]>
Commit | Line | Data |
---|---|---|
df5e82b3 | 1 | ############################################################################### |
df5e82b3 | 2 | # # |
70df8302 | 3 | # IPFire.org - A linux based firewall # |
0e18e19a | 4 | # Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # |
70df8302 MT |
5 | # # |
6 | # This program is free software: you can redistribute it and/or modify # | |
df5e82b3 | 7 | # it under the terms of the GNU General Public License as published by # |
70df8302 | 8 | # the Free Software Foundation, either version 3 of the License, or # |
df5e82b3 MT |
9 | # (at your option) any later version. # |
10 | # # | |
70df8302 | 11 | # This program is distributed in the hope that it will be useful, # |
df5e82b3 MT |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
70df8302 | 17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # |
df5e82b3 | 18 | # # |
df5e82b3 MT |
19 | ############################################################################### |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
25 | include Config | |
26 | ||
14bd3222 | 27 | VER = 6.1.52 |
2b1a701e | 28 | ARM_PATCHES = 6.1.y-ipfire2 |
df5e82b3 MT |
29 | |
30 | THISAPP = linux-$(VER) | |
79f94395 | 31 | DL_FILE = linux-$(VER).tar.xz |
a2cb3a33 | 32 | DL_FROM = $(URL_IPFIRE) |
df5e82b3 MT |
33 | DIR_APP = $(DIR_SRC)/$(THISAPP) |
34 | CFLAGS = | |
35 | CXXFLAGS = | |
36 | ||
347db51a | 37 | HEADERS_ARCH = $(BUILD_PLATFORM) |
7f841117 AF |
38 | KERNEL_ARCH = $(BUILD_ARCH) |
39 | KERNEL_TARGET = bzImage | |
347db51a | 40 | |
dc7d6b20 MT |
41 | ifeq "$(BUILD_ARCH)" "aarch64" |
42 | HEADERS_ARCH = arm64 | |
347db51a MT |
43 | KERNEL_ARCH = arm64 |
44 | KERNEL_TARGET = Image | |
45 | endif | |
46 | ||
5c1a1094 MT |
47 | ifeq "$(BUILD_ARCH)" "riscv64" |
48 | KERNEL_ARCH = riscv | |
49 | KERNEL_TARGET = Image.gz | |
50 | endif | |
51 | ||
fdf0c7c1 | 52 | VERSUFIX=ipfire$(KCFG) |
b0d0b681 | 53 | |
991d11d7 | 54 | ifeq "$(TOOLCHAIN)" "1" |
cc24c14b | 55 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools |
6c4cc7ea | 56 | HEADERS_PREFIX = $(TOOLS_DIR) |
3c7ae787 | 57 | EXTRAMAKE = CROSS_COMPILE=$(CROSSTARGET)- |
51f9e7ac MT |
58 | else |
59 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX) | |
cc24c14b | 60 | HEADERS_PREFIX = /usr |
51f9e7ac MT |
61 | endif |
62 | ||
bc8fe5ff AF |
63 | ifeq "$(KCFG)" "" |
64 | LASTKERNEL=1 | |
65 | endif | |
bc8fe5ff | 66 | |
df5e82b3 MT |
67 | ############################################################################### |
68 | # Top-level Rules | |
69 | ############################################################################### | |
39f94ee8 MT |
70 | |
71 | objects = \ | |
72 | $(DL_FILE) \ | |
b69338e0 | 73 | arm-multi-patches-$(ARM_PATCHES).patch.xz |
e69f1bf2 | 74 | |
932a34e5 | 75 | $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) |
a4a39bb9 | 76 | arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz |
e69f1bf2 | 77 | |
14bd3222 | 78 | $(DL_FILE)_BLAKE2 = 1846d76626ed122323f0ad54b71cd94165beba4f6122af681ca4c44a8a31bf3a4e8522bc5e2c410c33236477b9f610a577d991e01245628183142a5d8ec8770d |
2b1a701e | 79 | arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 7afc460562fb24bcd75784fc79de768f9b60780aedd88d1a847927169e31920bbb475b1ac1466c4a224a7876d16bd8d465b96202de12b74f6e2ccbfcec731ad3 |
bdf9df74 | 80 | |
df5e82b3 MT |
81 | install : $(TARGET) |
82 | ||
83 | check : $(patsubst %,$(DIR_CHK)/%,$(objects)) | |
84 | ||
85 | download :$(patsubst %,$(DIR_DL)/%,$(objects)) | |
86 | ||
9a7e4d85 | 87 | b2 : $(subst %,%_BLAKE2,$(objects)) |
df5e82b3 | 88 | |
f418a984 AF |
89 | dist: |
90 | @$(PAK) | |
9a7e4d85 | 91 | |
df5e82b3 | 92 | ############################################################################### |
9a7e4d85 | 93 | # Downloading, checking, b2sum |
df5e82b3 MT |
94 | ############################################################################### |
95 | ||
96 | $(patsubst %,$(DIR_CHK)/%,$(objects)) : | |
97 | @$(CHECK) | |
98 | ||
99 | $(patsubst %,$(DIR_DL)/%,$(objects)) : | |
100 | @$(LOAD) | |
101 | ||
9a7e4d85 PM |
102 | $(subst %,%_BLAKE2,$(objects)) : |
103 | @$(B2SUM) | |
df5e82b3 MT |
104 | |
105 | ############################################################################### | |
106 | # Installation Details | |
107 | ############################################################################### | |
108 | ||
109 | $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) | |
110 | @$(PREBUILD) | |
fdecb907 | 111 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) |
b0d0b681 | 112 | |
51f9e7ac | 113 | ln -svf linux-$(VER) $(DIR_SRC)/linux |
3a1019f6 | 114 | |
3a1019f6 | 115 | # Layer7-patch |
6a0c5ef6 | 116 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.1.27-layer7.patch |
bb5f0bf8 | 117 | |
e2b79cd1 | 118 | # DVB Patches |
e2b79cd1 AF |
119 | cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch |
120 | ||
d33aa452 | 121 | # Wlan Patches |
3005eb22 | 122 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch |
91648bd1 | 123 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch |
d33aa452 | 124 | |
fcffac13 | 125 | # Fix igb and e1000e crash |
2e1fe3c8 | 126 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch |
d52f1169 | 127 | |
1e67b3c3 | 128 | # cs5535audio spams syslog if no ac97 was present (geos router) |
91648bd1 | 129 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch |
1e67b3c3 | 130 | |
87837787 | 131 | # Fix uevent PHYSDEVDRIVER |
91648bd1 | 132 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch |
bd64e2a0 | 133 | |
c062c770 AF |
134 | # fix Boot with enabled usercopy hardening |
135 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch | |
b923dd3d | 136 | |
400c4e8e PM |
137 | # Patch performance monitoring restrictions to allow further hardening |
138 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch | |
f0a86e18 PM |
139 | |
140 | # https://bugzilla.ipfire.org/show_bug.cgi?id=12760 | |
141 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch | |
0664b172 | 142 | |
65352552 AF |
143 | # Fix external module compile |
144 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch | |
145 | ||
66a29eaa AF |
146 | ifeq "$(BUILD_ARCH)" "aarch64" |
147 | # Apply Arm-multiarch kernel patches. | |
5a27051f | 148 | cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1 |
fdecb907 | 149 | endif |
0b4976e2 AF |
150 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch |
151 | ||
cee50e12 | 152 | ifeq "$(KCFG)" "-headers" |
51f9e7ac | 153 | # Install the header files |
3c7ae787 | 154 | cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers |
51f9e7ac | 155 | -mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include |
c062c770 AF |
156 | cd $(DIR_APP) && find usr/include -name '.*' -delete |
157 | cd $(DIR_APP) && rm usr/include/Makefile | |
158 | cd $(DIR_APP) && cp -rv usr/include/* $(BUILDROOT)/$(HEADERS_PREFIX)/include | |
51f9e7ac MT |
159 | else |
160 | ||
aa2049e5 MT |
161 | # Install ipfire logo |
162 | cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \ | |
163 | drivers/video/logo/logo_linux_clut224.ppm | |
164 | ||
df5e82b3 | 165 | # Cleanup kernel source |
dc7d6b20 | 166 | cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config |
6f67c28d MT |
167 | cd $(DIR_APP) && make oldconfig |
168 | cd $(DIR_APP) && make clean | |
fdecb907 | 169 | cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile |
3a1019f6 | 170 | |
831ff05d AF |
171 | # Copy Module signing key configuration |
172 | cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey | |
173 | ||
2e65d316 AF |
174 | # Remove modules folder if exists |
175 | rm -rf /lib/modules/$(VER)-$(VERSUFIX) | |
176 | ||
347db51a MT |
177 | # Build the kernel |
178 | cd $(DIR_APP) && make $(MAKETUNING) $(KERNEL_TARGET) modules | |
a158cbbb | 179 | |
347db51a MT |
180 | # Install the kernel |
181 | cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX) | |
2b2e03ed AF |
182 | cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX) |
183 | cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX) | |
6f67c28d | 184 | cd $(DIR_APP) && make $(MAKETUNING) modules_install |
376e42ce | 185 | |
dc7d6b20 | 186 | ifeq "$(BUILD_PLATFORM)" "arm" |
6f67c28d | 187 | cd $(DIR_APP) && make $(MAKETUNING) dtbs |
5b17da41 | 188 | mkdir -p /boot/dtb-$(VER)-$(VERSUFIX) |
