summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiklós Tóth2020-08-16 17:32:18 +0200
committerMiklós Tóth2020-08-16 17:32:18 +0200
commitb7cd869f974464266bad5dac7002262ae8c9db5d (patch)
tree5cde5e8637eff83611315d3275edf8a1ed12626a
downloadaur-b7cd869f974464266bad5dac7002262ae8c9db5d.tar.gz
update
-rw-r--r--.SRCINFO50
-rw-r--r--0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch133
-rw-r--r--PKGBUILD339
-rwxr-xr-xchoose-gcc-optimization.sh118
4 files changed, 640 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 00000000000..24d2d81812c
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,50 @@
+pkgbase = linux-xanmod-anbox
+ pkgdesc = Linux Xanmod with ashmem and binder enabled for Anbox
+ pkgver = 5.8.1
+ pkgrel = 1
+ url = http://www.xanmod.org/
+ arch = x86_64
+ license = GPL2
+ makedepends = xmlto
+ makedepends = kmod
+ makedepends = inetutils
+ makedepends = bc
+ makedepends = libelf
+ makedepends = cpio
+ makedepends = python-sphinx
+ makedepends = python-sphinx_rtd_theme
+ makedepends = graphviz
+ makedepends = imagemagick
+ options = !strip
+ source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.8.tar.xz
+ source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.8.tar.sign
+ source = https://github.com/xanmod/linux/releases/download/5.8.1-xanmod1/patch-5.8.1-xanmod1.xz
+ source = choose-gcc-optimization.sh
+ source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch::https://aur.archlinux.org/cgit/aur.git/plain/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck&id=616ec1bb1f2c0fc42b6fb5c20995996897b4f43b
+ validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
+ validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
+ sha256sums = e7f75186aa0642114af8f19d99559937300ca27acaf7451b36d4f9b0f85cf1f5
+ sha256sums = SKIP
+ sha256sums = a6818ddb680d60af84ccbd3edb0156d5ff87dc29c6727207dc54d12512aec77e
+ sha256sums = 2c7369218e81dee86f8ac15bda741b9bb34fa9cefcb087760242277a8207d511
+ sha256sums = 6c66dba73251440352f93ff32b72f5dd49536d0f17ef9347867660fd3a626991
+
+pkgname = linux-xanmod-anbox
+ pkgdesc = The Linux kernel and modules with Xanmod patches
+ depends = coreutils
+ depends = kmod
+ depends = initramfs
+ optdepends = crda: to set the correct wireless channels of your country
+ optdepends = linux-firmware: firmware images needed for some devices
+ provides = linux
+ provides = linux-xanmod-anbox-git
+ conflicts = linux-xanmod-anbox-git
+ replaces = linux-xanmod-anbox-git
+
+pkgname = linux-xanmod-anbox-headers
+ pkgdesc = Header files and scripts for building modules for Xanmod Linux kernel
+ provides = linux-headers
+ provides = linux-xanmod-anbox-git-headers
+ conflicts = linux-xanmod-anbox-git-headers
+ replaces = linux-xanmod-anbox-git-headers
+
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch
new file mode 100644
index 00000000000..d7dee55dde5
--- /dev/null
+++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch
@@ -0,0 +1,133 @@
+From a8d736bad70d4062a14c29bdcbed71bef7b575f5 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Mon, 16 Sep 2019 04:53:20 +0200
+Subject: [PATCH 01/15] ZEN: Add sysctl and CONFIG to disallow unprivileged
+ CLONE_NEWUSER
+
+Our default behavior continues to match the vanilla kernel.
+---
+ init/Kconfig | 16 ++++++++++++++++
+ kernel/fork.c | 15 +++++++++++++++
+ kernel/sysctl.c | 12 ++++++++++++
+ kernel/user_namespace.c | 7 +++++++
+ 4 files changed, 50 insertions(+)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index b4daad2bac23..362f82c5ec07 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1118,6 +1118,22 @@ config USER_NS
+
+ If unsure, say N.
