blob: 02eec6d71ab2b1d740387044c06487d3daec609c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: <bpiotrowski@alpinelinux.org>
_flavor=virt-grsec
pkgname=linux-${_flavor}
pkgver=3.12.7
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=1
pkgdesc="Linux kernel for virtual guests with grsecurity"
url="http://grsecurity.net"
depends="mkinitfs linux-firmware"
makedepends="perl sed installkernel bash gmp-dev bc"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-3.0-$pkgver-201401120824.patch
fix-memory-map-for-PIE-applications.patch
kernelconfig.x86
kernelconfig.x86_64
"
subpackages="$pkgname-dev"
arch="x86 x86_64 arm"
license="GPL-2"
_abi_release=${pkgver}-${pkgrel}-${_flavor}
prepare() {
local _patch_failed=
cd "$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
case $i in
*.patch)
msg "Applying $i..."
if ! patch -s -p1 -N -i "$srcdir"/$i; then
echo $i >>failed
_patch_failed=1
fi
;;
esac
done
if ! [ -z "$_patch_failed" ]; then
error "The following patches failed:"
cat failed
return 1
fi
rm -f localversion*
echo "-$pkgrel-$_flavor" > localversion-alpine
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
cd "$srcdir"/build || return 1
make menuconfig
cp .config "$startdir"/$_config
}
build() {
cd "$srcdir"/build
export GCC_SPECS=hardenednopie.specs
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
|| return 1
}
package() {
cd "$srcdir"/build
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
make -j1 modules_install firmware_install install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot \
|| return 1
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
rm -rf "$pkgdir"/lib/firmware
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
depends="gmp-dev bash"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/$_config "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
md5sums="cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz
a158a29ecf49e768ebd2f34967991606 patch-3.12.7.xz
a90b0bcd0ece5c0bee4fa8155a0122fd grsecurity-3.0-3.12.7-201401120824.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
cc0bc34dd6d4f4396fa70ceaa5aa4a1a kernelconfig.x86
93a67bcefa885e0089247694c3e1fa25 kernelconfig.x86_64"
sha256sums="2e120ec7fde19fa51dc6b6cc11c81860a0775defcad5a5bf910ed9a50e845a02 linux-3.12.tar.xz
ac57d56064bb23dae55fe656c407c662e842c98a6a5411251d6bb79c9718f555 patch-3.12.7.xz
1ff99432fb966b8646bfa73f6828c8e25351afcfac2acbd3f019448926de9278 grsecurity-3.0-3.12.7-201401120824.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
bb7418bfdfbe45476331412b17a06abb08f8a0f44fe8ff978fd3413e8671ae66 kernelconfig.x86
4a11a2edd0dc69687f96f6c80140537b8ba74684244af59a1ffe74cd69712c6c kernelconfig.x86_64"
sha512sums="4ba5797e0772726d05c9f2eee66dc6dc2a5033c749ef44764c805a83da739ed5d0c6443b76785e38fe1ef74cc7ade787e48144faed0cfcb6f124f05248c700ff linux-3.12.tar.xz
070536e1ed0911e91e96f32038b38efd8d531a306b09eb3074f68ebd7c582cf09574ea712666c3e3dff8443d66d054028a58497dd5e11f66d3bb5eb4570aee78 patch-3.12.7.xz
34475fd4f167492550f2cc0df7f0b4eb4f616e1a40d1e914128c20b0ec3a77d7c7a57f1fe7874316e4081ac15d06e4bf33b841477b69757409fe54c4f40d76ce grsecurity-3.0-3.12.7-201401120824.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
b2245e3eeb020651eb36289d658b32a0ace45e00c392113e8589dbc31f5bd602fb3284b915b4924c235c7886f5e773ad731ddb392ca9e7b10528e0344bdafaef kernelconfig.x86
203ef17038ebdb92dbdd6547875816012442f6d4c3d5ea43d9f4898b4c074feda85c485c3bf2aa1b6de127985292aaeef3596e66f06282c7853f9ff7db0a5df4 kernelconfig.x86_64"
|