###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-PATCHLEVEL = .59
-VER = 2.6.32.59
+VER = 3.10.27
+
+RPI_PATCHES = linux-3.10.10-grsec-c1af7c6
+GRS_PATCHES = grsecurity-2.9.1-3.10.27-ipfire1.patch.xz
THISAPP = linux-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
+DL_FILE = linux-$(VER).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
-PAK_VER = 20
+PAK_VER = 32
DEPS = ""
-# Normal build or XEN build.
-#
-
VERSUFIX=ipfire$(KCFG)
-ifeq "$(HEADERS)" "1"
ifeq "$(TOOLS)" "1"
- TARGET = $(DIR_INFO)/linux-libc-headers-$(VER)-$(VERSUFIX)-tools
+ TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools
HEADERS_PREFIX = /tools
-else
- TARGET = $(DIR_INFO)/linux-libc-headers-$(VER)-$(VERSUFIX)
- HEADERS_PREFIX = /usr
-endif
else
TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)
+ HEADERS_PREFIX = /usr
endif
ifeq "$(MACHINE_TYPE)" "arm"
# Top-level Rules
###############################################################################
objects =$(DL_FILE) \
- netfilter-layer7-v2.22.tar.gz \
- patch-2.6.16-nath323-1.3.bz2 \
- reiser4-for-2.6.32.patch.bz2 \
- xen-patches-2.6.32-2f.tar.bz2
+ rpi-patches-$(RPI_PATCHES).patch.xz \
+ $(GRS_PATCHES)
+
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
-netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
-patch-2.6.16-nath323-1.3.bz2 = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
-reiser4-for-2.6.32.patch.bz2 = $(URL_IPFIRE)/reiser4-for-2.6.32.patch.bz2
-xen-patches-2.6.32-2f.tar.bz2 = $(URL_IPFIRE)/xen-patches-2.6.32-2f.tar.bz2
+rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
+$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = 69c68c4a8eb0f04b051a7dbcff16f6d0
-netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
-patch-2.6.16-nath323-1.3.bz2_MD5 = f926409ff703a307baf54b57ab75d138
-reiser4-for-2.6.32.patch.bz2_MD5 = 3246397973d9271eb8e6d7c97c5d2d91
-xen-patches-2.6.32-2f.tar.bz2_MD5 = b59d6f89e11accb9d40354418e13f31b
+$(DL_FILE)_MD5 = 4edaaea57dc940969c54ac249e49f7e7
+rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = f55981853573236069db5ad9fb7a4bd9
+$(GRS_PATCHES)_MD5 = a83aad5c389ea9a496ba41608267d3dc
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) $(DIR_SRC)/linux $(DIR_SRC)/linux-*-suse_xen_patches $(DIR_SRC)/xen-* && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
ln -svf linux-$(VER) $(DIR_SRC)/linux
-ifeq "$(KCFG)" "-xen"
- # Apply gentoo Xen patches
- mkdir -p $(DIR_SRC)/xen-patches
- cd $(DIR_SRC)/xen-patches && tar jxf $(DIR_DL)/xen-patches-2.6.32-2f.tar.bz2
+ # Linux Intermediate Queueing Device
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/imq_kernel3.10.23.patch
- for x in `ls -1 $(DIR_SRC)/xen-patches/*.patch1`; do \
- echo "*********** [Patch: $$x]"; \
- cd $(DIR_APP) && pwd && patch -Np1 < $$x || exit 1; \
- done
- rm -rf $(DIR_SRC)/xen-patches
+ # ipp2p 0.8.2-ipfire
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-ipp2p-0.8.2-ipfire.patch
- # Linux Intermediate Queueing Device
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.8-xen-imq-test2.patch
-else
- # Linux Intermediate Queueing Device
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-imq-test2.patch
+ # Layer7-patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/netfilter_layer7_2.22_kernel3.10-no_proc_interface.patch
+
+ # Grsecurity-patches
+ifneq "$(KCFG)" "-headers"
+ cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1
+ cd $(DIR_APP) && rm localversion-grsec
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch
endif
- # Not report deprecated syscall 1.23 (for kudzu)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25.18-not_report_sysctl_1.23.patch
+ # Disable pcspeaker autoload
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.30-no-pcspkr-modalias.patch
- # Reiser4 (don't check if fail (some patches are already in xen patchset)
- -cd $(DIR_APP) && bzcat $(DIR_DL)/reiser4-for-2.6.32.patch.bz2 | patch -Np1
+ # Remove ACPI Blacklist message
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6-silence-acpi-blacklist.patch
- # ipp2p 0.8.2-pomng
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.8-ipp2p-0.8.2-pomng.patch
+ # DVB Patches
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.9-dvbsky-wot2.patch
+ cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch
- # Layer7-patch
- cd $(DIR_SRC) && rm -rf $(DIR_SRC)/netfilter-layer7-v2.22
- cd $(DIR_SRC) && tar xzf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
+ # Wlan Patches
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/compat-drivers-3.8.3-ath_ignore_eeprom_regdomain.patch
- # Add some more LED triggers
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.11-netdev-1.patch
+ # mISDN Patches
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mISDN_hfc-s_add_id.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/mISDN-hfcusb-reportl1down.patch
- # Huawei Android Phones (Vodafone V845, T-Mobile Pulse/mini ...)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.15-option_add_huawei_android.patch
+ # Add LED trigger
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.9-ledtrig-netdev-1.patch
# Fix uevent PHYSDEVDRIVER
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.27_ipg-fix-driver-name.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2.33_ipg-fix-driver-name.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.27_mcs7830-fix-driver-name.patch
- # Fix mv_cesa
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-crypto-mv_cesa.patch
ifeq "$(KCFG)" "-kirkwood"
# Add dreamplug,guruplug and icy 62x0 support on ARM-kirkwood
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.57-arm_kirkwood_setups.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.10-arm_kirkwood_setups.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.10-mv_cesa_disable_failing_hmac_sha1.patch
endif
-ifeq "$(MACHINE_TYPE)" "arm"
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.45_align_ssb_modtable_32bit_boundary.patch
+ifeq "$(KCFG)" "-multi"
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10.27-fs-exec-atomic64-operand-requires-impossible-reload.patch
+# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-0001-panda-wlan-fix.patch
+# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-0002-panda-i2c.patch
+# cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.2-panda-reboot.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-smsc95xx-add_mac_addr_param.patch
+
+ # Patchset for Wandboard.
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/dts/0001-imx6qdl-wandboard-dts-backport.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/dts/0002-ARM-dts-imx6qdl-wandboard-add-gpio-lines-to-wandboar.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/dts/0003-ARM-dts-imx6qdl-wandboard-Add-support-for-i2c1.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/dts/0004-ARM-dts-wandboard-add-binding-for-wand-rfkill-driver.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/dts/0005-ARM-dts-imx6qdl-add-pcie-device-node.patch
+
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0001-i2c-imx-retry-on-NAK.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0002-i.MX6-Wandboard-add-CKO1-clock-output.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0003-thermal-add-imx-thermal-driver-support.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0004-ARM-i.MX6-Wandboard-add-wifi-bt-rfkill-driver.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0005-Add-IMX6Q-AHCI-support.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0006-imx-Add-IMX53-AHCI-support.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0007-imx6-enable-sata-clk-if-SATA_AHCI_PLATFORM.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0008-ARM-imx6q-update-the-sata-bits-definitions-of-gpr13.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0009-ahci_imx-add-ahci-sata-support-on-imx-platforms.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0010-ahci_imx-depend-on-CONFIG_MFD_SYSCON.patch
+ cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0011-add-pcie-designware.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0012-pcie-backport-fixes.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0013-of-pci-Provide-support-for-parsing-PCI-DT-ranges-pro.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0014-ARM-imx6q-Add-PCIe-bits-to-GPR-syscon-definition.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0015-PCI-imx6-Add-support-for-i.MX6-PCIe-controller.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0016-imx6-pci-tweaks.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0017-ARM-imx-Add-LVDS-general-purpose-clocks-to-i.MX6Q.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/wandboard/imx/0018-ARM-imx6q-clock-and-Kconfig-update-for-PCIe-support.patch
+
+ # Patchset for Compulab Utilite.
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel/utilite/linux-3.10-compulab-utilite-support.patch
+endif
+
+ifeq "$(KCFG)" "-rpi"
+ # Apply Raspberry Pi kernel patches.
+ cd $(DIR_APP) && xzcat $(DIR_DL)/rpi-patches-$(RPI_PATCHES).patch.xz | patch -Np1
endif
-ifeq "$(HEADERS)" "1"
+ifeq "$(KCFG)" "-headers"
# Install the header files
cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) INSTALL_HDR_PATH=dest headers_install
-mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include
cp $(DIR_SRC)/config/kernel/kernel.config.$(MACHINE)-$(VERSUFIX) $(DIR_APP)/.config
cd $(DIR_APP) && make CC="$(KGCC)" oldconfig
cd $(DIR_APP) && make CC="$(KGCC)" clean
- cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ $(PATCHLEVEL)-$(VERSUFIX)/' Makefile
+ cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile
-ifeq "$(KCFG)" "-xen"
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" vmlinuz
- cd $(DIR_APP) && cp -v arch/i386/boot/vmlinuz /boot/vmlinuz-$(VER)-$(VERSUFIX)
-else
ifeq "$(KCFG)" "-kirkwood"
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" uImage
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" uImage modules
cd $(DIR_APP) && cp -v arch/arm/boot/uImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v arch/arm/boot/uImage /boot/uImage-$(VERSUFIX)
else
-ifeq "$(KCFG)" "-versatile"
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" zImage
+ifeq "$(KCFG)" "-multi"
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" zImage modules
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/zImage-$(VERSUFIX)
+else
+ifeq "$(KCFG)" "-rpi"
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" zImage modules
cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ cd $(DIR_APP) && cp -v arch/arm/boot/zImage /boot/kernel.img
else
- cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage
+ cd $(DIR_APP) && make $(MAKETUNING) CC="$(KGCC)" bzImage modules
cd $(DIR_APP) && cp -v arch/i386/boot/bzImage /boot/vmlinuz-$(VER)-$(VERSUFIX)
+ ln -sf vmlinuz-$(VER)-$(VERSUFIX) /boot/vmlinuz-$(VERSUFIX)
endif
endif
endif
cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX)
- ln -sf vmlinuz-$(VER)-$(VERSUFIX) /boot/vmlinuz-$(VERSUFIX)
ln -sf System.map-$(VER)-$(VERSUFIX) /boot/System.map-$(VERSUFIX)
- cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) modules_install
cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) firmware_install
+ifeq "$(MACHINE_TYPE)" "arm"
+ cd $(DIR_APP) && make CC="$(KGCC)" $(MAKETUNING) dtbs
+ cd $(DIR_APP) && for f in $$(find arch/arm/boot/dts/ -name *.dtb); do \
+ mkdir -p /boot/dtb-$(VER)-$(VERSUFIX) ; \
+ install -m 644 $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \
+ done
+endif
+
ifeq "$(LASTKERNEL)" "1"
# Only do this once
cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/
# Blacklist matroxfb_base
- echo "blacklist matroxfb_base" >> /etc/modprobe.d/framebuffer
+ echo "blacklist matroxfb_base" >> /etc/modprobe.d/framebuffer.conf
# Blacklist old framebuffer modules
for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/video -name *fb.ko); do \
- echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer ; \
+ echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \
done
# Blacklist new drm framebuffer modules
for f in $$(ls -1 /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm/*/*.ko); do \
- echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer ; \
+ echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \
done
- sed -i -e "s|.ko||g" /etc/modprobe.d/framebuffer
+ sed -i -e "s|.ko||g" /etc/modprobe.d/framebuffer.conf
# Blacklist isdn modules
for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/isdn -name *.ko); do \
- echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/isdn ; \
+ echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/isdn.conf ; \
done
- sed -i -e "s|.ko||g" /etc/modprobe.d/isdn
+ sed -i -e "s|.ko||g" /etc/modprobe.d/isdn.conf
# Disable ipv6 at runtime
- echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6
+ echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf
endif
- # Remove mISDN modules
- rm -rvf /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/isdn/mISDN
- rm -rvf /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/isdn/hardware/mISDN
-
-ifneq "$(MACHINE_TYPE)" "arm"
- # Disable geode_aes modul
- mv /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/crypto/geode-aes.ko \
+ # Disable geode_aes modul if exist
+ -mv /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/crypto/geode-aes.ko \
/lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/crypto/geode-aes.ko.off
-endif
endif
@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* $(DIR_SRC)/squashfs* $(DIR_SRC)/netfilter-layer7-*