blob: 5547bd3f955b059a25b3952315284349ec98decc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.14.13
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl sed installkernel bash gmp-dev bc"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-3.0-3.14.13-201407232159.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
kernelconfig.x86
kernelconfig.x86_64
kernelconfig.armhf
"
subpackages="$pkgname-dev"
arch="x86 x86_64 armhf"
license="GPL-2"
_abi_release=${pkgver}-${pkgrel}-${_flavor}
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
case $i in
*.patch)
msg "Applying $i..."
if ! patch -s -p1 -N -i "$srcdir"/$i; then
echo $i >>failed
_patch_failed=1
fi
;;
esac
done
if ! [ -z "$_patch_failed" ]; then
error "The following patches failed:"
cat failed
return 1
fi
rm -f localversion*
echo "-$pkgrel-$_flavor" > localversion-alpine
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
cd "$srcdir"/build || return 1
make menuconfig
cp .config "$startdir"/$_config
}
build() {
cd "$srcdir"/build
export GCC_SPECS=hardenednopie.specs
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
|| return 1
}
package() {
cd "$srcdir"/build
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
local _install
case "$CARCH" in
arm*)
local _dtbdir="$pkgdir"/usr/lib/linux-${_abi_release}
mkdir -p "$_dtbdir"
for i in arch/arm/boot/dts/*.dtb ; do
install -m644 "$i" "$_dtbdir"
done
_install=zinstall
;;
*)
_install=install
;;
esac
make -j1 modules_install firmware_install $_install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot \
|| return 1
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
rm -rf "$pkgdir"/lib/firmware
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
depends="gmp-dev bash"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/$_config "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
132470897fc5d57f5ac7d658100cc430 patch-3.14.13.xz
a5ee03e4eb9c979a68214661ebf1dece grsecurity-3.0-3.14.13-201407232159.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
69688dbc1669bfd04dec7bb316e58b8d kernelconfig.x86
e0b3a0898935183bf42078350d2e31f1 kernelconfig.x86_64
0d71b1663f7cbfffc6e403deca4bbe86 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
e6b1a87470ab9f749002959e2c9ca2f7229b4b34f313120b4800eb39f08c4698 patch-3.14.13.xz
8f892153ab184acec6575ceda7e2b5007aa2e934b193f059064d88b6a7f47477 grsecurity-3.0-3.14.13-201407232159.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
61c9344b8643ab81b0d7230f77fa003c8e2ce46bf4ea18315708e77ccef5de83 kernelconfig.x86
1ce44d635856578779ff6c0d1ba97c4ce44e988411e3c702a79859c28bd8c91c kernelconfig.x86_64
3cddaac02211dd0f5eb4531aecc3a1427f29dcec7b31d9fe0042192d591bcdc8 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
49ec8684af792696230c62960dd2e1623c5ed078de4954739c366cba404cb2e6d5fbd62a8173d48dc29627c9a38e99dbeb9e96fb4f6c6a2fa077e6c5f56535e8 patch-3.14.13.xz
17289ac3e3ffbd34785d9827cefbf6b7da829e1a878c5e16378b3bb681050fc07d4e94f29b9fcbfe74df21d2743377bc6462fdb25f0ee63f709864cb18060760 grsecurity-3.0-3.14.13-201407232159.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
0889c17d6509b8078aa2fd1ba2977a8fa88260bd080e780aeefd7eb6a8805b3bb9a3132991fc1050e6b7bce0ca118ce7f2c57c0f33459812f69c4dee75ff96cf kernelconfig.x86
f413cb1b4942f217c223ab3bae845a2ea86c01dfd586ecce0e63598d775fafc975ed88f908e7291e20543cf4d15e01b26d5e4407de244ccbfe4fbebe74d25995 kernelconfig.x86_64
c19ce8d5ef84e42d63435731afab351a68226d7b49caf5d6a3b43421a1a856eadfc69b503a2d757de10cba46bcfdf45c17bb0fed6cf0a14ac284050e655614dd kernelconfig.armhf"
|