Merge remote-tracking branch 'ms/faster-build' into next

config/rootfiles/common/aarch64/linux-headers

@@ -480,6 +480,7 @@
 #usr/include/linux/netfilter/xt_iprange.h
 #usr/include/linux/netfilter/xt_ipvs.h
 #usr/include/linux/netfilter/xt_l2tp.h
+#usr/include/linux/netfilter/xt_layer7.h
 #usr/include/linux/netfilter/xt_length.h
 #usr/include/linux/netfilter/xt_limit.h
 #usr/include/linux/netfilter/xt_mac.h

config/rootfiles/common/armv5tel/linux-headers

@@ -482,6 +482,7 @@
 #usr/include/linux/netfilter/xt_iprange.h
 #usr/include/linux/netfilter/xt_ipvs.h
 #usr/include/linux/netfilter/xt_l2tp.h
+#usr/include/linux/netfilter/xt_layer7.h
 #usr/include/linux/netfilter/xt_length.h
 #usr/include/linux/netfilter/xt_limit.h
 #usr/include/linux/netfilter/xt_mac.h

lfs/iptables

@@ -84,7 +84,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
-		--with-ksource=/usr/src/linux \
 		--libdir=/lib \
 		--includedir=/usr/include \
 		--enable-libipq \

lfs/linux

@@ -199,6 +199,46 @@ ifeq "$(BUILD_PLATFORM)" "arm"
 			done
 endif
 
+	# Recreate source and build links
+	rm -rf /lib/modules/$(VER)-$(VERSUFIX)/{build,source}
+	mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/build
+	ln -sf build /lib/modules/$(VER)-$(VERSUFIX)/source
+
+	# Create dirs for extra modules
+	mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/extra
+
+	cd $(DIR_APP) && cp --parents $$(find -type f -name "Makefile*" -o -name "Kconfig*") \
+		/lib/modules/$(VER)-$(VERSUFIX)/build
+	cd $(DIR_APP) && cp Module.symvers System.map /lib/modules/$(VER)-$(VERSUFIX)/build
+	rm -rf /lib/modules/$(VER)-$(VERSUFIX)/build/{Documentation,scripts,include}
+
+	cd $(DIR_APP) && cp .config /lib/modules/$(VER)-$(VERSUFIX)/build
+	cd $(DIR_APP) && cp -a scripts /lib/modules/$(VER)-$(VERSUFIX)/build
+	find /lib/modules/$(VER)-$(VERSUFIX)/build/scripts -name "*.o" -exec rm -vf {} \;
+
+	cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build
+	cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include
+
+	# Install objtool
+	cd $(DIR_APP) && cp -a tools/objtool/objtool \
+		/lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || :
+	cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \
+		tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build
+
+	# Make sure we can build external modules
+	touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/Makefile \
+		/lib/modules/$(VER)-$(VERSUFIX)/build/include/generated/uapi/linux/version.h
+	touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/.config \
+		/lib/modules/$(VER)-$(VERSUFIX)/build/autoconf.h
+	cp /lib/modules/$(VER)-$(VERSUFIX)/build/.config \
+		/lib/modules/$(VER)-$(VERSUFIX)/build/include/config/auto.conf
+
+	# Fix permissions
+	find /lib/modules/$(VER)-$(VERSUFIX) -name "modules.order" \
+		-exec chmod 644 {} \;
+
+	find /lib/modules/$(VER)-$(VERSUFIX) -name ".*.cmd" -exec rm -f {} \;
+
 ifeq "$(LASTKERNEL)" "1"
 	# Only do this once
 	cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/
@@ -225,5 +265,5 @@ endif
 	-rm -f /usr/src/log/*-kmod-$(VER)-$(VERSUFIX)
 	-rm -f /usr/src/log/linux-initrd-$(VER)-$(VERSUFIX)
 
-	@rm -rf $(DIR_SRC)/patch-o-matic* $(DIR_SRC)/iptables* $(DIR_SRC)/squashfs* $(DIR_SRC)/netfilter-layer7-*
+	@rm -rf $(DIR_APP) $(DIR_SRC)/linux
 	@$(POSTBUILD)

lfs/xtables-addons

@@ -102,8 +102,7 @@ ifeq "$(USPACE)" "1"
 		/usr/local/bin/
 else
 	cd $(DIR_APP) && ./configure \
-		--with-kbuild=/usr/src/linux-$(KVER)/
-
+		--with-kbuild=/lib/modules/$$(uname -r)$(KCFG)/build
 	cd $(DIR_APP) && make $(MAKETUNING)
 
