forked from gene-git/Arch-SKM
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Arch-Linux-PKGBUILD-example
112 lines (91 loc) · 2.93 KB
/
Arch-Linux-PKGBUILD-example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Example Arch Linux Kernel PKGBUILD with additions for Signed Kernel Modules #
################################################################################
# prepare() - requires info below inserted at the begining of the function #
# _package-headers() - requires info below inserted at the end of the function #
# build() & pkgname variables are shown changed below to avoid making the docs #
################################################################################
pkgbase=linux-hardened
pkgver=5.17.5.hardened1
pkgrel=1
pkgdesc='Security-Hardened Linux'
url='https://github.com/anthraxx/linux-hardened'
arch=(x86_64)
license=(GPL2)
makedepends=(
....
)
options=('!strip')
_srcname=linux-${pkgver%.*}
source=(
....
)
validpgpkeys=(
....
)
sha256sums=(....)
prepare() {
# Out-of-tree module signing
#
######################################################
# this is added at the start of prepare() & replaces #
# 'cd $_srcname' #
######################################################
# uncomment for linux-xanmod-cacule & some other AUR kernels
# to match the Package Maintainer's variable for the kernel
# sources directory.
#
# local _srcname=linux-${_major}
msg2 "Rebuilding local signing key..."
cp -rf /usr/src/certs-local ./
cd certs-local
msg2 "Updating kernel config with new key..."
# NB: config path must be quoted for file globbing to work
# some kernels have multiple config files (e.g linux-libre)
# to see configurable options run:
# /usr/src/certs-local/genkeys.py -h
./genkeys.py -v --config '../config*'
cd ../$_srcname
# cd $_srcname
....
}
build() {
....
# see https://wiki.archlinux.org/index.php/Kernel/Arch_Build_System
# 'Avoid creating the doc'
# texlive-latexextra can also be removed from $makedepends
# make htmldocs
}
_package() {
....
}
_package-headers() {
....
# Out-of-tree module signing
##################################################
# this is added at the end of _package-headers() #
##################################################
# This is run in the kernel source / build directory
#
# some AUR kernels may also need to set $builddir to match
# the Package Maintainer's variable for the build dir
# inside the package:
#
# local builddir="$pkgdir/usr/lib/modules/${_kernver}/build"
msg2 "Local Signing certs for out-of-tree modules..."
certs_local_src="../certs-local"
certs_local_dst="${builddir}/certs-local"
# install certificates
${certs_local_src}/install-certs.py $certs_local_dst
# install dkms tools
dkms_src="$certs_local_src/dkms"
dkms_dst="${pkgdir}/etc/dkms"
mkdir -p $dkms_dst
rsync -a $dkms_src/{kernel-sign.conf,kernel-sign.sh} $dkms_dst/
}
_package-docs() {
....
}
# see https://wiki.archlinux.org/index.php/Kernel/Arch_Build_System
# 'Avoid creating the doc'
# pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
pkgname=("$pkgbase" "$pkgbase-headers")