diff options
author | Miklós Tóth | 2020-08-16 17:32:18 +0200 |
---|---|---|
committer | Miklós Tóth | 2020-08-16 17:32:18 +0200 |
commit | b7cd869f974464266bad5dac7002262ae8c9db5d (patch) | |
tree | 5cde5e8637eff83611315d3275edf8a1ed12626a | |
download | aur-b7cd869f974464266bad5dac7002262ae8c9db5d.tar.gz |
update
-rw-r--r-- | .SRCINFO | 50 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch | 133 | ||||
-rw-r--r-- | PKGBUILD | 339 | ||||
-rwxr-xr-x | choose-gcc-optimization.sh | 118 |
4 files changed, 640 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..24d2d81812c6 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,50 @@ +pkgbase = linux-xanmod-anbox + pkgdesc = Linux Xanmod with ashmem and binder enabled for Anbox + pkgver = 5.8.1 + pkgrel = 1 + url = http://www.xanmod.org/ + arch = x86_64 + license = GPL2 + makedepends = xmlto + makedepends = kmod + makedepends = inetutils + makedepends = bc + makedepends = libelf + makedepends = cpio + makedepends = python-sphinx + makedepends = python-sphinx_rtd_theme + makedepends = graphviz + makedepends = imagemagick + options = !strip + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.8.tar.xz + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.8.tar.sign + source = https://github.com/xanmod/linux/releases/download/5.8.1-xanmod1/patch-5.8.1-xanmod1.xz + source = choose-gcc-optimization.sh + source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch::https://aur.archlinux.org/cgit/aur.git/plain/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck&id=616ec1bb1f2c0fc42b6fb5c20995996897b4f43b + validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 + validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E + sha256sums = e7f75186aa0642114af8f19d99559937300ca27acaf7451b36d4f9b0f85cf1f5 + sha256sums = SKIP + sha256sums = a6818ddb680d60af84ccbd3edb0156d5ff87dc29c6727207dc54d12512aec77e + sha256sums = 2c7369218e81dee86f8ac15bda741b9bb34fa9cefcb087760242277a8207d511 + sha256sums = 6c66dba73251440352f93ff32b72f5dd49536d0f17ef9347867660fd3a626991 + +pkgname = linux-xanmod-anbox + pkgdesc = The Linux kernel and modules with Xanmod patches + depends = coreutils + depends = kmod + depends = initramfs + optdepends = crda: to set the correct wireless channels of your country + optdepends = linux-firmware: firmware images needed for some devices + provides = linux + provides = linux-xanmod-anbox-git + conflicts = linux-xanmod-anbox-git + replaces = linux-xanmod-anbox-git + +pkgname = linux-xanmod-anbox-headers + pkgdesc = Header files and scripts for building modules for Xanmod Linux kernel + provides = linux-headers + provides = linux-xanmod-anbox-git-headers + conflicts = linux-xanmod-anbox-git-headers + replaces = linux-xanmod-anbox-git-headers + diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch new file mode 100644 index 000000000000..d7dee55dde5e --- /dev/null +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch @@ -0,0 +1,133 @@ +From a8d736bad70d4062a14c29bdcbed71bef7b575f5 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Mon, 16 Sep 2019 04:53:20 +0200 +Subject: [PATCH 01/15] ZEN: Add sysctl and CONFIG to disallow unprivileged + CLONE_NEWUSER + +Our default behavior continues to match the vanilla kernel. +--- + init/Kconfig | 16 ++++++++++++++++ + kernel/fork.c | 15 +++++++++++++++ + kernel/sysctl.c | 12 ++++++++++++ + kernel/user_namespace.c | 7 +++++++ + 4 files changed, 50 insertions(+) + +diff --git a/init/Kconfig b/init/Kconfig +index b4daad2bac23..362f82c5ec07 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1118,6 +1118,22 @@ config USER_NS + + If unsure, say N. + ++config USER_NS_UNPRIVILEGED ++ bool "Allow unprivileged users to create namespaces" ++ default y ++ depends on USER_NS ++ help ++ When disabled, unprivileged users will not be able to create ++ new namespaces. Allowing users to create their own namespaces ++ has been part of several recent local privilege escalation ++ exploits, so if you need user namespaces but are ++ paranoid^Wsecurity-conscious you want to disable this. ++ ++ This setting can be overridden at runtime via the ++ kernel.unprivileged_userns_clone sysctl. ++ ++ If unsure, say Y. ++ + config PID_NS + bool "PID Namespaces" + default y +diff --git a/kernel/fork.c b/kernel/fork.c +index 755d8160e001..ed909f8050b2 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -106,6 +106,11 @@ + + #define CREATE_TRACE_POINTS + #include <trace/events/task.h> ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -1779,6 +1784,10 @@ static __latent_entropy struct task_struct *copy_process( + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -2836,6 +2845,12 @@ int ksys_unshare(unsigned long unshare_flags) + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 70665934d53e..9797869ed829 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -111,6 +111,10 @@ + static int sixty = 60; + #endif + ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif ++ + static int __maybe_unused neg_one = -1; + static int __maybe_unused two = 2; + static int __maybe_unused four = 4; +@@ -1881,6 +1885,15 @@ + .mode = 0644, + .proc_handler = proc_dointvec, + }, ++#endif ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, + #endif + #ifdef CONFIG_PROC_SYSCTL + { +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 8eadadc478f9..c36ecd19562c 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -21,6 +21,13 @@ + #include <linux/bsearch.h> + #include <linux/sort.h> + ++/* sysctl */ ++#ifdef CONFIG_USER_NS_UNPRIVILEGED ++int unprivileged_userns_clone = 1; ++#else ++int unprivileged_userns_clone; ++#endif ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + +-- +2.25.0 + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..2952f212a3d6 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,339 @@ +# Maintainer: Joan Figueras <ffigue at gmail dot com> +# Contributor: Torge Matthies <openglfreak at googlemail dot com> +# Contributor: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> +# Contributor: Yoshi2889 <rick.2889 at gmail dot com> +# Contributor: Tobias Powalowski <tpowa@archlinux.org> +# Contributor: Thomas Baechler <thomas@archlinux.org> + +## +## The following variables can be customized at build time. Use env or export to change at your wish +## +## Example: env _microarchitecture=25 use_numa=n use_tracers=n use_pds=n makepkg -sc +## +## Look inside 'choose-gcc-optimization.sh' to choose your microarchitecture +## Valid numbers between: 0 to 42 +## Default is: 0 => generic +## Good option if your package is for one machine: 42 => native +if [ -z ${_microarchitecture+x} ]; then + _microarchitecture=0 +fi + +## Disable NUMA since most users do not have multiple processors. Breaks CUDA/NvEnc. +## Archlinux and Xanmod enable it by default. +## Set variable "use_numa" to: n to disable (possibly increase performance) +## y to enable (stock default) +if [ -z ${use_numa+x} ]; then + use_numa=y +fi + +## For performance you can disable FUNCTION_TRACER/GRAPH_TRACER. Limits debugging and analyzing of the kernel. +## Stock Archlinux and Xanmod have this enabled. +## Set variable "use_tracers" to: n to disable (possibly increase performance) +## y to