summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoan Figueras2020-08-15 11:20:22 +0200
committerJoan Figueras2020-08-15 11:23:59 +0200
commit197b14f69735a3f444a454fb8e1d2d7a927d649e (patch)
tree38e360b05dd576bb6eeda17b1f6e68cca2238196
downloadaur-197b14f69735a3f444a454fb8e1d2d7a927d649e.tar.gz
Initial commit 4.19.102-xanmod49
-rw-r--r--.SRCINFO43
-rw-r--r--0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch132
-rw-r--r--60-linux.hook12
-rw-r--r--90-linux.hook11
-rw-r--r--PKGBUILD323
-rwxr-xr-xchoose-gcc-optimization.sh77
-rw-r--r--linux-xanmod-lts419.preset14
-rw-r--r--linux.install13
8 files changed, 625 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 00000000000..df0ffa53fa5
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,43 @@
+pkgbase = linux-xanmod-lts419
+ pkgver = 4.19.102
+ pkgrel = 1
+ url = http://www.xanmod.org/
+ arch = x86_64
+ license = GPL2
+ makedepends = xmlto
+ makedepends = kmod
+ makedepends = inetutils
+ makedepends = bc
+ makedepends = libelf
+ makedepends = cpio
+ makedepends = python-sphinx
+ makedepends = python-sphinx_rtd_theme
+ makedepends = graphviz
+ makedepends = imagemagick
+ options = !strip
+ source = https://github.com/xanmod/linux/archive/4.19.102-xanmod49.tar.gz
+ source = 60-linux.hook
+ source = 90-linux.hook
+ source = linux-xanmod-lts419.preset
+ source = choose-gcc-optimization.sh
+ source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch
+ sha256sums = fb64eca226d3ba2a402e89824ab3c7bab70fc791a80facde483d19a50e0b2e1e
+ sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
+ sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
+ sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
+ sha256sums = bae7b9253512ef5724629738bfd4460494a08566f8225b9d8ec544ea8cc2f3a5
+ sha256sums = 9c507bdb0062b5b54c6969f7da9ec18b259e06cd26dbe900cfe79a7ffb2713ee
+
+pkgname = linux-xanmod-lts419
+ pkgdesc = The Linux kernel and modules with Xanmod patches
+ install = linux.install
+ depends = coreutils
+ depends = kmod
+ depends = initramfs
+ optdepends = crda: to set the correct wireless channels of your country
+ optdepends = linux-firmware: firmware images needed for some devices
+ backup = etc/mkinitcpio.d/linux-xanmod-lts419.preset
+
+pkgname = linux-xanmod-lts419-headers
+ pkgdesc = Header files and scripts for building modules for Xanmod Linux kernel
+
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch
new file mode 100644
index 00000000000..5d4014a2b45
--- /dev/null
+++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch
@@ -0,0 +1,132 @@
+From a8d736bad70d4062a14c29bdcbed71bef7b575f5 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Mon, 16 Sep 2019 04:53:20 +0200
+Subject: [PATCH 01/15] ZEN: Add sysctl and CONFIG to disallow unprivileged
+ CLONE_NEWUSER
+
+Our default behavior continues to match the vanilla kernel.
+---
+ init/Kconfig | 16 ++++++++++++++++
+ kernel/fork.c | 15 +++++++++++++++
+ kernel/sysctl.c | 12 ++++++++++++
+ kernel/user_namespace.c | 7 +++++++
+ 4 files changed, 50 insertions(+)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index b4daad2bac23..362f82c5ec07 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1118,6 +1118,22 @@ config USER_NS
+
+ If unsure, say N.
+
++config USER_NS_UNPRIVILEGED
++ bool "Allow unprivileged users to create namespaces"
++ default y
++ depends on USER_NS
++ help
++ When disabled, unprivileged users will not be able to create
++ new namespaces. Allowing users to create their own namespaces
++ has been part of several recent local privilege escalation
++ exploits, so if you need user namespaces but are
++ paranoid^Wsecurity-conscious you want to disable this.
++
++ This setting can be overridden at runtime via the
++ kernel.unprivileged_userns_clone sysctl.
++
++ If unsure, say Y.
