diff options
author | Laura Abbott <labbott@redhat.com> | 2019-10-23 14:53:43 -0400 |
---|---|---|
committer | Laura Abbott <labbott@redhat.com> | 2019-10-29 15:28:51 -0400 |
commit | 5648544aaba8a542ab14990ac83c4c401637aebf (patch) | |
tree | 0dc108ecef3ce200b4835f10c405e553fdec1781 | |
parent | 11fa12d6aafcc7da26fa11b58f79cfcec7721718 (diff) | |
download | kernel-5648544aaba8a542ab14990ac83c4c401637aebf.tar.gz kernel-5648544aaba8a542ab14990ac83c4c401637aebf.tar.xz kernel-5648544aaba8a542ab14990ac83c4c401637aebf.zip |
Add mod-internal package
Some of the downstream users want to package some modules for
internal use only. While Fedora isn't internal, it's still
useful to have packaging aligned. Add a few modules to this
package.
-rw-r--r-- | kernel.spec | 53 | ||||
-rwxr-xr-x | mod-extra-blacklist.sh | 48 | ||||
-rwxr-xr-x | mod-extra.sh | 62 | ||||
-rw-r--r-- | mod-internal.list | 4 |
4 files changed, 138 insertions, 29 deletions
diff --git a/kernel.spec b/kernel.spec index f102af3c6..c8a2ebcff 100644 --- a/kernel.spec +++ b/kernel.spec @@ -525,6 +525,7 @@ Source15: merge.pl Source16: mod-extra.list Source17: mod-extra.sh Source18: mod-sign.sh +Source19: mod-extra-blacklist.sh Source90: filter-x86_64.sh Source91: filter-armv7hl.sh Source92: filter-i686.sh @@ -555,6 +556,8 @@ Source41: generate_debug_configs.sh Source42: process_configs.sh Source43: generate_bls_conf.sh +Source44: mod-internal.list + # This file is intentionally left empty in the stock kernel. Its a nicety # added for those wanting to do custom rebuilds with altered config opts. Source1000: kernel-local @@ -832,6 +835,27 @@ This package provides *.ipa-clones files.\ %{nil} # +# This macro creates a kernel-<subpackage>-modules-internal package. +# %%kernel_modules_internal_package <subpackage> <pretty-name> +# +%define kernel_modules_internal_package() \ +%package %{?1:%{1}-}modules-internal\ +Summary: Extra kernel modules to match the %{?2:%{2} }kernel\ +Group: System Environment/Kernel\ +Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}\ +Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\ +Provides: kernel%{?1:-%{1}}-modules-internal = %{version}-%{release}%{?1:+%{1}}\ +Provides: installonlypkg(kernel-module)\ +Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ +Requires: kernel-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ +AutoReq: no\ +AutoProv: yes\ +%description %{?1:%{1}-}modules-internal\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ +%{nil} + +# # This macro creates a kernel-<subpackage>-modules-extra package. # %%kernel_modules_extra_package <subpackage> <pretty-name> # @@ -904,6 +928,7 @@ Obsoletes: kernel-bootwrapper\ %{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ +%{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %{nil} @@ -1464,6 +1489,7 @@ BuildKernel() { (cd $RPM_BUILD_ROOT/lib/modules/$KernelVer ; ln -s build source) # dirs for additional modules per module-init-tools, kbuild/modules.txt mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra + mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/internal mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates # first copy everything @@ -1686,6 +1712,10 @@ BuildKernel() { # Call the modules-extra script to move things around %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16} + # Blacklist net autoloadable modules in modules-extra + %{SOURCE19} $RPM_BUILD_ROOT lib/modules/$KernelVer + # Call the modules-extra script for internal modules + %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE44} internal # # Generate the kernel-core and kernel-modules files lists @@ -1699,7 +1729,7 @@ BuildKernel() { cp -r lib/modules/$KernelVer/* restore/. # don't include anything going into k-m-e in the file lists - rm -rf lib/modules/$KernelVer/extra + rm -rf lib/modules/$KernelVer/{extra,internal} if [ $DoModules -eq 1 ]; then @@ -2068,6 +2098,20 @@ fi\ %{nil} # +# This macro defines a %%post script for a kernel*-modules-internal package. +# It also defines a %%postun script that does the same thing. +# %%kernel_modules_internal_post [<subpackage>] +# +%define kernel_modules_internal_post() \ +%{expand:%%post %{?1:%{1}-}modules-internal}\ +/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}modules-internal}\ +/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +%{nil} + + +# # This macro defines a %%post script for a kernel*-modules package. # It also defines a %%postun script that does the same thing. # %%kernel_modules_post [<subpackage>] @@ -2102,6 +2146,7 @@ fi\ %{expand:%%kernel_devel_post %{?-v*}}\ %{expand:%%kernel_modules_post %{?-v*}}\ %{expand:%%kernel_modules_extra_post %{?-v*}}\ +%{expand:%%kernel_modules_internal_post %{?-v*}}\ %{expand:%%kernel_variant_posttrans %{?-v*}}\ %{expand:%%post %{?