diff options
Diffstat (limited to 'kernels/linux-libre-rt')
-rw-r--r-- | kernels/linux-libre-rt/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch (renamed from kernels/linux-libre-rt/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch) | 69 | ||||
-rw-r--r-- | kernels/linux-libre-rt/60-linux.hook | 12 | ||||
-rw-r--r-- | kernels/linux-libre-rt/90-linux.hook | 11 | ||||
-rw-r--r-- | kernels/linux-libre-rt/PKGBUILD | 488 | ||||
-rw-r--r-- | kernels/linux-libre-rt/linux-armv7h.preset (renamed from kernels/linux-libre-rt/linux.preset) | 2 | ||||
-rw-r--r-- | kernels/linux-libre-rt/linux.install | 12 |
6 files changed, 279 insertions, 315 deletions
diff --git a/kernels/linux-libre-rt/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/kernels/linux-libre-rt/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 22e12e4b0..f93022e50 100644 --- a/kernels/linux-libre-rt/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/kernels/linux-libre-rt/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,22 +1,49 @@ -From 1ce3e84fdf0b56f477d30acdc8797dedd7330e37 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@canonical.com> -Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default +From 6136ffb3d88e9f044260f8288d2d0a1edd64379e Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Mon, 16 Sep 2019 04:53:20 +0200 +Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged + CLONE_NEWUSER -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -[bwh: Remove unneeded binary sysctl bits] -Signed-off-by: Daniel Micay <danielmicay@gmail.com> +Our default behavior continues to match the vanilla kernel. --- + init/Kconfig | 16 ++++++++++++++++ kernel/fork.c | 15 +++++++++++++++ kernel/sysctl.c | 12 ++++++++++++ - kernel/user_namespace.c | 3 +++ - 3 files changed, 30 insertions(+) + kernel/user_namespace.c | 7 +++++++ + 4 files changed, 50 insertions(+) +diff --git a/init/Kconfig b/init/Kconfig +index bd7d650d4a99..658f9c052151 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1091,6 +1091,22 @@ config USER_NS + + If unsure, say N. + ++config USER_NS_UNPRIVILEGED ++ bool "Allow unprivileged users to create namespaces" ++ default y ++ depends on USER_NS ++ help ++ When disabled, unprivileged users will not be able to create ++ new namespaces. Allowing users to create their own namespaces ++ has been part of several recent local privilege escalation ++ exploits, so if you need user namespaces but are ++ paranoid^Wsecurity-conscious you want to disable this. ++ ++ This setting can be overridden at runtime via the ++ kernel.unprivileged_userns_clone sysctl. ++ ++ If unsure, say Y. ++ + config PID_NS + bool "PID Namespaces" + default y diff --git a/kernel/fork.c b/kernel/fork.c -index f0b58479534f..8b2d927125c5 100644 +index 541fd805fb88..ffd57c812153 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -103,6 +103,11 @@ +@@ -106,6 +106,11 @@ #define CREATE_TRACE_POINTS #include <trace/events/task.h> @@ -28,7 +55,7 @@ index f0b58479534f..8b2d927125c5 100644 /* * Minimum number of threads to boot the kernel -@@ -1649,6 +1654,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1788,6 +1793,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -39,7 +66,7 @@ index f0b58479534f..8b2d927125c5 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2467,6 +2476,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2819,6 +2828,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -53,10 +80,10 @@ index f0b58479534f..8b2d927125c5 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index cc02050fd0c4..ce2ad2b92897 100644 +index 078950d9605b..baead3605bbe 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c -@@ -105,6 +105,9 @@ extern int core_uses_pid; +@@ -110,6 +110,9 @@ extern int core_uses_pid; extern char core_pattern[]; extern unsigned int core_pipe_limit; #endif @@ -66,7 +93,7 @@ index cc02050fd0c4..ce2ad2b92897 100644 extern int pid_max; extern int pid_max_min, pid_max_max; extern int percpu_pagelist_fraction; -@@ -514,6 +517,15 @@ static struct ctl_table kern_table[] = { +@@ -545,6 +548,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif @@ -83,19 +110,23 @@ index cc02050fd0c4..ce2ad2b92897 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 923414a246e9..6b9dbc257e34 100644 +index 8eadadc478f9..c36ecd19562c 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -26,6 +26,9 @@ +@@ -21,6 +21,13 @@ #include <linux/bsearch.h> #include <linux/sort.h> +/* sysctl */ ++#ifdef CONFIG_USER_NS_UNPRIVILEGED ++int unprivileged_userns_clone = 1; ++#else +int unprivileged_userns_clone; ++#endif + static struct kmem_cache *user_ns_cachep __read_mostly; static DEFINE_MUTEX(userns_state_mutex); -- -2.19.1 +2.23.0 diff --git a/kernels/linux-libre-rt/60-linux.hook b/kernels/linux-libre-rt/60-linux.hook deleted file mode 100644 index b33873c85..000000000 --- a/kernels/linux-libre-rt/60-linux.hook +++ /dev/null @@ -1,12 +0,0 @@ -[Trigger] -Type = File -Operation = Install -Operation = Upgrade -Operation = Remove -Target = usr/lib/modules/%KERNVER%/* -Target = usr/lib/modules/%EXTRAMODULES%/* - -[Action] -Description = Updating %PKGBASE% module dependencies... -When = PostTransaction -Exec = /usr/bin/depmod %KERNVER% diff --git a/kernels/linux-libre-rt/90-linux.hook b/kernels/linux-libre-rt/90-linux.hook deleted file mode 100644 index be0d88653..000000000 --- a/kernels/linux-libre-rt/90-linux.hook +++ /dev/null @@ -1,11 +0,0 @@ -[Trigger] -Type = File -Operation = Install -Operation = Upgrade -Target = boot/vmlinuz-%PKGBASE% -Target = usr/lib/initcpio/* - -[Action] -Description = Updating %PKGBASE% initcpios... -When = PostTransaction -Exec = /usr/bin/mkinitcpio -p %PKGBASE% diff --git a/kernels/linux-libre-rt/PKGBUILD b/kernels/linux-libre-rt/PKGBUILD index 7cb4b95f8..d82adc551 100644 --- a/kernels/linux-libre-rt/PKGBUILD +++ b/kernels/linux-libre-rt/PKGBUILD @@ -1,46 +1,57 @@ # Maintainer: David P. <megver83@parabola.nu> # Contributor: André Silva <emulatorman@hyperbola.info> # Contributor: Márcio Silva <coadde@hyperbola.info> -# Contributor: fauno <fauno@parabola.nu> -# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org> -# Contributor: Michał Masłowski <mtjm@mtjm.eu> -# Contributor: Luke R. <g4jc@openmailbox.org> -# Contributor: Andreas Grapentin <andreas@grapentin.org> -# Based on linux-rt package +_replacesarchkernel=('linux%') # '%' gets replaced with kernel suffix +_replacesoldkernels=() # '%' gets replaced with kernel suffix +_replacesoldmodules=() # '%' gets replaced with kernel suffix pkgbase=linux-libre-rt _srcbasever=4.19-gnu _srcver=4.19.72-gnu -_rtbasever=4.19 -_rtpatchver=rt25 - -_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname -_replacesoldkernels=() # '%' gets replaced with _kernelname -_replacesoldmodules=() # '%' gets replaced with _kernelname - +_rtpatchver=26 _srcname=linux-${_srcbasever%-*} -_archpkgver=${_srcver%-*}_${_rtpatchver} -pkgver=${_srcver//-/_}.${_rtpatchver} +pkgver=${_srcver//-/.${_rtpatchver}_} pkgrel=1 rcnver=4.19.72 -rcnrel=armv7-x39 -arch=('x86_64' 'i686' 'armv7h') +rcnrel=armv7-x40 url='https://linux-libre.fsfla.org/' -license=('GPL2') -makedepends=('xmlto' 'kmod' 'inetutils' 'bc' 'libelf') +arch=(i686 x86_64 armv7h) +license=(GPL2) +makedepends=( + xmlto kmod inetutils bc libelf + python-sphinx python-sphinx_rtd_theme graphviz imagemagick +) options=('!strip') source=( "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcbasever}/linux-libre-${_srcbasever}.tar.xz"{,.sign} "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcver}/patch-${_srcbasever}-${_srcver}.xz"{,.sign} - "https://www.kernel.org/pub/linux/kernel/projects/rt/${_rtbasever}/older/patch-${_srcver%-*}-${_rtpatchver}.patch"{.xz,.sign} + "https://www.kernel.org/pub/linux/kernel/projects/rt/${_srcbasever%-*}/older/patch-${_srcver%-*}-rt${_rtpatchver}.patch"{.xz,.sign} "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig} config.i686 config.x86_64 config.armv7h # the main kernel config files - 60-linux.hook # pacman hook for depmod - 90-linux.hook # pacman hook for initramfs regeneration - linux.preset # standard config files for mkinitcpio ramdisk - # armv7h patches - "https://repo.parabola.nu/other/rcn-libre/patches/${rcnver}/rcn-libre-${rcnver}-${rcnrel}.patch"{,.sig} + linux-armv7h.preset # armv7h preset file for mkinitcpio ramdisk + + # maintain the TTY over USB disconnects + # http://www.coreboot.org/EHCI_Gadget_Debug + 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch + # fix Atmel maXTouch touchscreen support + # https://labs.parabola.nu/issues/877 + # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html + 0002-fix-Atmel-maXTouch-touchscreen-support.patch + + # Arch's custom linux patches + 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +) +source_armv7h=( + # armv7h patches, put in the source_armv7h variable just for a more comfortable loop patching + + # RCN patch (CM3 firmware deblobbed and AUFS/WireGuard removed) + # Note: For stability reasons, AUFS has been removed in the RCN patch. + # We are supporting AUFS in linux-libre-pck through PCK patch. + # See https://wiki.parabola.nu/PCK for further details. + "https://repo.parabola.nu/other/rcn-libre/patches/${rcnver}/rcn-libre-${rcnver}-$rcnrel.patch"{,.sig} + + # Arch Linux ARM patches 0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch 0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch 0003-SMILE-Plug-device-tree-file.patch @@ -50,10 +61,6 @@ source=( 0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch 0008-ARM-dove-enable-ethernet-on-D3Plug.patch 0009-usb-dwc2-disable-power_down-on-rockchip-devices.patch - # other patches - 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch - 0002-fix-Atmel-maXTouch-touchscreen-support.patch - 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch ) validpgpkeys=( '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva @@ -65,7 +72,7 @@ sha512sums=('5bc800b3beff43a8c15bd5515f4e0babe2beb5fa600491b7b37110e22d9b739d293 'SKIP' 'c126131bd561b1ca5515dc7e1c182c41a567639054b097213b3ad3424a092fe4a2e7f7e337df67e5dfb5b7f17a577e1d555c2dc16e09f56c26af934be5d80f36' 'SKIP' - '5bca5ec414f8ec0a3ee58e2239d3c0f912ba5cfabbb4fb4f575b6a141725891fd8b533ba17d2d2dde9fa4e5a6654cae4e7a21184198ef672c0d7530af6eac036' + 'edf8ed9863abb7191df36736401b2ef92c91d82a5fe40f7da4b38fb73869b2ec3efe3bc5652ff7197bc5106ee03befcf7d71450568893e1b74acc1af1c5b5b26' 'SKIP' '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' 'SKIP' @@ -76,315 +83,276 @@ sha512sums=('5bc800b3beff43a8c15bd5515f4e0babe2beb5fa600491b7b37110e22d9b739d293 '07ac55667886190a69ce82d5d84fac0d21349ea1b75f2da8ff9045b207e9ac48813f9fe19c23ceb3d964e5d36bd0911029c1b1e8bc7f9805324f65c77e89da5d' '19321e4ace9bd939ba225fdd1d70cffdf69aaa4c56da45528afed057a4104d8460052ec72d4794c9eb90f31b5cb70ed3447cc404fb4640a68bc9a8959450fd56' '93c326dd7b5ca3f9808050928aeccc0c6335ac831d16abf8041b51370c7174d1add67d04443ca505561dbe62962b24b1c29b9b458b8ae627d3438f4961d083cb' - '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a' - '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' - '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' - 'c08532b4246ef2f4c25a5b3358ceb5dbf294fadd7ede5711de92d6f9d8fae5ab0238e0d902c821c7cdcee39332db229f6df943b27fe63e66a96bac296808c174' - 'SKIP' - '60aa432465eb3ac10f565799d3dfecea21aaf08e83909c1161d9359e932626edbd1353e712d616c3d785c65a0f699e9c45df35bd9e86365c25399c6b2d45b9e4' - '86809feb5ae2759b449ec0cb7a6b3fb457874ed82a72dfda00607e8819c804a0714b5d6a17cbbba44996a36872224af42d1b85f1b3932f43bccb419041d25dc7' - '746acff348d62b3ed4e62cd9976ddf0af47f87bd3cffda90cbb00a6b57d589ccb681fcd9541ee5bdd179d95dad71d57c77cb1a60faee1c6cef518e4055c3456f' - 'c945e871fa456b521ced77cae9081bcdc47d836ecdabe6766e373681fe11fda3e5a7a3c16f70c586be64a1eb5c9136c43b0a44df897298940fd8703b50b0a543' - '054e98a2d1ea83cece1fe55ae087b282f25593022f252c74612d4aeb2a547f84ea626e3d982098ca798271af55f3b733ac2aea2fc0d9cad031802d2901dfe4ca' - '4433f9e780a72347313916c8a9cbcbce3a8c40e1b299e887dc748d257879fb5fab8f1683936339f73a4d4b4ef668b1ed6cc0d9a19ed4bd99039a1613ac08610e' - 'd1361d23ae79599e3fa94cba206bd40764f9eee0c584e639af13828dabb7f0dfa361792c098b5afae0bb350407b2dc47a1d67580daeade7a4f3e3e55e42c8470' - 