search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
archrelease: copy trunk to extra-x86_64
[arch-packages.git] / linux-hardened / trunk / PKGBUILD
blob43a9060bcfffba8b964bd8fd7306a1b2023a9846
1 # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
2 # Contributor: Daniel Micay <danielmicay@gmail.com>
3 # Contributor: Tobias Powalowski <tpowa@archlinux.org>
4 # Contributor: Thomas Baechler <thomas@archlinux.org>
5
6 pkgbase=linux-hardened
7 pkgver=6.1.29.hardened1
8 pkgrel=1
9 pkgdesc='Security-Hardened Linux'
10 url='https://github.com/anthraxx/linux-hardened'
11 arch=(x86_64)
12 license=(GPL2)
13 makedepends=(
14   bc libelf pahole cpio perl tar xz
15   xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick texlive-latexextra
16   git
17 )
18 options=('!strip')
19 _srcname=linux-${pkgver%.*}
20 _srctag=${pkgver%.*}-${pkgver##*.}
21 source=(
22   https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
23   https://github.com/anthraxx/${pkgbase}/releases/download/${_srctag}/${pkgbase}-${_srctag}.patch{,.sig}
24   gcc13-compat.patch
25   config         # the main kernel config file
26 )
27 validpgpkeys=(
28   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
29   '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
30   'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
31 )
32 sha256sums=('1e736cc9bd6036379a1d915e518abd4c2c94ad0fd1ea0da961c3489308b8fcfb'
33             'SKIP'
34             '0031e4b2cdacf20082352e2e675665908a88e0cf9f4c01a25d4f3608c684e725'
35             'SKIP'
36             'c6c5f6be7ae0ef5a8bdfea0a5578f096db38113774e08dc7b78fc48034c7b211'
37             'bd0618cad7fc3f277e963c0bde9f9c2258beccfba4944c948733c632ba082289')
38
39 export KBUILD_BUILD_HOST=archlinux
40 export KBUILD_BUILD_USER=$pkgbase
41 export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
42
43 prepare() {
44   cd $_srcname
45
46   echo "Setting version..."
47   scripts/setlocalversion --save-scmversion
48   echo "-$pkgrel" > localversion.10-pkgrel
49   echo "${pkgbase#linux}" > localversion.20-pkgname
50
51   local src
52   for src in "${source[@]}"; do
53     src="${src%%::*}"
54     src="${src##*/}"
55     [[ $src = *.patch ]] || continue
56     echo "Applying patch $src..."
57     patch -Np1 < "../$src"
58   done
59
60   echo "Setting config..."
61   cp ../config .config
62   make olddefconfig
63   diff -u ../config .config || :
64
65   make -s kernelrelease > version
66   echo "Prepared $pkgbase version $(<version)"
67 }
68
69 build() {
70   cd $_srcname
71   make htmldocs all
72 }
73
74 _package() {
75   pkgdesc="The $pkgdesc kernel and modules"
76   depends=(coreutils kmod initramfs)
77   optdepends=('wireless-regdb: to set the correct wireless channels of your country'
78               'linux-firmware: firmware images needed for some devices'
79               'usbctl: deny_new_usb control')
80   provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE KSMBD-MODULE)
81
82   cd $_srcname
83   local kernver="$(<version)"
84   local modulesdir="$pkgdir/usr/lib/modules/$kernver"
85
86   echo "Installing boot image..."
87   # systemd expects to find the kernel here to allow hibernation
88   # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
89   install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
90
91   # Used by mkinitcpio to name the kernel
92   echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
93
94   echo "Installing modules..."
95   make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \
96     DEPMOD=/doesnt/exist modules_install  # Suppress depmod
97
98   # remove build and source links
99   rm "$modulesdir"/{source,build}
100 }
101
102 _package-headers() {
103   pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
104   depends=(pahole)
105
106   cd $_srcname
107   local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
108
109   echo "Installing build files..."
110   install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
111     localversion.* version vmlinux
112   install -Dt "$builddir/kernel" -m644 kernel/Makefile
113   install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
114   cp -t "$builddir" -a scripts
115
116   # required when STACK_VALIDATION is enabled
117   install -Dt "$builddir/tools/objtool" tools/objtool/objtool
118
119   # required when DEBUG_INFO_BTF_MODULES is enabled
120   # install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids
121
122   echo "Installing headers..."
123   cp -t "$builddir" -a include
124   cp -t "$builddir/arch/x86" -a arch/x86/include
125   install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
126
127   install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
128   install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
129
130   # https://bugs.archlinux.org/task/13146
131   install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
132
133   # https://bugs.archlinux.org/task/20402
134   install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
135   install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
136   install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
137
138   # https://bugs.archlinux.org/task/71392
139   install -Dt "$builddir/drivers/iio/common/hid-sensors" -m644 drivers/iio/common/hid-sensors/*.h
140
141   echo "Installing KConfig files..."
142   find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
143
144   echo "Removing unneeded architectures..."
145   local arch
146   for arch in "$builddir"/arch/*/; do
147     [[ $arch = */x86/ ]] && continue
148     echo "Removing $(basename "$arch")"
149     rm -r "$arch"
150   done
151
152   echo "Removing documentation..."
153   rm -r "$builddir/Documentation"
154
155   echo "Removing broken symlinks..."
156   find -L "$builddir" -type l -printf 'Removing %P\n' -delete
157
158   echo "Removing loose objects..."
159   find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
160
161   echo "Stripping build tools..."
162   local file
163   while read -rd '' file; do
164     case "$(file -Sib "$file")" in
165       application/x-sharedlib\;*)      # Libraries (.so)
166         strip -v $STRIP_SHARED "$file" ;;
167       application/x-archive\;*)        # Libraries (.a)
168         strip -v $STRIP_STATIC "$file" ;;
169       application/x-executable\;*)     # Binaries
170         strip -v $STRIP_BINARIES "$file" ;;
171       application/x-pie-executable\;*) # Relocatable binaries
172         strip -v $STRIP_SHARED "$file" ;;
173     esac
174   done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
175
176   echo "Stripping vmlinux..."
177   strip -v $STRIP_STATIC "$builddir/vmlinux"
178
179   echo "Adding symlink..."
180   mkdir -p "$pkgdir/usr/src"
181   ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
182 }
183
184 _package-docs() {
185   pkgdesc="Documentation for the $pkgdesc kernel"
186
187   cd $_srcname
188   local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
189
190   echo "Installing documentation..."
191   local src dst
192   while read -rd '' src; do
193     dst="${src#Documentation/}"
194     dst="$builddir/Documentation/${dst#output/}"
195     install -Dm644 "$src" "$dst"
196   done < <(find Documentation -name '.*' -prune -o ! -type d -print0)
197
198   echo "Adding symlink..."
199   mkdir -p "$pkgdir/usr/share/doc"
200   ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
201 }
202
203 pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
204 for _p in "${pkgname[@]}"; do
205   eval "package_$_p() {
206     $(declare -f "_package${_p#$pkgbase}")
207     _package${_p#$pkgbase}
208   }"
209 done
210
211 # vim:set ts=8 sts=2 sw=2 et:
archlinux package build