1 # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
2 # Contributor: Daniel Micay <danielmicay@gmail.com>
3 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
4 # Contributor: Thomas Baechler <thomas@archlinux.org>
7 pkgver=6.1.27.hardened1
9 pkgdesc='Security-Hardened Linux'
10 url='https://github.com/anthraxx/linux-hardened'
14 bc libelf pahole cpio perl tar xz
15 xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick texlive-latexextra
19 _srcname=linux-${pkgver%.*}
20 _srctag=${pkgver%.*}-${pkgver##*.}
22 https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
23 https://github.com/anthraxx/${pkgbase}/releases/download/${_srctag}/${pkgbase}-${_srctag}.patch{,.sig}
25 config # the main kernel config file
28 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
29 '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
30 'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
32 sha256sums=('c2b74b96dd3d0cc9f300914ef7c4eef76d5fac9de6047961f49e69447ce9f905'
34 '645aaa063f643a06712e74dd7e0e0925dcfc1c1b48182b15ec97dbd37122e12d'
36 'c6c5f6be7ae0ef5a8bdfea0a5578f096db38113774e08dc7b78fc48034c7b211'
37 'bd0618cad7fc3f277e963c0bde9f9c2258beccfba4944c948733c632ba082289')
39 export KBUILD_BUILD_HOST=archlinux
40 export KBUILD_BUILD_USER=$pkgbase
41 export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
46 echo "Setting version..."
47 scripts/setlocalversion --save-scmversion
48 echo "-$pkgrel" > localversion.10-pkgrel
49 echo "${pkgbase#linux}" > localversion.20-pkgname
52 for src in "${source[@]}"; do
55 [[ $src = *.patch ]] || continue
56 echo "Applying patch $src..."
57 patch -Np1 < "../$src"
60 echo "Setting config..."
63 diff -u ../config .config || :
65 make -s kernelrelease > version
66 echo "Prepared $pkgbase version $(<version)"
75 pkgdesc="The $pkgdesc kernel and modules"
76 depends=(coreutils kmod initramfs)
77 optdepends=('wireless-regdb: to set the correct wireless channels of your country'
78 'linux-firmware: firmware images needed for some devices'
79 'usbctl: deny_new_usb control')
80 provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE KSMBD-MODULE)
83 local kernver="$(<version)"
84 local modulesdir="$pkgdir/usr/lib/modules/$kernver"
86 echo "Installing boot image..."
87 # systemd expects to find the kernel here to allow hibernation
88 # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
89 install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
91 # Used by mkinitcpio to name the kernel
92 echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
94 echo "Installing modules..."
95 make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \
96 DEPMOD=/doesnt/exist modules_install # Suppress depmod
98 # remove build and source links
99 rm "$modulesdir"/{source,build}
103 pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
107 local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
109 echo "Installing build files..."
110 install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
111 localversion.* version vmlinux
112 install -Dt "$builddir/kernel" -m644 kernel/Makefile
113 install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
114 cp -t "$builddir" -a scripts
116 # required when STACK_VALIDATION is enabled
117 install -Dt "$builddir/tools/objtool" tools/objtool/objtool
119 # required when DEBUG_INFO_BTF_MODULES is enabled
120 # install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids
122 echo "Installing headers..."
123 cp -t "$builddir" -a include
124 cp -t "$builddir/arch/x86" -a arch/x86/include
125 install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
127 install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
128 install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
130 # https://bugs.archlinux.org/task/13146
131 install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
133 # https://bugs.archlinux.org/task/20402
134 install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
135 install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
136 install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
138 # https://bugs.archlinux.org/task/71392
139 install -Dt "$builddir/drivers/iio/common/hid-sensors" -m644 drivers/iio/common/hid-sensors/*.h
141 echo "Installing KConfig files..."
142 find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
144 echo "Removing unneeded architectures..."
146 for arch in "$builddir"/arch/*/; do
147 [[ $arch = */x86/ ]] && continue
148 echo "Removing $(basename "$arch")"
152 echo "Removing documentation..."
153 rm -r "$builddir/Documentation"
155 echo "Removing broken symlinks..."
156 find -L "$builddir" -type l -printf 'Removing %P\n' -delete
158 echo "Removing loose objects..."
159 find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
161 echo "Stripping build tools..."
163 while read -rd '' file; do
164 case "$(file -Sib "$file")" in
165 application/x-sharedlib\;*) # Libraries (.so)
166 strip -v $STRIP_SHARED "$file" ;;
167 application/x-archive\;*) # Libraries (.a)
168 strip -v $STRIP_STATIC "$file" ;;
169 application/x-executable\;*) # Binaries
170 strip -v $STRIP_BINARIES "$file" ;;
171 application/x-pie-executable\;*) # Relocatable binaries
172 strip -v $STRIP_SHARED "$file" ;;
174 done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
176 echo "Stripping vmlinux..."
177 strip -v $STRIP_STATIC "$builddir/vmlinux"
179 echo "Adding symlink..."
180 mkdir -p "$pkgdir/usr/src"
181 ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
185 pkgdesc="Documentation for the $pkgdesc kernel"
188 local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
190 echo "Installing documentation..."
192 while read -rd '' src; do
193 dst="${src#Documentation/}"
194 dst="$builddir/Documentation/${dst#output/}"
195 install -Dm644 "$src" "$dst"
196 done < <(find Documentation -name '.*' -prune -o ! -type d -print0)
198 echo "Adding symlink..."
199 mkdir -p "$pkgdir/usr/share/doc"
200 ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
203 pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
204 for _p in "${pkgname[@]}"; do
205 eval "package_$_p() {
206 $(declare -f "_package${_p#$pkgbase}")
207 _package${_p#$pkgbase}
211 # vim:set ts=8 sts=2 sw=2 et: