blob: d043101635bdada547bf85c5cab45e68595e761e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.4.12
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
mpc1-dev"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201604252206-alpine.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
config-grsec.x86
config-grsec.x86_64
config-grsec.armhf
config-virtgrsec.x86
config-virtgrsec.x86_64
"
subpackages="$pkgname-dev linux-virtgrsec-dev"
_flavors=
for _i in $source; do
case $_i in
config-*.$CARCH)
_f=${_i%.$CARCH}
_f=${_f#config-}
_flavors="$_flavors ${_f}"
if [ "linux-$_f" != "$pkgname" ]; then
subpackages="$subpackages linux-${_f}"
fi
;;
esac
done
arch="x86 x86_64 armhf"
license="GPL2"
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
local file=${i%::*}
case $file in
*.patch)
msg "Applying $file..."
if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
echo $file >>failed
_patch_failed=1
fi
;;
esac
done
if ! [ -z "$_patch_failed" ]; then
error "The following patches failed:"
cat failed
return 1
fi
# remove localversion from patch if any
rm -f localversion*
for i in $_flavors; do
local _config=config-$i.${CARCH}
local _builddir="$srcdir"/build-$i
mkdir -p "$_builddir"
echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
|| return 1
cp "$srcdir"/$_config "$_builddir"/.config || return 1
make -C "$srcdir"/linux-$_kernver \
O="$_builddir" \
HOSTCC="${CC:-gcc}" \
silentoldconfig || return 1
done
}
build() {
export GCC_SPECS=hardenednopie.specs
for i in $_flavors; do
cd "$srcdir"/build-$i
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
|| return 1
done
}
_package() {
local _buildflavor="$1" _outdir="$2"
local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
cd "$srcdir"/build-$_buildflavor || return 1
mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
local _install
case "$CARCH" in
arm*)
local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
mkdir -p "$_dtbdir"
for i in arch/arm/boot/dts/*.dtb ; do
install -m644 "$i" "$_dtbdir"
done
_install=zinstall
;;
*)
_install=install
;;
esac
make -j1 modules_install firmware_install $_install \
INSTALL_MOD_PATH="$_outdir" \
INSTALL_PATH="$_outdir"/boot \
|| return 1
rm -f "$_outdir"/lib/modules/${_abi_release}/build \
"$_outdir"/lib/modules/${_abi_release}/source
rm -rf "$_outdir"/lib/firmware
install -D include/config/kernel.release \
"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}
# main flavor installs in $pkgdir
package() {
depends="$depends linux-firmware"
_package grsec "$pkgdir"
}
# subflavors install in $subpkgdir
virtgrsec() {
_package virtgrsec "$subpkgdir"
}
_dev() {
local _flavor="$1"
local _abi_release=${pkgver}-${pkgrel}-$_flavor
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for $_flavor kernel"
depends="gmp-dev bash"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
|| return 1
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
dev() {
_dev grsec
}
virtgrsec_dev() {
_dev virtgrsec
}
md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
80d71a51152029a3f2fe99ba94548009 patch-4.4.12.xz
fd46ac685bfcf50643390d0224846564 grsecurity-3.1-4.4.12-201604252206-alpine.patch
c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch
b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch
0f3836729769884621131f0620b65482 config-grsec.x86
e7ce299970a212c6482f1d7f433ee1dc config-grsec.x86_64
bd9cf4d55fef7f6f716bcd3878533a41 config-grsec.armhf
effe99ef985cebae1208c87530aace1a config-virtgrsec.x86
e6b011c803981b0105b2882254a9b8ae config-virtgrsec.x86_64"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz
1eb89dddd7e89caf2df17470b4b15da451ef1aa97f8e1a88578a8ee2da75729a patch-4.4.12.xz
8f503a36344539c108571d4eb54dff1a61863a405e4f939518b88063a6759edc grsecurity-3.1-4.4.12-201604252206-alpine.patch
b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch
7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch
b4c077e6de0fa122530422b04d7d4584da1765b9ae05d4b844bf0f3b0fafb148 config-grsec.x86
69ecc65ffa5b6ae82bfceb7549f19668e813f69aca7e295bf0d871c36d23f628 config-grsec.x86_64
5722cf941ae841f28306f785ccb478a99ed167c910a83f80ba570022d53a323e config-grsec.armhf
31098b41a807b671108546361f012b4a870d9d3532bc64ab8f36ac98a6a79908 config-virtgrsec.x86
14a9f1fc57d3c826b81148f497a9b2299c558a615fdee193e395833abec896b3 config-virtgrsec.x86_64"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz
c3aca55f26fc883b489635a90b79c03d7c6d591efddb4e406b5bfe49fc4326ff2a957521b1d8ea126b95f1d0573e5185d96bce10d05eae595a51f8eb27690404 patch-4.4.12.xz
626a8cd2890d52e32a1024b0d37972583cfb12b1f8405713c18d31ed02ea997bfff38698bfe261527d02146bbb220c1f3a60e99bef501180509383cfa2ede077 grsecurity-3.1-4.4.12-201604252206-alpine.patch
410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch
9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch
da2ff042bb35be1517dc0233d6ff90ad437d7b20c5ab8e72c58c3186cf5233378752f0ae12f49a35f3c4c218752a50bc04ee72215f7314b97fea58e7074d871e config-grsec.x86
34fb49b667520e7c2bbb2f6a0219b494b796d7fcf5603d129395ca4bc1567232186cb329678f9681b77c31beb75ad5c687bdcea93d268760da84493c92384694 config-grsec.x86_64
8ac8719bd3b85f54d5d6abf1aa7b5dc21641b2c1e0a9cd880acfb8ee625500f39f07787e4daae3c8a88a136197ef3cc130be8b6ce0cccaf4f418577324f01415 config-grsec.armhf
fa699c514fffed626002bfaf9a17ce63f3cd8a8f8d42229f279d504097a8fe3047d8a3c11068ff58a08b5bf26e2883fc2141b1bbd886d3fb1a91a04b93d39e1a config-virtgrsec.x86
ba9ffcbea285ebffa0740a1ff8e5812da13d6fd51405cdf758cbb8e3d0567505e35a10add4ad7d326b1e9fce9ebe3521ccc7375082102bac5be40edee421067d config-virtgrsec.x86_64"
|