Package Details: linux-apparmor-headers 4.18.8.arch1-1

Git Clone URL: https://aur.archlinux.org/linux-apparmor.git (read-only)
Package Base: linux-apparmor
Description: Header files and scripts for building modules for Linux-apparmor kernel
Upstream URL: https://git.archlinux.org/linux.git/log/?h=v4.18.8-arch1
Licenses: GPL2
Submitter: alzeih
Maintainer: alzeih
Last Packager: alzeih
Votes: 7
Popularity: 0.696763
First Submitted: 2017-12-04 08:02
Last Updated: 2018-09-20 00:17

Dependencies (8)

Required by (0)

Sources (6)

Latest Comments

alzeih commented on 2018-09-20 00:19

@egrupled: Thanks!

I'll keep maintaining this package for those who are using it, as linux-apparmor also sets:

CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_DEFAULT_SECURITY_APPARMOR=y

which core/linux currently does not (people who want selinux would probably not be happy with that).

I encourage everyone who doesn't need this to switch to core/linux and configure your boot loader appropriately, unless you still want to compile your own kernel of course.

egrupled commented on 2018-09-17 18:45

FYI: AppArmor is enabled in Archlinux kernels now: https://wiki.archlinux.org/index.php/AppArmor#Kernel

alzeih commented on 2018-07-14 09:01

@rasmusowl : See https://wiki.archlinux.org/index.php/makepkg#Signature_checking for an explanation.

You could run (as the current user):

gpg --recv-keys ABAF11C65A2970B130ABE3C479BE3E4300411886 647F28654894E3BD457199BE38DBBDC86092693E

More tips at https://wiki.archlinux.org/index.php/GnuPG#Import_a_public_key.

rasmusowl commented on 2018-07-14 08:03

Verifying source file signatures with gpg... linux-4.17.tar ... FAILED (unknown public key 79BE3E4300411886) patch-4.17.4 ... FAILED (unknown public key 38DBBDC86092693E) ==> ERROR: One or more PGP signatures could not be verified!

Can some one help me why I'm getting this error

alzeih commented on 2018-06-19 22:25

@renyuneyun A custom repo sounds like a good idea for those who want it. You don’t mention what you are using for automation, but could you parse the .SRCINFO for AUR packages instead of the PKGBUILD? I think this is how the AUR itself handles this problem.

renyuneyun commented on 2018-06-19 09:24

@alzeih Thanks for the clarification. It makes sense. I didn't really carefully read the content of core/linux/PKGBUILD previously (when I manually build kernel for apparmor on my machine).

The reason that I gave this modification is that I'm packaging this package in an automated process (of a custom arch repo), which can leverage the default split package behaviour of makepkg. The automated process doesn't support non-standard split package handling (yet?), so a "correct" PKGBUILD is needed.

Anyway, since this behaviour is inherited from official PKGBUILD and I think it's constant/static, I'll write a script to automatically change the content for the repo.

alzeih commented on 2018-06-13 11:06

@renyuneyun Thanks for the patch! It makes sense given this PKGBUILD, however there are some other considerations.

This PKGBUILD is based upon core/linux's PKGBUILD. It's kept closely based so it's easy for someone to directly compare the two and be satisfied there is nothing unexpected.

The core/linux PKGBUILD allows for the pkgbase to be altered so it's easier for a custom kernel to be installed alongside the stock archlinux kernel. This seems to be why the original PKGBUILD doesn't use the automatic processes in makepkg.

If the split packages were not being generated then this would need fixing. As the split packages are being generated there's no need to fix it at the moment.

I will add back this line to the PKGBUILD:

#pkgbase=linux-custom       # Build kernel with a different name

which should make it clearer why the PKGBUILD is written as it is, and also make it easier to build the split packages with a different pkgbase.

renyuneyun commented on 2018-06-12 14:40

I made some changes to the PKGBUILD to use the automatic processes in makepkg. This will make makepkg generate the split packages correctly.

