linux-hardened/trunk/PKGBUILD

   1 # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
   2 # Contributor: Daniel Micay <danielmicay@gmail.com>
   3 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
   4 # Contributor: Thomas Baechler <thomas@archlinux.org>
   5
   6 pkgbase=linux-hardened
   7 pkgver=6.0.5.hardened1
   8 pkgrel=1
   9 pkgdesc='Security-Hardened Linux'
  10 url='https://github.com/anthraxx/linux-hardened'
  11 arch=(x86_64)
  12 license=(GPL2)
  13 makedepends=(
  14   bc libelf pahole cpio perl tar xz
  15   xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick texlive-latexextra
  16   git
  17 )
  18 options=('!strip')
  19 _srcname=linux-${pkgver%.*}
  20 _srctag=${pkgver%.*}-${pkgver##*.}
  21 source=(
  22   https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
  23   https://github.com/anthraxx/${pkgbase}/releases/download/${_srctag}/${pkgbase}-${_srctag}.patch{,.sig}
  24   config         # the main kernel config file
  25 )
  26 validpgpkeys=(
  27   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
  28   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
  29   'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
  30 )
  31 sha256sums=('61332ef22b53c50c10faabfb965896a7d1ad4f3381f0f89643c820f28a60418e'
  32             'SKIP'
  33             '94cf633e2d7e36e361c03893917a632ecdfed041843bacf5495d0e0b9caf7ac6'
  34             'SKIP'
  35             '9c598d0758fa48cde7394b032d73068dfbce4016bf09064346f78bbd49b671ca')
  36
  37 export KBUILD_BUILD_HOST=archlinux
  38 export KBUILD_BUILD_USER=$pkgbase
  39 export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
  40
  41 prepare() {
  42   cd $_srcname
  43
  44   echo "Setting version..."
  45   scripts/setlocalversion --save-scmversion
  46   echo "-$pkgrel" > localversion.10-pkgrel
  47   echo "${pkgbase#linux}" > localversion.20-pkgname
  48
  49   local src
  50   for src in "${source[@]}"; do
  51     src="${src%%::*}"
  52     src="${src##*/}"
  53     [[ $src = *.patch ]] || continue
  54     echo "Applying patch $src..."
  55     patch -Np1 < "../$src"
  56   done
  57
  58   echo "Setting config..."
  59   cp ../config .config
  60   make olddefconfig
  61   diff -u ../config .config || :
  62
  63   make -s kernelrelease > version
  64   echo "Prepared $pkgbase version $(<version)"
  65 }
  66
  67 build() {
  68   cd $_srcname
  69   make htmldocs all
  70 }
  71
  72 _package() {
  73   pkgdesc="The $pkgdesc kernel and modules"
  74   depends=(coreutils kmod initramfs)
  75   optdepends=('wireless-regdb: to set the correct wireless channels of your country'
  76               'linux-firmware: firmware images needed for some devices'
  77               'usbctl: deny_new_usb control')
  78   provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE KSMBD-MODULE)
  79
  80   cd $_srcname
  81   local kernver="$(<version)"
  82   local modulesdir="$pkgdir/usr/lib/modules/$kernver"
  83
  84   echo "Installing boot image..."
  85   # systemd expects to find the kernel here to allow hibernation
  86   # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
  87   install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
  88
  89   # Used by mkinitcpio to name the kernel
  90   echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
  91
  92   echo "Installing modules..."
  93   make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \
  94     DEPMOD=/doesnt/exist modules_install  # Suppress depmod
  95
  96   # remove build and source links
  97   rm "$modulesdir"/{source,build}
  98 }
  99
 100 _package-headers() {
 101   pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
 102   depends=(pahole)
 103
 104   cd $_srcname
 105   local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
 106
 107   echo "Installing build files..."
 108   install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
 109     localversion.* version vmlinux
 110   install -Dt "$builddir/kernel" -m644 kernel/Makefile
 111   install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
 112   cp -t "$builddir" -a scripts
 113
 114   # required when STACK_VALIDATION is enabled
 115   install -Dt "$builddir/tools/objtool" tools/objtool/objtool
 116
 117   # required when DEBUG_INFO_BTF_MODULES is enabled
 118   # install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids
 119
 120   echo "Installing headers..."
 121   cp -t "$builddir" -a include
 122   cp -t "$builddir/arch/x86" -a arch/x86/include
 123   install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
 124
 125   install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
 126   install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
 127
 128   # https://bugs.archlinux.org/task/13146
 129   install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
 130
 131   # https://bugs.archlinux.org/task/20402
 132   install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
 133   install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
 134   install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
 135
 136   # https://bugs.archlinux.org/task/71392
 137   install -Dt "$builddir/drivers/iio/common/hid-sensors" -m644 drivers/iio/common/hid-sensors/*.h
 138
 139   echo "Installing KConfig files..."
 140   find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
 141
 142   echo "Removing unneeded architectures..."
 143   local arch
 144   for arch in "$builddir"/arch/*/; do
 145     [[ $arch = */x86/ ]] && continue
 146     echo "Removing $(basename "$arch")"
 147     rm -r "$arch"
 148   done
 149
 150   echo "Removing documentation..."
 151   rm -r "$builddir/Documentation"
 152
 153   echo "Removing broken symlinks..."
 154   find -L "$builddir" -type l -printf 'Removing %P\n' -delete
 155
 156   echo "Removing loose objects..."
 157   find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
 158
 159   echo "Stripping build tools..."
 160   local file
 161   while read -rd '' file; do
 162     case "$(file -bi "$file")" in
 163       application/x-sharedlib\;*)      # Libraries (.so)
 164         strip -v $STRIP_SHARED "$file" ;;
 165       application/x-archive\;*)        # Libraries (.a)
 166         strip -v $STRIP_STATIC "$file" ;;
 167       application/x-executable\;*)     # Binaries
 168         strip -v $STRIP_BINARIES "$file" ;;
 169       application/x-pie-executable\;*) # Relocatable binaries
 170         strip -v $STRIP_SHARED "$file" ;;
 171     esac
 172   done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
 173
 174   echo "Stripping vmlinux..."
 175   strip -v $STRIP_STATIC "$builddir/vmlinux"
 176
 177   echo "Adding symlink..."
 178   mkdir -p "$pkgdir/usr/src"
 179   ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
 180 }
 181
 182 _package-docs() {
 183   pkgdesc="Documentation for the $pkgdesc kernel"
 184
 185   cd $_srcname
 186   local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
 187
 188   echo "Installing documentation..."
 189   local src dst
 190   while read -rd '' src; do
 191     dst="${src#Documentation/}"
 192     dst="$builddir/Documentation/${dst#output/}"
 193     install -Dm644 "$src" "$dst"
 194   done < <(find Documentation -name '.*' -prune -o ! -type d -print0)
 195
 196   echo "Adding symlink..."
 197   mkdir -p "$pkgdir/usr/share/doc"
 198   ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
 199 }
 200
 201 pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
 202 for _p in "${pkgname[@]}"; do
 203   eval "package_$_p() {
 204     $(declare -f "_package${_p#$pkgbase}")
 205     _package${_p#$pkgbase}
 206   }"
 207 done
 208
 209 # vim:set ts=8 sts=2 sw=2 et: