aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/APKBUILD
blob: 5db237bc1a4404816059ab5cf12150f26782b2a9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.9.16
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
	mpc1-dev elfutils-dev"
options="!strip"
install=
source="https://kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
	https://kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
	http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201703180820.patch

	zfs-fix.patch
	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
	"
subpackages="$pkgname-dev:_dev linux-virtgrsec-dev:_dev"
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

arch="x86 x86_64 armhf"
license="GPL2"

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		local file=${i%::*}
		case $file in
		*.patch)
			msg "Applying $file..."
			if ! patch -s -p1 -N -i "$srcdir"/${file##*/}; then
				echo $file >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	# remove localversion from patch if any
	rm -f localversion*

	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
}

build() {
	for i in $_flavors; do
		cd "$srcdir"/build-$i
		make CC="${CC:-gcc}" \
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
}

_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}

	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
		|| return 1

	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware

	install -D include/config/kernel.release \
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
	depends="$depends linux-firmware"
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
}

_dev() {
	local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
	local _abi_release=${pkgver}-${pkgrel}-$_flavor
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for $_flavor kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/config-$_flavor.${CARCH} "$dir"/.config
	echo "-$pkgrel-$_flavor" > "$dir"/localversion-alpine \
		|| return 1
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts

	# remove the stuff that points to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
	cd "$srcdir"/linux-$_kernver
	find .  -path './include/*' -prune \
		-o -path './scripts/*' -prune -o -type f \
		\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
		   -name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
		-print | cpio -pdm "$dir" || return 1

	cp -a scripts include "$dir" || return 1
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build-$_flavor/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a  linux-4.9.tar.xz
ccb50acfc83ece070594773f6f3c0e43c349f2dc65e889d9f03752afb2a3b5c9db7e9d2c61da2c9d774dad7556f163ea9fdf2b3690e4e74ef669259520dbd65f  patch-4.9.16.xz
143f273955872ba12f205a1ecc42511f569379f63cad0ff1f0964d3448619395a7700ae3791c3a5e16bc03e45458d4486215e3e490b0ba5e04e26c774e624f42  grsecurity-3.1-4.9.16-201703180820.patch
5a0a78e6de11eb8180d96830b9faa9ac560586f7beb663c8196a16ac6232b5008b9181b3c9b94e2b13a444acba4b6e80a3408d34606432f92eb4d169c3953d5d  zfs-fix.patch
bb967f6116d1f076ec5517ed907cd0cfe02ffb7fd80bf6769c9eb581431d7989452f355579e977124d41ee506904da8fd11ac6934f45393590daf28bddf98054  config-grsec.x86
1f7604d6aa922dd5af55b6ee87dda246798befc9ca38879220781ca06c04da9eab00788f46121c710d53c701ed81a6f6ba3223d751c10b32c1b9940779df8381  config-grsec.x86_64
0b14dc2d522daa10d102a10d79af242ac80631131f2748188d66964e94a95f0437458f280d9bdb302548b25c4bd1c2aecdbb619be9ba599ffd9b56fa16d6a277  config-grsec.armhf
1de874523eee031c2efadfb6f7ddb86bb303b9f61d1a022e4e922f6365c3a667c2a1fdb61570a95a05c6c45689796e355eae9579e567790b757ae2a09f6be8c4  config-virtgrsec.x86
0570f4ad5af0d6e3cbf50d9e3a7d6dab8d7cba85693037e70dbee73aa1e4fc66cb217e1ef8e4a0ceb4073ffb6ada8201775bafe8401dc6dff5c07ac3bbe0f8f0  config-virtgrsec.x86_64"
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 16:09:22 +0000