-
Notifications
You must be signed in to change notification settings - Fork 1
/
patch-generator.sh
executable file
·179 lines (149 loc) · 6.87 KB
/
patch-generator.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#!/bin/bash
update_mods() {
git submodule foreach "git fetch ; git checkout"
}
update_mods
# This initial section is a hack into getting the master tree of zenpower.git's zenpower.c file catted onto a patch
# because I am lazy. It will probably break in the future unless you opt to pick a tag first prior to running this.
# Right now, it is working on 5.2/5.3/5.4-rc8 (<=5.2 requires patches for Zen 2 processors)
if [[ -f submodules/zenpower/zenpower.c ]] ; then
cp submodules/.zenpower-skel/zenpower.skel misc/Add-git-version-of-zenpower-as-a-builtin-module.patch
echo "@@ -0,0 +1,$(cat submodules/zenpower/zenpower.c | wc -l) @@" >> misc/Add-git-version-of-zenpower-as-a-builtin-module.patch
cp submodules/zenpower/zenpower.c submodules/.zenpower-skel/zenpower.potch
sed -i 's/^/+/g' submodules/.zenpower-skel/zenpower.potch
cat submodules/.zenpower-skel/zenpower.potch >> misc/Add-git-version-of-zenpower-as-a-builtin-module.patch &&
ls --color=always misc/Add-git-version-of-zenpower-as-a-builtin-module.patch
echo -e "Created the freshest zenpower built in module available, courtesy of:"
echo -e "https://github.com/ocerman. Best used with https://github.com/ocerman/zenmonitor"
echo -e "If you do not have a Ryzen processor, disable CONFIG_SENSORS_ZENPOWER"
fi
# Below, Clear patches are categorized and then combined all into one so the series file doesn't need adjustment
# IDEAS: Use case statements instead
# Identify and exclude patches that reduce performance in lieu of security
# Create an additional prompt for Intel exclusive patches that have been excluded by default
# Separate anything performance related into its own section
version=$(cat submodules/clear/upstream | sed 's/^.*\-//g; s/\.tar\.xz//g')
echo -e "Clear Linux's patches for $version.\n"
cve-patches()
{
CVE=$(cd submodules/clear; ls | grep '^CVE.*\.patch'; cd $OLDPWD)
echo -e "CVE patches\n${CVE}\n"
}
create_cve()
{
echo -e "CVE patches are patches made to fix security issues in the kernel"
read -p "Include CVE patches?[Y/n] " create_cve
echo -e "User generated at: $(date)" > submodules/.generated/0001-CL-CVE.patch
case "${create_cve}" in
[Yy]* | '')
cat submodules/clear/CVE*.patch >> submodules/.generated/0001-CL-CVE.patch && echo -e "\n\e[32mAdded CVE patches.\e[0m\n"
;;
[Nn]*)
echo -e "\n\e[31mNot adding CVE patches and removing older patches.\e[0m\n";
rm submodules/.generated/0001-CL-CVE.patch
;;
*)
echo "Input unrecognized..."; create_cve
esac
}
fpga-patches()
{
FPGA=$(cd submodules/clear; ls | grep 'fpga.*\.patch'; cd $OLDPWD)
echo -e "FPGA patches\n${FPGA}\n"