-v*:%{-v*}-}core}\ %{-r:\ @@ -2237,7 +2282,13 @@ fi %defverify(not mtime)\ /usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ %{expand:%%files %{?3:%{3}-}modules-extra}\ +%config(noreplace) /etc/modprobe.d/*-blacklist.conf\ /lib/modules/%{KVERREL}%{?3:+%{3}}/extra\ +%%defattr(-,root,root)\ +%defverify(not mtime)\ +/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ +%{expand:%%files %{?3:%{3}-}modules-internal}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/internal\ %if %{with_debuginfo}\ %ifnarch noarch\ %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ diff --git a/mod-extra-blacklist.sh b/mod-extra-blacklist.sh new file mode 100755 index 000000000..9569ef6f2 --- /dev/null +++ b/mod-extra-blacklist.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +buildroot="$1" +kernel_base="$2" + +blacklist() +{ + cat > "$buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + # This kernel module can be automatically loaded by non-root users. To + # enhance system security, the module is blacklisted by default to ensure + # system administrators make the module available for use as needed. + # See https://access.redhat.com/articles/3760101 for more details. + # + # Remove the blacklist by adding a comment # at the start of the line. + blacklist $1 +__EOF__ +} + +check_blacklist() +{ + if modinfo "$1" | grep -q '^alias:\s\+net-'; then + mod="${1##*/}" + mod="${mod%.ko*}" + echo "$mod has an alias that allows auto-loading. Blacklisting." + blacklist "$mod" + fi +} + +foreachp() +{ + P=$(nproc) + bgcount=0 + while read mod; do + $1 "$mod" & + + bgcount=$((bgcount + 1)) + if [ $bgcount -eq $P ]; then + wait -n + bgcount=$((bgcount - 1)) + fi + done + + wait +} + +[ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/" +find "$buildroot/$kernel_base/extra" -name "*.ko*" | \ + foreachp check_blacklist diff --git a/mod-extra.sh b/mod-extra.sh index d121bd0b1..7dc075b98 100755 --- a/mod-extra.sh +++ b/mod-extra.sh @@ -2,6 +2,10 @@ Dir=$1 List=$2 +Dest="extra" + +# Destination was specified on the command line +test -n "$3" && Dest="$3" pushd $Dir rm -rf modnames @@ -11,43 +15,45 @@ find . -name "*.ko" -type f > modnames rm -rf dep.list dep2.list rm -rf req.list req2.list touch dep.list req.list -cp $2 . +cp "$List" . -for dep in `cat modnames` -do - depends=`modinfo $dep | grep depends| cut -f2 -d":" | sed -e 's/^[ \t]*//'` - [ -z "$depends" ] && continue; - for mod in `echo $depends | sed -e 's/,/ /g'` +# This variable needs to be exported because it is used in sub-script +# executed by xargs +export ListName=$(basename "$List") + +# NB: this loop runs 2000+ iterations. Try to be fast. +NPROC=`nproc` +[ -z "$NPROC" ] && NPROC=1 +cat modnames | xargs -r -n1 -P $NPROC sh -c ' + dep=$1 + depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"` + [ -z "$depends" ] && exit + for mod in ${depends//,/ } do - match=`grep "^$mod.ko" mod-extra.list` ||: - if [ -z "$match" ] + match=$(grep "^$mod.ko" "$ListName") + [ -z "$match" ] && continue + # check if the module we are looking at is in mod-extra too. + # if so we do not need to mark the dep as required. + mod2=${dep##*/} # same as `basename $dep`, but faster + match2=$(grep "^$mod2" "$ListName") + if [ -n "$match2" ] then + #echo $mod2 >> notreq.list continue - else - # check if the module we're looking at is in mod-extra too. if so - # we don't need to mark the dep as required - mod2=`basename $dep` - match2=`grep "^$mod2" mod-extra.list` ||: - if [ -n "$match2" ] - then - continue - #echo $mod2 >> notreq.list - else - echo $mod.ko >> req.list - fi fi + echo $mod.ko >> req.list done -done +' DUMMYARG0 # xargs appends MODNAME, which becomes $dep in the script above sort -u req.list > req2.list -sort -u mod-extra.list > mod-extra2.list -join -v 1 mod-extra2.list req2.list > mod-extra3.list +sort -u "$ListName" > modules2.list +join -v 1 modules2.list req2.list > modules3.list -for mod in `cat mod-extra3.list` +for mod in $(cat modules3.list) do # get the path for the module - modpath=`grep /$mod modnames` ||: - [ -z "$modpath" ] && continue; + modpath=`grep /$mod modnames` + [ -z "$modpath" ] && continue echo $modpath >> dep.list done @@ -56,7 +62,7 @@ sort -u dep.list > dep2.list # now move the modules into the extra/ directory for mod in `cat dep2.list` do - newpath=`dirname $mod | sed -e 's/kernel\//extra\//'` + newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"` mkdir -p $newpath mv $mod $newpath done @@ -76,5 +82,5 @@ done pushd $Dir rm modnames dep.list dep2.list req.list req2.list -rm mod-extra.list mod-extra2.list mod-extra3.list +rm "$ListName" modules2.list modules3.list popd diff --git a/mod-internal.list b/mod-internal.list new file mode 100644 index 000000000..9270dcc3f --- /dev/null +++ b/mod-internal.list @@ -0,0 +1,4 @@ +mac80211_hwsim +netdevsim +pktgen +rocker |