|
|
44a40b |
#! /bin/bash
|
|
|
44a40b |
# shellcheck disable=SC2164
|
|
|
44a40b |
|
|
|
44a40b |
RpmDir=$1
|
|
|
44a40b |
ModDir=$2
|
|
|
44a40b |
Dir="$1/$2"
|
|
|
44a40b |
# Note the list filename must have the format mod-[PACKAGE].list, for example,
|
|
|
44a40b |
# mod-internal.list or mod-extra.list. The PACKAGE is used to create a
|
|
|
44a40b |
# override directory for the modules.
|
|
|
44a40b |
List=$3
|
|
|
44a40b |
Dest="$4"
|
|
|
44a40b |
|
|
|
44a40b |
blacklist()
|
|
|
44a40b |
{
|
|
|
44a40b |
cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
|
|
|
44a40b |
# This kernel module can be automatically loaded by non-root users. To
|
|
|
44a40b |
# enhance system security, the module is blacklisted by default to ensure
|
|
|
44a40b |
# system administrators make the module available for use as needed.
|
|
|
44a40b |
# See https://access.redhat.com/articles/3760101 for more details.
|
|
|
44a40b |
#
|
|
|
44a40b |
# Remove the blacklist by adding a comment # at the start of the line.
|
|
|
44a40b |
blacklist $1
|
|
|
44a40b |
__EOF__
|
|
|
44a40b |
}
|
|
|
44a40b |
|
|
|
44a40b |
check_blacklist()
|
|
|
44a40b |
{
|
|
|
44a40b |
mod=$(find "$RpmDir/$ModDir" -name "$1")
|
|
|
44a40b |
[ ! "$mod" ] && return 0
|
|
|
44a40b |
if modinfo "$mod" | grep -q '^alias:\s\+net-'; then
|
|
|
44a40b |
mod="${1##*/}"
|
|
|
44a40b |
mod="${mod%.ko*}"
|
|
|
44a40b |
echo "$mod has an alias that allows auto-loading. Blacklisting."
|
|
|
44a40b |
blacklist "$mod"
|
|
|
44a40b |
fi
|
|
|
44a40b |
}
|
|
|
44a40b |
|
|
|
44a40b |
find_depends()
|
|
|
44a40b |
{
|
|
|
44a40b |
dep=$1
|
|
|
44a40b |
depends=$(modinfo "$dep" | sed -n -e "/^depends/ s/^depends:[ \t]*//p")
|
|
|
44a40b |
[ -z "$depends" ] && exit
|
|
|
44a40b |
for mod in ${depends//,/ }
|
|
|
44a40b |
do
|
|
|
44a40b |
match=$(grep "^$mod.ko" "$ListName")
|
|
|
44a40b |
[ -z "$match" ] && continue
|
|
|
44a40b |
# check if the module we are looking at is in mod-* too.
|
|
|
44a40b |
# if so we do not need to mark the dep as required.
|
|
|
44a40b |
mod2=${dep##*/} # same as $(basename $dep), but faster
|
|
|
44a40b |
match2=$(grep "^$mod2" "$ListName")
|
|
|
44a40b |
if [ -n "$match2" ]
|
|
|
44a40b |
then
|
|
|
44a40b |
#echo $mod2 >> notreq.list
|
|
|
44a40b |
continue
|
|
|
44a40b |
fi
|
|
|
44a40b |
echo "$mod".ko >> req.list
|
|
|
44a40b |
done
|
|
|
44a40b |
}
|
|
|
44a40b |
|
|
|
44a40b |
foreachp()
|
|
|
44a40b |
{
|
|
|
44a40b |
P=$(nproc)
|
|
|
44a40b |
bgcount=0
|
|
|
44a40b |
while read -r mod; do
|
|
|
44a40b |
$1 "$mod" &
|
|
|
44a40b |
|
|
|
44a40b |
bgcount=$((bgcount + 1))
|
|
|
44a40b |
if [ $bgcount -eq "$P" ]; then
|
|
|
44a40b |
wait -n
|
|
|
44a40b |
bgcount=$((bgcount - 1))
|
|
|
44a40b |
fi
|
|
|
44a40b |
done
|
|
|
44a40b |
|
|
|
44a40b |
wait
|
|
|
44a40b |
}
|
|
|
44a40b |
|
|
|
44a40b |
# Destination was specified on the command line
|
|
|
44a40b |
test -n "$4" && echo "$0: Override Destination $Dest has been specified."
