blob: 1b009fe5d5380d527bac0fa3782783c24b087dd8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: <bpiotrowski@alpinelinux.org>
_flavor=grsec
pkgname=linux-virt-${_flavor}
pkgver=3.9.8
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=0
pkgdesc="Linux kernel for virtual guests with grsecurity"
url="http://grsecurity.net"
depends="mkinitfs linux-firmware"
makedepends="perl installkernel bash gmp-dev bc"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-2.9.1-3.9.8-201306272057.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
kernelconfig.x86
kernelconfig.x86_64
"
subpackages="$pkgname-dev"
arch="x86 x86_64 arm"
license="GPL-2"
_abi_release=${pkgver}-${pkgrel}-${_flavor}
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
case $i in
*.patch)
msg "Applying $i..."
if ! patch -s -p1 -N -i "$srcdir"/$i; then
echo $i >>failed
_patch_failed=1
fi
;;
esac
done
if ! [ -z "$_patch_failed" ]; then
error "The following patches failed:"
cat failed
return 1
fi
echo "-$pkgrel" > localversion-alpine
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
cd "$srcdir"/build || return 1
make menuconfig
cp .config "$startdir"/$_config
}
build() {
cd "$srcdir"/build
export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
|| return 1
}
package() {
cd "$srcdir"/build
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
make -j1 modules_install firmware_install install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot \
|| return 1
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
rm -rf "$pkgdir"/lib/firmware
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
depends="gmp-dev bash"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/$_config "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
c5f2166686a913abf550bfed8b77df27 patch-3.9.8.xz
53d60133a86b812060b048275f928041 grsecurity-2.9.1-3.9.8-201306272057.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
35bdbb795392104434fdb16e226606bc kernelconfig.x86
3fa1281098783b061581f6c1122edd77 kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
2eda9068e81269467e3c247f3343a146731fc45284b12b4bc546bc44dbb263e7 patch-3.9.8.xz
587022b1fc72157e43011551404c7d664dcc3b6c95b72a853ef2ce721e474057 grsecurity-2.9.1-3.9.8-201306272057.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
ca83354dfd4d2938bad03bd05aa25d6ab7228b289eabd43f10dab5c571f0ec07 kernelconfig.x86
8e64c024e2f8d7d67198ad8c331cd3ef8df40015c85a0b5ef4c2487274404abb kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
60b7d694d39faf937e7b732eb3117b8442059c5c8857c9d439eec8a87d5bc185505e64062f5ae02c3512acf5af778caf615c35d3499cb8089a4569c05da65b9c patch-3.9.8.xz
4ca36180a1fc325a558acf73ec9fe3808542498a8f808f73b87a9f6b05ff290d5a5ab20ce39c547a18ce37d093a9857f5c77c495796e62fef986dfa301a9e566 grsecurity-2.9.1-3.9.8-201306272057.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
ffe76f2a13888c7a54d1dadac09f1220c2423c6883d813ea8b69485d2a855152fe24b5b132d72ac6a1abd66eda5f9592e226bc53afeffd31d285a2cc62fc7d5b kernelconfig.x86
485501f627ab9ac2a3e1ccfdee956989f20d9f0e88b3ed2a7239fb93928d4c054a761306ebccbec9a18ca5dee59b7249cd72add6c65645234798c828afebe52c kernelconfig.x86_64"
|