++
+ config PID_NS
+ bool "PID Namespaces"
+ default y
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 755d8160e001..ed909f8050b2 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -106,6 +106,11 @@
+
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/task.h>
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#else
++#define unprivileged_userns_clone 0
++#endif
+
+ /*
+ * Minimum number of threads to boot the kernel
+@@ -1779,6 +1784,10 @@ static __latent_entropy struct task_struct *copy_process(
+ if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+ return ERR_PTR(-EINVAL);
+
++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
++ if (!capable(CAP_SYS_ADMIN))
++ return ERR_PTR(-EPERM);
++
+ /*
+ * Thread groups must share signals as well, and detached threads
+ * can only be started up within the thread group.
+@@ -2836,6 +2845,12 @@ int ksys_unshare(unsigned long unshare_flags)
+ if (unshare_flags & CLONE_NEWNS)
+ unshare_flags |= CLONE_FS;
+
++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
++ err = -EPERM;
++ if (!capable(CAP_SYS_ADMIN))
++ goto bad_unshare_out;
++ }
++
+ err = check_unshare_flags(unshare_flags);
+ if (err)
+ goto bad_unshare_out;
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index 70665934d53e..9797869ed829 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -110,6 +110,9 @@ extern int core_uses_pid;
+ extern char core_pattern[];
+ extern unsigned int core_pipe_limit;
+ #endif
++#ifdef CONFIG_USER_NS
++extern int unprivileged_userns_clone;
++#endif
+ extern int pid_max;
+ extern int pid_max_min, pid_max_max;
+ extern int percpu_pagelist_fraction;
+@@ -546,6 +549,15 @@ static struct ctl_table kern_table[] = {
+ .proc_handler = proc_dointvec,
+ },
+ #endif
++#ifdef CONFIG_USER_NS
++ {
++ .procname = "unprivileged_userns_clone",
++ .data = &unprivileged_userns_clone,
++ .maxlen = sizeof(int),
++ .mode = 0644,
++ .proc_handler = proc_dointvec,
++ },
++#endif
+ #ifdef CONFIG_PROC_SYSCTL
+ {
+ .procname = "tainted",
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 8eadadc478f9..c36ecd19562c 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -21,6 +21,13 @@
+ #include <linux/bsearch.h>
+ #include <linux/sort.h>
+
++/* sysctl */
++#ifdef CONFIG_USER_NS_UNPRIVILEGED
++int unprivileged_userns_clone = 1;
++#else
++int unprivileged_userns_clone;
++#endif
++
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+
+--
+2.25.0
+
diff --git a/60-linux.hook b/60-linux.hook
new file mode 100644
index 00000000000..b33873c854f
--- /dev/null
+++ b/60-linux.hook
@@ -0,0 +1,12 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Operation = Remove
+Target = usr/lib/modules/%KERNVER%/*
+Target = usr/lib/modules/%EXTRAMODULES%/*
+
+[Action]
+Description = Updating %PKGBASE% module dependencies...
+When = PostTransaction
+Exec = /usr/bin/depmod %KERNVER%
diff --git a/90-linux.hook b/90-linux.hook
new file mode 100644
index 00000000000..be0d886539f
--- /dev/null
+++ b/90-linux.hook
@@ -0,0 +1,11 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Target = boot/vmlinuz-%PKGBASE%
+Target = usr/lib/initcpio/*
+
+[Action]
+Description = Updating %PKGBASE% initcpios...
+When = PostTransaction
+Exec = /usr/bin/mkinitcpio -p %PKGBASE%
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 00000000000..b76612557a6
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,323 @@
+# Maintainer: Joan Figueras <ffigue at gmail dot com>
+# Contributor: Torge Matthies <openglfreak at googlemail dot com>
+# Contributor: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
+# Contributor: Yoshi2889 <rick.2889 at gmail dot com>
+# Contributor: Tobias Powalowski <tpowa@archlinux.org>
+# Contributor: Thomas Baechler <thomas@archlinux.org>
+
+##
+## The following variables can be customized at build time. Use env or export to change at your wish
+##
+## Example: env _microarchitecture=25 use_numa=n use_tracers=n use_pds=n makepkg -sc
+##
+## Look inside 'choose-gcc-optimization.sh' to choose your microarchitecture
+## Valid numbers between: 0 to 25
+## Default is: 0 => generic
+## Good option if your package is for one machine: 25 => native
+if [ -z ${_microarchitecture+x} ]; then
+ _microarchitecture=0
+fi
+##
+## Disable NUMA since most users do not have multiple processors. Breaks CUDA/NvEnc.
+## Archlinux and Xanmod enable it by default.
+## Set variable "use_numa" to: n to disable (possibly increase performance)
+## y to enable (stock default)
+if [ -z ${use_numa+x} ]; then
+ use_numa=y
+fi
+##
+## For performance you can disable FUNCTION_TRACER/GRAPH_TRACER. Limits debugging and analyzing of the kernel.
+## Stock Archlinux and Xanmod have this enabled.
+## Set variable "use_tracers" to: n to disable (possibly increase performance)
+## y to enable (stock default)
+if [ -z ${use_tracers+x} ]; then
+ use_tracers=y
+fi
+##
+## Enable PDS CPU scheduler by default https://gitlab.com/alfredchen/linux-pds
+## Set variable "use_pds" to: n to disable (stock Xanmod)
+## y to enable
+if [ -z ${use_pds+x} ]; then
+ use_pds=n
+fi
+##
+## Enable CONFIG_USER_NS_UNPRIVILEGED flag https://aur.archlinux.org/cgit/aur.git/tree/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch?h=linux-ck
+## Set variable "use_ns" to: n to disable (stock Xanmod)
+## y to enable (stock Archlinux)
+if [ -z ${use_ns+x} ]; then
+ use_ns=n
+fi
+##
+
+# Compile ONLY used modules to VASTLYreduce the number of modules built
+# and the build time.
+#
+# To keep track of which modules are needed for your specific system/hardware,
+# give module_db script a try: https://aur.archlinux.org/packages/modprobed-db
+# This PKGBUILD read the database kept if it exists
+#
+# More at this wiki page ---> https://wiki.archlinux.org/index.php/Modprobed-db
+if [ -z ${_localmodcfg} ]; then
+ _localmodcfg=n
+fi
+
+### IMPORTANT: Do no edit below this line unless you know what you're doing...
+
+pkgbase=linux-xanmod-lts419
+_srcname=linux
+pkgver=4.19.102
+xanmod=49
+pkgrel=1
+arch=(x86_64)
+url="http://www.xanmod.org/"
+license=(GPL2)
+makedepends=(
+ xmlto kmod inetutils bc libelf cpio
+ python-sphinx python-sphinx_rtd_theme graphviz imagemagick
+)
+options=('!strip')
+_srcname="linux-${pkgver}-xanmod${xanmod}"
+
+source=(https://github.com/xanmod/linux/archive/${pkgver}-xanmod${xanmod}.tar.gz
+ 60-linux.hook # pacman hook for depmod
+ 90-linux.hook # pacman hook for initramfs regeneration
+ ${pkgbase}.preset # standard config files for mkinitcpio ramdisk
+ choose-gcc-optimization.sh
+ 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-CLONE_NEWUSER.patch # Grabbed from linux-ck package
+)
+
+sha256sums=('fb64eca226d3ba2a402e89824ab3c7bab70fc791a80facde483d19a50e0b2e1e'
+ 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
+ '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
+ 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
+ 'bae7b9253512ef5724629738bfd4460494a08566f8225b9d8ec544ea8cc2f3a5'
+ '9c507bdb0062b5b54c6969f7da9ec18b259e06cd26dbe900cfe79a7ffb2713ee')
+
+_kernelname=${pkgbase#linux}
+
+prepare() {
+ cd $_srcname
+
+ msg2 "Setting version..."
+ scripts/setlocalversion --save-scmversion
+ echo "-$pkgrel" > localversion.10-pkgrel
+ echo "$_kernelname" > localversion.20-pkgname
+
+ # Archlinux patches
+ local src
+ for src in "${source[@]}"; do
+ src="${src%%::*}"
+ src="${src##*/}"
+ [[ $src = *.patch ]] || continue
+ msg2 "Applying patch $src..."
+ patch -Np1 < "../$src"
+ done
+
+ # CONFIG_STACK_VALIDATION gives better stack traces. Also is enabled in all official kernel packages by Archlinux team
+ scripts/config --enable CONFIG_STACK_VALIDATION
+
+ # Enable IKCONFIG following Arch's philosophy
+ scripts/config --enable CONFIG_IKCONFIG \
+ --enable CONFIG_IKCONFIG_PROC
+
+ # User set. See at the top of this file
+ if [ "$use_tracers" = "n" ]; then
+ msg2 "Disabling FUNCTION_TRACER/GRAPH_TRACER..."
+ scripts/config --disable CONFIG_FUNCTION_TRACER \
+ --disable CONFIG_STACK_TRACER
+ fi
+
+ if [ "$use_numa" = "n" ]; then
+ msg2 "Disabling NUMA..."
+ scripts/config --disable CONFIG_NUMA
+ fi
+
+ if [ "$use_pds" = "y" ]; then
+ msg2 "Enabling PDS CPU scheduler by default..."
+ scripts/config --enable CONFIG_SCHED_PDS
+ fi
+
+ if [ "$use_ns" = "n" ]; then
+ msg2 "Disabling CONFIG_USER_NS_UNPRIVILEGED"
+ scripts/config --disable CONFIG_USER_NS_UNPRIVILEGED
+ fi
+
+ # Let's user choose microarchitecture optimization in GCC
+ sh ${srcdir}/choose-gcc-optimization.sh $_microarchitecture
+
+ # This is intended for the people that want to build this package with their own config
+ # Put the file "myconfig" at the package folder to use this feature
+ if [ -f "${startdir}/myconfig" ]; then
+ msg2 "Using user CUSTOM config..."
+ cp -f "${startdir}"/myconfig .config
+ fi
+
+ make olddefconfig
+
+ ### Optionally load needed modules for the make localmodconfig
+ # See https://aur.archlinux.org/packages/modprobed-db
+ if [ "$_localmodcfg" = "y" ]; then
+ if [ -f $HOME/.config/modprobed.db ]; then
+ msg2 "Running Steven Rostedt's make localmodconfig now"
+ make LSMOD=$HOME/.config/modprobed.db localmodconfig
+ else
+ msg2 "No modprobed.db data found"
+ exit
+ fi
+ fi
+
+ make -s kernelrelease > ../version
+ msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)"
+}
+
+build() {
+ cd $_srcname
+ make bzImage modules
+}
+
+_package() {
+ pkgdesc="The Linux kernel and modules with Xanmod patches"
+ depends=(coreutils kmod initramfs)
+ optdepends=('crda: to set the correct wireless channels of your country'
+ 'linux-firmware: firmware images needed for some devices')
+ backup=("etc/mkinitcpio.d/$pkgbase.preset")
+ install=linux.install
+
+ local kernver="$(<version)"
+ local modulesdir="$pkgdir/usr/lib/modules/$kernver"
+
+ cd $_srcname
+
+ msg2 "Installing boot image..."
+ # systemd expects to find the kernel here to allow hibernation
+ # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
+ install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
+ install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-$pkgbase"
+
+ msg2 "Installing modules..."
+ make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
+
+ # a place for external modules,
+ # with version file for building modules and running depmod from hook
+ local extramodules="extramodules$_kernelname"
+ local extradir="$pkgdir/usr/lib/modules/$extramodules"
+ install -Dt "$extradir" -m644 ../version
+ ln -sr "$extradir" "$modulesdir/extramodules"
+
+ # remove build and source links
+ rm "$modulesdir"/{source,build}
+
+ msg2 "Installing hooks..."
+ # sed expression for following substitutions
+ local subst="
+ s|%PKGBASE%|$pkgbase|g
+ s|%KERNVER%|$kernver|g
+ s|%EXTRAMODULES%|$extramodules|g
+ "
+
+ # hack to allow specifying an initially nonexisting install file
+ sed "$subst" "$startdir/$install" > "$startdir/$install.pkg"
+ true && install=$install.pkg
+
+ # fill in mkinitcpio preset and pacman hooks
+ sed "$subst" ../$pkgbase.preset | install -Dm644 /dev/stdin \
+ "$pkgdir/etc/mkinitcpio.d/$pkgbase.preset"
+ sed "$subst" ../60-linux.hook | install -Dm644 /dev/stdin \
+ "$pkgdir/usr/share/libalpm/hooks/60-$pkgbase.hook"
+ sed "$subst" ../90-linux.hook | install -Dm644 /dev/stdin \
+ "$pkgdir/usr/share/libalpm/hooks/90-$pkgbase.hook"
+
+ msg2 "Fixing permissions..."
