]>
Commit | Line | Data |
---|---|---|
df5e82b3 | 1 | ############################################################################### |
df5e82b3 | 2 | # # |
70df8302 | 3 | # IPFire.org - A linux based firewall # |
3920ba12 | 4 | # Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> # |
70df8302 MT |
5 | # # |
6 | # This program is free software: you can redistribute it and/or modify # | |
df5e82b3 | 7 | # it under the terms of the GNU General Public License as published by # |
70df8302 | 8 | # the Free Software Foundation, either version 3 of the License, or # |
df5e82b3 MT |
9 | # (at your option) any later version. # |
10 | # # | |
70df8302 | 11 | # This program is distributed in the hope that it will be useful, # |
df5e82b3 MT |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
70df8302 | 17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # |
df5e82b3 | 18 | # # |
df5e82b3 MT |
19 | ############################################################################### |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
25 | include Config | |
26 | ||
3920ba12 | 27 | VER = 6.6.9 |
df5e82b3 MT |
28 | |
29 | THISAPP = linux-$(VER) | |
79f94395 | 30 | DL_FILE = linux-$(VER).tar.xz |
a2cb3a33 | 31 | DL_FROM = $(URL_IPFIRE) |
df5e82b3 MT |
32 | DIR_APP = $(DIR_SRC)/$(THISAPP) |
33 | CFLAGS = | |
34 | CXXFLAGS = | |
35 | ||
347db51a | 36 | HEADERS_ARCH = $(BUILD_PLATFORM) |
7f841117 AF |
37 | KERNEL_ARCH = $(BUILD_ARCH) |
38 | KERNEL_TARGET = bzImage | |
347db51a | 39 | |
dc7d6b20 MT |
40 | ifeq "$(BUILD_ARCH)" "aarch64" |
41 | HEADERS_ARCH = arm64 | |
347db51a MT |
42 | KERNEL_ARCH = arm64 |
43 | KERNEL_TARGET = Image | |
44 | endif | |
45 | ||
5c1a1094 MT |
46 | ifeq "$(BUILD_ARCH)" "riscv64" |
47 | KERNEL_ARCH = riscv | |
48 | KERNEL_TARGET = Image.gz | |
49 | endif | |
50 | ||
fdf0c7c1 | 51 | VERSUFIX=ipfire$(KCFG) |
b0d0b681 | 52 | |
991d11d7 | 53 | ifeq "$(TOOLCHAIN)" "1" |
cc24c14b | 54 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools |
6c4cc7ea | 55 | HEADERS_PREFIX = $(TOOLS_DIR) |
3c7ae787 | 56 | EXTRAMAKE = CROSS_COMPILE=$(CROSSTARGET)- |
51f9e7ac MT |
57 | else |
58 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX) | |
cc24c14b | 59 | HEADERS_PREFIX = /usr |
51f9e7ac MT |
60 | endif |
61 | ||
bc8fe5ff AF |
62 | ifeq "$(KCFG)" "" |
63 | LASTKERNEL=1 | |
64 | endif | |
bc8fe5ff | 65 | |
df5e82b3 MT |
66 | ############################################################################### |
67 | # Top-level Rules | |
68 | ############################################################################### | |
39f94ee8 MT |
69 | |
70 | objects = \ | |
95f9d935 | 71 | $(DL_FILE) |
e69f1bf2 | 72 | |
941190cb | 73 | $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) |
e69f1bf2 | 74 | |
3920ba12 | 75 | $(DL_FILE)_BLAKE2 = c7deb1221716144b636018ee2936abe6397e15204c9bdb4cb5806f6bd303cd5d3f953a7da5865c4f211b866e4dfec4cd347c0a1a0a675f18b1a4ad197b099cec |
bdf9df74 | 76 | |
df5e82b3 MT |
77 | install : $(TARGET) |
78 | ||
79 | check : $(patsubst %,$(DIR_CHK)/%,$(objects)) | |
80 | ||
81 | download :$(patsubst %,$(DIR_DL)/%,$(objects)) | |
82 | ||
9a7e4d85 | 83 | b2 : $(subst %,%_BLAKE2,$(objects)) |
df5e82b3 | 84 | |
f418a984 AF |
85 | dist: |
86 | @$(PAK) | |
9a7e4d85 | 87 | |
df5e82b3 | 88 | ############################################################################### |
9a7e4d85 | 89 | # Downloading, checking, b2sum |
df5e82b3 MT |
90 | ############################################################################### |
91 | ||
92 | $(patsubst %,$(DIR_CHK)/%,$(objects)) : | |
93 | @$(CHECK) | |
94 | ||
95 | $(patsubst %,$(DIR_DL)/%,$(objects)) : | |
96 | @$(LOAD) | |
97 | ||
9a7e4d85 PM |
98 | $(subst %,%_BLAKE2,$(objects)) : |
99 | @$(B2SUM) | |
df5e82b3 MT |
100 | |
101 | ############################################################################### | |
102 | # Installation Details | |
103 | ############################################################################### | |
