aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/APKBUILD
blob: 3d3f2248fb9cb4d1b6b9d92c7360d0026844936a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=3.18.13
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.13-201505021013-alpine.patch

	fix-memory-map-for-PIE-applications.patch
	fix-spi-nor-namespace-clash.patch
	imx6q-no-unclocked-sleep.patch

	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
	"
subpackages="$pkgname-dev"
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

arch="x86 x86_64 armhf"
license="GPL-2"

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/${i##*/}; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	# remove localversion from patch if any
	rm -f localversion*

	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
}

build() {
	export GCC_SPECS=hardenednopie.specs
	for i in $_flavors; do
		cd "$srcdir"/build-$i
		make CC="${CC:-gcc}" \
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
}

_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}

	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
		|| return 1

	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware

	install -D include/config/kernel.release \
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
}

# we only provide -dev for main flavor for now
dev() {
	local _abi_release=${pkgver}-${pkgrel}-$_mainflavor
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/config-grsec.${CARCH} "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build-$_mainflavor/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
1fab44780052ccc19f103468d7c23284  patch-3.18.13.xz
b8f2be8eae2da28c076f68d6dcf98186  grsecurity-3.1-3.18.13-201505021013-alpine.patch
c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
b0337a2a9abed17c37eae5db332522d2  fix-spi-nor-namespace-clash.patch
1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
797644a9dda4436978498045ef7095b1  config-grsec.x86
9476dc4a1d21009764680816fde71152  config-grsec.x86_64
6af88f5e681a237e3c58e8154a40fb47  config-grsec.armhf
18cb4521f9a8847637292f9f4c9e8256  config-virtgrsec.x86
2408367e7833084385bff42995dfcd3a  config-virtgrsec.x86_64"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd  linux-3.18.tar.xz
d9191eb7fa47e95c81945e561cdf35bb12fcdd2bbf12f37f60533cbf57be429c  patch-3.18.13.xz
0cc009d6a2eb2a348268c28269f675160a23068d2306d6b9ff97495b2cf4ab4e  grsecurity-3.1-3.18.13-201505021013-alpine.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc  fix-spi-nor-namespace-clash.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
096425842c0c84c063fff14108630f49d32f64e970027e0f2050ce76558c05db  config-grsec.x86
18cc34f2d603baf82af7093daaf024d74047506154e53de27fb49ba65a2551d1  config-grsec.x86_64
c796c15a32c848cfd6b67c2f22273fb3e26872f9325a6564f316b17b947eeaaf  config-grsec.armhf
47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f  config-virtgrsec.x86
0ebd5cf41a8c22fb8fe0c19d38833dc3e2b0b5e58b098e31315fcb766a18570e  config-virtgrsec.x86_64"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009  linux-3.18.tar.xz
4d85a6a64b2d07b94b817fd4c3e0406910dd7d2028e58cfb13cf04d9ebb3bfe0f99148742489e2d5a72d93018c85adbf0e37bd068c01084d305574a9c49f9dff  patch-3.18.13.xz
7ff5f078d8288f98ac501e80b3c05ec537f0a2a0b40f98ffaa226bb301c85eee11c81f744388951b7126396029207cc43666daa80827ef4d339d8ddb3b90e7b1  grsecurity-3.1-3.18.13-201505021013-alpine.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164  fix-spi-nor-namespace-clash.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
ee88d6b3984a97f18d721d49ae76b302a80d4c0f8779d580199d35869358423e22895b1245725d345b6c99714844444ab9c433281f129347e4d5510336ca9cff  config-grsec.x86
20ba11b7b2d874a354aa4c364cac6885863deddd4c166ad98e0d5dcb24d102b0e3875eef60a252e1bedb1526fd25e11721c78e6ca50baf5fc4a9ec58e1c3b1a2  config-grsec.x86_64
a54a297c3e0700242b1745d5377fa16585bec0b2d9e94b0bf3a4afee04a193413441e850e1233664d2692833245f7994ce5166fe99513d9a8247c9cdf9f87200  config-grsec.armhf
c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9  config-virtgrsec.x86
0d1a243b87ec7ba7fa7d1ba1608c6bbce1cecf0b19c912f596c5574f5bc027eb71b07ed28afefc7c209bb718e137b6e11ffb3172deb41cc61f022e32acd8022e  config-virtgrsec.x86_64"