summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-lts-grsec-knock/PKGBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-lts-grsec-knock/PKGBUILD')
-rw-r--r--kernels/linux-libre-lts-grsec-knock/PKGBUILD368
1 files changed, 368 insertions, 0 deletions
diff --git a/kernels/linux-libre-lts-grsec-knock/PKGBUILD b/kernels/linux-libre-lts-grsec-knock/PKGBUILD
new file mode 100644
index 000000000..3777f79e7
--- /dev/null
+++ b/kernels/linux-libre-lts-grsec-knock/PKGBUILD
@@ -0,0 +1,368 @@
+# Maintainer (Arch): Daniel Micay <danielmicay@gmail.com>
+# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
+# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>
+# Contributor (Arch): henning mueller <henning@orgizm.net>
+# Contributor (Arch): Thomas Dwyer http://tomd.tel
+# Maintainer: André Silva <emulatorman@parabola.nu>
+# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar>
+# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org>
+# Contributor: Michał Masłowski <mtjm@mtjm.eu>
+# Contributor: Márcio Silva <coadde@parabola.nu>
+# Contributor: Luke Shumaker <lukeshu@sbcglobal.net>
+
+pkgbase=linux-libre-lts-grsec-knock # Build kernel with lts-grsec-knock localname
+_pkgbasever=3.14-gnu
+_pkgver=3.14.18-gnu
+_grsecver=3.0
+_timestamp=201409112236
+_knockpatchver=3.16_1
+
+_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
+_replacesoldkernels=('kernel26%' 'kernel26-libre%') # '%' gets replaced with _kernelname
+_replacesoldmodules=() # '%' gets replaced with _kernelname
+
+_srcname=linux-${_pkgbasever%-*}
+_archpkgver=${_pkgver%-*}.${_timestamp}
+pkgver=${_pkgver//-/_}.${_timestamp}
+pkgrel=1
+arch=('i686' 'x86_64' 'mips64el')
+url="https://grsecurity.net/
+ https://gnunet.org/knock"
+license=('GPL2')
+makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc')
+options=('!strip')
+source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/linux-libre-${_pkgbasever}.tar.xz"
+ "http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgver}/patch-${_pkgbasever}-${_pkgver}.xz"
+ "https://grsecurity.net/stable/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch"
+ "https://grsecurity.net/stable/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch.sig"
+ "http://gnunet.org/sites/default/files/tcp_stealth_${_knockpatchver}.diff"
+ # the main kernel config files
+ 'config.i686' 'config.x86_64' 'config.mips64el'
+ # standard config files for mkinitcpio ramdisk
+ 'linux.preset'
+ 'logo_linux_'{clut224.ppm,vga16.ppm,mono.pbm}
+ 'change-default-console-loglevel.patch'
+ '0001-Bluetooth-allocate-static-minor-for-vhci.patch'
+ '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch'
+ '0003-module-remove-MODULE_GENERIC_TABLE.patch'
+ '0006-genksyms-fix-typeof-handling.patch'
+ # loongson-community patch: http://linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/
+ '3.14.14-a410a5e2b7-loongson-community.patch')
+sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b'
+ 'e7344442b842212a93737f8ca274f224abb52e8aa138568f2330143f7fba22a6'
+ '31619dafd46c21f9ca00ca6da375d6b44880e5686534687aa08760d55fd93b3d'
+ 'SKIP'
+ '70cbe962aa01989ffa83490bb0765d6e4c781f6133dc8d768d84bd6716ac0209'
+ '8a012fbacab94e74c1e07aa4a44fe177647b6b37f9b09f64bde99efb76b72f26'
+ 'c160ace401cdfd7446b167f04f5e0bcdfc788cbfe4dba585d26e765773abfce7'
+ '3f4c729af52c54de47e0e72439412a495a0f0623c09edb56a471fbcc4d239f73'
+ 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c'
+ '074b67818582874146c389c029bc43648d145891a27e47aa2c5c42d3571f0264'
+ '2e87a8ec1cc0c91938cac24992d8a3d4362b3e9d939767e4c9d2ec8e6d969d53'
+ 'f67f60a30bcf2e9a2ba88ad97cace308da7a7f94919bb95c3dc030f5885a8015'
+ 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182'
+ '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02'
+ '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29'
+ '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d'
+ 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7'
+ '3baf1279805edd561e80877a1baf32d98fe07220dc6e7cb4ced73ab531947bc4')
+
+_kernelname=${pkgbase#linux-libre}
+_replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
+_replacesoldkernels=("${_replacesoldkernels[@]/\%/${_kernelname}}")
+_replacesoldmodules=("${_replacesoldmodules[@]/\%/${_kernelname}}")
+
+case "$CARCH" in
+ i686|x86_64) KARCH=x86;;
+ mips64el) KARCH=mips;;
+esac
+
+prepare() {
+ cd "${srcdir}/${_srcname}"
+
+ # add upstream patch
+ if [ "${_pkgbasever}" != "${_pkgver}" ]; then
+ patch -p1 -i "${srcdir}/patch-${_pkgbasever}-${_pkgver}"
+ fi
+
+ # add grsecurity patches
+ patch -Np1 -i "${srcdir}/grsecurity-${_grsecver}-${_pkgver%-*}-${_timestamp}.patch"
+ rm localversion-grsec
+
+ # add knock patch
+ patch -p1 -i "${srcdir}/tcp_stealth_${_knockpatchver}.diff"
+
+ # add freedo as boot logo
+ install -m644 -t drivers/video/logo \
+ "${srcdir}/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}
+
+ # add latest fixes from stable queue, if needed
+ # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
+
+ # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
+ # remove this when a Kconfig knob is made available by upstream
+ # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
+ patch -p1 -i "${srcdir}/change-default-console-loglevel.patch"
+
+ # Fix vhci warning in kmod (to restore every kernel maintainer's sanity)
+ patch -p1 -i "${srcdir}/0001-Bluetooth-allocate-static-minor-for-vhci.patch"
+
+ # Fix atkbd aliases
+ patch -p1 -i "${srcdir}/0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch"
+ patch -p1 -i "${srcdir}/0003-module-remove-MODULE_GENERIC_TABLE.patch"
+
+ # Fix generation of symbol CRCs
+ # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18
+ patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch"
+
+ # Adding loongson-community patch
+ if [ "${CARCH}" == "mips64el" ]; then
+ patch -p1 -i ${srcdir}/3.14.14-a410a5e2b7-loongson-community.patch
+ fi
+
+ cat "${srcdir}/config.${CARCH}" > ./.config
+
+ # append pkgrel to extraversion
+ sed -ri "s|^(EXTRAVERSION =.*\S).*|\1-${_timestamp}-${pkgrel}|" Makefile
+
+ # don't run depmod on 'make install'. We'll do this ourselves in packaging
+ sed -i '2iexit 0' scripts/depmod.sh
+
+ # get kernel version
+ make prepare
+
+ # load configuration
+ # Configure the kernel. Replace the line below with one of your choice.
+ #make menuconfig # CLI menu for configuration
+ #make nconfig # new CLI menu for configuration
+ #make xconfig # X-based configuration
+ #make oldconfig # using old config from previous kernel version
+ # ... or manually edit .config
+
+ # rewrite configuration
+ yes "" | make config >/dev/null
+}
+
+build() {
+ cd "${srcdir}/${_srcname}"
+
+ make ${MAKEFLAGS} LOCALVERSION= bzImage modules
+}
+
+_package() {
+ pkgdesc="The ${pkgbase^} kernel and modules - stable longtime supported kernel package suitable for servers with grsecurity/PaX patches and support for stealth TCP sockets"
+ [ "${pkgbase}" = "linux-libre" ] && groups=('base')
+ depends=('coreutils' 'linux-firmware' 'kmod' 'grsec-common' 'mkinitcpio>=0.7')
+ optdepends=('crda: to set the correct wireless channels of your country'
+ 'gradm: to configure and enable Role Based Access Control (RBAC)'
+ 'paxd: to enable PaX exploit mitigations and apply exceptions automatically')
+ provides=("${_replacesarchkernel[@]/%/=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
+ replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
+ backup=("etc/mkinitcpio.d/${pkgbase}.preset")
+ install=linux.install
+
+ cd "${srcdir}/${_srcname}"
+
+ # get kernel version
+ _kernver="$(make LOCALVERSION= kernelrelease)"
+ _basekernel=${_kernver%%-*}
+ _basekernel=${_basekernel%.*}
+
+ mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot}
+ make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install
+ cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
+
+ # set correct depmod command for install
+ cp -f "${startdir}/${install}" "${startdir}/${install}.pkg"
+ true && install=${install}.pkg
+ sed \
+ -e "s/KERNEL_NAME=.*/KERNEL_NAME=${_kernelname}/" \
+ -e "s/KERNEL_VERSION=.*/KERNEL_VERSION=${_kernver}/" \
+ -i "${startdir}/${install}"
+
+ # install mkinitcpio preset file for kernel
+ install -D -m644 "${srcdir}/linux.preset" "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+ sed \
+ -e "1s|'linux.*'|'${pkgbase}'|" \
+ -e "s|ALL_kver=.*|ALL_kver=\"/boot/vmlinuz-${pkgbase}\"|" \
+ -e "s|default_image=.*|default_image=\"/boot/initramfs-${pkgbase}.img\"|" \
+ -e "s|fallback_image=.*|fallback_image=\"/boot/initramfs-${pkgbase}-fallback.img\"|" \
+ -i "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
+
+ # remove build and source links
+ rm -f "${pkgdir}"/lib/modules/${_kernver}/{source,build}
+ # remove the firmware
+ rm -rf "${pkgdir}/lib/firmware"
+ # gzip -9 all modules to save 100MB of space
+ find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \;
+ # make room for external modules
+ ln -s "../extramodules-${_basekernel}${_kernelname}" "${pkgdir}/lib/modules/${_kernver}/extramodules"
+ # add real version for building modules and running depmod from post_install/upgrade
+ mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}"
+ echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname}/version"
+
+ # Now we call depmod...
