379 lines
13 KiB
Plaintext
379 lines
13 KiB
Plaintext
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
|
|
|
_flavor=lts
|
|
pkgname=linux-$_flavor
|
|
pkgver=6.6.58
|
|
_kernver=${pkgver%.*}
|
|
pkgrel=0
|
|
pkgdesc="Linux lts kernel"
|
|
url="https://www.kernel.org"
|
|
depends="initramfs-generator"
|
|
_depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison zstd"
|
|
makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev>3 mawk
|
|
diffutils findutils zstd pahole python3 gcc>=13.1.1_git20230624"
|
|
options="!strip !check"
|
|
_config=${config:-config-lts.${CARCH}}
|
|
source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
|
|
0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
|
|
0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
|
|
0003-kexec-add-kexec_load_disabled-boot-option.patch
|
|
0004-objtool-respect-AWK-setting.patch
|
|
0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
|
|
1337-nftables-ipv6.patch
|
|
|
|
lts.aarch64.config
|
|
lts.armv7.config
|
|
lts.x86.config
|
|
lts.x86_64.config
|
|
lts.ppc64le.config
|
|
lts.s390x.config
|
|
lts.loongarch64.config
|
|
|
|
virt.aarch64.config
|
|
virt.armv7.config
|
|
virt.ppc64le.config
|
|
virt.x86.config
|
|
virt.x86_64.config
|
|
"
|
|
subpackages="$pkgname-dev:_dev:$CBUILD_ARCH $pkgname-doc"
|
|
for _i in $source; do
|
|
case $_i in
|
|
*.$CARCH.config)
|
|
_f=${_i%."$CARCH".config}
|
|
_flavors="$_flavors $_f"
|
|
if [ "linux-$_f" != "$pkgname" ]; then
|
|
subpackages="$subpackages linux-$_f::$CBUILD_ARCH linux-$_f-dev:_dev:$CBUILD_ARCH"
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
builddir="$srcdir"/linux-$_kernver
|
|
|
|
if [ "${pkgver%.0}" = "$pkgver" ]; then
|
|
source="$source
|
|
https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/patch-$pkgver.xz"
|
|
fi
|
|
arch="all !armhf !riscv64"
|
|
license="GPL-2.0-only"
|
|
|
|
# secfixes:
|
|
# 5.10.4-r0:
|
|
# - CVE-2020-29568
|
|
# - CVE-2020-29569
|
|
# 5.15.74-r0:
|
|
# - CVE-2022-41674
|
|
# - CVE-2022-42719
|
|
# - CVE-2022-42720
|
|
# - CVE-2022-42721
|
|
# - CVE-2022-42722
|
|
# 6.1.27-r3:
|
|
# - CVE-2023-32233
|
|
# 6.6.13-r1:
|
|
# - CVE-46838
|
|
|
|
prepare() {
|
|
if [ "$_kernver" != "$pkgver" ]; then
|
|
msg "Applying patch-$pkgver.xz"
|
|
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N
|
|
fi
|
|
|
|
default_prepare
|
|
|
|
# remove localversion from patch if any
|
|
rm -f localversion*
|
|
}
|
|
|
|
_kernelarch() {
|
|
local arch="$1"
|
|
case "$arch" in
|
|
aarch64*) arch="arm64" ;;
|
|
arm*) arch="arm" ;;
|
|
ppc*) arch="powerpc" ;;
|
|
s390*) arch="s390" ;;
|
|
riscv*) arch="riscv" ;;
|
|
loongarch64) arch="loongarch" ;;
|
|
esac
|
|
echo "$arch"
|
|
}
|
|
|
|
_prepareconfig() {
|
|
local _flavor="$1"
|
|
local _arch="$2"
|
|
local _config=$_flavor.$_arch.config
|
|
local _builddir="$srcdir"/build-$_flavor.$_arch
|
|
mkdir -p "$_builddir"
|
|
echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
|
|
|
|
cp "$srcdir"/$_config "$_builddir"/.config
|
|
msg "Configuring $_flavor kernel ($_arch)"
|
|
make -C "$builddir" \
|
|
O="$_builddir" \
|
|
ARCH="$(_kernelarch $_arch)" \
|
|
olddefconfig
|
|
|
|
if grep "CONFIG_MODULE_SIG=y" "$_builddir"/.config >/dev/null; then
|
|
if [ -f "$KERNEL_SIGNING_KEY" ]; then
|
|
sed -i -e "s:^CONFIG_MODULE_SIG_KEY=.*:CONFIG_MODULE_SIG_KEY=\"$KERNEL_SIGNING_KEY\":" \
|
|
"$_builddir"/.config
|
|
msg "Using $KERNEL_SIGNING_KEY to sign $_flavor kernel ($_arch) modules"
|
|
else
|
|
warning "KERNEL_SIGNING_KEY was not set. A signing key will be generated, but 3rd"
|
|
warning "party modules can not be signed"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
listconfigs() {
|
|
for i in $source; do
|
|
case "$i" in
|
|
*.config) echo $i;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
prepareconfigs() {
|
|
for _config in $(listconfigs); do
|
|
local _flavor=${_config%%.*}
|
|
local _arch=${_config%.config}
|
|
_arch=${_arch#*.}
|
|
local _builddir="$srcdir"/build-$_flavor.$_arch
|
|
_prepareconfig "$_flavor" "$_arch"
|
|
done
|
|
}
|
|
|
|
# this is supposed to be run before version is bumped so we can compare
|
|
# what new kernel config knobs are introduced
|
|
prepareupdate() {
|
|
clean && fetch && unpack && prepare && deps
|
|
prepareconfigs
|
|
rm -r "$builddir"
|
|
}
|
|
|
|
updateconfigs() {
|
|
if ! [ -d "$builddir" ]; then
|
|
deps && fetch && unpack && prepare
|
|
fi
|
|
for _config in ${CONFIGS:-$(listconfigs)}; do
|
|
msg "updating $_config"
|
|
local _flavor=${_config%%.*}
|
|
local _arch=${_config%.config}
|
|
_arch=${_arch#*.}
|
|
local _builddir="$srcdir"/build-$_flavor.$_arch
|
|
mkdir -p "$_builddir"
|
|
echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
|
|
local actions="listnewconfig oldconfig"
|
|
if ! [ -f "$_builddir"/.config ]; then
|
|
cp "$srcdir"/$_config "$_builddir"/.config
|
|
actions="olddefconfig"
|
|
fi
|
|
env | grep ^CONFIG_ >> "$_builddir"/.config || true
|
|
make -j1 -C "$builddir" \
|
|
O="$_builddir" \
|
|
ARCH="$(_kernelarch $_arch)" \
|
|
$actions savedefconfig
|
|
|
|
cp "$_builddir"/defconfig "$startdir"/$_config
|
|
done
|
|
}
|
|
|
|
set_kbuild_timestamp() {
|
|
# KBUILD_BUILD_TIMESTAMP needs to be parsable by busybox date
|
|
export KBUILD_BUILD_TIMESTAMP="$(date '+%Y-%m-%d %H:%M:%S' -u${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
|
|
}
|
|
|
|
build() {
|
|
unset LDFLAGS
|
|
# for some reason these sometimes leak into the kernel build,
|
|
# -Werror=format-security breaks some stuff
|
|
unset CFLAGS CPPFLAGS CXXFLAGS
|
|
set_kbuild_timestamp
|
|
for i in $_flavors; do
|
|
_prepareconfig "$i" "$CARCH"
|
|
done
|
|
for i in $_flavors; do
|
|
msg "Building $i kernel"
