main/linux-grsec/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=3.18.21
case $pkgver in
*.*.*)	_kernver=${pkgver%.*};;
*.*)	_kernver=${pkgver};;
esac
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
	mpc1-dev"
options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
	http://dev.alpinelinux.org/~ncopa/grsecurity/grsecurity-3.1-3.18.21-201508181951-alpine.patch

	fix-memory-map-for-PIE-applications.patch
	0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
	0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch
	0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch
	fix-spi-nor-namespace-clash.patch
	imx6q-no-unclocked-sleep.patch

	config-grsec.x86
	config-grsec.x86_64
	config-grsec.armhf

	config-virtgrsec.x86
	config-virtgrsec.x86_64
	"
subpackages="$pkgname-dev"
_flavors=
for _i in $source; do
	case $_i in
	config-*.$CARCH)
		_f=${_i%.$CARCH}
		_f=${_f#config-}
		_flavors="$_flavors ${_f}"
		if [ "linux-$_f" != "$pkgname" ]; then
			subpackages="$subpackages linux-${_f}"
		fi
		;;
	esac
done

arch="x86 x86_64 armhf"
license="GPL-2"

prepare() {
	local _patch_failed=
	cd "$srcdir"/linux-$_kernver
	if [ "${pkgver%.0}" = "$pkgver" ]; then
		msg "Applying patch-$pkgver.xz"
		unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1
	fi

	# first apply patches in specified order
	for i in $source; do
		case $i in
		*.patch)
			msg "Applying $i..."
			if ! patch -s -p1 -N -i "$srcdir"/${i##*/}; then
				echo $i >>failed
				_patch_failed=1
			fi
			;;
		esac
	done

	if ! [ -z "$_patch_failed" ]; then
		error "The following patches failed:"
		cat failed
		return 1
	fi

	# remove localversion from patch if any
	rm -f localversion*

	for i in $_flavors; do
		local _config=config-$i.${CARCH}
		local _builddir="$srcdir"/build-$i
		mkdir -p "$_builddir"
		echo "-$pkgrel-$i" > "$srcdir"/build-$i/localversion-alpine \
			|| return 1

		cp "$srcdir"/$_config "$_builddir"/.config || return 1
		make -C "$srcdir"/linux-$_kernver \
			O="$_builddir" \
			HOSTCC="${CC:-gcc}" \
			silentoldconfig || return 1
	done
}

build() {
	export GCC_SPECS=hardenednopie.specs
	for i in $_flavors; do
		cd "$srcdir"/build-$i
		make CC="${CC:-gcc}" \
			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine" \
			|| return 1
	done
}

_package() {
	local _buildflavor="$1" _outdir="$2"
	local _abi_release=${pkgver}-${pkgrel}-${_buildflavor}

	cd "$srcdir"/build-$_buildflavor || return 1

	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules

	local _install
	case "$CARCH" in
	arm*)
		local _dtbdir="$_outdir"/usr/lib/linux-${_abi_release}
		mkdir -p "$_dtbdir"
		for i in arch/arm/boot/dts/*.dtb ; do
			install -m644 "$i" "$_dtbdir"
		done

		_install=zinstall
		;;
	*)
		_install=install
		;;
	esac

	make -j1 modules_install firmware_install $_install \
		INSTALL_MOD_PATH="$_outdir" \
		INSTALL_PATH="$_outdir"/boot \
		|| return 1

	rm -f "$_outdir"/lib/modules/${_abi_release}/build \
		"$_outdir"/lib/modules/${_abi_release}/source
	rm -rf "$_outdir"/lib/firmware

	install -D include/config/kernel.release \
		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
}

# main flavor installs in $pkgdir
package() {
	depends="$depends linux-firmware"
	_package grsec "$pkgdir"
}

# subflavors install in $subpkgdir
virtgrsec() {
	_package virtgrsec "$subpkgdir"
}

# we only provide -dev for main flavor for now
dev() {
	local _abi_release=${pkgver}-${pkgrel}-$_mainflavor
	# copy the only the parts that we really need for build 3rd party
	# kernel modules and install those as /usr/src/linux-headers,
	# simlar to what ubuntu does
	#
	# this way you dont need to install the 300-400 kernel sources to
	# build a tiny kernel module
	#
	pkgdesc="Headers and script for third party modules for grsec kernel"
	depends="gmp-dev bash"
	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}

	# first we import config, run prepare to set up for building
	# external modules, and create the scripts
	mkdir -p "$dir"
	cp "$srcdir"/config-grsec.${CARCH} "$dir"/.config
	echo "-$pkgrel-grsec" > "$dir"/localversion-alpine \
		|| return 1
	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
		silentoldconfig prepare modules_prepare scripts

	# remove the stuff that poits to real sources. we want 3rd party
	# modules to believe this is the soruces
	rm "$dir"/Makefile "$dir"/source

	# copy the needed stuff from real sources
	#
	# this is taken from ubuntu kernel build script
	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
	cd "$srcdir"/linux-$_kernver
	find . -path './include/*' -prune -o -path './scripts/*' -prune \
		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
		-o -name '*.lds' \) | cpio -pdm "$dir"
	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
	cp -a scripts include "$dir"
	find $(find arch -name include -type d -print) -type f \
		| cpio -pdm "$dir"

	install -Dm644 "$srcdir"/build-$_mainflavor/Module.symvers \
		"$dir"/Module.symvers

	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
	ln -sf /usr/src/linux-headers-${_abi_release} \
		"$subpkgdir"/lib/modules/${_abi_release}/build
}

md5sums="9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
40fe799b6c9e8ce97af01ba87b14e87e  patch-3.18.21.xz
87b02283de552dbd4c02d09030e54692  grsecurity-3.1-3.18.21-201508181951-alpine.patch
c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
b7f15811ab0ae0a1225c03cc2cc24411  0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
5d708f155fff5fbbbeed2785423832e2  0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch
7aa2fef1b8b352bae5b924ded5d9cab7  0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch
b0337a2a9abed17c37eae5db332522d2  fix-spi-nor-namespace-clash.patch
1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
f37d251585c4a4fae1795dde82fab4bb  config-grsec.x86
53ac7f6224de263d068fa1e484b95da7  config-grsec.x86_64
36892e7e94abde237925ab15e9c7752c  config-grsec.armhf
439f55ae4b5221ba31bbf73f2d3439b5  config-virtgrsec.x86
262dff7e1e47834392aeb6c37b124f0a  config-virtgrsec.x86_64"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd  linux-3.18.tar.xz
fef6b8507c4a88b5b579016773faf1f4b1c78b2cc627e31101f244eeb1cf1895  patch-3.18.21.xz
2a6596b46ae6938d3bd302b390edf0bad7e3be3e65ad88c920e1d2246418b2d5  grsecurity-3.1-3.18.21-201508181951-alpine.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
b4a5d6fc7b1dfe43cee18cf47db3f588a4b8a03e6d474af9a6f9ef487233ba70  0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
e6cef82ab135a8ab23111a90b95d3d034eaed32d7c5829c0322aaac491b781b7  0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch
14b5fb04a3cc5118a74a100fff626c73e7f297c7a020af654f2942207fe39ec9  0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch
01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc  fix-spi-nor-namespace-clash.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
45d894f9151225fe06801045d25fb454c6775d09ca4320a43ec8806cd7c15903  config-grsec.x86
edc9834868f794668478ec58a6f581440de6dd2c9f5fb39d8d6370e237058ccc  config-grsec.x86_64
03ba6e2ed62e27e5fceb0bc405cccfe3de2e2d3be1486287500f38a1b2ecf786  config-grsec.armhf
b947c5a7e64cfeab0b10dba57fa642c416e24526d39b63869f89ed0ca0554ab2  config-virtgrsec.x86
f17d4fca4903a1f5310521a464cdc0da5d85624bf576182c515b035019d32add  config-virtgrsec.x86_64"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009  linux-3.18.tar.xz
b82d6f79d59c9d949a149a351ba2c77d334df83d66491a7776d909badff800ed2431ec6216adc7df3c2315886088a659450bc8e1a8d141d2e173a8a4e2492c8d  patch-3.18.21.xz
0dfa2457ef611beb8563230ddd5fdf65c57914053640bf529f5444e2d396e472d52263f5174c5090dec135e9b9f0963d761f08eafee7916177ff281aab62caf3  grsecurity-3.1-3.18.21-201508181951-alpine.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
c5f7bda0a5bf88d7ce5de8c405ee5a018b652d70def2a5c6eea8e718b39efc0fed860bb61c70d950ba42cb11e0c264ee5ddd9a1505b7b60d19a56322ece894b6  0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
0d533a7ae0fd7a524326312d5e10f505936941826766b778508c91698e1ba5b7125248cc6fbbb6adc27db0f6172a68c818fb12818e6d6a27cf4f85a961013bdb  0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch
af9059f3d62430e55c4105fcc28ebf4d176c0a642fc5594879eedbf5ab5bd605db32243bcbcfe5932487abe55f18ea9faee8b041dd14c3e1569331cb5db9a04f  0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch
4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164  fix-spi-nor-namespace-clash.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
d77575a7d9ed1199541207750fb6f3cf56a179885400580b3fa0b9875be44ccf8bd9d7f2aa615cb931f78d5c9a87db0ee6e1b692be02614b75a721ee56c0c166  config-grsec.x86
d7186814354d43a1f8aae93eca091e04a60bd8c3f601591a6b9e5ef324c945d4cd6c3dcd3b3305a130a811aad57da84bc0c408ca556bae8f4a20a62515829a5a  config-grsec.x86_64
025cd3689f2c1a469d855deccbab34a56e6cbcaaf59648c04af7257779136a6b4bbb96584d70ff2e2713af33da56e2b8f7eb59490ccf30eaa4b62a15051a4806  config-grsec.armhf
79845c86558b4861ae24224b1eedbc0d5589d46ca709f4d51e06dd55d6bc2bfbf5feb9549873be81ee49c3247431ba8223ce495754563a6c4bd289f4e4c9e412  config-virtgrsec.x86
4b11c48cf4767cf71dcfe3b40057cca0363062e1c5dc7a65ada33fab23054427b91859863b1c5d2f715ad78c6f95a0d39a973a19b3db20d71d6bae6fe70da885  config-virtgrsec.x86_64"