diff options
Diffstat (limited to 'libre/linux-libre-lts-grsec/PKGBUILD')
-rw-r--r-- | libre/linux-libre-lts-grsec/PKGBUILD | 374 |
1 files changed, 374 insertions, 0 deletions
diff --git a/libre/linux-libre-lts-grsec/PKGBUILD b/libre/linux-libre-lts-grsec/PKGBUILD new file mode 100644 index 000000000..f1708e951 --- /dev/null +++ b/libre/linux-libre-lts-grsec/PKGBUILD @@ -0,0 +1,374 @@ +# Maintainer: André Silva <emulatorman@parabola.nu> +# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar> +# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org> +# Contributor: Michał Masłowski <mtjm@mtjm.eu> +# Contributor: Márcio Silva <coadde@parabola.nu> +# Contributor: Luke Shumaker <lukeshu@sbcglobal.net> + +# Based on linux-grsec package + +pkgbase=linux-libre-lts-grsec +_pkgbasever=3.14-gnu +_pkgver=3.14.49-gnu +_grsecver=3.1 +_timestamp=201508032312 + +_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname +_replacesoldkernels=('kernel26%' 'kernel26-libre%') # '%' gets replaced with _kernelname +_replacesoldmodules=() # '%' gets replaced with _kernelname + +_srcname=linux-${_pkgbasever%-*} +_archpkgver=${_pkgver%-*}.${_timestamp} +pkgver=${_pkgver//-/_}.${_timestamp} +pkgrel=1 +arch=('i686' 'x86_64') +url="https://grsecurity.net/" +license=('GPL2') +makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') +options=('!strip') +source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz.sign" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}/patch-${_pkgbasever}-${_pkgver}.xz" + "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}/patch-${_pkgbasever}-${_pkgver}.xz.sign" + "https://repo.parabola.nu/other/grsecurity-libre/stable/grsecurity-libre-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch" + "https://repo.parabola.nu/other/grsecurity-libre/stable/grsecurity-libre-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch.sig" + "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_clut224.ppm" + "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_clut224.ppm.sig" + "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm" + "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm.sig" + "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm" + "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm.sig" + # the main kernel config files + 'config.i686' 'config.x86_64' + # standard config files for mkinitcpio ramdisk + 'linux.preset' + 'change-default-console-loglevel.patch' + '0001-Bluetooth-allocate-static-minor-for-vhci.patch' + '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch' + '0003-module-remove-MODULE_GENERIC_TABLE.patch' + '0006-genksyms-fix-typeof-handling.patch' + 'gcc5_buildfixes.diff') +sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' + 'SKIP' + '8146f5e0dda01cb95bf8841bc76acea42fd04a2e864cbe2ecfe55092453cc929' + 'SKIP' + 'caf36e8cbef0015a20d23b281b51e09041ce055836c2eb1b4864b32693f4eddb' + 'SKIP' + 'bfd4a7f61febe63c880534dcb7c31c5b932dde6acf991810b41a939a93535494' + 'SKIP' + '13bd7a8d9ed6b6bc971e4cd162262c5a20448a83796af39ce394d827b0e5de74' + 'SKIP' + '6de8a8319271809ffdb072b68d53d155eef12438e6d04ff06a5a4db82c34fa8a' + 'SKIP' + '004a63f82a58f935d0de51c5ab5da3c457698b4dea37b149bf3632b3ddc44c3b' + '3fab9fd59a744b5107c57d01a4d52d955ef847424d22cba55326eb054fd27dc0' + 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c' + 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' + '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02' + '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29' + '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d' + 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7' + '9c89039a0f876888fda3be6f574bca5a120e3587d8342747bbc0723b0b4cde7a') +validpgpkeys=( + '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva + 'C92BAA713B8D53D3CAE63FC9E6974752F9704456' # André Silva + '684D54A189305A9CC95446D36B888913DDB59515' # Márcio Silva +) + +_kernelname=${pkgbase#linux-libre} +_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}") +_replacesoldkernels=("${_replacesoldkernels[@]/\%/${_kernelname}}") +_replacesoldmodules=("${_replacesoldmodules[@]/\%/${_kernelname}}") + +case "$CARCH" in + i686|x86_64) KARCH=x86;; +esac + +prepare() { + cd "${srcdir}/${_srcname}" + + # add upstream patch + if [ "${_pkgbasever}" != "${_pkgver}" ]; then + patch -p1 -i "${srcdir}/patch-${_pkgbasever}-${_pkgver}" + fi + + # add grsecurity patches (without nonfree bnx2 firmware patching) + patch -Np1 -i "${srcdir}/grsecurity-libre-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch" + rm localversion-grsec + + # add freedo as boot logo + install -m644 -t drivers/video/logo \ + "${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm} + + # buildfixes for gcc5 + # https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/scsi/qla2xxx/qla_nx2.c?id=9493c2422cae272d6f1f567cbb424195defe4176 + # https://lkml.org/lkml/2014/11/9/27 + # https://lkml.org/lkml/2014/12/14/55 + patch -p1 -i "${srcdir}/gcc5_buildfixes.diff" + + # add latest fixes from stable queue, if needed + # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git + + # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) + # remove this when a Kconfig knob is made available by upstream + # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) + patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" + + # Fix vhci warning in kmod (to restore every kernel maintainer's sanity) + patch -p1 -i "${srcdir}/0001-Bluetooth-allocate-static-minor-for-vhci.patch" + + # Fix atkbd aliases + patch -p1 -i "${srcdir}/0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch" + patch -p1 -i "${srcdir}/0003-module-remove-MODULE_GENERIC_TABLE.patch" + + # Fix generation of symbol CRCs + # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18 + patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch" + + cat "${srcdir}/config.