enable (stock default) +if [ -z ${use_tracers+x} ]; then + use_tracers=y +fi + +## Enable PDS CPU scheduler by default https://gitlab.com/alfredchen/linux-pds +## Set variable "use_pds" to: n to disable (stock Xanmod) +## y to enable +if [ -z ${use_pds+x} ]; then + use_pds=n +fi + +## Enable CONFIG_USER_NS_UNPRIVILEGED flag https://aur.archlinux.org/cgit/aur.git/tree/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck +## Set variable "use_ns" to: n to disable (stock Xanmod) +## y to enable (stock Archlinux) +if [ -z ${use_ns+x} ]; then + use_ns=n +fi + +# Compile ONLY used modules to VASTLYreduce the number of modules built +# and the build time. +# +# To keep track of which modules are needed for your specific system/hardware, +# give module_db script a try: https://aur.archlinux.org/packages/modprobed-db +# This PKGBUILD read the database kept if it exists +# +# More at this wiki page ---> https://wiki.archlinux.org/index.php/Modprobed-db +if [ -z ${_localmodcfg} ]; then + _localmodcfg=n +fi + +# Tweak kernel options prior to a build via nconfig +_makenconfig= + +### IMPORTANT: Do no edit below this line unless you know what you're doing + +pkgbase=linux-xanmod-anbox +pkgver=5.8.1 +_major=5.8 +_branch=5.x +xanmod=1 +pkgrel=${xanmod} +pkgdesc='Linux Xanmod with ashmem and binder enabled for Anbox' +url="http://www.xanmod.org/" +arch=(x86_64) + +license=(GPL2) +makedepends=( + xmlto kmod inetutils bc libelf cpio + python-sphinx python-sphinx_rtd_theme graphviz imagemagick +) +options=('!strip') +_srcname="linux-${pkgver}-xanmod${xanmod}" + +source=("https://cdn.kernel.org/pub/linux/kernel/v${_branch}/linux-${_major}.tar."{xz,sign} + "https://github.com/xanmod/linux/releases/download/${pkgver}-xanmod${xanmod}/patch-${pkgver}-xanmod${xanmod}.xz" + choose-gcc-optimization.sh + '0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch::https://aur.archlinux.org/cgit/aur.git/plain/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck&id=616ec1bb1f2c0fc42b6fb5c20995996897b4f43b') +validpgpkeys=( + 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linux Torvalds + '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman +) + +# Archlinux patches +_commits="" +for _patch in $_commits; do + source+=("${_patch}.patch::https://git.archlinux.org/linux.git/patch/?id=${_patch}") +done + + +sha256sums=('e7f75186aa0642114af8f19d99559937300ca27acaf7451b36d4f9b0f85cf1f5' + 'SKIP' + 'a6818ddb680d60af84ccbd3edb0156d5ff87dc29c6727207dc54d12512aec77e' + '2c7369218e81dee86f8ac15bda741b9bb34fa9cefcb087760242277a8207d511' + '6c66dba73251440352f93ff32b72f5dd49536d0f17ef9347867660fd3a626991') + +export KBUILD_BUILD_HOST=${KBUILD_BUILD_HOST:-archlinux} +export KBUILD_BUILD_USER=${KBUILD_BUILD_USER:-makepkg} +export KBUILD_BUILD_TIMESTAMP=${KBUILD_BUILD_TIMESTAMP:-$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})} + +prepare() { + cd linux-${_major} + + # Apply Xanmod patch + patch -Np1 -i ../patch-${pkgver}-xanmod${xanmod} + + msg2 "Setting version..." + scripts/setlocalversion --save-scmversion + echo "-$pkgrel" > localversion.10-pkgrel + echo "${pkgbase#linux}" > localversion.20-pkgname + + # Archlinux patches + local src + for src in "${source[@]}"; do + src="${src%%::*}" + src="${src##*/}" + [[ $src = *.patch ]] || continue + msg2 "Applying patch $src..." + patch -Np1 < "../$src" + done + + # CONFIG_STACK_VALIDATION gives better stack traces. Also is enabled in all official kernel packages by Archlinux team + scripts/config --enable CONFIG_STACK_VALIDATION + + # Anbox compatibility + msg2 "Enabling ashmem and binder