###############################################################################
-# This file is part of the IPCop Firewall. #
# #
-# IPCop is free software; you can redistribute it and/or modify #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation; either version 2 of the License, or #
+# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
-# IPCop is distributed in the hope that it will be useful, #
+# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
-# along with IPCop; if not, write to the Free Software #
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
-# #
-# Makefiles are based on LFSMake, which is #
-# Copyright (C) 2002 Rod Roard <rod@sunsetsystems.com> #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
include Config
-VER = 2.6.16
-PATCHLEVEL = 2.6.16.27
+PATCHLEVEL = .21
+VER = 2.6.20.21
THISAPP = linux-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
# Normal build or SMP build.
#
ifeq "$(SMP)" "1"
- TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
+ TARGET = $(DIR_INFO)/linux-$(VER)-smp
else
- TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
+ TARGET = $(DIR_INFO)/linux-$(VER)
endif
+
###############################################################################
# Top-level Rules
###############################################################################
objects =$(DL_FILE) \
- openswan-2.4.7.kernel-2.6-natt.patch.gz \
- openswan-2.4.7.kernel-2.6-klips.patch.gz \
- iptables-1.3.5.tar.bz2 \
+ mISDN-1_1_5.tar.gz \
+ squashfs3.3.tgz \
+ iptables-1.3.8.tar.bz2 \
patch-o-matic-ng-20061210.tar.bz2 \
- kbc_option_2420.patch \
- net4801.kernel.patch_2.4.31 \
- netfilter-layer7-v2.6.tar.gz \
- patch-$(PATCHLEVEL).gz
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-patch-$(PATCHLEVEL).gz = $(DL_FROM)/patch-$(PATCHLEVEL).gz
-openswan-2.4.7.kernel-2.6-natt.patch.gz = $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-natt.patch.gz
-openswan-2.4.7.kernel-2.6-klips.patch.gz = $(URL_IPFIRE)/openswan-2.4.7.kernel-2.6-klips.patch.gz
-patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
-iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
-kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch
-net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
-netfilter-layer7-v2.6.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.6.tar.gz
-
-$(DL_FILE)_MD5 = 50695965725367f39007023feac5e256
-patch-$(PATCHLEVEL).gz_MD5 = 4b09dd018286850c20c0f051ced7b583
-openswan-2.4.7.kernel-2.6-natt.patch.gz_MD5 = 980d8bbdb29a761b7f5aa852f373df62
-openswan-2.4.7.kernel-2.6-klips.patch.gz_MD5 = 5df0ffa2453488a407a23fc4ea4af879
-patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393
-iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
-kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60
-net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04
-netfilter-layer7-v2.6.tar.gz_MD5 = 58135cd1aafaf4ae2fa478159206f064
+ netfilter-layer7-v2.18.tar.gz \
+ patch-2.6.16-nath323-1.3.bz2
+
+$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
+patch-o-matic-ng-20061210.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
+iptables-1.3.8.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.8.tar.bz2
+netfilter-layer7-v2.18.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.18.tar.gz
+patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
+squashfs3.3.tgz = $(URL_IPFIRE)/squashfs3.3.tgz
+mISDN-1_1_5.tar.gz = $(URL_IPFIRE)/mISDN-1_1_5.tar.gz
+
+$(DL_FILE)_MD5 = fbedc192e654735936cc780da8deeba4
+patch-o-matic-ng-20061210.tar.bz2_MD5 = 76edac76301b45f89e467b41c8cf4393
+iptables-1.3.8.tar.bz2_MD5 = 0a9209f928002e5eee9cdff8fef4d4b3
+netfilter-layer7-v2.18.tar.gz_MD5 = 8d2e2c00f5c20e8c0852998035aeffd2
+patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138
+squashfs3.3.tgz_MD5 = 95c40fca0d886893631b5de14a0af25b
+mISDN-1_1_5.tar.gz_MD5 = 93b1cff7817b82638a0475c2b7b7f1b6
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) $(DIR_SRC)/linux $(DIR_SRC)/xen-* && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ln -s linux-$(VER) /usr/src/linux
- # Update kernel to latest patchlevel
- cd $(DIR_APP) && zcat $(DIR_DL)/patch-$(PATCHLEVEL).gz | patch -p1
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.16.27-utf8_input-1.patch
- # Remove patch level in EXTRAVERSION.
- # We want to avoid the need to supply a full kernel
- # (installed in a different place) if only one part could be updated
- cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
- cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile
- cd $(DIR_APP) && sed -i -e 's/gettext//' scripts/kconfig/lkc.h
-
- # Openswan 2
- cd $(DIR_SRC) && rm -rf openswan-*
- cd $(DIR_SRC) && tar xfz $(DIR_DL)/openswan-2.4.7.tar.gz
- cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-natt.patch.gz | patch -Np1
- cd $(DIR_APP) && gzip -dc $(DIR_DL)/openswan-2.4.7.kernel-2.6-klips.patch.gz | patch -Np1
- cd $(DIR_SRC)/openswan-* && sed -i -e 's/INC_USRLOCAL=\/usr\/local/INC_USRLOCAL=\/usr/' Makefile.inc
+ # Security fix for CIFS & Netfilter SNMP
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.20.21-additional_check_on_BER_decoding.patch
- # Patch-o-matic
- cd $(DIR_SRC) && rm -rf iptables-*
- cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2
- cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables
- cd $(DIR_SRC) && rm -rf patch-o-matic*
- cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
-
- cd $(DIR_SRC)/patch-o-matic-ng* && \
- ./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ --iptables-path=$(ROOT)/usr/src/iptables/ \
- TARPIT h323-conntrack-nat cuseeme-nat \
- sip-conntrack-nat
- # rtsp-conntrack-nat quake3-conntrack-nat mms-conntrack-nat
-
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pending
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ base
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ mms-conntrack-nat
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ pptp-conntrack-nat
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ rtsp-conntrack
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ quake3-conntrack-nat
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ip_queue_vwmark
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipp2p
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-01-output-hooks
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-02-input-hooks
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-03-policy-lookup
-# cd $(DIR_SRC)/patch-o-matic* && yes 'y' | ./runme --kernel-path=$(DIR_APP) --iptables-path=$(ROOT)/usr/src/iptables/ ipsec-04-policy-checks
+ # Temperatursensoren von Intel Core & Core 2 Prozessoren
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.20-hwmon-coretemp.patch
+
+ # Add USB ID of US-Robotics USR805423 to ZD1211 driver
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.20.21-zd1211-usrobotics-usbid.patch
+
+ # Openswan nat-t
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.12.kernel-2.6.20.21-natt.patch
+
+ # Reiser4
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/reiser4-for-2.6.20.patch
+
+ # SquashFS
+ cd $(DIR_SRC) && rm -rf squashfs*
+ cd $(DIR_SRC) && tar xfz $(DIR_DL)/squashfs3.3.tgz
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/squashfs3.3/kernel-patches/linux-2.6.20/squashfs3.3-patch
+
+ # ip_conntrack permissions from 440 to 444
+ cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch
+ # Some VIA patches
+ #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/padlock-prereq-2.6.16.diff
+ #cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/epia_dma.patch
+
+ # Patch-o-matic
+ cd $(DIR_SRC) && rm -rf iptables-* patch-o-matic*
+ cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.8.tar.bz2
+ cd $(DIR_SRC) && ln -sf iptables-1.3.8 iptables
+ #cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
+ #cd $(DIR_SRC)/patch-o-matic-ng* && \
+ # ./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ \
+ # --iptables-path=$(ROOT)/usr/src/iptables/ \
+ # sip-conntrack-nat rtsp-conntrack-nat \
+ # mms-conntrack-nat
+
# Layer7-patch
- cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/for_older_kernels/kernel-2.6.13-2.6.16-layer7-2.2.patch
+ cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.18
+ cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.18.tar.gz
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.20-2.6.21-layer7-2.16.1.patch
- # ip_conntrack permissions from 440 to 444
- # cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ip_conntrack_standalone-patch-for-ipfire.patch
+ # Linux Intermediate Queueing Device
+ifeq "$(XEN)" ""
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.20-imq.diff
+endif
+
+ # mISDN
+ cd $(DIR_SRC) && rm -rf mISDN-*
+ cd $(DIR_SRC) && tar xfz $(DIR_DL)/mISDN-1_1_5.tar.gz
+ cd $(DIR_SRC)/mISDN-1_1_5 && yes 'yes' | ./std2kern -k /usr/src/linux
+
+ cd $(DIR_APP)/drivers/isdn/hardware/mISDN && patch -Np0 < $(DIR_SRC)/src/patches/mISDN-avmfritz.patch
ifeq "$(SMP)" ""
# Only do this once on the non-SMP pass
- cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5
+ cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.8
endif
- # Bootsplash
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bootsplash-3.1.6-2.6.15.diff
-
# Cleanup kernel source
cd $(DIR_APP) && make mrproper
-ifeq "$(SMP)" ""
- cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE) $(DIR_APP)/.config
-endif
ifeq "$(SMP)" "1"
cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE).smp $(DIR_APP)/.config
+else
+ cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE) $(DIR_APP)/.config
endif
cd $(DIR_APP) && make CC="$(KGCC)" oldconfig
cd $(DIR_APP) && make CC="$(KGCC)" clean
- if [ "$(SMP)" = "" ]; then \
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
- cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER); \
- cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER); \
- cd $(DIR_APP) && cp -v .config /boot/config-$(VER); \
- ln -sf vmlinuz-$(VER) /boot/vmlinuz; \
- ln -sf System.map-$(VER) /boot/System.map; \
- cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \
- cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \
- cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \
- cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \
- elif [ "$(SMP)" = "1" ]; then \
- cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =/EXTRAVERSION\ =\ -smp/' Makefile; \
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage; \
- cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-smp; \
- cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-smp; \
- cd $(DIR_APP) && cp -v .config /boot/config-$(VER); \
- ln -sf vmlinuz-$(VER)-smp /boot/vmlinuz-smp; \
- cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules; \
- cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install; \
- cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) module; \
- cd $(DIR_SRC)/openswan-* && make KERNELSRC=/usr/src/$(THISAPP) CC=$(CC) minstall; \
- fi
-
- # remove symlinked pcmcia directory
-ifeq "$(SMP)" ""
- rm -rf /lib/modules/$(VER)/pcmcia
-endif
+
ifeq "$(SMP)" "1"
- rm -rf /lib/modules/$(VER)-smp/pcmcia
+ cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ $(PATCHLEVEL)-ipfire-smp/' Makefile
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage
+ cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-ipfire-smp
+ cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-ipfire-smp
+ ln -sf vmlinuz-$(VER)-ipfire-smp /boot/vmlinuz-ipfire-smp
+ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules
+ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install
+else
+ cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ $(PATCHLEVEL)-ipfire/' Makefile
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage
+ cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-ipfire
+ cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-ipfire
+ cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-ipfire
+ ln -sf vmlinuz-$(VER)-ipfire /boot/vmlinuz-ipfire
+ ln -sf System.map-$(VER)-ipfire /boot/System.map-ipfire
+ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules
+ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install
endif
- @rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables*
+
+ifeq "$(SMP)" ""
+ # Only do this once on the non-SMP pass
+ cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/
+endif
+
+ @rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* $(DIR_SRC)/squashfs* $(DIR_SRC)/mISDN-* $(DIR_SRC)/netfilter-layer7-*
@$(POSTBUILD)