alpine-overlay/kubezero/linux-lts/APKBUILD

379 lines
13 KiB
Plaintext

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=lts
pkgname=linux-$_flavor
pkgver=6.6.58
_kernver=${pkgver%.*}
pkgrel=0
pkgdesc="Linux lts kernel"
url="https://www.kernel.org"
depends="initramfs-generator"
_depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison zstd"
makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev>3 mawk
diffutils findutils zstd pahole python3 gcc>=13.1.1_git20230624"
options="!strip !check"
_config=${config:-config-lts.${CARCH}}
source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
0003-kexec-add-kexec_load_disabled-boot-option.patch
0004-objtool-respect-AWK-setting.patch
0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
1337-nftables-ipv6.patch
lts.aarch64.config
lts.armv7.config
lts.x86.config
lts.x86_64.config
lts.ppc64le.config
lts.s390x.config
lts.loongarch64.config
virt.aarch64.config
virt.armv7.config
virt.ppc64le.config
virt.x86.config
virt.x86_64.config
"
subpackages="$pkgname-dev:_dev:$CBUILD_ARCH $pkgname-doc"
for _i in $source; do
case $_i in
*.$CARCH.config)
_f=${_i%."$CARCH".config}
_flavors="$_flavors $_f"
if [ "linux-$_f" != "$pkgname" ]; then
subpackages="$subpackages linux-$_f::$CBUILD_ARCH linux-$_f-dev:_dev:$CBUILD_ARCH"
fi
;;
esac
done
builddir="$srcdir"/linux-$_kernver
if [ "${pkgver%.0}" = "$pkgver" ]; then
source="$source
https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/patch-$pkgver.xz"
fi
arch="all !armhf !riscv64"
license="GPL-2.0-only"
# secfixes:
# 5.10.4-r0:
# - CVE-2020-29568
# - CVE-2020-29569
# 5.15.74-r0:
# - CVE-2022-41674
# - CVE-2022-42719
# - CVE-2022-42720
# - CVE-2022-42721
# - CVE-2022-42722
# 6.1.27-r3:
# - CVE-2023-32233
# 6.6.13-r1:
# - CVE-46838
prepare() {
if [ "$_kernver" != "$pkgver" ]; then
msg "Applying patch-$pkgver.xz"
unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N
fi
default_prepare
# remove localversion from patch if any
rm -f localversion*
}
_kernelarch() {
local arch="$1"
case "$arch" in
aarch64*) arch="arm64" ;;
arm*) arch="arm" ;;
ppc*) arch="powerpc" ;;
s390*) arch="s390" ;;
riscv*) arch="riscv" ;;
loongarch64) arch="loongarch" ;;
esac
echo "$arch"
}
_prepareconfig() {
local _flavor="$1"
local _arch="$2"
local _config=$_flavor.$_arch.config
local _builddir="$srcdir"/build-$_flavor.$_arch
mkdir -p "$_builddir"
echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
cp "$srcdir"/$_config "$_builddir"/.config
msg "Configuring $_flavor kernel ($_arch)"
make -C "$builddir" \
O="$_builddir" \
ARCH="$(_kernelarch $_arch)" \
olddefconfig
if grep "CONFIG_MODULE_SIG=y" "$_builddir"/.config >/dev/null; then
if [ -f "$KERNEL_SIGNING_KEY" ]; then
sed -i -e "s:^CONFIG_MODULE_SIG_KEY=.*:CONFIG_MODULE_SIG_KEY=\"$KERNEL_SIGNING_KEY\":" \
"$_builddir"/.config
msg "Using $KERNEL_SIGNING_KEY to sign $_flavor kernel ($_arch) modules"
else
warning "KERNEL_SIGNING_KEY was not set. A signing key will be generated, but 3rd"
warning "party modules can not be signed"
fi
fi
}
listconfigs() {
for i in $source; do
case "$i" in
*.config) echo $i;;
esac
done
}
prepareconfigs() {
for _config in $(listconfigs); do
local _flavor=${_config%%.*}
local _arch=${_config%.config}
_arch=${_arch#*.}
local _builddir="$srcdir"/build-$_flavor.$_arch
_prepareconfig "$_flavor" "$_arch"
done
}
# this is supposed to be run before version is bumped so we can compare
# what new kernel config knobs are introduced
prepareupdate() {
clean && fetch && unpack && prepare && deps
prepareconfigs
rm -r "$builddir"
}
updateconfigs() {
if ! [ -d "$builddir" ]; then
deps && fetch && unpack && prepare
fi
for _config in ${CONFIGS:-$(listconfigs)}; do
msg "updating $_config"
local _flavor=${_config%%.*}
local _arch=${_config%.config}
_arch=${_arch#*.}
local _builddir="$srcdir"/build-$_flavor.$_arch
mkdir -p "$_builddir"
echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
local actions="listnewconfig oldconfig"
if ! [ -f "$_builddir"/.config ]; then
cp "$srcdir"/$_config "$_builddir"/.config
actions="olddefconfig"
fi
env | grep ^CONFIG_ >> "$_builddir"/.config || true
make -j1 -C "$builddir" \
O="$_builddir" \
ARCH="$(_kernelarch $_arch)" \
$actions savedefconfig
cp "$_builddir"/defconfig "$startdir"/$_config
done
}
