main/linux-virtgrsec/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: <bpiotrowski@alpinelinux.org>

_flavor=virtgrsec
pkgname=linux-${_flavor}
pkgver=3.18.8
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=0
pkgdesc="Linux kernel for virtual guests with grsecurity"
url="http://grsecurity.net"
depends="mkinitfs linux-firmware"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	grsecurity-3.1-3.18.8-201502271843.patch
	fix-memory-map-for-PIE-applications.patch
	imx6q-no-unclocked-sleep.patch

	kernelconfig.x86
	kernelconfig.x86_64
	"
subpackages="$pkgname-dev"
arch="x86 x86_64"
license="GPL-2"

_abi_release=${pkgver}-${pkgrel}-${_flavor}

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/$i; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	rm -f localversion*
	echo "-$pkgrel-$_flavor" > localversion-alpine

	mkdir -p "$srcdir"/build
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
		silentoldconfig
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
	cd "$srcdir"/build || return 1
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
	export GCC_SPECS=hardenednopie.specs
	make CC="${CC:-gcc}" \
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
}

package() {
	cd "$srcdir"/build
	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
	make -j1 modules_install firmware_install install \
		INSTALL_MOD_PATH="$pkgdir" \
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1

	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
	rm -rf "$pkgdir"/lib/firmware

	install -D include/config/kernel.release \
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}

dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/$_config "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts 

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
b7bd36ce9f4bff165ee776e2b9263257  patch-3.18.8.xz
f78dc7e1f77db3049de30f4d498fb2bc  grsecurity-3.1-3.18.8-201502271843.patch
c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
4938a7329976fd579206cb814ee75ef6  kernelconfig.x86
54daab617c2eab14d08afed2c8321620  kernelconfig.x86_64"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd  linux-3.18.tar.xz
c392e435661b8afebffb4c2badf6a82c3c559dee07d13f76450c952ea8ebb3e3  patch-3.18.8.xz
904daa25b3ac3d23e06c65164d1456a629499dc989f1c62c255250da6a2c404e  grsecurity-3.1-3.18.8-201502271843.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
baa8e42965fb7e4ab66f99eca6d5959c13919cdc67d31d949da4831b9a4addfa  kernelconfig.x86
9bfda1dcffa2401e515d57991f105632bd20d316acc4807388f3a04e4879688e  kernelconfig.x86_64"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009  linux-3.18.tar.xz
11a075e08f03a33af57a2225b29e0db3d422467dcb23439faa1510e89770ba74af08bc01d9a43caf58c130d5261c13f9b3f018020e40cbfe8ef4411d545331a2  patch-3.18.8.xz
8b487ce70a308d8c27b7b6ed85e6cdee373ff1e7a79711b9c5b3b814b7a54ae8c8ff8cb36ac487c6663d5afb5248ea157e608a463ea35067bec5280c61811ed6  grsecurity-3.1-3.18.8-201502271843.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
b0f57415a3b29a6e8d414fd2701cabd789d33e1a8ce9278d8e6653acbcf8fe199bf75c3bfb61330f1c1c50d2480d24b74615b65f4bc1300bfcf0a517fa05989f  kernelconfig.x86
ae0a4b3bec8498a4d836ca6097092d0e1e147dad1d94920b440226ff56100478d10d7589ffedad51d61d60082992ce6311c4a86f94550dc552d1e355fb73563c  kernelconfig.x86_64"