APKBUILD 6.4 KB
Newer Older
1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2

3 4
_mainflavor=grsec
pkgname=linux-$_mainflavor
5
pkgver=4.9.17
6 7 8 9
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
10
pkgrel=0
11 12
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
13
depends="mkinitfs"
14
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
15
	mpc1-dev elfutils-dev"
16
options="!strip"
17
install=
18 19
source="https://kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
	https://kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
20
	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201703221829.patch
21

22
	zfs-fix.patch
23 24 25 26 27 28
	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
29
	"
30
subpackages="$pkgname-dev:_dev"
31 32 33 34 35 36 37 38
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
39
			subpackages="$subpackages linux-${_f} linux-${_f}-dev:_dev"
40 41 42 43 44
		fi
		;;
	esac
done

45
arch="x86 x86_64 armhf"
46
license="GPL2"
Natanael Copa's avatar
Natanael Copa committed
47

48
prepare() {
49
	local _patch_failed=
50
	cd "$srcdir"/linux-$_kernver
51 52
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
53
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
54 55
	fi

56 57
	# first apply patches in specified order
	for i in $source; do
58 59
		local file=${i%::*}
		case $file in
60
		*.patch)
61 62 63
			msg "Applying $file..."
			if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
				echo $file >>failed
64 65
				_patch_failed=1
			fi
66 67
			;;
		esac
68 69
	done

70 71 72 73 74 75
	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

76
	# remove localversion from patch if any
77
	rm -f localversion*
78

79 80 81 82 83 84 85 86 87 88 89 90 91
	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
92 93 94
}

build() {
95 96
	for i in $_flavors; do
		cd "$srcdir"/build-$i
97
		make CC="${CC:-gcc}" \
98 99 100
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
101
}
Natanael Copa's avatar
Natanael Copa committed
102

103 104 105
_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
106

107 108 109
	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
110 111 112 113

	local _install
	case "$CARCH" in
	arm*)
114
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
115 116 117 118 119 120 121 122 123 124 125 126 127
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
128 129
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
130
		|| return 1
131

132 133 134
	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware
135

136
	install -D include/config/kernel.release \
137 138 139 140 141
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
142
	depends="$depends linux-firmware"
143 144 145 146 147 148
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
Natanael Copa's avatar
Natanael Copa committed
149 150
}

151
_dev() {
152
	local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
153
	local _abi_release=${pkgver}-${pkgrel}-$_flavor
154 155 156 157
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
158
	# this way you dont need to install the 300-400 kernel sources to
159 160
	# build a tiny kernel module
	#
161
	pkgdesc="Headers and script for third party modules for $_flavor kernel"
162
	depends="gmp-dev bash"
163
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
164

165
	# first we import config, run prepare to set up for building
166
	# external modules, and create the scripts
167
	mkdir -p "$dir"
168 169
	cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
	echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
170
		|| return 1
171
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
172
		silentoldconfig prepare modules_prepare scripts
173

174
	# remove the stuff that points to real sources. we want 3rd party
175
	# modules to believe this is the soruces
176 177
	rm "$dir"/Makefile "$dir"/source

178 179
	# copy the needed stuff from real sources
	#
180
	# this is taken from ubuntu kernel build script
181
	# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
182
	cd "$srcdir"/linux-$_kernver
183 184 185 186 187 188 189
	find .  -path './include/*' -prune \
		-o -path './scripts/*' -prune -o -type f \
		\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
		   -name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
		-print | cpio -pdm "$dir" || return 1

	cp -a scripts include "$dir" || return 1
190 191
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"
192

193
	install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
194
		"$dir"/Module.symvers
195 196 197 198

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
199 200
}

201
sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a  linux-4.9.tar.xz
202 203
56a06c844a57539d6d719a6e99804a13e6b097b0220bd2ce2b915c1d896c6c2f0eebc14c05a5726df7ed9ee9946c6457c5a755f04f90e658b0077502f829f4ca  patch-4.9.17.xz
079d1b0dead3e392fc7b8d7456b08fd7556a0a6b553fe7f11eed1fed5464e8bb79e3246804d93d9b29d30673349a1b4c160dfa1829078ad962344b92b27590d7  grsecurity-3.1-4.9.17-201703221829.patch
204
5a0a78e6de11eb8180d96830b9faa9ac560586f7beb663c8196a16ac6232b5008b9181b3c9b94e2b13a444acba4b6e80a3408d34606432f92eb4d169c3953d5d  zfs-fix.patch
205 206
bb967f6116d1f076ec5517ed907cd0cfe02ffb7fd80bf6769c9eb581431d7989452f355579e977124d41ee506904da8fd11ac6934f45393590daf28bddf98054  config-grsec.x86
1f7604d6aa922dd5af55b6ee87dda246798befc9ca38879220781ca06c04da9eab00788f46121c710d53c701ed81a6f6ba3223d751c10b32c1b9940779df8381  config-grsec.x86_64
207
0b14dc2d522daa10d102a10d79af242ac80631131f2748188d66964e94a95f0437458f280d9bdb302548b25c4bd1c2aecdbb619be9ba599ffd9b56fa16d6a277  config-grsec.armhf
208 209
1de874523eee031c2efadfb6f7ddb86bb303b9f61d1a022e4e922f6365c3a667c2a1fdb61570a95a05c6c45689796e355eae9579e567790b757ae2a09f6be8c4  config-virtgrsec.x86
0570f4ad5af0d6e3cbf50d9e3a7d6dab8d7cba85693037e70dbee73aa1e4fc66cb217e1ef8e4a0ceb4073ffb6ada8201775bafe8401dc6dff5c07ac3bbe0f8f0  config-virtgrsec.x86_64"