+ chmod -Rc u=rwX,go=rX "$pkgdir"
+}
+
+_package-headers() {
+ pkgdesc="Header files and scripts for building modules for Xanmod Linux kernel"
+
+ local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
+
+ cd $_srcname
+
+ msg2 "Installing build files..."
+ install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux
+ install -Dt "$builddir/kernel" -m644 kernel/Makefile
+ install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
+ cp -t "$builddir" -a scripts
+
+ # add objtool for external module building and enabled VALIDATION_STACK option
+ install -Dt "$builddir/tools/objtool" tools/objtool/objtool
+
+ # add xfs and shmem for aufs building
+ mkdir -p "$builddir"/{fs/xfs,mm}
+
+ # ???
+ mkdir "$builddir/.tmp_versions"
+
+ msg2 "Installing headers..."
+ cp -t "$builddir" -a include
+ cp -t "$builddir/arch/x86" -a arch/x86/include
+ install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
+
+ install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
+ install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
+
+ # http://bugs.archlinux.org/task/13146
+ install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
+
+ # http://bugs.archlinux.org/task/20402
+ install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
+ install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
+ install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
+
+ msg2 "Installing KConfig files..."
+ find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
+
+ msg2 "Removing unneeded architectures..."
+ local arch
+ for arch in "$builddir"/arch/*/; do
+ [[ $arch = */x86/ ]] && continue
+ echo "Removing $(basename "$arch")"
+ rm -r "$arch"
+ done
+
+ msg2 "Removing documentation..."
+ rm -r "$builddir/Documentation"
+
+ msg2 "Removing broken symlinks..."
+ find -L "$builddir" -type l -printf 'Removing %P\n' -delete
+
+ msg2 "Removing loose objects..."
+ find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
+
+ msg2 "Stripping build tools..."
+ local file
+ while read -rd '' file; do
+ case "$(file -bi "$file")" in
+ application/x-sharedlib\;*) # Libraries (.so)
+ strip -v $STRIP_SHARED "$file" ;;
+ application/x-archive\;*) # Libraries (.a)
+ strip -v $STRIP_STATIC "$file" ;;
+ application/x-executable\;*) # Binaries
+ strip -v $STRIP_BINARIES "$file" ;;
+ application/x-pie-executable\;*) # Relocatable binaries
+ strip -v $STRIP_SHARED "$file" ;;
+ esac
+ done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
+
+ msg2 "Adding symlink..."
+ mkdir -p "$pkgdir/usr/src"
+ ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase-$pkgver"
+
+ msg2 "Fixing permissions..."
+ chmod -Rc u=rwX,go=rX "$pkgdir"
+}
+
+pkgname=("${pkgbase}" "${pkgbase}-headers")
+for _p in "${pkgname[@]}"; do
+ eval "package_$_p() {
+ $(declare -f "_package${_p#$pkgbase}")
+ _package${_p#$pkgbase}
+ }"
+done
+
+# vim:set ts=8 sts=2 sw=2 et:
diff --git a/choose-gcc-optimization.sh b/choose-gcc-optimization.sh
new file mode 100755
index 00000000000..d1f1367c37a
--- /dev/null
+++ b/choose-gcc-optimization.sh
@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+
+. /usr/share/makepkg/util/message.sh
+colorize
+
+Detect_CPU=$(gcc -c -Q -march=native --help=target | grep march | awk '{print $2}')
+
+msg "Detected CPU architecture: $Detect_CPU"
+
+cat << EOF
+
+ Available CPU microarchitectures:
+
+ 1) AMD old K8-family
+ 2) AMD Improved K8-family (SSE3)
+ 3) AMD K10-family
+ 4) AMD Family 10h (Barcelona)
+ 5) AMD Family 14h (Bobcat)
+ 6) AMD Family 16h (Jaguar)
+ 7) AMD Family 15h (Bulldozer)
+ 8) AMD Family 15h (Piledriver)
+ 9) AMD Family 15h (Steamroller)
+ 10) AMD Family 15h (Excavator)
+ 11) AMD Family 17h (Zen)
+
+ 12) Intel P4 / older Netburst based Xeon (Core2)
+ 13) Intel Bonnell family of low-power Atom processors (Bonnell)
+ 14) Intel Silvermont family of low-power Atom processors (Silvermont)
+ 15) Intel 1st Gen Core i3/i5/i7-family (Nehalem)
+ 16) Intel 1.5 Gen Core i3/i5/i7-family (Westmere)
+ 17) Intel 2nd Gen Core i3/i5/i7-family (Sandybridge)
+ 18) Intel 3rd Gen Core i3/i5/i7-family (Ivybridge)
+ 19) Intel 4th Gen Core i3/i5/i7-family (Haswell)
+ 20) Intel 5th Gen Core i3/i5/i7-family (Broadwell)
+ 21) Intel 6th Gen Core i3/i5/i7-family (Skylake)
+
+ 22) Native optimizations autodetected by GCC
+
+ 0) Generic (default)
+
+EOF
+
+sleep 1
+answer=$1
+
+case $answer in
+ 1) Microarchitecture=CONFIG_MK8 ;;
+ 2) Microarchitecture=CONFIG_MK8SSE3 ;;
+ 3) Microarchitecture=CONFIG_MK10 ;;
+ 4) Microarchitecture=CONFIG_MBARCELONA ;;
+ 5) Microarchitecture=CONFIG_MBOBCAT ;;
+ 6) Microarchitecture=CONFIG_MJAGUAR ;;
+ 7) Microarchitecture=CONFIG_MBULLDOZER ;;
+ 8) Microarchitecture=CONFIG_MPILEDRIVER ;;
+ 9|10|11) Microarchitecture=CONFIG_MNATIVE ;; # Xanmod doesn't include those architectures!! Switch to native instead
+ 12) Microarchitecture=CONFIG_MPSC ;;
+ 13) Microarchitecture=CONFIG_MATOM ;;
+ 14) Microarchitecture=CONFIG_MSILVERMONT ;;
+ 15) Microarchitecture=CONFIG_MNEHALEM ;;
+ 16) Microarchitecture=CONFIG_MWESTMERE ;;
+ 17) Microarchitecture=CONFIG_MSANDYBRIDGE ;;
+ 18) Microarchitecture=CONFIG_MIVYBRIDGE ;;
+ 19) Microarchitecture=CONFIG_MHASWELL ;;
+ 20) Microarchitecture=CONFIG_MBROADWELL ;;
+ 21) Microarchitecture=CONFIG_MNATIVE ;; # Xanmod doesn't include this architecture!! Switch to native instead
+ 22) Microarchitecture=CONFIG_MNATIVE ;;
+ *) default=CONFIG_GENERIC_CPU ;;
+esac
+
+warning "According to PKGBUILD variable _microarchitecture, your choice is $answer"
+msg "Building this package for microarchitecture: $Microarchitecture$default"
+sleep 5
+
+sed -e 's|^CONFIG_GENERIC_CPU=y|# CONFIG_GENERIC_CPU is not set|g' -i .config
+sed -e "s|^# $Microarchitecture is not set|$Microarchitecture=y|g" -i .config
+
+echo
diff --git a/linux-xanmod-lts419.preset b/linux-xanmod-lts419.preset
new file mode 100644
index 00000000000..66709a8c153
--- /dev/null
+++ b/linux-xanmod-lts419.preset
@@ -0,0 +1,14 @@
+# mkinitcpio preset file for the '%PKGBASE%' package
+
+ALL_config="/etc/mkinitcpio.conf"
+ALL_kver="/boot/vmlinuz-%PKGBASE%"
+
+PRESETS=('default' 'fallback')
+
+#default_config="/etc/mkinitcpio.conf"
+default_image="/boot/initramfs-%PKGBASE%.img"
+#default_options=""
+
+#fallback_config="/etc/mkinitcpio.conf"
+fallback_image="/boot/initramfs-%PKGBASE%-fallback.img"
+fallback_options="-S autodetect"
diff --git a/linux.install b/linux.install
new file mode 100644
index 00000000000..372c56d9fd0
--- /dev/null
+++ b/linux.install
@@ -0,0 +1,13 @@
+# arg 1: the new package version
+# arg 2: the old package version
+
+post_upgrade() {
+ if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then
+ echo "WARNING: /boot appears to be a separate partition but is not mounted."
+ fi
+}
+
+post_remove() {
+ rm -f boot/initramfs-%PKGBASE%.img
+ rm -f boot/initramfs-%PKGBASE%-fallback.img
+}