summaryrefslogtreecommitdiffstats
path: root/main/linux-virt-grsec/APKBUILD
diff options
context:
space:
mode:
authorBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2013-06-07 16:58:41 +0200
committerBartłomiej Piotrowski <bpiotrowski@alpinelinux.org>2013-06-07 16:58:41 +0200
commit301569cd28d3c4762cbe4e3881a32b6bf75bc3d8 (patch)
treed4d3d708c49f4c197265e643c353337b5e58f627 /main/linux-virt-grsec/APKBUILD
parent6e93ecc0689c6f8effe251d39e7820c06d536704 (diff)
downloadaports-301569cd28d3c4762cbe4e3881a32b6bf75bc3d8.tar.bz2
aports-301569cd28d3c4762cbe4e3881a32b6bf75bc3d8.tar.xz
main/linux-virt-grsec: moved from testing
Diffstat (limited to 'main/linux-virt-grsec/APKBUILD')
-rw-r--r--main/linux-virt-grsec/APKBUILD175
1 files changed, 175 insertions, 0 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
new file mode 100644
index 000000000..e1baab928
--- /dev/null
+++ b/main/linux-virt-grsec/APKBUILD
@@ -0,0 +1,175 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=grsec
+pkgname=linux-virt-${_flavor}
+pkgver=3.9.4
+case $pkgver in
+*.*.*) _kernver=${pkgver%.*};;
+*.*) _kernver=${pkgver};;
+esac
+pkgrel=3
+pkgdesc="Linux kernel with grsecurity"
+url=http://grsecurity.net
+depends="mkinitfs linux-firmware"
+makedepends="perl installkernel bash gmp-dev bc"
+options="!strip"
+_config=${config:-kernelconfig.${CARCH}}
+install=
+source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
+ http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
+ grsecurity-2.9.1-3.9.4-201306011536.patch
+
+ v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+ leds-leds-gpio-reserve-gpio-before-using-it.patch
+ ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+ RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+
+ kernelconfig.x86
+ kernelconfig.x86_64
+ "
+subpackages="$pkgname-dev"
+arch="x86 x86_64 arm"
+license="GPL-2"
+
+_abi_release=${pkgver}-${pkgrel}-${_flavor}
+
+prepare() {
+ local _patch_failed=
+ cd "$srcdir"/linux-$_kernver
+ if [ "${pkgver%.0}" = "$pkgver" ]; then
+ msg "Applying patch-$pkgver.xz"
+ unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
+ fi
+
+ # first apply patches in specified order
+ for i in $source; do
+ case $i in
+ *.patch)
+ msg "Applying $i..."
+ if ! patch -s -p1 -N -i "$srcdir"/$i; then
+ echo $i >>failed
+ _patch_failed=1
+ fi
+ ;;
+ esac
+ done
+
+ if ! [ -z "$_patch_failed" ]; then
+ error "The following patches failed:"
+ cat failed
+ return 1
+ fi
+
+ echo "-$pkgrel" > localversion-alpine
+
+ mkdir -p "$srcdir"/build
+ cp "$srcdir"/$_config "$srcdir"/build/.config || return 1
+ make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
+ silentoldconfig
+}
+
+# this is so we can do: 'abuild menuconfig' to reconfigure kernel
+menuconfig() {
+ cd "$srcdir"/build || return 1
+ make menuconfig
+ cp .config "$startdir"/$_config
+}
+
+build() {
+ cd "$srcdir"/build
+ export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
+ make CC="${CC:-gcc}" \
+ KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
+ || return 1
+}
+
+package() {
+ cd "$srcdir"/build
+ mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
+ make -j1 modules_install firmware_install install \
+ INSTALL_MOD_PATH="$pkgdir" \
+ INSTALL_PATH="$pkgdir"/boot \
+ || return 1
+
+ rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
+ "$pkgdir"/lib/modules/${_abi_release}/source
+ rm -rf "$pkgdir"/lib/firmware
+
+ install -D include/config/kernel.release \
+ "$pkgdir"/usr/share/kernel/$_flavor/kernel.release
+}
+
+dev() {
+ # copy the only the parts that we really need for build 3rd party
+ # kernel modules and install those as /usr/src/linux-headers,
+ # simlar to what ubuntu does
+ #
+ # this way you dont need to install the 300-400 kernel sources to
+ # build a tiny kernel module
+ #
+ pkgdesc="Headers and script for third party modules for grsec kernel"
+ depends="gmp-dev bash"
+ local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
+
+ # first we import config, run prepare to set up for building
+ # external modules, and create the scripts
+ mkdir -p "$dir"
+ cp "$srcdir"/$_config "$dir"/.config
+ make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
+ silentoldconfig prepare modules_prepare scripts
+
+ # remove the stuff that poits to real sources. we want 3rd party
+ # modules to believe this is the soruces
+ rm "$dir"/Makefile "$dir"/source
+
+ # copy the needed stuff from real sources
+ #
+ # this is taken from ubuntu kernel build script
+ # http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
+ cd "$srcdir"/linux-$_kernver
+ find . -path './include/*' -prune -o -path './scripts/*' -prune \
+ -o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
+ -o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
+ -o -name '*.lds' \) | cpio -pdm "$dir"
+ cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
+ cp -a drivers/media/video/*.h "$dir"/drivers/media/video
+ cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
+ cp -a scripts include "$dir"
+ find $(find arch -name include -type d -print) -type f \
+ | cpio -pdm "$dir"
+
+ install -Dm644 "$srcdir"/build/Module.symvers \
+ "$dir"/Module.symvers
+
+ mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
+ ln -sf /usr/src/linux-headers-${_abi_release} \
+ "$subpkgdir"/lib/modules/${_abi_release}/build
+}
+
+md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
+922c4553299e6692a28761d3032fc012 patch-3.9.4.xz
+08c33c99cb779ebd296d2b274c2deeda grsecurity-2.9.1-3.9.4-201306011536.patch
+699e92148cc9a55b6fc4d7d81e476717 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch
+ac9a50bdbe91ba6e5205e83f7e734ff5 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+12d3647755bebcd3b114f50de2729455 RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+2adad7226254e2c6c6c309e6f2100188 kernelconfig.x86
+308c29b96e311b3bbe5c01ee77c9cc71 kernelconfig.x86_64"
+sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
+694ea0d527556c5a214597596f37cdb598d2a0652d6f5e86b8c0de718990ccec patch-3.9.4.xz
+3bf95754ba94f3dfa7a91d92726e83c9092feab9e990f70d31bc52974bff27b0 grsecurity-2.9.1-3.9.4-201306011536.patch
+8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch
+ab0dcb52342990ad05af5ce21acd1e95fb65cc7e76ec98e45c7ece7433bc9f23 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+667babfafe4dc3449cd04853f532712188af557cbac41c461cf8236c4238f5a3 RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+dab9b80e559c4d9658dc858cdca66fdabfc7ac090e8a83c5d098065a4a32b547 kernelconfig.x86
+78852eac782c207a7488549bac06c8e6a01014efc9ead2ff9835cfc7743a851c kernelconfig.x86_64"
+sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
+2a2eb511a610e8e3ddbc38b8bce0b96e60875009b7981542c98f0de3a601632a205fa9f90c6912094196dbda6536083b3990b28204c243a406f5595c40df0965 patch-3.9.4.xz
+eb326ded756cbe086c7999c5a982b6b695ae8ee3c25523a22acd480d97de0603d86eeef5252fe957ed5ccd4e7736db271a253264108e757b23a9bd3e82b32529 grsecurity-2.9.1-3.9.4-201306011536.patch
+772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
+10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch
+769291e92f2f5ae5375d98b80bf8790b089c87437f1660cf8d5e9d45d7221280b6824bcb1d2564cbe12310a88df48443c56ecc9ce5468858829088221aa80327 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+d35c939967d5696e477e2c5181f96e9cb92e1db88477576615f36209d276e0a2a866111d43e4abe076c455e32b063d6a97d42e5bc9ca04702d78b13826bf3afb RFC-net-ipv4-Use-next-hop-exceptions-also-for-input-routes.patch
+7ee22fe997767502a46338d2fa1921cf5a285372facb316eed76f85c7f1e480cef64e6a2c361e2c08136d3ceae8bcc1897d420ecc70fc84e9c81040728c34e85 kernelconfig.x86
+9d394eaab29b1557a486346079920ca909e66f1fd76c90c1b4713de31c248d0bf19cb9170917149f7a634d7701b425b9777c92bd70dffdb2a4212a7373478fba kernelconfig.x86_64"