diff options
Diffstat (limited to 'main/linux-lts/APKBUILD')
-rw-r--r-- | main/linux-lts/APKBUILD | 217 |
1 files changed, 142 insertions, 75 deletions
diff --git a/main/linux-lts/APKBUILD b/main/linux-lts/APKBUILD index a9e9a98b8ef..d5e710a3fea 100644 --- a/main/linux-lts/APKBUILD +++ b/main/linux-lts/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> _flavor=lts -pkgname=linux-${_flavor} -pkgver=5.15.41 +pkgname=linux-$_flavor +pkgver=6.6.28 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; @@ -10,16 +10,18 @@ esac pkgrel=0 pkgdesc="Linux lts kernel" url="https://www.kernel.org" -depends="mkinitfs>=3.6.0" +depends="initramfs-generator" _depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison zstd" -makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl1.1-compat-dev mawk - diffutils findutils zstd" -options="!strip" +makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev>3 mawk + diffutils findutils zstd pahole python3 gcc>=13.1.1_git20230624" +options="!strip !check" _config=${config:-config-lts.${CARCH}} -install= source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz - 0001-powerpc-config-defang-gcc-check-for-stack-protector-.patch - vmlinux-zstd.patch + 0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch + 0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch + 0003-kexec-add-kexec_load_disabled-boot-option.patch + 0004-objtool-respect-AWK-setting.patch + 0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch lts.aarch64.config lts.armv7.config @@ -27,6 +29,7 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver lts.x86_64.config lts.ppc64le.config lts.s390x.config + lts.loongarch64.config virt.aarch64.config virt.armv7.config @@ -34,58 +37,49 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver virt.x86.config virt.x86_64.config " -subpackages="$pkgname-dev:_dev:$CBUILD_ARCH" -_flavors= +subpackages="$pkgname-dev:_dev:$CBUILD_ARCH $pkgname-doc" for _i in $source; do case $_i in *.$CARCH.config) - _f=${_i%.$CARCH.config} - _flavors="$_flavors ${_f}" + _f=${_i%."$CARCH".config} + _flavors="$_flavors $_f" if [ "linux-$_f" != "$pkgname" ]; then - subpackages="$subpackages linux-${_f}::$CBUILD_ARCH linux-${_f}-dev:_dev:$CBUILD_ARCH" + subpackages="$subpackages linux-$_f::$CBUILD_ARCH linux-$_f-dev:_dev:$CBUILD_ARCH" fi ;; esac done +builddir="$srcdir"/linux-$_kernver if [ "${pkgver%.0}" = "$pkgver" ]; then source="$source https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/patch-$pkgver.xz" fi arch="all !armhf !riscv64" -license="GPL-2.0" +license="GPL-2.0-only" # secfixes: # 5.10.4-r0: # - CVE-2020-29568 # - CVE-2020-29569 +# 5.15.74-r0: +# - CVE-2022-41674 +# - CVE-2022-42719 +# - CVE-2022-42720 +# - CVE-2022-42721 +# - CVE-2022-42722 +# 6.1.27-r3: +# - CVE-2023-32233 +# 6.6.13-r1: +# - CVE-46838 prepare() { - local _patch_failed= - cd "$srcdir"/linux-$_kernver if [ "$_kernver" != "$pkgver" ]; then msg "Applying patch-$pkgver.xz" unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N fi - # first apply patches in specified order - for i in $source; do - case $i in - *.patch) - msg "Applying $i..." - if ! patch -s -p1 -N -i "$srcdir"/$i; then - echo $i >>failed - _patch_failed=1 - fi - ;; - esac - done - - if ! [ -z "$_patch_failed" ]; then - error "The following patches failed:" - cat failed - return 1 - fi + default_prepare # remove localversion from patch if any rm -f localversion* @@ -99,6 +93,8 @@ _kernelarch() { mips*) arch="mips" ;; ppc*) arch="powerpc" ;; s390*) arch="s390" ;; + riscv*) arch="riscv" ;; + loongarch64) arch="loongarch" ;; esac echo "$arch" } @@ -109,15 +105,25 @@ _prepareconfig() { local _config=$_flavor.$_arch.config local _builddir="$srcdir"/build-$_flavor.$_arch mkdir -p "$_builddir" - echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine \ - || return 1 + echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine cp "$srcdir"/$_config "$_builddir"/.config msg "Configuring $_flavor kernel ($_arch)" - make -C "$srcdir"/linux-$_kernver \ + make -C "$builddir" \ O="$_builddir" \ ARCH="$(_kernelarch $_arch)" \ olddefconfig + + if grep "CONFIG_MODULE_SIG=y" "$_builddir"/.config >/dev/null; then + if [ -f "$KERNEL_SIGNING_KEY" ]; then + sed -i -e "s:^CONFIG_MODULE_SIG_KEY=.*:CONFIG_MODULE_SIG_KEY=\"$KERNEL_SIGNING_KEY\":" \ + "$_builddir"/.config + msg "Using $KERNEL_SIGNING_KEY to sign $_flavor kernel ($_arch) modules" + else + warning "KERNEL_SIGNING_KEY was not set. A signing key will be generated, but 3rd" + warning "party modules can not be signed" + fi + fi } listconfigs() { @@ -143,14 +149,15 @@ prepareconfigs() { prepareupdate() { clean && fetch && unpack && prepare && deps prepareconfigs - rm -r "$srcdir"/linux-$_kernver + rm -r "$builddir" } updateconfigs() { - if ! [ -d "$srcdir"/linux-$_kernver ]; then + if ! [ -d "$builddir" ]; then deps && fetch && unpack && prepare fi - for _config in $(listconfigs); do + for _config in ${CONFIGS:-$(listconfigs)}; do + msg "updating $_config" local _flavor=${_config%%.*} local _arch=${_config%.config} _arch=${_arch#*.} @@ -161,9 +168,9 @@ updateconfigs() { if ! [ -f "$_builddir"/.config ]; then cp "$srcdir"/$_config "$_builddir"/.config actions="olddefconfig" - env | grep ^CONFIG_ >> "$_builddir"/.config || true fi - make -j1 -C "$srcdir"/linux-$_kernver \ + env | grep ^CONFIG_ >> "$_builddir"/.config || true + make -j1 -C "$builddir" \ O="$_builddir" \ ARCH="$(_kernelarch $_arch)" \ $actions savedefconfig @@ -174,6 +181,9 @@ updateconfigs() { build() { unset LDFLAGS + # for some reason these sometimes leak into the kernel build, + # -Werror=format-security breaks some stuff + unset CFLAGS CPPFLAGS CXXFLAGS export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" for i in $_flavors; do _prepareconfig "$i" "$CARCH" @@ -181,6 +191,14 @@ build() { for i in $_flavors; do msg "Building $i kernel" cd "$srcdir"/build-$i.$CARCH + + # set org in cert for modules signing + # https://www.kernel.org/doc/html/v6.1/admin-guide/module-signing.html#generating-signing-keys + mkdir -p certs + sed -e 's/#O = Unspecified company/O = alpinelinux.org/' \ + "$builddir"/certs/default_x509.genkey \ + > certs/x509.genkey + make ARCH="$(_kernelarch $CARCH)" \ CC="${CC:-gcc}" \ AWK="${AWK:-mawk}" \ @@ -190,10 +208,10 @@ build() { _package() { local _buildflavor="$1" _outdir="$2" - local _abi_release=${pkgver}-${pkgrel}-${_buildflavor} export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" cd "$srcdir"/build-$_buildflavor.$CARCH + local _abi_release="$(make -s kernelrelease)" # modules_install seems to regenerate a defect Modules.symvers on s390x. Work # around it by backing it up and restore it after modules_install cp Module.symvers Module.symvers.backup @@ -202,31 +220,59 @@ _package() { local _install case "$CARCH" in - arm*|aarch64) _install="zinstall dtbs_install";; + arm*|aarch64|riscv*) _install="zinstall dtbs_install";; *) _install=install;; esac - make -j1 modules_install $_install \ + make modules_install $_install \ ARCH="$(_kernelarch $CARCH)" \ INSTALL_MOD_PATH="$_outdir" \ + INSTALL_MOD_STRIP=1 \ INSTALL_PATH="$_outdir"/boot \ INSTALL_DTBS_PATH="$_outdir/boot/dtbs-$_buildflavor" cp Module.symvers.backup Module.symvers - rm -f "$_outdir"/lib/modules/${_abi_release}/build \ - "$_outdir"/lib/modules/${_abi_release}/source + rm -f "$_outdir"/lib/modules/"$_abi_release"/build \ + "$_outdir"/lib/modules/"$_abi_release"/source rm -rf "$_outdir"/lib/firmware install -D -m644 include/config/kernel.release \ "$_outdir"/usr/share/kernel/$_buildflavor/kernel.release + + case "$CARCH" in + loongarch64) + mv "$_outdir"/boot/vmlinuz-$_abi_release \ + "$_outdir"/boot/vmlinuz-$_buildflavor + + mv "$_outdir"/boot/config-$_abi_release \ + "$_outdir"/boot/config-$_buildflavor + + mv "$_outdir"/boot/System.map-$_abi_release \ + "$_outdir"/boot/System.map-$_buildflavor + ;; + esac } # main flavor installs in $pkgdir package() { depends="$depends linux-firmware-any" - _package lts "$pkgdir" + _package "$_flavor" "$pkgdir" + + # copy files for linux-lts-doc sub package + mkdir -p "$pkgdir"/usr/share/doc + cp -r "$builddir"/Documentation \ + "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/ + # remove files that aren't part of the documentation itself + for nondoc in \ + .gitignore conf.py docutils.conf \ + dontdiff Kconfig Makefile + do + rm "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/"$nondoc" + done + # create /usr/share/doc/linux-doc symlink + cd "$pkgdir"/usr/share/doc; ln -s linux-doc-"$pkgver" linux-doc } # subflavors install in $subpkgdir @@ -236,7 +282,8 @@ virt() { _dev() { local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g') - local _abi_release=${pkgver}-${pkgrel}-$_flavor + local _builddir="$srcdir"/build-$_flavor.$CARCH + local _abi_release="$(make -C "$_builddir" -s kernelrelease)" # copy the only the parts that we really need for build 3rd party # kernel modules and install those as /usr/src/linux-headers, # simlar to what ubuntu does @@ -246,30 +293,32 @@ _dev() { # pkgdesc="Headers and script for third party modules for $_flavor kernel" depends="$_depends_dev" - local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release} + local dir="$subpkgdir"/usr/src/linux-headers-"$_abi_release" export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" # first we import config, run prepare to set up for building # external modules, and create the scripts mkdir -p "$dir" - local _builddir="$srcdir"/build-$_flavor.