aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-lts/APKBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-lts/APKBUILD')
-rw-r--r--main/linux-lts/APKBUILD217
1 files changed, 142 insertions, 75 deletions
diff --git a/main/linux-lts/APKBUILD b/main/linux-lts/APKBUILD
index dda98f6810f..d5e710a3fea 100644
--- a/main/linux-lts/APKBUILD
+++ b/main/linux-lts/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=lts
-pkgname=linux-${_flavor}
-pkgver=5.15.43
+pkgname=linux-$_flavor
+pkgver=6.6.28
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
@@ -10,16 +10,18 @@ esac
pkgrel=0
pkgdesc="Linux lts kernel"
url="https://www.kernel.org"
-depends="mkinitfs>=3.6.0"
+depends="initramfs-generator"
_depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison zstd"
-makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl1.1-compat-dev mawk
- diffutils findutils zstd"
-options="!strip"
+makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev>3 mawk
+ diffutils findutils zstd pahole python3 gcc>=13.1.1_git20230624"
+options="!strip !check"
_config=${config:-config-lts.${CARCH}}
-install=
source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
- 0001-powerpc-config-defang-gcc-check-for-stack-protector-.patch
- vmlinux-zstd.patch
+ 0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
+ 0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
+ 0003-kexec-add-kexec_load_disabled-boot-option.patch
+ 0004-objtool-respect-AWK-setting.patch
+ 0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
lts.aarch64.config
lts.armv7.config
@@ -27,6 +29,7 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver
lts.x86_64.config
lts.ppc64le.config
lts.s390x.config
+ lts.loongarch64.config
virt.aarch64.config
virt.armv7.config
@@ -34,58 +37,49 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver
virt.x86.config
virt.x86_64.config
"
-subpackages="$pkgname-dev:_dev:$CBUILD_ARCH"
-_flavors=
+subpackages="$pkgname-dev:_dev:$CBUILD_ARCH $pkgname-doc"
for _i in $source; do
case $_i in
*.$CARCH.config)
- _f=${_i%.$CARCH.config}
- _flavors="$_flavors ${_f}"
+ _f=${_i%."$CARCH".config}
+ _flavors="$_flavors $_f"
if [ "linux-$_f" != "$pkgname" ]; then
- subpackages="$subpackages linux-${_f}::$CBUILD_ARCH linux-${_f}-dev:_dev:$CBUILD_ARCH"
+ subpackages="$subpackages linux-$_f::$CBUILD_ARCH linux-$_f-dev:_dev:$CBUILD_ARCH"
fi
;;
esac
done
+builddir="$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
source="$source
https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/patch-$pkgver.xz"
fi
arch="all !armhf !riscv64"
-license="GPL-2.0"
+license="GPL-2.0-only"
# secfixes:
# 5.10.4-r0:
# - CVE-2020-29568
# - CVE-2020-29569
+# 5.15.74-r0:
+# - CVE-2022-41674
+# - CVE-2022-42719
+# - CVE-2022-42720
+# - CVE-2022-42721
+# - CVE-2022-42722
+# 6.1.27-r3:
+# - CVE-2023-32233
+# 6.6.13-r1:
+# - CVE-46838
prepare() {
- local _patch_failed=
- cd "$srcdir"/linux-$_kernver
if [ "$_kernver" != "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N
fi
- # first apply patches in specified order
- for i in $source; do
- case $i in
- *.patch)
- msg "Applying $i..."
