diff options
Diffstat (limited to 'PKGBUILD')
| -rw-r--r-- | PKGBUILD | 263 |
1 files changed, 263 insertions, 0 deletions
diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..04607c063b81 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,263 @@ +# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Contributor: Daniel Micay <danielmicay@gmail.com> +# Contributor: Tobias Powalowski <tpowa@archlinux.org> +# Contributor: Thomas Baechler <thomas@archlinux.org> + +pkgbase=linux-hardened-git +_gitbranch=5.3 +pkgver=5.3.0.r857780.g1317ca6048b5 +pkgrel=1 +url='https://github.com/anthraxx/linux-hardened' +arch=('x86_64') +license=('GPL2') +makedepends=( + xmlto kmod inetutils bc libelf python-sphinx python-sphinx_rtd_theme + graphviz imagemagick git +) +options=('!strip') +source=("git+https://github.com/anthraxx/linux-hardened#branch=${_gitbranch}?signed" + config.x86_64 # the main kernel config files + 60-linux.hook # pacman hook for depmod + 90-linux.hook # pacman hook for initramfs regeneration + linux.preset # standard config files for mkinitcpio ramdisk +) +replaces=('linux-grsec') +sha256sums=('SKIP' + '66428e31326e373868fbfe9bd67b54b3f81ef7accf303f388637bba43a0965c6' + 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' + 'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636' + 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65') +validpgpkeys=( + 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds + '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman + '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay + 'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak + ) + +_kernelname=${pkgbase#linux} +: ${_kernelname:=-hardened} + +pkgver() { + cd ${pkgbase/-git/} + printf "%s.%s.%s%s.r%s.g%s" \ + "$(grep '^VERSION = ' Makefile|awk -F' = ' '{print $2}')" \ + "$(grep '^PATCHLEVEL = ' Makefile|awk -F' = ' '{print $2}')" \ + "$(grep '^SUBLEVEL = ' Makefile|awk -F' = ' '{print $2}')" \ + "$(grep '^EXTRAVERSION = ' Makefile|awk -F' = ' '{print $2}'|sed 's/-//')" \ + "$(git rev-list --count HEAD)" \ + "$(git rev-parse --short HEAD)" +} + +prepare() { + cd ${pkgbase/-git/} + + msg2 "Setting version..." + rm -f localversion* include/config/kernel.release + scripts/setlocalversion --save-scmversion + echo "-$pkgrel" > localversion.10-pkgrel + echo "$_kernelname" > localversion.20-pkgname + echo "-r$(git rev-list --count HEAD)" > localversion.30-revision + + local src + for src in "${source[@]}"; do + src="${src%%::*}" + src="${src##*/}" + [[ $src = *.patch ]] || continue + msg2 "Applying patch $src..." + patch -Np1 < "../$src" + done + + msg2 "Setting config..." + cp ../config.x86_64 .config + make olddefconfig + + make -s kernelrelease > ../version + msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)" +} + +build() { + cd ${pkgbase/-git/} + make bzImage modules htmldocs +} + +_package() { + pkgdesc="The ${pkgbase/linux/Linux} kernel and modules" + [[ $pkgbase = linux ]] && groups=(base) + depends=(coreutils linux-firmware kmod mkinitcpio) + optdepends=('crda: to set the correct wireless channels of your country' + 'usbctl: deny_new_usb control') + backup=("etc/mkinitcpio.d/$pkgbase.preset") + install=linux.install + + local kernver="$(<version)" + local modulesdir="$pkgdir/usr/lib/modules/$kernver" + + cd ${pkgbase/-git/} + + msg2 "Installing boot image..." + # systemd expects to find the kernel here to allow hibernation + # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 + install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" + install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-${pkgbase/-git/}" + + msg2 "Installing modules..." + make INSTALL_MOD_PATH="$pkgdir/usr" modules_install + + # a place for external modules, + # with version file for building modules and running depmod from hook + local extramodules="extramodules$_kernelname" + local extradir="$pkgdir/usr/lib/modules/$extramodules" + install -Dt "$extradir" -m644 ../version + ln -sr "$extradir" "$modulesdir/extramodules" + + # remove build and source links + rm "$modulesdir"/{source,build} + + msg2 "Installing hooks..." + # sed expression for following substitutions + local subst=" + s|%PKGBASE%|${pkgbase/-git/}|g + s|%KERNVER%|$kernver|g + s|%EXTRAMODULES%|$extramodules|g + " + + # hack to allow specifying an initially nonexisting install file + sed "$subst" "$startdir/$install" > "$startdir/$install.pkg" + true && install=$install.pkg + + # fill in mkinitcpio preset and pacman hooks + sed "$subst" ../linux.preset | install -Dm644 /dev/stdin \ + "$pkgdir/etc/mkinitcpio.d/${pkgbase/-git/}.preset" + sed "$subst" ../60-linux.hook | install -Dm644 /dev/stdin \ + "$pkgdir/usr/share/libalpm/hooks/60-${pkgbase/-git/}.hook" + sed "$subst" ../90-linux.hook | install -Dm644 /dev/stdin \ + "$pkgdir/usr/share/libalpm/hooks/90-${pkgbase/-git/}.hook" + + msg2 "Fixing permissions..." + chmod -Rc u=rwX,go=rX "$pkgdir" +} + +_package-headers() { + pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel" + + local builddir="$pkgdir/usr/lib/modules/$(<version)/build" + + cd ${pkgbase/-git/} + + msg2 "Installing build files..." + install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux + install -Dt "$builddir/kernel" -m644 kernel/Makefile + install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile + cp -t "$builddir" -a scripts + + # add objtool for external module building and enabled VALIDATION_STACK option + install -Dt "$builddir/tools/objtool" tools/objtool/objtool + + # add xfs and shmem for aufs building + mkdir -p "$builddir"/{fs/xfs,mm} + + # ??? + mkdir "$builddir/.tmp_versions" + + msg2 "Installing headers..." + cp -t "$builddir" -a include + cp -t "$builddir/arch/x86" -a arch/x86/include + install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s + + install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h + install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h + + # http://bugs.archlinux.org/task/13146 + install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h + + # http://bugs.archlinux.org/task/20402 + install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h + install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h + install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h + + msg2 "Installing KConfig files..." + find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \; + + msg2 "Removing unneeded architectures..." + local arch + for arch in "$builddir"/arch/*/; do + [[ $arch = */x86/ ]] && continue + echo "Removing $(basename "$arch")" + rm -r "$arch" + done + + msg2 "Removing documentation..." + rm -r "$builddir/Documentation" + + msg2 "Removing broken symlinks..." + find -L "$builddir" -type l -printf 'Removing %P\n' -delete + + msg2 "Removing loose objects..." + find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete + + msg2 "Stripping build tools..." + local file + while read -rd '' file; do + case "$(file -bi "$file")" in + application/x-sharedlib\;*) # Libraries (.so) + strip -v $STRIP_SHARED "$file" ;; + application/x-archive\;*) # Libraries (.a) + strip -v $STRIP_STATIC "$file" ;; + application/x-executable\;*) # Binaries + strip -v $STRIP_BINARIES "$file" ;; + application/x-pie-executable\;*) # Relocatable binaries + strip -v $STRIP_SHARED "$file" ;; + esac + done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) + + msg2 "Adding symlink..." + mkdir -p "$pkgdir/usr/src" + ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase-$pkgver" + + msg2 "Fixing permissions..." + chmod -Rc u=rwX,go=rX "$pkgdir" +} + +_package-docs() { + pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel" + + local builddir="$pkgdir/usr/lib/modules/$(<version)/build" + + cd ${pkgbase/-git/} + + msg2 "Installing documentation..." + mkdir -p "$builddir" + cp -t "$builddir" -a Documentation + + msg2 "Removing doctrees..." + rm -r "$builddir/Documentation/output/.doctrees" + + msg2 "Moving HTML docs..." + local src dst + while read -rd '' src; do + dst="$builddir/Documentation/${src#$builddir/Documentation/output/}" + mkdir -p "${dst%/*}" + mv "$src" "$dst" + rmdir -p --ignore-fail-on-non-empty "${src%/*}" + done < <(find "$builddir/Documentation/output" -type f -print0) + + msg2 "Adding symlink..." + mkdir -p "$pkgdir/usr/share/doc" + ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/${pkgbase/-git/}" + + msg2 "Fixing permissions..." + chmod -Rc u=rwX,go=rX "$pkgdir" +} + +pkgname=(linux-hardened-git linux-hardened-headers-git linux-hardened-docs-git) +for _p in "${pkgname[@]}"; do + _p=${_p/-git/} + eval "package_$_p-git() { + provides=(${_p}) + conflicts=(${_p}) + $(declare -f "_package${_p#linux-hardened}") + _package${_p#linux-hardened} + }" +done + +# vim:set ts=8 sts=2 sw=2 et: |