 	# Install the built kernel modules.

make.sh

@@ -282,6 +282,7 @@ stdumount() {
 	umount $BASEDIR/build/usr/src/lfs		2>/dev/null;
 	umount $BASEDIR/build/usr/src/log		2>/dev/null;
 	umount $BASEDIR/build/usr/src/src		2>/dev/null;
+	umount $BASEDIR/build/usr/src		2>/dev/null;
 }
 
 now() {
@@ -469,6 +470,12 @@ prepareenv() {
 	mkdir -p $BASEDIR/build/{etc,usr/src} 2>/dev/null
 	mkdir -p $BASEDIR/build/{dev/{shm,pts},proc,sys}
 	mkdir -p $BASEDIR/{cache,ccache} 2>/dev/null
+
+	if [ "${ENABLE_RAMDISK}" = "on" ]; then
+		mkdir -p $BASEDIR/build/usr/src
+		mount -t tmpfs tmpfs -o size=4G,mode=1777 $BASEDIR/build/usr/src
+	fi
+
 	mkdir -p $BASEDIR/build/usr/src/{cache,config,doc,html,langs,lfs,log,src,ccache}
 
 	mknod -m 600 $BASEDIR/build/dev/console c 5 1 2>/dev/null
@@ -727,7 +734,7 @@ fake_environ() {
 
 	# Fake kernel version, because some of the packages do not compile
 	# with kernel 3.0 and later.
-	env="${env} UTS_RELEASE=${KVER}"
+	env="${env} UTS_RELEASE=${KVER}-ipfire"
 
 	# Fake machine version.
 	env="${env} UTS_MACHINE=${BUILD_ARCH}"
@@ -892,6 +899,9 @@ update_contributors() {
 	return 0
 }
 
+# Default settings
+ENABLE_RAMDISK="auto"
+
 # Load configuration file
 if [ -f .config ]; then
 	. .config
@@ -913,6 +923,14 @@ else
 	configure_build "default"
 fi
 
+# Automatically enable/disable ramdisk usage
+if [ "${ENABLE_RAMDISK}" = "auto" ]; then
+	# Enable only when the host system has 4GB of RAM or more
+	if [ ${SYSTEM_MEMORY} -ge 3900 ]; then
+		ENABLE_RAMDISK="on"
+	fi
+fi
+
 buildtoolchain() {
 	local error=false
 	case "${BUILD_ARCH}:${HOST_ARCH}" in

src/patches/linux/linux-4.14-layer7.patch

@@ -1,27 +1,8 @@
-diff --git a/include/linux/netfilter/xt_layer7.h b/include/linux/netfilter/xt_layer7.h
-new file mode 100644
-index 0000000..147cd64
---- /dev/null
-+++ b/include/linux/netfilter/xt_layer7.h
-@@ -0,0 +1,13 @@
-+#ifndef _XT_LAYER7_H
-+#define _XT_LAYER7_H
-+
-+#define MAX_PATTERN_LEN 8192
-+#define MAX_PROTOCOL_LEN 256
-+
-+struct xt_layer7_info {
-+    char protocol[MAX_PROTOCOL_LEN];
-+    char pattern[MAX_PATTERN_LEN];
-+    u_int8_t invert;
-+};
-+
-+#endif /* _XT_LAYER7_H */
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index d448a48..868a876 100644
+index 3172e14..798b8c9 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
-@@ -693,6 +693,9 @@ struct sk_buff {
+@@ -700,6 +700,9 @@ struct sk_buff {
  #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
  	unsigned long		 _nfct;
  #endif
@@ -59,6 +40,25 @@ index 792c3f6..f24a6ac 100644
  	/* Storage reserved for other modules, must be the last member */
  	union nf_conntrack_proto proto;
  };
+diff --git a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h
+new file mode 100644
+index 0000000..147cd64
+--- /dev/null
++++ b/include/uapi/linux/netfilter/xt_layer7.h
+@@ -0,0 +1,13 @@
++#ifndef _XT_LAYER7_H
++#define _XT_LAYER7_H
++
++#define MAX_PATTERN_LEN 8192
++#define MAX_PROTOCOL_LEN 256
++
++struct xt_layer7_info {
++    char protocol[MAX_PROTOCOL_LEN];
++    char pattern[MAX_PATTERN_LEN];
++    u_int8_t invert;
++};
++
++#endif /* _XT_LAYER7_H */
 diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
 index e4a13cc..0b0f501 100644
 --- a/net/netfilter/Kconfig
@@ -103,7 +103,7 @@ index f78ed24..268b7e7 100644
  obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 0113039..871eaa2 100644
+index 06520bf..0109de4 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
 @@ -427,6 +427,11 @@ destroy_conntrack(struct nf_conntrack *nfct)