'c1653f91067d31801a23450175e47968add147477caf20aec6092831739641312f4ad995af43c7e55545007279016b5f62a0720d31e4591b4421a65b8bd5b398' - 'a123747792417d3760ca40d7f913c2cdd194da2ea5778352eedebc80097b7b8dce4428a8fe8bd75cab92972f599c25bcf18a740856fc2990351234b0d7ebf9f5' + 'aca591b5a2e838754e3c5fd2c0e50098ad54c2d0f990de5bf9cff8608e881daf0e37132294ed1a0e0a7b9e1c194c0b89f95da001d94febdb25a01c409060e3ac' '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af' 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168' - 'ba561ef861c56002de25ec6f63211e758f3d26eaa7ff0e4a16ffd096d5fe7019d9df343658adc0535684303888d022aa816fc0b282da27ac1ca29dfc0b0e2be0') - -_kernelname=${pkgbase#linux-libre} -_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}") -_replacesoldkernels=("${_replacesoldkernels[@]/\%/${_kernelname}}") -_replacesoldmodules=("${_replacesoldmodules[@]/\%/${_kernelname}}") - -case "${CARCH}" in + '5f196378d50dd737d727e424d8f31b7fa8a6b92ba88f0a1467ef79bc37a097160da1fc1fd5cfb4b8983f36f2afdf27eb229ec61b35a15ac2343d660eb416a230') +sha512sums_armv7h=('326ba9a9275bb76deb5d8a4fc129d048e8a0f62bb526da58a084d3413ce79f17ba107f64b84664d73919dd67c4e1cbf01388ab71dae9cee5a36728f17fe77323' + 'SKIP' + '60aa432465eb3ac10f565799d3dfecea21aaf08e83909c1161d9359e932626edbd1353e712d616c3d785c65a0f699e9c45df35bd9e86365c25399c6b2d45b9e4' + '86809feb5ae2759b449ec0cb7a6b3fb457874ed82a72dfda00607e8819c804a0714b5d6a17cbbba44996a36872224af42d1b85f1b3932f43bccb419041d25dc7' + '746acff348d62b3ed4e62cd9976ddf0af47f87bd3cffda90cbb00a6b57d589ccb681fcd9541ee5bdd179d95dad71d57c77cb1a60faee1c6cef518e4055c3456f' + 'c945e871fa456b521ced77cae9081bcdc47d836ecdabe6766e373681fe11fda3e5a7a3c16f70c586be64a1eb5c9136c43b0a44df897298940fd8703b50b0a543' + '054e98a2d1ea83cece1fe55ae087b282f25593022f252c74612d4aeb2a547f84ea626e3d982098ca798271af55f3b733ac2aea2fc0d9cad031802d2901dfe4ca' + '4433f9e780a72347313916c8a9cbcbce3a8c40e1b299e887dc748d257879fb5fab8f1683936339f73a4d4b4ef668b1ed6cc0d9a19ed4bd99039a1613ac08610e' + 'd1361d23ae79599e3fa94cba206bd40764f9eee0c584e639af13828dabb7f0dfa361792c098b5afae0bb350407b2dc47a1d67580daeade7a4f3e3e55e42c8470' + 'c1653f91067d31801a23450175e47968add147477caf20aec6092831739641312f4ad995af43c7e55545007279016b5f62a0720d31e4591b4421a65b8bd5b398' + 'a123747792417d3760ca40d7f913c2cdd194da2ea5778352eedebc80097b7b8dce4428a8fe8bd75cab92972f599c25bcf18a740856fc2990351234b0d7ebf9f5') + +_replacesarchkernel=("${_replacesarchkernel[@]/\%/${pkgbase#linux-libre}}") +_replacesoldkernels=("${_replacesoldkernels[@]/\%/${pkgbase#linux-libre}}") +_replacesoldmodules=("${_replacesoldmodules[@]/\%/${pkgbase#linux-libre}}") + +case "$CARCH" in i686|x86_64) KARCH=x86;; armv7h) KARCH=arm;; esac +export KBUILD_BUILD_HOST=parabola +export KBUILD_BUILD_USER=$pkgbase +export KBUILD_BUILD_TIMESTAMP="@${SOURCE_DATE_EPOCH:-$(date +%s)}" + prepare() { - cd ${_srcname} + cd $_srcname # add upstream patch - if [ "${_srcbasever}" != "${_srcver}" ]; then - patch -p1 -i ../patch-${_srcbasever}-${_srcver} - fi - chmod +x tools/objtool/sync-check.sh # GNU patch doesn't support git-style file mode - - # add realtime patch - patch -p1 -i ../patch-${_srcver%-*}-${_rtpatchver}.patch - rm localversion-rt - - if [ "${CARCH}" = "armv7h" ]; then - # RCN patch (CM3 firmware deblobbed and AUFS/WireGuard removed) - # Note: For stability reasons, AUFS has been removed in the RCN patch. - # We are supporting AUFS in linux-libre-pck through PCK patch. - # See https://wiki.parabola.nu/PCK for further details. - patch -p1 -i ../rcn-libre-${rcnver}-${rcnrel}.patch - - # ALARM patches - patch -p1 -i ../0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch - patch -p1 -i ../0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch - patch -p1 -i ../0003-SMILE-Plug-device-tree-file.patch - patch -p1 -i ../0004-fix-mvsdio-eMMC-timing.patch - patch -p1 -i ../0005-net-smsc95xx-Allow-mac-address-to-be-set-as-a-parame.patch - patch -p1 -i ../0006-set-default-cubietruck-led-triggers.patch - patch -p1 -i ../0007-exynos4412-odroid-set-higher-minimum-buck2-regulator.patch - patch -p1 -i ../0008-ARM-dove-enable-ethernet-on-D3Plug.patch - patch -p1 -i ../0009-usb-dwc2-disable-power_down-on-rockchip-devices.patch + if [ "$_srcbasever" != "$_srcver" ]; then + patch -p1 -i ../patch-$_srcbasever-$_srcver fi # add freedo as boot logo install -m644 -t drivers/video/logo \ ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm} - # security patches - - # add latest fixes from stable queue, if needed - # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git - - # disable USER_NS for non-root users by default - patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - - # maintain the TTY over USB disconnects - # http://www.coreboot.org/EHCI_Gadget_Debug - patch -p1 -i ../0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch - - # fix Atmel maXTouch touchscreen support - # https://labs.parabola.nu/issues/877 - # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html - patch -p1 -i ../0002-fix-Atmel-maXTouch-touchscreen-support.patch - - cp -Tf ../config.$CARCH .config - - if [ "${_kernelname}" != "" ]; then - sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_kernelname}\"|g" ./.config - sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config + msg2 "Setting version..." + scripts/setlocalversion --save-scmversion + echo "-$pkgrel" > localversion.10-pkgrel + echo "${pkgbase#linux-libre}" > localversion.20-pkgname + + if [ "$CARCH" = "armv7h" ]; then + local src_armv7h + for src_armv7h in "${source_armv7h[@]}"; do + src_armv7h="${src_armv7h%%::*}" + src_armv7h="${src_armv7h##*/}" + [[ $src_armv7h = *.patch ]] || continue + msg2 "Applying patch $src_armv7h..." + patch -Np1 < "../$src_armv7h" + done fi - # append pkgrel to extraversion - sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${pkgrel}|" Makefile - - # don't run depmod on 'make install'. We'll do this ourselves in packaging - sed -i '2iexit 0' scripts/depmod.sh - - # get kernel version - make prepare + local src + for src in "${source[@]}"; do + src="${src%%::*}" + src="${src##*/}" + [[ $src = *.patch ]] || continue + msg2 "Applying patch $src..." + patch -Np1 < "../$src" + done - # load configuration - # Configure the kernel. Replace the line below with one of your choice. - #make menuconfig # CLI menu for configuration - #make nconfig # new CLI menu for configuration - #make xconfig # X-based configuration - #make oldconfig # using old config from previous kernel version - # ... or manually edit .config + msg2 "Setting config..." + cp ../config.$CARCH .config + make olddefconfig - # rewrite configuration - yes "" | make config >/dev/null + make -s kernelrelease > version + msg2 "Prepared %s version %s" "$pkgbase" "$(<version)" } build() { - cd ${_srcname} - - if [ "${CARCH}" = "armv7h" ]; then - make ${MAKEFLAGS} LOCALVERSION= zImage modules dtbs - elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then - make ${MAKEFLAGS} LOCALVERSION= bzImage modules + cd $_srcname + if [ "$CARCH" = "armv7h" ]; then + make zImage modules htmldocs dtbs + else + make bzImage modules htmldocs fi } _package() { - pkgdesc="The ${pkgbase^} kernel and modules with realtime preemption" - [ "${pkgbase}" = "linux-libre" ] && groups=('base' 'base-openrc') - depends=('coreutils' 'linux-libre-firmware' 'kmod' 'mkinitcpio>=0.7') - optdepends=('crda: to set the correct wireless channels of your country') - provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}" "LINUX-ABI_VERSION=${_srcver%%-*}") + pkgdesc="The ${pkgbase^} kernel and modules" + depends=(coreutils kmod initramfs) + optdepends=('crda: to set the correct wireless channels of your country' + 'linux-libre-firmware: firmware images needed for some devices') + provides=("${_replacesarchkernel[@]/%/=${_srcver%%-*}}" "LINUX-ABI_VERSION=${_srcver%%-*}") conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") - backup=("etc/mkinitcpio.d/${pkgbase}.preset") - install=linux.install - - cd ${_srcname} - - # get kernel version - _kernver="$(make LOCALVERSION= kernelrelease)" - _basekernel=${_kernver%%-*} - _basekernel=${_basekernel%.*} - - mkdir -p "${pkgdir}"/{boot,usr/lib/modules} - make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}/usr" modules_install - if [ "${CARCH}" = "armv7h" ]; then - make LOCALVERSION= INSTALL_DTBS_PATH="${pkgdir}/boot/dtbs/${pkgbase}" dtbs_install - cp arch/$KARCH/boot/zImage "${pkgdir}/boot/vmlinuz-${pkgbase}" - elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then - cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" - fi + cd $_srcname + local kernver="$(<version)" + local modulesdir="$pkgdir/usr/lib/modules/$kernver" + + msg2 "Installing boot image..." + if [ "$CARCH" = "armv7h" ]; then + make INSTALL_DTBS_PATH="$pkgdir/boot/dtbs/$pkgbase" dtbs_install + fi # systemd expects to find the kernel here to allow hibernation # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 - ln -sr "${pkgdir}/boot/vmlinuz-${pkgbase}" "${pkgdir}/usr/lib/modules/${_kernver}/vmlinuz" + install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" - # make room for external modules - local _extramodules="extramodules-${_basekernel}${_kernelname}" - ln -s "../${_extramodules}" "${pkgdir}/usr/lib/modules/${_kernver}/extramodules" + # Used by mkinitcpio to name the kernel + echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" - # add real version for building modules and running depmod from hook - echo "${_kernver}" | - install -Dm644 /dev/stdin "${pkgdir}/usr/lib/modules/${_extramodules}/version" + msg2 "Installing modules..." + make INSTALL_MOD_PATH="$pkgdir/usr" modules_install - # remove build and source links - rm "${pkgdir}"/usr/lib/modules/${_kernver}/{source,build} - - # now we call depmod... - depmod -b "${pkgdir}/usr" -F System.map "${_kernver}" - - # add vmlinux - install -Dt "${pkgdir}/usr/lib/modules/${_kernver}/build" -m644 vmlinux - - # sed expression for following substitutions - if [ "${CARCH}" = "armv7h" ]; then - local _subst=" - s|/boot/vmlinuz-%PKGBASE%|${_kernver}|g - s|%PKGBASE%|${pkgbase}|g - s|%KERNVER%|${_kernver}|g - s|%EXTRAMODULES%|${_extramodules}|g - " - else - local _subst=" - s|%PKGBASE%|${pkgbase}|g - s|%KERNVER%|${_kernver}|g - s|%EXTRAMODULES%|${_extramodules}|g - " - fi + # armv7h presets only work with ALL_kver=$kernver + if [ "$CARCH" = "armv7h" ]; then + backup=("etc/mkinitcpio.d/$pkgbase.preset") - # hack to allow specifying an initially nonexisting install file - sed "${_subst}" "${startdir}/${install}" > "${startdir}/${install}.pkg" - true && install=${install}.pkg + msg2 "Installing mkinitcpio preset..." + sed "s|%PKGBASE%|$pkgbase|g;s|%KERNVER%|$kernver|g" ../linux-armv7h.preset \ + | install -Dm644 /dev/stdin "$pkgdir/etc/mkinitcpio.d/$pkgbase.preset" + fi - # install mkinitcpio preset file - sed "${_subst}" ../linux.preset | - install -Dm644 /dev/stdin "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + # remove build and source links + rm "$modulesdir"/{source,build} - # install pacman hooks - sed "${_subst}" ../60-linux.hook | - install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/60-${pkgbase}.hook" - sed "${_subst}" ../90-linux.hook | - install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/90-${pkgbase}.hook" + msg2 "Fixing permissions..." + chmod -Rc u=rwX,go=rX "$pkgdir" } _package-headers() { pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" - provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}") + provides=("${_replacesarchkernel[@]/%/-headers=${_srcver%%-*}}") conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") - cd ${_srcname} - local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build" + cd $_srcname + local builddir="$pkgdir/usr/lib/modules/$(<version)/build" - install -Dt "${_builddir}" -m644 Makefile .config Module.symvers - install -Dt "${_builddir}/kernel" -m644 kernel/Makefile + msg2 "Installing build files..." + install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \ + localversion.