APKBUILD 6.93 KB
Newer Older
1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2

3
_flavor=grsec
4
pkgname=linux-${_flavor}
5
pkgver=3.18.11
6 7 8 9
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
10
pkgrel=1
11 12
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
13
depends="mkinitfs linux-firmware"
14
makedepends="perl sed installkernel bash gmp-dev bc linux-headers"
15
options="!strip"
Natanael Copa's avatar
Natanael Copa committed
16
_config=${config:-kernelconfig.${CARCH}}
17
install=
18
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
19
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
20
	http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.11-201504051405-alpine.patch
21

22
	fix-memory-map-for-PIE-applications.patch
23
	imx6q-no-unclocked-sleep.patch
24

25
	kernelconfig.x86
26
	kernelconfig.x86_64
27
	kernelconfig.armhf
28
	"
29
subpackages="$pkgname-dev"
30
arch="x86 x86_64 armhf"
31
license="GPL-2"
Natanael Copa's avatar
Natanael Copa committed
32

33
_abi_release=${pkgver}-${pkgrel}-${_flavor}
34

35
prepare() {
36
	local _patch_failed=
37
	cd "$srcdir"/linux-$_kernver
38 39
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
40
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
41 42
	fi

43 44 45 46 47
	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
48
			if ! patch -s -p1 -N -i "$srcdir"/${i##*/}; then
49 50 51
				echo $i >>failed
				_patch_failed=1
			fi
52 53
			;;
		esac
54 55
	done

56 57 58 59 60 61
	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

62 63
	rm -f localversion*
	echo "-$pkgrel-$_flavor" > localversion-alpine
64

65
	mkdir -p "$srcdir"/build
66
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
67
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
68
		silentoldconfig
69 70 71 72
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
73
	cd "$srcdir"/build || return 1
74 75 76 77 78 79
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
80
	export GCC_SPECS=hardenednopie.specs
81
	make CC="${CC:-gcc}" \
82 83
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
84
}
Natanael Copa's avatar
Natanael Copa committed
85

86 87
package() {
	cd "$srcdir"/build
88

89
	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$pkgdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
108
		INSTALL_MOD_PATH="$pkgdir" \
109 110
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1
111

112 113
	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
114 115
	rm -rf "$pkgdir"/lib/firmware

116
	install -D include/config/kernel.release \
117
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
Natanael Copa's avatar
Natanael Copa committed
118 119
}

120 121 122 123 124
dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
125
	# this way you dont need to install the 300-400 kernel sources to
126 127
	# build a tiny kernel module
	#
128
	pkgdesc="Headers and script for third party modules for grsec kernel"
129
	depends="gmp-dev bash"
130
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
131

132
	# first we import config, run prepare to set up for building
133
	# external modules, and create the scripts
134
	mkdir -p "$dir"
135
	cp "$srcdir"/$_config "$dir"/.config
136
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
137
		silentoldconfig prepare modules_prepare scripts
138

139 140
	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
141 142
	rm "$dir"/Makefile "$dir"/source

143 144
	# copy the needed stuff from real sources
	#
145
	# this is taken from ubuntu kernel build script
146
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
147 148 149 150 151 152 153 154 155 156 157
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"
158 159 160

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers
161 162 163 164

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
165 166
}

167 168 169
md5sums="9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
ac5c93edbc9385793ccc33f4ced85950  patch-3.18.11.xz
65f35409fb43e0dbceb991e4e35464d9  grsecurity-3.1-3.18.11-201504051405-alpine.patch
170
c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
171
1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
172 173
d487c7dd7e28a7698367ff714b68bd67  kernelconfig.x86
688dd08f9922f808fc8ace62aa199ab7  kernelconfig.x86_64
174 175 176 177
053247394129c69a97d81dfdfd8de5b9  kernelconfig.armhf"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd  linux-3.18.tar.xz
e4c44f887f507b2470a5c2f1c286a38fec6e84c4d433c929981abab7b83f80d5  patch-3.18.11.xz
02b84adad6299db774013728dc4cffb95b31903b209c78fa88dcf8b1f60a0469  grsecurity-3.1-3.18.11-201504051405-alpine.patch
178
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
179
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
180 181
3cdcbad352ac4e76e8802c6860fc87a168219bfbe3e2d5d475fb4171aaa5fd94  kernelconfig.x86
519a8c925216feeeaea2b2524297b07a2eab8f05e92d7506ced5d5e0ce60246b  kernelconfig.x86_64
182 183 184 185
55512f2fae546d4fca88cfd5111193e732172888bbc268df7bff4ef32dfbd663  kernelconfig.armhf"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009  linux-3.18.tar.xz
cc4ac5d341ca4e9d71ef1ba45a839b18947e3e7ffdc7f7efe2c211c95483518a1983bc3637edd607e0631f14c1cc9bfb9164926261d2cf5c2bb2eb91206f43b9  patch-3.18.11.xz
0b9b265b5b633d99eef1adf0e8284e72ee9355d6348835b15bfb8661caf96ac82d37593ef3658a0ccd47b64520195bf6c93840c1edcbc92f8ef00a8524a08e4b  grsecurity-3.1-3.18.11-201504051405-alpine.patch
186
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
187
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
188 189
fcc7c293643b543b594f0a8c039a779101f0b131c89303adffb69cfe33a88ba65bb0a25dfcf64a59cf69621320cf5c39c92144d81e4f8edd86c8b285eed8d0a7  kernelconfig.x86
056e84168b72a61b71447a4e601c356baa2215496344a2771f7fe38680288a22230730ac44c9f454dbcc8ab0b2a48c6dc3a7072bca3e50bed94e44cbe513e30e  kernelconfig.x86_64
190
75840645e436726dc32a33f98dfaee745a7ed3cf9006dfdcd54fc5c59cd8a5d2a63d4f898ab7feae011bfb2e5053741fcc5af946462da32b78ed7bc3e679beff  kernelconfig.armhf"