APKBUILD 6.24 KB
Newer Older
1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2

3 4
_mainflavor=grsec
pkgname=linux-$_mainflavor
5
pkgver=4.9.9
6 7 8 9
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
10
pkgrel=0
11 12
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
13
depends="mkinitfs"
14
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
15
	mpc1-dev elfutils-dev"
16
options="!strip"
17
install=
18 19
source="https://kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
	https://kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
20
	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-4.9.9-201702122044.patch
21 22 23 24 25 26
	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
27
	"
28
subpackages="$pkgname-dev:_dev linux-virtgrsec-dev:_dev"
29 30 31 32 33 34 35 36 37 38 39 40 41 42
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

43
arch="x86 x86_64 armhf"
44
license="GPL2"
Natanael Copa's avatar
Natanael Copa committed
45

46
prepare() {
47
	local _patch_failed=
48
	cd "$srcdir"/linux-$_kernver
49 50
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
51
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
52 53
	fi

54 55
	# first apply patches in specified order
	for i in $source; do
56 57
		local file=${i%::*}
		case $file in
58
		*.patch)
59 60 61
			msg "Applying $file..."
			if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
				echo $file >>failed
62 63
				_patch_failed=1
			fi
64 65
			;;
		esac
66 67
	done

68 69 70 71 72 73
	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

74
	# remove localversion from patch if any
75
	rm -f localversion*
76

77 78 79 80 81 82 83 84 85 86 87 88 89
	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
90 91 92
}

build() {
93 94
	for i in $_flavors; do
		cd "$srcdir"/build-$i
95
		make CC="${CC:-gcc}" \
96 97 98
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
99
}
Natanael Copa's avatar
Natanael Copa committed
100

101 102 103
_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
104

105 106 107
	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
108 109 110 111

	local _install
	case "$CARCH" in
	arm*)
112
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
113 114 115 116 117 118 119 120 121 122 123 124 125
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
126 127
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
128
		|| return 1
129

130 131 132
	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware
133

134
	install -D include/config/kernel.release \
135 136 137 138 139
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
140
	depends="$depends linux-firmware"
141 142 143 144 145 146
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
Natanael Copa's avatar
Natanael Copa committed
147 148
}

149
_dev() {
150
	local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
151
	local _abi_release=${pkgver}-${pkgrel}-$_flavor
152 153 154 155
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
156
	# this way you dont need to install the 300-400 kernel sources to
157 158
	# build a tiny kernel module
	#
159
	pkgdesc="Headers and script for third party modules for $_flavor kernel"
160
	depends="gmp-dev bash"
161
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
162

163
	# first we import config, run prepare to set up for building
164
	# external modules, and create the scripts
165
	mkdir -p "$dir"
166 167
	cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
	echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
168
		|| return 1
169
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
170
		silentoldconfig prepare modules_prepare scripts
171

172
	# remove the stuff that points to real sources. we want 3rd party
173
	# modules to believe this is the soruces
174 175
	rm "$dir"/Makefile "$dir"/source

176 177
	# copy the needed stuff from real sources
	#
178
	# this is taken from ubuntu kernel build script
179
	# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
180
	cd "$srcdir"/linux-$_kernver
181 182 183 184 185 186 187
	find .  -path './include/*' -prune \
		-o -path './scripts/*' -prune -o -type f \
		\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
		   -name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
		-print | cpio -pdm "$dir" || return 1

	cp -a scripts include "$dir" || return 1
188 189
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"
190

191
	install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
192
		"$dir"/Module.symvers
193 194 195 196

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
197 198
}

199 200 201 202 203 204 205 206
sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a  linux-4.9.tar.xz
a7a2d44b83b00b20f1424d12af0f42e1c576d3053feacd13491ef185661fb1c789b9265c500b62f5ede39f57b72f358820000fa6c852a5f035e566ee1dfcd5d9  patch-4.9.9.xz
ba7396e1f69e89335cecd47db52c8855c993c13c9b2b9e805a0742fa1bd3a9092ae0459adb06f07a5233ff208ad9b6ced0fa68cacfe1a99b498c43ad953d5388  grsecurity-3.1-4.9.9-201702122044.patch
de080dc463af81f60e142c4ed52f294f523759710ac6d5dc227e6dc26c4bd53c61d94480a9af3e377a658360c16cab86060afd68694545cbe501d8bb0915ef36  config-grsec.x86
de5ad64e86bda944c1e6e7ae0eb77463fb0165e89c8ec23d9af12fddb79c0b566e8f3079b7bed1de8b27cef9bf1539f479e7114070772c078cb4288c45df1ff6  config-grsec.x86_64
274116a39ef092524ad85cef2e88d0e7555dfd3c6e5c15c1ec22c28776c509a6040a5221b066e96c6d18807e518ae98f03c9c1059c73b60e8d45f2a9482bd77b  config-grsec.armhf
1de874523eee031c2efadfb6f7ddb86bb303b9f61d1a022e4e922f6365c3a667c2a1fdb61570a95a05c6c45689796e355eae9579e567790b757ae2a09f6be8c4  config-virtgrsec.x86
0570f4ad5af0d6e3cbf50d9e3a7d6dab8d7cba85693037e70dbee73aa1e4fc66cb217e1ef8e4a0ceb4073ffb6ada8201775bafe8401dc6dff5c07ac3bbe0f8f0  config-virtgrsec.x86_64"