4 changed files with 9 additions and 10858 deletions
@ -1,210 +0,0 @@
|
||||
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> |
||||
# Contributor: Daniel Micay <danielmicay@gmail.com> |
||||
# Contributor: Tobias Powalowski <tpowa@archlinux.org> |
||||
# Contributor: Thomas Baechler <thomas@archlinux.org> |
||||
|
||||
pkgbase=linux-hardened |
||||
pkgver=5.17.6.hardened1 |
||||
pkgrel=2 |
||||
pkgdesc='Security-Hardened Linux' |
||||
url='https://github.com/anthraxx/linux-hardened' |
||||
arch=(x86_64) |
||||
license=(GPL2) |
||||
makedepends=( |
||||
bc libelf pahole cpio perl tar xz |
||||
xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick texlive-latexextra |
||||
git |
||||
) |
||||
options=('!strip') |
||||
_srcname=linux-${pkgver%.*} |
||||
_srctag=${pkgver%.*}-${pkgver##*.} |
||||
source=( |
||||
https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign} |
||||
https://github.com/anthraxx/${pkgbase}/releases/download/${_srctag}/${pkgbase}-${_srctag}.patch{,.sig} |
||||
config # the main kernel config file |
||||
) |
||||
validpgpkeys=( |
||||
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds |
||||
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman |
||||
'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak |
||||
) |
||||
sha256sums=('64ccf18380be5b5491322a3fd54904538b544e523e4bf86289dd8df7404cb10c' |
||||
'SKIP' |
||||
'c84bba852a03441e478b3e4a68069e800e50d9b0be79a55c32db60993fdf1480' |
||||
'SKIP' |
||||
'e44d2cd4001dc3218950069a841e1e7796c7b8ff0aa43cb8b2b4c71cb512a9a6') |
||||
|
||||
export KBUILD_BUILD_HOST=artixlinux |
||||
export KBUILD_BUILD_USER=$pkgbase |
||||
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})" |
||||
|
||||
prepare() { |
||||
cd $_srcname |
||||
|
||||
echo "Setting version..." |
||||
scripts/setlocalversion --save-scmversion |
||||
echo "-$pkgrel" > localversion.10-pkgrel |
||||
echo "${pkgbase#linux}" > localversion.20-pkgname |
||||
|
||||
local src |
||||
for src in "${source[@]}"; do |
||||
src="${src%%::*}" |
||||
src="${src##*/}" |
||||
[[ $src = *.patch ]] || continue |
||||
echo "Applying patch $src..." |
||||
patch -Np1 < "../$src" |
||||
done |
||||
|
||||
echo "Setting config..." |
||||
cp ../config .config |
||||
make olddefconfig |
||||
diff -u ../config .config || : |
||||
|
||||
make -s kernelrelease > version |
||||
echo "Prepared $pkgbase version $(<version)" |
||||
} |
||||
|
||||
build() { |
||||
cd $_srcname |
||||
make all |
||||
make htmldocs |
||||
} |
||||
|
||||
_package() { |
||||
pkgdesc="The $pkgdesc kernel and modules" |
||||
depends=(coreutils kmod initramfs) |
||||
optdepends=('wireless-regdb: to set the correct wireless channels of your country' |
||||
'linux-firmware: firmware images needed for some devices' |
||||
'usbctl: deny_new_usb control') |
||||
provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE) |
||||
|
||||
cd $_srcname |
||||
local kernver="$(<version)" |
||||
local modulesdir="$pkgdir/usr/lib/modules/$kernver" |
||||
|
||||
echo "Installing boot image..." |
||||
# systemd expects to find the kernel here to allow hibernation |
||||
# https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 |
||||
install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" |
||||
|
||||
# Used by mkinitcpio to name the kernel |
||||
echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" |
||||
|
||||
echo "Installing modules..." |
||||
make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \ |
||||
DEPMOD=/doesnt/exist modules_install # Suppress depmod |
||||
|
||||
# remove build and source links |
||||
rm "$modulesdir"/{source,build} |
||||
} |
||||
|
||||
_package-headers() { |
||||
pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel" |
||||
depends=(pahole) |
||||
|
||||
cd $_srcname |
||||
local builddir="$pkgdir/usr/lib/modules/$(<version)/build" |
||||
|
||||
echo "Installing build files..." |
