blob: ece603c86222f3c8b9f385cef058cba845a71bd4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.21
_kernver=2.6.32
pkgrel=6
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel"
options="!strip"
_config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.2.0-2.6.32.21-201009201707.patch
0001-grsec-revert-conflicting-flow-cache-changes.patch
0002-gre-fix-hard-header-destination-address-checking.patch
0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
0004-arp-flush-arp-cache-on-device-change.patch
0007-r8169-Fix-rtl8169_rx_interrupt.patch
0009-ipsec-Fix-bogus-bundle-flowi.patch
0010-xfrm-Remove-xfrm_state_genid.patch
0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch
0013-flow-structurize-flow-cache.patch
0014-flow-virtualize-flow-cache-entry-methods.patch
0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch
0016-xfrm-remove-policy-garbage-collection.patch
0017-flow-delayed-deletion-of-flow-cache-entries.patch
0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
0019-ipv4-check-rt_genid-in-dst_check.patch
0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
xfrm-fix-policy-unreferencing-on-larval-drop.patch
r8169-fix-random-mdio_write-failures.patch
r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
r8169-fix-rx-checksum-offload.patch
x86-setup-When-restoring-the-screen-update-boot_params-screen_info.patch
r8169-add-gro-support.patch
hv-grsec.patch
kernelconfig.x86
"
subpackages="$pkgname-dev linux-firmware:firmware"
license="GPL-2"
_abi_release=${pkgver}-${_flavor}
prepare() {
cd "$srcdir"/linux-$_kernver
if [ "$_kernver" != "$pkgver" ]; then
bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
fi
# first apply patches in specified order
for i in $source; do
case $i in
*.patch)
msg "Applying $i..."
patch -s -p1 -N < "$srcdir"/$i || return 1
;;
esac
done
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
cd "$srcdir"/build || return 1
make menuconfig
cp .config "$startdir"/$_config
}
build() {
cd "$srcdir"/build
make CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
|| return 1
}
package() {
cd "$srcdir"/build
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
make modules_install install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/$_config "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
firmware() {
pkgdesc="Firmware for linux kernel"
replaces="linux-grsec linux-vserver"
mkdir -p "$subpkgdir"/lib
mv "$pkgdir"/lib/firmware "$subpkgdir"/lib/
}
md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
29aa10a231882a6e52908642b572326f patch-2.6.32.21.bz2
a9512a62a10f22fa6a065dadcd538203 grsecurity-2.2.0-2.6.32.21-201009201707.patch
1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
5f8b9a76d95319c5b1aa26b54a42e6b5 0007-r8169-Fix-rtl8169_rx_interrupt.patch
cf168620efa63479a6e03da78906e32f 0009-ipsec-Fix-bogus-bundle-flowi.patch
3af4b5ae1afae3278b0070f585b874e3 0010-xfrm-Remove-xfrm_state_genid.patch
9f284c3fd5ab38cef4544efc1f50c6ba 0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
b035114e893883cf67530350678e00f5 0012-xfrm-remove-policy-lock-when-accessing-policy-walk.d.patch
9dea03ec19aaf9a384e4f56f57009257 0013-flow-structurize-flow-cache.patch
fc9ab26abbfec0d3f20000b5e695620b 0014-flow-virtualize-flow-cache-entry-methods.patch
c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-for-outgoing-.patch
41618efb65ab9ddacfb59a1cde9b4edd 0016-xfrm-remove-policy-garbage-collection.patch
3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch
45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch
edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
b39bccb5a1124f5a3f2f209edb21aba5 0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch
b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
0ccecafd4123dcad0b0cd7787553d734 r8169-fix-rx-checksum-offload.patch
a1bcf76870b63a4a4035a8948fb758e2 x86-setup-When-restoring-the-screen-update-boot_params-screen_info.patch
139b39da44ecb577275be53d7d365949 r8169-add-gro-support.patch
bf14850a0036d14bc6177adbdec23a17 hv-grsec.patch
ca9c63def600e77ca3cb7e822c239083 kernelconfig.x86"
|