###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.2.30
+VER = 3.10.14
-RPI_PATCHES = linux-3.2.27-091073b
+RPI_PATCHES = linux-3.10.10-c1af7c6
+GRS_PATCHES = grsecurity-2.9.1-3.10.14-ipfire1.patch.xz
THISAPP = linux-$(VER)
-DL_FILE = linux-$(VER).tar.bz2
+DL_FILE = linux-$(VER).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
-PAK_VER = 20
+PAK_VER = 31
DEPS = ""
VERSUFIX=ipfire$(KCFG)
-ifeq "$(HEADERS)" "1"
ifeq "$(TOOLS)" "1"
- TARGET = $(DIR_INFO)/linux-libc-headers-$(VER)-$(VERSUFIX)-tools
+ TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools
HEADERS_PREFIX = /tools
-else
- TARGET = $(DIR_INFO)/linux-libc-headers-$(VER)-$(VERSUFIX)
- HEADERS_PREFIX = /usr
-endif
else
TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)
+ HEADERS_PREFIX = /usr
endif
ifeq "$(MACHINE_TYPE)" "arm"
# Top-level Rules
###############################################################################
objects =$(DL_FILE) \
- rpi-patches-$(RPI_PATCHES).patch.xz
+ rpi-patches-$(RPI_PATCHES).patch.xz \
+ $(GRS_PATCHES)
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
+$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = d899e65520424a27661009ea43b28103
-rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 9daec752fba403a488818df6dd57a714
+$(DL_FILE)_MD5 = 3cd1e4b50fb9decd63754ae80f3b2414
+rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = ef9274b3ff5d05daaaa4bdbe86ad00fc
+$(GRS_PATCHES)_MD5 = 504b12ac9f2a3c12ccfeb1c3768f49e4
install : $(TARGET)
ln -svf linux-$(VER) $(DIR_SRC)/linux
# Linux Intermediate Queueing Device
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-imq.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/imq_kernel3.10.patch
# ipp2p 0.8.2-ipfire
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.0-ipp2p-0.8.2-ipfire.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch
# Layer7-patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/netfilter_layer7_2.22_kernel3.0.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/netfilter_layer7_2.22_kernel3.10-no_proc_interface.patch
+
+ # Grsecurity-patches
+ifneq "$(KCFG)" "-headers"
+ifneq "$(KCFG)" "-rpi"
+ cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1
+ cd $(DIR_APP) && rm localversion-grsec
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch
+endif
+endif
+
+ # Disable pcspeaker autoload
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.30-no-pcspkr-modalias.patch
+
+ # Remove ACPI Blacklist message
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6-silence-acpi-blacklist.patch
+
+ # DVB Patches
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.9-dvbsky-wot2.patch
+ cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch
+
+ # Wlan Patches
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch
+
+ # mISDN Patches
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mISDN_hfc-s_add_id.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mISDN-hfcusb-reportl1down.patch
+
+ # Add LED trigger
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.9-ledtrig-netdev-1.patch
# Fix uevent PHYSDEVDRIVER
-# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.27_ipg-fix-driver-name.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2.33_ipg-fix-driver-name.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.27_mcs7830-fix-driver-name.patch
+
ifeq "$(KCFG)" "-kirkwood"
# Add dreamplug,guruplug and icy 62x0 support on ARM-kirkwood
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2.25-arm_kirkwood_setups.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.10-arm_kirkwood_setups.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.10-mv_cesa_disable_failing_hmac_sha1.patch
endif
-ifeq "$(MACHINE_TYPE)" "arm"
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.45_align_ssb_modtable_32bit_boundary.patch
-
- # Reverse some asm optimizations that are incompatible with older gcc
- cd $(DIR_APP) && patch -p1 -R < $(DIR_SRC)/src/patches/linux-2.6-arm-asm-constraint.patch
-endif
-
-ifeq "$(KCFG)" "-omap"
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-0001-panda-wlan-fix.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-0002-panda-i2c.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-panda-reboot.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.x-smsc95xx-add_mac_addr_param.patch
+ifeq "$(KCFG)" "-multi"
+# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-0001-panda-wlan-fix.patch
+# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-0002-panda-i2c.patch
+# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-panda-reboot.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-smsc95xx-add_mac_addr_param.patch
endif
ifeq "$(KCFG)" "-rpi"
# Apply Raspberry Pi kernel patches.
cd $(DIR_APP) && xzcat $(DIR_DL)/rpi-patches-$(RPI_PATCHES).patch.xz | patch -Np1
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2.27-rpi_fix_dwc_common_build.patch
endif
-ifeq "$(HEADERS)" "1"
+ifeq "$(KCFG)" "-headers"
# Install the header files
cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) INSTALL_HDR_PATH=dest headers_install
-mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include
cd $(DIR_APP) && cp -v arch/arm/boot/uImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v arch/arm/boot/uImage /boot/uImage-$(VERSUFIX)
else
-ifeq "$(KCFG)" "-omap"
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" uImage
- cd $(DIR_APP) && cp -v arch/arm/boot/uImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
- cd $(DIR_APP) && cp -v arch/arm/boot/uImage /boot/uImage-$(VERSUFIX)
+ifeq "$(KCFG)" "-multi"
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" zImage
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/zImage-$(VERSUFIX)
else
ifeq "$(KCFG)" "-rpi"
cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" zImage
- cd /boot && cat first32k.bin $(DIR_APP)/arch/arm/boot/Image > kernel.img
- cd $(DIR_APP) && cp -v /boot/kernel.img /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/kernel.img
else
cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage
cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ ln -sf vmlinuz-$(VER)-$(VERSUFIX) /boot/vmlinuz-$(VERSUFIX)
endif
endif
endif
cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX)
- ln -sf vmlinuz-$(VER)-$(VERSUFIX) /boot/vmlinuz-$(VERSUFIX)
ln -sf System.map-$(VER)-$(VERSUFIX) /boot/System.map-$(VERSUFIX)
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) firmware_install
+ifeq "$(MACHINE_TYPE)" "arm"
+ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) dtbs
+ cd $(DIR_APP) && for f in $$(find arch/arm/boot/dts/ -name *.dtb); do \
+ mkdir -p /boot/dtb-$(VER)-$(VERSUFIX) ; \
+ install -m 644 $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \
+ done
+endif
+
ifeq "$(LASTKERNEL)" "1"
# Only do this once
cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/
echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6
endif
-ifneq "$(MACHINE_TYPE)" "arm"
- # Disable geode_aes modul
- mv /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/crypto/geode-aes.ko \
+ # Disable geode_aes modul if exist
+ -mv /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/crypto/geode-aes.ko \
/lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/crypto/geode-aes.ko.off
-endif
endif
@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* $(DIR_SRC)/squashfs* $(DIR_SRC)/netfilter-layer7-*