127 lines
3.3 KiB
Makefile
127 lines
3.3 KiB
Makefile
|
|
LINUX_VERSION = 4.9.56
|
|
MINIPLI_TAG = 20171013093040
|
|
|
|
|
|
MINIPLI_VERSION = v$(LINUX_VERSION)-unofficial_grsec
|
|
MINIPLI_PATH = linux-unofficial_grsec/releases/download/$(MINIPLI_VERSION)
|
|
GRSEC_DIFF = $(MINIPLI_VERSION)-$(MINIPLI_TAG).diff
|
|
GRSEC_DOWNLOAD = https://github.com/minipli/$(MINIPLI_PATH)/$(GRSEC_DIFF)
|
|
|
|
KERNEL_VERSION = linux-$(LINUX_VERSION)
|
|
KERNEL_DOWNLOAD = https://cdn.kernel.org/pub/linux/kernel/v4.x/$(KERNEL_VERSION)
|
|
|
|
|
|
WGET = wget
|
|
SHA256 = sha256sum
|
|
TAR = tar
|
|
PATCH = patch
|
|
LN = ln
|
|
CP = cp
|
|
MV = mv
|
|
RM = rm
|
|
RMDIR = rmdir
|
|
MKDIR = mkdir
|
|
TOUCH = touch
|
|
GPG = gpg
|
|
TOUCH = touch
|
|
UNXZ = unxz
|
|
|
|
PWD = $(shell pwd)
|
|
|
|
PATCH_FILES := $(shell find patches/ -name "00*.patch" | sort)
|
|
PATCH_SENTINEL = build/.patches_applied
|
|
|
|
|
|
GRSEC_DL_PATH = downloads/$(GRSEC_DIFF)
|
|
KERNEL_DL_PATH = downloads/$(KERNEL_VERSION).tar
|
|
KERNEL_BUILD_PATH = build/$(KERNEL_VERSION)
|
|
KERNEL_UNPACK_PATH = build/.unpack/$(KERNEL_VERSION)
|
|
KERNEL_BUILD_OUTPUT = $(KERNEL_BUILD_PATH)/vmlinux
|
|
|
|
PH_LINUX = ph_linux
|
|
PH_LINUX_VER = $(PH_LINUX)-$(LINUX_VERSION)
|
|
|
|
GPGTMP = verify-tmp/
|
|
GPGOPTS = --homedir $(GPGTMP) --trust-model direct --no-autostart
|
|
GPG_IMPORT = $(GPG) $(GPGOPTS) --import
|
|
GPG_VERIFY = $(GPG) $(GPGOPTS) --verify
|
|
|
|
SHA256_FILE = v$(KERNEL_VERSION).sha256
|
|
|
|
SHA256_SENTINEL = build/.sha256-verififed
|
|
|
|
$(shell mkdir -p downloads)
|
|
$(shell mkdir -p build)
|
|
|
|
.NOTPARALLEL:
|
|
|
|
.PHONY: all gen-sha256
|
|
|
|
all: $(KERNEL_BUILD_OUTPUT) $(PH_LINUX_VER)
|
|
|
|
$(GRSEC_DL_PATH):
|
|
cd downloads; $(WGET) $(GRSEC_DOWNLOAD)
|
|
cd downloads; $(WGET) $(GRSEC_DOWNLOAD).sig
|
|
|
|
$(KERNEL_DL_PATH):
|
|
cd downloads; $(WGET) $(KERNEL_DOWNLOAD).tar.xz
|
|
cd downloads; $(UNXZ) $(KERNEL_VERSION).tar.xz
|
|
cd downloads; $(WGET) $(KERNEL_DOWNLOAD).tar.sign
|
|
|
|
|
|
$(KERNEL_BUILD_PATH): $(KERNEL_DL_PATH) $(GRSEC_DL_PATH) $(SHA256_SENTINEL)
|
|
$(RM) -rf build/.unpack
|
|
$(MKDIR) -p build/.unpack
|
|
$(TAR) -C build/.unpack -xvf downloads/$(KERNEL_VERSION).tar
|
|
$(PATCH) -p1 -d $(KERNEL_UNPACK_PATH) < $(GRSEC_DL_PATH)
|
|
$(CP) config $(KERNEL_UNPACK_PATH)/.config
|
|
$(MV) $(KERNEL_UNPACK_PATH) build/
|
|
$(RM) -rf build/.unpack
|
|
|
|
$(PATCH_SENTINEL): | $(KERNEL_BUILD_PATH)
|
|
for p in $(PATCH_FILES); do $(PATCH) -p1 -d build/$(KERNEL_VERSION) < "$$p"; done
|
|
$(TOUCH) $@
|
|
|
|
|
|
$(PH_LINUX_VER): $(KERNEL_BUILD_OUTPUT)
|
|
$(RM) -f $(PH_LINUX)
|
|
$(CP) $(KERNEL_BUILD_OUTPUT) $(PH_LINUX_VER)
|
|
$(LN) -s $(PWD)/$(PH_LINUX_VER) $(PH_LINUX)
|
|
|
|
|
|
$(KERNEL_BUILD_OUTPUT): $(PATCH_SENTINEL)
|
|
$(MAKE) -C build/$(KERNEL_VERSION)
|
|
|
|
clean:
|
|
$(RM) -rf $(KERNEL_BUILD_PATH) $(SHA256_SENTINEL) $(PATCH_SENTINEL) $(PH_LINUX_VER)
|
|
|
|
$(SHA256_SENTINEL): $(KERNEL_DL_PATH) $(GRSEC_DL_PATH)
|
|
$(SHA256) -c v$(LINUX_VERSION).sha256
|
|
$(TOUCH) $@
|
|
|
|
|
|
gen-sha256: $(SHA256_FILE)
|
|
|
|
$(GRSEC_DL_PATH).verify: $(GRSEC_DL_PATH)
|
|
rm -rf $(GPGTMP)
|
|
$(MKDIR) -m 0700 $(GPGTMP)
|
|
$(GPG_IMPORT) < keys/minipli.key
|
|
$(GPG_VERIFY) downloads/$(GRSEC_DIFF).sig $(GRSEC_DL_PATH) 2> .out
|
|
mv .out $(GRSEC_DL_PATH).verify
|
|
rm -rf $(GPGTMP)
|
|
|
|
$(KERNEL_DL_PATH).verify: $(KERNEL_DL_PATH)
|
|
rm -rf $(GPGTMP)
|
|
$(MKDIR) -m 0700 $(GPGTMP)
|
|
$(GPG_IMPORT) < keys/torvalds.key
|
|
$(GPG_IMPORT) < keys/gregkh.key
|
|
$(GPG_VERIFY) downloads/$(KERNEL_VERSION).tar.sign $(KERNEL_DL_PATH) 2> .out
|
|
mv .out $(KERNEL_DL_PATH).verify
|
|
rm -rf $(GPGTMP)
|
|
|
|
|
|
$(SHA256_FILE): $(KERNEL_DL_PATH).verify $(GRSEC_DL_PATH).verify
|
|
$(SHA256) $(KERNEL_DL_PATH) $(GRSEC_DL_PATH) > v$(LINUX_VERSION).sha256
|
|
|