]>
Commit | Line | Data |
---|---|---|
1 | ############################################################################### | |
2 | # # | |
3 | # IPFire.org - A linux based firewall # | |
4 | # Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> # | |
5 | # # | |
6 | # This program is free software: you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation, either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # This program is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
18 | # # | |
19 | ############################################################################### | |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
25 | include Config | |
26 | ||
27 | VER = 6.6.15 | |
28 | ||
29 | THISAPP = linux-$(VER) | |
30 | DL_FILE = linux-$(VER).tar.xz | |
31 | DL_FROM = $(URL_IPFIRE) | |
32 | DIR_APP = $(DIR_SRC)/$(THISAPP) | |
33 | CFLAGS = | |
34 | CXXFLAGS = | |
35 | ||
36 | HEADERS_ARCH = $(BUILD_PLATFORM) | |
37 | KERNEL_ARCH = $(BUILD_ARCH) | |
38 | KERNEL_TARGET = bzImage | |
39 | ||
40 | ifeq "$(BUILD_ARCH)" "aarch64" | |
41 | HEADERS_ARCH = arm64 | |
42 | KERNEL_ARCH = arm64 | |
43 | KERNEL_TARGET = Image | |
44 | endif | |
45 | ||
46 | ifeq "$(BUILD_ARCH)" "riscv64" | |
47 | KERNEL_ARCH = riscv | |
48 | KERNEL_TARGET = Image.gz | |
49 | endif | |
50 | ||
51 | VERSUFIX=ipfire$(KCFG) | |
52 | ||
53 | ifeq "$(TOOLCHAIN)" "1" | |
54 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools | |
55 | HEADERS_PREFIX = $(TOOLS_DIR) | |
56 | EXTRAMAKE = CROSS_COMPILE=$(CROSSTARGET)- | |
57 | else | |
58 | TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX) | |
59 | HEADERS_PREFIX = /usr | |
60 | endif | |
61 | ||
62 | ifeq "$(KCFG)" "" | |
63 | LASTKERNEL=1 | |
64 | endif | |
65 | ||
66 | ############################################################################### | |
67 | # Top-level Rules | |
68 | ############################################################################### | |
69 | ||
70 | objects = \ | |
71 | $(DL_FILE) | |
72 | ||
73 | $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) | |
74 | ||
75 | $(DL_FILE)_BLAKE2 = a630bc7b2463bdc312f8936210a54e92bbe4136fc78995c18d0ccafbcdb27cce5b7b0d4a6ba10c378e14e86855ee7e76e355acc0580f7441e4df64e7dbd8a4b7 | |
76 | ||
77 | install : $(TARGET) | |
78 | ||
79 | check : $(patsubst %,$(DIR_CHK)/%,$(objects)) | |
80 | ||
81 | download :$(patsubst %,$(DIR_DL)/%,$(objects)) | |
82 | ||
83 | b2 : $(subst %,%_BLAKE2,$(objects)) | |
84 | ||
85 | dist: | |
86 | @$(PAK) | |
87 | ||
88 | ############################################################################### | |
89 | # Downloading, checking, b2sum | |
90 | ############################################################################### | |
91 | ||
92 | $(patsubst %,$(DIR_CHK)/%,$(objects)) : | |
93 | @$(CHECK) | |
94 | ||
95 | $(patsubst %,$(DIR_DL)/%,$(objects)) : | |
96 | @$(LOAD) | |
97 | ||
98 | $(subst %,%_BLAKE2,$(objects)) : | |
99 | @$(B2SUM) | |
100 | ||
101 | ############################################################################### | |
102 | # Installation Details | |
103 | ############################################################################### | |
104 | ||
105 | $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) | |
106 | @$(PREBUILD) | |
107 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) | |
108 | ||
109 | ln -svf linux-$(VER) $(DIR_SRC)/linux | |
110 | ||
111 | # Layer7-patch | |
112 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.6-layer7.patch | |
113 | ||
114 | # DVB Patches | |
115 | cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch | |
116 | ||
117 | # Wlan Patches | |
118 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch | |
119 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch | |
120 | ||
121 | # Fix igb and e1000e crash | |
122 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch | |
123 | ||
124 | # Fix uevent PHYSDEVDRIVER | |
125 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch | |
126 | ||
127 | # fix Boot with enabled usercopy hardening | |
128 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch | |
129 | ||
130 | # Patch performance monitoring restrictions to allow further hardening | |
131 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch | |
132 | ||
133 | # https://bugzilla.ipfire.org/show_bug.cgi?id=12760 | |
134 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch | |
135 | ||
136 | # Fix external module compile | |
137 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch | |
138 | ||
139 | ifeq "$(BUILD_ARCH)" "aarch64" | |
140 | # Apply Arm kernel patches. | |
141 | cd $(DIR_APP) && cat patch $(DIR_SRC)/src/patches/linux/aarch64/* | patch -Np1 | |
142 | endif | |
143 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch | |
144 | ||
145 | ifeq "$(KCFG)" "-headers" | |
146 | # Install the header files | |
147 | cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers | |
148 | -mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include | |
149 | cd $(DIR_APP) && find usr/include -name '.*' -delete | |
150 | cd $(DIR_APP) && rm usr/include/Makefile | |
151 | cd $(DIR_APP) && cp -rv usr/include/* $(BUILDROOT)/$(HEADERS_PREFIX)/include | |
152 | else | |
153 | ||
154 | # Install ipfire logo | |
155 | cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \ | |
156 | drivers/video/logo/logo_linux_clut224.ppm | |
157 | ||
158 | # Cleanup kernel source | |
159 | cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config | |
160 | cd $(DIR_APP) && make oldconfig | |
161 | cd $(DIR_APP) && make clean | |
162 | cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile | |
163 | ||
164 | # Copy Module signing key configuration | |
165 | cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey | |
166 | ||
167 | # Remove modules folder if exists | |
168 | rm -rf /lib/modules/$(VER)-$(VERSUFIX) | |
169 | ||
170 | # Build the kernel | |
171 | cd $(DIR_APP) && make $(MAKETUNING) $(KERNEL_TARGET) modules | |
172 | ||
173 | # Install the kernel | |
174 | cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX) | |
175 | cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX) | |
176 | cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX) | |
177 | cd $(DIR_APP) && make $(MAKETUNING) modules_install | |
178 | ||
179 | ifneq "$(BUILD_PLATFORM)" "x86" | |
180 | cd $(DIR_APP) && make $(MAKETUNING) dtbs | |
181 | mkdir -p /boot/dtb-$(VER)-$(VERSUFIX) | |
182 | cd $(DIR_APP)/arch/$(KERNEL_ARCH)/boot/dts && for f in $$(find -name "*.dtb"); do \ | |
183 | cp -v --parents $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \ | |
184 | chmod 644 /boot/dtb-$(VER)-$(VERSUFIX)/$$f ; \ | |
185 | done | |
186 | endif | |
187 | ||
188 | # Recreate source and build links | |
189 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/{build,source} | |
190 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/build | |
191 | ln -sf build /lib/modules/$(VER)-$(VERSUFIX)/source | |
192 | ||
193 | # Create dirs for extra modules | |
194 | mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/extra | |
195 | ||
196 | cd $(DIR_APP) && cp --parents $$(find -type f -name "Makefile*" -o -name "Kconfig*") \ | |
197 | /lib/modules/$(VER)-$(VERSUFIX)/build | |
198 | cd $(DIR_APP) && cp Module.symvers System.map /lib/modules/$(VER)-$(VERSUFIX)/build | |
199 | rm -rf /lib/modules/$(VER)-$(VERSUFIX)/build/{Documentation,scripts,include} | |
200 | ||
201 | cd $(DIR_APP) && cp .config /lib/modules/$(VER)-$(VERSUFIX)/build | |
202 | cd $(DIR_APP) && cp -a scripts /lib/modules/$(VER)-$(VERSUFIX)/build | |
203 | find /lib/modules/$(VER)-$(VERSUFIX)/build/scripts -name "*.o" -exec rm -vf {} \; | |
204 | ||
205 | cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build | |
206 | cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include | |
207 | ||
208 | # Copy module signing key for off tree modules | |
209 | cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/build/certs/ | |
210 | ||
211 | # Install objtool | |
212 | cd $(DIR_APP) && cp -a tools/objtool/objtool \ | |
213 | /lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || : | |
214 | cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \ | |
215 | tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build | |
216 | ||
217 | # Make sure we can build external modules | |
218 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/Makefile \ | |
219 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/generated/uapi/linux/version.h | |
220 | touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ | |
221 | /lib/modules/$(VER)-$(VERSUFIX)/build/autoconf.h | |
222 | cp /lib/modules/$(VER)-$(VERSUFIX)/build/.config \ | |
223 | /lib/modules/$(VER)-$(VERSUFIX)/build/include/config/auto.conf | |
224 | ||
225 | # Fix permissions | |
226 | find /lib/modules/$(VER)-$(VERSUFIX) -name "modules.order" \ | |
227 | -exec chmod 644 {} \; | |
228 | ||
229 | find /lib/modules/$(VER)-$(VERSUFIX) -name ".*.cmd" -exec rm -f {} \; | |
230 | ||
231 | ifeq "$(LASTKERNEL)" "1" | |
232 | # Only do this once | |
233 | cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/ | |
234 | ||
235 | # disable drm by install drm to /bin/false because i915 ignore blacklisting | |
236 | echo install drm /bin/false > /etc/modprobe.d/framebuffer.conf | |
237 | ||
238 | # Blacklist old framebuffer modules | |
239 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/video/fbdev/ -name *.ko.xz); do \ | |
240 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ | |
241 | done | |
242 | # Blacklist new drm framebuffer modules | |
243 | for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm -name *.ko.xz); do \ | |
244 | echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \ | |
245 | done | |
246 | sed -i -e "s|.ko.xz||g" /etc/modprobe.d/framebuffer.conf | |
247 | ||
248 | # Disable ipv6 at runtime | |
249 | echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf | |
250 | endif | |
251 | endif | |
252 | ||
253 | #force new build of external modules and initrd if the kernel was rebuild | |
254 | -rm -f /usr/src/log/*-kmod-$(VER)-$(VERSUFIX) | |
255 | -rm -f /usr/src/log/linux-initrd-$(VER)-$(VERSUFIX) | |
256 | ||
257 | @rm -rf $(DIR_APP) $(DIR_SRC)/linux | |
258 | @$(POSTBUILD) |