forked from AUR/linux-vfio
278 lines
10 KiB
Bash
278 lines
10 KiB
Bash
# Maintainer: Dan Ziemba <zman0900@gmail.com>
|
|
# Maintainer: Mark Weiman <markzz@archlinux.net>
|
|
|
|
pkgbase=linux-vfio
|
|
_srcname=linux-4.14
|
|
pkgver=4.14.11
|
|
pkgrel=1
|
|
arch=('x86_64')
|
|
url="http://www.kernel.org/"
|
|
license=('GPL2')
|
|
makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc' 'libelf')
|
|
options=('!strip')
|
|
source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
|
|
"https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.sign"
|
|
"https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz"
|
|
"https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.sign"
|
|
# the main kernel config files
|
|
'config'
|
|
# pacman hook for depmod
|
|
'60-linux.hook'
|
|
# pacman hook for initramfs regeneration
|
|
'90-linux.hook'
|
|
# standard config files for mkinitcpio ramdisk
|
|
'linux.preset'
|
|
# patches for pci passthrough
|
|
'add-acs-overrides.patch'
|
|
'i915-vga-arbiter.patch'
|
|
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
|
|
0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
|
|
0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
|
0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
|
|
0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
|
|
0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
|
|
0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
|
|
)
|
|
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
|
|
'SKIP'
|
|
'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9'
|
|
'SKIP'
|
|
'24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4'
|
|
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
|
|
'8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5'
|
|
'99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9'
|
|
'c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d'
|
|
'eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c'
|
|
'06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2'
|
|
'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b'
|
|
'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25'
|
|
'705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb'
|
|
'0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f'
|
|
'8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711'
|
|
'914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31')
|
|
validpgpkeys=(
|
|
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
|
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
|
|
)
|
|
|
|
_kernelname=${pkgbase#linux}
|
|
|
|
prepare() {
|
|
cd ${_srcname}
|
|
|
|
# add upstream patch
|
|
patch -p1 -i ../patch-${pkgver}
|
|
chmod +x tools/objtool/sync-check.sh # GNU patch doesn't support git-style file mode
|
|
|
|
# security patches
|
|
|
|
# add latest fixes from stable queue, if needed
|
|
# http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
|
|
|
|
# disable USER_NS for non-root users by default
|
|
patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
|
|
|
|
# https://bugs.archlinux.org/task/56575
|
|
patch -Np1 -i ../0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
|
|
|
|
# https://nvd.nist.gov/vuln/detail/CVE-2017-8824
|
|
patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
|
|
|
# https://bugs.archlinux.org/task/56605
|
|
patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
|
|
patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
|
|
|
|
# https://bugs.archlinux.org/task/56846
|
|
patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
|
|
|
|
# For AMD processors, keep PTI off by default
|
|
patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
|
|
|
|
# patches for vga arbiter fix in intel systems
|
|
patch -p1 -i "${srcdir}/i915-vga-arbiter.patch"
|
|
|
|
# Overrides for missing acs capabilities
|
|
patch -p1 -i "${srcdir}/add-acs-overrides.patch"
|
|
|
|
cp -Tf ../config .config
|
|
|
|
if [ "${_kernelname}" != "" ]; then
|
|
sed -i "s|CONFIG_LOCALVERSION=.*|CONFIG_LOCALVERSION=\"${_kernelname}\"|g" ./.config
|
|
sed -i "s|CONFIG_LOCALVERSION_AUTO=.*|CONFIG_LOCALVERSION_AUTO=n|" ./.config
|
|
fi
|
|
|
|
# set extraversion to pkgrel
|
|
sed -ri "s|^(EXTRAVERSION =).*|\1 -${pkgrel}|" Makefile
|
|
|
|
# don't run depmod on 'make install'. We'll do this ourselves in packaging
|
|
sed -i '2iexit 0' scripts/depmod.sh
|
|
|
|
# get kernel version
|
|
make prepare
|
|
|
|
# load configuration
|
|
# Configure the kernel. Replace the line below with one of your choice.
|
|
#make menuconfig # CLI menu for configuration
|
|
#make nconfig # new CLI menu for configuration
|
|
#make xconfig # X-based configuration
|
|
#make oldconfig # using old config from previous kernel version
|
|
# ... or manually edit .config
|
|
|
|
# rewrite configuration
|
|
yes "" | make config >/dev/null
|
|
}
|
|
|
|
build() {
|
|
cd ${_srcname}
|
|
|
|
make ${MAKEFLAGS} LOCALVERSION= bzImage modules
|
|
}
|
|
|
|
_package() {
|
|
pkgdesc="The ${pkgbase/linux/Linux} kernel and modules"
|
|
[ "${pkgbase}" = "linux" ] && groups=('base')
|
|
depends=('coreutils' 'linux-firmware' 'kmod' 'mkinitcpio>=0.7')
|
|
optdepends=('crda: to set the correct wireless channels of your country')
|
|
backup=("etc/mkinitcpio.d/${pkgbase}.preset")
|
|
install=linux.install
|
|
|
|
cd ${_srcname}
|
|
|
|
# get kernel version
|
|
_kernver="$(make LOCALVERSION= kernelrelease)"
|
|
_basekernel=${_kernver%%-*}
|
|
_basekernel=${_basekernel%.*}
|
|
|
|
mkdir -p "${pkgdir}"/{boot,usr/lib/modules}
|
|
make LOCALVERSION= INSTALL_MOD_PATH="${pkgdir}/usr" modules_install
|
|
cp arch/x86/boot/bzImage "${pkgdir}/boot/vmlinuz-${pkgbase}"
|
|
|
|
# make room for external modules
|
|
local _extramodules="extramodules-${_basekernel}${_kernelname:--ARCH}"
|
|
ln -s "../${_extramodules}" "${pkgdir}/usr/lib/modules/${_kernver}/extramodules"
|
|
|
|
# add real version for building modules and running depmod from hook
|
|
echo "${_kernver}" |
|
|
install -Dm644 /dev/stdin "${pkgdir}/usr/lib/modules/${_extramodules}/version"