+
++config USER_NS_UNPRIVILEGED
++ bool "Allow unprivileged users to create namespaces"
++ default y
++ depends on USER_NS
++ help
++ When disabled, unprivileged users will not be able to create
++ new namespaces. Allowing users to create their own namespaces
++ has been part of several recent local privilege escalation
++ exploits, so if you need user namespaces but are
++ paranoid^Wsecurity-conscious you want to disable this.
++
++ This setting can be overridden at runtime via the
++ kernel.unprivileged_userns_clone sysctl.
++
++ If unsure, say Y.
++
+ config PID_NS
+ bool "PID Namespaces"
+ default y
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 755d8160e001..ed909f8050b2 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -106,6 +106,11 @@
+
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/task.h>
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#else
++#define unprivileged_userns_clone 0
++#endif
+
+ /*
+ * Minimum number of threads to boot the kernel
+@@ -1779,6 +1784,10 @@ static __latent_entropy struct task_struct *copy_process(
+ if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+ return ERR_PTR(-EINVAL);
+
++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
++ if (!capable(CAP_SYS_ADMIN))
++ return ERR_PTR(-EPERM);
++
+ /*
+ * Thread groups must share signals as well, and detached threads
+ * can only be started up within the thread group.
+@@ -2836,6 +2845,12 @@ int ksys_unshare(unsigned long unshare_flags)
+ if (unshare_flags & CLONE_NEWNS)
+ unshare_flags |= CLONE_FS;
+
++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
++ err = -EPERM;
++ if (!capable(CAP_SYS_ADMIN))
++ goto bad_unshare_out;
++ }
++
+ err = check_unshare_flags(unshare_flags);
+ if (err)
+ goto bad_unshare_out;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index 70665934d53e..9797869ed829 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -111,6 +111,10 @@
+ static int sixty = 60;
+ #endif
+
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#endif
++
+ static int __maybe_unused neg_one = -1;
+ static int __maybe_unused two = 2;
+ static int __maybe_unused four = 4;
+@@ -1881,6 +1885,15 @@
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
++#endif
++#ifdef CONFIG_USER_NS
++ {
++ .procname = "unprivileged_userns_clone",
++ .data = &unprivileged_userns_clone,
++ .maxlen = sizeof(int),
++ .mode = 0644,
++ .proc_handler = proc_dointvec,
++ },
+ #endif
+ #ifdef CONFIG_PROC_SYSCTL
+ {
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 8eadadc478f9..c36ecd19562c 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -21,6 +21,13 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
+
++/* sysctl */
++#ifdef CONFIG_USER_NS_UNPRIVILEGED
++int unprivileged_userns_clone = 1;
++#else
++int unprivileged_userns_clone;
++#endif
++
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+
+--
+2.25.0
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 00000000000..2952f212a3d
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,339 @@
+# Maintainer: Joan Figueras <ffigue at gmail dot com>
+# Contributor: Torge Matthies <openglfreak at googlemail dot com>
+# Contributor: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
+# Contributor: Yoshi2889 <rick.2889 at gmail dot com>
+# Contributor: Tobias Powalowski <tpowa@archlinux.org>
+# Contributor: Thomas Baechler <thomas@archlinux.org>
+
+##
+## The following variables can be customized at build time. Use env or export to change at your wish
+##
+## Example: env _microarchitecture=25 use_numa=n use_tracers=n use_pds=n makepkg -sc
+##
+## Look inside 'choose-gcc-optimization.sh' to choose your microarchitecture
+## Valid numbers between: 0 to 42
+## Default is: 0 => generic
+## Good option if your package is for one machine: 42 => native
+if [ -z ${_microarchitecture+x} ]; then
+ _microarchitecture=0
+fi
+
+## Disable NUMA since most users do not have multiple processors. Breaks CUDA/NvEnc.
