--- linux/PKGBUILD +++ linux-hardened/PKGBUILD @@ -87,4 +88,3 @@ cd ${_srcname} - - make ${MAKEFLAGS} LOCALVERSION= bzImage modules + make LOCALVERSION= bzImage modules } @@ -101,2 +101,4 @@ + KARCH=x86 + # get kernel version @@ -108,3 +110,3 @@ make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}/usr" modules_install - cp arch/x86/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" + cp arch/$KARCH/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}" @@ -120,2 +122,4 @@ rm "${pkgdir}"/usr/lib/modules/${_kernver}/{source,build} + # remove the firmware + rm -rf "${pkgdir}/lib/firmware" @@ -125,3 +129,3 @@ # add vmlinux - install -Dt "${pkgdir}/usr/lib/modules/${_kernver}/build" -m644 vmlinux + install -Dm 644 vmlinux -t "${pkgdir}/usr/lib/modules/${_kernver}/build" @@ -140,3 +144,3 @@ sed "${_subst}" ../linux.preset | - install -Dm644 /dev/stdin "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" + install -Dm 644 /dev/stdin "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset" @@ -144,5 +148,5 @@ sed "${_subst}" ../60-linux.hook | - install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/60-${pkgbase}.hook" + install -Dm 644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/60-${pkgbase}.hook" sed "${_subst}" ../90-linux.hook | - install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/90-${pkgbase}.hook" + install -Dm 644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/90-${pkgbase}.hook" } @@ -152,64 +156,121 @@ + install -dm755 "${pkgdir}/usr/lib/modules/${_kernver}" + cd ${_srcname} - local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build" + install -D -m644 Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/Makefile" + install -D -m644 kernel/Makefile \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/kernel/Makefile" + install -D -m644 .config \ + "${pkgdir}/usr/lib/modules/${_kernver}/build/.config" + + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include" + + for i in acpi asm-generic config crypto drm generated keys linux math-emu \ + media net pcmcia rdma scsi soc sound trace uapi video xen; do + cp -a include/${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/include/" + done + + # copy arch includes for external modules + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86" + cp -a arch/x86/include "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/x86/" + + # copy files necessary for later builds, like nvidia and vmware + cp Module.symvers "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -a scripts "${pkgdir}/usr/lib/modules/${_kernver}/build" - install -Dt "${_builddir}" -m644 Makefile .config Module.symvers - install -Dt "${_builddir}/kernel" -m644 kernel/Makefile + # fix permissions on scripts dir + chmod og-w -R "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/.tmp_versions" - mkdir "${_builddir}/.tmp_versions" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel" - cp -t "${_builddir}" -a include scripts + cp arch/${KARCH}/Makefile "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/" - install -Dt "${_builddir}/arch/x86" -m644 arch/x86/Makefile - install -Dt "${_builddir}/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s + cp arch/${KARCH}/kernel/asm-offsets.s "${pkgdir}/usr/lib/modules/${_kernver}/build/arch/${KARCH}/kernel/" - cp -t "${_builddir}/arch/x86" -a arch/x86/include + # add docbook makefile + #install -D -m644 Documentation/DocBook/Makefile \ + #"${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" - install -Dt "${_builddir}/drivers/md" -m644 drivers/md/*.h - install -Dt "${_builddir}/net/mac80211" -m644 net/mac80211/*.h + # add dm headers + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + cp drivers/md/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/md" + # add inotify.h + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux" + cp include/linux/inotify.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/linux/" + + # add wireless headers + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + cp net/mac80211/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/net/mac80211/" + + # add dvb headers for external modules + # in reference to: # http://bugs.archlinux.org/task/9912 - install -Dt "${_builddir}/drivers/media/dvb-core" -m644 drivers/media/dvb-core/*.h + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core" + cp drivers/media/dvb-core/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-core/" + # and... + # http://bugs.archlinux.org/task/11194 + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + cp include/config/dvb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/include/config/dvb/" + # add dvb headers for http://mcentral.de/hg/~mrec/em28xx-new + # in reference to: # http://bugs.archlinux.org/task/13146 - install -Dt "${_builddir}/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + cp drivers/media/dvb-frontends/lgdt330x.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + cp drivers/media/i2c/msp3400-driver.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/i2c/" + # add dvb headers + # in reference to: # http://bugs.archlinux.org/task/20402 - install -Dt "${_builddir}/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h - install -Dt "${_builddir}/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h - install -Dt "${_builddir}/drivers/media/tuners" -m644 drivers/media/tuners/*.h + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb" + cp drivers/media/usb/dvb-usb/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/usb/dvb-usb/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends" + cp drivers/media/dvb-frontends/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/dvb-frontends/" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners" + cp drivers/media/tuners/*.h "${pkgdir}/usr/lib/modules/${_kernver}/build/drivers/media/tuners/" # add xfs and shmem for aufs building - mkdir -p "${_builddir}"/{fs/xfs,mm} + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs" + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/mm" + # removed in 3.17 series + # cp fs/xfs/xfs_sb.h "${pkgdir}/usr/lib/modules/${_kernver}/build/fs/xfs/xfs_sb.h" # copy in Kconfig files - find . -name Kconfig\* -exec install -Dm644 {} "${_builddir}/{}" \; - - # add objtool for external module building and enabled VALIDATION_STACK option - install -Dt "${_builddir}/tools/objtool" tools/objtool/objtool - - # remove unneeded architectures - local _arch - for _arch in "${_builddir}"/arch/*/; do - [[ ${_arch} == */x86/ ]] && continue - rm -r "${_arch}" + for i in $(find . -name "Kconfig*"); do + mkdir -p "${pkgdir}"/usr/lib/modules/${_kernver}/build/`echo ${i} | sed 's|/Kconfig.*||'` + cp ${i} "${pkgdir}/usr/lib/modules/${_kernver}/build/${i}" done - # remove files already in linux-docs package - rm -r "${_builddir}/Documentation" + # add objtool for external module building and enabled VALIDATION_STACK option + if [ -f tools/objtool/objtool ]; then + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build/tools/objtool" + cp -a tools/objtool/objtool "${pkgdir}/usr/lib/modules/${_kernver}/build/tools/objtool/" + fi - # Fix permissions - chmod -R u=rwX,go=rX "${_builddir}" + chown -R root.root "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}/usr/lib/modules/${_kernver}/build" -type d -exec chmod 755 {} \; # strip scripts directory - local _binary _strip - while read -rd '' _binary; do - case "$(file -bi "${_binary}")" in - *application/x-sharedlib*) _strip="${STRIP_SHARED}" ;; # Libraries (.so) - *application/x-archive*) _strip="${STRIP_STATIC}" ;; # Libraries (.a) - *application/x-executable*) _strip="${STRIP_BINARIES}" ;; # Binaries - *) continue ;; + find "${pkgdir}/usr/lib/modules/${_kernver}/build/scripts" -type f -perm -u+w 2>/dev/null | while read binary ; do + case "$(file -bi "${binary}")" in + *application/x-sharedlib*) # Libraries (.so) + /usr/bin/strip ${STRIP_SHARED} "${binary}";; + *application/x-archive*) # Libraries (.a) + /usr/bin/strip ${STRIP_STATIC} "${binary}";; + *application/x-executable*) # Binaries + /usr/bin/strip ${STRIP_BINARIES} "${binary}";; esac - /usr/bin/strip ${_strip} "${_binary}" - done < <(find "${_builddir}/scripts" -type f -perm -u+w -print0 2>/dev/null) + done + + # remove unneeded architectures + rm -rf "${pkgdir}"/usr/lib/modules/${_kernver}/build/arch/{alpha,arc,arm,arm26,arm64,avr32,blackfin,c6x,cris,frv,h8300,hexagon,ia64,m32r,m68k,m68knommu,metag,mips,microblaze,mn10300,openrisc,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,unicore32,um,v850,xtensa} + + # remove a files already in linux-docs package + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/kbuild/Kconfig.recursion-issue-01" + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/kbuild/Kconfig.recursion-issue-02" + rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/kbuild/Kconfig.select-break" } @@ -220,9 +281,10 @@ cd ${_srcname} - local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build" - mkdir -p "${_builddir}" - cp -t "${_builddir}" -a Documentation + mkdir -p "${pkgdir}/usr/lib/modules/${_kernver}/build" + cp -al Documentation "${pkgdir}/usr/lib/modules/${_kernver}/build" + find "${pkgdir}" -type f -exec chmod 444 {} \; + find "${pkgdir}" -type d -exec chmod 755 {} \; - # Fix permissions - chmod -R u=rwX,go=rX "${_builddir}" + # remove a file already in linux package + #rm -f "${pkgdir}/usr/lib/modules/${_kernver}/build/Documentation/DocBook/Makefile" }