set_kbuild_timestamp() {
# KBUILD_BUILD_TIMESTAMP needs to be parsable by busybox date
export KBUILD_BUILD_TIMESTAMP="$(date '+%Y-%m-%d %H:%M:%S' -u${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
}
build() {
unset LDFLAGS
# for some reason these sometimes leak into the kernel build,
# -Werror=format-security breaks some stuff
unset CFLAGS CPPFLAGS CXXFLAGS
set_kbuild_timestamp
for i in $_flavors; do
_prepareconfig "$i" "$CARCH"
done
for i in $_flavors; do
msg "Building $i kernel"
cd "$srcdir"/build-$i.$CARCH
# set org in cert for modules signing
# https://www.kernel.org/doc/html/v6.1/admin-guide/module-signing.html#generating-signing-keys
mkdir -p certs
sed -e 's/#O = Unspecified company/O = alpinelinux.org/' \
"$builddir"/certs/default_x509.genkey \
> certs/x509.genkey
make ARCH="$(_kernelarch $CARCH)" \
CC="${CC:-gcc}" \
AWK="${AWK:-mawk}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine"
done
}
_package() {
local _buildflavor="$1" _outdir="$2"
set_kbuild_timestamp
cd "$srcdir"/build-$_buildflavor.$CARCH
local _abi_release="$(make -s kernelrelease)"
# modules_install seems to regenerate a defect Modules.symvers on s390x. Work
# around it by backing it up and restore it after modules_install
cp Module.symvers Module.symvers.backup
mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
local _install
case "$CARCH" in
arm*|aarch64|riscv*) _install="zinstall dtbs_install";;
*) _install=install;;
esac
make modules_install $_install \
ARCH="$(_kernelarch $CARCH)" \
INSTALL_MOD_PATH="$_outdir" \
INSTALL_MOD_STRIP=1 \
INSTALL_PATH="$_outdir"/boot \
INSTALL_DTBS_PATH="$_outdir/boot/dtbs-$_buildflavor"
cp Module.symvers.backup Module.symvers
rm -f "$_outdir"/lib/modules/"$_abi_release"/build \
"$_outdir"/lib/modules/"$_abi_release"/source
rm -rf "$_outdir"/lib/firmware
install -D -m644 include/config/kernel.release \
"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
case "$CARCH" in
loongarch64)
mv "$_outdir"/boot/vmlinuz-$_abi_release \
"$_outdir"/boot/vmlinuz-$_buildflavor
mv "$_outdir"/boot/config-$_abi_release \
"$_outdir"/boot/config-$_buildflavor
mv "$_outdir"/boot/System.map-$_abi_release \
"$_outdir"/boot/System.map-$_buildflavor
;;
esac
}
# main flavor installs in $pkgdir
package() {
depends="$depends linux-firmware-any"
_package "$_flavor" "$pkgdir"
# copy files for linux-lts-doc sub package
mkdir -p "$pkgdir"/usr/share/doc
cp -r "$builddir"/Documentation \
"$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/
# remove files that aren't part of the documentation itself
for nondoc in \
.gitignore conf.py docutils.conf \
dontdiff Kconfig Makefile
do
rm "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/"$nondoc"
done
# create /usr/share/doc/linux-doc symlink
cd "$pkgdir"/usr/share/doc; ln -s linux-doc-"$pkgver" linux-doc
}
# subflavors install in $subpkgdir
virt() {
_package virt "$subpkgdir"
}
_dev() {
local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
local _builddir="$srcdir"/build-$_flavor.$CARCH
local _abi_release="$(make -C "$_builddir" -s kernelrelease)"
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for $_flavor kernel"
depends="$_depends_dev"
local dir="$subpkgdir"/usr/src/linux-headers-"$_abi_release"
set_kbuild_timestamp
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp -a "$_builddir"/.config "$_builddir"/localversion-alpine \
"$dir"/
install -D -t "$dir"/certs "$_builddir"/certs/signing_key.x509 || :
make -C "$builddir" \
O="$dir" \
ARCH="$(_kernelarch $CARCH)" \
AWK="${AWK:-mawk}" \
prepare modules_prepare scripts
# remove the stuff that points to real sources. we want 3rd party
# modules to believe this is the sources
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
cd "$builddir"
find . -path './include/*' -prune \
-o -path './scripts/*' -prune -o -type f \
\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
-name '*.sh' -o -name '*.pl' -o -name '*.lds' -o -name 'Platform' \) \
-print | cpio -pdm "$dir"
cp -a scripts include "$dir"
find "arch/$_karch" -name include -type d -print | while IFS='' read -r folder; do
find "$folder" -type f
done | sort -u | cpio -pdm "$dir"
install -Dm644 "$srcdir"/build-$_flavor.$CARCH/Module.symvers \
"$dir"/Module.symvers
# remove unneeded things
msg "Removing documentation..."
