main/linux-virt-grsec: moved from testing

1 files changed, 175 insertions, 0 deletions

diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
new file mode 100644
index 0000000000..e1baab928b
--- /dev/null
+++ b/main/linux-virt-grsec/APKBUILD
@@ -0,0 +1,175 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=grsec
+pkgname=linux-virt-${_flavor}
+pkgver=3.9.4
+case $pkgver in
+*.*.*)	_kernver=${pkgver%.*};;
+*.*)	_kernver=${pkgver};;
+esac
+pkgrel=3
+pkgdesc="Linux kernel with grsecurity"
+url=http://grsecurity.net
+depends="mkinitfs linux-firmware"
+makedepends="perl installkernel bash gmp-dev bc"
+options="!strip"
+_config=${config:-kernelconfig.${CARCH}}
+install=
+source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
+	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
+	grsecurity-2.9.1-3.9.4-201306011536.patch
+
+	v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+	leds-leds-gpio-reserve-gpio-before-using-it.patch
+	ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+	RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+
+	kernelconfig.x86
+	kernelconfig.x86_64
+	"
+subpackages="$pkgname-dev"
+arch="x86 x86_64 arm"
+license="GPL-2"
+
+_abi_release=${pkgver}-${pkgrel}-${_flavor}
+
+prepare() {
+	local _patch_failed=
+	cd "$srcdir"/linux-$_kernver
+	if [ "${pkgver%.0}" = "$pkgver" ]; then
+		msg "Applying patch-$pkgver.xz"
+		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
+	fi
+
+	# first apply patches in specified order
+	for i in $source; do
+		case $i in
+		*.patch)
+			msg "Applying $i..."
+			if ! patch -s -p1 -N -i "$srcdir"/$i; then
+				echo $i >>failed
+				_patch_failed=1
+			fi
+			;;
+		esac
+	done
+
+	if ! [ -z "$_patch_failed" ]; then
+		error "The following patches failed:"
+		cat failed
+		return 1
+	fi
+
+	echo "-$pkgrel" > localversion-alpine
+
+	mkdir -p "$srcdir"/build
+	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
+	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
+		silentoldconfig
+}
+
+# this is so we can do: 'abuild menuconfig' to reconfigure kernel
+menuconfig() {
+	cd "$srcdir"/build || return 1
+	make menuconfig
+	cp .config "$startdir"/$_config
+}
+
+build() {
+	cd "$srcdir"/build
+	export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
+	make CC="${CC:-gcc}" \
+		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
+		|| return 1
+}
+
+package() {
+	cd "$srcdir"/build
+	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
+	make -j1 modules_install firmware_install install \
+		INSTALL_MOD_PATH="$pkgdir" \
+		INSTALL_PATH="$pkgdir"/boot \
+		|| return 1
+
+	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
+		"$pkgdir"/lib/modules/${_abi_release}/source
+	rm -rf "$pkgdir"/lib/firmware
+
+	install -D include/config/kernel.release \
+		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
+}
+
+dev() {
+	# copy the only the parts that we really need for build 3rd party
+	# kernel modules and install those as /usr/src/linux-headers,
+	# simlar to what ubuntu does
+	#
+	# this way you dont need to install the 300-400 kernel sources to
+	# build a tiny kernel module
+	#
+	pkgdesc="Headers and script for third party modules for grsec kernel"
+	depends="gmp-dev bash"
+	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
+
+	# first we import config, run prepare to set up for building
+	# external modules, and create the scripts
+	mkdir -p "$dir"
+	cp "$srcdir"/$_config "$dir"/.config
+	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
+		silentoldconfig prepare modules_prepare scripts 
+
+	# remove the stuff that poits to real sources. we want 3rd party
+	# modules to believe this is the soruces
+	rm "$dir"/Makefile "$dir"/source
+
+	# copy the needed stuff from real sources
+	#
+	# this is taken from ubuntu kernel build script
+	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
+	cd "$srcdir"/linux-$_kernver
+	find . -path './include/*' -prune -o -path './scripts/*' -prune \
+		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
+		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
+		-o -name '*.lds' \) | cpio -pdm "$dir"
+	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
+	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
+	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
+	cp -a scripts include "$dir"
+	find $(find arch -name include -type d -print) -type f \
+		| cpio -pdm "$dir"
+
+	install -Dm644 "$srcdir"/build/Module.symvers \
+		"$dir"/Module.symvers
+
+	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
+	ln -sf /usr/src/linux-headers-${_abi_release} \
+		"$subpkgdir"/lib/modules/${_abi_release}/build
+}
+
+md5sums="4348c9b6b2eb3144d601e87c19d5d909  linux-3.9.tar.xz
+922c4553299e6692a28761d3032fc012  patch-3.9.4.xz
+08c33c99cb779ebd296d2b274c2deeda  grsecurity-2.9.1-3.9.4-201306011536.patch
+699e92148cc9a55b6fc4d7d81e476717  v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+83db7136608d8101ae130728539dc376  leds-leds-gpio-reserve-gpio-before-using-it.patch
+ac9a50bdbe91ba6e5205e83f7e734ff5  ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+12d3647755bebcd3b114f50de2729455  RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+2adad7226254e2c6c6c309e6f2100188  kernelconfig.x86
+308c29b96e311b3bbe5c01ee77c9cc71  kernelconfig.x86_64"
+sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541  linux-3.9.tar.xz
+694ea0d527556c5a214597596f37cdb598d2a0652d6f5e86b8c0de718990ccec  patch-3.9.4.xz
+3bf95754ba94f3dfa7a91d92726e83c9092feab9e990f70d31bc52974bff27b0  grsecurity-2.9.1-3.9.4-201306011536.patch
+8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3  v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4  leds-leds-gpio-reserve-gpio-before-using-it.patch
+ab0dcb52342990ad05af5ce21acd1e95fb65cc7e76ec98e45c7ece7433bc9f23  ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+667babfafe4dc3449cd04853f532712188af557cbac41c461cf8236c4238f5a3  RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+dab9b80e559c4d9658dc858cdca66fdabfc7ac090e8a83c5d098065a4a32b547  kernelconfig.x86
+78852eac782c207a7488549bac06c8e6a01014efc9ead2ff9835cfc7743a851c  kernelconfig.x86_64"
+sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790  linux-3.9.tar.xz
+2a2eb511a610e8e3ddbc38b8bce0b96e60875009b7981542c98f0de3a601632a205fa9f90c6912094196dbda6536083b3990b28204c243a406f5595c40df0965  patch-3.9.4.xz
+eb326ded756cbe086c7999c5a982b6b695ae8ee3c25523a22acd480d97de0603d86eeef5252fe957ed5ccd4e7736db271a253264108e757b23a9bd3e82b32529  grsecurity-2.9.1-3.9.4-201306011536.patch
+772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b  v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d  leds-leds-gpio-reserve-gpio-before-using-it.patch
+769291e92f2f5ae5375d98b80bf8790b089c87437f1660cf8d5e9d45d7221280b6824bcb1d2564cbe12310a88df48443c56ecc9ce5468858829088221aa80327  ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+d35c939967d5696e477e2c5181f96e9cb92e1db88477576615f36209d276e0a2a866111d43e4abe076c455e32b063d6a97d42e5bc9ca04702d78b13826bf3afb  RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+7ee22fe997767502a46338d2fa1921cf5a285372facb316eed76f85c7f1e480cef64e6a2c361e2c08136d3ceae8bcc1897d420ecc70fc84e9c81040728c34e85  kernelconfig.x86
+9d394eaab29b1557a486346079920ca909e66f1fd76c90c1b4713de31c248d0bf19cb9170917149f7a634d7701b425b9777c92bd70dffdb2a4212a7373478fba  kernelconfig.x86_64"