104 | ||
105 | $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) | |
106 | @$(PREBUILD) | |
fdecb907 | 107 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) |
b0d0b681 | 108 | |
51f9e7ac | 109 | ln -svf linux-$(VER) $(DIR_SRC)/linux |
3a1019f6 | 110 | |
3a1019f6 | 111 | # Layer7-patch |
95f9d935 | 112 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.6-layer7.patch |
bb5f0bf8 | 113 | |
e2b79cd1 | 114 | # DVB Patches |
e2b79cd1 AF |
115 | cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch |
116 | ||
d33aa452 | 117 | # Wlan Patches |
3005eb22 | 118 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch |
91648bd1 | 119 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch |
d33aa452 | 120 | |
fcffac13 | 121 | # Fix igb and e1000e crash |
2e1fe3c8 | 122 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch |
d52f1169 | 123 | |
87837787 | 124 | # Fix uevent PHYSDEVDRIVER |
91648bd1 | 125 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch |
bd64e2a0 | 126 | |
c062c770 AF |
127 | # fix Boot with enabled usercopy hardening |
128 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch | |
b923dd3d | 129 | |
400c4e8e PM |
130 | # Patch performance monitoring restrictions to allow further hardening |
131 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch | |
f0a86e18 PM |
132 | |
133 | # https://bugzilla.ipfire.org/show_bug.cgi?id=12760 | |
134 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch | |
0664b172 | 135 | |
65352552 AF |
136 | # Fix external module compile |
137 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch | |
138 | ||
66a29eaa | 139 | ifeq "$(BUILD_ARCH)" "aarch64" |
95f9d935 AF |
140 | # Apply Arm kernel patches. |
141 | cd $(DIR_APP) && cat patch $(DIR_SRC)/src/patches/linux/aarch64/* | patch -Np1 | |
fdecb907 | 142 | endif |
0b4976e2 AF |
143 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch |
144 | ||
cee50e12 | 145 | ifeq "$(KCFG)" "-headers" |
51f9e7ac | 146 | # Install the header files |
3c7ae787 | 147 | cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers |
51f9e7ac | 148 | -mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include |
c062c770 AF |
149 | cd $(DIR_APP) && find usr/include -name '.*' -delete |
150 | cd $(DIR_APP) && rm usr/include/Makefile | |
151 | cd $(DIR_APP) && cp -rv usr/include/* $(BUILDROOT)/$(HEADERS_PREFIX)/include | |
51f9e7ac MT |
152 | else |
153 | ||
aa2049e5 MT |
154 | # Install ipfire logo |
155 | cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \ | |
156 | drivers/video/logo/logo_linux_clut224.ppm | |
157 | ||
df5e82b3 | 158 | # Cleanup kernel source |
dc7d6b20 | 159 | cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config |
6f67c28d MT |
160 | cd $(DIR_APP) && make oldconfig |
161 | cd $(DIR_APP) && make clean | |
fdecb907 | 162 | cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile |
3a1019f6 | 163 | |
831ff05d AF |
164 | # Copy Module signing key configuration |
165 | cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey | |
166 | ||
2e65d316 AF |
167 | # Remove modules folder if exists |
168 | rm -rf /lib/modules/$(VER)-$(VERSUFIX) | |
169 | ||
347db51a MT |
170 | # Build the kernel |
171 | cd $(DIR_APP) && make $(MAKETUNING) $(KERNEL_TARGET) modules | |
a158cbbb | 172 | |
347db51a MT |
173 | # Install the kernel |
174 | cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX) | |
2b2e03ed AF |
175 | cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX) |
176 | cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX) | |
6f67c28d | 177 | cd $(DIR_APP) && make $(MAKETUNING) modules_install |
376e42ce | 178 | |
e275a07b | 179 | ifneq "$(BUILD_PLATFORM)" "x86" |
6f67c28d | 180 | cd $(DIR_APP) && make $(MAKETUNING) dtbs |
5b17da41 | 181 | mkdir -p /boot/dtb-$(VER)-$(VERSUFIX) |
574a7117 | 182 | cd $(DIR_APP)/arch/$(KERNEL_ARCH)/boot/dts && for f in $$(find -name "*.dtb"); do \ |
5b17da41 AF |
183 | cp -v --parents $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \ |
184 | chmod 644 /boot/dtb-$(VER)-$(VERSUFIX)/$$f ; \ | |
7284262a AF |
185 | done |
186 | endif | |
187 | ||
0ad5f6a1 MT |
188 | # Recreate source and build links |
189 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/{build,source} | |
190 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/build | |
191 | ln -sf build /lib/modules/$(VER)-$(VERSUFIX)/source | |
192 | ||
193 | # Create dirs for extra modules | |
194 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/extra | |
195 | ||
196 | cd $(DIR_APP) && cp --parents $$(find -type f -name "Makefile*" -o -name "Kconfig*") \ | |
197 | /lib/modules/$(VER)-$(VERSUFIX)/build | |
198 | cd $(DIR_APP) && cp Module.symvers System.map /lib/modules/$(VER)-$(VERSUFIX)/build | |
199 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/build/{Documentation,scripts,include} | |
200 | ||
201 | cd $(DIR_APP) && cp .config /lib/modules/$(VER)-$(VERSUFIX)/build | |
202 | cd $(DIR_APP) && cp -a scripts /lib/modules/$(VER)-$(VERSUFIX)/build | |
203 | find /lib/modules/$(VER)-$(VERSUFIX)/build/scripts -name "*.o" -exec rm -vf {} \; | |
204 | ||
205 | cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build | |
206 | cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include | |
207 | ||
831ff05d AF |
208 | # Copy module signing key for off tree modules |
209 | cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/build/certs/ | |
210 | ||
0ad5f6a1 | 211 | # Install objtool |
c1e8c954 MT |
212 | cd $(DIR_APP) && cp -a tools/objtool/objtool \ |
213 | /lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || : | |
0ad5f6a1 MT |
214 | cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \ |
215 | tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build | |
216 | ||
217 | # Make sure we can build external modules | |
218 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/Makefile \ | |
3f60a1e1 | 219 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/generated/uapi/linux/version.h |
0ad5f6a1 MT |
220 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ |
221 | /lib/modules/$(VER)-$(VERSUFIX)/build/autoconf.h | |
222 | cp /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ | |
223 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/config/auto.conf | |
224 | ||
225 | # Fix permissions | |
226 | find /lib/modules/$(VER)-$(VERSUFIX) -name "modules.order" \ | |
227 | -exec chmod 644 {} \; | |
228 | ||
229 | find /lib/modules/$(VER)-$(VERSUFIX) -name ".*.cmd" -exec rm -f {} \; | |
230 | ||
bc8fe5ff AF |
231 | ifeq "$(LASTKERNEL)" "1" |
232 | # Only do this once | |
81e974f3 | 233 | cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/ |
d644d86f | 234 | |
050479e9 AF |
235 | # disable drm by install drm to /bin/false because i915 ignore blacklisting |
236 | echo install drm /bin/false > /etc/modprobe.d/framebuffer.conf | |
237 | ||
aa1dd878 | 238 | # Blacklist old framebuffer modules |
4c76d08b | 239 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/video/fbdev/ -name *.ko.xz); do \ |
ba109afd | 240 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ |
030a57c5 | 241 | done |
aa1dd878 | 242 | # Blacklist new drm framebuffer modules |
4c76d08b | 243 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm -name *.ko.xz); do \ |
ba109afd | 244 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ |
66c36198 | 245 | done |
4c76d08b | 246 | sed -i -e "s|.ko.xz||g" /etc/modprobe.d/framebuffer.conf |
e2e106be | 247 | |
78a51aaf | 248 | # Disable ipv6 at runtime |
ba109afd | 249 | echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf |
26c1cc71 | 250 | endif |
51f9e7ac | 251 | endif |
8885467f | 252 | |
22820bf2 AF |
253 | #force new build of external modules and initrd if the kernel was rebuild |
254 | -rm -f /usr/src/log/*-kmod-$(VER)-$(VERSUFIX) | |
255 | -rm -f /usr/src/log/linux-initrd-$(VER)-$(VERSUFIX) | |
256 | ||
0ad5f6a1 | 257 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux |
df5e82b3 | 258 | @$(POSTBUILD) |