574a7117 | 189 | cd $(DIR_APP)/arch/$(KERNEL_ARCH)/boot/dts && for f in $$(find -name "*.dtb"); do \ |
5b17da41 AF |
190 | cp -v --parents $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \ |
191 | chmod 644 /boot/dtb-$(VER)-$(VERSUFIX)/$$f ; \ | |
7284262a AF |
192 | done |
193 | endif | |
194 | ||
0ad5f6a1 MT |
195 | # Recreate source and build links |
196 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/{build,source} | |
197 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/build | |
198 | ln -sf build /lib/modules/$(VER)-$(VERSUFIX)/source | |
199 | ||
200 | # Create dirs for extra modules | |
201 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/extra | |
202 | ||
203 | cd $(DIR_APP) && cp --parents $$(find -type f -name "Makefile*" -o -name "Kconfig*") \ | |
204 | /lib/modules/$(VER)-$(VERSUFIX)/build | |
205 | cd $(DIR_APP) && cp Module.symvers System.map /lib/modules/$(VER)-$(VERSUFIX)/build | |
206 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/build/{Documentation,scripts,include} | |
207 | ||
208 | cd $(DIR_APP) && cp .config /lib/modules/$(VER)-$(VERSUFIX)/build | |
209 | cd $(DIR_APP) && cp -a scripts /lib/modules/$(VER)-$(VERSUFIX)/build | |
210 | find /lib/modules/$(VER)-$(VERSUFIX)/build/scripts -name "*.o" -exec rm -vf {} \; | |
211 | ||
212 | cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build | |
213 | cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include | |
214 | ||
831ff05d AF |
215 | # Copy module signing key for off tree modules |
216 | cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/build/certs/ | |
217 | ||
0ad5f6a1 | 218 | # Install objtool |
c1e8c954 MT |
219 | cd $(DIR_APP) && cp -a tools/objtool/objtool \ |
220 | /lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || : | |
0ad5f6a1 MT |
221 | cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \ |
222 | tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build | |
223 | ||
224 | # Make sure we can build external modules | |
225 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/Makefile \ | |
3f60a1e1 | 226 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/generated/uapi/linux/version.h |
0ad5f6a1 MT |
227 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ |
228 | /lib/modules/$(VER)-$(VERSUFIX)/build/autoconf.h | |
229 | cp /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ | |
230 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/config/auto.conf | |
231 | ||
232 | # Fix permissions | |
233 | find /lib/modules/$(VER)-$(VERSUFIX) -name "modules.order" \ | |
234 | -exec chmod 644 {} \; | |
235 | ||
236 | find /lib/modules/$(VER)-$(VERSUFIX) -name ".*.cmd" -exec rm -f {} \; | |
237 | ||
bc8fe5ff AF |
238 | ifeq "$(LASTKERNEL)" "1" |
239 | # Only do this once | |
81e974f3 | 240 | cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/ |
d644d86f | 241 | |
050479e9 AF |
242 | # disable drm by install drm to /bin/false because i915 ignore blacklisting |
243 | echo install drm /bin/false > /etc/modprobe.d/framebuffer.conf | |
244 | ||
aa1dd878 | 245 | # Blacklist old framebuffer modules |
4c76d08b | 246 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/video/fbdev/ -name *.ko.xz); do \ |
ba109afd | 247 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ |
030a57c5 | 248 | done |
aa1dd878 | 249 | # Blacklist new drm framebuffer modules |
4c76d08b | 250 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm -name *.ko.xz); do \ |
ba109afd | 251 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ |
66c36198 | 252 | done |
4c76d08b | 253 | sed -i -e "s|.ko.xz||g" /etc/modprobe.d/framebuffer.conf |
e2e106be | 254 | |
78a51aaf | 255 | # Disable ipv6 at runtime |
ba109afd | 256 | echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf |
26c1cc71 | 257 | endif |
51f9e7ac | 258 | endif |
8885467f | 259 | |
22820bf2 AF |
260 | #force new build of external modules and initrd if the kernel was rebuild |
261 | -rm -f /usr/src/log/*-kmod-$(VER)-$(VERSUFIX) | |
262 | -rm -f /usr/src/log/linux-initrd-$(VER)-$(VERSUFIX) | |
263 | ||
0ad5f6a1 | 264 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux |
df5e82b3 | 265 | @$(POSTBUILD) |