# Maintainer: Daniel Micay # Contributor: Tobias Powalowski # Contributor: Thomas Baechler # Contributor: henning mueller # Contributor: Thomas Dwyer http://tomd.tel # Maintainer (Parabola): André Silva # Contributor (Parabola): Nicolás Reynolds # Contributor (Parabola): Sorin-Mihai Vârgolici # Contributor (Parabola): Michał Masłowski # Contributor (Parabola): Márcio Silva pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.14 _sublevel=1 _grsecver=3.0 _timestamp=201404201132 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} pkgrel=2 _lxopkgver=${_basekernel}.0 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') options=('!strip') source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gnu/linux-libre-${_basekernel}-gnu.tar.xz" "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}-gnu/patch-${_basekernel}-gnu-${_pkgver}-gnu.xz" "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver}-${_timestamp}.patch" "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver}-${_timestamp}.patch.sig" # the main kernel config files 'config.i686' 'config.x86_64' # standard config files for mkinitcpio ramdisk "${pkgbase}.preset" 'Kbuild' 'Kbuild.platforms' 'boot-logo.patch' 'change-default-console-loglevel.patch' '0001-Bluetooth-allocate-static-minor-for-vhci.patch' '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch' '0003-module-remove-MODULE_GENERIC_TABLE.patch' '0004-fs-Don-t-return-0-from-get_anon_bdev.patch' '0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch' '0006-genksyms-fix-typeof-handling.patch' '0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch' '0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch' 'sysctl.conf' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f' '2b4862b3c76011e66e536f18fbf0fb27' 'db16c597af55a82da6fbe1059377c5cd' 'SKIP' '51ead958a4bb74ca5f5702b97740719b' '0822a5655cef86bb6f449692d8b3f3d2' '5f66bed97a5c37e48eb2f71b2d354b9a' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' '14bb375a8a1d86d2875f72fcbaa03f3e' '98beb36f9b8cf16e58de2483ea9985e3' '6839ddec74a5300beff1709a81b0e4f3' '706549e8a05f33f7fc697f28c0ca71d2' 'd23fc66be93ebce698bd7da844789de1' 'b240cc8ebb4b5d74e94b4c72d033f726' 'a89d593774ccb955eb8368d3bc87ce26' '16a161979f846b049e90daea907c35dd' '00727251b0d337a25d3ca392218afdf4' '353b553d69da810ef954618aca60e1e2' '7a052645280da78a98bfe8cf805ddab5' '385f03abf27baa73731d27721eafd1c1') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] unset md5sums[${#md5sums[@]}-1] fi _kernelname=${pkgbase#linux-libre} _localversionname=-LIBRE-GRSEC prepare() { cd "${srcdir}/linux-${_basekernel}" if [ "${_basekernel}" != "${_pkgver}" ]; then patch -p1 -i "${srcdir}/patch-${_basekernel}-gnu-${_pkgver}-gnu" fi # add grsecurity patches patch -Np1 -i "${srcdir}/grsecurity-${_grsecver}-${_pkgver}-${_timestamp}.patch" rm localversion-grsec # add freedo as boot logo patch -p1 -i "${srcdir}/boot-logo.patch" # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" # Fix vhci warning in kmod (to restore every kernel maintainer's sanity) patch -p1 -i "${srcdir}/0001-Bluetooth-allocate-static-minor-for-vhci.patch" # Fix atkbd aliases patch -p1 -i "${srcdir}/0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch" patch -p1 -i "${srcdir}/0003-module-remove-MODULE_GENERIC_TABLE.patch" # Fix various bugs caused by rootfs having FSID 0 # See http://www.spinics.net/lists/kernel/msg1716924.html patch -p1 -i "${srcdir}/0004-fs-Don-t-return-0-from-get_anon_bdev.patch" # Disable usb autosuspend for intel btusb # See http://www.spinics.net/lists/kernel/msg1716461.html # Until a solution is found, make sure the driver leaves autosuspend alone patch -p1 -i "${srcdir}/0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch" # Fix generation of symbol CRCs # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18 patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch" # Fix the use of code32_start in the EFI boot stub # http://permalink.gmane.org/gmane.linux.kernel/1679881 # https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=urgent&id=7e8213c1f3acc064aef37813a39f13cbfe7c3ce7 patch -p1 -i "${srcdir}/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch" # https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/commit/?id=12f853a89e29f50b17698e17e73c328a35f1498d # FS#39815 patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch" if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ < "${srcdir}/lxo-config.patch" > lxo-config.patch msg2 "Adding loongson-community patches" patch -p1 -i ${srcdir}/${_basekernel}*-*-loongson-community.patch patch -p0 -i lxo-config.patch # ensure N32, add localversion, remove uevent helper as per # https://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=README # and make USB storage support builtin (e.g. for booting from USB # disks without slowly loading an initramfs) sed -ri \ -e "s|CONFIG_MIPS32_N32=.*|CONFIG_MIPS32_N32=y|g" \ -e "s|CONFIG_UEVENT_HELPER_PATH=.*|CONFIG_UEVENT_HELPER_PATH=\"\"|g" \ -e "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" \ -e "s;(CONFIG_USB(_COMMON|_EHCI_HCD|_OHCI_HCD|_STORAGE.*|_UAS)?)=.*;\1=y;g" \ ./.config else cat "${srcdir}/config.${CARCH}" > ./.config # simpler fi if [ "${_kernelname}" != "" ]; then sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_localversionname}\"|g" ./.config sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config fi # set extraversion to pkgrel sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh # get kernel version make prepare # load configuration # Configure the kernel. Replace the line below with one of your choice. #make menuconfig # CLI menu for configuration #make nconfig # new CLI menu for configuration #make xconfig # X-based configuration #make oldconfig # using old config from previous kernel version # ... or manually edit .config # rewrite configuration yes "" | make config >/dev/null } build() { cd "${srcdir}/linux-${_basekernel}" if [ "$CARCH" == "mips64el" ]; then # The build system passes it directly to linker, disable to avoid # having unknown -Wl,... options. export LDFLAGS="" # bzImage is arch-specific and not supported on mips; vmlinux is # useful for oprofile. make ${MAKEFLAGS} LOCALVERSION= vmlinux vmlinuz modules else make ${MAKEFLAGS} LOCALVERSION= bzImage modules fi } _package() { pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches" [ "${pkgbase}" = "linux-libre" ] && groups=('base') depends=('coreutils' 'linux-libre-firmware' 'kmod') optdepends=('crda: to set the correct wireless channels of your country') provides=("kernel26${_kernelname}=${pkgver}" "linux${_kernelname}=${pkgver}") conflicts=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") replaces=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") backup=("etc/mkinitcpio.d/${pkgbase}.preset" 'etc/sysctl.d/05-grsecurity.conf') install=${pkgbase}.install if [ "$CARCH" = "mips64el" ]; then optdepends+=('mkinitcpio: to make the initramfs (needs reinstall of this package)') conflicts+=('mkinitcpio<0.7') else depends+=('mkinitcpio>=0.7') fi cd "${srcdir}/linux-${_basekernel}" KARCH=x86 [ $CARCH = "mips64el" ] && KARCH=mips # get kernel version _kernver="$(make LOCALVERSION= kernelrelease)" _basekernel=${_kernver%%-*} _basekernel=${_basekernel%.*} mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install if [ "$CARCH" == "mips64el" ]; then cp vmlinuz "${pkgdir}/boot/vmlinuz-${pkgbase}" cp vmlinux "${pkgdir}/boot/vmlinux-${pkgbase}" else cp arch/${KARCH}/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" fi # set correct depmod command for install cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" true && install=${install}.pkg sed \ -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \ -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ -i "${startdir}/${install}" # install mkinitcpio preset file for kernel install -D -m644 "${srcdir}/${pkgbase}.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" sed \ -e "1s|'linux*.*'|'${pkgbase}'|" \ -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" # mkinitcpio 0.7 relies on bzImage to find the kernel version if [ "$CARCH" == "mips64el" ]; then sed -e "s|ALL_kver=.*|ALL_kver=\"${_kernver}\"|" \ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" fi # remove build and source links rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} # remove the firmware rm -rf "${pkgdir}/lib/firmware" # gzip -9 all modules to save 100MB of space find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \; # make room for external modules ln -s "../extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" "${pkgdir}/lib/modules/${_kernver}/extramodules" # add real version for building modules and running depmod from post_install/upgrade mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}" echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_localversionname:--LIBRE-GRSEC}/version" # Now we call depmod... depmod -b "${pkgdir}" -F System.map "${_kernver}" # move module tree /lib -> /usr/lib mkdir -p "${pkgdir}/usr" mv "${pkgdir}/lib" "${pkgdir}/usr/" # add vmlinux