||||
install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \ |
||||
localversion.* version vmlinux |
||||
install -Dt "$builddir/kernel" -m644 kernel/Makefile |
||||
install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile |
||||
cp -t "$builddir" -a scripts |
||||
|
||||
# required when STACK_VALIDATION is enabled |
||||
install -Dt "$builddir/tools/objtool" tools/objtool/objtool |
||||
|
||||
# required when DEBUG_INFO_BTF_MODULES is enabled |
||||
# install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids |
||||
|
||||
echo "Installing headers..." |
||||
cp -t "$builddir" -a include |
||||
cp -t "$builddir/arch/x86" -a arch/x86/include |
||||
install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s |
||||
|
||||
install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h |
||||
install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h |
||||
|
||||
# https://bugs.archlinux.org/task/13146 |
||||
install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h |
||||
|
||||
# https://bugs.archlinux.org/task/20402 |
||||
install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h |
||||
install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h |
||||
install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h |
||||
|
||||
# https://bugs.archlinux.org/task/71392 |
||||
install -Dt "$builddir/drivers/iio/common/hid-sensors" -m644 drivers/iio/common/hid-sensors/*.h |
||||
|
||||
echo "Installing KConfig files..." |
||||
find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \; |
||||
|
||||
echo "Removing unneeded architectures..." |
||||
local arch |
||||
for arch in "$builddir"/arch/*/; do |
||||
[[ $arch = */x86/ ]] && continue |
||||
echo "Removing $(basename "$arch")" |
||||
rm -r "$arch" |
||||
done |
||||
|
||||
echo "Removing documentation..." |
||||
rm -r "$builddir/Documentation" |
||||
|
||||
echo "Removing broken symlinks..." |
||||
find -L "$builddir" -type l -printf 'Removing %P\n' -delete |
||||
|
||||
echo "Removing loose objects..." |
||||
find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete |
||||
|
||||
echo "Stripping build tools..." |
||||
local file |
||||
while read -rd '' file; do |
||||
case "$(file -bi "$file")" in |
||||
application/x-sharedlib\;*) # Libraries (.so) |
||||
strip -v $STRIP_SHARED "$file" ;; |
||||
application/x-archive\;*) # Libraries (.a) |
||||
strip -v $STRIP_STATIC "$file" ;; |
||||
application/x-executable\;*) # Binaries |
||||
strip -v $STRIP_BINARIES "$file" ;; |
||||
application/x-pie-executable\;*) # Relocatable binaries |
||||
strip -v $STRIP_SHARED "$file" ;; |
||||
esac |
||||
done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0) |
||||
|
||||
echo "Stripping vmlinux..." |
||||
strip -v $STRIP_STATIC "$builddir/vmlinux" |
||||
|
||||
echo "Adding symlink..." |
||||
mkdir -p "$pkgdir/usr/src" |
||||
ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" |
||||
} |
||||
|
||||
_package-docs() { |
||||
pkgdesc="Documentation for the $pkgdesc kernel" |
||||
|
||||
cd $_srcname |
||||
local builddir="$pkgdir/usr/lib/modules/$(<version)/build" |
||||
|
||||
echo "Installing documentation..." |
||||
local src dst |
||||
while read -rd '' src; do |
||||
dst="${src#Documentation/}" |
||||
dst="$builddir/Documentation/${dst#output/}" |
||||
install -Dm644 "$src" "$dst" |
||||
done < <(find Documentation -name '.*' -prune -o ! -type d -print0) |
||||
|
||||
echo "Adding symlink..." |
||||
mkdir -p "$pkgdir/usr/share/doc" |
||||
ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase" |
||||
} |
||||
|
||||
pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs") |
||||
for _p in "${pkgname[@]}"; do |
||||
eval "package_$_p() { |
||||
$(declare -f "_package${_p#$pkgbase}") |
||||
_package${_p#$pkgbase} |
||||
}" |
||||
done |
||||
|
||||
# vim:set ts=8 sts=2 sw=2 et: |
||||
Loading…
Reference in new issue