From 668d612b0342f4208b6e51186fe8dc5f7173be31 Mon Sep 17 00:00:00 2001
From: Yorick Barbanneau <ephase@xieme-art.org>
Date: Wed, 28 Apr 2021 01:01:17 +0200
Subject: [PATCH] Download kernel sources from kernel.org

Add dependencies (curl, gpg, dirmngr)

anf check gpg signature
---
 Dockerfile         |  5 +++-
 src/make_kernel.sh | 75 +++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 72 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6715a78..291e510 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,10 +12,13 @@ RUN apt update \
                       bash \
                       git \
                       ca-certificates \
+                      curl \
+                      gpg \
+                      dirmngr
                       libssl-dev
 
 COPY docker/entrypoint.sh /tmp
 COPY src/ /tmp
 WORKDIR /tmp
 CMD /tmp/entrypoint.sh
-#CMD bash
+CMD bash
diff --git a/src/make_kernel.sh b/src/make_kernel.sh
index 2f52094..c1a085b 100755
--- a/src/make_kernel.sh
+++ b/src/make_kernel.sh
@@ -23,10 +23,42 @@ function error {
     >&2 printf "\e[31mE\e[0m %s\n" "$1"
 }
 
+function download {
+
+    local filename url http_response
+    filename="$1"
+    url="$2"
+
+    printf "Downloading %s: " "$filename"
+    http_response=$(curl -o /dev/null -s -L -I -w "%{http_code}\n" "$url")
+    if [ "$http_response" -eq 200 ]
+    then
+        if curl -o "$filename" "$url" -s >/dev/null 2>&1 
+        then
+            printf " done\n"
+        else
+            printf "unknown error\n"
+            return 1
+        fi
+    else
+        printf "error 404\n"
+        return 1
+    fi
+    return 0
+}
+
 export ARCH=arm64
 #export LOADADDR=0x40480000
 export CROSS_COMPILE=aarch64-linux-gnu-
-GIT_URL="https://github.com/torvalds/linux/"
+
+for c in curl gunzip tar gpg git
+do
+    if ! command -v "$c" >/dev/null
+    then
+        error "This script need $c to work properly"
+        exit 5
+    fi
+done
 
 if [ ! -z $1 ]
 then
@@ -37,20 +69,49 @@ if [ -z "$KERNEL_VERSION" ]
 then
     error "You need to define KERNEL_VERSION env variable"
     usage
-    exit 10
+    exit 1
 fi
 
+major_version=$(echo "$KERNEL_VERSION" | awk -F "." '{print $1}')
+url="https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/linux-${KERNEL_VERSION}.tar.xz"
+url_sign="https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/linux-${KERNEL_VERSION}.tar.sign" 
+
 if [ ! -d linux ]
 then
-    printf "Cloning Linux...\n"
-    # temporary linux 5.11rc7 commit
-    if ! git clone --depth 1 --branch=v${KERNEL_VERSION} $GIT_URL
+
+    printf "Get Linux source file for version %s\n" "${KERNEL_VERSION}"
+    if ! gpg --locate-keys torvalds@kernel.org gregkh@kernel.org >/dev/null
     then
-        error "Can't clone Linux, check version"
+        error "Can't get gpg pubkey for Linux Torvald and Greg Kroah-Hartman"
+        exit 10
+    fi
+    
+    if ! download linux.tar.xz "$url"
+    then
+        error "Can't get linux tarball, check version"
         exit 11
     fi
-fi
 
+    if ! download linux.tar.sign "$url_sign"
+    then
+        error "Can't get linux tarball, check version"
+        exit 11
+    fi
+
+    # verify signature
+    if ! xz -cd linux.tar.xz | gpg --trust-model tofu --verify linux.tar.sign - >/dev/null
+    then
+        error "problem with signature"
+        exit 12
+    fi
+    if ! xz -cd linux.tar.xz | tar -x
+    then
+        error "Cant extract linux tarball"
+        exit 13
+    fi
+    mv "linux-${KERNEL_VERSION}" linux
+fi
+exit 0
 cp ./dts/*.dts ./linux/arch/arm64/boot/dts/freescale/
 cp ./kernel-config ./linux/.config