blob: 98344b4e3badc6779699753e4a8c494fe020ef1b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
|
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.4.23
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
mpc1-dev"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201604252206-alpine.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
gcc6.patch
config-grsec.x86
config-grsec.x86_64
config-grsec.armhf
config-virtgrsec.x86
config-virtgrsec.x86_64
"
subpackages="$pkgname-dev linux-virtgrsec-dev"
_flavors=
for _i in $source; do
case $_i in
config-*.$CARCH)
_f=${_i%.$CARCH}
_f=${_f#config-}
_flavors="$_flavors ${_f}"
if [ "linux-$_f" != "$pkgname" ]; then
subpackages="$subpackages linux-${_f}"
fi
;;
esac
done
arch="x86 x86_64 armhf"
license="GPL2"
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
local file=${i%::*}
case $file in
*.patch)
msg "Applying $file..."
if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
echo $file >>failed
_patch_failed=1
fi
;;
esac
done
if ! [ -z "$_patch_failed" ]; then
error "The following patches failed:"
cat failed
return 1
fi
# remove localversion from patch if any
rm -f localversion*
for i in $_flavors; do
local _config=config-$i.${CARCH}
local _builddir="$srcdir"/build-$i
mkdir -p "$_builddir"
echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
|| return 1
cp "$srcdir"/$_config "$_builddir"/.config || return 1
make -C "$srcdir"/linux-$_kernver \
O="$_builddir" \
HOSTCC="${CC:-gcc}" \
silentoldconfig || return 1
done
}
build() {
export GCC_SPECS=hardenednopie.specs
for i in $_flavors; do
cd "$srcdir"/build-$i
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
KCFLAGS="-fno-pie" \
|| return 1
done
}
_package() {
local _buildflavor="$1" _outdir="$2"
local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
cd "$srcdir"/build-$_buildflavor || return 1
mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
local _install
case "$CARCH" in
arm*)
local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
mkdir -p "$_dtbdir"
for i in arch/arm/boot/dts/*.dtb ; do
install -m644 "$i" "$_dtbdir"
done
_install=zinstall
;;
*)
_install=install
;;
esac
make -j1 modules_install firmware_install $_install \
INSTALL_MOD_PATH="$_outdir" \
INSTALL_PATH="$_outdir"/boot \
|| return 1
rm -f "$_outdir"/lib/modules/${_abi_release}/build \
"$_outdir"/lib/modules/${_abi_release}/source
rm -rf "$_outdir"/lib/firmware
install -D include/config/kernel.release \
"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}
# main flavor installs in $pkgdir
package() {
depends="$depends linux-firmware"
_package grsec "$pkgdir"
}
# subflavors install in $subpkgdir
virtgrsec() {
_package virtgrsec "$subpkgdir"
}
_dev() {
local _flavor="$1"
local _abi_release=${pkgver}-${pkgrel}-$_flavor
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for $_flavor kernel"
depends="gmp-dev bash"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
|| return 1
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
KCFLAGS="-fno-pie" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
dev() {
_dev grsec
}
virtgrsec_dev() {
_dev virtgrsec
}
md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
fc4815605d4bd6e52f4433be3ee57c8b patch-4.4.23.xz
da1e663d925bc66f21196c04b3a23ee1 grsecurity-3.1-4.4.23-201604252206-alpine.patch
c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch
b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch
90e0fca6cb7bca277394b0db7f605098 gcc6.patch
2da05cb44c4f954f05f58734f4e16760 config-grsec.x86
8d86b346ae0a68fea58f3eab2338641b config-grsec.x86_64
49b78c9cd95a16fa3592615efa1099b3 config-grsec.armhf
429e5174e3cbbacff55d8055df37719e config-virtgrsec.x86
1106a5fdbf270683d91e7f20abd5fa1f config-virtgrsec.x86_64"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz
0592b15bb78879ffa72933c71b8b11787a7b4560ea33b8ba8b421df034ee74c8 patch-4.4.23.xz
5e02a60f9dfbf03173d5941936fd20869b225cab538c9503f30122791f9dda84 grsecurity-3.1-4.4.23-201604252206-alpine.patch
b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch
7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch
21640b417cb9a389bf7be6a11dc71a481ec76fcfcc758992a9be158ab6a643e8 gcc6.patch
4098706e52e79c99b56e74c5aea53ba157c561c794819c130656d92a7b452210 config-grsec.x86
7a332837c3d63bf90bbab1df759801834393894e13f8a0647976dcec9d87a376 config-grsec.x86_64
1a7b3e4e11c1bd28dae47eae32662191371fd94a453e7b29264c5201d804aeb6 config-grsec.armhf
67814690ece448328e4004a979f27d14a2b2eef5f5ec5a0f9fa0cc9b42157967 config-virtgrsec.x86
166c6cec181cb1e4db38b3d5b34c5db561ec78b38b40112cde916267c3a75260 config-virtgrsec.x86_64"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz
62de0a7258f2532bd96d0d8af9acf4541190a076b057ac971e8181f4af503f3c079c8c602116fa278dadca6a06c62a6655bef3b88c17ffaafe053d62515b9d57 patch-4.4.23.xz
97e33dda11c51750dd3725370b62d87c8299a75944f36323c949ccf34d3ee468745672c503c3c7612ff841f5f3ddfa946e3a7597815602b70258dc77fcafe33d grsecurity-3.1-4.4.23-201604252206-alpine.patch
410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch
9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch
edcebc229956a05621ec1c89039b56aa61b468c74b54420ff72bd08658b65d29d6af385a7d78d1ce4b39889b407106b99efe7309f8a82974a74eb9edb9e89b64 gcc6.patch
0ba45dc80b9070a18bd31155eb2e658efdf8106fb331978d0b32bea68c9a401990b681df834319c9fa8599a78583bd4c45c274aa3d251aabc740d06141c5beb6 config-grsec.x86
65c8a18d3107be8766060eb7d7c89f2b865b38dc7e93f4110bffd98ef009f9cc192b3c9ad6fecbe412208c8efa93a526e81d4362bd207e6a585f30cc22ee8603 config-grsec.x86_64
3e899b536d3377179f26c826d21c03e3b6792fdc1ca8576cd7a10da638f1189b1dffca4a4bf9e711fbba3b2ffe79e755b8d64d3be2511428faadd77b1fbfa8eb config-grsec.armhf
1718c78d4d57c67cbe49d54f28789e38528eb4ebebe2e2c616a40655d6e37f29fbd4b104dfc2dc204d1114489ad549f272ef8cfd447a24bbc10a320a5b12cfd4 config-virtgrsec.x86
6dd579d31d6bf0b30058466ba9556b84d72f7ddb9630f39124cd319e9f9c57ba72af86c93ae95535be66c39e306e106b0515bd2bda5acc132533dac639810325 config-virtgrsec.x86_64"
|