# Maintainer: Natanael Copa _flavor=grsec pkgname=linux-${_flavor} pkgver=3.10.19 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" makedepends="perl sed installkernel bash gmp-dev bc" options="!strip" _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz grsecurity-2.9.1-$pkgver-unofficial.patch 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch fix-memory-map-for-PIE-applications.patch sysctl_lxc.patch CVE-2013-4348.patch kernelconfig.x86 kernelconfig.x86_64 " subpackages="$pkgname-dev" arch="x86 x86_64 arm" license="GPL-2" _abi_release=${pkgver}-${pkgrel}-${_flavor} prepare() { local _patch_failed= cd "$srcdir"/linux-$_kernver if [ "${pkgver%.0}" = "$pkgver" ]; then msg "Applying patch-$pkgver.xz" unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1 fi # first apply patches in specified order for i in $source; do case $i in *.patch) msg "Applying $i..." if ! patch -s -p1 -N -i "$srcdir"/$i; then echo $i >>failed _patch_failed=1 fi ;; esac done if ! [ -z "$_patch_failed" ]; then error "The following patches failed:" cat failed return 1 fi echo "-$pkgrel" > localversion-alpine mkdir -p "$srcdir"/build cp "$srcdir"/$_config "$srcdir"/build/.config || return 1 make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \ silentoldconfig } # this is so we can do: 'abuild menuconfig' to reconfigure kernel menuconfig() { cd "$srcdir"/build || return 1 make menuconfig cp .config "$startdir"/$_config } build() { cd "$srcdir"/build export GCC_SPECS=hardenednopie.specs make CC="${CC:-gcc}" \ KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \ || return 1 } package() { cd "$srcdir"/build mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules make -j1 modules_install firmware_install install \ INSTALL_MOD_PATH="$pkgdir" \ INSTALL_PATH="$pkgdir"/boot \ || return 1 rm -f "$pkgdir"/lib/modules/${_abi_release}/build \ "$pkgdir"/lib/modules/${_abi_release}/source rm -rf "$pkgdir"/lib/firmware install -D include/config/kernel.release \ "$pkgdir"/usr/share/kernel/$_flavor/kernel.release } dev() { # copy the only the parts that we really need for build 3rd party # kernel modules and install those as /usr/src/linux-headers, # simlar to what ubuntu does # # this way you dont need to install the 300-400 kernel sources to # build a tiny kernel module # pkgdesc="Headers and script for third party modules for grsec kernel" depends="gmp-dev bash" local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release} # first we import config, run prepare to set up for building # external modules, and create the scripts mkdir -p "$dir" cp "$srcdir"/$_config "$dir"/.config make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \ silentoldconfig prepare modules_prepare scripts # remove the stuff that poits to real sources. we want 3rd party # modules to believe this is the soruces rm "$dir"/Makefile "$dir"/source # copy the needed stuff from real sources # # this is taken from ubuntu kernel build script # http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD cd "$srcdir"/linux-$_kernver find . -path './include/*' -prune -o -path './scripts/*' -prune \ -o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \ -o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \ -o -name '*.lds' \) | cpio -pdm "$dir" cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core cp -a drivers/media/video/*.h "$dir"/drivers/media/video cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends cp -a scripts include "$dir" find $(find arch -name include -type d -print) -type f \ | cpio -pdm "$dir" install -Dm644 "$srcdir"/build/Module.symvers \ "$dir"/Module.symvers mkdir -p "$subpkgdir"/lib/modules/${_abi_release} ln -sf /usr/src/linux-headers-${_abi_release} \ "$subpkgdir"/lib/modules/${_abi_release}/build } md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz b7f932eecbbf5636ad69add480fa1573 patch-3.10.19.xz 4440f9004d3b62cf9b526d53c02416ad grsecurity-2.9.1-3.10.19-unofficial.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch b3c0153d53e508e03d73b94d15b24a96 sysctl_lxc.patch 09ae7985af988c75ff35ed503558eb8b CVE-2013-4348.patch cb5c938dccbee36cfb8bb7ee3546b8af kernelconfig.x86 daa81b89f18254155ac33c5239abf3a4 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz c420b1da0aefe23e4a6953e579374fd377385b6041f967694cf4f828e2f3252e patch-3.10.19.xz 532870eb3c59200b045efb64463bcc544d394410b2aba63ed5c6dbfe9d974e38 grsecurity-2.9.1-3.10.19-unofficial.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 9ba55b0f45d5aa97503e376a13be6d249a10f32e36687055b2fa1e5a39fa0584 sysctl_lxc.patch 39acdfc0bb2298e3a9ba62ee42ac2b6556fc31d8eaa2c085f84897cdeaa1a996 CVE-2013-4348.patch 3e6c4101bfb90b6a30173ef81cd0d0bea51d6a995fc045ca67db7fed271d969d kernelconfig.x86 da67ef700372d080bffb12a86f0a16c987dc79e18fdfb1a88d2704660239e5f0 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz 6a8bfb124f90f1c8ed27ce3315629601b1b72d4bc8b1d2b776424e56b3a72e4cd03bcebe6cde35223a3beba75ec6d69e949e217504acc611becb7e62aa88f05c patch-3.10.19.xz 015b090eedeb4bcd75025690bab264afddc9e5a54a897f918a8c5f260b5ddf46bd6cbf510e6efdeb26cc5d351e8c5ccb3c921738f315e4ee5153e288b86608cd grsecurity-2.9.1-3.10.19-unofficial.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 41071e21c59997604a380575d3c4171d35a12eaae6ddcf158d95e4fd5ccc69d61753cbd38b7bd08d879cce5bfea3fed2df15e5a3dca944f6f7cbd95d5d2daa23 sysctl_lxc.patch 6c5165692519c630cb96a254088e55d4d7412bd0f45920c0bf514dd9c68d24625da91798158fe502b6c214a7b8d44ae6b2e49b39aed6da3c1344f816f90405a3 CVE-2013-4348.patch e81d6780a33f00d5ee03b069fc3610da2eda3ba43e515707ae67cd2d609a226b18e9ec446eeacd2afaafe6aa480bb30b9908cce41e0d90f1a3b41e7daf2034c5 kernelconfig.x86 01e38549e92a98f041cb7ee1fec04a35d55322eff718fce6cd5774b60d0db287478ca034309e3dbd06b0194a2ec4b67584ef281018c16681a0ac7ac0fdc7c3ba kernelconfig.x86_64"