rm -r "$dir"/Documentation
find "$dir" -type f -name '*.o' -printf 'Removing %P\n' -delete
local _karch="$(_kernelarch $CARCH | sed 's/x86_64/x86/')"
msg "Removing unneeded arch headers..."
for i in "$dir"/arch/*; do
if [ "${i##*/}" != "$_karch" ]; then
echo " ${i##*/}"
rm -r "$i"
fi
done
mkdir -p "$subpkgdir"/lib/modules/"$_abi_release"
ln -sf /usr/src/linux-headers-"$_abi_release" \
"$subpkgdir"/lib/modules/"$_abi_release"/build
}
sha512sums="
458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 linux-6.6.tar.xz
58bf9e84fb01f811f0cada7f7953d111908f0b0650648d6a3522061fe08c9fe284c9315515ae386189253e37d0c92419f78048d6568e2e426654b1e61010685f 0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
763dcb40f698d43b0bb856f44493973e840b66efe62a8fd41a08b6e3fa38cf903e059d107be3735ab2f38a0f27bdb0262798e5e530a1905f96195cd8bcf62fdf 0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
75f232b6becee7d36d360ffaf2aaa837d13518f9ec620ca159bcb2a0e98eb18a77631406a9b44244ea0164a7ed59fad583823909681e9b894a012f9d13365b69 0003-kexec-add-kexec_load_disabled-boot-option.patch
2956050bb332411d00a285e9656618f2e34b631492bbc19bef54d83a6e91b8531f4e18830b9313cfe52fbf8a8ca6fb76cf55b3ddd146ca3b977046cf2fd10cad 0004-objtool-respect-AWK-setting.patch
4b16f15b47b5e5835b926126e39723f519290469517875cfb2d2b857a93ad1344f0d1ba4b255289e20f4da9c867647526b344f752981cee0a48c51577badac3f 0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
a7085f581773cd492d8ed76638abe0d81924107778c3eb87ea495fba9aff69b2f28cb01d0ca6101bd849641ccc8294c238486043f492dc44ee26d7111a6b76cc 1337-nftables-ipv6.patch
a8286ac0cbff0736ab7d5503a19034b11d69d1faa84316bef69087102a009c27b9f54daf9d55d55112e8eef4f239d1dd3a34fe1b55c1aa078ca638a85e0ded1b lts.aarch64.config
2fd7ce3f044f72718b51c7db81bb0f720630a8a4164b97036bfe1a0816efc6903ca83f580543ea4bdca6031d912af9138c44f90722ceff8d5e928412ad23a609 lts.armv7.config
b2534172f8eeb14edb5855c59e806ce07fdfbc1a5a4fe206dd037f17aa21b894d927c1cdcf7c87bb364efd491bb226e3ee21e7f46d26a1afc05f9385260985eb lts.x86.config
eff52f6533953312290456124f11e3532dbcbc389a46556c638c7a2d77a0ced2d6316e159c2f0d9bc026fd1a06520f70dd9b1c748fd618e825f4da2cfdf42cad lts.x86_64.config
243eb831ef4cf7ae8c18e80433447ddfc437b3eda51c8a584e1d0006b214aac77b1801e66860e6cdcbba04b7c9a15c66cd602811cdf30cb7edf0f43778fb1922 lts.ppc64le.config
60327486c2668ee24041f86a22d3856dcac3c9e358f4e16a16f6d302d79095ca5a08c4011141050eafe06ba2d1c3eccd142b79ffa469338e213ae2156e29aa44 lts.s390x.config
4697069b98b81243a18d97ed668a00c08504b55255e4d4392a0f1e63403b6d72036d440b4e54c63c8932ca243164729486e1cea229bd8baf5201fb969f838450 lts.loongarch64.config
b79a6cf6578c49b582931e0f38564e69714bfa2b03c7615301e4cdf0ba9617bf42e01952f4a8a99d82c68733c0aed8b45b4e72ba0a175ce75dc8a14f12fe0f83 virt.aarch64.config
fdd8ff5bac36fc6421c3e71af89346c9a84fedfebc49e61353185561c9737bd59f9692fb09af553eaee5dd104e6f170e9cb460c0a54ee429cffe9a7b150b0379 virt.armv7.config
4dab1bb85d5eaf95ee85beae150c888140583feb1f5bbaec1cf17e2ff73d604590b5aee4edb51caec2ae28adbcf451e88cf3d39bff01887e28ae05c2e104535e virt.ppc64le.config
2110f9a8b62af734f67e1024b598645433786bceec2517ca529bd705ebabb3265395ea1e4416260b69778f4c8a5e90db10877d7136841a06c41ffff3279cfb8f virt.x86.config
c9f51f49e82f14f1ce5420c9c7deca77b2b54b3c2ff1d2ad377b57a028689c614c573f7d413c960c62a6d0c0463fbd17c1ae8d25c7c70c09217946f2c7c4ef11 virt.x86_64.config
9feecb9b368461c27c93cdc852d30caaa53fedb6f7c8cf066feb5ec35a87b016250b7573d17b1cdb992df80a840b5bc80d4aa84a00b631ac4bfaa8b64bc23cda patch-6.6.58.xz
"