|
|
|
44a40b |
|
|
|
44a40b |
pushd "$Dir"
|
|
|
44a40b |
|
|
|
44a40b |
OverrideDir=$(basename "$List")
|
|
|
44a40b |
OverrideDir=${OverrideDir%.*}
|
|
|
44a40b |
OverrideDir=${OverrideDir#*-}
|
|
|
44a40b |
mkdir -p "$OverrideDir"
|
|
|
44a40b |
|
|
|
44a40b |
rm -rf modnames
|
|
|
44a40b |
find . -name "*.ko" -type f > modnames
|
|
|
44a40b |
# Look through all of the modules, and throw any that have a dependency in
|
|
|
44a40b |
# our list into the list as well.
|
|
|
44a40b |
rm -rf dep.list dep2.list
|
|
|
44a40b |
rm -rf req.list req2.list
|
|
|
44a40b |
touch dep.list req.list
|
|
|
44a40b |
cp "$List" .
|
|
|
44a40b |
|
|
|
44a40b |
# This variable needs to be exported because it is used in sub-script
|
|
|
44a40b |
# executed by xargs
|
|
|
44a40b |
ListName=$(basename "$List")
|
|
|
44a40b |
export ListName
|
|
|
44a40b |
|
|
|
44a40b |
foreachp find_depends < modnames
|
|
|
44a40b |
|
|
|
44a40b |
sort -u req.list > req2.list
|
|
|
44a40b |
sort -u "$ListName" > modules2.list
|
|
|
44a40b |
join -v 1 modules2.list req2.list > modules3.list
|
|
|
44a40b |
|
|
|
44a40b |
while IFS= read -r mod
|
|
|
44a40b |
do
|
|
|
44a40b |
# get the path for the module
|
|
|
44a40b |
modpath=$(grep /"$mod" modnames)
|
|
|
44a40b |
[ -z "$modpath" ] && continue
|
|
|
44a40b |
echo "$modpath" >> dep.list
|
|
|
44a40b |
done < modules3.list
|
|
|
44a40b |
|
|
|
44a40b |
sort -u dep.list > dep2.list
|
|
|
44a40b |
|
|
|
44a40b |
if [ -n "$Dest" ]; then
|
|
|
44a40b |
# now move the modules into the $Dest directory
|
|
|
44a40b |
while IFS= read -r mod
|
|
|
44a40b |
do
|
|
|
44a40b |
newpath=$(dirname "$mod" | sed -e "s/kernel\\//$Dest\//")
|
|
|
44a40b |
mkdir -p "$newpath"
|
|
|
44a40b |
mv "$mod" "$newpath"
|
|
|
44a40b |
echo "$mod" | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> "$RpmDir"/"$ListName"
|
|
|
44a40b |
done < dep2.list
|
|
|
44a40b |
fi
|
|
|
44a40b |
|
|
|
44a40b |
popd
|
|
|
44a40b |
|
|
|
44a40b |
# If we're signing modules, we can't leave the .mod files for the .ko files
|
|
|
44a40b |
# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign'
|
|
|
44a40b |
# target doesn't try to sign a non-existent file. This is kinda ugly, but
|
|
|
44a40b |
# so are the modules-* packages.
|
|
|
44a40b |
|
|
|
44a40b |
while IFS= read -r mod
|
|
|
44a40b |
do
|
|
|
44a40b |
modfile=$(basename "$mod" | sed -e 's/.ko/.mod/')
|
|
|
44a40b |
rm .tmp_versions/"$modfile"
|
|
|
44a40b |
done < "$Dir"/dep2.list
|
|
|
44a40b |
|
|
|
44a40b |
if [ -z "$Dest" ]; then
|
|
|
44a40b |
sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName"
|
|
|
44a40b |
echo "./$RpmDir/$ListName created."
|
|
|
44a40b |
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
|
|
|
44a40b |
foreachp check_blacklist < "$List"
|
|
|
44a40b |
fi
|
|
|
44a40b |
|
|
|
44a40b |
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload
|
|
|
44a40b |
# even though most modern systems don't have a 3.5" floppy driver anymore
|
|
|
44a40b |
# this replaces the old die_floppy_die.patch which removed the PNP-id from
|
|
|
44a40b |
# the module
|
|
|
44a40b |
|
|
|
44a40b |
floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*)
|
|
|
44a40b |
if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then
|
|
|
44a40b |
blacklist "floppy"
|
|
|
44a40b |
fi
|
|
|
44a40b |
|
|
|
44a40b |
# avoid an empty kernel-extra package
|
|
|
44a40b |
echo "$ModDir/$OverrideDir" >> "$RpmDir/$ListName"
|
|
|
44a40b |
|
|
|
44a40b |
pushd "$Dir"
|
|
|
44a40b |
rm modnames dep.list dep2.list req.list req2.list
|
|
|
44a40b |
rm "$ListName" modules2.list modules3.list
|
|
|
44a40b |
popd
|