+ depmod -b "${pkgdir}" -F System.map "${_kernver}"
+
+ # move module tree /lib -> /usr/lib
+ mkdir -p "${pkgdir}/usr"
+ mv "${pkgdir}/lib" "${pkgdir}/usr/"
+
+ # add vmlinux
+ install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux"
+
+ # add grsecurity gcc plugins
+ mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc"
+ cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+ cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+ install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/"
+ mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin"
+ install -m644 tools/gcc/size_overflow_plugin/Makefile tools/gcc/size_overflow_plugin/*.so \
+ "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/size_overflow_plugin"
+}
+
+_package-headers() {
+ pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel"
+ provides=("${_replacesarchkernel[@]/%/-headers=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
+ replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
+
+ install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}"
+
+ cd "${srcdir}/${_srcname}"
+ install -D -m644 Makefile \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile"
+ install -D -m644 kernel/Makefile \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile"
+ install -D -m644 .config \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/.config"
+
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include"
+
+ for i in acpi asm-generic config crypto drm generated keys linux math-emu \
+ media net pcmcia scsi sound trace uapi video xen; do
+ cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/"
+ done
+
+ # copy arch includes for external modules
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}"
+ cp -a arch/${KARCH}/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+
+ # copy files necessary for later builds
+ cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build"
+
+ # fix permissions on scripts dir
+ chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions"
+
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel"
+
+ cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+
+ if [ "${CARCH}" = "i686" ]; then
+ cp arch/${KARCH}/Makefile_32.cpu "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/"
+ fi
+
+ cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/"
+
+ # add docbook makefile
+ install -D -m644 Documentation/DocBook/Makefile \
+ "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+
+ # add dm headers
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
+ cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md"
+
+ # add inotify.h
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux"
+ cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/"
+
+ # add wireless headers
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
+ cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/"
+
+ # add dvb headers for external modules
+ # in reference to:
+ # http://bugs.archlinux.org/task/9912
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core"
+ cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/"
+ # and...
+ # http://bugs.archlinux.org/task/11194
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
+ cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/"
+
+ # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new
+ # in reference to:
+ # http://bugs.archlinux.org/task/13146
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
+ cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+ cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/"
+
+ # add dvb headers
+ # in reference to:
+ # http://bugs.archlinux.org/task/20402
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb"
+ cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends"
+ cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners"
+ cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/"
+
+ # add xfs and shmem for aufs building
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs"
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm"
+ cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h"
+
+ # copy in Kconfig files
+ for i in $(find . -name "Kconfig*"); do
+ mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'`
+ cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}"
+ done
+
+ chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \;
+
+ # strip scripts directory
+ find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do
+ case "$(file -bi "${binary}")" in
+ *application/x-sharedlib*) # Libraries (.so)
+ /usr/bin/strip ${STRIP_SHARED} "${binary}";;
+ *application/x-archive*) # Libraries (.a)
+ /usr/bin/strip ${STRIP_STATIC} "${binary}";;
+ *application/x-executable*) # Binaries
+ /usr/bin/strip ${STRIP_BINARIES} "${binary}";;
+ esac
+ done
+
+ # remove unneeded architectures
+ find "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch -mindepth 1 -maxdepth 1 -type d -not -name "$KARCH" -exec rm -rf {} +
+}
+
+_package-docs() {
+ pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel"
+ provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
+ conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
+ replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
+
+ cd "${srcdir}/${_srcname}"
+
+ mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build"
+ find "${pkgdir}" -type f -exec chmod 444 {} \;
+ find "${pkgdir}" -type d -exec chmod 755 {} \;
+
+ # remove a file already in linux package
+ rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile"
+}
+
+pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
+for _p in ${pkgname[@]}; do
+ eval "package_${_p}() {
+ _package${_p#${pkgbase}}
+ }"
+done
+
+# vim:set ts=8 sts=2 sw=2 et: