summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-grsec-knock
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-grsec-knock')
-rw-r--r--kernels/linux-libre-grsec-knock/PKGBUILD163
-rw-r--r--kernels/linux-libre-grsec-knock/linux.install40
2 files changed, 39 insertions, 164 deletions
diff --git a/kernels/linux-libre-grsec-knock/PKGBUILD b/kernels/linux-libre-grsec-knock/PKGBUILD
index f3a710ed1..0c58a7edf 100644
--- a/kernels/linux-libre-grsec-knock/PKGBUILD
+++ b/kernels/linux-libre-grsec-knock/PKGBUILD
@@ -29,7 +29,7 @@ url="https://wiki.parabola.nu/Grsecurity%2BKnock"
license=('GPL2')
makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc')
if [ "${CARCH}" = "armv7h" ]; then
- makedepends+=('git' 'uboot-tools')
+ makedepends+=('git')
fi
options=('!strip')
source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz"
@@ -128,7 +128,6 @@ prepare() {
patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff"
if [ "${CARCH}" = "armv7h" ]; then
-
# RCN patch (CM3 firmware deblobbed)
git apply -v "${srcdir}/rcn-libre-grsec-${_pkgver%-*}-${rcnrel}.patch"
@@ -197,24 +196,17 @@ build() {
_package() {
pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches and support for stealth TCP sockets"
[ "${pkgbase}" = "linux-libre" ] && groups=('base')
- depends=('coreutils' 'linux-libre-firmware' 'kmod' 'grsec-common')
+ depends=('coreutils' 'linux-libre-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7')
optdepends=('crda: to set the correct wireless channels of your country'
'gradm: to configure and enable Role Based Access Control (RBAC)'
'paxd-libre: to enable PaX exploit mitigations and apply exceptions automatically'
'systemd-knock: to use system and service manager with TCP Stealth support'
'openssh-knock: to use SSH with TCP Stealth support')
- if [ "${CARCH}" = "armv7h" ]; then
- provides=("${_replacesarchkernel}")
- conflicts=("${_replacesarchkernel}")
- replaces=("${_replacesarchkernel}")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}")
- elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
- depends+=('mkinitcpio>=0.7')
- provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}")
- conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
- replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
- backup=("etc/mkinitcpio.d/${pkgbase}.preset")
- fi
+ provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
+ replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
+ [ "${CARCH}" = "armv7h" ] && conflicts+=("${_replacesarchkernel}-uimage") && replaces+=("${_replacesarchkernel}-uimage")
+ backup=("etc/mkinitcpio.d/${pkgbase}.preset")
install=linux.install
cd "${srcdir}/${_srcname}"
@@ -226,12 +218,12 @@ _package() {
mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot}
if [ "${CARCH}" = "armv7h" ]; then
- mkdir -p "${pkgdir}"/boot/dtbs
+ mkdir -p "${pkgdir}/boot/dtbs/${pkgbase}"
fi
make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install
if [ "${CARCH}" = "armv7h" ]; then
- cp arch/$KARCH/boot/zImage "${pkgdir}/boot/zImage"
- cp arch/$KARCH/boot/dts/*.dtb "${pkgdir}/boot/dtbs"
+ cp arch/$KARCH/boot/zImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
+ cp arch/$KARCH/boot/dts/*.dtb "${pkgdir}/boot/dtbs/${pkgbase}"
elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
fi
@@ -244,25 +236,19 @@ _package() {
-e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \
-i "${startdir}/${install}"
- if [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
- # install mkinitcpio preset file for kernel
- install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
- sed \
- -e "1s|'linux.*'|'${pkgbase}'|" \
- -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \
- -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \
- -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \
- -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
- fi
+ # install mkinitcpio preset file for kernel
+ install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+ sed \
+ -e "1s|'linux.*'|'${pkgbase}'|" \
+ -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \
+ -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \
+ -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \
+ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
# remove build and source links
rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build}
# remove the firmware
rm -rf "${pkgdir}/lib/firmware"
- if [ "${CARCH}" = "armv7h" ]; then
- # gzip -9 all modules to save 100MB of space
- find "${pkgdir}" -name '*.ko' |xargs -P 2 -n 1 gzip -9
- fi
# make room for external modules
ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules"
# add real version for building modules and running depmod from post_install/upgrade
@@ -278,7 +264,7 @@ _package() {
if [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
# add vmlinux
- install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux"
+ install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux"
# add grsecurity gcc plugins
mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc"
@@ -293,16 +279,9 @@ _package() {
_package-headers() {
pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel"
- if [ "${CARCH}" = "armv7h" ]; then
- provides=("${_replacesarchkernel}-headers")
- conflicts=("${_replacesarchkernel}-headers")
- replaces=("${_replacesarchkernel}-headers")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-headers")
- elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
- provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}")
- conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
- replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
- fi
+ provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
+ replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}"
@@ -428,16 +407,9 @@ _package-headers() {
_package-docs() {
pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel"
- if [ "${CARCH}" = "armv7h" ]; then
- provides=("${_replacesarchkernel}-docs")
- conflicts=("${_replacesarchkernel}-docs")
- replaces=("${_replacesarchkernel}-docs")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-docs")