|
|
cd "$srcdir"/build-$i.$CARCH
|
|
|
|
# set org in cert for modules signing
|
|
# https://www.kernel.org/doc/html/v6.1/admin-guide/module-signing.html#generating-signing-keys
|
|
mkdir -p certs
|
|
sed -e 's/#O = Unspecified company/O = alpinelinux.org/' \
|
|
"$builddir"/certs/default_x509.genkey \
|
|
> certs/x509.genkey
|
|
|
|
make ARCH="$(_kernelarch $CARCH)" \
|
|
CC="${CC:-gcc}" \
|
|
AWK="${AWK:-mawk}" \
|
|
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine"
|
|
done
|
|
}
|
|
|
|
_package() {
|
|
local _buildflavor="$1" _outdir="$2"
|
|
set_kbuild_timestamp
|
|
|
|
cd "$srcdir"/build-$_buildflavor.$CARCH
|
|
local _abi_release="$(make -s kernelrelease)"
|
|
# modules_install seems to regenerate a defect Modules.symvers on s390x. Work
|
|
# around it by backing it up and restore it after modules_install
|
|
cp Module.symvers Module.symvers.backup
|
|
|
|
mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
|
|
|
|
local _install
|
|
case "$CARCH" in
|
|
arm*|aarch64|riscv*) _install="zinstall dtbs_install";;
|
|
*) _install=install;;
|
|
esac
|
|
|
|
make modules_install $_install \
|
|
ARCH="$(_kernelarch $CARCH)" \
|
|
INSTALL_MOD_PATH="$_outdir" \
|
|
INSTALL_MOD_STRIP=1 \
|
|
INSTALL_PATH="$_outdir"/boot \
|
|
INSTALL_DTBS_PATH="$_outdir/boot/dtbs-$_buildflavor"
|
|
|
|
cp Module.symvers.backup Module.symvers
|
|
|
|
rm -f "$_outdir"/lib/modules/"$_abi_release"/build \
|
|
"$_outdir"/lib/modules/"$_abi_release"/source
|
|
rm -rf "$_outdir"/lib/firmware
|
|
|
|
install -D -m644 include/config/kernel.release \
|
|
"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
|
|
|
|
case "$CARCH" in
|
|
loongarch64)
|
|
mv "$_outdir"/boot/vmlinuz-$_abi_release \
|
|
"$_outdir"/boot/vmlinuz-$_buildflavor
|
|
|
|
mv "$_outdir"/boot/config-$_abi_release \
|
|
"$_outdir"/boot/config-$_buildflavor
|
|
|
|
mv "$_outdir"/boot/System.map-$_abi_release \
|
|
"$_outdir"/boot/System.map-$_buildflavor
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# main flavor installs in $pkgdir
|
|
package() {
|
|
depends="$depends linux-firmware-any"
|
|
|
|
_package "$_flavor" "$pkgdir"
|
|
|
|
# copy files for linux-lts-doc sub package
|
|
mkdir -p "$pkgdir"/usr/share/doc
|
|
cp -r "$builddir"/Documentation \
|
|
"$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/
|
|
# remove files that aren't part of the documentation itself
|
|
for nondoc in \
|
|
.gitignore conf.py docutils.conf \
|
|
dontdiff Kconfig Makefile
|
|
do
|
|
rm "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/"$nondoc"
|
|
done
|
|
# create /usr/share/doc/linux-doc symlink
|
|
cd "$pkgdir"/usr/share/doc; ln -s linux-doc-"$pkgver" linux-doc
|
|
}
|
|
|
|
# subflavors install in $subpkgdir
|
|
virt() {
|
|
_package virt "$subpkgdir"
|
|
}
|
|
|
|
_dev() {
|
|
local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
|
|
local _builddir="$srcdir"/build-$_flavor.$CARCH
|
|
local _abi_release="$(make -C "$_builddir" -s kernelrelease)"
|
|
# copy the only the parts that we really need for build 3rd party
|
|
# kernel modules and install those as /usr/src/linux-headers,
|
|
# simlar to what ubuntu does
|
|
#
|
|
# this way you dont need to install the 300-400 kernel sources to
|
|
# build a tiny kernel module
|
|
#
|
|
pkgdesc="Headers and script for third party modules for $_flavor kernel"
|
|
depends="$_depends_dev"
|
|
local dir="$subpkgdir"/usr/src/linux-headers-"$_abi_release"
|
|
set_kbuild_timestamp
|
|
|
|
# first we import config, run prepare to set up for building
|
|
# external modules, and create the scripts
|
|
mkdir -p "$dir"
|
|
cp -a "$_builddir"/.config "$_builddir"/localversion-alpine \
|
|
"$dir"/
|
|
|
|
install -D -t "$dir"/certs "$_builddir"/certs/signing_key.x509 || :
|
|
|
|
make -C "$builddir" \
|
|
O="$dir" \
|
|
ARCH="$(_kernelarch $CARCH)" \
|
|
AWK="${AWK:-mawk}" \
|
|
prepare modules_prepare scripts
|
|
|
|
# remove the stuff that points to real sources. we want 3rd party
|
|
# modules to believe this is the sources
|
|
rm "$dir"/Makefile "$dir"/source
|
|
|
|
# copy the needed stuff from real sources
|
|
#
|
|
# this is taken from ubuntu kernel build script
|
|
# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
|
|
cd "$builddir"
|
|
find . -path './include/*' -prune \
|
|
-o -path './scripts/*' -prune -o -type f \
|
|
\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
|
|
-name '*.sh' -o -name '*.pl' -o -name '*.lds' -o -name 'Platform' \) \
|
|
-print | cpio -pdm "$dir"
|
|
|
|
cp -a scripts include "$dir"
|
|
|
|
find "arch/$_karch" -name include -type d -print | while IFS='' read -r folder; do
|
|
find "$folder" -type f
|
|
done | sort -u | cpio -pdm "$dir"
|
|
|
|
install -Dm644 "$srcdir"/build-$_flavor.$CARCH/Module.symvers \
|
|
"$dir"/Module.symvers
|
|
|
|
# remove unneeded things
|
|
msg "Removing documentation..."
|
|
rm -r "$dir"/Documentation
|
|
find "$dir" -type f -name '*.o' -printf 'Removing %P\n' -delete
|
|
local _karch="$(_kernelarch $CARCH | sed 's/x86_64/x86/')"
|
|
msg "Removing unneeded arch headers..."
|
|
for i in "$dir"/arch/*; do
|
|
if [ "${i##*/}" != "$_karch" ]; then
|
|
echo " ${i##*/}"
|
|
rm -r "$i"
|
|
fi
|
|
done
|
|
|
|
mkdir -p "$subpkgdir"/lib/modules/"$_abi_release"
|
|
ln -sf /usr/src/linux-headers-"$_abi_release" \
|
|
"$subpkgdir"/lib/modules/"$_abi_release"/build
|
|
}
|
|
|
|
sha512sums="
|
|
458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 linux-6.6.tar.xz
|
|
58bf9e84fb01f811f0cada7f7953d111908f0b0650648d6a3522061fe08c9fe284c9315515ae386189253e37d0c92419f78048d6568e2e426654b1e61010685f 0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
|
|
763dcb40f698d43b0bb856f44493973e840b66efe62a8fd41a08b6e3fa38cf903e059d107be3735ab2f38a0f27bdb0262798e5e530a1905f96195cd8bcf62fdf 0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
|
|
75f232b6becee7d36d360ffaf2aaa837d13518f9ec620ca159bcb2a0e98eb18a77631406a9b44244ea0164a7ed59fad583823909681e9b894a012f9d13365b69 0003-kexec-add-kexec_load_disabled-boot-option.patch
|
|
2956050bb332411d00a285e9656618f2e34b631492bbc19bef54d83a6e91b8531f4e18830b9313cfe52fbf8a8ca6fb76cf55b3ddd146ca3b977046cf2fd10cad 0004-objtool-respect-AWK-setting.patch
|
|
4b16f15b47b5e5835b926126e39723f519290469517875cfb2d2b857a93ad1344f0d1ba4b255289e20f4da9c867647526b344f752981cee0a48c51577badac3f 0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
|
|
a7085f581773cd492d8ed76638abe0d81924107778c3eb87ea495fba9aff69b2f28cb01d0ca6101bd849641ccc8294c238486043f492dc44ee26d7111a6b76cc 1337-nftables-ipv6.patch
|
|
a8286ac0cbff0736ab7d5503a19034b11d69d1faa84316bef69087102a009c27b9f54daf9d55d55112e8eef4f239d1dd3a34fe1b55c1aa078ca638a85e0ded1b lts.aarch64.config
|
|
2fd7ce3f044f72718b51c7db81bb0f720630a8a4164b97036bfe1a0816efc6903ca83f580543ea4bdca6031d912af9138c44f90722ceff8d5e928412ad23a609 lts.armv7.config
|
|
b2534172f8eeb14edb5855c59e806ce07fdfbc1a5a4fe206dd037f17aa21b894d927c1cdcf7c87bb364efd491bb226e3ee21e7f46d26a1afc05f9385260985eb lts.x86.config
|
|
eff52f6533953312290456124f11e3532dbcbc389a46556c638c7a2d77a0ced2d6316e159c2f0d9bc026fd1a06520f70dd9b1c748fd618e825f4da2cfdf42cad lts.x86_64.config
|
|
243eb831ef4cf7ae8c18e80433447ddfc437b3eda51c8a584e1d0006b214aac77b1801e66860e6cdcbba04b7c9a15c66cd602811cdf30cb7edf0f43778fb1922 lts.ppc64le.config
|
|
60327486c2668ee24041f86a22d3856dcac3c9e358f4e16a16f6d302d79095ca5a08c4011141050eafe06ba2d1c3eccd142b79ffa469338e213ae2156e29aa44 lts.s390x.config
|
|
4697069b98b81243a18d97ed668a00c08504b55255e4d4392a0f1e63403b6d72036d440b4e54c63c8932ca243164729486e1cea229bd8baf5201fb969f838450 lts.loongarch64.config
|
|
b79a6cf6578c49b582931e0f38564e69714bfa2b03c7615301e4cdf0ba9617bf42e01952f4a8a99d82c68733c0aed8b45b4e72ba0a175ce75dc8a14f12fe0f83 virt.aarch64.config
|
|
fdd8ff5bac36fc6421c3e71af89346c9a84fedfebc49e61353185561c9737bd59f9692fb09af553eaee5dd104e6f170e9cb460c0a54ee429cffe9a7b150b0379 virt.armv7.config
|
|
4dab1bb85d5eaf95ee85beae150c888140583feb1f5bbaec1cf17e2ff73d604590b5aee4edb51caec2ae28adbcf451e88cf3d39bff01887e28ae05c2e104535e virt.ppc64le.config
|
|
2110f9a8b62af734f67e1024b598645433786bceec2517ca529bd705ebabb3265395ea1e4416260b69778f4c8a5e90db10877d7136841a06c41ffff3279cfb8f virt.x86.config
|
|
c9f51f49e82f14f1ce5420c9c7deca77b2b54b3c2ff1d2ad377b57a028689c614c573f7d413c960c62a6d0c0463fbd17c1ae8d25c7c70c09217946f2c7c4ef11 virt.x86_64.config
|
|
9feecb9b368461c27c93cdc852d30caaa53fedb6f7c8cf066feb5ec35a87b016250b7573d17b1cdb992df80a840b5bc80d4aa84a00b631ac4bfaa8b64bc23cda patch-6.6.58.xz
|
|
"
|