main/linux-grsec/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.1.12
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
	mpc1-dev"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
	http://dev.alpinelinux.org/~tteras/grsec/pax-linux-4.1.11-test24-alpine.patch
	http://dev.alpinelinux.org/~tteras/grsec/grsec-4.1.y-3.1-201509112213-alpine.patch

	fix-spi-nor-namespace-clash.patch
	imx6q-no-unclocked-sleep.patch

	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
	"
subpackages="$pkgname-dev"
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

arch="x86 x86_64 armhf"
license="GPL2"

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/${i##*/}; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	# remove localversion from patch if any
	rm -f localversion*

	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
}

build() {
	export GCC_SPECS=hardenednopie.specs
	for i in $_flavors; do
		cd "$srcdir"/build-$i
		make CC="${CC:-gcc}" \
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
}

_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}

	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
		|| return 1

	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware

	install -D include/config/kernel.release \
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
	depends="$depends linux-firmware"
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
}

# we only provide -dev for main flavor for now
dev() {
	local _abi_release=${pkgver}-${pkgrel}-$_mainflavor
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/config-grsec.${CARCH} "$dir"/.config
	echo "-$pkgrel-grsec" > "$dir"/localversion-alpine \
		|| return 1
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build-$_mainflavor/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="fe9dc0f6729f36400ea81aa41d614c37  linux-4.1.tar.xz
e790ae84e0109a3d95cc617be448171b  patch-4.1.12.xz
15977c12236e3a4f8f61c74ce90a4402  pax-linux-4.1.11-test24-alpine.patch
d4d64785f2ff77db38477b3da0d86f9a  grsec-4.1.y-3.1-201509112213-alpine.patch
b0337a2a9abed17c37eae5db332522d2  fix-spi-nor-namespace-clash.patch
1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
f8eec4df8fcd64f5f4810a2840e8cee7  config-grsec.x86
dcccfa220ed2b2041971492d1dfa9440  config-grsec.x86_64
41dc69b5f5ceb6224a4d50e3837eaa6f  config-grsec.armhf
28754e558f94f3b3e0b0fcc27c1c955f  config-virtgrsec.x86
e1ee16152cd6b92aef67466e1710cf87  config-virtgrsec.x86_64"
sha256sums="caf51f085aac1e1cea4d00dbbf3093ead07b551fc07b31b2a989c05f8ea72d9f  linux-4.1.tar.xz
f3520b06e6a2b9929173c680de75f11cde9f0a380e04195d538b5de820a549ae  patch-4.1.12.xz
ed4626d4de2a283ac087617ebee5ec17e28b372ca060ae83bfd2b2e2cf0bb7f4  pax-linux-4.1.11-test24-alpine.patch
7258089a5e2d5ca65135e47cf13400c47a657f5b2f6ef3f2e2b7383a758e00f8  grsec-4.1.y-3.1-201509112213-alpine.patch
01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc  fix-spi-nor-namespace-clash.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
b179db21c31861da5da8a49307994e11e6a6b83d88fb3dffcf20b369ab32f8e6  config-grsec.x86
f2c3a2b565346baa29bdf48bab6da6fcfa1723b505237ef33a0655bf80ef2e18  config-grsec.x86_64
450fed9f9573bed167d34d2f00d71563cba131d3b4eac9c0348ae3e7692fb30d  config-grsec.armhf
fcfeedde29606b94f79f79ceb9351bd5d018aca6a76bba04459d85e4ad94939f  config-virtgrsec.x86
a3f09fc1092ecf4456980a6e2e723a9ea95746e0da5bf4a7363046614dc6ffd8  config-virtgrsec.x86_64"
sha512sums="168ef84a4e67619f9f53f3574e438542a5747f9b43443363cb83597fcdac9f40d201625c66e375a23226745eaada9176eb006ca023613cec089349e91751f3c0  linux-4.1.tar.xz
164f216faa8fef6a28fe03bdb69c7bee5ff99cf560271264b52e62aec63c1d4d6475d4a6f2b4b4c02d235568ebe8bafd3b36be75c8a505cde8edbb70136d89b4  patch-4.1.12.xz
67bcf3f23a9ee93186e3307d0344a11a9172137d176182ac63b50960eccf9cc0ee476cde7aaee266b98b6121a3efbafdfa41466724e6b04057e91f839eaa636f  pax-linux-4.1.11-test24-alpine.patch
7d25216434876e4cdbab9c3a37f554a1ad908416c2afa8b70e92d681029accdd120c9ee4e5ed3df54f806920f05e0e29f0e06fc417083b953e26401be350858d  grsec-4.1.y-3.1-201509112213-alpine.patch
4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164  fix-spi-nor-namespace-clash.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
b31862d0998cbe72882f2db3ab9452051bb5202a3921f5f4aebb24727a187227792af88c6b6ceef8ff28ab34123d1321bb8d06656f37c844afcf566571ba8865  config-grsec.x86
87c4c3be53f03ee6e7c4fa1853b43c506ee5d35d4c156b5030424b7712e469521898a56c0b6a4562e31ea2bca855dae7429ea9048f9d2fa8b29db2d14211d230  config-grsec.x86_64
7cf01405de57b195799395298e76aae9857aef180dd92e08dafbfe8a957d98821032b1c34db3d287430b9b8d4a9e9d0fe9e8f1fc46fd6f2e94b969faf41d2aab  config-grsec.armhf
caec0c97bfd25c9cc6921addc8b39941284a38746d5b9c5f19c0f1fe679d9f4c6ee7881a2eb95a16dcfbb082486435f467d27d539405ee6094b70d13b3bf2276  config-virtgrsec.x86
36f4cb73009cb5cf9f8e52ceae3537e8d84f4eaa1a7aa3850c893472cc661ce76b65b88403a3d7fa0bf31b179ac030bf0b8a1188214c771ebbc1c92c95d398a2  config-virtgrsec.x86_64"