path: root/main/linux-grsec/APKBUILD

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.6.11
_kernver=3.6
pkgrel=15
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel bash gmp-dev"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	patch-3.6.11-al4.patch
	grsecurity-2.9.1-3.6.11-al4-unofficial-0.patch
	
	0004-arp-flush-arp-cache-on-device-change.patch
	r8169-num-rx-desc.patch
	ipv4-remove-output-route-check-in-ipv4_mtu.patch
	r8169-fix-vlan-tag-reordering.patch

	xsa43-pvops.patch

	kernelconfig.x86
	kernelconfig.x86_64
	"
subpackages="$pkgname-dev"
arch="x86 x86_64 arm"
license="GPL-2"

_abi_release=${pkgver}-${_flavor}

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/$i; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	mkdir -p "$srcdir"/build
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
		silentoldconfig
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
	cd "$srcdir"/build || return 1
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
	export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
	make CC="${CC:-gcc}" \
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
}

package() {
	cd "$srcdir"/build
	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
	make -j1 modules_install firmware_install install \
		INSTALL_MOD_PATH="$pkgdir" \
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1

	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
	rm -rf "$pkgdir"/lib/firmware

	install -D include/config/kernel.release \
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}

dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/$_config "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts 

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="1a1760420eac802c541a20ab51a093d1  linux-3.6.tar.xz
bd4bba74093405887d521309a74c19e9  patch-3.6.11.xz
fa0ca65fb8e9f9d08c04f06ae5c316ec  patch-3.6.11-al4.patch
0245ff3264fb1b046f24623947fb4eb7  grsecurity-2.9.1-3.6.11-al4-unofficial-0.patch
776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
daf2cbb558588c49c138fe9ca2482b64  r8169-num-rx-desc.patch
d9b4a528e722d10ba53034ebd440c31b  ipv4-remove-output-route-check-in-ipv4_mtu.patch
44a37e1289e1056300574848aea8bd31  r8169-fix-vlan-tag-reordering.patch
2399192c10ba600a086a4c946f1b72f2  xsa43-pvops.patch
02ed0c981afbf6a1fc81d5fa9b44e7df  kernelconfig.x86
4927251c008b2c2bf5648d732ec63f9d  kernelconfig.x86_64"
sha256sums="4ab9a6ef1c1735713f9f659d67f92efa7c1dfbffb2a2ad544005b30f9791784f  linux-3.6.tar.xz
4bdc3822571a4a765bf6f347aad8b899730acef549ae4236813fd17f254f4327  patch-3.6.11.xz
897ed38d778dfd76256f065f81ad02f16d126dc2e67631253520b8fe0685b444  patch-3.6.11-al4.patch
d67eb0d4437e1c80e3289ef442d68e0b84235d0971b8b347b6340043b869b3ca  grsecurity-2.9.1-3.6.11-al4-unofficial-0.patch
e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde  0004-arp-flush-arp-cache-on-device-change.patch
fdce1143aa10a48582b5bb9cf441b75c6f52701a61f28139970f3110a170fb97  r8169-num-rx-desc.patch
c3673636d7604b7b3df665acc0fc0153a76ac6b7f36bb931d235ea1132ac1852  ipv4-remove-output-route-check-in-ipv4_mtu.patch
7ba9b10b04197d3009ad3facabd0bdb2cab870fabcc841716efb1041412a20cd  r8169-fix-vlan-tag-reordering.patch
6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8  xsa43-pvops.patch
c4236fa6150c9cba98280aadc2daccd917410148e06d2231cc8c5370d1735577  kernelconfig.x86
3afefde6d92e1c41f6487c2279c5b707ef42ce42e4f7fe9e37d482c3e24ec3b1  kernelconfig.x86_64"
sha512sums="6e3354184d1799228a2d33b92e4a6b743cc24352b8ccc1fd487fab07ab97be2aa03ba87b8406a177581692db1fd40674fbd4e213a782cbe0a6a969b10c4c17a1  linux-3.6.tar.xz
08423f145ee7aef49f50d95032595ee79250135b6ecfa72f802502a277f215b63c4dc04ed149fe4ed7cdaa5ef063b8003b7f72f41d8417e45efbe7e30e621387  patch-3.6.11.xz
477ee6c8bdf8884355efafc29e58810c097a4b1e3ecd84890bf582cf513510266d85a26e38d05ae463429ccfe9dd84cedc2fb1ed0a5fcf662a8a489ca30e6495  patch-3.6.11-al4.patch
bc1e60473292f58c2884e016ba2e5f4e3fbacccd8fdc8856bd46c82e2de2811c6022c458ca5307d57bc1a512e5a65dd350cfe8ab28bc820072e9eec716f0e2c1  grsecurity-2.9.1-3.6.11-al4-unofficial-0.patch
b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e  0004-arp-flush-arp-cache-on-device-change.patch
d9c91b57415c7c3c365add35565f72ba6225e48212f55abb209e1f426902206543edefb9fc01715357e445b69222a6fb94c3469d701e465450919bad3c83d874  r8169-num-rx-desc.patch
fbbaa9c940f70823f5672db04b78de71233ecdda83d0cbeaeac941d732b0e3b18be38a0ed85d7bd03818114d00d9fe00935532968bee5b4673e8fadfda8c0281  ipv4-remove-output-route-check-in-ipv4_mtu.patch
958f5dfb57b6760e92d39027e8ec8d0abc2d99f6b40ef3c108fe90acfe00f3d5fdc2ccebddeffbf70794f6d7a394d985adf40808c2d4c8f7d0591c589b88bbbc  r8169-fix-vlan-tag-reordering.patch
383c00a2520f0e27a4e51ef4e499cd8dc33f75ef4d3d5eab22944126c41de20dccf563d1d05cd557cae4091167de78f44ec5bfb76e33f503b36b5e3d756fcaed  xsa43-pvops.patch
065fff74ab7f885a45d98a1cd2bc5aaf6cb9a08d830297aaab54b512b7c90d692e37101810ee36a1f26e757990f763b664788a858b3ab40d0b4821205b9d3995  kernelconfig.x86
ba9a0b035a97089e51e0a0b723c69148866dabb4baf74c870a005350f7bfd789ab47595c7bc7e218de6d7479d16279cb906aee2ffeda9a6b141ad43ecc26dd4f  kernelconfig.x86_64"