pmaports/device/testing/linux-samsung-klte/APKBUILD

91 lines
5 KiB
Text
Raw Normal View History

# Reference: <https://postmarketos.org/vendorkernel>
# Kernel config based on: arch/arm/configs/msm8974_sec_defconfig
# arch/arm/configs/msm8974pro_sec_klte_eur_defconfig
# arch/arm/configs/selinux_defconfig
pkgname=linux-samsung-klte
pkgver=3.4.113
pkgrel=6
pkgdesc="Samsung Galaxy S5 kernel fork"
arch="armv7"
_carch="arm"
_flavor="samsung-klte"
url="https://kernel.org"
license="GPL-2.0-only"
options="!strip !check !tracedeps pmb:cross-native"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers elfutils-dev xz dtbtool devicepkg-dev gcc6"
# Compiler: GCC 6 (doesn't boot when compiled with newer versions)
if [ "${CC:0:5}" != "gcc6-" ]; then
CC="gcc6-$CC"
HOSTCC="gcc6-gcc"
CROSS_COMPILE="gcc6-$CROSS_COMPILE"
fi
# Source
_repository="android_kernel_samsung_msm8974"
samsung-klte: backport memfd_create() syscall (!479) This brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17. This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736. In short, security issue was: in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe. For example, pulseaudio also can benefit from having memfd_create() implemented. This backports the following commits from upstream linux: - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value of file_inode() in struct file commit from linux-3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API from 3.17: security measure called SEALS, that you can put on memfd file to restrict operations on it - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall also from 3.17 - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add memfd_create system call to unistd.h - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up memfd_create syscall The last two are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch. The test program (https://github.com/minlexx/test_memfd/) was written to verify that this works. [ci:skip-build]: already built successfully in CI
2019-07-01 00:29:30 +00:00
_commit="edfd9dd9be89d15c34f653363a9a3c9108146ca0"
_config="config-$_flavor.$arch"
source="
$pkgname-$_commit.tar.gz::https://github.com/LineageOS/$_repository/archive/$_commit.tar.gz
$_config
0001_fix_return_address.patch
0002_gpu-msm-fix-gcc5-compile.patch
0003-Reduce-battery-and-touchscreen-log-spam.patch
0004-fix-video-argb-setting.patch
0005-mdss_fb-Always-allow-to-allocate-map-framebuffer-mem.patch
0006-Fix-xt_connbytes-compile-warning.patch
0007-usb_gadget-set-random-rndis-host-MAC-address-to-prev.patch
0008-Backport-vfs-make-O_PATH-file-descriptors-usable-for.patch
samsung-klte: backport memfd_create() syscall (!479) This brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17. This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736. In short, security issue was: in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe. For example, pulseaudio also can benefit from having memfd_create() implemented. This backports the following commits from upstream linux: - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value of file_inode() in struct file commit from linux-3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API from 3.17: security measure called SEALS, that you can put on memfd file to restrict operations on it - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall also from 3.17 - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add memfd_create system call to unistd.h - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up memfd_create syscall The last two are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch. The test program (https://github.com/minlexx/test_memfd/) was written to verify that this works. [ci:skip-build]: already built successfully in CI
2019-07-01 00:29:30 +00:00
0009-Backport-cache-the-value-of-file_inode-in-struct-file.patch
0010-Backport-shm-add-sealing-API.patch
0011-Backport-shm-add-memfd_create-syscall.patch
0012-Backport-asm-generic-add-memfd_create-system-call-to-unistd.h.patch
0013-Backport-ARM-wire-up-memfd_create-syscall.patch
"
samsung-klte: backport memfd_create() syscall (!479) This brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17. This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736. In short, security issue was: in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe. For example, pulseaudio also can benefit from having memfd_create() implemented. This backports the following commits from upstream linux: - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value of file_inode() in struct file commit from linux-3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API from 3.17: security measure called SEALS, that you can put on memfd file to restrict operations on it - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall also from 3.17 - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add memfd_create system call to unistd.h - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up memfd_create syscall The last two are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch. The test program (https://github.com/minlexx/test_memfd/) was written to verify that this works. [ci:skip-build]: already built successfully in CI
2019-07-01 00:29:30 +00:00
builddir="$srcdir/$_repository-$_commit"
prepare() {
default_prepare
. downstreamkernel_prepare
}
build() {
unset LDFLAGS
make ARCH="$_carch" CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-postmarketOS"
# Generate master DTB
dtbTool -s 2048 -p "scripts/dtc/" -o "arch/arm/boot/dt.img" "arch/arm/boot/"
}
package() {
downstreamkernel_package "$builddir" "$pkgdir" "$_carch" "$_flavor"
# Master DTB
install -Dm644 "$builddir/arch/arm/boot/dt.img" \
"$pkgdir/boot/dt.img"
# External modules install
make ARCH="$_carch" CC="${CC:-gcc}" \
KBUILD_BUILD_VERSION="$((pkgrel + 1 ))-postmarketOS" \
INSTALL_MOD_PATH="$pkgdir" modules_install
}
samsung-klte: backport memfd_create() syscall (!479) This brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17. This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736. In short, security issue was: in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe. For example, pulseaudio also can benefit from having memfd_create() implemented. This backports the following commits from upstream linux: - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value of file_inode() in struct file commit from linux-3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API from 3.17: security measure called SEALS, that you can put on memfd file to restrict operations on it - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall also from 3.17 - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add memfd_create system call to unistd.h - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up memfd_create syscall The last two are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch. The test program (https://github.com/minlexx/test_memfd/) was written to verify that this works. [ci:skip-build]: already built successfully in CI
2019-07-01 00:29:30 +00:00
sha512sums="d0ccc0cde26e6cad7e2b4cffa9d92b4cd7d11e159738935d87cc044a07679e7aed891379fb0e096b12cd1ba7e1855dd72c94ec6da96ff8e936479c59b4d4eb6c linux-samsung-klte-edfd9dd9be89d15c34f653363a9a3c9108146ca0.tar.gz
e2c91185b3c45b91ba85a872fb7aff11e6ec5957682aa231b4fef901e54001e764272413b701aa150c0019640129c5e42f360186a26772d2c3455bbd9cedd9df config-samsung-klte.armv7
3b4913415bcfe0ff222969f993890c656c7e12b6ee06532bded485d5201c9855b2c87996c5b63423702b89b6b0ca214b5aceeb402571d9c5af084093c157ccb4 0001_fix_return_address.patch
0fc4b1782dfd3bd94fa9ae8ab74b19713f25e9f4a48dcf830072634f247aa3dd8847f001a3e87e9728e057657efd4ae751510e7c408d9b960c907665ca64e61f 0002_gpu-msm-fix-gcc5-compile.patch
b55fc9ab3e21bc85d66ee08d7e1cd7fdc3b236249212fbcd0055e60ed3e6cef3e4d2b8058a4b7d70c78b2bbc7a11111b55d4d82490b4e3579b8e61657806ac09 0003-Reduce-battery-and-touchscreen-log-spam.patch
a48336bbfead6ad0c84d2fce0c40a3f5530aebdff356a6835cceaf59a50a6f860d2f8027703a92927955fbb18857ba78788e010d017bf67730f069b36e96fe87 0004-fix-video-argb-setting.patch
e3a9b75de461313ee6ba0e547d7fb97d77a749a11416c44b28110673d3a6f7b01305e74f67c06c8cfea97bde5d3d0cd98a457a03a63560125f5bb84f82f116e1 0005-mdss_fb-Always-allow-to-allocate-map-framebuffer-mem.patch
6bdb3acd4a2d10d59ea16a2147735b94f17070aecebfe55fff724c03335bf1a02cc7539c9fe0a59cb944b6835135fe64956617c8b29847397b2f4df68b602063 0006-Fix-xt_connbytes-compile-warning.patch
27f890cf82027649ba742b606a87ce6a82f9685b075bb7b50bffec77221e70434ee78d118d39048350537c5ecdad208658967e492eeeb997e7f6884fa78ac696 0007-usb_gadget-set-random-rndis-host-MAC-address-to-prev.patch
samsung-klte: backport memfd_create() syscall (!479) This brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17. This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736. In short, security issue was: in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe. For example, pulseaudio also can benefit from having memfd_create() implemented. This backports the following commits from upstream linux: - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value of file_inode() in struct file commit from linux-3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API from 3.17: security measure called SEALS, that you can put on memfd file to restrict operations on it - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall also from 3.17 - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add memfd_create system call to unistd.h - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up memfd_create syscall The last two are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch. The test program (https://github.com/minlexx/test_memfd/) was written to verify that this works. [ci:skip-build]: already built successfully in CI
2019-07-01 00:29:30 +00:00
a2bd1b925ba0e1ba0a68dcb134604abbaddf456426a468662d77bc02f0d09d4d07c0c89001c0973e690e1f7eb9c1cfdd37c2d99ed4cc62f3398582d6b51a7013 0008-Backport-vfs-make-O_PATH-file-descriptors-usable-for.patch
47894281412f1c9d4266812f089c3f2434c1636d74245f392d4b0b7532096f8f5bd698715d9e10c7be6c70892af45de2d2c657bd276332442890b94e1159f8f8 0009-Backport-cache-the-value-of-file_inode-in-struct-file.patch
54d71b32b456a3d0abd090c820214240688484f4cadbbde0304bf3cb5246b1aa3893dd85736dc5db2f3d6f9de1f5e84a1adcf5a661a62586452f1002360dc691 0010-Backport-shm-add-sealing-API.patch
c62d67a5fb28082e86a585b4c64891525db640ce694445f0fb19e67fb8dcd9ccbfbcb6fba8692964fac8b026c39cfa558cf316a7e22828ac13f58f5b9938ef09 0011-Backport-shm-add-memfd_create-syscall.patch
cbf6e4bdf53b02f897923d0f6eea5320acc6760c3f3ed762e69928ced7e3b6f2a5355df4a2fccf560f010a4a1968e7ae1a3f62c2db299857d6bcc9715d932822 0012-Backport-asm-generic-add-memfd_create-system-call-to-unistd.h.patch
2f256f6ec9fa7b240dd1f9417622bfd5a8ca4a9ea12cd2ef171540e1425d4171122c0597fe12af913ef60979ef9a3dce8a6c1c523c91020cb9481560901cc92b 0013-Backport-ARM-wire-up-memfd_create-syscall.patch"