aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/APKBUILD
blob: fd7f18623abadf242a9ae96696231795b87dd92a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.6.11
_kernver=3.6
pkgrel=14
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel bash gmp-dev"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	patch-3.6.11-al3.patch
	grsecurity-2.9.1-3.6.11-al1-unofficial-0.patch
	
	0004-arp-flush-arp-cache-on-device-change.patch
	r8169-num-rx-desc.patch
	ipv4-remove-output-route-check-in-ipv4_mtu.patch
	0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch
	r8169-fix-vlan-tag-reordering.patch

	xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
	xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
	xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
	xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
	xsa43-pvops.patch
	0001-sock_diag-Fix-out-of-bounds-access-to-sock_diag_hand.patch
	0002-net-fix-infinite-loop-in-__skb_recv_datagram.patch

	kernelconfig.x86
	kernelconfig.x86_64
	"
subpackages="$pkgname-dev"
arch="x86 x86_64 arm"
license="GPL-2"

_abi_release=${pkgver}-${_flavor}

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/$i; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	mkdir -p "$srcdir"/build
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
		silentoldconfig
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
	cd "$srcdir"/build || return 1
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
	export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
	make CC="${CC:-gcc}" \
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
}

package() {
	cd "$srcdir"/build
	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
	make -j1 modules_install firmware_install install \
		INSTALL_MOD_PATH="$pkgdir" \
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1

	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
	rm -rf "$pkgdir"/lib/firmware

	install -D include/config/kernel.release \
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}

dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/$_config "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts 

