blob: c43bda0cabfc1bb4856a421cc2d95ff804e7a90d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
|
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.1.17
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
mpc1-dev"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
grsecurity-4.1.17-3.1-201509201149-tld.patch::http://git.tld-linux.org/?p=packages/kernel-grsecurity.git;a=blob_plain;f=grsecurity.patch;hb=2e7f40eae5385d264ca30ef9d730d99d833f23b5
fix-grsec-mm-slub.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
keys-fixes.patch
ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch
ovl-fix-permission-checking-for-setattr.patch
staging-dgnc-fix-info-leak-in-ioctl.patch
via-velocity-length-check.patch
config-grsec.x86
config-grsec.x86_64
config-grsec.armhf
config-virtgrsec.x86
config-virtgrsec.x86_64
"
subpackages="$pkgname-dev"
_flavors=
for _i in $source; do
case $_i in
config-*.$CARCH)
_f=${_i%.$CARCH}
_f=${_f#config-}
_flavors="$_flavors ${_f}"
if [ "linux-$_f" != "$pkgname" ]; then
subpackages="$subpackages linux-${_f}"
fi
;;
esac
done
arch="x86 x86_64 armhf"
license="GPL2"
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
local file=${i%::*}
case $file in
*.patch)
msg "Applying $file..."
if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
echo $file >>failed
_patch_failed=1
fi
;;
esac
done
if ! [ -z "$_patch_failed" ]; then
error "The following patches failed:"
cat failed
return 1
fi
# remove localversion from patch if any
rm -f localversion*
for i in $_flavors; do
local _config=config-$i.${CARCH}
local _builddir="$srcdir"/build-$i
mkdir -p "$_builddir"
echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
|| return 1
cp "$srcdir"/$_config "$_builddir"/.config || return 1
make -C "$srcdir"/linux-$_kernver \
O="$_builddir" \
HOSTCC="${CC:-gcc}" \
silentoldconfig || return 1
done
}
build() {
export GCC_SPECS=hardenednopie.specs
for i in $_flavors; do
cd "$srcdir"/build-$i
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
|| return 1
done
}
_package() {
local _buildflavor="$1" _outdir="$2"
local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
cd "$srcdir"/build-$_buildflavor || return 1
mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
local _install
case "$CARCH" in
arm*)
local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
mkdir -p "$_dtbdir"
for i in arch/arm/boot/dts/*.dtb ; do
install -m644 "$i" "$_dtbdir"
done
_install=zinstall
;;
*)
_install=install
;;
esac
make -j1 modules_install firmware_install $_install \
INSTALL_MOD_PATH="$_outdir" \
INSTALL_PATH="$_outdir"/boot \
|| return 1
rm -f "$_outdir"/lib/modules/${_abi_release}/build \
"$_outdir"/lib/modules/${_abi_release}/source
rm -rf "$_outdir"/lib/firmware
install -D include/config/kernel.release \
"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}
# main flavor installs in $pkgdir
package() {
depends="$depends linux-firmware"
_package grsec "$pkgdir"
}
# subflavors install in $subpkgdir
virtgrsec() {
_package virtgrsec "$subpkgdir"
}
# we only provide -dev for main flavor for now
dev() {
local _abi_release=${pkgver}-${pkgrel}-$_mainflavor
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
depends="gmp-dev bash"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/config-grsec.${CARCH} "$dir"/.config
echo "-$pkgrel-grsec" > "$dir"/localversion-alpine \
|| return 1
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build-$_mainflavor/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
md5sums="fe9dc0f6729f36400ea81aa41d614c37 linux-4.1.tar.xz
49c68f18968fa809e20a7b20423fd1d2 patch-4.1.17.xz
cadb807b168b455f10b26baf749a8c00 grsecurity-4.1.17-3.1-201509201149-tld.patch
aa7d644860b1424a2223d19ecdf650ae fix-grsec-mm-slub.patch
b0337a2a9abed17c37eae5db332522d2 fix-spi-nor-namespace-clash.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
04f93023c13c5cf3d9d5cbdf5c2a3ab3 keys-fixes.patch
0ac0bfd35d8d857b790f3cf55028d967 ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch
5f27a173424a42db509b46372c200e85 ovl-fix-permission-checking-for-setattr.patch
6c48221dbad6928f2b9f6c1f521c5844 staging-dgnc-fix-info-leak-in-ioctl.patch