- if ! patch -s -p1 -N -i "$srcdir"/$i; then
- echo $i >>failed
- _patch_failed=1
- fi
- ;;
- esac
- done
-
- if ! [ -z "$_patch_failed" ]; then
- error "The following patches failed:"
- cat failed
- return 1
- fi
+ default_prepare
# remove localversion from patch if any
rm -f localversion*
@@ -99,6 +93,8 @@ _kernelarch() {
mips*) arch="mips" ;;
ppc*) arch="powerpc" ;;
s390*) arch="s390" ;;
+ riscv*) arch="riscv" ;;
+ loongarch64) arch="loongarch" ;;
esac
echo "$arch"
}
@@ -109,15 +105,25 @@ _prepareconfig() {
local _config=$_flavor.$_arch.config
local _builddir="$srcdir"/build-$_flavor.$_arch
mkdir -p "$_builddir"
- echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine \
- || return 1
+ echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
cp "$srcdir"/$_config "$_builddir"/.config
msg "Configuring $_flavor kernel ($_arch)"
- make -C "$srcdir"/linux-$_kernver \
+ make -C "$builddir" \
O="$_builddir" \
ARCH="$(_kernelarch $_arch)" \
olddefconfig
+
+ if grep "CONFIG_MODULE_SIG=y" "$_builddir"/.config >/dev/null; then
+ if [ -f "$KERNEL_SIGNING_KEY" ]; then
+ sed -i -e "s:^CONFIG_MODULE_SIG_KEY=.*:CONFIG_MODULE_SIG_KEY=\"$KERNEL_SIGNING_KEY\":" \
+ "$_builddir"/.config
+ msg "Using $KERNEL_SIGNING_KEY to sign $_flavor kernel ($_arch) modules"
+ else
+ warning "KERNEL_SIGNING_KEY was not set. A signing key will be generated, but 3rd"
+ warning "party modules can not be signed"
+ fi
+ fi
}
listconfigs() {
@@ -143,14 +149,15 @@ prepareconfigs() {
prepareupdate() {
clean && fetch && unpack && prepare && deps
prepareconfigs
- rm -r "$srcdir"/linux-$_kernver
+ rm -r "$builddir"
}
updateconfigs() {
- if ! [ -d "$srcdir"/linux-$_kernver ]; then
+ if ! [ -d "$builddir" ]; then
deps && fetch && unpack && prepare
fi
- for _config in $(listconfigs); do
+ for _config in ${CONFIGS:-$(listconfigs)}; do
+ msg "updating $_config"
local _flavor=${_config%%.*}
local _arch=${_config%.config}
_arch=${_arch#*.}
@@ -161,9 +168,9 @@ updateconfigs() {
if ! [ -f "$_builddir"/.config ]; then
cp "$srcdir"/$_config "$_builddir"/.config
actions="olddefconfig"
- env | grep ^CONFIG_ >> "$_builddir"/.config || true
fi
- make -j1 -C "$srcdir"/linux-$_kernver \
+ env | grep ^CONFIG_ >> "$_builddir"/.config || true
+ make -j1 -C "$builddir" \
O="$_builddir" \
ARCH="$(_kernelarch $_arch)" \
$actions savedefconfig
@@ -174,6 +181,9 @@ updateconfigs() {
build() {
unset LDFLAGS
+ # for some reason these sometimes leak into the kernel build,
+ # -Werror=format-security breaks some stuff
+ unset CFLAGS CPPFLAGS CXXFLAGS
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
for i in $_flavors; do
_prepareconfig "$i" "$CARCH"
@@ -181,6 +191,14 @@ build() {
for i in $_flavors; do
msg "Building $i kernel"
cd "$srcdir"/build-$i.$CARCH
+
+ # set org in cert for modules signing
+ # https://www.kernel.org/doc/html/v6.1/admin-guide/module-signing.html#generating-signing-keys
+ mkdir -p certs
+ sed -e 's/#O = Unspecified company/O = alpinelinux.org/' \
+ "$builddir"/certs/default_x509.genkey \
+ > certs/x509.genkey
+
make ARCH="$(_kernelarch $CARCH)" \
CC="${CC:-gcc}" \
AWK="${AWK:-mawk}" \
@@ -190,10 +208,10 @@ build() {
_package() {
local _buildflavor="$1" _outdir="$2"
- local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
cd "$srcdir"/build-$_buildflavor.$CARCH
+ local _abi_release="$(make -s kernelrelease)"
# modules_install seems to regenerate a defect Modules.symvers on s390x. Work
# around it by backing it up and restore it after modules_install
cp Module.symvers Module.symvers.backup
@@ -202,31 +220,59 @@ _package() {
local _install
case "$CARCH" in
- arm*|aarch64) _install="zinstall dtbs_install";;
+ arm*|aarch64|riscv*) _install="zinstall dtbs_install";;
*) _install=install;;
esac
- make -j1 modules_install $_install \
+ make modules_install $_install \
ARCH="$(_kernelarch $CARCH)" \
INSTALL_MOD_PATH="$_outdir" \
+ INSTALL_MOD_STRIP=1 \
INSTALL_PATH="$_outdir"/boot \
INSTALL_DTBS_PATH="$_outdir/boot/dtbs-$_buildflavor"
cp Module.symvers.backup Module.symvers
- rm -f "$_outdir"/lib/modules/${_abi_release}/build \
- "$_outdir"/lib/modules/${_abi_release}/source
+ rm -f "$_outdir"/lib/modules/"$_abi_release"/build \
+ "$_outdir"/lib/modules/"$_abi_release"/source
rm -rf "$_outdir"/lib/firmware
install -D -m644 include/config/kernel.release \
"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
+
+ case "$CARCH" in
+ loongarch64)
+ mv "$_outdir"/boot/vmlinuz-$_abi_release \
+ "$_outdir"/boot/vmlinuz-$_buildflavor
+
+ mv "$_outdir"/boot/config-$_abi_release \
+ "$_outdir"/boot/config-$_buildflavor
+
+ mv "$_outdir"/boot/System.map-$_abi_release \
+ "$_outdir"/boot/System.map-$_buildflavor
+ ;;
+ esac
}
# main flavor installs in $pkgdir
package() {
depends="$depends linux-firmware-any"
- _package lts "$pkgdir"
+ _package "$_flavor" "$pkgdir"
+
+ # copy files for linux-lts-doc sub package
+ mkdir -p "$pkgdir"/usr/share/doc
+ cp -r "$builddir"/Documentation \
+ "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/
+ # remove files that aren't part of the documentation itself
+ for nondoc in \
+ .gitignore conf.py docutils.conf \
+ dontdiff Kconfig Makefile
+ do
+ rm "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/"$nondoc"
+ done
+ # create /usr/share/doc/linux-doc symlink
+ cd "$pkgdir"/usr/share/doc; ln -s linux-doc-"$pkgver" linux-doc
}
# subflavors install in $subpkgdir
@@ -236,7 +282,8 @@ virt() {
_dev() {
local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
- local _abi_release=${pkgver}-${pkgrel}-$_flavor
+ local _builddir="$srcdir"/build-$_flavor.$CARCH
+ local _abi_release="$(make -C "$_builddir" -s kernelrelease)"
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
@@ -246,30 +293,32 @@ _dev() {
#
pkgdesc="Headers and script for third party modules for $_flavor kernel"
depends="$_depends_dev"
- local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
+ local dir="$subpkgdir"/usr/src/linux-headers-"$_abi_release"
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
- local _builddir="$srcdir"/build-$_flavor.$CARCH
cp -a "$_builddir"/.config "$_builddir"/localversion-alpine \
"$dir"/
- make -j1 -C "$srcdir"/linux-$_kernver \
+ install -D -t "$dir"/certs "$_builddir"/certs/signing_key.x509 || :
+
+ make -C "$builddir" \
O="$dir" \
ARCH="$(_kernelarch $CARCH)" \
+ AWK="${AWK:-mawk}" \
prepare modules_prepare scripts
# remove the stuff that points to real sources. we want 3rd party
- # modules to believe this is the soruces
+ # modules to believe this is the sources
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
- cd "$srcdir"/linux-$_kernver
+ cd "$builddir"
find . -path './include/*' -prune \
-o -path './scripts/*' -prune -o -type f \
\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
@@ -278,31 +327,49 @@ _dev() {
cp -a scripts include "$dir"
- find $(find arch -name include -type d -print) -type f \
- | cpio -pdm "$dir"
+ find "arch/$_karch" -name include -type d -print | while IFS='' read -r folder; do
+ find "$folder" -type f
+ done | sort -u | cpio -pdm "$dir"
install -Dm644 "$srcdir"/build-$_flavor.$CARCH/Module.symvers \
"$dir"/Module.symvers
- mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
- ln -sf /usr/src/linux-headers-${_abi_release} \
- "$subpkgdir"/lib/modules/${_abi_release}/build
+ # remove unneeded things
+ msg "Removing documentation..."
+ rm -r "$dir"/Documentation
+ find "$dir" -type f -name '*.o' -printf 'Removing %P\n' -delete
+ local _karch="$(_kernelarch $CARCH | sed 's/x86_64/x86/')"
+ msg "Removing unneeded arch headers..."
+ for i in "$dir"/arch/*; do
+ if [ "${i##*/}" != "$_karch" ]; then
+ echo " ${i##*/}"
+ rm -r "$i"
+ fi
+ done
+
+ mkdir -p "$subpkgdir"/lib/modules/"$_abi_release"
+ ln -sf /usr/src/linux-headers-"$_abi_release" \
+ "$subpkgdir"/lib/modules/"$_abi_release"/build
}
sha512sums="
-d25ad40b5bcd6a4c6042fd0fd84e196e7a58024734c3e9a484fd0d5d54a0c1d87db8a3c784eff55e43b6f021709dc685eb0efa18d2aec327e4f88a79f405705a linux-5.15.tar.xz
-214c54a839ae37849715520f4b1049f0df5366ca32522701b43afecfad116794c4542940ba32d389f28f2549d08c03d148f884cb8e565b75aa3c0cad6a4887b7 0001-powerpc-config-defang-gcc-check-for-stack-protector-.patch
-d26d3f99fdcbd0f56e9af32a281870bbfd9fe6a12d17921ef3876e72bd1e92a3c131e06567078a45c11a41826b39d3068cc6f0e89f67d9e16a14825984869268 vmlinux-zstd.patch
-d0259edbe3a3ee6bbaa170b85b505a93a5593c639ef180dd960d3ed599165680446c137c727a74fe9069cc8007413580bbe5d25c2f52b061b622e53beb52e6d7 lts.aarch64.config
-723fd8d1f64ebdcd197abc9caa55a367626ee6b71ec0313beef2fab2738ff7edc7ce9088e73044ca87f467df5b7e3c84f402ef9f1df3cba99499836e16f151d8 lts.armv7.config
-292061d4afca8f9a513315fd493978c595fc1e67a09d86485e781295d0974ad19581c06300ebe7819091845f34ab620c79f45ebee7a82fefdbc7d7b4e676c67a lts.x86.config
-f2cb6bed41d8462f3dc809cefa7b5b22a82490ec952cf3130259d2d52a2e3442286e944ffedc63d2aebf952a391944a3246be6522733cbc91e99a4f8871e1d1b lts.x86_64.config
-9ec8398c5fb10a194f118fb17ac81a728f7310804d03d7bedafe5ce767743d7ba1942838bfa2602a08bcd4ad54b8b1abae1ee4796c40a3795463db6c26da32f8 lts.ppc64le.config
-7f57a417441458cc3034876382398608106003e499f77f803c658bb8105e72f824af29e86af3657c93b46950471125fca138e44a473e3238b787f28f9ade2bfc lts.s390x.config
-3af17cda24c571f84106dd1bdf894c761e8caecff9903324f8489b82e4937a0e2218158d1715906f645e1d2b1c0b832af9382f17c311a00e9d2565329aedd6f0 virt.aarch64.config
-1caee751e95055919866a0f2fa87d1ea56454eebbd3b93be6e5af8c2b5f27ce4d122dffb6f7b2dfb9215b96106c523edcf78d1918bf2f1705a26d3712d2a2513 virt.armv7.config
-a6021519a9c71ae86199b87f458f3814d67c03cc005301d48d4a9f44280627fad4a70138ee4e0c42d67367b30d9a0c123f61592bc7c89084dd2a40af5dea7230 virt.ppc64le.config
-c0ddfee06f958192653d840ca14fd60d5d3d88311b1335d691fc4d4c5a7575c5771351a0ec5e3d34544c76c34e4ee8731cc45fa18da77909924f0b9b6ef75d87 virt.x86.config
-fd5dea1a2ada211e1cf673553a0e2df3af7ffc4ae35b316b0d009145bcddf984cfd98c2b1e91de08c10a3442e32ff470d1285ef5d291068fb319160bb9552cf1 virt.x86_64.config
-70c674983f00613615c927c90378ffcd1f0fadd8ac8622cd08633da74f7978972912cbd7020d4304e6fa9e3d41f3683c551d82615d095dcdd32be61498323e3b patch-5.15.43.xz
+458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 linux-6.6.tar.xz
+58bf9e84fb01f811f0cada7f7953d111908f0b0650648d6a3522061fe08c9fe284c9315515ae386189253e37d0c92419f78048d6568e2e426654b1e61010685f 0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
+763dcb40f698d43b0bb856f44493973e840b66efe62a8fd41a08b6e3fa38cf903e059d107be3735ab2f38a0f27bdb0262798e5e530a1905f96195cd8bcf62fdf 0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
+75f232b6becee7d36d360ffaf2aaa837d13518f9ec620ca159bcb2a0e98eb18a77631406a9b44244ea0164a7ed59fad583823909681e9b894a012f9d13365b69 0003-kexec-add-kexec_load_disabled-boot-option.patch
+2956050bb332411d00a285e9656618f2e34b631492bbc19bef54d83a6e91b8531f4e18830b9313cfe52fbf8a8ca6fb76cf55b3ddd146ca3b977046cf2fd10cad 0004-objtool-respect-AWK-setting.patch
+4b16f15b47b5e5835b926126e39723f519290469517875cfb2d2b857a93ad1344f0d1ba4b255289e20f4da9c867647526b344f752981cee0a48c51577badac3f 0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
+db28d1a2fe74f1d5147ccbaf693d464e7e52ca911433debe50c7dccdbb382baf2de193820e7ec11b9eff7a57e5266c4490e240b5c7bd657297829737f449c458 lts.aarch64.config
+00f389f3f53b71b963e1f730d869b97c990499febecaa62b620c9cc9ac759b538c87526de894faa1a51b223ebbb1e5ed31dfa778bc11fd66c77095430666c6c1 lts.armv7.config
+6dd7a9aa588fa5b3d15bf1064d12b44c74b3445d9cfed16950e309225b115a6706cb26798cab7cf29413514979d0600b827b32871767413b244dad73b8455331 lts.x86.config
+0c364a4098dd69cf5e95c6a90f60a0a3cbe21d4ffa1ac91ddd0f8ce7a7efecbe1189554549ff546ece9284a33c4c34969882d93a3a0d71098acaaaa1d9f9860c lts.x86_64.config
+d2664761764e9c0b1a3cdcc028fbeb2bb8b98fe28ce5bcda832fbdc69316cff41e78402f834b8cb2e16d9f1743568d9cfbe5ec1e4a4437cd0526464e521519d2 lts.ppc64le.config
+a29343f52d69e7f8b91d92421098ade75b3249fa356c4c909b02c92efc49bfc98c52e43c715ca803da91255822865c7274794aa52f934c588dcd333b6c6dce14 lts.s390x.config
+fc45e1f44c4f97ad00349ae412507ac6d040da4c071d3485ef8ac0f30e703424111fc2f6f9146eb901a84322fda2f3bb8bad66d3fd9cf152156e666398fd22e3 lts.loongarch64.config
+a66b4f86921bc34f931b00a81bc56c837ca34abf984720fcbcdaaabeaef767427b2805fc1056eea7ed732685bfbdf8850425e5eab10918a7ff6f5d2a1a2388c9 virt.aarch64.config
+8251d9f585e4468f54e800e0cbecff5ed7dba4f06ecd40309d3eae64804d3b6074a5b1082bf9ab3ae33259afe9e64bcec5b69db487f0c0b53ccec72f2fa441bc virt.armv7.config
+461623079918cf73d621231c86497273be91bec9fc2d2aa4c520720a7a432c1dd0b7ee29652c90d8f21bd2293a3a8022aa55f2ac767fc3f0cc72d10c06fc3c24 virt.ppc64le.config
+bc3f98ab75e02f6baf47bc8372b0b8ba75aae68b0a5130f7e53076dce255dc16f6c5afe8acec1aa848b51c391255285d3f2cdd491388acdf00dc90a42d64a1f8 virt.x86.config
+5fc65b8033c56b58dc5c9a227a6bcb1069d53fabc79864c65ddb86d4fef25692b107665aaeb4fb07fe05bb7c1085956e18adf9cb2b62487a7f2202aded9162b7 virt.x86_64.config
+26d7bacd5516faa6377b135fb066bd8a00323a8999840b9a74ef03de8b993d2cba59e7f182a318b93b50de1f3453935bbbfd65c7ee1eaf3cb6dba5dcbab35724 patch-6.6.28.xz
"
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-19 22:23:44 +0000