install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" # add grsecurity gcc plugins mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc" cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" # install sysctl configuration for grsecurity switches install -Dm600 "${srcdir}/sysctl.conf" "${pkgdir}/etc/sysctl.d/05-grsecurity.conf" } _package-headers() { pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" provides=("kernel26${_kernelname}-headers=${pkgver}" "linux${_kernelname}-headers=${pkgver}") conflicts=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers") replaces=("kernel26${_kernelname}-headers" "kernel26-libre${_kernelname}-headers" "linux${_kernelname}-headers") KARCH=x86 [ $CARCH = "mips64el" ] && KARCH=mips # in case of repackaging this is empty if [ -z "${_kernver}" ]; then cd "${srcdir}/linux-${_basekernel}" _kernver="$(make LOCALVERSION= kernelrelease)" fi install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" cd "${srcdir}/linux-${_basekernel}" install -D -m644 Makefile \ "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" install -D -m644 kernel/Makefile \ "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" install -D -m644 .config \ "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" done # copy arch includes for external modules mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" # copy files necessary for later builds cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" if [ "$CARCH" = "mips64el" ]; then cp arch/${KARCH}/Kbuild "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" cp -a arch/${KARCH}/loongson "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" cp ${srcdir}/Kbuild.platforms "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi # fix permissions on scripts dir chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" if [ "${CARCH}" = "i686" ]; then cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" # add docbook makefile install -D -m644 Documentation/DocBook/Makefile \ "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" # add dm headers mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" # add inotify.h mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" # add wireless headers mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" # add dvb headers for external modules # in reference to: # http://bugs.archlinux.org/task/9912 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" # and... # http://bugs.archlinux.org/task/11194 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new # in reference to: # http://bugs.archlinux.org/task/13146 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" # add dvb headers # in reference to: # http://bugs.archlinux.org/task/20402 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" # add xfs and shmem for aufs building mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" # copy in Kconfig files for i in $(find . -name "Kconfig*"); do mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" done chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; # strip scripts directory find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do case "$(file -bi "${binary}")" in *application/x-sharedlib*) # Libraries (.so) /usr/bin/strip ${STRIP_SHARED} "${binary}";; *application/x-archive*) # Libraries (.a) /usr/bin/strip ${STRIP_STATIC} "${binary}";; *application/x-executable*) # Binaries /usr/bin/strip ${STRIP_BINARIES} "${binary}";; esac done # remove unneeded architectures rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} if [ "$CARCH" = "mips64el" ]; then rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86 else rm -rf ${pkgdir}/usr/lib/modules/${_kernver}/build/arch/mips fi } _package-docs() { pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" provides=("kernel26${_kernelname}-docs=${pkgver}" "linux${_kernelname}-docs=${pkgver}") conflicts=("kernel26${_kernelname}-docs" "kernel26-libre${_kernelname}-docs" "linux${_kernelname}-docs") replaces=("kernel26${_kernelname}-docs" "kernel26-libre${_kernelname}-docs" "linux${_kernelname}-docs") cd "${srcdir}/linux-${_basekernel}" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" find "${pkgdir}" -type f -exec chmod 444 {} \; find "${pkgdir}" -type d -exec chmod 755 {} \; # remove a file already in linux package rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" } pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") for _p in ${pkgname[@]}; do eval "package_${_p}() { _package${_p#${pkgbase}} }" done # vim:set ts=8 sts=2 sw=2 et: