APKBUILD 6.27 KB
Newer Older
1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2

3 4
_mainflavor=grsec
pkgname=linux-$_mainflavor
5
pkgver=4.9.9
6 7 8 9
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
10
pkgrel=0
11 12
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
13
depends="mkinitfs"
14
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
15
	mpc1-dev elfutils-dev"
16
options="!strip"
17
install=
18 19
source="https://kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
	https://kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
20
	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-4.9.9-201702122044.patch
21
	pax-cmpxchg8b_emu.patch
22 23 24 25 26 27
	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
28
	"
29
subpackages="$pkgname-dev:_dev linux-virtgrsec-dev:_dev"
30 31 32 33 34 35 36 37 38 39 40 41 42 43
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

44
arch="x86 x86_64 armhf"
45
license="GPL2"
Natanael Copa's avatar
Natanael Copa committed
46

47
prepare() {
48
	local _patch_failed=
49
	cd "$srcdir"/linux-$_kernver
50 51
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
52
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
53 54
	fi

55 56
	# first apply patches in specified order
	for i in $source; do
57 58
		local file=${i%::*}
		case $file in
59
		*.patch)
60 61 62
			msg "Applying $file..."
			if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
				echo $file >>failed
63 64
				_patch_failed=1
			fi
65 66
			;;
		esac
67 68
	done

69 70 71 72 73 74
	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

75
	# remove localversion from patch if any
76
	rm -f localversion*
77

78 79 80 81 82 83 84 85 86 87 88 89 90
	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
91 92 93
}

build() {
94 95
	for i in $_flavors; do
		cd "$srcdir"/build-$i
96
		make CC="${CC:-gcc}" \
97 98 99
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
100
}
Natanael Copa's avatar
Natanael Copa committed
101

102 103 104
_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
105

106 107 108
	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
109 110 111 112

	local _install
	case "$CARCH" in
	arm*)
113
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
114 115 116 117 118 119 120 121 122 123 124 125 126
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
127 128
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
129
		|| return 1
130

131 132 133
	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware
134

135
	install -D include/config/kernel.release \
136 137 138 139 140
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
141
	depends="$depends linux-firmware"
142 143 144 145 146 147
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
Natanael Copa's avatar
Natanael Copa committed
148 149
}

150
_dev() {
151
	local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
152
	local _abi_release=${pkgver}-${pkgrel}-$_flavor
153 154 155 156
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
157
	# this way you dont need to install the 300-400 kernel sources to
158 159
	# build a tiny kernel module
	#
160
	pkgdesc="Headers and script for third party modules for $_flavor kernel"
161
	depends="gmp-dev bash"
162
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
163

164
	# first we import config, run prepare to set up for building
165
	# external modules, and create the scripts
166
	mkdir -p "$dir"
167 168
	cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
	echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
169
		|| return 1
170
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
171
		silentoldconfig prepare modules_prepare scripts
172

173
	# remove the stuff that points to real sources. we want 3rd party
174
	# modules to believe this is the soruces
175 176
	rm "$dir"/Makefile "$dir"/source

177 178
	# copy the needed stuff from real sources
	#
179
	# this is taken from ubuntu kernel build script
180
	# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
181
	cd "$srcdir"/linux-$_kernver
182 183 184 185 186 187 188
	find .  -path './include/*' -prune \
		-o -path './scripts/*' -prune -o -type f \
		\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
		   -name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
		-print | cpio -pdm "$dir" || return 1

	cp -a scripts include "$dir" || return 1
189 190
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"
191

192
	install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
193
		"$dir"/Module.symvers
194 195 196 197

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
198 199
}

200 201 202 203 204 205 206 207
sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a  linux-4.9.tar.xz
a7a2d44b83b00b20f1424d12af0f42e1c576d3053feacd13491ef185661fb1c789b9265c500b62f5ede39f57b72f358820000fa6c852a5f035e566ee1dfcd5d9  patch-4.9.9.xz
ba7396e1f69e89335cecd47db52c8855c993c13c9b2b9e805a0742fa1bd3a9092ae0459adb06f07a5233ff208ad9b6ced0fa68cacfe1a99b498c43ad953d5388  grsecurity-3.1-4.9.9-201702122044.patch
de080dc463af81f60e142c4ed52f294f523759710ac6d5dc227e6dc26c4bd53c61d94480a9af3e377a658360c16cab86060afd68694545cbe501d8bb0915ef36  config-grsec.x86
de5ad64e86bda944c1e6e7ae0eb77463fb0165e89c8ec23d9af12fddb79c0b566e8f3079b7bed1de8b27cef9bf1539f479e7114070772c078cb4288c45df1ff6  config-grsec.x86_64
274116a39ef092524ad85cef2e88d0e7555dfd3c6e5c15c1ec22c28776c509a6040a5221b066e96c6d18807e518ae98f03c9c1059c73b60e8d45f2a9482bd77b  config-grsec.armhf
1de874523eee031c2efadfb6f7ddb86bb303b9f61d1a022e4e922f6365c3a667c2a1fdb61570a95a05c6c45689796e355eae9579e567790b757ae2a09f6be8c4  config-virtgrsec.x86
0570f4ad5af0d6e3cbf50d9e3a7d6dab8d7cba85693037e70dbee73aa1e4fc66cb217e1ef8e4a0ceb4073ffb6ada8201775bafe8401dc6dff5c07ac3bbe0f8f0  config-virtgrsec.x86_64"