- elif [ "${CARCH}" = "x86_64" ] || [ "${CARCH}" = "i686" ]; then
- provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
- conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
- replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
- fi
+ provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
+ replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
cd "${srcdir}/${_srcname}"
@@ -450,92 +422,7 @@ _package-docs() {
rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
}
-_package-smileplug() {
- pkgdesc="The ${pkgbase^} kernel - Marvell SMILE Plug"
- arch=('armv7h')
- depends=("${pkgbase}")
- provides=("${_replacesarchkernel}-uimage")
- conflicts=("${_replacesarchkernel}-uimage")
- replaces=("${_replacesarchkernel}-uimage")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage")
-
- cd "${srcdir}/${_srcname}"
-
- mkdir -p "${pkgdir}/boot"
- cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/armada-370-smileplug.dtb > myimage
- mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage"
-}
-
-_package-mirabox() {
- pkgdesc="The ${pkgbase^} kernel - Globalscale Mirabox"
- arch=('armv7h')
- depends=("${pkgbase}")
- provides=("${_replacesarchkernel}-uimage")
- conflicts=("${_replacesarchkernel}-uimage")
- replaces=("${_replacesarchkernel}-uimage")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage")
-
- cd "${srcdir}/${_srcname}"
-
- mkdir -p "${pkgdir}/boot"
- cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/armada-370-mirabox.dtb > myimage
- mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage"
-}
-
-_package-ax3() {
- pkgdesc="The ${pkgbase^} kernel - OpenBlocks AX3-4"
- arch=('armv7h')
- depends=("${pkgbase}")
- provides=("${_replacesarchkernel}-uimage")
- conflicts=("${_replacesarchkernel}-uimage")
- replaces=("${_replacesarchkernel}-uimage")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage")
-
- cd "${srcdir}/${_srcname}"
-
- mkdir -p "${pkgdir}/boot"
- cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/armada-xp-openblocks-ax3-4.dtb > myimage
- mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage"
-}
-
-_package-d3plug() {
- pkgdesc="The ${pkgbase^} kernel - Globalscale D3Plug"
- arch=('armv7h')
- depends=("${pkgbase}")
- provides=("${_replacesarchkernel}-uimage")
- conflicts=("${_replacesarchkernel}-uimage")
- replaces=("${_replacesarchkernel}-uimage")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage")
-
- cd "${srcdir}/${_srcname}"
-
- mkdir -p "${pkgdir}/boot"
- cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/dove-d3plug.dtb > myimage
- mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage"
-}
-
-_package-cubox() {
- pkgdesc="The ${pkgbase^} kernel - SolidRun Cubox (Marvell)"
- arch=('armv7h')
- depends=("${pkgbase}")
- provides=("${_replacesarchkernel}-uimage")
- conflicts=("${_replacesarchkernel}-uimage")
- replaces=("${_replacesarchkernel}-uimage")
- [ "${pkgbase}" != "linux-libre" ] && conflicts+=("${_replacesarchkernel%${_kernelname}}-uimage")
-
- cd "${srcdir}/${_srcname}"
-
- mkdir -p "${pkgdir}/boot"
- cat arch/$KARCH/boot/zImage arch/$KARCH/boot/dts/dove-cubox.dtb > myimage
- mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n "${pkgbase}" -d myimage "${pkgdir}/boot/uImage"
-}
-
pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
-
-if [ "${CARCH}" = "armv7h" ]; then
- pkgname+=("${pkgbase}-smileplug" "${pkgbase}-mirabox" "${pkgbase}-ax3" "${pkgbase}-d3plug" "${pkgbase}-cubox")
-fi
-
for _p in ${pkgname[@]}; do
eval "package_${_p}() {
$(declare -f "_package${_p#${pkgbase}}")
diff --git a/kernels/linux-libre-grsec-knock/linux.install b/kernels/linux-libre-grsec-knock/linux.install
index 1602f25cb..70e177ef2 100644
--- a/kernels/linux-libre-grsec-knock/linux.install
+++ b/kernels/linux-libre-grsec-knock/linux.install
@@ -8,42 +8,30 @@ post_install () {
# updating module dependencies
echo ">>> Updating module dependencies. Please wait ..."
depmod ${KERNEL_VERSION}
- if [ "$(uname -m)" = "armv7h" ]; then
- echo "NOTE: Using this kernel requires an updated U-Boot!"
- elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
- echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
- mkinitcpio -p linux-libre${KERNEL_NAME}
- fi
+ echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
+ mkinitcpio -p linux-libre${KERNEL_NAME}
}
post_upgrade() {
- if [ "$(uname -m)" = "armv7h" ]; then
- # updating module dependencies
- echo ">>> Updating module dependencies. Please wait ..."
- depmod ${KERNEL_VERSION}
- elif [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
- if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then
- echo "WARNING: /boot appears to be a separate partition but is not mounted."
- fi
+ if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then
+ echo "WARNING: /boot appears to be a separate partition but is not mounted."
+ fi
- # updating module dependencies
- echo ">>> Updating module dependencies. Please wait ..."
- depmod ${KERNEL_VERSION}
- echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
- mkinitcpio -p linux-libre${KERNEL_NAME}
+ # updating module dependencies
+ echo ">>> Updating module dependencies. Please wait ..."
+ depmod ${KERNEL_VERSION}
+ echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
+ mkinitcpio -p linux-libre${KERNEL_NAME}
- if [ $(vercmp $2 3.13) -lt 0 ]; then
- echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
- echo ">>> In order to use your keyboard during early init, you MUST"
- echo ">>> include the 'keyboard' hook in your mkinitcpio.conf."
- fi
+ if [ $(vercmp $2 3.13) -lt 0 ]; then
+ echo ">>> WARNING: AT keyboard support is no longer built into the kernel."
+ echo ">>> In order to use your keyboard during early init, you MUST"
+ echo ">>> include the 'keyboard' hook in your mkinitcpio.conf."
fi
}
-if [ "$(uname -m)" = "x86_64" ] || [ "$(uname -m)" = "i686" ]; then
post_remove() {
# also remove the compat symlinks
rm -f boot/initramfs-linux-libre${KERNEL_NAME}.img
rm -f boot/initramfs-linux-libre${KERNEL_NAME}-fallback.img
}
-fi