$CARCH cp -a "$_builddir"/.config "$_builddir"/localversion-alpine \ "$dir"/ - make -j1 -C "$srcdir"/linux-$_kernver \ + install -D -t "$dir"/certs "$_builddir"/certs/signing_key.x509 || : + + make -C "$builddir" \ O="$dir" \ ARCH="$(_kernelarch $CARCH)" \ + AWK="${AWK:-mawk}" \ prepare modules_prepare scripts # remove the stuff that points to real sources. we want 3rd party - # modules to believe this is the soruces + # modules to believe this is the sources rm "$dir"/Makefile "$dir"/source # copy the needed stuff from real sources # # this is taken from ubuntu kernel build script # http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk - cd "$srcdir"/linux-$_kernver + cd "$builddir" find . -path './include/*' -prune \ -o -path './scripts/*' -prune -o -type f \ \( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \ @@ -278,31 +327,49 @@ _dev() { cp -a scripts include "$dir" - find $(find arch -name include -type d -print) -type f \ - | cpio -pdm "$dir" + find "arch/$_karch" -name include -type d -print | while IFS='' read -r folder; do + find "$folder" -type f + done | sort -u | cpio -pdm "$dir" install -Dm644 "$srcdir"/build-$_flavor.$CARCH/Module.symvers \ "$dir"/Module.symvers - mkdir -p "$subpkgdir"/lib/modules/${_abi_release} - ln -sf /usr/src/linux-headers-${_abi_release} \ - "$subpkgdir"/lib/modules/${_abi_release}/build + # remove unneeded things + msg "Removing documentation..." + rm -r "$dir"/Documentation + find "$dir" -type f -name '*.o' -printf 'Removing %P\n' -delete + local _karch="$(_kernelarch $CARCH | sed 's/x86_64/x86/')" + msg "Removing unneeded arch headers..." + for i in "$dir"/arch/*; do + if [ "${i##*/}" != "$_karch" ]; then + echo " ${i##*/}" + rm -r "$i" + fi + done + + mkdir -p "$subpkgdir"/lib/modules/"$_abi_release" + ln -sf /usr/src/linux-headers-"$_abi_release" \ + "$subpkgdir"/lib/modules/"$_abi_release"/build } sha512sums=" -d25ad40b5bcd6a4c6042fd0fd84e196e7a58024734c3e9a484fd0d5d54a0c1d87db8a3c784eff55e43b6f021709dc685eb0efa18d2aec327e4f88a79f405705a linux-5.15.tar.xz -214c54a839ae37849715520f4b1049f0df5366ca32522701b43afecfad116794c4542940ba32d389f28f2549d08c03d148f884cb8e565b75aa3c0cad6a4887b7 0001-powerpc-config-defang-gcc-check-for-stack-protector-.patch -d26d3f99fdcbd0f56e9af32a281870bbfd9fe6a12d17921ef3876e72bd1e92a3c131e06567078a45c11a41826b39d3068cc6f0e89f67d9e16a14825984869268 vmlinux-zstd.patch -d0259edbe3a3ee6bbaa170b85b505a93a5593c639ef180dd960d3ed599165680446c137c727a74fe9069cc8007413580bbe5d25c2f52b061b622e53beb52e6d7 lts.aarch64.config -723fd8d1f64ebdcd197abc9caa55a367626ee6b71ec0313beef2fab2738ff7edc7ce9088e73044ca87f467df5b7e3c84f402ef9f1df3cba99499836e16f151d8 lts.armv7.config -292061d4afca8f9a513315fd493978c595fc1e67a09d86485e781295d0974ad19581c06300ebe7819091845f34ab620c79f45ebee7a82fefdbc7d7b4e676c67a lts.x86.config -1cf94d8e40396d607faab66e3a528a61a95b0543d091a7fa34bc20a9aa6daacfc57d5696271b04bee652cb93a028a342e58f6952209cc7c19762b219599849b5 lts.x86_64.config -5a2f88061dfe0c6cdda5b78614e12ad403b6d010d8cf9703b795c12e445bf15502e85144f6b881f6682a9527cd68ab610651b4e9448ece3f992b224bc3e52b85 lts.ppc64le.config -4e3a21d1fa3624f6d572496383e13c2bc122183cba2265ec6becf72adb376adb37d5c42d4dea6cadee02475af7af1fa54097088aac90576728c92bb6ed1fcaaa lts.s390x.config -98cc79bc6cfbd85bed7663267053d70054d26320c3936597f853d58b9780995666038e6030efc09023e46a8032e446150806fd24e260499839f0401d94504520 virt.aarch64.config -35d052d34fd4552f67f7a8250577bd82f85e43683ff4567cd2c275c3db8975c9c5643ec27fcbc56e03b14bd9ec813093029854f386c8f8a218e56b8ee23b9201 virt.armv7.config -11048d5a96ac8013e9bd6c8828a028ef7d8f6ac60bb1403ffe8fcb19c4008e9cad0f6b9658d59f25d9081b5cb06656f2e564b35ec493bb61774eb78cb9a05d6a virt.ppc64le.config -c0ddfee06f958192653d840ca14fd60d5d3d88311b1335d691fc4d4c5a7575c5771351a0ec5e3d34544c76c34e4ee8731cc45fa18da77909924f0b9b6ef75d87 virt.x86.config -3ffe449f4d6e54a76f331530ba3a31aa1686ae07fa837a33a9d1f76c774a9cdae052a8ca669042b35b8f39e7c46957b4c23981ec211340427aa18ac4c65bb060 virt.x86_64.config -1c7ece228174f5c3049ec44cafa588117d6c470567a95ba4c926fa370b17b8a90256c40df657fc923ec32303268abeeb6249943eee69cad73be38156628aab6f patch-5.15.41.xz +458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 linux-6.6.tar.xz +58bf9e84fb01f811f0cada7f7953d111908f0b0650648d6a3522061fe08c9fe284c9315515ae386189253e37d0c92419f78048d6568e2e426654b1e61010685f 0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch +763dcb40f698d43b0bb856f44493973e840b66efe62a8fd41a08b6e3fa38cf903e059d107be3735ab2f38a0f27bdb0262798e5e530a1905f96195cd8bcf62fdf 0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch +75f232b6becee7d36d360ffaf2aaa837d13518f9ec620ca159bcb2a0e98eb18a77631406a9b44244ea0164a7ed59fad583823909681e9b894a012f9d13365b69 0003-kexec-add-kexec_load_disabled-boot-option.patch +2956050bb332411d00a285e9656618f2e34b631492bbc19bef54d83a6e91b8531f4e18830b9313cfe52fbf8a8ca6fb76cf55b3ddd146ca3b977046cf2fd10cad 0004-objtool-respect-AWK-setting.patch +4b16f15b47b5e5835b926126e39723f519290469517875cfb2d2b857a93ad1344f0d1ba4b255289e20f4da9c867647526b344f752981cee0a48c51577badac3f 0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch +db28d1a2fe74f1d5147ccbaf693d464e7e52ca911433debe50c7dccdbb382baf2de193820e7ec11b9eff7a57e5266c4490e240b5c7bd657297829737f449c458 lts.aarch64.config +00f389f3f53b71b963e1f730d869b97c990499febecaa62b620c9cc9ac759b538c87526de894faa1a51b223ebbb1e5ed31dfa778bc11fd66c77095430666c6c1 lts.armv7.config +6dd7a9aa588fa5b3d15bf1064d12b44c74b3445d9cfed16950e309225b115a6706cb26798cab7cf29413514979d0600b827b32871767413b244dad73b8455331 lts.x86.config +0c364a4098dd69cf5e95c6a90f60a0a3cbe21d4ffa1ac91ddd0f8ce7a7efecbe1189554549ff546ece9284a33c4c34969882d93a3a0d71098acaaaa1d9f9860c lts.x86_64.config +d2664761764e9c0b1a3cdcc028fbeb2bb8b98fe28ce5bcda832fbdc69316cff41e78402f834b8cb2e16d9f1743568d9cfbe5ec1e4a4437cd0526464e521519d2 lts.ppc64le.config +a29343f52d69e7f8b91d92421098ade75b3249fa356c4c909b02c92efc49bfc98c52e43c715ca803da91255822865c7274794aa52f934c588dcd333b6c6dce14 lts.s390x.config +fc45e1f44c4f97ad00349ae412507ac6d040da4c071d3485ef8ac0f30e703424111fc2f6f9146eb901a84322fda2f3bb8bad66d3fd9cf152156e666398fd22e3 lts.loongarch64.config +a66b4f86921bc34f931b00a81bc56c837ca34abf984720fcbcdaaabeaef767427b2805fc1056eea7ed732685bfbdf8850425e5eab10918a7ff6f5d2a1a2388c9 virt.aarch64.config +8251d9f585e4468f54e800e0cbecff5ed7dba4f06ecd40309d3eae64804d3b6074a5b1082bf9ab3ae33259afe9e64bcec5b69db487f0c0b53ccec72f2fa441bc virt.armv7.config +461623079918cf73d621231c86497273be91bec9fc2d2aa4c520720a7a432c1dd0b7ee29652c90d8f21bd2293a3a8022aa55f2ac767fc3f0cc72d10c06fc3c24 virt.ppc64le.config +bc3f98ab75e02f6baf47bc8372b0b8ba75aae68b0a5130f7e53076dce255dc16f6c5afe8acec1aa848b51c391255285d3f2cdd491388acdf00dc90a42d64a1f8 virt.x86.config +5fc65b8033c56b58dc5c9a227a6bcb1069d53fabc79864c65ddb86d4fef25692b107665aaeb4fb07fe05bb7c1085956e18adf9cb2b62487a7f2202aded9162b7 virt.x86_64.config +26d7bacd5516faa6377b135fb066bd8a00323a8999840b9a74ef03de8b993d2cba59e7f182a318b93b50de1f3453935bbbfd65c7ee1eaf3cb6dba5dcbab35724 patch-6.6.28.xz " |