]>
Commit | Line | Data |
---|---|---|
df5e82b3 | 1 | ############################################################################### |
df5e82b3 | 2 | # # |
70df8302 | 3 | # IPFire.org - A linux based firewall # |
0e18e19a | 4 | # Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # |
70df8302 MT |
5 | # # |
6 | # This program is free software: you can redistribute it and/or modify # | |
df5e82b3 | 7 | # it under the terms of the GNU General Public License as published by # |
70df8302 | 8 | # the Free Software Foundation, either version 3 of the License, or # |
df5e82b3 MT |
9 | # (at your option) any later version. # |
10 | # # | |
70df8302 | 11 | # This program is distributed in the hope that it will be useful, # |
df5e82b3 MT |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
70df8302 | 17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # |
df5e82b3 | 18 | # # |
df5e82b3 MT |
19 | ############################################################################### |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
25 | include Config | |
26 | ||
c35ec822 | 27 | VER = 6.1.5 |
65352552 | 28 | ARM_PATCHES = 6.1.y-ipfire0 |
df5e82b3 MT |
29 | |
30 | THISAPP = linux-$(VER) | |
79f94395 | 31 | DL_FILE = linux-$(VER).tar.xz |
a2cb3a33 | 32 | DL_FROM = $(URL_IPFIRE) |
df5e82b3 MT |
33 | DIR_APP = $(DIR_SRC)/$(THISAPP) |
34 | CFLAGS = | |
35 | CXXFLAGS = | |
36 | ||
347db51a | 37 | HEADERS_ARCH = $(BUILD_PLATFORM) |
7f841117 AF |
38 | KERNEL_ARCH = $(BUILD_ARCH) |
39 | KERNEL_TARGET = bzImage | |
347db51a | 40 | |
dc7d6b20 MT |
41 | ifeq "$(BUILD_ARCH)" "aarch64" |
42 | HEADERS_ARCH = arm64 | |
347db51a MT |
43 | KERNEL_ARCH = arm64 |
44 | KERNEL_TARGET = Image | |
45 | endif | |
46 | ||
aafdd71b | 47 | ifeq "$(BUILD_ARCH)" "armv6l" |
07664187 | 48 | KERNEL_ARCH = arm |
347db51a | 49 | KERNEL_TARGET = zImage |
ba583892 MT |
50 | endif |
51 | ||
5c1a1094 MT |
52 | ifeq "$(BUILD_ARCH)" "riscv64" |
53 | KERNEL_ARCH = riscv | |
54 | KERNEL_TARGET = Image.gz | |
55 | endif | |
56 | ||
fdf0c7c1 | 57 | VERSUFIX=ipfire$(KCFG) |
b0d0b681 | 58 | |
991d11d7 | 59 | ifeq "$(TOOLCHAIN)" "1" |
cc24c14b | 60 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools |
6c4cc7ea | 61 | HEADERS_PREFIX = $(TOOLS_DIR) |
3c7ae787 | 62 | EXTRAMAKE = CROSS_COMPILE=$(CROSSTARGET)- |
51f9e7ac MT |
63 | else |
64 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX) | |
cc24c14b | 65 | HEADERS_PREFIX = /usr |
51f9e7ac MT |
66 | endif |
67 | ||
bc8fe5ff AF |
68 | ifeq "$(KCFG)" "" |
69 | LASTKERNEL=1 | |
70 | endif | |
bc8fe5ff | 71 | |
df5e82b3 MT |
72 | ############################################################################### |
73 | # Top-level Rules | |
74 | ############################################################################### | |
75 | objects =$(DL_FILE) \ | |
b69338e0 | 76 | arm-multi-patches-$(ARM_PATCHES).patch.xz |
e69f1bf2 | 77 | |
932a34e5 | 78 | $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) |
b69338e0 | 79 | arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz |
e69f1bf2 | 80 | |
c35ec822 | 81 | $(DL_FILE)_BLAKE2 = b3e47f1184171febcd563285b82682e15fff8d932c8f897157e528e1195ca926153659be2defaf3fe294999625757f6efd02b0a786536b7e7c695721be7144aa |
65352552 | 82 | arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 3ef9a778c5c41ee8bf2942a48f63b21228a632a2910d2123f01155bbf571592898cffffa61c387a5a6c817b62e458947b4c406c6591b23b5401faa47b020337f |
bdf9df74 | 83 | |
df5e82b3 MT |
84 | install : $(TARGET) |
85 | ||
86 | check : $(patsubst %,$(DIR_CHK)/%,$(objects)) | |
87 | ||
88 | download :$(patsubst %,$(DIR_DL)/%,$(objects)) | |
89 | ||
9a7e4d85 | 90 | b2 : $(subst %,%_BLAKE2,$(objects)) |
df5e82b3 | 91 | |
f418a984 AF |
92 | dist: |
93 | @$(PAK) | |
9a7e4d85 | 94 | |
df5e82b3 | 95 | ############################################################################### |
9a7e4d85 | 96 | # Downloading, checking, b2sum |
df5e82b3 MT |
97 | ############################################################################### |
98 | ||
99 | $(patsubst %,$(DIR_CHK)/%,$(objects)) : | |
100 | @$(CHECK) | |
101 | ||
102 | $(patsubst %,$(DIR_DL)/%,$(objects)) : | |
103 | @$(LOAD) | |
104 | ||
9a7e4d85 PM |
105 | $(subst %,%_BLAKE2,$(objects)) : |
106 | @$(B2SUM) | |
df5e82b3 MT |
107 | |
108 | ############################################################################### | |
109 | # Installation Details | |
110 | ############################################################################### | |
111 | ||
112 | $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) | |
113 | @$(PREBUILD) | |
fdecb907 | 114 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) |
b0d0b681 | 115 | |
51f9e7ac | 116 | ln -svf linux-$(VER) $(DIR_SRC)/linux |
3a1019f6 | 117 | |
3a1019f6 | 118 | # Layer7-patch |
65352552 | 119 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.1-layer7.patch |
bb5f0bf8 | 120 | |
e2b79cd1 | 121 | # DVB Patches |
e2b79cd1 AF |
122 | cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch |
123 | ||
d33aa452 | 124 | # Wlan Patches |
3005eb22 | 125 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch |
91648bd1 | 126 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch |
d33aa452 | 127 | |
fcffac13 | 128 | # Fix igb and e1000e crash |
2e1fe3c8 | 129 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch |
d52f1169 | 130 | |
1e67b3c3 | 131 | # cs5535audio spams syslog if no ac97 was present (geos router) |
91648bd1 | 132 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch |
1e67b3c3 | 133 | |
87837787 | 134 | # Fix uevent PHYSDEVDRIVER |
91648bd1 | 135 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch |
bd64e2a0 | 136 | |
c062c770 AF |
137 | # fix Boot with enabled usercopy hardening |
138 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch | |
b923dd3d | 139 | |
400c4e8e PM |
140 | # Patch performance monitoring restrictions to allow further hardening |
141 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch | |
f0a86e18 PM |
142 | |
143 | # https://bugzilla.ipfire.org/show_bug.cgi?id=12760 | |
144 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch | |
0664b172 | 145 | |
65352552 AF |
146 | # Fix external module compile |
147 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch | |
148 | ||
149 | # Fix pmc compile dependency errors | |
150 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch | |
400c4e8e | 151 | |
aafdd71b | 152 | ifeq "$(BUILD_ARCH)" "armv6l" |
0a21d63f | 153 | # Apply Arm-multiarch kernel patches. |
5a27051f | 154 | cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1 |
c448474f | 155 | endif |
66a29eaa AF |
156 | ifeq "$(BUILD_ARCH)" "aarch64" |
157 | # Apply Arm-multiarch kernel patches. | |
5a27051f | 158 | cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1 |
fdecb907 | 159 | endif |
0b4976e2 AF |
160 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch |
161 | ||
cee50e12 | 162 | ifeq "$(KCFG)" "-headers" |
51f9e7ac | 163 | # Install the header files |
3c7ae787 | 164 | cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers |
51f9e7ac | 165 | -mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include |
c062c770 AF |
166 | cd $(DIR_APP) && find usr/include -name '.*' -delete |
167 | cd $(DIR_APP) && rm usr/include/Makefile | |
168 | cd $(DIR_APP) && cp -rv usr/include/* $(BUILDROOT)/$(HEADERS_PREFIX)/include | |
51f9e7ac MT |
169 | else |
170 | ||
aa2049e5 MT |
171 | # Install ipfire logo |
172 | cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \ | |
173 | drivers/video/logo/logo_linux_clut224.ppm | |
174 | ||
df5e82b3 | 175 | # Cleanup kernel source |
dc7d6b20 | 176 | cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config |
6f67c28d MT |
177 | cd $(DIR_APP) && make oldconfig |
178 | cd $(DIR_APP) && make clean | |
fdecb907 | 179 | cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile |
3a1019f6 | 180 | |
831ff05d AF |
181 | # Copy Module signing key configuration |
182 | cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey | |
183 | ||
2e65d316 AF |
184 | # Remove modules folder if exists |
185 | rm -rf /lib/modules/$(VER)-$(VERSUFIX) | |
186 | ||
347db51a MT |
187 | # Build the kernel |
188 | cd $(DIR_APP) && make $(MAKETUNING) $(KERNEL_TARGET) modules | |
a158cbbb | 189 | |
347db51a MT |
190 | # Install the kernel |
191 | cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX) | |
2b2e03ed AF |
192 | cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX) |
193 | cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX) | |
6f67c28d | 194 | cd $(DIR_APP) && make $(MAKETUNING) modules_install |
376e42ce | 195 | |
dc7d6b20 | 196 | ifeq "$(BUILD_PLATFORM)" "arm" |
6f67c28d | 197 | cd $(DIR_APP) && make $(MAKETUNING) dtbs |
5b17da41 | 198 | mkdir -p /boot/dtb-$(VER)-$(VERSUFIX) |
574a7117 | 199 | cd $(DIR_APP)/arch/$(KERNEL_ARCH)/boot/dts && for f in $$(find -name "*.dtb"); do \ |
5b17da41 AF |
200 | cp -v --parents $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \ |
201 | chmod 644 /boot/dtb-$(VER)-$(VERSUFIX)/$$f ; \ | |
7284262a AF |
202 | done |
203 | endif | |
204 | ||
0ad5f6a1 MT |
205 | # Recreate source and build links |
206 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/{build,source} | |
207 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/build | |
208 | ln -sf build /lib/modules/$(VER)-$(VERSUFIX)/source | |
209 | ||
210 | # Create dirs for extra modules | |
211 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/extra | |
212 | ||
213 | cd $(DIR_APP) && cp --parents $$(find -type f -name "Makefile*" -o -name "Kconfig*") \ | |
214 | /lib/modules/$(VER)-$(VERSUFIX)/build | |
215 | cd $(DIR_APP) && cp Module.symvers System.map /lib/modules/$(VER)-$(VERSUFIX)/build | |
216 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/build/{Documentation,scripts,include} | |
217 | ||
218 | cd $(DIR_APP) && cp .config /lib/modules/$(VER)-$(VERSUFIX)/build | |
219 | cd $(DIR_APP) && cp -a scripts /lib/modules/$(VER)-$(VERSUFIX)/build | |
220 | find /lib/modules/$(VER)-$(VERSUFIX)/build/scripts -name "*.o" -exec rm -vf {} \; | |
221 | ||
222 | cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build | |
223 | cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include | |
224 | ||
831ff05d AF |
225 | # Copy module signing key for off tree modules |
226 | cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/build/certs/ | |
227 | ||
0ad5f6a1 | 228 | # Install objtool |
c1e8c954 MT |
229 | cd $(DIR_APP) && cp -a tools/objtool/objtool \ |
230 | /lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || : | |
0ad5f6a1 MT |
231 | cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \ |
232 | tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build | |
233 | ||
234 | # Make sure we can build external modules | |
235 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/Makefile \ | |
3f60a1e1 | 236 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/generated/uapi/linux/version.h |
0ad5f6a1 MT |
237 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ |
238 | /lib/modules/$(VER)-$(VERSUFIX)/build/autoconf.h | |
239 | cp /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ | |
240 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/config/auto.conf | |
241 | ||
242 | # Fix permissions | |
243 | find /lib/modules/$(VER)-$(VERSUFIX) -name "modules.order" \ | |
244 | -exec chmod 644 {} \; | |
245 | ||
246 | find /lib/modules/$(VER)-$(VERSUFIX) -name ".*.cmd" -exec rm -f {} \; | |
247 | ||
bc8fe5ff AF |
248 | ifeq "$(LASTKERNEL)" "1" |
249 | # Only do this once | |
81e974f3 | 250 | cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/ |
d644d86f | 251 | |
050479e9 AF |
252 | # disable drm by install drm to /bin/false because i915 ignore blacklisting |
253 | echo install drm /bin/false > /etc/modprobe.d/framebuffer.conf | |
254 | ||
aa1dd878 | 255 | # Blacklist old framebuffer modules |
4c76d08b | 256 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/video/fbdev/ -name *.ko.xz); do \ |
ba109afd | 257 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ |
030a57c5 | 258 | done |
aa1dd878 | 259 | # Blacklist new drm framebuffer modules |
4c76d08b | 260 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm -name *.ko.xz); do \ |
ba109afd | 261 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ |
66c36198 | 262 | done |
4c76d08b | 263 | sed -i -e "s|.ko.xz||g" /etc/modprobe.d/framebuffer.conf |
e2e106be | 264 | |
78a51aaf | 265 | # Disable ipv6 at runtime |
ba109afd | 266 | echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf |
26c1cc71 | 267 | endif |
51f9e7ac | 268 | endif |
8885467f | 269 | |
22820bf2 AF |
270 | #force new build of external modules and initrd if the kernel was rebuild |
271 | -rm -f /usr/src/log/*-kmod-$(VER)-$(VERSUFIX) | |
272 | -rm -f /usr/src/log/linux-initrd-$(VER)-$(VERSUFIX) | |
273 | ||
0ad5f6a1 | 274 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux |
df5e82b3 | 275 | @$(POSTBUILD) |