path: root/main/linux-grsec/APKBUILD

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.6.11
_kernver=3.6
pkgrel=20
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel bash gmp-dev"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	patch-3.6.11-al4.patch
	grsecurity-2.9.1-3.6.11-al4-unofficial-0.patch
	
	0004-arp-flush-arp-cache-on-device-change.patch
	r8169-num-rx-desc.patch
	ipv4-remove-output-route-check-in-ipv4_mtu.patch
	r8169-fix-vlan-tag-reordering.patch

	xsa43-pvops.patch
	CVE-2013-2015.patch
	CVE-2013-2094.patch
	CVE-2013-2164.patch
	CVE-2013-2206.patch
	CVE-2013-2850.patch
	CVE-2013-2851.patch
	CVE-2013-2852.patch
	CVE-2013-4348.patch
	CVE-2013-4350.patch
	CVE-2013-4387.patch
	CVE-2013-4470.patch

	kernelconfig.x86
	kernelconfig.x86_64
	"
subpackages="$pkgname-dev"
arch="x86 x86_64 arm"
license="GPL-2"

_abi_release=${pkgver}-${_flavor}

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/$i; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
	mkdir -p "$srcdir"/build
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
		silentoldconfig
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
	cd "$srcdir"/build || return 1
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
	export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
	make CC="${CC:-gcc}" \
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
}

package() {
	cd "$srcdir"/build
	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
	make -j1 modules_install firmware_install install \
		INSTALL_MOD_PATH="$pkgdir" \
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1

	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
	rm -rf "$pkgdir"/lib/firmware

	install -D include/config/kernel.release \
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}

dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/$_config "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts 

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="1a1760420eac802c541a20ab51a093d1  linux-3.6.tar.xz
bd4bba74093405887d521309a74c19e9  patch-3.6.11.xz
fa0ca65fb8e9f9d08c04f06ae5c316ec  patch-3.6.11-al4.patch
0245ff3264fb1b046f24623947fb4eb7  grsecurity-2.9.1-3.6.11-al4-unofficial-0.patch
776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
daf2cbb558588c49c138fe9ca2482b64  r8169-num-rx-desc.patch
d9b4a528e722d10ba53034ebd440c31b  ipv4-remove-output-route-check-in-ipv4_mtu.patch
44a37e1289e1056300574848aea8bd31  r8169-fix-vlan-tag-reordering.patch
2399192c10ba600a086a4c946f1b72f2  xsa43-pvops.patch
7d6f154a6ec24b8fa031c40d3599772c  CVE-2013-2015.patch
cfc7b3d39f8a16bfa0a584ca7c38fc17  CVE-2013-2094.patch
df04be24efa715b32bf189c390ee20f7  CVE-2013-2164.patch
7bb978457d16d25624a2d48bd6a4f378  CVE-2013-2206.patch
1f1bbf8c6db0a26bcfe6115b254d793d  CVE-2013-2850.patch
eca3b4897b2a2191576ba719609cc654  CVE-2013-2851.patch
41013055e0ea2cd02fc066b16f65f732  CVE-2013-2852.patch
09ae7985af988c75ff35ed503558eb8b  CVE-2013-4348.patch
e1354333366e923b931fb3cd9fae43ad  CVE-2013-4350.patch
38cd6143c76d3edc969e20e9ee2207a1  CVE-2013-4387.patch
1623d123133b7a390c1a4b10b21146e2  CVE-2013-4470.patch
8a13caa8d80306303c58518e7e1d7968  kernelconfig.x86
d485c155d1cc74a811c264b4f8b7f6e5  kernelconfig.x86_64"