123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254 |
- # Maintainer: David P. <megver83@parabola.nu>
- # Contributor: André Silva <emulatorman@hyperbola.info>
- # Contributor: Márcio Silva <coadde@hyperbola.info>
- # Based on linux-hardened package
- _replacesarchkernel=('linux%') # '%' gets replaced with kernel suffix
- _replacesoldkernels=() # '%' gets replaced with kernel suffix
- _replacesoldmodules=() # '%' gets replaced with kernel suffix
- pkgbase=linux-libre-hardened
- pkgver=5.11.11.hardened1
- pkgrel=1
- pkgdesc='Security-Hardened Linux-libre'
- url='https://linux-libre.fsfla.org/'
- arch=(x86_64)
- license=(GPL2)
- makedepends=(
- bc kmod libelf pahole cpio perl tar xz
- xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
- )
- options=('!strip')
- _srcname=linux-5.11
- _srctag=${pkgver%.*}-${pkgver##*.}
- source=(
- "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcname##*-}-gnu/linux-libre-${_srcname##*-}-gnu.tar.xz"{,.sign}
- "https://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver%.*}-gnu/patch-${_srcname##*-}-gnu-${pkgver%.*}-gnu.xz"{,.sign}
- "https://github.com/anthraxx/linux-hardened/releases/download/${_srctag}/linux-hardened-${_srctag}.patch"{,.sig}
- "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig}
- config # the main kernel config file
- # maintain the TTY over USB disconnects
- # http://www.coreboot.org/EHCI_Gadget_Debug
- 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
- # fix Atmel maXTouch touchscreen support
- # https://labs.parabola.nu/issues/877
- # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
- 0002-fix-Atmel-maXTouch-touchscreen-support.patch
- # Arch Linux patches
- )
- validpgpkeys=(
- '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
- '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay
- '6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78' # David P.
- 'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
- )
- sha512sums=('3a34006add9ea318b0c2863388925ba34d57d342535b00c9ebc61fbfc69ef206b64af21c35b101466508c4308b5da310743c8add74dd703e259612953104ae43'
- 'SKIP'
- 'b35fc1d243fa3fdfa2b50b8f01ccab297f958f497e58a104da18631fafe3923216f3f1e97b9c2bb9e719c8a7ae8cabe8198a1a82cb5e8e50488b64d7af4dc940'
- 'SKIP'
- '337023919483a10220b8b409d89047ee092202e4fc49af7165311f0793cfd373ab44e384e72dd8bfe886bdd9e0c7ce9bfec90bf9d4eb918ce55a2c5a2c6e8daf'
- 'SKIP'
- '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
- 'SKIP'
- '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
- 'SKIP'
- '267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1'
- 'SKIP'
- '03f76fca489d7203c9ff954c8868213bed0d312bebe1e2172636bb97c5eb61948bdacd48540234224a865fecab2063a5d3b5aa243ae174a760fad7c24601f517'
- '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
- 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168')
-
- _replacesarchkernel=("${_replacesarchkernel[@]/\%/${pkgbase#linux-libre}}")
- _replacesoldkernels=("${_replacesoldkernels[@]/\%/${pkgbase#linux-libre}}")
- _replacesoldmodules=("${_replacesoldmodules[@]/\%/${pkgbase#linux-libre}}")
- export KBUILD_BUILD_HOST=parabola
- export KBUILD_BUILD_USER=$pkgbase
- export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
- prepare() {
- cd $_srcname
- if [ "${_srcname##*-}" != "${pkgver%.*}" ]; then
- echo "Applying upstream patch..."
- patch -Np1 < "../patch-${_srcname##*-}-gnu-${pkgver%.*}-gnu"
- fi
- echo "Adding freedo as boot logo..."
- install -m644 -t drivers/video/logo \
- ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
- echo "Setting version..."
- sed -e "/^-EXTRAVERSION =/s/=/= -gnu/" -i "../linux-hardened-$_srctag.patch"
- scripts/setlocalversion --save-scmversion
- echo "-$pkgrel" > localversion.10-pkgrel
- echo "${pkgbase#linux-libre}" > localversion.20-pkgname
- local src
- for src in "${source[@]}"; do
- src="${src%%::*}"
- src="${src##*/}"
- [[ $src = *.patch ]] || continue
- echo "Applying patch $src..."
- patch -Np1 < "../$src"
- done
- echo "Setting config..."
- cp ../config .config
- make olddefconfig
- make -s kernelrelease > version
- echo "Prepared $pkgbase version $(<version)"
- }
- build() {
- cd $_srcname
- make all
- make htmldocs
- }
- _package() {
- pkgdesc="The $pkgdesc kernel and modules"
- depends=(coreutils kmod initramfs)
- optdepends=('crda: to set the correct wireless channels of your country'
- 'linux-libre-firmware: firmware images needed for some devices'
- 'usbctl: deny_new_usb control')
- provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE)
- provides+=("${_replacesarchkernel[@]/%/=${pkgver%.*}}" "LINUX-ABI_VERSION=${pkgver%.*}")
- conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
- replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
- cd $_srcname
- local kernver="$(<version)"
- local modulesdir="$pkgdir/usr/lib/modules/$kernver"
- echo "Installing boot image..."
- # systemd expects to find the kernel here to allow hibernation
- # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
- install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
- # Used by mkinitcpio to name the kernel
- echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
- echo "Installing modules..."
- make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 modules_install
- # remove build and source links
- rm "$modulesdir"/{source,build}
- }
- _package-headers() {
- pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
- provides=("${_replacesarchkernel[@]/%/-headers=${pkgver%.*}}")
- conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
- replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
-
- cd $_srcname
- local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
- echo "Installing build files..."
- install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
- localversion.* version vmlinux
- install -Dt "$builddir/kernel" -m644 kernel/Makefile
- install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
- cp -t "$builddir" -a scripts
- # add objtool for external module building and enabled VALIDATION_STACK option
- install -Dt "$builddir/tools/objtool" tools/objtool/objtool
- # add xfs and shmem for aufs building
- mkdir -p "$builddir"/{fs/xfs,mm}
- echo "Installing headers..."
- cp -t "$builddir" -a include
- cp -t "$builddir/arch/x86" -a arch/x86/include
- install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
- install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
- install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
- # http://bugs.archlinux.org/task/13146
- install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
- # http://bugs.archlinux.org/task/20402
- install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
- install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
- install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
- echo "Installing KConfig files..."
- find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
- echo "Removing unneeded architectures..."
- local arch
- for arch in "$builddir"/arch/*/; do
- [[ $arch = */x86/ ]] && continue
- echo "Removing $(basename "$arch")"
- rm -r "$arch"
- done
- echo "Removing documentation..."
- rm -r "$builddir/Documentation"
- echo "Removing broken symlinks..."
- find -L "$builddir" -type l -printf 'Removing %P\n' -delete
- echo "Removing loose objects..."
- find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
- echo "Stripping build tools..."
- local file
- while read -rd '' file; do
- case "$(file -bi "$file")" in
- application/x-sharedlib\;*) # Libraries (.so)
- strip -v $STRIP_SHARED "$file" ;;
- application/x-archive\;*) # Libraries (.a)
- strip -v $STRIP_STATIC "$file" ;;
- application/x-executable\;*) # Binaries
- strip -v $STRIP_BINARIES "$file" ;;
- application/x-pie-executable\;*) # Relocatable binaries
- strip -v $STRIP_SHARED "$file" ;;
- esac
- done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
- echo "Stripping vmlinux..."
- strip -v $STRIP_STATIC "$builddir/vmlinux"
- echo "Adding symlink..."
- mkdir -p "$pkgdir/usr/src"
- ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
- }
- _package-docs() {
- pkgdesc="Documentation for the $pkgdesc kernel"
- provides=("${_replacesarchkernel[@]/%/-docs=${pkgver%.*}}")
- conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
- replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
- cd $_srcname
- local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
- echo "Installing documentation..."
- local src dst
- while read -rd '' src; do
- dst="${src#Documentation/}"
- dst="$builddir/Documentation/${dst#output/}"
- install -Dm644 "$src" "$dst"
- done < <(find Documentation -name '.*' -prune -o ! -type d -print0)
- echo "Adding symlink..."
- mkdir -p "$pkgdir/usr/share/doc"
- ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
- }
- pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
- for _p in "${pkgname[@]}"; do
- eval "package_$_p() {
- $(declare -f "_package${_p#$pkgbase}")
- _package${_p#$pkgbase}
- }"
- done
- # vim:set ts=8 sts=2 sw=2 et:
|