summaryrefslogtreecommitdiff
blob: 044218e07529219cb69c4596baa05b61977614b1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# Copyright 2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

inherit kernel-build verify-sig

MY_P=linux-${PV}
# https://koji.fedoraproject.org/koji/packageinfo?packageID=8
CONFIG_VER=5.4.21
CONFIG_HASH=2809b7faa6a8cb232cd825096c146b7bdc1e08ea

DESCRIPTION="Linux kernel built from vanilla upstream sources"
HOMEPAGE="https://www.kernel.org/"
SRC_URI+=" https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
	verify-sig? (
		https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.sign
	)
	amd64? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64.config
			-> kernel-x86_64.config.${CONFIG_VER}
	)
	arm64? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-aarch64.config
			-> kernel-aarch64.config.${CONFIG_VER}
	)
	ppc64? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-ppc64le.config
			-> kernel-ppc64le.config.${CONFIG_VER}
	)
	x86? (
		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-i686.config
			-> kernel-i686.config.${CONFIG_VER}
	)"
S=${WORKDIR}/${MY_P}

LICENSE="GPL-2"
KEYWORDS="~amd64 ~arm64 ~x86"
IUSE="debug"

RDEPEND="
	!sys-kernel/vanilla-kernel-bin:${SLOT}"
BDEPEND="
	debug? ( dev-util/dwarves )
	verify-sig? ( app-crypt/openpgp-keys-kernel )"

VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/kernel.org.asc

pkg_pretend() {
	ewarn "Starting with 5.4.52, Distribution Kernels are switching from Arch"
	ewarn "Linux configs to Fedora.  Please keep a backup kernel just in case."

	kernel-install_pkg_pretend
}

src_unpack() {
	if use verify-sig; then
		einfo "Unpacking linux-${PV}.tar.xz ..."
		verify-sig_verify_detached - "${DISTDIR}"/linux-${PV}.tar.sign \
			< <(xz -cd "${DISTDIR}"/linux-${PV}.tar.xz | tee >(tar -x))
		assert "Unpack failed"
	else
		default
	fi
}

src_prepare() {
	default

	# prepare the default config
	case ${ARCH} in
		amd64)
			cp "${DISTDIR}/kernel-x86_64.config.${CONFIG_VER}" .config || die
			;;
		arm64)
			cp "${DISTDIR}/kernel-aarch64.config.${CONFIG_VER}" .config || die
			;;
		ppc64)
			cp "${DISTDIR}/kernel-ppc64le.config.${CONFIG_VER}" .config || die
			;;
		x86)
			cp "${DISTDIR}/kernel-i686.config.${CONFIG_VER}" .config || die
			;;
		*)
			die "Unsupported arch ${ARCH}"
			;;
	esac

	local config_tweaks=(
		# replace (none) with gentoo
		-e 's:^CONFIG_DEFAULT_HOSTNAME=:&"gentoo":'
		# we do support x32
		-e '/CONFIG_X86_X32/s:.*:CONFIG_X86_X32=y:'
		# disable signatures
		-e '/CONFIG_MODULE_SIG/d'
		-e '/CONFIG_SECURITY_LOCKDOWN/d'
		-e '/CONFIG_KEXEC_SIG/d'
		-e '/CONFIG_KEXEC_BZIMAGE_VERIFY_SIG/d'
		-e '/CONFIG_SYSTEM_EXTRA_CERTIFICATE/d'
		-e '/CONFIG_SIGNATURE/d'
		# remove massive array of LSMs
		-e 's/CONFIG_LSM=.*/CONFIG_LSM="yama"/'
		-e 's/CONFIG_DEFAULT_SECURITY_SELINUX=y/CONFIG_DEFAULT_SECURITY_DAC=y/'
		# nobody actually wants fips
		-e '/CONFIG_CRYPTO_FIPS/d'
		# these tests are really not necessary
		-e 's/.*CONFIG_CRYPTO_MANAGER_DISABLE_TESTS.*/CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y/'
		# probably not needed by anybody but developers
		-e '/CONFIG_CRYPTO_STATS/d'
		# 1000hz is excessive for laptops
		-e 's/CONFIG_HZ_1000=y/CONFIG_HZ_300=y/'
		# nobody is using this kernel on insane super computers
		-e 's/CONFIG_NR_CPUS=.*/CONFIG_NR_CPUS=512/'
		# we're not actually producing live patches for folks
		-e 's/CONFIG_LIVEPATCH=y/CONFIG_LIVEPATCH=n/'
		# this slows down networking in general
		-e 's/CONFIG_IP_FIB_TRIE_STATS=y/CONFIG_IP_FIB_TRIE_STATS=n/'
		# include font for normal and hidpi screens
		-e 's/.*CONFIG_FONTS.*/CONFIG_FONTS=y\nCONFIG_FONT_8x16=y\nCONFIG_FONT_TER16x32=y/'
		# we don't need to actually install system headers from this ebuild
		-e '/CONFIG_HEADERS_INSTALL/d'
		# enable /proc/config.gz, used by linux-info.eclass
		-e '/CONFIG_IKCONFIG/s:.*:CONFIG_IKCONFIG=y\nCONFIG_IKCONFIG_PROC=y:'
		# WireGuard was backported to 5.4 but we use old configs (#739128)
		-e '$aCONFIG_WIREGUARD=m'
	)
	use debug || config_tweaks+=(
		-e '/CONFIG_DEBUG_INFO/d'
		-e '/CONFIG_DEBUG_RODATA_TEST/d'
		-e '/CONFIG_DEBUG_VM/d'
		-e '/CONFIG_DEBUG_SHIRQ/d'
		-e '/CONFIG_DEBUG_LIST/d'
		-e '/CONFIG_BUG_ON_DATA_CORRUPTION/d'
		-e '/CONFIG_TORTURE_TEST/d'
		-e '/CONFIG_BOOTTIME_TRACING/d'
		-e '/CONFIG_RING_BUFFER_BENCHMARK/d'
		-e '/CONFIG_X86_DECODER_SELFTEST/d'
		-e '/CONFIG_KGDB/d'
	)
	[[ ${ARCH} == x86 ]] && config_tweaks+=(
		# fix autoenabling 64bit
		-e '2i\
# CONFIG_64BIT is not set'
	)
	sed -i "${config_tweaks[@]}" .config || die
}