main/linux-grsec/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.14.37
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=3
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl sed installkernel bash gmp-dev bc"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	grsecurity-3.1-3.14.37-201504051405.patch

	fix-memory-map-for-PIE-applications.patch
	imx6q-no-unclocked-sleep.patch

	kernelconfig.x86
	kernelconfig.x86_64
	kernelconfig.armhf
	"
subpackages="$pkgname-dev"
arch="x86 x86_64 armhf"
license="GPL-2"

_abi_release=${pkgver}-${pkgrel}-${_flavor}

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/$i; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	rm -f localversion*
	echo "-$pkgrel-$_flavor" > localversion-alpine

	mkdir -p "$srcdir"/build
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
		silentoldconfig
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
	cd "$srcdir"/build || return 1
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
	export GCC_SPECS=hardenednopie.specs
	make CC="${CC:-gcc}" \
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
}

package() {
	cd "$srcdir"/build

	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$pkgdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
		INSTALL_MOD_PATH="$pkgdir" \
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1

	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
	rm -rf "$pkgdir"/lib/firmware

	install -D include/config/kernel.release \
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}

dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/$_config "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="b621207b3f6ecbb67db18b13258f8ea8  linux-3.14.tar.xz
cbc19671d2c8bab0eaf18bf3afa54f7b  patch-3.14.37.xz
16c2185b59f85b66ba9679eb5f389104  grsecurity-3.1-3.14.37-201504051405.patch
c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
78060d5fe4d22f3ff8ebdad76f2a99f0  kernelconfig.x86
4abbaf506227daec9a0e5b53464e1642  kernelconfig.x86_64
2088fe977722158d7989f928084d52ca  kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa  linux-3.14.tar.xz
ae2c25e7c53bffaf4e6f951a56eaa8ca645e7125cd28f16f870b7dc8aaa66b49  patch-3.14.37.xz
43ffb9159085c7194a6f3e767cb9fcd6b7a99ec4a79e187714a2714e5ef93970  grsecurity-3.1-3.14.37-201504051405.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
66196a945d55ce0a164dc5a4303db77c1f47641ab8bf7b53e87f3f39bf23f356  kernelconfig.x86
d96e12edb7d6421b26650e280c2d6c4645d5221549295d15b5f6d6daacf215fb  kernelconfig.x86_64
636419c6970c24ae6e02889f641aff606eb237c0ac1796efd992c545f77bc579  kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e  linux-3.14.tar.xz
40439c1262331ffd594a110bab6c2da04abd7718fb3f79661de46e0c7cd99d4d8e003bb412be2348df843d7d9abe310caf1e3cc1ec5343e4b92f0769b9cfada4  patch-3.14.37.xz
a5cd91d5aed495a34393fe0d4a944b4d8f7b7beabdf007c079711699f4d8b8dfa573827aa0358ad9efd4aef49192fa978567ec4f4de93982cf8afd63a90dec63  grsecurity-3.1-3.14.37-201504051405.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
63b99a936f8ca561e42590ec639b2a86face1198c6a05d3450ff275ae3651f142e1a08795064562be7ad228097687f3fd745b19c1cdb0f48dcd1eeb2634fd46c  kernelconfig.x86
f3f86dea3732ce5179aa1b542cdcecbe764b52b1449f1e86dbcf4d2fc3f85df7198f58db9dadb7747c7fbc2a6dcdc914cb1110bc0b669874ebc7062b13dd2e8c  kernelconfig.x86_64
2b8d7afc769398b32eb03850069bde6ddb06ea54deea08d6c85356fb9c9d1d851ff3e72cf55d598aa2c56608efbf1b10e5051f1e07f0178dff5f1aa886fc843d  kernelconfig.armhf"