+## Archlinux and Xanmod enable it by default.
+## Set variable "use_numa" to: n to disable (possibly increase performance)
+## y to enable (stock default)
+if [ -z ${use_numa+x} ]; then
+ use_numa=y
+fi
+
+## For performance you can disable FUNCTION_TRACER/GRAPH_TRACER. Limits debugging and analyzing of the kernel.
+## Stock Archlinux and Xanmod have this enabled.
+## Set variable "use_tracers" to: n to disable (possibly increase performance)
+## y to enable (stock default)
+if [ -z ${use_tracers+x} ]; then
+ use_tracers=y
+fi
+
+## Enable PDS CPU scheduler by default https://gitlab.com/alfredchen/linux-pds
+## Set variable "use_pds" to: n to disable (stock Xanmod)
+## y to enable
+if [ -z ${use_pds+x} ]; then
+ use_pds=n
+fi
+
+## Enable CONFIG_USER_NS_UNPRIVILEGED flag https://aur.archlinux.org/cgit/aur.git/tree/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck
+## Set variable "use_ns" to: n to disable (stock Xanmod)
+## y to enable (stock Archlinux)
+if [ -z ${use_ns+x} ]; then
+ use_ns=n
+fi
+
+# Compile ONLY used modules to VASTLYreduce the number of modules built
+# and the build time.
+#
+# To keep track of which modules are needed for your specific system/hardware,
+# give module_db script a try: https://aur.archlinux.org/packages/modprobed-db
+# This PKGBUILD read the database kept if it exists
+#
+# More at this wiki page ---> https://wiki.archlinux.org/index.php/Modprobed-db
+if [ -z ${_localmodcfg} ]; then
+ _localmodcfg=n
+fi
+
+# Tweak kernel options prior to a build via nconfig
+_makenconfig=
+
+### IMPORTANT: Do no edit below this line unless you know what you're doing
+
+pkgbase=linux-xanmod-anbox
+pkgver=5.8.1
+_major=5.8
+_branch=5.x
+xanmod=1
+pkgrel=${xanmod}
+pkgdesc='Linux Xanmod with ashmem and binder enabled for Anbox'
+url="http://www.xanmod.org/"
+arch=(x86_64)
+
+license=(GPL2)
+makedepends=(
+ xmlto kmod inetutils bc libelf cpio
+ python-sphinx python-sphinx_rtd_theme graphviz imagemagick
+)
+options=('!strip')
+_srcname="linux-${pkgver}-xanmod${xanmod}"
+
+source=("https://cdn.kernel.org/pub/linux/kernel/v${_branch}/linux-${_major}.tar."{xz,sign}
+ "https://github.com/xanmod/linux/releases/download/${pkgver}-xanmod${xanmod}/patch-${pkgver}-xanmod${xanmod}.xz"
+ choose-gcc-optimization.sh
+ '0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch::https://aur.archlinux.org/cgit/aur.git/plain/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck&id=616ec1bb1f2c0fc42b6fb5c20995996897b4f43b')
+validpgpkeys=(
+ 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linux Torvalds
+ '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
+)
+
+# Archlinux patches
+_commits=""
+for _patch in $_commits; do
+ source+=("${_patch}.patch::https://git.archlinux.org/linux.git/patch/?id=${_patch}")
+done
+
+
+sha256sums=('e7f75186aa0642114af8f19d99559937300ca27acaf7451b36d4f9b0f85cf1f5'
+ 'SKIP'
+ 'a6818ddb680d60af84ccbd3edb0156d5ff87dc29c6727207dc54d12512aec77e'
+ '2c7369218e81dee86f8ac15bda741b9bb34fa9cefcb087760242277a8207d511'
+ '6c66dba73251440352f93ff32b72f5dd49536d0f17ef9347867660fd3a626991')
+
+export KBUILD_BUILD_HOST=${KBUILD_BUILD_HOST:-archlinux}
+export KBUILD_BUILD_USER=${KBUILD_BUILD_USER:-makepkg}
+export KBUILD_BUILD_TIMESTAMP=${KBUILD_BUILD_TIMESTAMP:-$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})}
+
+prepare() {
+ cd linux-${_major}
+
+ # Apply Xanmod patch
+ patch -Np1 -i ../patch-${pkgver}-xanmod${xanmod}
+
+ msg2 "Setting version..."
+ scripts/setlocalversion --save-scmversion
+ echo "-$pkgrel" > localversion.10-pkgrel
+ echo "${pkgbase#linux}" > localversion.20-pkgname
+
+ # Archlinux patches
+ local src
+ for src in "${source[@]}"; do
+ src="${src%%::*}"
+ src="${src##*/}"
+ [[ $src = *.patch ]] || continue
+ msg2 "Applying patch $src..."
+ patch -Np1 < "../$src"
+ done
+
+ # CONFIG_STACK_VALIDATION gives better stack traces. Also is enabled in all official kernel packages by Archlinux team
+ scripts/config --enable CONFIG_STACK_VALIDATION
+
+ # Anbox compatibility
+ msg2 "Enabling ashmem and binder modules"
+ scripts/config --enable CONFIG_ASHMEM
+ scripts/config --enable CONFIG_ANDROID
+ scripts/config --enable CONFIG_ANDROID_BINDER_IPC
+ scripts/config --enable CONFIG_ANDROID_BINDERFS
+ scripts/config --set-str CONFIG_ANDROID_BINDER_DEVICES "binder,hwbinder,vndbinder"
+
+ # Enable IKCONFIG following Arch's philosophy
+ scripts/config --enable CONFIG_IKCONFIG \
+ --enable CONFIG_IKCONFIG_PROC
+
+ # User set. See at the top of this file
+ if [ "$use_tracers" = "n" ]; then
+ msg2 "Disabling FUNCTION_TRACER/GRAPH_TRACER..."
+ scripts/config --disable CONFIG_FUNCTION_TRACER \
+ --disable CONFIG_STACK_TRACER
+ fi
+
+ if [ "$use_numa" = "n" ]; then
+ msg2 "Disabling NUMA..."
+ scripts/config --disable CONFIG_NUMA
+ fi
+
+ if [ "$use_pds" = "y" ]; then
+ msg2 "Enabling PDS CPU scheduler by default..."
+ scripts/config --enable CONFIG_SCHED_PDS
+ fi
+
+ if [ "$use_ns" = "n" ]; then
+ msg2 "Disabling CONFIG_USER_NS_UNPRIVILEGED"
+ scripts/config --disable CONFIG_USER_NS_UNPRIVILEGED
+ fi
+
+ # Let's user choose microarchitecture optimization in GCC
+ sh ${srcdir}/choose-gcc-optimization.sh $_microarchitecture
+
+ # This is intended for the people that want to build this package with their own config
+ # Put the file "myconfig" at the package folder to use this feature
+ # If it's a full config, will be replaced
+ # If not, you should use scripts/config commands, one by line
+ if [ -f "${startdir}/myconfig" ]; then
+ if [ $(wc -l < "${startdir}/myconfig") -gt 1000 ]; then
+ # myconfig is a full config file. Replace it
+ msg2 "Using user CUSTOM config..."
+ cp -f "${startdir}"/myconfig .config
+ else
+ # myconfig is a partial file. Applying every line
+ msg2 "Applying configs..."
+ cat "${startdir}"/myconfig | while read -r _linec ; do
+ if echo "$_linec" | grep "scripts/config" ; then
+ set -- $_linec
+ "$@"
+ else
+ warning "Line format incorrect, ignoring..."