073d3b8947c33abf715a0e505f144a7e via-velocity-length-check.patch
8592323596689e3ef967ff96d1190d1b config-grsec.x86
81aab21a18c16cf96d0fa719564281ec config-grsec.x86_64
c4c15b3ba79bb557a67cd9356b56d7c4 config-grsec.armhf
28754e558f94f3b3e0b0fcc27c1c955f config-virtgrsec.x86
ae802ba9bdf0dfa50e7506a08bbf929d config-virtgrsec.x86_64"
sha256sums="caf51f085aac1e1cea4d00dbbf3093ead07b551fc07b31b2a989c05f8ea72d9f linux-4.1.tar.xz
60e5c4fb93705a1e7d075d528975661303d3a87c522f731b69da2e00f3170b10 patch-4.1.17.xz
beb4a3343667b045b4680536f765719d1198086f5d57508f16a31fa18f8cbb41 grsecurity-4.1.17-3.1-201509201149-tld.patch
76561d103feb35f4b5ce368f3bf690a085c0a322dbd0d160ecd5e91758df7978 fix-grsec-mm-slub.patch
01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc fix-spi-nor-namespace-clash.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
246119a70831c0c01aabdbb31f75d0476883cfbc172e2a749655ec569569440f keys-fixes.patch
464fbfe582c2b841c629c78508d117108505aafdcc6fec8a2ae0b34193d04bbe ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch
79fa593d628d740c7bc2b68398ab381ad978293102d1f282919ee69aeab6a17d ovl-fix-permission-checking-for-setattr.patch
144886917b2c5ff880c4beb11ca8743b98ea5ed49bbd10a54a98e1d76cfe23b5 staging-dgnc-fix-info-leak-in-ioctl.patch
25f174ca77217399a82e59740f60ea75db31a624578cba9ee501b5b7b7ae4cc7 via-velocity-length-check.patch
fbc303521afbecbe2dccbe9955d108af53aaaa3388f2ca0962fc93f26a535a56 config-grsec.x86
0d770dbef70ec200e9f0341f7840847c228ac5e5061401614aaa27db59922614 config-grsec.x86_64
01b4f4e7eae350d40749f34e916e69c101f2fb5b3b7c2bd1917c29b8df3c2668 config-grsec.armhf
fcfeedde29606b94f79f79ceb9351bd5d018aca6a76bba04459d85e4ad94939f config-virtgrsec.x86
91bb0c7e6ad7b438daba3be79117007ecd68afb89857381034467837247edd56 config-virtgrsec.x86_64"
sha512sums="168ef84a4e67619f9f53f3574e438542a5747f9b43443363cb83597fcdac9f40d201625c66e375a23226745eaada9176eb006ca023613cec089349e91751f3c0 linux-4.1.tar.xz
fa8675bac395ad7255693728ee601cd84a02aeee660ee5f2bf5684a6af053c9cf07afb0abb3324b1eb149305701a0bb9252053e840edc2aebb6499139dc12edd patch-4.1.17.xz
929d0e7b73c988c76b6131adf5d2ec28c95736022e3f198c7f37eb0acd18f3784bd622bc050d88bc553bf297cbed6686aca113465c6b5b2fef13867edf596369 grsecurity-4.1.17-3.1-201509201149-tld.patch
33bd075f38f69a583586883cdbea8970b8ba54c91c3f8389db675a9ad5fc56b903645e1c029ba4d040c8ea4ceb16fdeffc2635805eb983c14a213ea699854cd1 fix-grsec-mm-slub.patch
4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164 fix-spi-nor-namespace-clash.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
8d4646d564e6beb60925724ca4cdef06ac08a4909629330f0e3c5cf1701dc82ca4bc9b809cdbf1f2229a30cc700106733cb77fea12885a44a0c4a65a1d5656d5 keys-fixes.patch
928492c522cc376abc244f9aec25b10abf0efc4cf19e5f3b7130ed8efed904e674975a05b70f3f46343dba5aa324c46981cb98eea7a619defbb7235742a3333e ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch
061d58353e8d8eb83a10ae1cdfd16ff5d982ee594decd115d42f438293747b9f4ea3cb16ce242685b34d52ca57feb3b8e9f344adc425e1894f0283abe47ef355 ovl-fix-permission-checking-for-setattr.patch
51bdf43837e0bc24771b6dd67e4f5f49ae77716a49155b2b04ca17aa84a7aea65f858733795a91d8c5c3221a77c576370c0ccc7e711c32edaa87210cf55974ec staging-dgnc-fix-info-leak-in-ioctl.patch
0be40b94b99f0fa0ab975c833e50a121e45b057c812e229a3d175a7bc8b03472eb6ab4a1273988971db89625f55b9fc4a35b7696acb21709887294fcf8a7c48d via-velocity-length-check.patch
819ff2d16b5c15399de9b3c254d4ed6b7ef580a5b7cdacb209d90d35d178e93e34a5d6159b0edfab4afec9decf404901a7504f7b106c62c3dba0cdb4f0951a61 config-grsec.x86
61b2f6b1264e51548c657b337a23592d7bdf0fe730f71e9039af098dd9ebd1b2bd7dbff1811ccb36c7c50b4cfef4cf19534a1f25ef05048a404fd6a6c3120a59 config-grsec.x86_64
3be2587ca157eff3910ad1cd4dd9013c699e08d6f8fdde22458caa423f17591a7b386aad5f592f79baac4da6b32f5965483c3080c1cf2bc906fdffbe33a16bf7 config-grsec.armhf
caec0c97bfd25c9cc6921addc8b39941284a38746d5b9c5f19c0f1fe679d9f4c6ee7881a2eb95a16dcfbb082486435f467d27d539405ee6094b70d13b3bf2276 config-virtgrsec.x86
3a8dbd0bdf8c1a46b6ced0b70e60bd830f46cb9752af12759b7ba8d8b041c117de1b25496f98653e65aa3828ab8644982f10807bf18ab60afaa778fde7711544 config-virtgrsec.x86_64"
|