* version vmlinux + install -Dt "$builddir/kernel" -m644 kernel/Makefile + install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile + if [[ $CARCH = i686 ]]; then + install -Dt "$builddir/arch/$KARCH" -m644 arch/$KARCH/Makefile_32.cpu + fi + cp -t "$builddir" -a scripts - mkdir "${_builddir}/.tmp_versions" + # add objtool for external module building and enabled VALIDATION_STACK option + if [[ -e tools/objtool/objtool ]]; then + install -Dt "$builddir/tools/objtool" tools/objtool/objtool + fi - cp -t "${_builddir}" -a include scripts + # add xfs and shmem for aufs building + mkdir -p "$builddir"/{fs/xfs,mm} - install -Dt "${_builddir}/arch/${KARCH}" -m644 arch/${KARCH}/Makefile - if [[ ${CARCH} = i686 ]]; then - install -t "${_builddir}/arch/${KARCH}" -m644 arch/${KARCH}/Makefile_32.cpu - fi - install -Dt "${_builddir}/arch/${KARCH}/kernel" -m644 arch/${KARCH}/kernel/asm-offsets.s + # this is gone in v5.3 + mkdir "$builddir/.tmp_versions" - cp -t "${_builddir}/arch/${KARCH}" -a arch/${KARCH}/include + msg2 "Installing headers..." + cp -t "$builddir" -a include + cp -t "$builddir/arch/$KARCH" -a arch/$KARCH/include + install -Dt "$builddir/arch/$KARCH/kernel" -m644 arch/$KARCH/kernel/asm-offsets.s - install -Dt "${_builddir}/drivers/md" -m644 drivers/md/*.h - install -Dt "${_builddir}/net/mac80211" -m644 net/mac80211/*.h + install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h + install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h # http://bugs.archlinux.org/task/13146 - install -Dt "${_builddir}/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h + install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h # http://bugs.archlinux.org/task/20402 - install -Dt "${_builddir}/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h - install -Dt "${_builddir}/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h - install -Dt "${_builddir}/drivers/media/tuners" -m644 drivers/media/tuners/*.h - - # add xfs and shmem for aufs building - mkdir -p "${_builddir}"/{fs/xfs,mm} - - # copy in Kconfig files - find . -name Kconfig\* -exec install -Dm644 {} "${_builddir}/{}" \; - - # add objtool for external module building and enabled VALIDATION_STACK option - if [[ -e tools/objtool/objtool ]]; then - install -Dt "${_builddir}/tools/objtool" tools/objtool/objtool - fi - - # remove unneeded architectures - local _arch - for _arch in "${_builddir}"/arch/*/; do - [[ ${_arch} == */${KARCH}/ ]] && continue - rm -r "${_arch}" + install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h + install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h + install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h + + msg2 "Installing KConfig files..." + find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \; + + msg2 "Removing unneeded architectures..." + local arch + for arch in "$builddir"/arch/*/; do + [[ $arch = */$KARCH/ ]] && continue + echo "Removing $(basename "$arch")" + rm -r "$arch" done - # remove files already in linux-docs package - rm -r "${_builddir}/Documentation" - + msg2 "Removing documentation..." + rm -r "$builddir/Documentation" + # Parabola changes # # since we don't want to diverge too much from Arch's PKGBUILD, we'll # start marking our changes as such - if [ "${CARCH}" = "armv7h" ]; then + if [ "$CARCH" = "armv7h" ]; then for i in dove exynos omap2; do - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/mach-${i}" - cp -a arch/${KARCH}/mach-${i}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/mach-${i}/" + mkdir -p "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/mach-$i" + cp -a arch/$KARCH/mach-$i/include "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/mach-$i/" done for i in omap orion samsung versatile; do - mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/plat-${i}" - cp -a arch/${KARCH}/plat-${i}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/plat-${i}/" + mkdir -p "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/plat-$i" + cp -a arch/$KARCH/plat-$i/include "$pkgdir/usr/lib/modules/$kernver/build/arch/$KARCH/plat-$i/" done fi # end of Parabola changes - # remove now broken symlinks - find -L "${_builddir}" -type l -printf 