}
# TODO: Combine create_fpga and cl-patches to make using this less troublesome.
# CVE patches are excluded because of how fast they may be included in upstream
create_fpga()
{
echo -e "Field-programmable gate array\nUnlikely that you have this, but adding these patches won't do any harm"
read -p "Include FPGA patches?[Y/n] " create_fpga
echo -e "User generated at: $(date)" > submodules/.generated/0002-CL-FPGA.patch
case "${create_fpga}" in
[Yy]* | '')
cat submodules/clear/*fpga*.patch >> submodules/.generated/0002-CL-FPGA.patch && echo -e "\n\e[32mAdded FPGA patches.\e[0m\n"
;;
[Nn]*)
echo -e "\n\e[31mNot adding FPGA patches and removing older patches.\e[0m\n"
rm submodules/.generated/0002-CL-FPGA.patch
;;
*)
echo "Input unrecognized..."; create_fpga
esac
}
cl-patches()
{
shopt -s extglob
# Excluded Clear Linux patches
cl_distro="*-Increase-the-ext4-default-commit-age.patch|"
# > (DISTRO TWEAK -- NOT FOR UPSTREAM)
cl_distro+="*-bootstats-add-printk-s-to-measure-boot-time-in-more-.patch|"
# > Few distro-tweaks to add printk's to visualize boot time better
cl_distro+="*-init-wait-for-partition-and-retry-scan.patch|"
# Adds a wait period for Clear Linux because it boots too fast
cl_distro+="*-Add-boot-option-to-allow-unsigned-modules.patch|"
# Adds option to allow unsigned modules when Secure Boot is off
cl_distro+="*-Enable-stateless-firmware-loading.patch|"
# Prefers firmware from the (Clear Linux's stateless) user directories first
cl_distro+="*-Migrate-some-systemd-defaults-to-the-kernel-defaults.patch|"
# > These settings are needed to prevent networking issues when the networking modules come up by default without explicit settings
cl_distro+="*-add-scheduler-turbo3-patch.patch|"
# Doesn't work for non CL distros
#cl_distro+="*-use-lfence-instead-of-rep-and-nop.patch|" ## pause does not serialize on AMD, therefore rep/nop do not either afaik
# ~~Need to determine if this is already resolved in another way/performance impact. https://spectreattack.com/spectre.pdf https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf~~
cl_distro+="*-zero-extra-registers.patch|"
# Requires GCC patch. https://github.com/clearlinux-pkgs/gcc/blob/master/zero-regs-gcc8.patch
cl_distro+="*-x86-microcode-Force-update-a-uCode-even-if-the-rev-i.patch|"
# Intel specific? Unsure of the need for this.
cl_distro+="*-x86-microcode-echo-2-reload-to-force-load-ucode.patch|"
# Same as above.
cl_distro+="*-staging-exfat-add-exfat-filesystem-code-to-staging.patch|"
# I haven't looked into it but I think this has been upstreamed already
cl_distro+="*-add-workaround-for-binutils-optimization.patch"
# x86_64-pc-linux-gnu/bin/as: unrecognized option '-mbranches-within-no-boundaries'
# Patches to recompile binutils with here: https://github.com/clearlinux-pkgs/binutils
CLEAR=($(cd submodules/clear; ls !(${cl_distro}) | grep -v 'fpga\|^CVE\|.*patch\-\|perfbias' | grep '^.*\.patch'; cd $OLDPWD))
echo -e "Clear Linux patches"
printf '%s\n' "${CLEAR[@]}"
echo # \n
shopt -u extglob
echo -e "The rest of the patches; this is definitely what you're using Clear Linux patches for\n"
read -p "Show list of patches excluded for compatibility? (These will not be added if you say yes or no) [yN] " show_ex
case "${show_ex}" in
[Yy]*)
excluded_list=${cl_distro}
echo -e "\e[2m"
echo "Excluded list:"
echo ${excluded_list} | sed 's/|/\n/g'
echo -e "\e[22m"
;;
[Nn]* | *)
return
esac
}
create_clr()
{
read -p "Include the rest of the Clear Linux patches? (Recommended)[Y/n] " create_clr
echo -e "User generated at: $(date)" > submodules/.generated/0003-CL-CLR.patch
case "${create_clr}" in
[Yy]* | '')
warpten && echo -e "\n\e[32mAdded Clear Linux patches.\e[0m\n"
;;
[Nn]*)
echo -e "\n\e[31mNot adding Clear Linux patches and removing older patches.\e[0m"
rm submodules/.generated/0003-CL-CLR.patch
;;
*)
echo "Input unrecognized..."; create_clr
esac
}
warpten()
{
for ((i=0; i<${#CLEAR[@]}; i++)); do
cat submodules/clear/"${CLEAR[i]}" >> submodules/.generated/0003-CL-CLR.patch;
done
}
# The functions are separate to prevent spamming of patchsets
cve-patches && create_cve
fpga-patches && create_fpga
cl-patches && create_clr
cat submodules/.generated/00*CL*.patch > submodules/.generated/clear.patch && echo -e "Created new Clear Linux patchset at submodules/.generated/clear.patch."