156be5d --- /dev/null +++ b/kernels/linux-libre-grsec/PKGBUILD @@ -0,0 +1,399 @@ +# Maintainer: Joakim Hernberg <jbh@alchemy.lu> +# Contributor: Ray Rashif <schiv@archlinux.org> +# Contributor: timbosa <tinny_tim@dodo.com.au> +# Contributor: Tobias Powalowski <tpowa@archlinux.org> +# Contributor: Thomas Baechler <thomas@archlinux.org> +# Maintainer (Parabola): André Silva <emulatorman@lavabit.com> +# Maintainer (Parabola): Márcio Silva <coadde@lavabit.com> + +pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel +#pkgbase=linux-libre-custom # Build kernel with a different name +_basekernel=3.6 +_sublevel=7 +_grsecver=2.9.1 +_timestamp=201211181105 +pkgver=${_basekernel}.${_sublevel} +pkgrel=3 +_lxopkgver=${_basekernel}.7 # nearly always the same as pkgver +arch=('i686' 'x86_64' 'mips64el') +url="http://linux-libre.fsfla.org/" +license=('GPL2') +makedepends=('xmlto' 'docbook-xsl') +options=('!strip') +source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gnu/linux-libre-${_basekernel}-gnu.tar.xz" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver}-gnu/patch-${_basekernel}-gnu-${pkgver}-gnu.xz" + "http://grsecurity.net/test/grsecurity-$_grsecver-$pkgver-$_timestamp.patch" + # the main kernel config files + 'config.i686' 'config.x86_64' + # standard config files for mkinitcpio ramdisk + "${pkgbase}.preset" + 'Kbuild' + 'Kbuild.platforms' + 'boot-logo.patch' + 'change-default-console-loglevel.patch' + 'module-symbol-waiting-3.6.patch' + 'module-init-wait-3.6.patch' + 'irq_cfg_pointer-3.6.6.patch' + "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") +md5sums=('a2312edd0265b5b07bd4b50afae2b380' + 'a4e642180c7d757a642175fe32e4a264' + '20cd3b6ed53047a633d1e2b1ba32973e' + '11161582d9050710ccfecbe077fc5a63' + 'ac8f20b0cd83acb9525b5557e1fafeaf' + '82496e68851d1960543a07ba51cdb44a' + '2967cecc3af9f954ccc822fd63dca6ff' + '8267264d9a8966e57fdacd1fa1fc65c4' + '04b21c79df0a952c22d681dd4f4562df' + '9d3c56a4b999c8bfbd4018089a62f662' + '670931649c60fcb3ef2e0119ed532bd4' + '8a71abc4224f575008f974a099b5cf6f' + '4909a0271af4e5f373136b382826717f' + '1dd80f353c705fef988346a8ef05d13f') +if [ "$CARCH" != "mips64el" ]; then + # Don't use the Loongson-specific patches on non-mips64el arches. + unset source[${#source[@]}-1] + unset md5sums[${#md5sums[@]}-1] +fi + +_kernelname=${pkgbase#linux-libre} +_localversionname=-LIBRE-GRSEC + +build() { + cd "${srcdir}/linux-${_basekernel}" + + if [ "${_basekernel}" != "${pkgver}" ]; then + patch -Np1 -i "${srcdir}/patch-${_basekernel}-gnu-${pkgver}-gnu" + fi + + # Add grsecurity patches + patch -Np1 -i ${srcdir}/grsecurity-${_grsecver}-${pkgver}-${_timestamp}.patch + rm localversion-grsec + + # Add freedo as boot logo + patch -Np1 -i "${srcdir}/boot-logo.patch" + + # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) + # remove this when a Kconfig knob is made available by upstream + # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) + patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" + + # fix module initialisation + # https://bugs.archlinux.org/task/32122 + patch -Np1 -i "${srcdir}/module-symbol-waiting-3.6.patch" + patch -Np1 -i "${srcdir}/module-init-wait-3.6.patch" + + # fix FS#32615 - Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt + patch -Np1 -i "${srcdir}/irq_cfg_pointer-3.6.6.patch" + + if [ "$CARCH" == "mips64el" ]; then + sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile + sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ + < "${srcdir}/lxo-config.patch" > lxo-config.patch + msg2 "Adding loongson-community patches" + patch -Np1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch + patch -Np0 -i lxo-config.patch + +# ensure N32, add localversion, remove uevent helper as per +# https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README +# and make USB storage support builtin (e.g. for booting from USB +# disks without slowly loading an initramfs) + sed -ri \ + -e "s|CONFIG_MIPS32_N32=.*|CONFIG_MIPS32_N32=y|g" \ + -e "s|CONFIG_UEVENT_HELPER_PATH=.*|CONFIG_UEVENT_HELPER_PATH=\"\"|g" \ + -e "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" \ + -e "s;(CONFIG_USB(_COMMON|_EHCI_HCD|_OHCI_HCD|_STORAGE.*|_UAS)?)=.*;\1=y;g" \ + ./.config + else + cat "${srcdir}/config.${CARCH}" > ./.config # simpler + fi + + if [ "${_kernelname}" != "" ]; then + sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" ./.config + sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config + fi + + # set extraversion to pkgrel + sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile + + # don't run depmod on 'make install'. We'll do this ourselves in packaging + sed -i '2iexit 0' scripts/depmod.sh + + # get kernel version + make prepare + + # load configuration + # Configure the kernel. Replace the line below with one of your choice. + #make menuconfig # CLI menu for configuration + #make nconfig # new CLI menu for configuration + #make xconfig # X-based configuration + #make oldconfig # using old config from previous kernel