# Copyright 2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

inherit kernel-build verify-sig

MY_P=linux-${PV}
# https://koji.fedoraproject.org/koji/packageinfo?packageID=8
CONFIG_VER=5.4.21
CONFIG_HASH=2809b7faa6a8cb232cd825096c146b7bdc1e08ea

DESCRIPTION="Linux kernel built from vanilla upstream sources"
HOMEPAGE="https://www.kernel.org/"
SRC_URI+=" https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
	verify-sig? (
		https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.sign
	)
	amd64? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64.config
			-> kernel-x86_64.config.${CONFIG_VER}
	)
	arm64? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-aarch64.config
			-> kernel-aarch64.config.${CONFIG_VER}
	)
	ppc64? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-ppc64le.config
			-> kernel-ppc64le.config.${CONFIG_VER}
	)
	x86? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-i686.config
			-> kernel-i686.config.${CONFIG_VER}
	)"
S=${WORKDIR}/${MY_P}

LICENSE="GPL-2"
KEYWORDS="~amd64 ~arm64 ~x86"
IUSE="debug"

RDEPEND="
	!sys-kernel/vanilla-kernel-bin:${SLOT}"
BDEPEND="
	debug? ( dev-util/dwarves )
	verify-sig? ( app-crypt/openpgp-keys-kernel )"

VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/kernel.org.asc

pkg_pretend() {
	ewarn "Starting with 5.4.52, Distribution Kernels are switching from Arch"
	ewarn "Linux configs to Fedora.  Please keep a backup kernel just in case."

	kernel-install_pkg_pretend
}

src_unpack() {
	if use verify-sig; then
		einfo "Unpacking linux-${PV}.tar.xz ..."
		verify-sig_verify_detached - "${DISTDIR}"/linux-${PV}.tar.sign \
			< <(xz -cd "${DISTDIR}"/linux-${PV}.tar.xz | tee >(tar -x))
		assert "Unpack failed"
	else
		default
	fi
}

src_prepare() {
	default

	# prepare the default config
	case ${ARCH} in
		amd64)
			cp "${DISTDIR}/kernel-x86_64.config.${CONFIG_VER}" .config || die
			;;
		arm64)
			cp "${DISTDIR}/kernel-aarch64.config.${CONFIG_VER}" .config || die
			;;
		ppc64)
			cp "${DISTDIR}/kernel-ppc64le.config.${CONFIG_VER}" .config || die
			;;
		x86)
			cp "${DISTDIR}/kernel-i686.config.${CONFIG_VER}" .config || die
			;;
		*)
			die "Unsupported arch ${ARCH}"
			;;
	esac

	local config_tweaks=(
		# replace (none) with gentoo
		-e 's:^CONFIG_DEFAULT_HOSTNAME=:&"gentoo":'
		# we do support x32
		-e '/CONFIG_X86_X32/s:.*:CONFIG_X86_X32=y:'
		# disable signatures
		-e '/CONFIG_MODULE_SIG/d'
		-e '/CONFIG_SECURITY_LOCKDOWN/d'
		-e '/CONFIG_KEXEC_SIG/d'
		-e '/CONFIG_KEXEC_BZIMAGE_VERIFY_SIG/d'
		-e '/CONFIG_SYSTEM_EXTRA_CERTIFICATE/d'
		-e '/CONFIG_SIGNATURE/d'
		# remove massive array of LSMs
		-e 's/CONFIG_LSM=.*/CONFIG_LSM="yama"/'
		-e 's/CONFIG_DEFAULT_SECURITY_SELINUX=y/CONFIG_DEFAULT_SECURITY_DAC=y/'
		# nobody actually wants fips
		-e '/CONFIG_CRYPTO_FIPS/d'
		# these tests are really not necessary
		-e 's/.*CONFIG_CRYPTO_MANAGER_DISABLE_TESTS.*/CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y/'
		# probably not needed by anybody but developers
		-e '/CONFIG_CRYPTO_STATS/d'
		# 1000hz is excessive for laptops
		-e 's/CONFIG_HZ_1000=y/CONFIG_HZ_300=y/'
		# nobody is using this kernel on insane super computers
		-e 's/CONFIG_NR_CPUS=.*/CONFIG_NR_CPUS=512/'
		# we're not actually producing live patches for folks
		-e 's/CONFIG_LIVEPATCH=y/CONFIG_LIVEPATCH=n/'
		# this slows down networking in general
		-e 's/CONFIG_IP_FIB_TRIE_STATS=y/CONFIG_IP_FIB_TRIE_STATS=n/'
		# include font for normal and hidpi screens
		-e 's/.*CONFIG_FONTS.*/CONFIG_FONTS=y\nCONFIG_FONT_8x16=y\nCONFIG_FONT_TER16x32=y/'
		# we don't need to actually install system headers from this ebuild
		-e '/CONFIG_HEADERS_INSTALL/d'
		# enable /proc/config.gz, used by linux-info.eclass
		-e '/CONFIG_IKCONFIG/s:.*:CONFIG_IKCONFIG=y\nCONFIG_IKCONFIG_PROC=y:'
		# WireGuard was backported to 5.4 but we use old configs (#739128)
		-e '$aCONFIG_WIREGUARD=m'
	)
	use debug || config_tweaks+=(
		-e '/CONFIG_DEBUG_INFO/d'
		-e '/CONFIG_DEBUG_RODATA_TEST/d'
		-e '/CONFIG_DEBUG_VM/d'
		-e '/CONFIG_DEBUG_SHIRQ/d'
		-e '/CONFIG_DEBUG_LIST/d'
		-e '/CONFIG_BUG_ON_DATA_CORRUPTION/d'
		-e '/CONFIG_TORTURE_TEST/d'
		-e '/CONFIG_BOOTTIME_TRACING/d'
		-e '/CONFIG_RING_BUFFER_BENCHMARK/d'
		-e '/CONFIG_X86_DECODER_SELFTEST/d'
		-e '/CONFIG_KGDB/d'
	)
	[[ ${ARCH} == x86 ]] && config_tweaks+=(
		# fix autoenabling 64bit
		-e '2i\
# CONFIG_64BIT is not set'
	)
	sed -i "${config_tweaks[@]}" .config || die
}