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="1a1760420eac802c541a20ab51a093d1  linux-3.6.tar.xz
bd4bba74093405887d521309a74c19e9  patch-3.6.11.xz
ca40e52ffe0519221fc07c25bedfc346  patch-3.6.11-al3.patch
3838e6334ed957fd73e793e1816fe66c  grsecurity-2.9.1-3.6.11-al1-unofficial-0.patch
776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
daf2cbb558588c49c138fe9ca2482b64  r8169-num-rx-desc.patch
d9b4a528e722d10ba53034ebd440c31b  ipv4-remove-output-route-check-in-ipv4_mtu.patch
63468b44e34fa19237e0a2a1f6737b14  0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch
44a37e1289e1056300574848aea8bd31  r8169-fix-vlan-tag-reordering.patch
706652ed6c17c5f7bb46a6c8318f9e75  xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
286101482a2e4b7d8c0dff16af36b3e9  xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
89dbb0886c9d17c3c4a5ff4f1443e936  xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
bce9f08c86570a0a86ef36f1d2e7a2dd  xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
2399192c10ba600a086a4c946f1b72f2  xsa43-pvops.patch
2eae706f3b25a4a3341ef78eb29197dc  0001-sock_diag-Fix-out-of-bounds-access-to-sock_diag_hand.patch
9fcb70f1b8e22ad83e959afc58a7332d  0002-net-fix-infinite-loop-in-__skb_recv_datagram.patch
02ed0c981afbf6a1fc81d5fa9b44e7df  kernelconfig.x86
4927251c008b2c2bf5648d732ec63f9d  kernelconfig.x86_64"
sha256sums="4ab9a6ef1c1735713f9f659d67f92efa7c1dfbffb2a2ad544005b30f9791784f  linux-3.6.tar.xz
4bdc3822571a4a765bf6f347aad8b899730acef549ae4236813fd17f254f4327  patch-3.6.11.xz
3949b8aff2f0c2e108f897f119c98c002937093baa54385d46baad19300954e1  patch-3.6.11-al3.patch
09a266a5aeba727b29304f4ec41bc08962a71df931646cc6910c5555ffbee14c  grsecurity-2.9.1-3.6.11-al1-unofficial-0.patch
e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde  0004-arp-flush-arp-cache-on-device-change.patch
fdce1143aa10a48582b5bb9cf441b75c6f52701a61f28139970f3110a170fb97  r8169-num-rx-desc.patch
c3673636d7604b7b3df665acc0fc0153a76ac6b7f36bb931d235ea1132ac1852  ipv4-remove-output-route-check-in-ipv4_mtu.patch
2c5f4fc70c9e6c1be9890cd5e5a8c45cc500cc71c7faf8b8f7a7152b1e6bcf88  0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch
7ba9b10b04197d3009ad3facabd0bdb2cab870fabcc841716efb1041412a20cd  r8169-fix-vlan-tag-reordering.patch
99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5  xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969  xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c  xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd  xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8  xsa43-pvops.patch
c8981bb73042f2a14a32c80e15f85d31e78c425808de437c455e0f4f90b17ec2  0001-sock_diag-Fix-out-of-bounds-access-to-sock_diag_hand.patch
4aaf19e18a71a502ff12ebacaf7c8d0c14b4c3d46d88058dbce0cb567aed0f3c  0002-net-fix-infinite-loop-in-__skb_recv_datagram.patch
c4236fa6150c9cba98280aadc2daccd917410148e06d2231cc8c5370d1735577  kernelconfig.x86
3afefde6d92e1c41f6487c2279c5b707ef42ce42e4f7fe9e37d482c3e24ec3b1  kernelconfig.x86_64"
sha512sums="6e3354184d1799228a2d33b92e4a6b743cc24352b8ccc1fd487fab07ab97be2aa03ba87b8406a177581692db1fd40674fbd4e213a782cbe0a6a969b10c4c17a1  linux-3.6.tar.xz
08423f145ee7aef49f50d95032595ee79250135b6ecfa72f802502a277f215b63c4dc04ed149fe4ed7cdaa5ef063b8003b7f72f41d8417e45efbe7e30e621387  patch-3.6.11.xz
8b9656c1b535dea4e32fcb9a6b44ae6c12548a262f40bd94ea81c4f475d301da20cbf0ab0eef77a61dcdddaad21b850858ddc1a03c741bf6f2ae285310f49508  patch-3.6.11-al3.patch
f2b6735194597e9296f0fccd65bdbfd6f2489c40526294f00a1ad543e8cb3b0a41ceee26cd2f0cbfa31ec423927c5e693d63856e65c7ad8a79666176595aca8a  grsecurity-2.9.1-3.6.11-al1-unofficial-0.patch
b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e  0004-arp-flush-arp-cache-on-device-change.patch
d9c91b57415c7c3c365add35565f72ba6225e48212f55abb209e1f426902206543edefb9fc01715357e445b69222a6fb94c3469d701e465450919bad3c83d874  r8169-num-rx-desc.patch
fbbaa9c940f70823f5672db04b78de71233ecdda83d0cbeaeac941d732b0e3b18be38a0ed85d7bd03818114d00d9fe00935532968bee5b4673e8fadfda8c0281  ipv4-remove-output-route-check-in-ipv4_mtu.patch
55ebc903f2384926c7a0a9abbb685b1719d08363fa97deddbd6b632928d94956cdc0b4c75d4b0230d627a02baf249d57033820e0fb11ff6723faa904370a54c8  0001-r8169-remove-the-obsolete-and-incorrect-AMD-workarou.patch
958f5dfb57b6760e92d39027e8ec8d0abc2d99f6b40ef3c108fe90acfe00f3d5fdc2ccebddeffbf70794f6d7a394d985adf40808c2d4c8f7d0591c589b88bbbc  r8169-fix-vlan-tag-reordering.patch
29bbd379a06dbb060871b089c9926cadc6e6a2cae141246386f98e5737436ff503b522f08e91bdfa220cf9610cfe19990375e395a2cb01e19cf9b4f37c59a7f1  xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
abb148ef92e516d9632912d10ce5d1f5c1425c25fc601a84cfd3a4ba10a374a7cc8ec38c4ad5d2ba815e17d8b2ce006ce364650aa0418b76b5dcdafd54194707  xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
162885acbdea08dd6089d692fba65bacdcfc02e3617ce6b170b736167294bdb2a9b0eac5d33634fcafc91ca2acac9301e2bc9873aa70c43eba1107d3ae83c4ab  xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
61388dab7a572da5ea598ff430359007288901f00a7f6b243163dc901bf57a2270de8ef897e17273532aab9c08d5c7c2dbce58e6b85e7b3ca724ffe138559802  xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
383c00a2520f0e27a4e51ef4e499cd8dc33f75ef4d3d5eab22944126c41de20dccf563d1d05cd557cae4091167de78f44ec5bfb76e33f503b36b5e3d756fcaed  xsa43-pvops.patch
025c948e157c1bbc0158fea124205792ecc0abc692ad862c14861a304492c0d2e1f931ad5c6434ba37ae9a8389e9cea0d5fd111f44e99f7dcb9336d7e4bfdb7b  0001-sock_diag-Fix-out-of-bounds-access-to-sock_diag_hand.patch
c95a0c71cee924686185d138b15c94c7593ecac7afa48957204b16bd24b0fbf641fbefd2e18dd5e72eef33f8eb07c24240f5c64b8c73c0bc73d9dfcda44b237a  0002-net-fix-infinite-loop-in-__skb_recv_datagram.patch
065fff74ab7f885a45d98a1cd2bc5aaf6cb9a08d830297aaab54b512b7c90d692e37101810ee36a1f26e757990f763b664788a858b3ab40d0b4821205b9d3995  kernelconfig.x86
ba9a0b035a97089e51e0a0b723c69148866dabb4baf74c870a005350f7bfd789ab47595c7bc7e218de6d7479d16279cb906aee2ffeda9a6b141ad43ecc26dd4f  kernelconfig.x86_64"