main/linux-virt-grsec/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_flavor=grsec
pkgname=linux-virt-${_flavor}
pkgver=3.9.4
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=3
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel bash gmp-dev bc"
options="!strip"
_config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	grsecurity-2.9.1-3.9.4-201306011536.patch

	v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
	leds-leds-gpio-reserve-gpio-before-using-it.patch
	ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
	RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch

	kernelconfig.x86
	kernelconfig.x86_64
	"
subpackages="$pkgname-dev"
arch="x86 x86_64 arm"
license="GPL-2"

_abi_release=${pkgver}-${pkgrel}-${_flavor}

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/$i; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	echo "-$pkgrel" > localversion-alpine

	mkdir -p "$srcdir"/build
	cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
		silentoldconfig
}

# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
	cd "$srcdir"/build || return 1
	make menuconfig
	cp .config "$startdir"/$_config
}

build() {
	cd "$srcdir"/build
	export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
	make CC="${CC:-gcc}" \
		KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
		|| return 1
}

package() {
	cd "$srcdir"/build
	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
	make -j1 modules_install firmware_install install \
		INSTALL_MOD_PATH="$pkgdir" \
		INSTALL_PATH="$pkgdir"/boot \
		|| return 1

	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
		"$pkgdir"/lib/modules/${_abi_release}/source
	rm -rf "$pkgdir"/lib/firmware

	install -D include/config/kernel.release \
		"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}

dev() {
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/$_config "$dir"/.config
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts 

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="4348c9b6b2eb3144d601e87c19d5d909  linux-3.9.tar.xz
922c4553299e6692a28761d3032fc012  patch-3.9.4.xz
08c33c99cb779ebd296d2b274c2deeda  grsecurity-2.9.1-3.9.4-201306011536.patch
699e92148cc9a55b6fc4d7d81e476717  v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
83db7136608d8101ae130728539dc376  leds-leds-gpio-reserve-gpio-before-using-it.patch
ac9a50bdbe91ba6e5205e83f7e734ff5  ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
12d3647755bebcd3b114f50de2729455  RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
2adad7226254e2c6c6c309e6f2100188  kernelconfig.x86
308c29b96e311b3bbe5c01ee77c9cc71  kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541  linux-3.9.tar.xz
694ea0d527556c5a214597596f37cdb598d2a0652d6f5e86b8c0de718990ccec  patch-3.9.4.xz
3bf95754ba94f3dfa7a91d92726e83c9092feab9e990f70d31bc52974bff27b0  grsecurity-2.9.1-3.9.4-201306011536.patch
8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3  v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4  leds-leds-gpio-reserve-gpio-before-using-it.patch
ab0dcb52342990ad05af5ce21acd1e95fb65cc7e76ec98e45c7ece7433bc9f23  ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
667babfafe4dc3449cd04853f532712188af557cbac41c461cf8236c4238f5a3  RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
dab9b80e559c4d9658dc858cdca66fdabfc7ac090e8a83c5d098065a4a32b547  kernelconfig.x86
78852eac782c207a7488549bac06c8e6a01014efc9ead2ff9835cfc7743a851c  kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790  linux-3.9.tar.xz
2a2eb511a610e8e3ddbc38b8bce0b96e60875009b7981542c98f0de3a601632a205fa9f90c6912094196dbda6536083b3990b28204c243a406f5595c40df0965  patch-3.9.4.xz
eb326ded756cbe086c7999c5a982b6b695ae8ee3c25523a22acd480d97de0603d86eeef5252fe957ed5ccd4e7736db271a253264108e757b23a9bd3e82b32529  grsecurity-2.9.1-3.9.4-201306011536.patch
772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b  v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d  leds-leds-gpio-reserve-gpio-before-using-it.patch
769291e92f2f5ae5375d98b80bf8790b089c87437f1660cf8d5e9d45d7221280b6824bcb1d2564cbe12310a88df48443c56ecc9ce5468858829088221aa80327  ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
d35c939967d5696e477e2c5181f96e9cb92e1db88477576615f36209d276e0a2a866111d43e4abe076c455e32b063d6a97d42e5bc9ca04702d78b13826bf3afb  RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
7ee22fe997767502a46338d2fa1921cf5a285372facb316eed76f85c7f1e480cef64e6a2c361e2c08136d3ceae8bcc1897d420ecc70fc84e9c81040728c34e85  kernelconfig.x86
9d394eaab29b1557a486346079920ca909e66f1fd76c90c1b4713de31c248d0bf19cb9170917149f7a634d7701b425b9777c92bd70dffdb2a4212a7373478fba  kernelconfig.x86_64"