# Maintainer (Arch): Daniel Micay # Contributor (Arch): Tobias Powalowski # Contributor (Arch): Thomas Baechler # Contributor (Arch): henning mueller # Contributor (Arch): Thomas Dwyer http://tomd.tel # Maintainer: André Silva # Contributor: Nicolás Reynolds # Contributor: Sorin-Mihai Vârgolici # Contributor: Michał Masłowski # Contributor: Márcio Silva # Contributor: Luke Shumaker pkgbase=linux-libre-grsec # Build kernel with -grsec localname _pkgbasever=3.15-gnu _pkgver=3.15.10-gnu _grsecver=3.0 _timestamp=201408212335 _replaces=('kernel26%' 'linux%') # '%' gets replaced with _kernelname _srcname=linux-${_pkgbasever%-*} _archpkgver=${_pkgver%-*}.${_timestamp} pkgver=${_pkgver//-/.}.${_timestamp} pkgrel=1 arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') options=('!strip') source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz" "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}/patch-${_pkgbasever}-${_pkgver}.xz" "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch" "https://grsecurity.net/test/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch.sig" # the main kernel config files 'config.i686' 'config.x86_64' 'config.mips64el' # standard config files for mkinitcpio ramdisk 'linux.preset' 'logo_linux_'{clut224.ppm,vga16.ppm,mono.pbm} 'change-default-console-loglevel.patch' # loongson-community patch: http://linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/ '3.15.7-2704e67ebc-loongson-community.patch') sha256sums=('93450dc189131b6a4de862f35c5087a58cc7bae1c24caa535d2357cc3301b688' 'c58b09c71666a79f5dcf83d05aaa5d64ab3fb83782a7dadabdc1a4e29c5b09ab' '13f4ca6702a9985c68e045b510552f5f122938e1ed3264990aaae82a4f64d67a' 'SKIP' 'd47cc4487a687782d4010c81002a48ee0171981863ab38b9f656d6e780d4a297' 'b4e55b41c014df808daad8105e4cbbf684df94641c213d2d9e6fc87e2a4ea59f' '' 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c' '074b67818582874146c389c029bc43648d145891a27e47aa2c5c42d3571f0264' '2e87a8ec1cc0c91938cac24992d8a3d4362b3e9d939767e4c9d2ec8e6d969d53' 'f67f60a30bcf2e9a2ba88ad97cace308da7a7f94919bb95c3dc030f5885a8015' 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' '3854de5c0be17555dc0c5b4ec4e831225eaacf413395d74568a06abcddf3a242') _kernelname=${pkgbase#linux-libre} _replaces=("${_replaces[@]/\%/${_kernelname}}") case "$CARCH" in i686|x86_64) KARCH=x86;; mips64el) KARCH=mips;; esac prepare() { cd "${srcdir}/${_srcname}" # add upstream patch if [ "${_pkgbasever}" != "${_pkgver}" ]; then patch -p1 -i "${srcdir}/patch-${_pkgbasever}-${_pkgver}" fi # add grsecurity patches patch -Np1 -i "${srcdir}/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch" rm localversion-grsec # add freedo as boot logo install -m644 -t drivers/video/logo \ "${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm} # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" # Adding loongson-community patch if [ "${CARCH}" == "mips64el" ]; then patch -p1 -i ${srcdir}/3.15.7-2704e67ebc-loongson-community.patch fi cat "${srcdir}/config.${CARCH}" > ./.config # append pkgrel to extraversion sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${_timestamp}-${pkgrel}|" Makefile # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh # get kernel version make prepare # load configuration # Configure the kernel. Replace the line below with one of your choice. #make menuconfig # CLI menu for configuration #make nconfig # new CLI menu for configuration #make xconfig # X-based configuration #make oldconfig # using old config from previous kernel version # ... or manually edit .config # rewrite configuration yes "" | make config >/dev/null } build() { cd "${srcdir}/${_srcname}" make ${MAKEFLAGS} LOCALVERSION= bzImage modules } _package() { pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches" [ "${pkgbase}" = "linux-libre" ] && groups=('base') depends=('coreutils' 'linux-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7') optdepends=('crda: to set the correct wireless channels of your country' 'gradm: to configure and enable Role Based Access Control (RBAC)' 'paxd: to enable PaX exploit mitigations and apply exceptions automatically') provides=( "${_replaces[@]/%/=${_archpkgver}}") conflicts=("${_replaces[@]}") replaces=( "${_replaces[@]}") backup=("etc/mkinitcpio.d/${pkgbase}.preset") install=linux.install cd "${srcdir}/${_srcname}" # get kernel version _kernver="$(make LOCALVERSION= kernelrelease)" _basekernel=${_kernver%%-*} _basekernel=${_basekernel%.*.*} mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" # set correct depmod command for install cp -f "${startdir}/${install}" "${startdir}/${install}.pkg" true && install=${install}.pkg sed \ -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \ -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ -i "${startdir}/${install}" # install mkinitcpio preset file for kernel install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" sed \ -e "1s|'linux.