modules" + scripts/config --enable CONFIG_ASHMEM + scripts/config --enable CONFIG_ANDROID + scripts/config --enable CONFIG_ANDROID_BINDER_IPC + scripts/config --enable CONFIG_ANDROID_BINDERFS + scripts/config --set-str CONFIG_ANDROID_BINDER_DEVICES "binder,hwbinder,vndbinder" + + # Enable IKCONFIG following Arch's philosophy + scripts/config --enable CONFIG_IKCONFIG \ + --enable CONFIG_IKCONFIG_PROC + + # User set. See at the top of this file + if [ "$use_tracers" = "n" ]; then + msg2 "Disabling FUNCTION_TRACER/GRAPH_TRACER..." + scripts/config --disable CONFIG_FUNCTION_TRACER \ + --disable CONFIG_STACK_TRACER + fi + + if [ "$use_numa" = "n" ]; then + msg2 "Disabling NUMA..." + scripts/config --disable CONFIG_NUMA + fi + + if [ "$use_pds" = "y" ]; then + msg2 "Enabling PDS CPU scheduler by default..." + scripts/config --enable CONFIG_SCHED_PDS + fi + + if [ "$use_ns" = "n" ]; then + msg2 "Disabling CONFIG_USER_NS_UNPRIVILEGED" + scripts/config --disable CONFIG_USER_NS_UNPRIVILEGED + fi + + # Let's user choose microarchitecture optimization in GCC + sh ${srcdir}/choose-gcc-optimization.sh $_microarchitecture + + # This is intended for the people that want to build this package with their own config + # Put the file "myconfig" at the package folder to use this feature + # If it's a full config, will be replaced + # If not, you should use scripts/config commands, one by line + if [ -f "${startdir}/myconfig" ]; then + if [ $(wc -l < "${startdir}/myconfig") -gt 1000 ]; then + # myconfig is a full config file. Replace it + msg2 "Using user CUSTOM config..." + cp -f "${startdir}"/myconfig .config + else + # myconfig is a partial file. Applying every line + msg2 "Applying configs..." + cat "${startdir}"/myconfig | while read -r _linec ; do + if echo "$_linec" | grep "scripts/config" ; then + set -- $_linec + "$@" + else + warning "Line format incorrect, ignoring..." + fi + done + fi + echo + fi + + make olddefconfig + + ### Optionally load needed modules for the make localmodconfig + # See https://aur.archlinux.org/packages/modprobed-db + if [ "$_localmodcfg" = "y" ]; then + if [ -f $HOME/.config/modprobed.db ]; then + msg2 "Running Steven Rostedt's make localmodconfig now" + make LSMOD=$HOME/.config/modprobed.db localmodconfig + else + msg2 "No modprobed.db data found" + exit + fi + fi + + make -s kernelrelease > version + msg2 "Prepared %s version %s" "$pkgbase" "$(<version)" + + [[ -z "$_makenconfig" ]] || make nconfig + + # save configuration for later reuse + cat .config > "${startdir}/config.last" +} + +build() { + cd linux-${_major} + make all +} + +_package() { + pkgdesc="The Linux kernel and modules with Xanmod patches" + depends=(coreutils kmod initramfs) + optdepends=('crda: to set the correct wireless channels of your country' + 'linux-firmware: firmware images needed for some devices') + provides=('linux' 'linux-xanmod-anbox-git') + replaces=('linux-xanmod-anbox-git') + conflicts=('linux-xanmod-anbox-git') + + cd linux-${_major} + local kernver="$(<version)" + local modulesdir="$pkgdir/usr/lib/modules/$kernver" + + msg2 "Installing boot image..." + # systemd expects to find the kernel here to allow hibernation + # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 + install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" + + # Used by mkinitcpio to name the kernel + echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" + + msg2 "Installing modules..." + make INSTALL_MOD_PATH="$pkgdir/usr" modules_install + + # remove build and source links + rm "$modulesdir"/{source,build} +} + +_package-headers() { + pkgdesc="Header files and scripts for building modules for Xanmod Linux kernel" + provides=('linux-headers' 'linux-xanmod-anbox-git-headers') + replaces=('linux-xanmod-anbox-git-headers') + conflicts=('linux-xanmod-anbox-git-headers') + + cd linux-${_major} + local builddir="$pkgdir/usr/lib/modules/$(<version)/build" + + msg2 "Installing build files..." + install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \ + localversion.* version vmlinux + install -Dt "$builddir/kernel" -m644 kernel/Makefile + install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile + cp -t "$builddir" -a scripts + + # add objtool for external module building and enabled VALIDATION_STACK option + install -Dt "$builddir/tools/objtool" tools/objtool/objtool + + # add xfs and shmem for aufs building + mkdir -p "$builddir"/{fs/xfs,mm} + + msg2 "Installing headers..." + cp -t "$builddir" -a include + cp -t "$builddir/arch/x86" -a arch/x86/include + install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s + + install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h + install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h + + # http://bugs.archlinux.org/task/13146 + install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h + + # http://bugs.archlinux.org/task/20402 + install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h + install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h + install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h + + msg2 "Installing KConfig files..." + find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \; + + msg2 "Removing unneeded architectures..." + local arch + for arch in "$builddir"/arch/*/; do + [[ $arch = */x86/ ]] && continue + echo "Removing $(basename "$arch")" + rm -r "$arch" + done + + msg2 "Removing documentation..." + rm -r "$builddir/Documentation" + + msg2 "Removing broken symlinks..." + find -L "$builddir" -type l -printf 'Removing %P\n' -delete + + msg2 "Removing loose objects..." + find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete + + msg2 "Stripping build tools..." + local file + while read -rd '' file; do + case "$(file -bi "$file")" in + application/x-sharedlib\;*) # Libraries (.so) + strip -v $STRIP_SHARED "$file" ;; + application/x-archive\;*) # Libraries (.a) + strip -v $STRIP_STATIC "$file" ;; + application/x-executable\;*) # Binaries + strip -v $STRIP_BINARIES "$file" ;; + application/x-pie-executable\;*) # Relocatable binaries + strip -v $STRIP_SHARED "$file" ;; + esac + done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) + + msg2 "Adding symlink..." + mkdir -p "$pkgdir/usr/src" + ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" +} + +pkgname=("${pkgbase}" "${pkgbase}-headers") +for _p in "${pkgname[@]}"; do + eval "package_$_p() { + $(declare -f "_package${_p#$pkgbase}") + _package${_p#$pkgbase} + }" +done + +# vim:set ts=8 sts=2 sw=2 et: diff --git a/choose-gcc-optimization.sh b/choose-gcc-optimization.sh new file mode 100755 index 000000000000..ccf182e91190 --- /dev/null +++ b/choose-gcc-optimization.sh @@ -0,0 +1,118 @@ +#!/usr/bin/env bash + +. /usr/share/makepkg/util/message.sh +colorize + +Detect_CPU=$(gcc -c -Q -march=native --help=target | grep march | awk '{print $2}' | head -1) + +msg "Detected CPU architecture: $Detect_CPU" + +cat << EOF + + Available CPU microarchitectures: + + 1) AMD K6/K6-II/K6-III + 2) AMD Athlon/Duron/K7 + 3) AMD Opteron/Athlon64/Hammer/K8 + 4) AMD Opteron/Athlon64/Hammer/K8 with SSE3 + 5) AMD 61xx/7x50/PhenomX3/X4/II/K10 + 6) AMD Family 10h (Barcelona) + 7) AMD Family 14h (Bobcat) + 8) AMD Family 16h (Jaguar) + 9) AMD Family 15h (Bulldozer) + 10) AMD Family 15h (Piledriver) + 11) AMD Family 15h (Steamroller) + 12) AMD Family 15h (Excavator) + 13) AMD Family 17h (Zen) + 14) AMD Family 17h (Zen 2) + 15) Transmeta Crusoe + 16) Transmeta Efficeon + 17) IDT Winchip C6 + 18) Winchip-2/Winchip-2A/Winchip-3 + 19) AMD Elan + 20) Geode GX1 (Cyrix MediaGX) + 21) AMD Geode GX and LX + 22) Cyrix III or C3 + 23) VIA C3 "Nehemiah" + 24) VIA C7 + 25) Intel Pentium 4, Pentium D and older Nocona/Dempsey Xeon CPUs with Intel 64bit + 26) Intel Atom + 27) Intel Core 2 and newer Core 2 Xeons (Xeon 51xx and 53xx) + 28) Intel 1st Gen Core i3/i5/i7-family (Nehalem) + 29) Intel 1.5 Gen Core i3/i5/i7-family (Westmere) + 30) Intel Silvermont + 31) Intel Goldmont (Apollo Lake and Denverton) + 32) Intel Goldmont Plus (Gemini Lake) + 33) Intel 2nd Gen Core i3/i5/i7-family (Sandybridge) + 34) Intel 3rd Gen Core i3/i5/i7-family (Ivybridge) + 35) Intel 4th Gen Core i3/i5/i7-family (Haswell) + 36) Intel 5th Gen Core i3/i5/i7-family (Broadwell) + 37) Intel 6th Gen Core i3/i5/i7-family (Skylake) + 38) Intel 6th Gen Core i7/i9-family (Skylake X) + 39) Intel 8th Gen Core i3/i5/i7-family (Cannon Lake) + 40) Intel 8th Gen Core i7/i9-family (Ice Lake) + 41) Xeon processors in the Cascade Lake family + + 42) Native optimizations autodetected by GCC + + 0) Generic (default) + +EOF + +sleep 1 +answer=$1 + +case $answer in + 1) Microarchitecture=CONFIG_MK6 ;; + 2) Microarchitecture=CONFIG_MK7 ;; + 3) Microarchitecture=CONFIG_MK8 ;; + 4) Microarchitecture=CONFIG_MK8SSE3 ;; + 5) Microarchitecture=CONFIG_MK10 ;; + 6) Microarchitecture=CONFIG_MBARCELONA ;; + 7) Microarchitecture=CONFIG_MBOBCAT ;; + 8) Microarchitecture=CONFIG_MJAGUAR ;; + 9) Microarchitecture=CONFIG_MBULLDOZER ;; + 10) Microarchitecture=CONFIG_MPILEDRIVER ;; + 11) Microarchitecture=CONFIG_MSTEAMROLLER ;; + 12) Microarchitecture=CONFIG_MEXCAVATOR ;; + 13) Microarchitecture=CONFIG_MZEN ;; + 14) Microarchitecture=CONFIG_MZEN2 ;; + 15) Microarchitecture=CONFIG_MCRUSOE ;; + 16) Microarchitecture=CONFIG_MEFFICEON ;; + 17) Microarchitecture=CONFIG_MWINCHIPC6 ;; + 18) Microarchitecture=CONFIG_MWINCHIP3D ;; + 19) Microarchitecture=CONFIG_MELAN ;; + 20) Microarchitecture=CONFIG_MGEODEGX1 ;; + 21) Microarchitecture=CONFIG_MGEODE_LX ;; + 22) Microarchitecture=CONFIG_MCYRIXIII ;; + 23) Microarchitecture=CONFIG_MVIAC3_2 ;; + 24) Microarchitecture=CONFIG_MVIAC7 ;; + 25) Microarchitecture=CONFIG_MPSC ;; + 26) Microarchitecture=CONFIG_MATOM ;; + 27) Microarchitecture=CONFIG_MCORE2 ;; + 28) Microarchitecture=CONFIG_MNEHALEM ;; + 29) Microarchitecture=CONFIG_MWESTMERE ;; + 30) Microarchitecture=CONFIG_MSILVERMONT ;; + 31) Microarchitecture=CONFIG_MGOLDMONT ;; + 32) Microarchitecture=CONFIG_MGOLDMONTPLUS ;; + 33) Microarchitecture=CONFIG_MSANDYBRIDGE ;; + 34) Microarchitecture=CONFIG_MIVYBRIDGE ;; + 35) Microarchitecture=CONFIG_MHASWELL ;; + 36) Microarchitecture=CONFIG_MBROADWELL ;; + 37) Microarchitecture=CONFIG_MSKYLAKE ;; + 38) Microarchitecture=CONFIG_MSKYLAKEX ;; + 39) Microarchitecture=CONFIG_MCANNONLAKE ;; + 40) Microarchitecture=CONFIG_MICELAKE ;; + 41) Microarchitecture=CONFIG_MCASCADELAKE ;; + 42) Microarchitecture=CONFIG_MNATIVE ;; + *) default=CONFIG_GENERIC_CPU ;; +esac + +warning "According to PKGBUILD variable _microarchitecture, your choice is $answer" +msg "Building this package for microarchitecture: $Microarchitecture$default" +sleep 5 + +sed -e 's|^CONFIG_GENERIC_CPU=y|# CONFIG_GENERIC_CPU is not set|g' -i .config +sed -e "s|^# $Microarchitecture is not set|$Microarchitecture=y|g" -i .config + +echo |