${CARCH}" > ./.config + + # append pkgrel to extraversion + sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${_timestamp}-${pkgrel}|" Makefile + + # don't run depmod on 'make install'. We'll do this ourselves in packaging + sed -i '2iexit 0' scripts/depmod.sh + + # get kernel version + make prepare + + # load configuration + # Configure the kernel. Replace the line below with one of your choice. + #make menuconfig # CLI menu for configuration + #make nconfig # new CLI menu for configuration + #make xconfig # X-based configuration + #make oldconfig # using old config from previous kernel version + # ... or manually edit .config + + # rewrite configuration + yes "" | make config >/dev/null +} + +build() { + cd "${srcdir}/${_srcname}" + + make ${MAKEFLAGS} LOCALVERSION= bzImage modules +} + +_package() { + pkgdesc="The ${pkgbase^} kernel and modules - stable longtime supported kernel package suitable for servers with grsecurity/PaX patches" + [ "${pkgbase}" = "linux-libre" ] && groups=('base') + depends=('coreutils' 'linux-libre-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7') + optdepends=('crda: to set the correct wireless channels of your country' + 'gradm: to configure and enable Role Based Access Control (RBAC)' + 'paxd-libre: to enable PaX exploit mitigations and apply exceptions automatically') + provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") + replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") + backup=("etc/mkinitcpio.d/${pkgbase}.preset") + install=linux.install + + cd "${srcdir}/${_srcname}" + + # get kernel version + _kernver="$(make LOCALVERSION= kernelrelease)" + _basekernel=${_kernver%%-*} + _basekernel=${_basekernel%.*} + + mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} + make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install + cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" + + # set correct depmod command for install + cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" + true && install=${install}.pkg + sed \ + -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \ + -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ + -i "${startdir}/${install}" + + # install mkinitcpio preset file for kernel + install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + sed \ + -e "1s|'linux.*'|'${pkgbase}'|" \ + -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ + -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ + -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + + # remove build and source links + rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} + # remove the firmware + rm -rf "${pkgdir}/lib/firmware" + # gzip -9 all modules to save 100MB of space + find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \; + # make room for external modules + ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules" + # add real version for building modules and running depmod from post_install/upgrade + mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}" + echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}/version" + + # Now we call depmod... + depmod -b "${pkgdir}" -F System.map "${_kernver}" + + # move module tree /lib -> /usr/lib + mkdir -p "${pkgdir}/usr" + mv "${pkgdir}/lib" "${pkgdir}/usr/" + + # add vmlinux + install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" + + # add grsecurity gcc plugins + mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc" + cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin" + install -m644 tools/gcc/size_overflow_plugin/Makefile tools/gcc/size_overflow_plugin/*.so \ + "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin" +} + +_package-headers() { + pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" + provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") + replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") + + install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" + + cd "${srcdir}/${_srcname}" + install -D -m644 Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" + install -D -m644 kernel/Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" + install -D -m644 .config \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" + + for i in acpi asm-generic config crypto drm generated keys linux math-emu \ + media net pcmcia scsi sound trace uapi video xen; do + cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" + done + + # copy arch includes for external modules + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" + cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + + # copy files necessary for later builds + cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" + + # fix permissions on scripts dir + chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" + + cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + + if [ "${CARCH}" = "i686" ]; then + cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" + fi + + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" + + # add docbook makefile + install -D -m644 Documentation/DocBook/Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" + + # add dm headers + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + + # add inotify.h + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" + + # add wireless headers + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + + # add dvb headers for external modules + # in reference to: + # http://bugs.archlinux.org/task/9912 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" + # and... + # http://bugs.archlinux.org/task/11194 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + + # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new + # in reference to: + # http://bugs.archlinux.org/task/13146 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + + # add dvb headers + # in reference to: + # http://bugs.archlinux.org/task/20402 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" + + # add xfs and shmem for aufs building + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" + cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" + + # copy in Kconfig files + for i in $(find . -name "Kconfig*"); do + mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" + done + + chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; + + # strip scripts directory + find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + case "$(file -bi "${binary}")" in + *application/x-sharedlib*) # Libraries (.so) + /usr/bin/strip ${STRIP_SHARED} "${binary}";; + *application/x-archive*) # Libraries (.a) + /usr/bin/strip ${STRIP_STATIC} "${binary}";; + *application/x-executable*) # Binaries + /usr/bin/strip ${STRIP_BINARIES} "${binary}";; + esac + done + + # remove unneeded architectures + find "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch -mindepth 1 -maxdepth 1 -type d -not -name "$KARCH" -exec rm -rf {} + +} + +_package-docs() { + pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" + provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") + replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") + + cd "${srcdir}/${_srcname}" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}" -type f -exec chmod 444 {} \; + find "${pkgdir}" -type d -exec chmod 755 {} \; + + # remove a file already in linux package + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" +} + +pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") +for _p in ${pkgname[@]}; do + eval "package_${_p}() { + $(declare -f "_package${_p#${pkgbase}}") + _package${_p#${pkgbase}} + }" +done + +# vim:set ts=8 sts=2 sw=2 et: |