aports - APKBUILD

  1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
  2
  3_flavor=${FLAVOR:-lts}
  4pkgname=linux-$_flavor
  5pkgver=6.18.13
  6_kernver=${pkgver%.*}
  7pkgrel=2
  8pkgdesc="Linux lts kernel"
  9url="https://www.kernel.org"
 10depends="initramfs-generator"
 11_depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison zstd"
 12makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev>3 mawk
 13	diffutils elfutils findutils zstd pahole python3 gcc>=13.1.1_git20230624 bpftool"
 14options="!strip !check"
 15source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
 16	0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
 17	0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
 18	0003-kexec-add-kexec_load_disabled-boot-option.patch
 19	0004-objtool-respect-AWK-setting.patch
 20	0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
 21	0001-x86-CPU-AMD-avoid-printing-reset-reasons-on-Xen-domU.patch
 22	sophgo-fixes.patch
 23	xe_drm_non_4k_page.patch
 24
 25	lts.aarch64.config
 26	lts.armv7.config
 27	lts.loongarch64.config
 28	lts.ppc64le.config
 29	lts.riscv64.config
 30	lts.s390x.config
 31	lts.x86.config
 32	lts.x86_64.config
 33
 34	virt.aarch64.config
 35	virt.armv7.config
 36	virt.ppc64le.config
 37	virt.x86.config
 38	virt.x86_64.config
 39	"
 40
 41# Allow adding custom flavor config via FLAVOR var
 42# The config file should be named ${FLAVOR}.${CARCH}.config
 43if [ -n "$FLAVOR" ]; then
 44	source="$source
 45	${FLAVOR}.${CARCH}.config"
 46fi
 47
 48subpackages="$pkgname-dev:_dev:$CBUILD_ARCH $pkgname-doc"
 49for _i in $source; do
 50	case $_i in
 51	*.$CARCH.config)
 52		_f=${_i%."$CARCH".config}
 53		if [ -n "$FLAVOR" ] && [ "$_f" != "$FLAVOR" ]; then
 54			# skip flavors that don't match
 55			continue
 56		fi
 57		_flavors="$_flavors $_f"
 58		if [ "linux-$_f" != "$pkgname" ]; then
 59			subpackages="$subpackages linux-$_f::$CBUILD_ARCH linux-$_f-dev:_dev:$CBUILD_ARCH"
 60		fi
 61		;;
 62	esac
 63done
 64builddir="$srcdir"/linux-$_kernver
 65
 66if [ "${pkgver%.0}" = "$pkgver" ]; then
 67	# Prepend to apply first
 68	source="patch-$pkgver.patch.xz::https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/patch-$pkgver.xz $source"
 69fi
 70arch="loongarch64"
 71license="GPL-2.0-only"
 72
 73# secfixes:
 74#   5.10.4-r0:
 75#     - CVE-2020-29568
 76#     - CVE-2020-29569
 77#   5.15.74-r0:
 78#     - CVE-2022-41674
 79#     - CVE-2022-42719
 80#     - CVE-2022-42720
 81#     - CVE-2022-42721
 82#     - CVE-2022-42722
 83#   6.1.27-r3:
 84#     - CVE-2023-32233
 85#   6.6.13-r1:
 86#     - CVE-46838
 87
 88prepare() {
 89	default_prepare
 90
 91	# remove localversion from patch if any
 92	rm -f localversion*
 93}
 94
 95_kernelarch() {
 96	local arch="$1"
 97	case "$arch" in
 98		aarch64*) arch="arm64" ;;
 99		arm*) arch="arm" ;;
100		ppc*) arch="powerpc" ;;
101		s390*) arch="s390" ;;
102		riscv*) arch="riscv" ;;
103		loongarch64) arch="loongarch" ;;
104	esac
105	echo "$arch"
106}
107
108_prepareconfig() {
109	local _flavor="$1"
110	local _arch="$2"
111	local _config=$_flavor.$_arch.config
112	local _builddir="$srcdir"/build-$_flavor.$_arch
113	mkdir -p "$_builddir"
114	echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
115
116	cp "$srcdir"/$_config "$_builddir"/.config
117	msg "Configuring $_flavor kernel ($_arch)"
118	make -C "$builddir" \
119		O="$_builddir" \
120		ARCH="$(_kernelarch $_arch)" \
121		olddefconfig
122
123	if grep "CONFIG_MODULE_SIG=y" "$_builddir"/.config >/dev/null; then
124		if [ -f "$KERNEL_SIGNING_KEY" ]; then
125			sed -i -e "s:^CONFIG_MODULE_SIG_KEY=.*:CONFIG_MODULE_SIG_KEY=\"$KERNEL_SIGNING_KEY\":" \
126				"$_builddir"/.config
127			msg "Using $KERNEL_SIGNING_KEY to sign $_flavor kernel ($_arch) modules"
128		else
129			warning "KERNEL_SIGNING_KEY was not set. A signing key will be generated, but 3rd"
130			warning "party modules can not be signed"
131		fi
132	fi
133}
134
135listconfigs() {
136	for i in $source; do
137		case "$i" in
138			*.config) echo $i;;
139		esac
140	done
141}
142
143prepareconfigs() {
144	for _config in $(listconfigs); do
145		local _flavor=${_config%%.*}
146		local _arch=${_config%.config}
147		_arch=${_arch#*.}
148		local _builddir="$srcdir"/build-$_flavor.$_arch
149		_prepareconfig "$_flavor" "$_arch"
150	done
151}
152
153# this is supposed to be run before version is bumped so we can compare
154# what new kernel config knobs are introduced
155prepareupdate() {
156	clean && fetch && unpack && prepare && deps
157	prepareconfigs
158	rm -r "$builddir"
159}
160
161updateconfigs() {
162	if ! [ -d "$builddir" ]; then
163		deps && fetch && unpack && prepare
164	fi
165	for _config in ${CONFIGS:-$(listconfigs)}; do
166		msg "updating $_config"
167		local _flavor=${_config%%.*}
168		local _arch=${_config%.config}
169		_arch=${_arch#*.}
170		local _builddir="$srcdir"/build-$_flavor.$_arch
171		mkdir -p "$_builddir"
172		echo "-$pkgrel-$_flavor" > "$_builddir"/localversion-alpine
173		local actions="listnewconfig oldconfig"
174		if ! [ -f "$_builddir"/.config ]; then
175			cp "$srcdir"/$_config "$_builddir"/.config
176			actions="olddefconfig"
177		fi
178		env | grep ^CONFIG_ >> "$_builddir"/.config || true
179		make -j1 -C "$builddir" \
180			O="$_builddir" \
181			ARCH="$(_kernelarch $_arch)" \
182			$actions savedefconfig
183
184		cp "$_builddir"/defconfig "$startdir"/$_config
185	done
186}
187
188set_kbuild_timestamp() {
189	# KBUILD_BUILD_TIMESTAMP needs to be parsable by busybox date
190	export KBUILD_BUILD_TIMESTAMP="$(date '+%Y-%m-%d %H:%M:%S' -u${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
191}
192
193build() {
194	unset LDFLAGS
195	# for some reason these sometimes leak into the kernel build,
196	# -Werror=format-security breaks some stuff
197	unset CFLAGS CPPFLAGS CXXFLAGS
198	set_kbuild_timestamp
199	for i in $_flavors; do
200		_prepareconfig "$i" "$CARCH"
201	done
202	for i in $_flavors; do
203		msg "Building $i kernel"
204		cd "$srcdir"/build-$i.$CARCH
205
206		# set org in cert for modules signing
207		# https://www.kernel.org/doc/html/v6.1/admin-guide/module-signing.html#generating-signing-keys
208		mkdir -p certs
209		sed -e 's/#O = Unspecified company/O = alpinelinux.org/' \
210			"$builddir"/certs/default_x509.genkey \
211			> certs/x509.genkey
212
213		make ARCH="$(_kernelarch $CARCH)" \
214			CC="${CC:-gcc}" \
215			AWK="${AWK:-mawk}" \
216			KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-Alpine"
217
218		if grep -q '^CONFIG_DEBUG_INFO_BTF=y' .config; then
219			# Generate vmlinux.h
220			bpftool btf dump file vmlinux format c > vmlinux.h
221
222			if [ "$CARCH" = "ppc64le" ]; then
223				# ppc64le installs the uncompressed vmlinux, which is extremely
224				# large with BTF debuginfo unless stripped
225				eu-strip --remove-comment vmlinux
226			fi
227		fi
228	done
229}
230
231_package() {
232	local _buildflavor="$1" _outdir="$2"
233	set_kbuild_timestamp
234
235	cd "$srcdir"/build-$_buildflavor.$CARCH
236	local _abi_release="$(make -s kernelrelease)"
237	# modules_install seems to regenerate a defect Modules.symvers on s390x. Work
238	# around it by backing it up and restore it after modules_install
239	cp Module.symvers Module.symvers.backup
240
241	mkdir -p "$_outdir"/boot "$_outdir"/lib/modules
242
243	local _install
244	case "$CARCH" in
245		arm*|aarch64|riscv*) _install="zinstall dtbs_install";;
246		*) _install=install;;
247	esac
248
249	make modules_install $_install \
250		ARCH="$(_kernelarch $CARCH)" \
251		INSTALL_MOD_PATH="$_outdir" \
252		INSTALL_MOD_STRIP=1 \
253		INSTALL_PATH="$_outdir"/boot \
254		INSTALL_DTBS_PATH="$_outdir/boot/dtbs-$_buildflavor"
255
256	cp Module.symvers.backup Module.symvers
257
258	rm -f "$_outdir"/lib/modules/"$_abi_release"/build \
259		"$_outdir"/lib/modules/"$_abi_release"/source
260	rm -rf "$_outdir"/lib/firmware
261
262	install -D -m644 include/config/kernel.release \
263		"$_outdir"/usr/share/kernel/$_buildflavor/kernel.release
264}
265
266# main flavor installs in $pkgdir
267package() {
268	depends="$depends linux-firmware-any"
269
270	_package "$_flavor" "$pkgdir"
271
272	# copy files for linux-lts-doc sub package
273	mkdir -p "$pkgdir"/usr/share/doc
274	cp -r "$builddir"/Documentation \
275		"$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/
276	# remove files that aren't part of the documentation itself
277	for nondoc in \
278		.gitignore conf.py docutils.conf \
279		Kconfig Makefile
280	do
281		rm "$pkgdir"/usr/share/doc/linux-doc-"$pkgver"/"$nondoc"
282	done
283	# create /usr/share/doc/linux-doc symlink
284	cd "$pkgdir"/usr/share/doc; ln -s linux-doc-"$pkgver" linux-doc
285}
286
287# subflavors install in $subpkgdir
288virt() {
289	_package virt "$subpkgdir"
290}
291
292_dev() {
293	local _flavor=$(echo $subpkgname | sed -E 's/(^linux-|-dev$)//g')
294	local _builddir="$srcdir"/build-$_flavor.$CARCH
295	local _abi_release="$(make -C "$_builddir" -s kernelrelease)"
296	local _karch="$(_kernelarch $CARCH | sed 's/x86_64/x86/')"
297	# copy the only the parts that we really need for build 3rd party
298	# kernel modules and install those as /usr/src/linux-headers,
299	# simlar to what ubuntu does
300	#
301	# this way you dont need to install the 300-400 kernel sources to
302	# build a tiny kernel module
303	#
304	pkgdesc="Headers and script for third party modules for $_flavor kernel"
305	depends="$_depends_dev"
306	local dir="$subpkgdir"/usr/src/linux-headers-"$_abi_release"
307	set_kbuild_timestamp
308
309	# first we import config, run prepare to set up for building
310	# external modules, and create the scripts
311	mkdir -p "$dir"
312	cp -a "$_builddir"/.config "$_builddir"/localversion-alpine \
313		"$dir"/
314
315	install -D -t "$dir"/certs "$_builddir"/certs/signing_key.x509 || :
316
317	# Install vmlinux.h
318	if grep -q '^CONFIG_DEBUG_INFO_BTF=y' "$_builddir"/.config; then
319		install -Dm644 "$_builddir"/vmlinux.h -t "$dir/"
320	fi
321
322	make -C "$builddir" \
323		O="$dir" \
324		ARCH="$(_kernelarch $CARCH)" \
325		AWK="${AWK:-mawk}" \
326		prepare modules_prepare scripts
327
328	# remove the stuff that points to real sources. we want 3rd party
329	# modules to believe this is the sources
330	rm "$dir"/Makefile "$dir"/source
331
332	# copy the needed stuff from real sources
333	#
334	# this is taken from ubuntu kernel build script
335	# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
336	cd "$builddir"
337	find .  -path './include/*' -prune \
338		-o -path './scripts/*' -prune -o -type f \
339		\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
340		   -name '*.sh' -o -name '*.pl' -o -name '*.lds' -o -name 'Platform' \) \
341		-print | cpio -pdm "$dir"
342
343	cp -a scripts include "$dir"
344
345	find "arch/$_karch" "tools/include" "tools/arch/$_karch" -type f -path '*/include/*' \
346		-print | cpio -pdm "$dir"
347
348	install -Dm644 "$srcdir"/build-$_flavor.$CARCH/Module.symvers \
349		"$dir"/Module.symvers
350
351	# remove unneeded things
352	msg "Removing documentation..."
353	rm -r "$dir"/Documentation
354	sed -i -e '/Documentation/d' "$dir"/Kconfig
355	find "$dir" -type f \( -name '*.o' -o -name '*.cmd' \) -exec rm -v -- {} +
356
357	mkdir -p "$subpkgdir"/lib/modules/"$_abi_release"
358	ln -sf /usr/src/linux-headers-"$_abi_release" \
359		"$subpkgdir"/lib/modules/"$_abi_release"/build
360}
361
362sha512sums="
363cc33f4a83116c0ac91b2c3288eaa6224096f11860aca1ad7ac2ffa5f464bcc5d8dab0df0b3dc4e87c0d5adb905928fad3f96e42084b008836f1c3790d3fde639  patch-6.18.13.patch.xz
36488599ffdec96d150c1feb9b261ba93bb0301a9d0e1ad6bef7aeab1f5372cbfc57d8b43c7e902bd8f76921d1dbd8189663c142ea869e51d0e2b483b150ee00fe0  linux-6.18.tar.xz
365b296717ef0cd63978142b4d47b3bc49faa04daf77e115e702ba611cc254a6e782cdab7d5639e724cd5f029cfb6a3dc33c3036f346d681d1fdfe0df723c7e0321  0001-powerpc-boot-wrapper-Add-z-notext-flag-for-ppc64le.patch
366055e10e7b3e00bb3621389315d5206a8feb5022a1f0dc51c3aa107facfe83d191da05a502a0c62488be7299677a63c1da84f87c42cbf3125788c56db67e810ee  0002-x86-Compress-vmlinux-with-zstd-19-instead-of-22.patch
367e1d2d5358f5b8189236108973395f00eafce8db6d5baaf55025b1360f08ab7cffc930d3818719f220b98e7e8541cc8a7f056611b6e290f224a102c1addbe34ac  0003-kexec-add-kexec_load_disabled-boot-option.patch
36828c83be4c97152001381cd5e3a8acb8552a42d9dac9aaec8f096e3762b7944035aa5a4363fb4602f9bb427c4f72cfd2f996a0a725f7f9e07ab250317985aff9e  0004-objtool-respect-AWK-setting.patch
3695ce79416f8f111c36393718656e3eeb4cb0adccd117dcf661876d1564010e5c58b6351cc4116d187d0a9a838bcca0fecc236d81ac71afb940b89ccb14f21e179  0005-powerpc-config-defang-gcc-check-for-stack-protector-.patch
3704e72af8e77a555d2a850837b64a525a51d5d118048584dc3ea0d0e8620bb56bf56b69a94aa67dac879b841c9ba033e33d94610da0028fde7b6602ad2fe63f02f  0001-x86-CPU-AMD-avoid-printing-reset-reasons-on-Xen-domU.patch
371855522b816bbb2b0738251cf24714c2566c7aacad39aaf6adcebd0a256d11f64ff2762ecdace0ab1bac38db87fd579863f852f799356a368f057c166e4deb03c  sophgo-fixes.patch
372a95dbc0a321de716782035d72bb5fab639ab91b67e4a322f5e789bd1213fd9f119346b672fe7ca0d8ba6e01a5d3dde168569520d55f6fefeb8cbbb0f9fb8bed3  xe_drm_non_4k_page.patch
373e0495d44f0337e8b87dcaa425159f7c0d9f62a00d8fd360ed494ed0bf744b33b702bd5e69c93e669b2f26f114b52fe84b7b8d0bf37792ede49971d7c4a6c1db0  lts.aarch64.config
374b4980153573f79849b242dc18d04108f537b44054c5ffbc8a7e07c099f9c5151cbbd1fd605dd0a7f6efa48a67047355f9b5cc70a8972c1f1a02179fb2e8e12ca  lts.armv7.config
375beb236f1b175d2a1ce19cd21f8928146e4306e6a7a7cdb73b66c2e914889aa9f521e02ad15514f2c3bfb23180e09ee43c65c94e0bab920923ef520d0c78234ec  lts.loongarch64.config
376cc11c0463178ef12587703ca1132c72a1e59eaa716d3dda59fe47964556eb98a5a6df024f1cee807e2b82c009f99f78b9d2a51f7c2a1d8744bdef8e3b6ebd8ca  lts.ppc64le.config
37793854d4420a6a016dd1bd6b9009cf3081eeb0bd0e2b3e1710df1cf4aaaac35f278ca67a7478f9ebc96c517f528023ba4bd6abc3b41cc1e611564270d334864a4  lts.riscv64.config
378785e88e7c0fd7bafe9d56f0090e573689e1bab9d6e6a7f1fcad5e619c52d8b9b09f9a02e3cf0e2c6a160146f56d810d5afa2a5e970411bf46502cbb79b82d6e4  lts.s390x.config
379837ac36e3780342bdcef444951341667c8e4b287409ec0ac474716d44d2e5bbb462076d19777e07d45f0e9234f5e35795ed04017924896efc1f411b7197b3ef4  lts.x86.config
3807d805c39281bc5d760cfe6bcd721162d3337a6dc0b9ea89ff0098f0ebca41bb75af850589b5db10cdab69c6c5f599005f43f9ff5d74a6b005f989fede355c865  lts.x86_64.config
381000ac56fa4b4a972f1a0489ac1dfc8410f570e5f1d4067deba928c4c8e7c627de323cfa8f3a69442036e9e23c2049d8c397a430800c93a35b3f021f2e2e60c94  virt.aarch64.config
3828b32458a7bfad8241223fb7295dbbe3eaf039ebdfb23c8295723cd6e6f7aaf892b020782c523c312b2cd5c8d9ab7c3712c2ec419826e1433fea80d5c5574e690  virt.armv7.config
38392f24e1ebbcd662db3a05386e897ca2db767379338dc383b77a26138cd1f3352f6f1aa6184e80de25f85aaf06c74d247ec95b93ce2d03ae3351606be6c2b3494  virt.ppc64le.config
384f218044468547105aec8be38618e187731906434225b8a8b5b904d574bcb3156b838288eb0c4acb45b9cb100dc3bda5059ef69354013c89ae0698012963a64c0  virt.x86.config
38520a171a3906733a35530b8b092214cc1170e787307d8ac5dec8b131afcc9f1f2c64ba6f09f2c0591babdec3fa991ad8d62a20eec3a1c949c31ea9d6015685981  virt.x86_64.config
386"