version + # ... or manually edit .config + + # rewrite configuration + yes "" | make config >/dev/null + + # save configuration for later reuse + if [ "${CARCH}" = "x86_64" ]; then + cat .config > "${startdir}/config.x86_64.last" + else + cat .config > "${startdir}/config.i686.last" + fi + + #################### + # stop here + # this is useful to configure the kernel + #msg "Stopping build"; return 1 + #################### + + # build! + if [ "$CARCH" == "mips64el" ]; then + # The build system passes it directly to linker, disable to avoid + # having unknown -Wl,... options. + export LDFLAGS="" + # bzImage is arch-specific and not supported on mips; vmlinux is + # useful for oprofile. + make ${MAKEFLAGS} LOCALVERSION= vmlinux vmlinuz modules + else + make ${MAKEFLAGS} LOCALVERSION= bzImage modules + fi +} + +_package() { + pkgdesc="The ${pkgbase} kernel and modules with grsecurity/PaX patches" + [ "${pkgbase}" = "linux-libre" ] && groups=('base') + depends=('gradm' 'linux-pax-flags' 'coreutils' 'linux-libre-firmware' 'kmod') + optdepends=('crda: to set the correct wireless channels of your country') + provides=("kernel26${_kernelname}=${pkgver}" "linux${_kernelname}=${pkgver}") + conflicts=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") + replaces=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") + backup=("etc/mkinitcpio.d/${pkgbase}.preset") + install=${pkgbase}.install + if [ "$CARCH" = "mips64el" ]; then + optdepends+=('mkinitcpio: to make the initramfs (needs reinstall of this package)') + conflicts+=('mkinitcpio<0.7') + else + depends+=('mkinitcpio>=0.7') + fi + + cd "${srcdir}/linux-${_basekernel}" + + KARCH=x86 + [ $CARCH = "mips64el" ] && KARCH=mips + + # get kernel version + _kernver="$(make LOCALVERSION= kernelrelease)" + _basekernel=${_kernver%%-*} + _basekernel=${_basekernel%.*} + + mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} + make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install + + if [ "$CARCH" == "mips64el" ]; then + cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}" + else + cp "arch/${KARCH}/boot/bzImage" "${pkgdir}/boot/vmlinuz-${pkgbase}" + fi + + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/src/linux-${_kernver}/vmlinux" + + # install fallback mkinitcpio.conf file and preset file for kernel + install -D -m644 "${srcdir}/${pkgbase}.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + + # set correct depmod command for install + sed \ + -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \ + -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ + -i "${startdir}/${pkgbase}.install" + sed \ + -e "1s|'linux*.*'|'${pkgbase}'|" \ + -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ + -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ + -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + +# mkinitcpio 0.7 relies on bzImage to find the kernel version + if [ "$CARCH" == "mips64el" ]; then + sed -e "s|ALL_kver=.*|ALL_kver=\"${_kernver}\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + fi + + # remove build and source links + rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} + # remove the firmware + rm -rf "${pkgdir}/lib/firmware" + # gzip -9 all modules to save 100MB of space + find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \; + # make room for external modules + ln -s "../extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" "${pkgdir}/lib/modules/${_kernver}/extramodules" + # add real version for building modules and running depmod from post_install/upgrade + mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" + echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}/version" + + # Now we call depmod... + depmod -b "$pkgdir" -F System.map "$_kernver" + + # move module tree /lib -> /usr/lib + mv "$pkgdir/lib" "$pkgdir/usr" +} + +_package-headers() { + pkgdesc="Header files and scripts for building modules for ${pkgbase} kernel" + provides=("kernel26${_kernelname}-headers=${pkgver}" "linux${_kernelname}-headers=${pkgver}") + conflicts=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers") + replaces=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers") + + KARCH=x86 + [ $CARCH = "mips64el" ] && KARCH=mips + +# In case of repackaging this is empty + if [ -z "${_kernver}" ]; then + cd "${srcdir}/linux-${_basekernel}" + _kernver="$(make LOCALVERSION= kernelrelease)" + fi + + install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" + + cd "${pkgdir}/usr/lib/modules/${_kernver}" + ln -sf ../../../src/linux-${_kernver} build + + cd "${srcdir}/linux-${_basekernel}" + install -D -m644 Makefile \ + "${pkgdir}/usr/src/linux-${_kernver}/Makefile" + install -D -m644 kernel/Makefile \ + "${pkgdir}/usr/src/linux-${_kernver}/kernel/Makefile" + install -D -m644 .config \ + "${pkgdir}/usr/src/linux-${_kernver}/.config" + + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" + + for i in acpi asm-generic config crypto drm generated linux math-emu \ + media mtd net pcmcia scsi sound trace video xen; do + cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" + done + + # copy arch includes for external modules + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}" + cp -a "arch/${KARCH}/include" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + + # copy files necessary for later builds + cp Module.symvers "${pkgdir}/usr/src/linux-${_kernver}" + cp -a scripts "${pkgdir}/usr/src/linux-${_kernver}" + + if [ "$CARCH" = "mips64el" ]; then + cp "arch/${KARCH}/Kbuild" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp -a "arch/${KARCH}/loongson" "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + cp "${srcdir}/Kbuild.platforms" "${pkgdir}/usr/src/linux-${_kernver}/arch/$KARCH/" + fi + + # fix permissions on scripts dir + chmod og-w -R "${pkgdir}/usr/src/linux-${_kernver}/scripts" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/.tmp_versions" + + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel" + + cp arch/${KARCH}/Makefile "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + + if [ "${CARCH}" = "i686" ]; then + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/" + fi + + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/src/linux-${_kernver}/arch/${KARCH}/kernel/" + + # add headers for lirc package + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video" + + cp drivers/media/video/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video/" + + for i in bt8xx cpia2 cx25840 cx88 em28xx pwc saa7134 sn9c102; do + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video/${i}" + cp -a drivers/media/video/${i}/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/video/${i}" + done + + # add docbook makefile + install -D -m644 Documentation/DocBook/Makefile \ + "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile" + + # add dm headers + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/md" + + # add inotify.h + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/src/linux-${_kernver}/include/linux/" + + # add wireless headers + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/src/linux-${_kernver}/net/mac80211/" + + # add dvb headers for external modules + # in reference to: + # http://bugs.archlinux.org/task/9912 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-core" + cp drivers/media/dvb/dvb-core/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-core/" + # and... + # http://bugs.archlinux.org/task/11194 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/src/linux-${_kernver}/include/config/dvb/" + + # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new + # in reference to: + # http://bugs.archlinux.org/task/13146 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/" + cp drivers/media/dvb/frontends/lgdt330x.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/" + cp drivers/media/video/msp3400-driver.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/" + + # add dvb headers + # in reference to: + # http://bugs.archlinux.org/task/20402 + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-usb" + cp drivers/media/dvb/dvb-usb/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/dvb-usb/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends" + cp drivers/media/dvb/frontends/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/dvb/frontends/" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/common/tuners" + cp drivers/media/common/tuners/*.h "${pkgdir}/usr/src/linux-${_kernver}/drivers/media/common/tuners/" + + # add xfs and shmem for aufs building + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs" + mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/mm" + cp fs/xfs/xfs_sb.h "${pkgdir}/usr/src/linux-${_kernver}/fs/xfs/xfs_sb.h" + + # copy in Kconfig files + for i in `find . -name "Kconfig*"`; do + mkdir -p "${pkgdir}"/usr/src/linux-${_kernver}/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/src/linux-${_kernver}/${i}" + done + + chown -R root.root "${pkgdir}/usr/src/linux-${_kernver}" + find "${pkgdir}/usr/src/linux-${_kernver}" -type d -exec chmod 755 {} \; + + # strip scripts directory + find "${pkgdir}/usr/src/linux-${_kernver}/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + case "$(file -bi "${binary}")" in + *application/x-sharedlib*) # Libraries (.so) + /usr/bin/strip ${STRIP_SHARED} "${binary}";; + *application/x-archive*) # Libraries (.a) + /usr/bin/strip ${STRIP_STATIC} "${binary}";; + *application/x-executable*) # Binaries + /usr/bin/strip ${STRIP_BINARIES} "${binary}";; + esac + done + + # remove unneeded architectures + rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arm,arm26,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} + if [ "$CARCH" = "mips64el" ]; then + rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86 + else + rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/mips + fi +} + +pkgname=("${pkgbase}" "${pkgbase}-headers") +for _p in ${pkgname[@]}; do + eval "package_${_p}() { + _package${_p#${pkgbase}} + }" +done + +# vim:set ts=8 sts=2 sw=2 et: |