# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Aqua-sama <aqua@iserlohn-fortress.net>
# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>

# # I maintain this because:
# Parabola version patch script does not apply consistently
# Parabola version lacks graysky gcc patch with bdver2 fix
# Parabola version lacks ath9k regdom and raid6 algo patches
# Parabola version is 300 Hz
# Parabola version supports Intel ME
# Parabola version is not configured for openrc
# Parabola version allows insecure filesystems
# Parabola version enables ISDN and Infiniband
# Parabola version enables VMware and HyperV

pkgbase=linux-libre-hardened
_majver=5.2
_minver=11
  if [ "$_minver" == "0" ]; then
    _pkgver=${_majver}
  else
    _pkgver=${_majver}.${_minver}
  fi
_gnumajver=${_majver}-gnu
_gnupkgver=${_pkgver}-gnu
_hardenedver=a
_gccpatchver='20190822'
_srcname=linux-${_majver}
pkgver=${_pkgver}.${_hardenedver}
pkgrel=1
url='https://github.com/anthraxx/linux-hardened'
arch=('x86_64')
license=('GPL2')
makedepends=(
             'xmlto' 'kmod' 'inetutils' 'bc' 'libelf'
             'python-sphinx' 'python-sphinx_rtd_theme' 'graphviz' 'imagemagick'
            )
conflicts=('linux-hardened')
options=('!strip')
source=(
        https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign}
        https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnupkgver}/patch-${_gnumajver}-${_gnupkgver}.xz{,.sign}
        https://github.com/anthraxx/linux-hardened/releases/download/${pkgver}/linux-hardened-${pkgver}.patch{,.sig}
        graysky_bdver2-hotfix.patch
        kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
        ath9k-regdom-hack.patch
        raid6-default-algo.patch
        config.x86_64  # the main kernel config files
        60-linux.hook  # pacman hook for depmod
        90-linux.hook  # pacman hook for initramfs regeneration
        linux.preset   # standard config files for mkinitcpio ramdisk
       )
sha256sums=('abbf0a5cacc1031e55f181f61b3c417bd3a37d0960f7596cbcae6ee1b96439e9'
            'SKIP'
            'e2cd6e9f7048d10ad605a7f468d2cc883b453efc533d9155c8ca4c91c02f3320'
            'SKIP'
            '56344b42262982e39b5a196f33e915a5e37796aa089dfc26979c9cb6ffcd4364'
            'SKIP'
            'c5405139aa0a90a6f68f6a13e066a2bd0600c970f9f525cd3aa114b044a7f73b'
            '8c11086809864b5cef7d079f930bd40da8d0869c091965fa62e95de9a0fe13b5'
            'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503'
            '0f81d6e4158b7beeb0eb514f1b9401f7e23699cb0f7b0d513e25dae1815daaeb'
            'fbb89cb02ad22a2747784012fc6d07d6d5dbeceda72a308c9d1de0682902817e'
            'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
            '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
validpgpkeys=(
              '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
              'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
             )

_kernelname=${pkgbase#linux-libre}
: ${_kernelname:=-hardened}

prepare() {
  cd $_srcname

  # add upstream patch
  if [ "$_minver" != "0" ]; then
    msg2 "Applying upstream patch"
    patch -Np1 < ../patch-${_gnumajver}-${_gnupkgver}
  fi

  # Hotfixes
#  msg2 "Applying hotfixes"

  # linux hardened patch
  msg2 "Applying hardened patch"
  patch -Np1 < ../linux-hardened-${pkgver}.patch
  

  # graysky gcc hotfixes
  msg2 "Applying graysky gcc patch hotfixes"
  patch -p1 -i ../graysky_bdver2-hotfix.patch "$srcdir/kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v9.1+_kernel_v4.13+.patch"

  # graysky gcc patch
  msg2 "Applying graysky cpu patch"
  patch -p1 -i ../kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v9.1+_kernel_v4.13+.patch


  # Ignore ath9k eeprom patch
  msg2 "Applying ath9k patch"
  patch -p1 -i ../ath9k-regdom-hack.patch

  # Set default raid6 algo patch
  msg2 " Applying raid6 patch"
  patch -p1 -i ../raid6-default-algo.patch


  msg2 "Setting version..."
  sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
  scripts/setlocalversion --save-scmversion
  echo "-$pkgrel" > localversion.10-pkgrel
  echo "-libre$_kernelname" > localversion.20-pkgname


  msg2 "Setting config..."
  # we are in src/linux-x.yy.zz, looking for a config next to the pkgbuild
#  if [ -f ${SRCDEST}/config.libre-hardened.previous ]; then
#    cp ${SRCDEST}/config.libre-hardened.previous .config
#  else
    cp ../config.x86_64 .config
#  fi

  make olddefconfig

  make menuconfig

  # Remove sublevel when no sublevel exists
  if [ "$_minver" == "0" ]; then
    sed -i '/SUBLEVEL = 0/d' Makefile
  fi

  make -s kernelrelease > ../version

  # workaround for make -s kernelrelease not applying
  # localversion to version when changed using menuconfig
  grep -Po '(?<=CONFIG_LOCALVERSION=").*(?=")' .config > ../localversion
  echo "$_pkgver" > ../version.temp
  echo ".$_hardenedver" >> ../version.temp
  cat "localversion.10-pkgrel" >> ../version.temp
  cat "localversion.20-pkgname" >> ../version.temp
  cat ../localversion >> ../version.temp
  cat ../version.temp | tr -d "\n" > ../version

  # back up the config
#  msg2 "Backing up config..."
#  cp .config ${SRCDEST}/config.libre-hardened.previous

  msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)"
}

build() {
  cd $_srcname
  make bzImage modules htmldocs
}

_package() {
  pkgdesc="The ${pkgbase/linux/Linux} kernel and modules"
  [[ ${pkgbase} = linux-libre ]] && groups=(base)
  depends=(coreutils linux-libre-firmware kmod mkinitcpio)
  optdepends=('crda: to set the correct wireless channels of your country'
              'usbctl: deny_new_usb control')
  backup=("etc/mkinitcpio.d/$pkgbase.preset")
  install=linux.install

  local kernver="$(<version)"
  local modulesdir="$pkgdir/usr/lib/modules/$kernver"

  cd $_srcname

  msg2 "Installing boot image..."
  install -Dm644 "$(make -s image_name)" "$pkgdir/boot/vmlinuz-$pkgbase"

  msg2 "Installing modules..."
  mkdir -p "$modulesdir"
  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install

  # a place for external modules,
  # with version file for building modules and running depmod from hook
  local extramodules="extramodules$_kernelname"
  local extradir="$pkgdir/usr/lib/modules/$extramodules"
  install -Dt "$extradir" -m644 ../version
  ln -sr "$extradir" "$modulesdir/extramodules"

  # remove build and source links
  rm "$modulesdir"/{source,build}

  msg2 "Installing hooks..."
  # sed expression for following substitutions
  local subst="
    s|%PKGBASE%|$pkgbase|g
    s|%KERNVER%|$kernver|g
    s|%EXTRAMODULES%|$extramodules|g
  "

  # hack to allow specifying an initially nonexisting install file
  sed "$subst" "$startdir/$install" > "$startdir/$install.pkg"
  true && install=$install.pkg

  # fill in mkinitcpio preset and pacman hooks
  sed "$subst" ../linux.preset | install -Dm644 /dev/stdin \
    "$pkgdir/etc/mkinitcpio.d/$pkgbase.preset"
  sed "$subst" ../60-linux.hook | install -Dm644 /dev/stdin \
    "$pkgdir/usr/share/libalpm/hooks/60-$pkgbase.hook"
  sed "$subst" ../90-linux.hook | install -Dm644 /dev/stdin \
    "$pkgdir/usr/share/libalpm/hooks/90-$pkgbase.hook"

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-headers() {
  pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel"

  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  cd $_srcname

  msg2 "Installing build files..."
  install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux
  install -Dt "$builddir/kernel" -m644 kernel/Makefile
  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
  cp -t "$builddir" -a scripts

  # add objtool for external module building and enabled VALIDATION_STACK option
  if [[ -e tools/objtool/objtool ]]; then
    install -Dt "$builddir/tools/objtool" tools/objtool/objtool
  fi

  # add xfs and shmem for aufs building
  mkdir -p "$builddir"/{fs/xfs,mm}

  # ???
  mkdir "$builddir/.tmp_versions"

  msg2 "Installing headers..."
  cp -t "$builddir" -a include
  cp -t "$builddir/arch/x86" -a arch/x86/include
  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  msg2 "Installing KConfig files..."
  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;

  msg2 "Removing unneeded architectures..."
  local arch
  for arch in "$builddir"/arch/*/; do
    [[ $arch = */x86/ ]] && continue
    echo "Removing $(basename "$arch")"
    rm -r "$arch"
  done

  msg2 "Removing documentation..."
  rm -r "$builddir/Documentation"

  msg2 "Removing broken symlinks..."
  find -L "$builddir" -type l -printf 'Removing %P\n' -delete

  msg2 "Removing loose objects..."
  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete

  msg2 "Stripping build tools..."
  local file
  while read -rd '' file; do
    case "$(file -bi "$file")" in
      application/x-sharedlib\;*)      # Libraries (.so)
        strip -v $STRIP_SHARED "$file" ;;
      application/x-archive\;*)        # Libraries (.a)
        strip -v $STRIP_STATIC "$file" ;;
      application/x-executable\;*)     # Binaries
        strip -v $STRIP_BINARIES "$file" ;;
      application/x-pie-executable\;*) # Relocatable binaries
        strip -v $STRIP_SHARED "$file" ;;
    esac
  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)

  msg2 "Adding symlink..."
  mkdir -p "$pkgdir/usr/src"
  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase-$pkgver"

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-docs() {
  pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel"

  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  cd $_srcname

  msg2 "Installing documentation..."
  mkdir -p "$builddir"
  cp -t "$builddir" -a Documentation

  msg2 "Removing doctrees..."
  rm -r "$builddir/Documentation/output/.doctrees"

  msg2 "Moving HTML docs..."
  local src dst
  while read -rd '' src; do
    dst="$builddir/Documentation/${src#$builddir/Documentation/output/}"
    mkdir -p "${dst%/*}"
    mv "$src" "$dst"
    rmdir -p --ignore-fail-on-non-empty "${src%/*}"
  done < <(find "$builddir/Documentation/output" -type f -print0)

  msg2 "Adding symlink..."
  mkdir -p "$pkgdir/usr/share/doc"
  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
for _p in "${pkgname[@]}"; do
  eval "package_$_p() {
    $(declare -f "_package${_p#$pkgbase}")
    _package${_p#$pkgbase}
  }"
done