'Removing %P\n' -delete + msg2 "Removing broken symlinks..." + find -L "$builddir" -type l -printf 'Removing %P\n' -delete + + msg2 "Removing loose objects..." + find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete + + msg2 "Stripping build tools..." + local file + while read -rd '' file; do + case "$(file -bi "$file")" in + application/x-sharedlib\;*) # Libraries (.so) + strip -v $STRIP_SHARED "$file" ;; + application/x-archive\;*) # Libraries (.a) + strip -v $STRIP_STATIC "$file" ;; + application/x-executable\;*) # Binaries + strip -v $STRIP_BINARIES "$file" ;; + application/x-pie-executable\;*) # Relocatable binaries + strip -v $STRIP_SHARED "$file" ;; + esac + done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) - # Fix permissions - chmod -R u=rwX,go=rX "${_builddir}" + msg2 "Adding symlink..." + mkdir -p "$pkgdir/usr/src" + ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" - # strip scripts directory - local _binary _strip - while read -rd '' _binary; do - case "$(file -bi "${_binary}")" in - *application/x-sharedlib*) _strip="${STRIP_SHARED}" ;; # Libraries (.so) - *application/x-archive*) _strip="${STRIP_STATIC}" ;; # Libraries (.a) - *application/x-executable*) _strip="${STRIP_BINARIES}" ;; # Binaries - *) continue ;; - esac - /usr/bin/strip ${_strip} "${_binary}" - done < <(find "${_builddir}/scripts" -type f -perm -u+w -print0 2>/dev/null) + msg2 "Fixing permissions..." + chmod -Rc u=rwX,go=rX "$pkgdir" } _package-docs() { pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" - provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}") + provides=("${_replacesarchkernel[@]/%/-docs=${_srcver%%-*}}") conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") - cd ${_srcname} - local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build" + cd $_srcname + local builddir="$pkgdir/usr/lib/modules/$(<version)/build" - mkdir -p "${_builddir}" - cp -t "${_builddir}" -a Documentation + msg2 "Installing documentation..." + mkdir -p "$builddir" + cp -t "$builddir" -a Documentation - # Fix permissions - chmod -R u=rwX,go=rX "${_builddir}" + msg2 "Removing doctrees..." + rm -r "$builddir/Documentation/output/.doctrees" + + msg2 "Moving HTML docs..." + local src dst + while read -rd '' src; do + dst="$builddir/Documentation/${src#$builddir/Documentation/output/}" + mkdir -p "${dst%/*}" + mv "$src" "$dst" + rmdir -p --ignore-fail-on-non-empty "${src%/*}" + done < <(find "$builddir/Documentation/output" -type f -print0) + + msg2 "Adding symlink..." + mkdir -p "$pkgdir/usr/share/doc" + ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase" + + msg2 "Fixing permissions..." + chmod -Rc u=rwX,go=rX "$pkgdir" } -pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") -for _p in ${pkgname[@]}; do - eval "package_${_p}() { - $(declare -f "_package${_p#${pkgbase}}") - _package${_p#${pkgbase}} +pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs") +for _p in "${pkgname[@]}"; do + eval "package_$_p() { + $(declare -f "_package${_p#$pkgbase}") + _package${_p#$pkgbase} }" done + +# vim:set ts=8 sts=2 sw=2 et: diff --git a/kernels/linux-libre-rt/linux.preset b/kernels/linux-libre-rt/linux-armv7h.preset index 66709a8c1..3cec18ca9 100644 --- a/kernels/linux-libre-rt/linux.preset +++ b/kernels/linux-libre-rt/linux-armv7h.preset @@ -1,7 +1,7 @@ # mkinitcpio preset file for the '%PKGBASE%' package ALL_config="/etc/mkinitcpio.conf" -ALL_kver="/boot/vmlinuz-%PKGBASE%" +ALL_kver="%KERNVER%" PRESETS=('default' 'fallback') diff --git a/kernels/linux-libre-rt/linux.install b/kernels/linux-libre-rt/linux.install deleted file mode 100644 index f1f033b4e..000000000 --- a/kernels/linux-libre-rt/linux.install +++ /dev/null @@ -1,12 +0,0 @@ -post_upgrade() { - if [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then - if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then - echo "WARNING: /boot appears to be a separate partition but is not mounted." - fi - fi -} - -post_remove() { - rm -f boot/initramfs-%PKGBASE%.img - rm -f boot/initramfs-%PKGBASE%-fallback.img -} |