|
|
|
|
# remove build and source links
|
|
rm "${pkgdir}"/usr/lib/modules/${_kernver}/{source,build}
|
|
|
|
# now we call depmod...
|
|
depmod -b "${pkgdir}/usr" -F System.map "${_kernver}"
|
|
|
|
# add vmlinux
|
|
install -Dt "${pkgdir}/usr/lib/modules/${_kernver}/build" -m644 vmlinux
|
|
|
|
# sed expression for following substitutions
|
|
local _subst="
|
|
s|%PKGBASE%|${pkgbase}|g
|
|
s|%KERNVER%|${_kernver}|g
|
|
s|%EXTRAMODULES%|${_extramodules}|g
|
|
"
|
|
|
|
# hack to allow specifying an initially nonexisting install file
|
|
sed "${_subst}" "${startdir}/${install}" > "${startdir}/${install}.pkg"
|
|
true && install=${install}.pkg
|
|
|
|
# install mkinitcpio preset file
|
|
sed "${_subst}" ../linux.preset |
|
|
install -Dm644 /dev/stdin "${pkgdir}/etc/mkinitcpio.d/${pkgbase}.preset"
|
|
|
|
# install pacman hooks
|
|
sed "${_subst}" ../60-linux.hook |
|
|
install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/60-${pkgbase}.hook"
|
|
sed "${_subst}" ../90-linux.hook |
|
|
install -Dm644 /dev/stdin "${pkgdir}/usr/share/libalpm/hooks/90-${pkgbase}.hook"
|
|
}
|
|
|
|
_package-headers() {
|
|
pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel"
|
|
|
|
cd ${_srcname}
|
|
local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build"
|
|
|
|
install -Dt "${_builddir}" -m644 Makefile .config Module.symvers
|
|
install -Dt "${_builddir}/kernel" -m644 kernel/Makefile
|
|
|
|
mkdir "${_builddir}/.tmp_versions"
|
|
|
|
cp -t "${_builddir}" -a include scripts
|
|
|
|
install -Dt "${_builddir}/arch/x86" -m644 arch/x86/Makefile
|
|
install -Dt "${_builddir}/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
|
|
|
|
cp -t "${_builddir}/arch/x86" -a arch/x86/include
|
|
|
|
install -Dt "${_builddir}/drivers/md" -m644 drivers/md/*.h
|
|
install -Dt "${_builddir}/net/mac80211" -m644 net/mac80211/*.h
|
|
|
|
# http://bugs.archlinux.org/task/9912
|
|
install -Dt "${_builddir}/drivers/media/dvb-core" -m644 drivers/media/dvb-core/*.h
|
|
|
|
# http://bugs.archlinux.org/task/13146
|
|
install -Dt "${_builddir}/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
|
|
|
|
# http://bugs.archlinux.org/task/20402
|
|
install -Dt "${_builddir}/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
|
|
install -Dt "${_builddir}/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
|
|
install -Dt "${_builddir}/drivers/media/tuners" -m644 drivers/media/tuners/*.h
|
|
|
|
# add xfs and shmem for aufs building
|
|
mkdir -p "${_builddir}"/{fs/xfs,mm}
|
|
|
|
# copy in Kconfig files
|
|
find . -name Kconfig\* -exec install -Dm644 {} "${_builddir}/{}" \;
|
|
|
|
# add objtool for external module building and enabled VALIDATION_STACK option
|
|
install -Dt "${_builddir}/tools/objtool" tools/objtool/objtool
|
|
|
|
# remove unneeded architectures
|
|
local _arch
|
|
for _arch in "${_builddir}"/arch/*/; do
|
|
[[ ${_arch} == */x86/ ]] && continue
|
|
rm -r "${_arch}"
|
|
done
|
|
|
|
# remove files already in linux-docs package
|
|
rm -r "${_builddir}/Documentation"
|
|
|
|
# Fix permissions
|
|
chmod -R u=rwX,go=rX "${_builddir}"
|
|
|
|
# strip scripts directory
|
|
local _binary _strip
|
|
while read -rd '' _binary; do
|
|
case "$(file -bi "${_binary}")" in
|
|
*application/x-sharedlib*) _strip="${STRIP_SHARED}" ;; # Libraries (.so)
|
|
*application/x-archive*) _strip="${STRIP_STATIC}" ;; # Libraries (.a)
|
|
*application/x-executable*) _strip="${STRIP_BINARIES}" ;; # Binaries
|
|
*) continue ;;
|
|
esac
|
|
/usr/bin/strip ${_strip} "${_binary}"
|
|
done < <(find "${_builddir}/scripts" -type f -perm -u+w -print0 2>/dev/null)
|
|
}
|
|
|
|
_package-docs() {
|
|
pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel"
|
|
|
|
cd ${_srcname}
|
|
local _builddir="${pkgdir}/usr/lib/modules/${_kernver}/build"
|
|
|
|
mkdir -p "${_builddir}"
|
|
cp -t "${_builddir}" -a Documentation
|
|
|
|
# Fix permissions
|
|
chmod -R u=rwX,go=rX "${_builddir}"
|
|
}
|
|
|
|
pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-docs")
|
|
for _p in ${pkgname[@]}; do
|
|
eval "package_${_p}() {
|
|
$(declare -f "_package${_p#${pkgbase}}")
|
|
_package${_p#${pkgbase}}
|
|
}"
|
|
done
|
|
|
|
# vim:set ts=8 sts=2 sw=2 et:
|