addpkg: linux-hardened-git 5.3.0.r857780.g1317ca6048b5-1

author: anthraxx 2019-10-03 22:02:02 +0200
committer: anthraxx 2019-10-03 22:02:02 +0200
commit: fcfa50c78179408a3c724d22a0b7aa19f581864d (patch)
tree: ca32616a9a1ea20771edfc358e926adba6450922 /PKGBUILD
download: aur-fcfa50c78179408a3c724d22a0b7aa19f581864d.tar.gz
1 files changed, 263 insertions, 0 deletions
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 00000000000..04607c063b8
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,263 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Daniel Micay <danielmicay@gmail.com>
+# Contributor: Tobias Powalowski <tpowa@archlinux.org>
+# Contributor: Thomas Baechler <thomas@archlinux.org>
+
+pkgbase=linux-hardened-git
+_gitbranch=5.3
+pkgver=5.3.0.r857780.g1317ca6048b5
+pkgrel=1
+url='https://github.com/anthraxx/linux-hardened'
+arch=('x86_64')
+license=('GPL2')
+makedepends=(
+  xmlto kmod inetutils bc libelf python-sphinx python-sphinx_rtd_theme
+  graphviz imagemagick git
+)
+options=('!strip')
+source=("git+https://github.com/anthraxx/linux-hardened#branch=${_gitbranch}?signed"
+        config.x86_64  # the main kernel config files
+        60-linux.hook  # pacman hook for depmod
+        90-linux.hook  # pacman hook for initramfs regeneration
+        linux.preset   # standard config files for mkinitcpio ramdisk
+)
+replaces=('linux-grsec')
+sha256sums=('SKIP'
+            '66428e31326e373868fbfe9bd67b54b3f81ef7accf303f388637bba43a0965c6'
+            'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
+            'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636'
+            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
+validpgpkeys=(
+              'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
+              '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
+              '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay
+              'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
+             )
+
+_kernelname=${pkgbase#linux}
+: ${_kernelname:=-hardened}
+
+pkgver() {
+  cd ${pkgbase/-git/}
+  printf "%s.%s.%s%s.r%s.g%s" \
+    "$(grep '^VERSION = ' Makefile|awk -F' = ' '{print $2}')" \
+    "$(grep '^PATCHLEVEL = ' Makefile|awk -F' = ' '{print $2}')" \
+    "$(grep '^SUBLEVEL = ' Makefile|awk -F' = ' '{print $2}')" \
+    "$(grep '^EXTRAVERSION = ' Makefile|awk -F' = ' '{print $2}'|sed 's/-//')" \
+    "$(git rev-list --count HEAD)" \
+    "$(git rev-parse --short HEAD)"
+}
+
+prepare() {
+  cd ${pkgbase/-git/}
+
+  msg2 "Setting version..."
+  rm -f localversion* include/config/kernel.release
+  scripts/setlocalversion --save-scmversion
+  echo "-$pkgrel" > localversion.10-pkgrel
+  echo "$_kernelname" > localversion.20-pkgname
+  echo "-r$(git rev-list --count HEAD)" > localversion.30-revision
+
+  local src
+  for src in "${source[@]}"; do
+    src="${src%%::*}"
+    src="${src##*/}"
+    [[ $src = *.patch ]] || continue
+    msg2 "Applying patch $src..."
+    patch -Np1 < "../$src"
+  done
+
+  msg2 "Setting config..."
+  cp ../config.x86_64 .config
+  make olddefconfig
+
+  make -s kernelrelease > ../version
+  msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)"
+}
+
+build() {
+  cd ${pkgbase/-git/}
+  make bzImage modules htmldocs
+}
+
+_package() {
+  pkgdesc="The ${pkgbase/linux/Linux} kernel and modules"
+  [[ $pkgbase = linux ]] && groups=(base)
+  depends=(coreutils linux-firmware kmod mkinitcpio)
+  optdepends=('crda: to set the correct wireless channels of your country'
+              'usbctl: deny_new_usb control')
+  backup=("etc/mkinitcpio.d/$pkgbase.preset")
+  install=linux.install
+
+  local kernver="$(<version)"
+  local modulesdir="$pkgdir/usr/lib/modules/$kernver"
+
+  cd ${pkgbase/-git/}
+
+  msg2 "Installing boot image..."
+  # systemd expects to find the kernel here to allow hibernation
+  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
+  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
+  install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-${pkgbase/-git/}"
+
+  msg2 "Installing modules..."
+  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
+
+  # a place for external modules,
+  # with version file for building modules and running depmod from hook
+  local extramodules="extramodules$_kernelname"
+  local extradir="$pkgdir/usr/lib/modules/$extramodules"
+  install -Dt "$extradir" -m644 ../version
+  ln -sr "$extradir" "$modulesdir/extramodules"
+
+  # remove build and source links
+  rm "$modulesdir"/{source,build}
+
+  msg2 "Installing hooks..."
