diff options
Diffstat (limited to 'libre/linux-libre-grsec/PKGBUILD')
-rw-r--r-- | libre/linux-libre-grsec/PKGBUILD | 112 |
1 files changed, 69 insertions, 43 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 576441ea3..6f7e20edf 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -1,24 +1,24 @@ -# Maintainer: Daniel Micay <danielmicay@gmail.com> -# Contributor: Tobias Powalowski <tpowa@archlinux.org> -# Contributor: Thomas Baechler <thomas@archlinux.org> -# Contributor: henning mueller <henning@orgizm.net> -# Contributor: Thomas Dwyer http://tomd.tel -# Maintainer (Parabola): André Silva <emulatorman@parabola.nu> -# Contributor (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar> -# Contributor (Parabola): Sorin-Mihai Vârgolici <smv@yobicore.org> -# Contributor (Parabola): Michał Masłowski <mtjm@mtjm.eu> -# Contributor (Parabola): Márcio Silva <coadde@parabola.nu> +# Maintainer (Arch): Daniel Micay <danielmicay@gmail.com> +# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org> +# Contributor (Arch): Thomas Baechler <thomas@archlinux.org> +# Contributor (Arch): henning mueller <henning@orgizm.net> +# Contributor (Arch): Thomas Dwyer http://tomd.tel +# Maintainer: André Silva <emulatorman@parabola.nu> +# Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar> +# Contributor: Sorin-Mihai Vârgolici <smv@yobicore.org> +# Contributor: Michał Masłowski <mtjm@mtjm.eu> +# Contributor: Márcio Silva <coadde@parabola.nu> pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.14 -_sublevel=1 +_sublevel=4 _grsecver=3.0 -_timestamp=201404201132 +_timestamp=201405141623 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} pkgrel=1 -_lxopkgver=${_basekernel}.0 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.4 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') @@ -42,35 +42,41 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0004-fs-Don-t-return-0-from-get_anon_bdev.patch' '0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch' '0006-genksyms-fix-typeof-handling.patch' - '0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch' '0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch' + '0011-kernfs-fix-removed-error-check.patch' + '0012-fix-saa7134.patch' + '0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch' + '0015-fix-xsdt-validation.patch' 'sysctl.conf' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") -md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f' - '2b4862b3c76011e66e536f18fbf0fb27' - 'db16c597af55a82da6fbe1059377c5cd' - 'SKIP' - '51ead958a4bb74ca5f5702b97740719b' - '0822a5655cef86bb6f449692d8b3f3d2' - '5f66bed97a5c37e48eb2f71b2d354b9a' - '2967cecc3af9f954ccc822fd63dca6ff' - '8267264d9a8966e57fdacd1fa1fc65c4' - '14bb375a8a1d86d2875f72fcbaa03f3e' - '98beb36f9b8cf16e58de2483ea9985e3' - '6839ddec74a5300beff1709a81b0e4f3' - '706549e8a05f33f7fc697f28c0ca71d2' - 'd23fc66be93ebce698bd7da844789de1' - 'b240cc8ebb4b5d74e94b4c72d033f726' - 'a89d593774ccb955eb8368d3bc87ce26' - '16a161979f846b049e90daea907c35dd' - '00727251b0d337a25d3ca392218afdf4' - '353b553d69da810ef954618aca60e1e2' - '7a052645280da78a98bfe8cf805ddab5' - '385f03abf27baa73731d27721eafd1c1') +sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' + '01de5e15a2081197859e617c441de5cac9ddf60bed6fcf4dcff7a54e210e7815' + 'e41e5dea54db4311655ccc68b371ac15dcc48f8767ca0a02150af70e831d2e4d' + 'SKIP' + '0b6dbdf4d1677a39b9a0d55e8d7c66fe644fa77d769e3b673064181222b17467' + '8207a533f4fbad05ad26061f924957a7a92436d44a5dd7ca10e61d730c5e0ef9' + '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486' + 'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b' + '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9' + 'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6' + 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' + '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02' + '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29' + '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d' + '1e1ae0f31f722e80da083ecada1f1be57f9ddad133941820c4483b0240e494c1' + '3fffb01cf97a5a7ab9601cb277d2468c0fb1e1cceba4225915f3ffae3a5694ec' + 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7' + 'c0af4622f75c89fef62183e18b7d49998228d4eaa906c6accaf4aa4ff0134f85' + '04f44bf5c181d6dc31905937c1bdccb0f5aecaad3a579e99b302502b9cbe0f7a' + '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18' + 'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be' + '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4' + 'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f' + '3cd53473e049a4809d9dde8ebef73307ce87076d707f3fd5c100844d4a9e8255') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] - unset md5sums[${#md5sums[@]}-1] + unset sha256sums[${#sha256sums[@]}-1] fi _kernelname=${pkgbase#linux-libre} @@ -118,15 +124,29 @@ prepare() { # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18 patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch" - # Fix the use of code32_start in the EFI boot stub - # http://permalink.gmane.org/gmane.linux.kernel/1679881 - # https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=urgent&id=7e8213c1f3acc064aef37813a39f13cbfe7c3ce7 - patch -p1 -i "${srcdir}/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch" - # https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/commit/?id=12f853a89e29f50b17698e17e73c328a35f1498d # FS#39815 patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch" + # fix Xorg crash with i810 chipset due to wrong removed error check + # References: http://lkml.kernel.org/g/533D01BD.1010200@googlemail.com + patch -Np1 -i "${srcdir}/0011-kernfs-fix-removed-error-check.patch" + + # fix saa7134 video + # https://bugs.archlinux.org/task/39904 + # https://bugzilla.kernel.org/show_bug.cgi?id=73361 + patch -Np1 -i "${srcdir}/0012-fix-saa7134.patch" + + # fix tun/openvpn performance + # https://bugs.archlinux.org/task/40089 + # https://bugzilla.kernel.org/show_bug.cgi?id=74051 + patch -Np1 -i "${srcdir}/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch" + + # fix xsdt validation bug + # https://bugs.archlinux.org/task/39811 + # https://bugzilla.kernel.org/show_bug.cgi?id=73911 + patch -Np1 -i "${srcdir}/0015-fix-xsdt-validation.patch" + if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-grsec|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ @@ -155,7 +175,7 @@ prepare() { fi # set extraversion to pkgrel - sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile + sed -ri "s|^(EXTRAVERSION =).*|\1 .${_timestamp}-${pkgrel}|" Makefile # don't run depmod on 'make install'. We'll do this ourselves in packaging sed -i '2iexit 0' scripts/depmod.sh @@ -215,7 +235,7 @@ _package() { # get kernel version _kernver="$(make LOCALVERSION= kernelrelease)" _basekernel=${_kernver%%-*} - _basekernel=${_basekernel%.*} + _basekernel=${_basekernel%.*.*} mkdir -p "${pkgdir}"/{lib/modules,lib/firmware,boot} make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}" modules_install @@ -272,6 +292,12 @@ _package() { # add vmlinux install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" + # add grsecurity gcc plugins + mkdir -p "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc" + cp -a tools/gcc/*.h "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + cp -a tools/gcc/Makefile "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + install -m644 tools/gcc/*.so "$pkgdir/usr/lib/modules/${_kernver}/build/tools/gcc/" + # install sysctl configuration for grsecurity switches install -Dm600 "${srcdir}/sysctl.conf" "${pkgdir}/etc/sysctl.d/05-grsecurity.conf" } |