diff options
Diffstat (limited to 'kernels/linux-libre-grsec-knock')
-rw-r--r-- | kernels/linux-libre-grsec-knock/PKGBUILD | 163 | ||||
-rw-r--r-- | kernels/linux-libre-grsec-knock/linux.install | 40 |
2 files changed, 39 insertions, 164 deletions
diff --git a/kernels/linux-libre-grsec-knock/PKGBUILD b/kernels/linux-libre-grsec-knock/PKGBUILD index f3a710ed1..0c58a7edf 100644 --- a/kernels/linux-libre-grsec-knock/PKGBUILD +++ b/kernels/linux-libre-grsec-knock/PKGBUILD @@ -29,7 +29,7 @@ url="https://wiki.parabola.nu/Grsecurity%2BKnock" license=('GPL2') makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') if [ "${CARCH}" = "armv7h" ]; then - makedepends+=('git' 'uboot-tools') + makedepends+=('git') fi options=('!strip') source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz" @@ -128,7 +128,6 @@ prepare() { patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff" if [ "${CARCH}" = "armv7h" ]; then - # RCN patch (CM3 firmware deblobbed) git apply -v "${srcdir}/rcn-libre-grsec-${_pkgver%-*}-${rcnrel}.patch" @@ -197,24 +196,17 @@ build() { _package() { pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches and support for stealth TCP sockets" [ "${pkgbase}" = "linux-libre" ] && groups=('base') - depends=('coreutils' 'linux-libre-firmware' 'kmod' 'grsec-common') + depends=('coreutils' 'linux-libre-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7') optdepends=('crda: to set the correct wireless channels of your country' 'gradm: to configure and enable Role Based Access Control (RBAC)' 'paxd-libre: to enable PaX exploit mitigations and apply exceptions automatically' 'systemd-knock: to use system and service manager with TCP Stealth support' 'openssh-knock: to use SSH with TCP Stealth support') - if [ "${CARCH}" = "armv7h" ]; then - provides=("${_replacesarchkernel}") - conflicts=("${_replacesarchkernel}") - replaces=("${_replacesarchkernel}") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}") - elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then - depends+=('mkinitcpio>=0.7') - provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}") - conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") - replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") - backup=("etc/mkinitcpio.d/${pkgbase}.preset") - fi + provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") + replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}") + [ "${CARCH}" = "armv7h" ] && conflicts+=("${_replacesarchkernel}-uimage") && replaces+=("${_replacesarchkernel}-uimage") + backup=("etc/mkinitcpio.d/${pkgbase}.preset") install=linux.install cd "${srcdir}/${_srcname}" @@ -226,12 +218,12 @@ _package() { mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} if [ "${CARCH}" = "armv7h" ]; then - mkdir -p "${pkgdir}"/boot/dtbs + mkdir -p "${pkgdir}/boot/dtbs/${pkgbase}" fi make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install if [ "${CARCH}" = "armv7h" ]; then - cp arch/$KARCH/boot/zImage "${pkgdir}/boot/zImage" - cp arch/$KARCH/boot/dts/*.dtb "${pkgdir}/boot/dtbs" + cp arch/$KARCH/boot/zImage "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp arch/$KARCH/boot/dts/*.dtb "${pkgdir}/boot/dtbs/${pkgbase}" elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" fi @@ -244,25 +236,19 @@ _package() { -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \ -i "${startdir}/${install}" - if [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then - # install mkinitcpio preset file for kernel - install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" - sed \ - -e "1s|'linux.*'|'${pkgbase}'|" \ - -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ - -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ - -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ - -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" - fi + # install mkinitcpio preset file for kernel + install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + sed \ + -e "1s|'linux.*'|'${pkgbase}'|" \ + -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \ + -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \ + -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \ + -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" # remove build and source links rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build} # remove the firmware rm -rf "${pkgdir}/lib/firmware" - if [ "${CARCH}" = "armv7h" ]; then - # gzip -9 all modules to save 100MB of space - find "${pkgdir}" -name '*.ko' |xargs -P 2 -n 1 gzip -9 - fi # make room for external modules ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules" # add real version for building modules and running depmod from post_install/upgrade @@ -278,7 +264,7 @@ _package() { if [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then # add vmlinux - install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" + install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" # add grsecurity gcc plugins mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc" @@ -293,16 +279,9 @@ _package() { _package-headers() { pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel" - if [ "${CARCH}" = "armv7h" ]; then - provides=("${_replacesarchkernel}-headers") - conflicts=("${_replacesarchkernel}-headers") - replaces=("${_replacesarchkernel}-headers") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-headers") - elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then - provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}") - conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") - replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") - fi + provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") + replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}") install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" @@ -428,16 +407,9 @@ _package-headers() { _package-docs() { pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel" - if [ "${CARCH}" = "armv7h" ]; then - provides=("${_replacesarchkernel}-docs") - conflicts=("${_replacesarchkernel}-docs") - replaces=("${_replacesarchkernel}-docs") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-docs") - elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then - provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}") - conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") - replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") - fi + provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}") + conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") + replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}") cd "${srcdir}/${_srcname}" @@ -450,92 +422,7 @@ _package-docs() { rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" } -_package-smileplug() { - pkgdesc="The ${pkgbase^} kernel - Marvell SMILE Plug" - arch=('armv7h') - depends=("${pkgbase}") - provides=("${_replacesarchkernel}-uimage") - conflicts=("${_replacesarchkernel}-uimage") - replaces=("${_replacesarchkernel}-uimage") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage") - - cd "${srcdir}/${_srcname}" - - mkdir -p "${pkgdir}/boot" - cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/armada-370-smileplug.dtb > myimage - mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage" -} - -_package-mirabox() { - pkgdesc="The ${pkgbase^} kernel - Globalscale Mirabox" - arch=('armv7h') - depends=("${pkgbase}") - provides=("${_replacesarchkernel}-uimage") - conflicts=("${_replacesarchkernel}-uimage") - replaces=("${_replacesarchkernel}-uimage") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage") - - cd "${srcdir}/${_srcname}" - - mkdir -p "${pkgdir}/boot" - cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/armada-370-mirabox.dtb > myimage - mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage" -} - -_package-ax3() { - pkgdesc="The ${pkgbase^} kernel - OpenBlocks AX3-4" - arch=('armv7h') - depends=("${pkgbase}") - provides=("${_replacesarchkernel}-uimage") - conflicts=("${_replacesarchkernel}-uimage") - replaces=("${_replacesarchkernel}-uimage") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage") - - cd "${srcdir}/${_srcname}" - - mkdir -p "${pkgdir}/boot" - cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/armada-xp-openblocks-ax3-4.dtb > myimage - mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage" -} - -_package-d3plug() { - pkgdesc="The ${pkgbase^} kernel - Globalscale D3Plug" - arch=('armv7h') - depends=("${pkgbase}") - provides=("${_replacesarchkernel}-uimage") - conflicts=("${_replacesarchkernel}-uimage") - replaces=("${_replacesarchkernel}-uimage") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage") - - cd "${srcdir}/${_srcname}" - - mkdir -p "${pkgdir}/boot" - cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/dove-d3plug.dtb > myimage - mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage" -} - -_package-cubox() { - pkgdesc="The ${pkgbase^} kernel - SolidRun Cubox (Marvell)" - arch=('armv7h') - depends=("${pkgbase}") - provides=("${_replacesarchkernel}-uimage") - conflicts=("${_replacesarchkernel}-uimage") - replaces=("${_replacesarchkernel}-uimage") - [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage") - - cd "${srcdir}/${_srcname}" - - mkdir -p "${pkgdir}/boot" - cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/dove-cubox.dtb > myimage - mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage" -} - pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs") - -if [ "${CARCH}" = "armv7h" ]; then - pkgname+=("${pkgbase}-smileplug" "${pkgbase}-mirabox" "${pkgbase}-ax3" "${pkgbase}-d3plug" "${pkgbase}-cubox") -fi - for _p in ${pkgname[@]}; do eval "package_${_p}() { $(declare -f "_package${_p#${pkgbase}}") diff --git a/kernels/linux-libre-grsec-knock/linux.install b/kernels/linux-libre-grsec-knock/linux.install index 1602f25cb..70e177ef2 100644 --- a/kernels/linux-libre-grsec-knock/linux.install +++ b/kernels/linux-libre-grsec-knock/linux.install @@ -8,42 +8,30 @@ post_install () { # updating module dependencies echo ">>> Updating module dependencies. Please wait ..." depmod ${KERNEL_VERSION} - if [ "$(uname -m)" = "armv7h" ]; then - echo "NOTE: Using this kernel requires an updated U-Boot!" - elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then - echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." - mkinitcpio -p linux-libre${KERNEL_NAME} - fi + echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." + mkinitcpio -p linux-libre${KERNEL_NAME} } post_upgrade() { - if [ "$(uname -m)" = "armv7h" ]; then - # updating module dependencies - echo ">>> Updating module dependencies. Please wait ..." - depmod ${KERNEL_VERSION} - elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then - if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then - echo "WARNING: /boot appears to be a separate partition but is not mounted." - fi + if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then + echo "WARNING: /boot appears to be a separate partition but is not mounted." + fi - # updating module dependencies - echo ">>> Updating module dependencies. Please wait ..." - depmod ${KERNEL_VERSION} - echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." - mkinitcpio -p linux-libre${KERNEL_NAME} + # updating module dependencies + echo ">>> Updating module dependencies. Please wait ..." + depmod ${KERNEL_VERSION} + echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." + mkinitcpio -p linux-libre${KERNEL_NAME} - if [ $(vercmp $2 3.13) -lt 0 ]; then - echo ">>> WARNING: AT keyboard support is no longer built into the kernel." - echo ">>> In order to use your keyboard during early init, you MUST" - echo ">>> include the 'keyboard' hook in your mkinitcpio.conf." - fi + if [ $(vercmp $2 3.13) -lt 0 ]; then + echo ">>> WARNING: AT keyboard support is no longer built into the kernel." + echo ">>> In order to use your keyboard during early init, you MUST" + echo ">>> include the 'keyboard' hook in your mkinitcpio.conf." fi } -if [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then post_remove() { # also remove the compat symlinks rm -f boot/initramfs-linux-libre${KERNEL_NAME}.img rm -f boot/initramfs-linux-libre${KERNEL_NAME}-fallback.img } -fi |