160 lines
5.0 KiB
Bash
160 lines
5.0 KiB
Bash
# Copyright 2020-2024 Gentoo Authors
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
|
|
EAPI=8
|
|
|
|
KERNEL_IUSE_GENERIC_UKI=1
|
|
KERNEL_IUSE_MODULES_SIGN=1
|
|
|
|
inherit kernel-build toolchain-funcs
|
|
|
|
MY_P=linux-${PV%.*}
|
|
GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 3 ))
|
|
CONFIG_VER=6.10.1-gentoo
|
|
GENTOO_CONFIG_VER=g13
|
|
HARDENED_PATCH_VER="${PV}-hardened1"
|
|
CLEARLINUX_PATCH_VER=6.10.12-1467
|
|
GENPATCHES_EXCLUDE="1500_XATTR_USER_PREFIX.patch
|
|
1510_fs-enable-link-security-restrictions-by-default.patch
|
|
2900_dev-root-proc-mount-fix.patch
|
|
4200_fbcondecor.patch
|
|
4400_alpha-sysctl-uac.patch"
|
|
CLEARLINUXPATCHES_EXCLUDE="0109-initialize-ata-before-graphics.patch
|
|
0118-add-scheduler-turbo3-patch.patch
|
|
0132-prezero-20220308.patch
|
|
kdf-boottime.patch
|
|
0001-mm-memcontrol-add-some-branch-hints-based-on-gcov-an.patch
|
|
0117-xattr-allow-setting-user.-attributes-on-symlinks-by-.patch
|
|
0133-novector.patch"
|
|
|
|
DESCRIPTION="Linux kernel built with Gentoo patches"
|
|
HOMEPAGE="
|
|
https://wiki.gentoo.org/wiki/Project:Distribution_Kernel
|
|
https://www.kernel.org/
|
|
"
|
|
SRC_URI+="
|
|
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
|
|
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz
|
|
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz
|
|
experimental? (
|
|
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.experimental.tar.xz
|
|
)
|
|
https://github.com/anthraxx/linux-hardened/releases/download/v${HARDENED_PATCH_VER}/linux-hardened-v${HARDENED_PATCH_VER}.patch
|
|
https://github.com/clearlinux-pkgs/linux/archive/refs/tags/${CLEARLINUX_PATCH_VER}.tar.gz
|
|
https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
|
|
-> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
|
|
amd64? (
|
|
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config
|
|
-> kernel-x86_64-fedora.config.${CONFIG_VER}
|
|
)
|
|
arm64? (
|
|
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-aarch64-fedora.config
|
|
-> kernel-aarch64-fedora.config.${CONFIG_VER}
|
|
)
|
|
ppc64? (
|
|
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-ppc64le-fedora.config
|
|
-> kernel-ppc64le-fedora.config.${CONFIG_VER}
|
|
)
|
|
x86? (
|
|
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-i686-fedora.config
|
|
-> kernel-i686-fedora.config.${CONFIG_VER}
|
|
)
|
|
"
|
|
S=${WORKDIR}/${MY_P}
|
|
|
|
KEYWORDS="amd64 ~arm arm64 ~hppa ~loong ~ppc ppc64 ~riscv ~sparc x86"
|
|
IUSE="debug +experimental"
|
|
REQUIRED_USE="
|
|
arm? ( savedconfig )
|
|
hppa? ( savedconfig )
|
|
riscv? ( savedconfig )
|
|
sparc? ( savedconfig )
|
|
"
|
|
|
|
RDEPEND="
|
|
!sys-kernel/gentoo-kernel-bin:${SLOT}
|
|
"
|
|
BDEPEND="
|
|
debug? ( dev-util/pahole )
|
|
"
|
|
PDEPEND="
|
|
>=virtual/dist-kernel-${PV}
|
|
"
|
|
|
|
QA_FLAGS_IGNORED="
|
|
usr/src/linux-.*/scripts/gcc-plugins/.*.so
|
|
usr/src/linux-.*/vmlinux
|
|
usr/src/linux-.*/arch/powerpc/kernel/vdso.*/vdso.*.so.dbg
|
|
"
|
|
|
|
src_prepare() {
|
|
# remove some genpatches causes conflicts with linux-hardened patch
|
|
for patch in ${GENPATCHES_EXCLUDE}; do
|
|
rm -f ${WORKDIR}/${patch}
|
|
done
|
|
# Remove already exists changes in linux-hardened patch
|
|
sed -i '322,337d' "${WORKDIR}/4567_distro-Gentoo-Kconfig.patch"
|
|
# include linux-hardened patch with priority
|
|
cp ${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch ${WORKDIR}/1199_linux-hardened-${HARDENED_PATCH_VER}.patch
|
|
|
|
# remove some ClearLinux patches causes conflicts
|
|
for patch in ${CLEARLINUXPATCHES_EXCLUDE}; do
|
|
rm -f "${WORKDIR}/linux-${CLEARLINUX_PATCH_VER}/${patch}"
|
|
sed -i "/${patch}/Id" "${WORKDIR}"/linux-"${CLEARLINUX_PATCH_VER}"/linux.spec
|
|
done
|
|
|
|
local CLP=$(grep "^Patch" "${WORKDIR}"/linux-"${CLEARLINUX_PATCH_VER}"/linux.spec|cut -f2 -d ' '|sed "s@^@"${WORKDIR}"/linux-"${CLEARLINUX_PATCH_VER}"/@g")
|
|
|
|
local PATCHES=(
|
|
# meh, genpatches have no directory
|
|
"${WORKDIR}"/*.patch
|
|
)
|
|
# Add ClearLinux patches list
|
|
PATCHES+=(
|
|
${CLP}
|
|
)
|
|
default
|
|
|
|
sed -i "s@\-hardened1@@g" Makefile || die
|
|
|
|
local biendian=false
|
|
|
|
# prepare the default config
|
|
case ${ARCH} in
|
|
amd64)
|
|
cp "${FILESDIR}/${MY_P}.amd64.config" .config || die
|
|
;;
|
|
*)
|
|
die "Unsupported arch ${ARCH}"
|
|
;;
|
|
esac
|
|
|
|
local myversion="-hardened"
|
|
echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die
|
|
local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"
|
|
|
|
local merge_configs=(
|
|
"${T}"/version.config
|
|
)
|
|
use debug || merge_configs+=(
|
|
"${dist_conf_path}"/no-debug.config
|
|
)
|
|
|
|
merge_configs+=( "${dist_conf_path}"/hardened-base.config )
|
|
|
|
tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config )
|
|
|
|
if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then
|
|
merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" )
|
|
fi
|
|
|
|
# this covers ppc64 and aarch64_be only for now
|
|
if [[ ${biendian} == true && $(tc-endian) == big ]]; then
|
|
merge_configs+=( "${dist_conf_path}/big-endian.config" )
|
|
fi
|
|
|
|
use secureboot && merge_configs+=( "${dist_conf_path}/secureboot.config" )
|
|
|
|
kernel-build_merge_configs "${merge_configs[@]}"
|
|
}
|