# https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/linux 
# Maintainer: alzeih <alzeih@users.noreply.github.com>

pkgbase=linux-apparmor
pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
_srcname=linux-4.16
pkgver=4.16.12
pkgrel=1
arch=('x86_64')
url="https://www.kernel.org/"
license=('GPL2')
makedepends=('xmlto' 'kmod' 'inetutils' 'bc' 'libelf')
options=('!strip')
source=(
  https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.{xz,sign}
  https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.{xz,sign}
  config         # the main kernel config file
  60-linux.hook  # pacman hook for depmod
  90-linux.hook  # pacman hook for initramfs regeneration
  linux.preset   # standard config files for mkinitcpio ramdisk
  'config.fragment'
  0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
  0002-ACPI-watchdog-Prefer-iTCO_wdt-on-Lenovo-Z50-70.patch
  0003-Revert-drm-i915-edp-Allow-alternate-fixed-mode-for-e.patch
)
validpgpkeys=(
  'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
  '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
)
sha256sums=('63f6dc8e3c9f3a0273d5d6f4dca38a2413ca3a5f689329d05b750e4c87bb21b9'
            'SKIP'
            '70a6381aca28b1d271e85bc38fab05af4525d9fdc2c5bb87182b3351db8c4fa2'
            'SKIP'
            'e39c02fd021f125a6202f7e4c0692dfd3ced93d404ecb6c8dca6994c8e17b227'
            'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
            '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
            '728ea88383ce6c542e2969246036f454395d5412779ffb5299639610b82b21f1'
            '8d6a5f34b3d79e75b0cb888c6bcf293f84c5cbb2757f7bdadafee7e0ea77d7dd'
            '2454c1ee5e0f5aa119fafb4c8d3b402c5e4e10b2e868fe3e4ced3b1e2aa48446'
            '8114295b8c07795a15b9f8eafb0f515c34661a1e05512da818a34581dd30f87e')

_kernelname=${pkgbase#linux}
: ${_kernelname:=-ARCH}

prepare() {
  cd ${_srcname}

  # add upstream patch
  patch -p1 -i ../patch-${pkgver}

  # add latest fixes from stable queue, if needed
  # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git

  # disable USER_NS for non-root users by default
  patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch

  # https://bugs.archlinux.org/task/56780
  patch -Np1 -i ../0002-ACPI-watchdog-Prefer-iTCO_wdt-on-Lenovo-Z50-70.patch

  # https://bugs.archlinux.org/task/56711
  patch -Np1 -i ../0003-Revert-drm-i915-edp-Allow-alternate-fixed-mode-for-e.patch

  cat ../config - >.config <<END
CONFIG_LOCALVERSION="${_kernelname}"
CONFIG_LOCALVERSION_AUTO=n
END

  # set extraversion to pkgrel and empty localversion
  sed -e "/^EXTRAVERSION =/s/=.*/= -${pkgrel}/" \
      -e "/^EXTRAVERSION =/aLOCALVERSION =" \
      -i Makefile

  # don't run depmod on 'make install'. We'll do this ourselves in packaging
  sed -i '2iexit 0' scripts/depmod.sh

  # get kernel version
  make prepare

  # load configuration
  # Configure the kernel. Replace the line below with one of your choice.
  #make menuconfig # CLI menu for configuration
  #make nconfig # new CLI menu for configuration
  #make xconfig # X-based configuration
  #make oldconfig # using old config from previous kernel version
  # ... or manually edit .config
  ./scripts/kconfig/merge_config.sh -m .config ../config.fragment

  # rewrite configuration
  yes "" | make config >/dev/null
}

build() {
  cd ${_srcname}

  make bzImage modules
}

package_linux-apparmor() {
  pkgdesc="The ${pkgbase/linux/Linux} kernel and modules"
  [ "${pkgbase}" = "linux" ] && groups=('base')
  depends=('coreutils' 'linux-firmware' 'kmod' 'mkinitcpio>=0.7')
  optdepends=('crda: to set the correct wireless channels of your country')
  backup=("etc/mkinitcpio.d/${pkgbase}.preset")
  install=linux.install

  cd ${_srcname}

  # get kernel version
  _kernver="$(make kernelrelease)"
  _basekernel=${_kernver%%-*}
  _basekernel=${_basekernel%.*}

  mkdir -p "${pkgdir}"/{boot,usr/lib/modules}
  make INSTALL_MOD_PATH="${pkgdir}/usr" modules_install
  cp arch/x86/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"

