# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>

pkgbase=linux-hardened-ck
_majver=4.18
_minver=6
_pkgver=${_majver}.${_minver}
_hardenedver=a
_NUMAdisable=y
_ckpatchversion=1
_ckpatchname="patch-${_majver}-ck${_ckpatchversion}"
_jcpatchversion=2
_gcc_more_v='20180509'
_srcname=linux-${_pkgver}
pkgver=${_pkgver}.${_hardenedver}
pkgrel=1
conflicts=('linux-libre-hardened-ck')
url='https://github.com/anthraxx/linux-hardened'
#url='http://ck.kolivas.org/patches/'
arch=('x86_64')
license=('GPL2')
makedepends=('xmlto' 'kmod' 'inetutils' 'bc' 'libelf')
options=('!strip')
source=(https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.xz
        https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.sign
#source=(https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz
#        https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.sign
#        https://www.kernel.org/pub/linux/kernel/v4.x/patch-${_pkgver}.xz
#        https://www.kernel.org/pub/linux/kernel/v4.x/patch-${_pkgver}.sign
        https://github.com/anthraxx/linux-hardened/releases/download/${_pkgver}.${_hardenedver}/linux-hardened-${_pkgver}.${_hardenedver}.patch{,.sig}
        patch-${_majver}-ck${_ckpatchversion}-jcmod${_jcpatchversion}.patch
        Fix_MuQSS_full_dynticks_build.patch::https://github.com/ckolivas/linux/commit/abb4fd30fa127a0e8178b975343eb01713bc2b18.patch
        #http://ck.kolivas.org/patches/4.0/${_majver}/${_majver}-ck${_ckpatchversion}/${_ckpatchname}.xz
        enable_additional_cpu_optimizations-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/$_gcc_more_v.tar.gz
        ath9k-regdom-hack.patch
        config.x86_64  # the main kernel config files
        60-linux.hook  # pacman hook for depmod
        90-linux.hook  # pacman hook for initramfs regeneration
        linux.preset   # standard config files for mkinitcpio ramdisk

        drm-i915-Increase-LSPCON-timeout.patch
        HID-core-fix-grouping-by-application.patch
)
sha256sums=('05db97fd6891217af6d4203bdc442ef2af78d7902b6a8e9bd348682704c22894'
            'SKIP'
            'd3a244e228a566d536a26fcfe57252bb6e9b61c0f070ef4bb9eaad868196bef3'
            'SKIP'
            'cb33bfe492aeef9b1fda8d448483a7ef3d3fe27448e2114a775b25beb1bd8830'
            '6e1f3cc3eb9a1e30a69ef1999f9aa6ad7f2f9fe4af7ba5dabe25d4ff19ee6740'
            '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d'
            'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503'
            'a931a1f073deada7c51ae54d8a12b3fc49c2f0b6b6bc5b6673bf634ec6f0e025'
            'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
            '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
            '2f26b6273ded6d4031fd7115fac843b7bb90df9a28da8dc1b7f49294d3d39ee7'
            '472f606f043b16336f5335021285efe3a7658fb8467917409cb58c9a57a7b0a5')
validpgpkeys=(
              'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
              '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
              '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay
              'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
             )

_kernelname=${pkgbase#linux}
: ${_kernelname:=-hardened}

prepare() {
  cd $_srcname

#  # add upstream patch
#  msg2 "Applying upstream patch"
#  patch -Np1 < ../patch-${_majver}-${_pkgver}

  # Hotfixes
  msg2 "Applying hotfixes"
  patch -p1 -i ../drm-i915-Increase-LSPCON-timeout.patch
  patch -p1 -i ../HID-core-fix-grouping-by-application.patch

  # linux hardened patch
  msg2 "Applying hardened patch"
  patch -Np1 < ../linux-hardened-${pkgver}.patch

  # graysky2 gcc patch
  msg2 "Applying graysky2 cpu patch"
  patch -p1 -i ../kernel_gcc_patch-${_gcc_more_v}/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch

  # Ignore ath9k eeprom patch
  msg2 "Applying ath9k patch"
  patch -p1 -i ../ath9k-regdom-hack.patch

  # ck patch
  msg2 "Applying ck patch"
  patch -p1 -i ../patch-${_majver}-ck${_ckpatchversion}-jcmod${_jcpatchversion}.patch

  # ck hotfix
  msg2 "Applying ck Fix_MuQSS_full_dynticks_build hotfix"
  patch -p1 -i ../Fix_MuQSS_full_dynticks_build.patch


  msg2 "Setting version..."
  sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
  scripts/setlocalversion --save-scmversion
  echo "-$pkgrel" > localversion.10-pkgrel
  echo "$_kernelname" > localversion.20-pkgname


  msg2 "Setting config..."
  cp ../config.x86_64 .config

  ### Optionally disable NUMA for 64-bit kernels only
  # (x86 kernels do not support NUMA)
  if [ -n "$_NUMAdisable" ]; then
    msg "Disabling NUMA from kernel config..."
    sed -i -e 's/CONFIG_NUMA=y/# CONFIG_NUMA is not set/' \
      -i -e '/CONFIG_AMD_NUMA=y/d' \
      -i -e '/CONFIG_X86_64_ACPI_NUMA=y/d' \
      -i -e '/CONFIG_NODES_SPAN_OTHER_NODES=y/d' \
      -i -e '/# CONFIG_NUMA_EMU is not set/d' \
      -i -e '/CONFIG_NODES_SHIFT=5/d' \
      -i -e '/CONFIG_NEED_MULTIPLE_NODES=y/d' \
      -i -e '/# CONFIG_MOVABLE_NODE is not set/d' \
      -i -e '/CONFIG_USE_PERCPU_NUMA_NODE_ID=y/d' \
      -i -e '/CONFIG_ACPI_NUMA=y/d' ./.config
  fi

  make olddefconfig
  
  make menuconfig

  make -s kernelrelease > ../version
  msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)"
}

build() {
  cd $_srcname
  make bzImage modules
}

_package() {
  pkgdesc="The ${pkgbase/linux/Linux} kernel and modules"
  [[ $pkgbase = linux ]] && groups=(base)
  depends=(coreutils linux-firmware kmod mkinitcpio)
  optdepends=('crda: to set the correct wireless channels of your country'
              'usbctl: deny_new_usb control')
  backup=("etc/mkinitcpio.d/$pkgbase.preset")
  install=linux.install

  local kernver="$(<version)"

  cd $_srcname

  msg2 "Installing boot image..."
  install -Dm644 "$(make -s image_name)" "$pkgdir/boot/vmlinuz-$pkgbase"

  msg2 "Installing modules..."
  local modulesdir="$pkgdir/usr/lib/modules/$kernver"
  mkdir -p "$modulesdir"
  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install

  # a place for external modules,
  # with version file for building modules and running depmod from hook
  local extramodules="extramodules$_kernelname"
  local extradir="$pkgdir/usr/lib/modules/$extramodules"
  install -Dt "$extradir" -m644 ../version
  ln -sr "$extradir" "$modulesdir/extramodules"

  # remove build and source links
  rm "$modulesdir"/{source,build}

  msg2 "Installing hooks..."
  # sed expression for following substitutions
  local subst="
    s|%PKGBASE%|$pkgbase|g
    s|%KERNVER%|$kernver|g
    s|%EXTRAMODULES%|$extramodules|g
  "

  # hack to allow specifying an initially nonexisting install file
  sed "$subst" "$startdir/$install" > "$startdir/$install.pkg"
  true && install=$install.pkg

  # fill in mkinitcpio preset and pacman hooks
  sed "$subst" ../linux.preset | install -Dm644 /dev/stdin \
    "$pkgdir/etc/mkinitcpio.d/$pkgbase.preset"
  sed "$subst" ../60-linux.hook | install -Dm644 /dev/stdin \
    "$pkgdir/usr/share/libalpm/hooks/60-$pkgbase.hook"
  sed "$subst" ../90-linux.hook | install -Dm644 /dev/stdin \
    "$pkgdir/usr/share/libalpm/hooks/90-$pkgbase.hook"

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-headers() {
  pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel"

  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  cd $_srcname

  msg2 "Installing build files..."
  install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux
  install -Dt "$builddir/kernel" -m644 kernel/Makefile
  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
  cp -t "$builddir" -a scripts

  # add objtool for external module building and enabled VALIDATION_STACK option
  install -Dt "$builddir/tools/objtool" tools/objtool/objtool

  # add xfs and shmem for aufs building
  mkdir -p "$builddir"/{fs/xfs,mm}

  # ???
  mkdir "$builddir/.tmp_versions"

  msg2 "Installing headers..."
  cp -t "$builddir" -a include
  cp -t "$builddir/arch/x86" -a arch/x86/include
  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  msg2 "Installing KConfig files..."
  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;

  msg2 "Removing unneeded architectures..."
  local arch
  for arch in "$builddir"/arch/*/; do
    [[ $arch = */x86/ ]] && continue
    echo "Removing $(basename "$arch")"
    rm -r "$arch"
  done

  msg2 "Removing documentation..."
  rm -r "$builddir/Documentation"

  msg2 "Removing broken symlinks..."
  find -L "$builddir" -type l -printf 'Removing %P\n' -delete

  msg2 "Removing loose objects..."
  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete

  msg2 "Stripping build tools..."
  local file
  while read -rd '' file; do
    case "$(file -bi "$file")" in
      application/x-sharedlib\;*)      # Libraries (.so)
        strip -v $STRIP_SHARED "$file" ;;
      application/x-archive\;*)        # Libraries (.a)
        strip -v $STRIP_STATIC "$file" ;;
      application/x-executable\;*)     # Binaries
        strip -v $STRIP_BINARIES "$file" ;;
      application/x-pie-executable\;*) # Relocatable binaries
        strip -v $STRIP_SHARED "$file" ;;
    esac
  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
  msg2 "Adding symlink..."
  mkdir -p "$pkgdir/usr/src"
  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase-$pkgver"


  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

pkgname=("$pkgbase" "$pkgbase-headers")
for _p in "${pkgname[@]}"; do
  eval "package_$_p() {
    $(declare -f "_package${_p#$pkgbase}")
    _package${_p#$pkgbase}
  }"
done

# vim:set ts=8 sts=2 sw=2 et: