# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Aqua-sama <aqua@iserlohn-fortress.net>
# Contributor (Arch): Daniel Micay <danielmicay@gmail.com>
# Contributor (Arch): Tobias Powalowski <tpowa@archlinux.org>
# Contributor (Arch): Thomas Baechler <thomas@archlinux.org>

# # I maintain this because:
# Parabola version patch script does not apply consistently
# Parabola version lacks graysky gcc patch
# Parabola version lacks ath9k regdom and raid6 algo patches
# Parabola version is 300 Hz
# Parabola version does not disable lockdown eee
# Parabola version allows insecure filesystems
# Parabola version enables ISDN and Infiniband
# Parabola version enables VMware and HyperV

_pkgbase=linux-hardened
pkgbase=linux-libre-hardened
_supver=5
_majver=7
_minver=8
_hardenedver=a
_gccpatchver='20200615'
_gccpatchger='10.1'
_gccpatchker='5.7'
  if [ "$_minver" == "0" ]; then
    _pkgver=${_supver}.${_majver}
  else
    _pkgver=${_supver}.${_majver}.${_minver}
  fi
pkgver=${_pkgver}.${_hardenedver}
pkgrel=1
pkgdesc='Linux-libre-hardened'
url='https://github.com/anthraxx/linux-hardened'
arch=(x86_64)
license=(GPL2)
makedepends=(
  bc kmod libelf
  xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
)
#provides=('linux-libre-hardened')
conflicts=('linux-hardened')
options=('!strip')
_srcname=linux-${_supver}.${_majver}
_gnumajver=${_supver}.${_majver}-gnu
_gnupkgver=${_pkgver}-gnu
source=(
  https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign}
  https://github.com/anthraxx/${_pkgbase}/releases/download/${pkgver}/${_pkgbase}-${pkgver}.patch{,.sig}
  0002-PCI-EDR-Log-only-ACPI_NOTIFY_DISCONNECT_RECOVER-even.patch
  0003-Revert-ath9k-Fix-general-protection-fault.patch
  0004-iwlwifi-Make-some-Killer-Wireless-AC-1550-cards-working-again.patch
  kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
  ath9k-regdom-hack.patch
  raid6-default-algo.patch
  config         # the main kernel config file
  sphinx-workaround.patch
)
  if [ "$_minver" != "0" ]; then
    source+=(https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnupkgver}/patch-${_gnumajver}-${_gnupkgver}.xz{,.sign})
  fi
validpgpkeys=(
  '474402C8C582DAFBE389C427BCB7CF877E7D47A7'  # Alexandre Oliva
  'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
)
b2sums=('bb65e65c69d1c38943327a0859028c843439590e9f1af66705a0fe01aaf006daf14a5a0adfaef6d1de53511e50b2f6b8ee13caa63dd7cf4065253599fe524998'
        'SKIP'
        '7d2fef10b36c6a102959865eeeaeffa7a87a664812924fe76ea2c375e6954b4e982411f51408be4757df4e887b7db38fd8cb615e2b6c2e4ab11fa32d603319c3'
        'SKIP'
        '490c7d188215f1d24b5807a744853fa308c2cd17c9eb8668918a50a0c58cab9cbc9ee13ac9abbb614eb010a4a56e9092fea4440d44c80c8e67f2d9abdf19a83f'
        '35b1ace7c6d9f1c78caf6007d5500d1c5762af887cd45fddb4d32fcc289c0e0ad62473417ba4cd617f2632533a85ecadd08556cb6c106e06686cd53cc018bbef'
        'a0f3b060d344746d7cd02b9b8b0f6e13a4367d41aa92ef7db4b6d01d2a0389b63da3e19484ac809952ef6ee13479a54ad205017c9ead72c4ee6738ae04cb7c4b'
        'c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c'
        '2e58bb89b247b1678355368956e67c1de51fcde97a227b2162f6771e30f17fa5520faafe7be4b6816a542e7ae10d05f64c6b6354f352c12746d4b8da632936dd'
        'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a'
        '004fa374633e14c649d07ed1f190316f4c0d2cd8d5b2b2480fdf8b0f635339b3638eb4f5d3a407fd1af60e876416a89382747008eef1c7e3188d1bc2eb6fd3d2'
        'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95'
        'bf785bba732d54dc7e7250f1e90944237ed408828e40f32e2342adce93c9b0eee9718e5ecec6f4eab3b960cf406fbed03a8cfc59b1112ff5b387be0751330b42'
        'SKIP')

export KBUILD_BUILD_HOST=$pkgbase
export KBUILD_BUILD_USER=$pkgbase
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"

prepare() {
  cd $_srcname

  # add upstream patch
  if [ "$_minver" != "0" ]; then
    echo "Applying upstream patch"
    patch -Np1 < ../patch-${_gnumajver}-${_gnupkgver}
  fi


  # Hotfixes
  echo "Applying hotfixes"
  patch -p1 -i ../0002-PCI-EDR-Log-only-ACPI_NOTIFY_DISCONNECT_RECOVER-even.patch
  patch -p1 -i ../0003-Revert-ath9k-Fix-general-protection-fault.patch
  patch -p1 -i ../0004-iwlwifi-Make-some-Killer-Wireless-AC-1550-cards-working-again.patch
  patch -p1 -i ../sphinx-workaround.patch


  # linux hardened patch
  echo "Applying hardened patch"
  patch -Np1 < ../linux-hardened-${pkgver}.patch


  # graysky gcc patch
  echo "Applying graysky cpu patch"
  patch -p1 -i ../kernel_gcc_patch-${_gccpatchver}/enable_additional_cpu_optimizations_for_gcc_v${_gccpatchger}+_kernel_v${_gccpatchker}+.patch


  # Ignore ath9k eeprom patch
  echo "Applying ath9k patch"
  patch -p1 -i ../ath9k-regdom-hack.patch

  # Set default raid6 algo patch
  echo " Applying raid6 patch"
  patch -p1 -i ../raid6-default-algo.patch


  echo "Setting version..."
  sed -e "/^EXTRAVERSION =/s/=.*/= .${_hardenedver}/" -i Makefile
  scripts/setlocalversion --save-scmversion
  echo "-$pkgrel" > localversion.10-pkgrel
  echo "${pkgbase#linux}" > localversion.20-pkgname


  echo "Setting config..."
  # we are in src/linux-x.yy.zz, looking for a config next to the pkgbuild
#  if [ -f ${SRCDEST}/config.libre-hardened.previous ]; then
#    cp ${SRCDEST}/config.libre-hardened.previous .config
#  else
    cp ../config .config
#  fi

  make olddefconfig

  make menuconfig

  # Remove sublevel when no sublevel exists
  if [ "$_minver" == "0" ]; then
    sed -i '/SUBLEVEL = 0/d' Makefile
  fi

  make -s kernelrelease > version

  # workaround for make -s kernelrelease not applying
  # localversion to version when changed using menuconfig
  grep -Po '(?<=CONFIG_LOCALVERSION=").*(?=")' .config > ../localversion
  echo "$_pkgver" > ../version.temp
  echo ".$_hardenedver" >> ../version.temp
  cat "localversion.10-pkgrel" >> ../version.temp
  cat "localversion.20-pkgname" >> ../version.temp
  cat ../localversion >> ../version.temp
  cat ../version.temp | tr -d "\n" > version

  # back up the config
#  echo "Backing up config..."
#  cp .config ${SRCDEST}/config.libre-hardened.previous

  echo "Prepared $pkgbase version $(<version)"
}

build() {
  cd $_srcname
  make all
  make htmldocs
}

_package() {
  pkgdesc="The $pkgdesc kernel and modules"
  depends=(coreutils kmod initramfs)
  optdepends=('crda: to set the correct wireless channels of your country'
              'linux-libre-firmware: firmware images needed for some devices'
              'usbctl-libre: deny_new_usb control')
  provides=(WIREGUARD-MODULE)
  replaces=(wireguard-arch)

  cd $_srcname
  local kernver="$(<version)"
  local modulesdir="$pkgdir/usr/lib/modules/$kernver"

  echo "Installing boot image..."
  # systemd expects to find the kernel here to allow hibernation
  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"

  # Used by mkinitcpio to name the kernel
  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"

  echo "Installing modules..."
  make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 modules_install

  # remove build and source links
  rm "$modulesdir"/{source,build}
}

_package-headers() {
  pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  echo "Installing build files..."
  install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
    localversion.* version vmlinux
  install -Dt "$builddir/kernel" -m644 kernel/Makefile
  install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
  cp -t "$builddir" -a scripts

  # add objtool for external module building and enabled VALIDATION_STACK option
  if [[ -e tools/objtool/objtool ]]; then
    install -Dt "$builddir/tools/objtool" tools/objtool/objtool
  fi

  # add xfs and shmem for aufs building
  mkdir -p "$builddir"/{fs/xfs,mm}

  echo "Installing headers..."
  cp -t "$builddir" -a include
  cp -t "$builddir/arch/x86" -a arch/x86/include
  install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s

  install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
  install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h

  # http://bugs.archlinux.org/task/13146
  install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h

  # http://bugs.archlinux.org/task/20402
  install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
  install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
  install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h

  echo "Installing KConfig files..."
  find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;

  echo "Removing unneeded architectures..."
  local arch
  for arch in "$builddir"/arch/*/; do
    [[ $arch = */x86/ ]] && continue
    echo "Removing $(basename "$arch")"
    rm -r "$arch"
  done

  echo "Removing documentation..."
  rm -r "$builddir/Documentation"

  echo "Removing broken symlinks..."
  find -L "$builddir" -type l -printf 'Removing %P\n' -delete

  echo "Removing loose objects..."
  find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete

  echo "Stripping build tools..."
  local file
  while read -rd '' file; do
    case "$(file -bi "$file")" in
      application/x-sharedlib\;*)      # Libraries (.so)
        strip -v $STRIP_SHARED "$file" ;;
      application/x-archive\;*)        # Libraries (.a)
        strip -v $STRIP_STATIC "$file" ;;
      application/x-executable\;*)     # Binaries
        strip -v $STRIP_BINARIES "$file" ;;
      application/x-pie-executable\;*) # Relocatable binaries
        strip -v $STRIP_SHARED "$file" ;;
    esac
  done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
  echo "Stripping vmlinux..."
  strip -v $STRIP_STATIC "$builddir/vmlinux"

  echo "Adding symlink..."
  mkdir -p "$pkgdir/usr/src"
  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
}

_package-docs() {
  pkgdesc="Documentation for the $pkgdesc kernel"

  cd $_srcname
  local builddir="$pkgdir/usr/lib/modules/$(<version)/build"

  echo "Installing documentation..."
  local src dst
  while read -rd '' src; do
  dst="${src#Documentation/}"
  dst="$builddir/Documentation/${dst#output/}"
  install -Dm644 "$src" "$dst"
  done < <(find Documentation -name '.*' -prune -o ! -type d -print0)

  echo "Adding symlink..."
  mkdir -p "$pkgdir/usr/share/doc"
  ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
}

pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
for _p in "${pkgname[@]}"; do
  eval "package_$_p() {
    $(declare -f "_package${_p#$pkgbase}")
    _package${_p#$pkgbase}
  }"
done