  # make room for external modules
  local _extramodules="extramodules-${_basekernel}${_kernelname}"
  ln -s "../${_extramodules}" "${pkgdir}/usr/lib/modules/${_kernver}/extramodules"

  # add real version for building modules and running depmod from hook
  echo "${_kernver}" |
    install -Dm644 /dev/stdin "${pkgdir}/usr/lib/modules/${_extramodules}/version"

  # remove build and source links
  rm "${pkgdir}"/usr/lib/modules/${_kernver}/{source,build}

  # now we call depmod...
  depmod -b "${pkgdir}/usr" -F System.map "${_kernver}"

  # add vmlinux
  install -Dt "${pkgdir}/usr/lib/modules/${_kernver}/build" -m644 vmlinux

  # sed expression for following substitutions
  local _subst="
    s|%PKGBASE%|${pkgbase}|g
    s|%KERNVER%|${_kernver}|g
    s|%EXTRAMODULES%|${_extramodules}|g
  "

  # hack to allow specifying an initially nonexisting install file
  sed "${_subst}" "${startdir}/${install}" > "${startdir}/${install}.pkg"
  true && install=${install}.pkg

  # install mkinitcpio preset file
  sed "${_subst}" ../linux.preset |
    install -Dm644 /dev/stdin "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"

  # install pacman hooks
  sed "${_subst}" ../60-linux.hook |
    install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/60-${pkgbase}.hook"
  sed "${_subst}" ../90-linux.hook |
    install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/90-${pkgbase}.hook"
}

package_linux-apparmor-headers() {
  pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel"

  cd ${_srcname}
  local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build"

  install -Dt "${_builddir}" -m644 Makefile .config Module.symvers
  install -Dt "${_builddir}/kernel" -m644 kernel/Makefile

  mkdir "${_builddir}/.tmp_versions"

  cp -t "${_builddir}" -a include scripts

  install -Dt "${_builddir}/arch/x86" -m644 arch/x86/Makefile
  install -Dt "${_builddir}/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  cp -t "${_builddir}/arch/x86" -a arch/x86/include

  install -Dt "${_builddir}/drivers/md" -m644 drivers/md/*.h
  install -Dt "${_builddir}/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "${_builddir}/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "${_builddir}/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "${_builddir}/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "${_builddir}/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  # add xfs and shmem for aufs building
  mkdir -p "${_builddir}"/{fs/xfs,mm}

  # copy in Kconfig files
  find . -name Kconfig\* -exec install -Dm644 {} "${_builddir}/{}" \;

  # add objtool for external module building and enabled VALIDATION_STACK option
  install -Dt "${_builddir}/tools/objtool" tools/objtool/objtool

  # remove unneeded architectures
  local _arch
  for _arch in "${_builddir}"/arch/*/; do
    [[ ${_arch} == */x86/ ]] && continue
    rm -r "${_arch}"
  done

  # remove files already in linux-docs package
  rm -r "${_builddir}/Documentation"

  # remove now broken symlinks
  find -L "${_builddir}" -type l -printf 'Removing %P\n' -delete

  # Fix permissions
  chmod -R u=rwX,go=rX "${_builddir}"

  # strip scripts directory
  local _binary _strip
  while read -rd '' _binary; do
    case "$(file -bi "${_binary}")" in
      *application/x-sharedlib*)  _strip="${STRIP_SHARED}"   ;; # Libraries (.so)
      *application/x-archive*)    _strip="${STRIP_STATIC}"   ;; # Libraries (.a)
      *application/x-executable*) _strip="${STRIP_BINARIES}" ;; # Binaries
      *) continue ;;
    esac
    /usr/bin/strip ${_strip} "${_binary}"
  done < <(find "${_builddir}/scripts" -type f -perm -u+w -print0 2>/dev/null)
}

package_linux-apparmor-docs() {
  pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel"

  cd ${_srcname}
  local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build"

  mkdir -p "${_builddir}"
  cp -t "${_builddir}" -a Documentation

  # Fix permissions
  chmod -R u=rwX,go=rX "${_builddir}"
}

# vim:set ts=8 sts=2 sw=2 et: