# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Aqua-sama <aqua@iserlohn-fortress.net>
# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>

# # I maintain this because:
# Parabola version patch script does not apply consistently
# Parabola version lacks graysky gcc patch with bdver2 fix
# Parabola version lacks ath9k regdom and raid6 algo patches
# Parabola version is 300 Hz
# Parabola version does not disable lockdown eee
# Parabola version allows insecure filesystems
# Parabola version enables ISDN and Infiniband
# Parabola version enables VMware and HyperV

_pkgbase=linux-hardened
pkgbase=linux-libre-hardened
_supver=5
_majver=5
_minver=13
_hardenedver=a
_gccpatchver='20191217'
_gccpatchger='9.1'
_gccpatchker='5.5'
  if [ "$_minver" == "0" ]; then
    _pkgver=${_supver}.${_majver}
  else
    _pkgver=${_supver}.${_majver}.${_minver}
  fi
pkgver=${_pkgver}.${_hardenedver}
pkgrel=1
pkgdesc='Linux-libre-hardened'
url='https://github.com/anthraxx/linux-hardened'
arch=(x86_64)
license=(GPL2)
makedepends=(
  bc kmod libelf
  xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
)
#provides=('linux-libre-hardened')
conflicts=('linux-hardened')
options=('!strip')
_srcname=linux-${_supver}.${_majver}
_gnumajver=${_supver}.${_majver}-gnu
_gnupkgver=${_pkgver}-gnu
source=(
  https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign}
  https://github.com/anthraxx/${_pkgbase}/releases/download/${pkgver}/${_pkgbase}-${pkgver}.patch{,.sig}
  0002-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch
  0003-drm-Remove-PageReserved-manipulation-from-drm_pci_al.patch
  0004-drm_915_Serialise_i915_active_acquire_with__active_retire.patch
  0005-drm_i915_gem_Take_runtime-pm_wakeref_prior_to_unbinding.patch
  0006-drm-915-gem-Avoid-parking-the-vma-as-we-unbind.patch
  0007-drm-i915-gem-Try-to-flush-pending-unbind-events.patch
  0008-drm-i915-gem-Reinitialise-the-local-list-before-repeating.patch
  0009-drm-i915-Add-a-simple-is-bound-check-before-unbinding.patch
  0010-drm-i915-Introduce-a-vma.kref.patch
  0011-iwlwifi-dont-send-GEO_TX_POWER_LIMIT-if-no-wgds-table.patch
  graysky_bdver2-hotfix.patch
  kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
  ath9k-regdom-hack.patch
  raid6-default-algo.patch
  config         # the main kernel config file
)
  if [ "$_minver" != "0" ]; then
    source+=(https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnupkgver}/patch-${_gnumajver}-${_gnupkgver}.xz{,.sign})
  fi
validpgpkeys=(
  '474402C8C582DAFBE389C427BCB7CF877E7D47A7'  # Alexandre Oliva
  'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
)
b2sums=('a4d4c927af24f61aba451cc21117c5a508ab2037b81ca6add19b4838940f8f321c8bf14b2d35e388f93801d92b296a998c15d2aac92dc2df761322e7ea37dd1d'
        'SKIP'
        'd0d1ed49e1f6b537137b486fb4092e1a1ef79c6fbdb9ce36a842a67e176090bf11cac4baf53356ccbb4a1c09689ae130bb1721ba779fdd231c03f46b08df04d0'
        'SKIP'
        '2e822cf7d4ff8b7458e22d3ce110fd8534e17a9aac2feace41c591f70697e1fab7bd9ce307c60a6361fbe525d10dab74c8b76fcb5276cd27f6e945f8fdfcc25c'
        'd8027cd96a447ea0987a67f3e65d157bb3d396069a944b140610f74c663677fe45e171e96a92dfd5eda8f71a5c715fd8114ee0e60b7620bc401a2a548bcf83cc'
        'df41200d86f1fd493861d4b4a091ec5f853ce7668ec9712f57e574ce2c1a94c7054ec8abcdf947086e5f98b0cdde73523521552536c91373dacdd10c4ecf4c1a'
        'f4d5f82c5deb981f475fd18a408e23b5f170e23c7a49c3563171e55abd78c07c475a7a9c67850c4a3665ce3447cd7b5fb3171e47af8cd8077822f2a6679cfd9b'
        '70d02b7fc8b26c783eaabafb9bef5d3895c0031642dc8b71d8737762722695221340315576433d1544b79b37446212ce5e3d0936f695af307b3344a717274ba8'
        '5909775c40e31588072e052d28daa4472b7b0e0cb124d631bfa967ce398b9cf44afb6937f5f4ec709b0430f0a27262ce876c7d3ca71fae821138671bc492176f'
        'c1410e2d53dd7afb6d68f75c557774e37f466a5b5b7432ec6802b2c2a9644c8a6b5fcd38a76781b9229a9cb2cf4c0c55129ee050918577937d91dd7ee789f3b8'
        '63e9e6ceda80243910c073ec81555f2781d75ac4b3cb5000c1328f2624f7be840684b0f383768020e82bce502aa90a1c8729f7b3e91c099652075a42da2187cf'
        '078bb20a03b7e43ad0685b0c3f6a54f1c4bd32d25e0f6c6434100c6f5f5bc27cd6281bf2134b7c7034e6aa448d895d23c20d32f7d1cc40e55f0735af777694a3'
        '7b56fe6d171bc9f5154fd6dd89e6678f7e65f26d53551ebc758142a3440cb796b8f7badc361b1e19ff70dfc842dce235fb3b476d35994cb0022157ae64e28cf3'
        '1892bd22775eac3bcc4d37f4fd30c95346bf3a0888cbbff57fd614973b525390dff2e315ce35b2e498523cceaab94ff21a80475dee8df3de4dd8fc0fab07d74e'
        'd76bd0bf237ea2bb7999fd3715cb664d89148cb0ade8057d57cdb40bc0a7954336e50ee077312e5e192398b0f35f055786deb98af9130d57e60f2ea040fbb66f'
        '2e58bb89b247b1678355368956e67c1de51fcde97a227b2162f6771e30f17fa5520faafe7be4b6816a542e7ae10d05f64c6b6354f352c12746d4b8da632936dd'
        'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a'
        '59e91b346412d1be04cede5c8bf975c171f0d9fdb1aa034fb377f9f12ff837c99d8fb3af95316354a977d0f495d373863a61fbc5f4d9a6a532330aa6993c4b14'
        'd10810b3f96821965cfb106a53302329a346815b78ef5720dbd3b9065a0542034a4e071133459e4288304de5658c5509847ee8e6770a4d553593ed815034a0fb'
        'SKIP')

export KBUILD_BUILD_HOST=$pkgbase
export KBUILD_BUILD_USER=$pkgbase
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"

prepare() {
  cd $_srcname

  # add upstream patch
  if [ "$_minver" != "0" ]; then
    echo "Applying upstream patch"
    patch -Np1 < ../patch-${_gnumajver}-${_gnupkgver}
  fi


  # Hotfixes
  echo "Applying hotfixes"
  patch -p1 -i ../0002-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch
  patch -p1 -i ../0003-drm-Remove-PageReserved-manipulation-from-drm_pci_al.patch
  patch -p1 -i ../0004-drm_915_Serialise_i915_active_acquire_with__active_retire.patch
  patch -p1 -i ../0005-drm_i915_gem_Take_runtime-pm_wakeref_prior_to_unbinding.patch
  patch -p1 -i ../0006-drm-915-gem-Avoid-parking-the-vma-as-we-unbind.patch
  patch -p1 -i ../0007-drm-i915-gem-Try-to-flush-pending-unbind-events.patch
  patch -p1 -i ../0008-drm-i915-gem-Reinitialise-the-local-list-before-repeating.patch
  patch -p1 -i ../0009-drm-i915-Add-a-simple-is-bound-check-before-unbinding.patch
  patch -p1 -i ../0010-drm-i915-Introduce-a-vma.kref.patch
  patch -p1 -i ../0011-iwlwifi-dont-send-GEO_TX_POWER_LIMIT-if-no-wgds-table.patch


  # linux hardened patch
  echo "Applying hardened patch"
  patch -Np1 < ../linux-hardened-${pkgver}.patch
  

  # graysky gcc hotfixes
  echo "Applying graysky gcc patch hotfixes"
  patch -p1 -i ../graysky_bdver2-hotfix.patch "$srcdir/kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v${_gccpatchger}+_kernel_v${_gccpatchker}+.patch"

  # graysky gcc patch
  echo "Applying graysky cpu patch"
  patch -p1 -i ../kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v${_gccpatchger}+_kernel_v${_gccpatchker}+.patch


  # Ignore ath9k eeprom patch
  echo "Applying ath9k patch"
  patch -p1 -i ../ath9k-regdom-hack.patch

  # Set default raid6 algo patch
  echo " Applying raid6 patch"
  patch -p1 -i ../raid6-default-algo.patch


  echo "Setting version..."
  sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
  scripts/setlocalversion --save-scmversion
  echo "-$pkgrel" > localversion.10-pkgrel
  echo "${pkgbase#linux}" > localversion.20-pkgname


  echo "Setting config..."
  # we are in src/linux-x.yy.zz, looking for a config next to the pkgbuild
#  if [ -f ${SRCDEST}/config.libre-hardened.previous ]; then
#    cp ${SRCDEST}/config.libre-hardened.previous .config
#  else
    cp ../config .config
#  fi

  make olddefconfig

  make menuconfig

  # Remove sublevel when no sublevel exists
  if [ "$_minver" == "0" ]; then
    sed -i '/SUBLEVEL = 0/d' Makefile
  fi

  make -s kernelrelease > version

  # workaround for make -s kernelrelease not applying
  # localversion to version when changed using menuconfig
  grep -Po '(?<=CONFIG_LOCALVERSION=").*(?=")' .config > ../localversion
  echo "$_pkgver" > ../version.temp
  echo ".$_hardenedver" >> ../version.temp
  cat "localversion.10-pkgrel" >> ../version.temp
  cat "localversion.20-pkgname" >> ../version.temp
  cat ../localversion >> ../version.temp
  cat ../version.temp | tr -d "\n" > version

  # back up the config
#  echo "Backing up config..."
#  cp .config ${SRCDEST}/config.libre-hardened.previous

  echo "Prepared %s version %s" "$pkgbase" "$(<version)"
}

build() {
  cd $_srcname
  make all
  make htmldocs
}

_package() {
  pkgdesc="The $pkgdesc kernel and modules"
  depends=(coreutils kmod initramfs)
  optdepends=('crda: to set the correct wireless channels of your country'
              'linux-libre-firmware: firmware images needed for some devices'
              'usbctl-libre: deny_new_usb control')

  cd $_srcname
  local kernver="$(<version)"
  local modulesdir="$pkgdir/usr/lib/modules/$kernver"

  echo "Installing boot image..."
  # systemd expects to find the kernel here to allow hibernation
  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"

  # Used by mkinitcpio to name the kernel
  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"

  echo "Installing modules..."
  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install

  # remove build and source links
  rm "$modulesdir"/{source,build}

  echo "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-headers() {
  pkgdesc="Header files and scripts for building modules for $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  echo "Installing build files..."
  install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
    localversion.* version vmlinux
  install -Dt "$builddir/kernel" -m644 kernel/Makefile
  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
  cp -t "$builddir" -a scripts

  # add objtool for external module building and enabled VALIDATION_STACK option
  if [[ -e tools/objtool/objtool ]]; then
    install -Dt "$builddir/tools/objtool" tools/objtool/objtool
  fi

  # add xfs and shmem for aufs building
  mkdir -p "$builddir"/{fs/xfs,mm}

  echo "Installing headers..."
  cp -t "$builddir" -a include
  cp -t "$builddir/arch/x86" -a arch/x86/include
  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  echo "Installing KConfig files..."
  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;

  echo "Removing unneeded architectures..."
  local arch
  for arch in "$builddir"/arch/*/; do
    [[ $arch = */x86/ ]] && continue
    echo "Removing $(basename "$arch")"
    rm -r "$arch"
  done

  echo "Removing documentation..."
  rm -r "$builddir/Documentation"

  echo "Removing broken symlinks..."
  find -L "$builddir" -type l -printf 'Removing %P\n' -delete

  echo "Removing loose objects..."
  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete

  echo "Stripping build tools..."
  local file
  while read -rd '' file; do
    case "$(file -bi "$file")" in
      application/x-sharedlib\;*)      # Libraries (.so)
        strip -v $STRIP_SHARED "$file" ;;
      application/x-archive\;*)        # Libraries (.a)
        strip -v $STRIP_STATIC "$file" ;;
      application/x-executable\;*)     # Binaries
        strip -v $STRIP_BINARIES "$file" ;;
      application/x-pie-executable\;*) # Relocatable binaries
        strip -v $STRIP_SHARED "$file" ;;
    esac
  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)

  echo "Adding symlink..."
  mkdir -p "$pkgdir/usr/src"
  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"

  echo "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-docs() {
  pkgdesc="Documentation for the $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  echo "Installing documentation..."
  local src dst
  while read -rd '' src; do
  dst="${src#Documentation/}"
  dst="$builddir/Documentation/${dst#output/}"
  install -Dm644 "$src" "$dst"
  done < <(find Documentation -name '.*' -prune -o ! -type d -print0)

  echo "Adding symlink..."
  mkdir -p "$pkgdir/usr/share/doc"
  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"

  echo "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
for _p in "${pkgname[@]}"; do
  eval "package_$_p() {
    $(declare -f "_package${_p#$pkgbase}")
    _package${_p#$pkgbase}
  }"
done