aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/APKBUILD
blob: 3294499c9b0ed4a228431d2eef5fa318318441dc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.4.32
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
	mpc1-dev"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201604252206-alpine.patch

	fix-spi-nor-namespace-clash.patch
	imx6q-no-unclocked-sleep.patch
	gcc6.patch

	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
	"
subpackages="$pkgname-dev linux-virtgrsec-dev"
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

arch="x86 x86_64 armhf"
license="GPL2"

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		local file=${i%::*}
		case $file in
		*.patch)
			msg "Applying $file..."
			if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
				echo $file >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	# remove localversion from patch if any
	rm -f localversion*

	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
}

build() {
	export GCC_SPECS=hardenednopie.specs
	for i in $_flavors; do
		cd "$srcdir"/build-$i
		make CC="${CC:-gcc}" \
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			KCFLAGS="-fno-pie" \
			|| return 1
	done
}

_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}

	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
		|| return 1

	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware

	install -D include/config/kernel.release \
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
	depends="$depends linux-firmware"
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
}

_dev() {
	local _flavor="$1"
	local _abi_release=${pkgver}-${pkgrel}-$_flavor
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for $_flavor kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
	echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
		|| return 1
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		KCFLAGS="-fno-pie" \
		silentoldconfig prepare modules_prepare scripts

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

dev() {
	_dev grsec
}

virtgrsec_dev() {
	_dev virtgrsec
}

md5sums="9a78fa2eb6c68ca5a40ed5af08142599  linux-4.4.tar.xz
394f1ad7f950428eaed011f2e6d36060  patch-4.4.32.xz
2cee0e45fc92de18c87415922cd5bdeb  grsecurity-3.1-4.4.32-201604252206-alpine.patch
c32f1d7517a095a2645fc1c7dec5db8f  fix-spi-nor-namespace-clash.patch
b11c29ee88f7f537973191036d48bee7  imx6q-no-unclocked-sleep.patch
90e0fca6cb7bca277394b0db7f605098  gcc6.patch
85d2836493bfea74b851d65d605d8050  config-grsec.x86
f48724915a112f3fda894dd09b44fcb7  config-grsec.x86_64
49b78c9cd95a16fa3592615efa1099b3  config-grsec.armhf
b8ee8bcd0b53d0d661bf9aac06150dd2  config-virtgrsec.x86
a2e1de5edbc62606a6642b83c61b4d7b  config-virtgrsec.x86_64"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2  linux-4.4.tar.xz
329b6b24e9e02b2e01ab13a9f62f853b37272c4f1c210cdcdda93937e0d0cb18  patch-4.4.32.xz
b0bf04a4f4ab80688ab3fc8add185d756f4ceae08de5f8d2219e75ab51ce4440  grsecurity-3.1-4.4.32-201604252206-alpine.patch
b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212  fix-spi-nor-namespace-clash.patch
7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4  imx6q-no-unclocked-sleep.patch
21640b417cb9a389bf7be6a11dc71a481ec76fcfcc758992a9be158ab6a643e8  gcc6.patch
aad2c2d373954e7f5f447aa59508f5f7c2b855e34956a4a51b5974a0560d6432  config-grsec.x86
b834e7ea50252e11419ab83715a4808c4f7a0b332d62977ba4a6a4349f228e0b  config-grsec.x86_64
1a7b3e4e11c1bd28dae47eae32662191371fd94a453e7b29264c5201d804aeb6  config-grsec.armhf
4f31314b11df0a3881aa44f29ac87dddd36974303a0ccf919e50e1ffa971edd3  config-virtgrsec.x86
7cc143f2061b65c835683f19fddaef4ef046f39bb17e4ba3bd8bc7b8245fae60  config-virtgrsec.x86_64"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e  linux-4.4.tar.xz
118923fc9bfc123d9b140f345823c20f402fa4f338d6cce2395bec792e018f937b10809ad4f33149da6a0cbde782f26a224b40c5b2dcd22e995f36c2d76d59df  patch-4.4.32.xz
f763c581416a839f3dc4fd1aa21dfacf6b3222dccf500c8bb0bce0475b6041e5b706a548098947270043ec182d1a2bbc17c3fdb6cde5fb8f70517d8279480cdd  grsecurity-3.1-4.4.32-201604252206-alpine.patch
410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104  fix-spi-nor-namespace-clash.patch
9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07  imx6q-no-unclocked-sleep.patch
edcebc229956a05621ec1c89039b56aa61b468c74b54420ff72bd08658b65d29d6af385a7d78d1ce4b39889b407106b99efe7309f8a82974a74eb9edb9e89b64  gcc6.patch
2a496976cb8f2b791ba9a206985ef42f15baef84101dafd0036e5686dae64acec6725b3efd8b5692db33bc0851ef16fadb9f10e44cd9eccb6b194329ed749452  config-grsec.x86
9b30b640fd7548b16ece153b0e9f449fd0332069ec015953246d50b1407cf24eeb85ed1b0897441438a9940dd6a048d6ff69dac9fc56c4b6c76a7e88c1de4c8e  config-grsec.x86_64
3e899b536d3377179f26c826d21c03e3b6792fdc1ca8576cd7a10da638f1189b1dffca4a4bf9e711fbba3b2ffe79e755b8d64d3be2511428faadd77b1fbfa8eb  config-grsec.armhf
c07523775446c6cac6e2c8bd740d2647cf099a4b11aae0787259ccdf667571832185781257534657039773d68a21079b25f8e32bd32797bbbffe26d82f634bcb  config-virtgrsec.x86
b8c285676251c47e3ca69c5d7075585cc0199408a9567c6da132f8a3b34ec948821a5759e7e7b9a67666df08bf4ef0587f32433dc93387217ceeb832a6c1566a  config-virtgrsec.x86_64"
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 18:09:43 +0000