*'|'${pkgbase}'|" \ -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" # remove build and source links rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} # remove the firmware rm -rf "${pkgdir}/lib/firmware" # gzip -9 all modules to save 100MB of space find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \; # make room for external modules ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules" # add real version for building modules and running depmod from post_install/upgrade mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}" echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}/version" # Now we call depmod... depmod -b "${pkgdir}" -F System.map "${_kernver}" # move module tree /lib -> /usr/lib mkdir -p "${pkgdir}/usr" mv "${pkgdir}/lib" "${pkgdir}/usr/" # add vmlinux install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" # add grsecurity gcc plugins mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc" cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin" install -m644 tools/gcc/size_overflow_plugin/Makefile tools/gcc/size_overflow_plugin/*.so \ "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin" } _package-headers() { pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" provides=( "${_replaces[@]/%/-headers=${_archpkgver}}") conflicts=("${_replaces[@]/%/-headers}") replaces=( "${_replaces[@]/%/-headers}") install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" cd "${srcdir}/${_srcname}" install -D -m644 Makefile \ "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" install -D -m644 kernel/Makefile \ "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" install -D -m644 .config \ "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" done # copy arch includes for external modules mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}" cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" # copy files necessary for later builds cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" # fix permissions on scripts dir chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" if [ "${CARCH}" = "i686" ]; then cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" fi cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" # add docbook makefile install -D -m644 Documentation/DocBook/Makefile \ "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" # add dm headers mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" # add inotify.h mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" # add wireless headers mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" # add dvb headers for external modules # in reference to: # http://bugs.archlinux.org/task/9912 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" # and... # http://bugs.archlinux.org/task/11194 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new # in reference to: # http://bugs.archlinux.org/task/13146 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" # add dvb headers # in reference to: # http://bugs.archlinux.org/task/20402 mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" # add xfs and shmem for aufs building mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" # copy in Kconfig files for i in $(find . -name "Kconfig*"); do mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" done chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; # strip scripts directory find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do case "$(file -bi "${binary}")" in *application/x-sharedlib*) # Libraries (.so) /usr/bin/strip ${STRIP_SHARED} "${binary}";; *application/x-archive*) # Libraries (.a) /usr/bin/strip ${STRIP_STATIC} "${binary}";; *application/x-executable*) # Binaries /usr/bin/strip ${STRIP_BINARIES} "${binary}";; esac done # remove unneeded architectures find "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch -mindepth 1 -maxdepth 1 -type d -not -name "$KARCH" -exec rm -rf {} + } _package-docs() { pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" provides=( "${_replaces[@]/%/-docs=${_archpkgver}}") conflicts=("${_replaces[@]/%/-docs}") replaces=( "${_replaces[@]/%/-docs}") cd "${srcdir}/${_srcname}" mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" find "${pkgdir}" -type f -exec chmod 444 {} \; find "${pkgdir}" -type d -exec chmod 755 {} \; # remove a file already in linux package rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" } pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") for _p in ${pkgname[@]}; do eval "package_${_p}() { _package${_p#${pkgbase}} }" done # vim:set ts=8 sts=2 sw=2 et: