# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Aqua-sama <aqua@iserlohn-fortress.net>
# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>

# # I maintain this because:
# Parabola version patch script does not apply consistently
# Parabola version lacks graysky gcc patch with bdver2 fix
# Parabola version lacks ath9k regdom and raid6 algo patches
# Parabola version is 300 Hz
# Parabola version supports Intel ME
# Parabola version allows insecure filesystems
# Parabola version enables ISDN and Infiniband
# Parabola version enables VMware and HyperV

_pkgbase=linux-hardened
pkgbase=linux-libre-hardened
_supver=5
_majver=4
_minver=10
_hardenedver=a
_gccpatchver='20190822'
  if [ "$_minver" == "0" ]; then
    _pkgver=${_supver}.${_majver}
  else
    _pkgver=${_supver}.${_majver}.${_minver}
  fi
pkgver=${_pkgver}.${_hardenedver}
pkgrel=1
pkgdesc='Linux-libre-hardened'
url='https://github.com/anthraxx/linux-hardened'
arch=(x86_64)
license=(GPL2)
makedepends=(
  bc kmod libelf
  xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
)
#provides=('linux-libre-hardened')
conflicts=('linux-hardened')
options=('!strip')
_srcname=linux-${_supver}.${_majver}
_gnumajver=${_supver}.${_majver}-gnu
_gnupkgver=${_pkgver}-gnu
source=(
  https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign}
  https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnupkgver}/patch-${_gnumajver}-${_gnupkgver}.xz{,.sign}
  0002-lib-devres-add-a-helper-function-for-ioremap_uc.patch
  0003-mfd-intel-lpss-Use-devm_ioremap_uc-for-MMIO.patch
  0004-PCI-pciehp-Do-not-disable-interrupt-twice-on-suspend.patch
  0005-PCI-pciehp-Prevent-deadlock-on-disconnect.patch
  0006-ACPI-PM-s2idle-Rework-ACPI-events-synchronization.patch
  0007-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch
  0008-x86-intel-Disable-HPET-on-Intel-Ice-Lake-platforms.patch
  0009-drm-i915-save-AUD_FREQ_CNTRL-state-at-audio-domain-suspend.patch
  0010-drm-i915-Fix-audio-power-up-sequence-for-gen10-display.patch
  0011-drm-i915-extend-audio-CDCLK-2BCLK-constraint-to-more-platforms.patch
  0012-drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch
  0013-pinctrl-sunrisepoint-Add-missing-Interrupt-Status-register-offset.patch
  0014-Revert-iwlwifi-mvm-fix-scan-config-command-size.patch
  0015-e1000e-Revert-e1000e-Make-watchdog-use-delayed-work.patch
  https://github.com/anthraxx/${_pkgbase}/releases/download/${pkgver}/${_pkgbase}-${pkgver}.patch{,.sig}
  graysky_bdver2-hotfix.patch
  kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
  ath9k-regdom-hack.patch
  raid6-default-algo.patch
  config         # the main kernel config file
)
validpgpkeys=(
  '474402C8C582DAFBE389C427BCB7CF877E7D47A7'  # Alexandre Oliva
  'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
)
sha256sums=('d56d4db5a539058382b500c9d8ebec1f76964647220eb3ed107f49c9dabecbab'
            'SKIP'
            '47f29ee08459bcb50f5e16f2d73142e6d4cb5ab9de66ab576a2b8a3f44ac84ad'
            'SKIP'
            'f04a451706241e85f49d85c7d9bd892495b2e9d4eb0a353de333e375ed3b3d14'
            '15dcdeec72aa042ceb272326225d22dd5f934cd7fa0746924eced3eb4f77703e'
            '2d3afe3896644896510cd7a4694a94692a7ca8173006ce8eaa37c87abf2830c8'
            '4b3c1cab1ec9258e7632cbdf9bb289186b66d702ada3e5672275297b76f3b226'
            'bd333d79a0f0a21f9da070e27f55786a0355036021b72e91757517daf6412a6d'
            '2516be40fe063f7a448c69f170d628dbf549c3e084c2c7eb6910fd4782a6e73f'
            '1bcec07561c785e22ca43a140b07b586bc7717ea3c08e7549ec7a3bdfa39b7e2'
            'e2084feabc3abeed37579ff515c367014356a652b85794b1612fea4daabe85d3'
            '988ffbb96d85564a9d96145e5973339a8f78ae95d919efb2ee7bb50f7a8e8fc9'
            '5257159e20a5fcb102a3b3ee6de33882a9e132e7f1d4345b8730effdd0240bb6'
            '03cb03ababc0365f14b7acce5c659438a78cc65a5be0c2349d449361fd54d267'
            '33ec2170ace6b4f7dbc1cc751110d325d8619202d0f312587adbc4bef7a045ce'
            '54104b9118d9151379589f0b95bce38aaea5d7068e80e7ab5dbdad0b73d7b1b7'
            'f9464bc1980e54f6d090f20658907318456c2d86654c8681fd518083c2596be7'
            '03eb363cfb3e040b6ad54bd134b99cc58f45a7a4ae1faa6fb1d64ee450184f8c'
            'SKIP'
            'c5405139aa0a90a6f68f6a13e066a2bd0600c970f9f525cd3aa114b044a7f73b'
            '8c11086809864b5cef7d079f930bd40da8d0869c091965fa62e95de9a0fe13b5'
            'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503'
            '0f81d6e4158b7beeb0eb514f1b9401f7e23699cb0f7b0d513e25dae1815daaeb'
            '953053fcc3b0d2a7f7bdaadc28bdffe44a85cfa62c339b1826bef48d57d17fb0')

export KBUILD_BUILD_HOST=$pkgbase
export KBUILD_BUILD_USER=$pkgbase
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"

prepare() {
  cd $_srcname

  # add upstream patch
  if [ "$_minver" != "0" ]; then
    msg2 "Applying upstream patch"
    patch -Np1 < ../patch-${_gnumajver}-${_gnupkgver}
  fi


  # Hotfixes
  msg2 "Applying hotfixes"
  patch -p1 -i ../0002-lib-devres-add-a-helper-function-for-ioremap_uc.patch
  patch -p1 -i ../0003-mfd-intel-lpss-Use-devm_ioremap_uc-for-MMIO.patch
  patch -p1 -i ../0004-PCI-pciehp-Do-not-disable-interrupt-twice-on-suspend.patch
  patch -p1 -i ../0005-PCI-pciehp-Prevent-deadlock-on-disconnect.patch
  patch -p1 -i ../0006-ACPI-PM-s2idle-Rework-ACPI-events-synchronization.patch
  patch -p1 -i ../0007-iwlwifi-pcie-restore-support-for-Killer-Qu-C0-NICs.patch
  patch -p1 -i ../0008-x86-intel-Disable-HPET-on-Intel-Ice-Lake-platforms.patch
  patch -p1 -i ../0009-drm-i915-save-AUD_FREQ_CNTRL-state-at-audio-domain-suspend.patch
  patch -p1 -i ../0010-drm-i915-Fix-audio-power-up-sequence-for-gen10-display.patch
  patch -p1 -i ../0011-drm-i915-extend-audio-CDCLK-2BCLK-constraint-to-more-platforms.patch
  patch -p1 -i ../0012-drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch
  patch -p1 -i ../0013-pinctrl-sunrisepoint-Add-missing-Interrupt-Status-register-offset.patch
  patch -p1 -i ../0014-Revert-iwlwifi-mvm-fix-scan-config-command-size.patch
  patch -p1 -i ../0015-e1000e-Revert-e1000e-Make-watchdog-use-delayed-work.patch


  # linux hardened patch
  msg2 "Applying hardened patch"
  patch -Np1 < ../linux-hardened-${pkgver}.patch
  

  # graysky gcc hotfixes
  msg2 "Applying graysky gcc patch hotfixes"
  patch -p1 -i ../graysky_bdver2-hotfix.patch "$srcdir/kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v9.1+_kernel_v4.13+.patch"

  # graysky gcc patch
  msg2 "Applying graysky cpu patch"
  patch -p1 -i ../kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v9.1+_kernel_v4.13+.patch


  # Ignore ath9k eeprom patch
  msg2 "Applying ath9k patch"
  patch -p1 -i ../ath9k-regdom-hack.patch

  # Set default raid6 algo patch
  msg2 " Applying raid6 patch"
  patch -p1 -i ../raid6-default-algo.patch


  msg2 "Setting version..."
  sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
  scripts/setlocalversion --save-scmversion
  echo "-$pkgrel" > localversion.10-pkgrel
  echo "${pkgbase#linux}" > localversion.20-pkgname


  msg2 "Setting config..."
  # we are in src/linux-x.yy.zz, looking for a config next to the pkgbuild
#  if [ -f ${SRCDEST}/config.libre-hardened.previous ]; then
#    cp ${SRCDEST}/config.libre-hardened.previous .config
#  else
    cp ../config .config
#  fi

  make olddefconfig

  make menuconfig

  # Remove sublevel when no sublevel exists
  if [ "$_minver" == "0" ]; then
    sed -i '/SUBLEVEL = 0/d' Makefile
  fi

  make -s kernelrelease > version

  # workaround for make -s kernelrelease not applying
  # localversion to version when changed using menuconfig
  grep -Po '(?<=CONFIG_LOCALVERSION=").*(?=")' .config > ../localversion
  echo "$_pkgver" > ../version.temp
  echo ".$_hardenedver" >> ../version.temp
  cat "localversion.10-pkgrel" >> ../version.temp
  cat "localversion.20-pkgname" >> ../version.temp
  cat ../localversion >> ../version.temp
  cat ../version.temp | tr -d "\n" > version

  # back up the config
#  msg2 "Backing up config..."
#  cp .config ${SRCDEST}/config.libre-hardened.previous

  msg2 "Prepared %s version %s" "$pkgbase" "$(<version)"
}

build() {
  cd $_srcname
  make bzImage modules htmldocs
}

_package() {
  pkgdesc="The $pkgdesc kernel and modules"
  depends=(coreutils kmod initramfs)
  optdepends=('crda: to set the correct wireless channels of your country'
              'linux-libre-firmware: firmware images needed for some devices'
              'usbctl-libre: deny_new_usb control')

  cd $_srcname
  local kernver="$(<version)"
  local modulesdir="$pkgdir/usr/lib/modules/$kernver"

  msg2 "Installing boot image..."
  # systemd expects to find the kernel here to allow hibernation
  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"

  # Used by mkinitcpio to name the kernel
  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"

  msg2 "Installing modules..."
  make INSTALL_MOD_PATH="$pkgdir/usr" modules_install

  # remove build and source links
  rm "$modulesdir"/{source,build}

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-headers() {
  pkgdesc="Header files and scripts for building modules for $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  msg2 "Installing build files..."
  install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
    localversion.* version vmlinux
  install -Dt "$builddir/kernel" -m644 kernel/Makefile
  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
  cp -t "$builddir" -a scripts

  # add objtool for external module building and enabled VALIDATION_STACK option
  if [[ -e tools/objtool/objtool ]]; then
    install -Dt "$builddir/tools/objtool" tools/objtool/objtool
  fi

  # add xfs and shmem for aufs building
  mkdir -p "$builddir"/{fs/xfs,mm}

  msg2 "Installing headers..."
  cp -t "$builddir" -a include
  cp -t "$builddir/arch/x86" -a arch/x86/include
  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  msg2 "Installing KConfig files..."
  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;

  msg2 "Removing unneeded architectures..."
  local arch
  for arch in "$builddir"/arch/*/; do
    [[ $arch = */x86/ ]] && continue
    echo "Removing $(basename "$arch")"
    rm -r "$arch"
  done

  msg2 "Removing documentation..."
  rm -r "$builddir/Documentation"

  msg2 "Removing broken symlinks..."
  find -L "$builddir" -type l -printf 'Removing %P\n' -delete

  msg2 "Removing loose objects..."
  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete

  msg2 "Stripping build tools..."
  local file
  while read -rd '' file; do
    case "$(file -bi "$file")" in
      application/x-sharedlib\;*)      # Libraries (.so)
        strip -v $STRIP_SHARED "$file" ;;
      application/x-archive\;*)        # Libraries (.a)
        strip -v $STRIP_STATIC "$file" ;;
      application/x-executable\;*)     # Binaries
        strip -v $STRIP_BINARIES "$file" ;;
      application/x-pie-executable\;*) # Relocatable binaries
        strip -v $STRIP_SHARED "$file" ;;
    esac
  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)

  msg2 "Adding symlink..."
  mkdir -p "$pkgdir/usr/src"
  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

_package-docs() {
  pkgdesc="Documentation for the $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  msg2 "Installing documentation..."
  local src dst
  while read -rd '' src; do
  dst="${src#Documentation/}"
  dst="$builddir/Documentation/${dst#output/}"
  install -Dm644 "$src" "$dst"
  done < <(find Documentation -name '.*' -prune -o ! -type d -print0)

  msg2 "Adding symlink..."
  mkdir -p "$pkgdir/usr/share/doc"
  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"

  msg2 "Fixing permissions..."
  chmod -Rc u=rwX,go=rX "$pkgdir"
}

pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
for _p in "${pkgname[@]}"; do
  eval "package_$_p() {
    $(declare -f "_package${_p#$pkgbase}")
    _package${_p#$pkgbase}
  }"
done