+  # sed expression for following substitutions
+  local subst="
+    s|%PKGBASE%|${pkgbase/-git/}|g
+    s|%KERNVER%|$kernver|g
+    s|%EXTRAMODULES%|$extramodules|g
+  "
+
+  # hack to allow specifying an initially nonexisting install file
+  sed "$subst" "$startdir/$install" > "$startdir/$install.pkg"
+  true && install=$install.pkg
+
+  # fill in mkinitcpio preset and pacman hooks
+  sed "$subst" ../linux.preset | install -Dm644 /dev/stdin \
+    "$pkgdir/etc/mkinitcpio.d/${pkgbase/-git/}.preset"
+  sed "$subst" ../60-linux.hook | install -Dm644 /dev/stdin \
+    "$pkgdir/usr/share/libalpm/hooks/60-${pkgbase/-git/}.hook"
+  sed "$subst" ../90-linux.hook | install -Dm644 /dev/stdin \
+    "$pkgdir/usr/share/libalpm/hooks/90-${pkgbase/-git/}.hook"
+
+  msg2 "Fixing permissions..."
+  chmod -Rc u=rwX,go=rX "$pkgdir"
+}
+
+_package-headers() {
+  pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel"
+
+  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
+
+  cd ${pkgbase/-git/}
+
+  msg2 "Installing build files..."
+  install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux
+  install -Dt "$builddir/kernel" -m644 kernel/Makefile
+  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
+  cp -t "$builddir" -a scripts
+
+  # add objtool for external module building and enabled VALIDATION_STACK option
+  install -Dt "$builddir/tools/objtool" tools/objtool/objtool
+
+  # add xfs and shmem for aufs building
+  mkdir -p "$builddir"/{fs/xfs,mm}
+
+  # ???
+  mkdir "$builddir/.tmp_versions"
+
+  msg2 "Installing headers..."
+  cp -t "$builddir" -a include
+  cp -t "$builddir/arch/x86" -a arch/x86/include
+  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
+
+  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
+  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
+
+  # http://bugs.archlinux.org/task/13146
+  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
+
+  # http://bugs.archlinux.org/task/20402
+  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
+  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
+  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
+
+  msg2 "Installing KConfig files..."
+  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
+
+  msg2 "Removing unneeded architectures..."
+  local arch
+  for arch in "$builddir"/arch/*/; do
+    [[ $arch = */x86/ ]] && continue
+    echo "Removing $(basename "$arch")"
+    rm -r "$arch"
+  done
+
+  msg2 "Removing documentation..."
+  rm -r "$builddir/Documentation"
+
+  msg2 "Removing broken symlinks..."
+  find -L "$builddir" -type l -printf 'Removing %P\n' -delete
+
+  msg2 "Removing loose objects..."
+  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
+
+  msg2 "Stripping build tools..."
+  local file
+  while read -rd '' file; do
+    case "$(file -bi "$file")" in
+      application/x-sharedlib\;*)      # Libraries (.so)
+        strip -v $STRIP_SHARED "$file" ;;
+      application/x-archive\;*)        # Libraries (.a)
+        strip -v $STRIP_STATIC "$file" ;;
+      application/x-executable\;*)     # Binaries
+        strip -v $STRIP_BINARIES "$file" ;;
+      application/x-pie-executable\;*) # Relocatable binaries
+        strip -v $STRIP_SHARED "$file" ;;
+    esac
+  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
+
+  msg2 "Adding symlink..."
+  mkdir -p "$pkgdir/usr/src"
+  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase-$pkgver"
+
+  msg2 "Fixing permissions..."
+  chmod -Rc u=rwX,go=rX "$pkgdir"
+}
+
+_package-docs() {
+  pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel"
+
+  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
+
+  cd ${pkgbase/-git/}
+
+  msg2 "Installing documentation..."
+  mkdir -p "$builddir"
+  cp -t "$builddir" -a Documentation
+
+  msg2 "Removing doctrees..."
+  rm -r "$builddir/Documentation/output/.doctrees"
+
+  msg2 "Moving HTML docs..."
+  local src dst
+  while read -rd '' src; do
+    dst="$builddir/Documentation/${src#$builddir/Documentation/output/}"
+    mkdir -p "${dst%/*}"
+    mv "$src" "$dst"
+    rmdir -p --ignore-fail-on-non-empty "${src%/*}"
+  done < <(find "$builddir/Documentation/output" -type f -print0)
+
+  msg2 "Adding symlink..."
+  mkdir -p "$pkgdir/usr/share/doc"
+  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/${pkgbase/-git/}"
+
+  msg2 "Fixing permissions..."
+  chmod -Rc u=rwX,go=rX "$pkgdir"
+}
+
+pkgname=(linux-hardened-git linux-hardened-headers-git linux-hardened-docs-git)
+for _p in "${pkgname[@]}"; do
+  _p=${_p/-git/}
+  eval "package_$_p-git() {
+    provides=(${_p})
+    conflicts=(${_p})
+    $(declare -f "_package${_p#linux-hardened}")
+    _package${_p#linux-hardened}
+  }"
+done
+
+# vim:set ts=8 sts=2 sw=2 et:
author	anthraxx	2019-10-03 22:02:02 +0200
committer	anthraxx	2019-10-03 22:02:02 +0200
commit	fcfa50c78179408a3c724d22a0b7aa19f581864d (patch)
tree	ca32616a9a1ea20771edfc358e926adba6450922 /PKGBUILD
download	aur-fcfa50c78179408a3c724d22a0b7aa19f581864d.tar.gz