# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Aqua-sama <aqua@iserlohn-fortress.net>
# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>

# # I maintain this because:
# Parabola version patch script does not apply consistently
# Parabola version lacks graysky gcc patch with bdver2 fix
# Parabola version lacks ath9k regdom and raid6 algo patches
# Parabola version is 300 Hz
# Parabola version supports Intel ME
# Parabola version allows insecure filesystems
# Parabola version enables ISDN and Infiniband
# Parabola version enables VMware and HyperV

_pkgbase=linux-hardened
pkgbase=linux-libre-hardened
_supver=5
_majver=4
_minver=12
_hardenedver=a
_gccpatchver='20190822'
  if [ "$_minver" == "0" ]; then
    _pkgver=${_supver}.${_majver}
  else
    _pkgver=${_supver}.${_majver}.${_minver}
  fi
pkgver=${_pkgver}.${_hardenedver}
pkgrel=1
pkgdesc='Linux-libre-hardened'
url='https://github.com/anthraxx/linux-hardened'
arch=(x86_64)
license=(GPL2)
makedepends=(
  bc kmod libelf
  xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
)
#provides=('linux-libre-hardened')
conflicts=('linux-hardened')
options=('!strip')
_srcname=linux-${_supver}.${_majver}
_gnumajver=${_supver}.${_majver}-gnu
_gnupkgver=${_pkgver}-gnu
source=(
  https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign}
  https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnupkgver}/patch-${_gnumajver}-${_gnupkgver}.xz{,.sign}
  0002-lib-devres-add-a-helper-function-for-ioremap_uc.patch
  0003-mfd-intel-lpss-Use-devm_ioremap_uc-for-MMIO.patch
  0004-PCI-pciehp-Do-not-disable-interrupt-twice-on-suspend.patch
  0005-PCI-pciehp-Prevent-deadlock-on-disconnect.patch
  0006-ACPI-PM-s2idle-Rework-ACPI-events-synchronization.patch
  0007-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch
  0008-drm-i915-save-AUD_FREQ_CNTRL-state-at-audio-domain-s.patch
  0009-drm-i915-Fix-audio-power-up-sequence-for-gen10-displ.patch
  0010-drm-i915-extend-audio-CDCLK-2-BCLK-constraint-to-mor.patch
  0011-drm-i915-Limit-audio-CDCLK-2-BCLK-constraint-back-to.patch
  0012-pinctrl-sunrisepoint-Add-missing-Interrupt-Status-re.patch
  0013-Revert-iwlwifi-mvm-fix-scan-config-command-size.patch
  0014-e1000e-Revert-e1000e-Make-watchdog-use-delayed-work.patch
  https://github.com/anthraxx/${_pkgbase}/releases/download/${pkgver}/${_pkgbase}-${pkgver}.patch{,.sig}
  graysky_bdver2-hotfix.patch
  kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
  ath9k-regdom-hack.patch
  raid6-default-algo.patch
  config         # the main kernel config file
)
validpgpkeys=(
  '474402C8C582DAFBE389C427BCB7CF877E7D47A7'  # Alexandre Oliva
  'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
)
b2sums=('43270fe22aeaba6f8c4fc72423176d7eea993ec85b561695f624fbca9702dfabae0a3ee15cb3881d0c7a5b80f979f307e5a39a4ec0fcd28456ece2012bb30e0e'
        'SKIP'
        '40a591ca0602bdbbcaaa0b84ee0675d801d21b87102be21d9fceebc88475d9016ab70d7609db7df6150931a225ac50f1760cb2d469e835479d4cce8a9b040e21'
        'SKIP'
        '3696586612832416f5f1433eca3e0734467357e1771dfbd411a8b21976659e92633188b2c2d904c05cbd7123c19d06b2ce1d2063aa2e0a21647207ca5cf71f53'
        '38b90c7e270501527979413bd280e0c129a23759b6d950f8631336fa636c8511d040bd0408badd63ffc9e2f9144ee35bc8360e63831e9412974bb7fdeba5a3f7'
        'e62bb44e4c097026e47b488c9022ffd1efd142c8c6600807c23caeab821d433d3e026a00886bf22472e66b027175a71efe0042bd6334d017d23756459fa7745b'
        '4af9bd681816575959158ebcf36d92f0fedb9d0f5d5112c9aa0dcb84119dd904652bb0478dc6cb28660206ce6982558ac707e018d15b25c5957e9d3016132a63'
        '818f30e6af0399e7357d02b8858bc8dc499f74face06a6465745f79db2f3a2b83ab477b0b1354c597b17fbbef3ddd131d077120fad87debb3d47984cdf3e5f39'
        '852e1603247dc9e71e6aee2d3c2e21422d96cbce61ea3b65e660a6662cca75012d81e195bc4ef39276aaff0eba222745f956d94a9c215b6a9c57fe1014336e09'
        '3e67757e7e88eb6d5badbfa904796397ad88681b40992798099604179852c7c10c0f401992ee6f24f2175a75afe11078182351588425da4e9bff812e0d16361a'
        '286d054b866d50c908e4404a81420e05bd438c7f0a5107a9f701eb999281ad6cfeaeb372cf0f777e85d3f36d00e4d3570dffa4264384dc485ba3ff3ac282cda2'
        'd6ada06c39dce7cfd2799b4a6b8784bdebfb8faf3bb88efa55350d3c343bf8e5d3a2c30e7eb00ad85da05b9e68cea63a3a87c3cd9f320beeb9888000943da11b'
        '1d3cfb6c115c37c1c844c8d82253dd0ea6314265630a453f63ccb88cbbebb6e3ff1caf9a50b626e7eefa5d0ffb9d574395c1328a308425f5fe2a4704cfb2b2df'
        '2f0298d78228e73ed89763281ec7310ccaac0671007d325300c74085bce690c523dccaf335b4b1c3767bdfccc2749bbbfc270fb7f96007522dc210e1e8ce6d94'
        'a073d1a2baf8064146a08920eef4cd4c65730b1294ed07a641cce162c0f3aca6fef9c07b3ca3c02a9b216b67c67533598858afd6a016bba30bb4f415975f4999'
        'af7a16237c1e918e625c9ca6d9f6acdbba5d85abf5154bfbe9eb9609a88a5ea2e7e1c949a67e8e9e39450e0063dd1d3645e3f4525296da513bdd5456b40a0213'
        '8320f06dc9d45d12e6bcfba9f81e3b9b6b87fd0f7f44520fc0c1b4a694514273dc30cb5f04b87e17fb49ffacd2cf5c154db6b00d0635812e3faf850880cd71d8'
        'SKIP'
        '1892bd22775eac3bcc4d37f4fd30c95346bf3a0888cbbff57fd614973b525390dff2e315ce35b2e498523cceaab94ff21a80475dee8df3de4dd8fc0fab07d74e'
        '0b11c09e01a7480466d5237a8792c941c9af3e8d6584ffd84285cd9569f5355c10879566ce5846ef9263535020c53e1aa6c58100a571b537ccb7f2431baf7996'
        '2e58bb89b247b1678355368956e67c1de51fcde97a227b2162f6771e30f17fa5520faafe7be4b6816a542e7ae10d05f64c6b6354f352c12746d4b8da632936dd'
        'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a'
        '7a08279e1ab29cb4a2b2b3e5ff2743f5fb6fc5a2dbaf71a8adaefaf28b6df82f442e1ebc89532829ea304462efdcb7df3ffd26bb4e23ae6ccea559cb723d167a')

export KBUILD_BUILD_HOST=$pkgbase
export KBUILD_BUILD_USER=$pkgbase
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"

prepare() {
  cd $_srcname

  # add upstream patch
  if [ "$_minver" != "0" ]; then
    echo "Applying upstream patch"
    patch -Np1 < ../patch-${_gnumajver}-${_gnupkgver}
  fi


  # Hotfixes
  echo "Applying hotfixes"
  patch -p1 -i ../0002-lib-devres-add-a-helper-function-for-ioremap_uc.patch
  patch -p1 -i ../0003-mfd-intel-lpss-Use-devm_ioremap_uc-for-MMIO.patch
  patch -p1 -i ../0004-PCI-pciehp-Do-not-disable-interrupt-twice-on-suspend.patch
  patch -p1 -i ../0005-PCI-pciehp-Prevent-deadlock-on-disconnect.patch
  patch -p1 -i ../0006-ACPI-PM-s2idle-Rework-ACPI-events-synchronization.patch
  patch -p1 -i ../0007-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch
  patch -p1 -i ../0008-drm-i915-save-AUD_FREQ_CNTRL-state-at-audio-domain-s.patch
  patch -p1 -i ../0009-drm-i915-Fix-audio-power-up-sequence-for-gen10-displ.patch
  patch -p1 -i ../0010-drm-i915-extend-audio-CDCLK-2-BCLK-constraint-to-mor.patch
  patch -p1 -i ../0011-drm-i915-Limit-audio-CDCLK-2-BCLK-constraint-back-to.patch
  patch -p1 -i ../0012-pinctrl-sunrisepoint-Add-missing-Interrupt-Status-re.patch
  patch -p1 -i ../0013-Revert-iwlwifi-mvm-fix-scan-config-command-size.patch
  patch -p1 -i ../0014-e1000e-Revert-e1000e-Make-watchdog-use-delayed-work.patch


  # linux hardened patch
  echo "Applying hardened patch"
  patch -Np1 < ../linux-hardened-${pkgver}.patch
  

  # graysky gcc hotfixes
  echo "Applying graysky gcc patch hotfixes"
  patch -p1 -i ../graysky_bdver2-hotfix.patch "$srcdir/kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v9.1+_kernel_v4.13+.patch"

  # graysky gcc patch
  echo "Applying graysky cpu patch"
  patch -p1 -i ../kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v9.1+_kernel_v4.13+.patch


  # Ignore ath9k eeprom patch
  echo "Applying ath9k patch"
  patch -p1 -i ../ath9k-regdom-hack.patch

  # Set default raid6 algo patch
  echo " Applying raid6 patch"
  patch -p1 -i ../raid6-default-algo.patch


  echo "Setting version..."
  sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
  scripts/setlocalversion --save-scmversion
  echo "-$pkgrel" > localversion.10-pkgrel
  echo "${pkgbase#linux}" > localversion.20-pkgname


  echo "Setting config..."
  # we are in src/linux-x.yy.zz, looking for a config next to the pkgbuild
#  if [ -f ${SRCDEST}/config.libre-hardened.previous ]; then
#    cp ${SRCDEST}/config.libre-hardened.previous .config
#  else
    cp ../config .config
#  fi

  make olddefconfig

  make menuconfig

  # Remove sublevel when no sublevel exists
  if [ "$_minver" == "0" ]; then
    sed -i '/SUBLEVEL = 0/d' Makefile
  fi

  make -s kernelrelease > version

  # workaround for make -s kernelrelease not applying
  # localversion to version when changed using menuconfig
  grep -Po '(?<=CONFIG_LOCALVERSION=").*(?=")' .config > ../localversion
  echo "$_pkgver" > ../version.temp
  echo ".$_hardenedver" >> ../version.temp
  cat "localversion.10-pkgrel" >> ../version.temp
  cat "localversion.20-pkgname" >> ../version.temp
  cat ../localversion >> ../version.temp
  cat ../version.temp | tr -d "\n" > version

  # back up the config
#  echo "Backing up config..."
#  cp .config ${SRCDEST}/config.libre-hardened.previous

  echo "Prepared %s version %s" "$pkgbase" "$(<version)"
}

build() {
  cd $_srcname
  make bzImage modules htmldocs
}

_package() {
  pkgdesc="The $pkgdesc kernel and modules"
  depends=(coreutils kmod initramfs)
  optdepends=('crda: to set the correct wireless channels of your country'
              'linux-libre-firmware: firmware images needed for some devices'
              'usbctl-libre: deny_new_usb control')

  cd $_srcname
  local kernver="$(<version)"
  local modulesdir="$pkgdir/usr/lib/modules/$kernver"

  echo "Installing boot image..."
  # systemd expects to find the kernel here to allow hibernation
  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"

  # Used by mkinitcpio to name the kernel
  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"

  echo "Installing modules..."
  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install

  # remove build and source links
  rm "$modulesdir"/{source,build}

  echo "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-headers() {
  pkgdesc="Header files and scripts for building modules for $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  echo "Installing build files..."
  install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
    localversion.* version vmlinux
  install -Dt "$builddir/kernel" -m644 kernel/Makefile
  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
  cp -t "$builddir" -a scripts

  # add objtool for external module building and enabled VALIDATION_STACK option
  if [[ -e tools/objtool/objtool ]]; then
    install -Dt "$builddir/tools/objtool" tools/objtool/objtool
  fi

  # add xfs and shmem for aufs building
  mkdir -p "$builddir"/{fs/xfs,mm}

  echo "Installing headers..."
  cp -t "$builddir" -a include
  cp -t "$builddir/arch/x86" -a arch/x86/include
  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  echo "Installing KConfig files..."
  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;

  echo "Removing unneeded architectures..."
  local arch
  for arch in "$builddir"/arch/*/; do
    [[ $arch = */x86/ ]] && continue
    echo "Removing $(basename "$arch")"
    rm -r "$arch"
  done

  echo "Removing documentation..."
  rm -r "$builddir/Documentation"

  echo "Removing broken symlinks..."
  find -L "$builddir" -type l -printf 'Removing %P\n' -delete

  echo "Removing loose objects..."
  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete

  echo "Stripping build tools..."
  local file
  while read -rd '' file; do
    case "$(file -bi "$file")" in
      application/x-sharedlib\;*)      # Libraries (.so)
        strip -v $STRIP_SHARED "$file" ;;
      application/x-archive\;*)        # Libraries (.a)
        strip -v $STRIP_STATIC "$file" ;;
      application/x-executable\;*)     # Binaries
        strip -v $STRIP_BINARIES "$file" ;;
      application/x-pie-executable\;*) # Relocatable binaries
        strip -v $STRIP_SHARED "$file" ;;
    esac
  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)

  echo "Adding symlink..."
  mkdir -p "$pkgdir/usr/src"
  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"

  echo "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-docs() {
  pkgdesc="Documentation for the $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  echo "Installing documentation..."
  local src dst
  while read -rd '' src; do
  dst="${src#Documentation/}"
  dst="$builddir/Documentation/${dst#output/}"
  install -Dm644 "$src" "$dst"
  done < <(find Documentation -name '.*' -prune -o ! -type d -print0)

  echo "Adding symlink..."
  mkdir -p "$pkgdir/usr/share/doc"
  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"

  echo "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
for _p in "${pkgname[@]}"; do
  eval "package_$_p() {
    $(declare -f "_package${_p#$pkgbase}")
    _package${_p#$pkgbase}
  }"
done