+ fi
+ done
+ fi
+ echo
+ fi
+
+ make olddefconfig
+
+ ### Optionally load needed modules for the make localmodconfig
+ # See https://aur.archlinux.org/packages/modprobed-db
+ if [ "$_localmodcfg" = "y" ]; then
+ if [ -f $HOME/.config/modprobed.db ]; then
+ msg2 "Running Steven Rostedt's make localmodconfig now"
+ make LSMOD=$HOME/.config/modprobed.db localmodconfig
+ else
+ msg2 "No modprobed.db data found"
+ exit
+ fi
+ fi
+
+ make -s kernelrelease > version
+ msg2 "Prepared %s version %s" "$pkgbase" "$(<version)"
+
+ [[ -z "$_makenconfig" ]] || make nconfig
+
+ # save configuration for later reuse
+ cat .config > "${startdir}/config.last"
+}
+
+build() {
+ cd linux-${_major}
+ make all
+}
+
+_package() {
+ pkgdesc="The Linux kernel and modules with Xanmod patches"
+ depends=(coreutils kmod initramfs)
+ optdepends=('crda: to set the correct wireless channels of your country'
+ 'linux-firmware: firmware images needed for some devices')
+ provides=('linux' 'linux-xanmod-anbox-git')
+ replaces=('linux-xanmod-anbox-git')
+ conflicts=('linux-xanmod-anbox-git')
+
+ cd linux-${_major}
+ local kernver="$(<version)"
+ local modulesdir="$pkgdir/usr/lib/modules/$kernver"
+
+ msg2 "Installing boot image..."
+ # systemd expects to find the kernel here to allow hibernation
+ # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
+ install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
+
+ # Used by mkinitcpio to name the kernel
+ echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
+
+ msg2 "Installing modules..."
+ make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
+
+ # remove build and source links
+ rm "$modulesdir"/{source,build}
+}
+
+_package-headers() {
+ pkgdesc="Header files and scripts for building modules for Xanmod Linux kernel"
+ provides=('linux-headers' 'linux-xanmod-anbox-git-headers')
+ replaces=('linux-xanmod-anbox-git-headers')
+ conflicts=('linux-xanmod-anbox-git-headers')
+
+ cd linux-${_major}
+ local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
+
+ msg2 "Installing build files..."
+ install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
+ localversion.* version vmlinux
+ install -Dt "$builddir/kernel" -m644 kernel/Makefile
+ install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
+ cp -t "$builddir" -a scripts
+
+ # add objtool for external module building and enabled VALIDATION_STACK option
+ install -Dt "$builddir/tools/objtool" tools/objtool/objtool
+
+ # add xfs and shmem for aufs building
+ mkdir -p "$builddir"/{fs/xfs,mm}
+
+ msg2 "Installing headers..."
+ cp -t "$builddir" -a include
+ cp -t "$builddir/arch/x86" -a arch/x86/include
+ install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
+
+ install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
+ install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
+
+ # http://bugs.archlinux.org/task/13146
+ install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
+
+ # http://bugs.archlinux.org/task/20402
+ install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
+ install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
+ install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
+
+ msg2 "Installing KConfig files..."
+ find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
+
+ msg2 "Removing unneeded architectures..."
+ local arch
+ for arch in "$builddir"/arch/*/; do
+ [[ $arch = */x86/ ]] && continue
+ echo "Removing $(basename "$arch")"
+ rm -r "$arch"
+ done
+
+ msg2 "Removing documentation..."
+ rm -r "$builddir/Documentation"
+
+ msg2 "Removing broken symlinks..."
+ find -L "$builddir" -type l -printf 'Removing %P\n' -delete
+
+ msg2 "Removing loose objects..."
+ find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
+
+ msg2 "Stripping build tools..."
+ local file
+ while read -rd '' file; do
+ case "$(file -bi "$file")" in
+ application/x-sharedlib\;*) # Libraries (.so)
+ strip -v $STRIP_SHARED "$file" ;;
+ application/x-archive\;*) # Libraries (.a)
+ strip -v $STRIP_STATIC "$file" ;;
+ application/x-executable\;*) # Binaries
+ strip -v $STRIP_BINARIES "$file" ;;
+ application/x-pie-executable\;*) # Relocatable binaries
+ strip -v $STRIP_SHARED "$file" ;;
+ esac
+ done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
+
+ msg2 "Adding symlink..."
+ mkdir -p "$pkgdir/usr/src"
+ ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
+}
+
+pkgname=("${pkgbase}" "${pkgbase}-headers")
+for _p in "${pkgname[@]}"; do
+ eval "package_$_p() {
+ $(declare -f "_package${_p#$pkgbase}")
+ _package${_p#$pkgbase}
+ }"
+done
+
+# vim:set ts=8 sts=2 sw=2 et:
diff --git a/choose-gcc-optimization.sh b/choose-gcc-optimization.sh
new file mode 100755
index 00000000000..ccf182e9119
--- /dev/null
+++ b/choose-gcc-optimization.sh
@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+
+. /usr/share/makepkg/util/message.sh
+colorize
+
+Detect_CPU=$(gcc -c -Q -march=native --help=target | grep march | awk '{print $2}' | head -1)
+
+msg "Detected CPU architecture: $Detect_CPU"
+
+cat << EOF
+
+ Available CPU microarchitectures:
+
+ 1) AMD K6/K6-II/K6-III
+ 2) AMD Athlon/Duron/K7
+ 3) AMD Opteron/Athlon64/Hammer/K8
+ 4) AMD Opteron/Athlon64/Hammer/K8 with SSE3
+ 5) AMD 61xx/7x50/PhenomX3/X4/II/K10
+ 6) AMD Family 10h (Barcelona)
+ 7) AMD Family 14h (Bobcat)
+ 8) AMD Family 16h (Jaguar)
+ 9) AMD Family 15h (Bulldozer)
+ 10) AMD Family 15h (Piledriver)
+ 11) AMD Family 15h (Steamroller)
+ 12) AMD Family 15h (Excavator)
+ 13) AMD Family 17h (Zen)
+ 14) AMD Family 17h (Zen 2)
+ 15) Transmeta Crusoe
+ 16) Transmeta Efficeon
+ 17) IDT Winchip C6
+ 18) Winchip-2/Winchip-2A/Winchip-3
+ 19) AMD Elan
+ 20) Geode GX1 (Cyrix MediaGX)
+ 21) AMD Geode GX and LX
+ 22) Cyrix III or C3
+ 23) VIA C3 "Nehemiah"
+ 24) VIA C7
+ 25) Intel Pentium 4, Pentium D and older Nocona/Dempsey Xeon CPUs with Intel 64bit
+ 26) Intel Atom
+ 27) Intel Core 2 and newer Core 2 Xeons (Xeon 51xx and 53xx)
+ 28) Intel 1st Gen Core i3/i5/i7-family (Nehalem)
+ 29) Intel 1.5 Gen Core i3/i5/i7-family (Westmere)
+ 30) Intel Silvermont
+ 31) Intel Goldmont (Apollo Lake and Denverton)
+ 32) Intel Goldmont Plus (Gemini Lake)
+ 33) Intel 2nd Gen Core i3/i5/i7-family (Sandybridge)
+ 34) Intel 3rd Gen Core i3/i5/i7-family (Ivybridge)
+ 35) Intel 4th Gen Core i3/i5/i7-family (Haswell)
+ 36) Intel 5th Gen Core i3/i5/i7-family (Broadwell)
+ 37) Intel 6th Gen Core i3/i5/i7-family (Skylake)
+ 38) Intel 6th Gen Core i7/i9-family (Skylake X)
+ 39) Intel 8th Gen Core i3/i5/i7-family (Cannon Lake)
+ 40) Intel 8th Gen Core i7/i9-family (Ice Lake)
+ 41) Xeon processors in the Cascade Lake family
+
+ 42) Native optimizations autodetected by GCC
+
+ 0) Generic (default)
+
+EOF
+
+sleep 1
+answer=$1
+
+case $answer in
+ 1) Microarchitecture=CONFIG_MK6 ;;
+ 2) Microarchitecture=CONFIG_MK7 ;;
+ 3) Microarchitecture=CONFIG_MK8 ;;
+ 4) Microarchitecture=CONFIG_MK8SSE3 ;;
+ 5) Microarchitecture=CONFIG_MK10 ;;
+ 6) Microarchitecture=CONFIG_MBARCELONA ;;
+ 7) Microarchitecture=CONFIG_MBOBCAT ;;
+ 8) Microarchitecture=CONFIG_MJAGUAR ;;
+ 9) Microarchitecture=CONFIG_MBULLDOZER ;;
+ 10) Microarchitecture=CONFIG_MPILEDRIVER ;;
+ 11) Microarchitecture=CONFIG_MSTEAMROLLER ;;
+ 12) Microarchitecture=CONFIG_MEXCAVATOR ;;
+ 13) Microarchitecture=CONFIG_MZEN ;;
+ 14) Microarchitecture=CONFIG_MZEN2 ;;
+ 15) Microarchitecture=CONFIG_MCRUSOE ;;
+ 16) Microarchitecture=CONFIG_MEFFICEON ;;
+ 17) Microarchitecture=CONFIG_MWINCHIPC6 ;;
+ 18) Microarchitecture=CONFIG_MWINCHIP3D ;;
+ 19) Microarchitecture=CONFIG_MELAN ;;
+ 20) Microarchitecture=CONFIG_MGEODEGX1 ;;
+ 21) Microarchitecture=CONFIG_MGEODE_LX ;;
+ 22) Microarchitecture=CONFIG_MCYRIXIII ;;
+ 23) Microarchitecture=CONFIG_MVIAC3_2 ;;
+ 24) Microarchitecture=CONFIG_MVIAC7 ;;
+ 25) Microarchitecture=CONFIG_MPSC ;;
+ 26) Microarchitecture=CONFIG_MATOM ;;
+ 27) Microarchitecture=CONFIG_MCORE2 ;;
+ 28) Microarchitecture=CONFIG_MNEHALEM ;;
+ 29) Microarchitecture=CONFIG_MWESTMERE ;;
+ 30) Microarchitecture=CONFIG_MSILVERMONT ;;
+ 31) Microarchitecture=CONFIG_MGOLDMONT ;;
+ 32) Microarchitecture=CONFIG_MGOLDMONTPLUS ;;
+ 33) Microarchitecture=CONFIG_MSANDYBRIDGE ;;
+ 34) Microarchitecture=CONFIG_MIVYBRIDGE ;;
+ 35) Microarchitecture=CONFIG_MHASWELL ;;
+ 36) Microarchitecture=CONFIG_MBROADWELL ;;
+ 37) Microarchitecture=CONFIG_MSKYLAKE ;;
+ 38) Microarchitecture=CONFIG_MSKYLAKEX ;;
+ 39) Microarchitecture=CONFIG_MCANNONLAKE ;;
+ 40) Microarchitecture=CONFIG_MICELAKE ;;
+ 41) Microarchitecture=CONFIG_MCASCADELAKE ;;
+ 42) Microarchitecture=CONFIG_MNATIVE ;;
+ *) default=CONFIG_GENERIC_CPU ;;
+esac
+
+warning "According to PKGBUILD variable _microarchitecture, your choice is $answer"
+msg "Building this package for microarchitecture: $Microarchitecture$default"
+sleep 5
+
+sed -e 's|^CONFIG_GENERIC_CPU=y|# CONFIG_GENERIC_CPU is not set|g' -i .config
+sed -e "s|^# $Microarchitecture is not set|$Microarchitecture=y|g" -i .config
+
+echo