summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaura Abbott <labbott@redhat.com>2019-10-23 14:53:43 -0400
committerLaura Abbott <labbott@redhat.com>2019-10-29 15:28:51 -0400
commit5648544aaba8a542ab14990ac83c4c401637aebf (patch)
tree0dc108ecef3ce200b4835f10c405e553fdec1781
parent11fa12d6aafcc7da26fa11b58f79cfcec7721718 (diff)
downloadkernel-5648544aaba8a542ab14990ac83c4c401637aebf.tar.gz
kernel-5648544aaba8a542ab14990ac83c4c401637aebf.tar.xz
kernel-5648544aaba8a542ab14990ac83c4c401637aebf.zip
Add mod-internal package
Some of the downstream users want to package some modules for internal use only. While Fedora isn't internal, it's still useful to have packaging aligned. Add a few modules to this package.
-rw-r--r--kernel.spec53
-rwxr-xr-xmod-extra-blacklist.sh48
-rwxr-xr-xmod-extra.sh62
-rw-r--r--mod-internal.list4
4 files changed, 138 insertions, 29 deletions
diff --git a/kernel.spec b/kernel.spec
index f102af3c6..c8a2ebcff 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -525,6 +525,7 @@ Source15: merge.pl
Source16: mod-extra.list
Source17: mod-extra.sh
Source18: mod-sign.sh
+Source19: mod-extra-blacklist.sh
Source90: filter-x86_64.sh
Source91: filter-armv7hl.sh
Source92: filter-i686.sh
@@ -555,6 +556,8 @@ Source41: generate_debug_configs.sh
Source42: process_configs.sh
Source43: generate_bls_conf.sh
+Source44: mod-internal.list
+
# This file is intentionally left empty in the stock kernel. Its a nicety
# added for those wanting to do custom rebuilds with altered config opts.
Source1000: kernel-local
@@ -832,6 +835,27 @@ This package provides *.ipa-clones files.\
%{nil}
#
+# This macro creates a kernel-<subpackage>-modules-internal package.
+# %%kernel_modules_internal_package <subpackage> <pretty-name>
+#
+%define kernel_modules_internal_package() \
+%package %{?1:%{1}-}modules-internal\
+Summary: Extra kernel modules to match the %{?2:%{2} }kernel\
+Group: System Environment/Kernel\
+Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}\
+Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\
+Provides: kernel%{?1:-%{1}}-modules-internal = %{version}-%{release}%{?1:+%{1}}\
+Provides: installonlypkg(kernel-module)\
+Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
+Requires: kernel-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
+AutoReq: no\
+AutoProv: yes\
+%description %{?1:%{1}-}modules-internal\
+This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
+%{nil}
+
+#
# This macro creates a kernel-<subpackage>-modules-extra package.
# %%kernel_modules_extra_package <subpackage> <pretty-name>
#
@@ -904,6 +928,7 @@ Obsoletes: kernel-bootwrapper\
%{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
+%{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_debuginfo_package %{?1:%{1}}}\
%{nil}
@@ -1464,6 +1489,7 @@ BuildKernel() {
(cd $RPM_BUILD_ROOT/lib/modules/$KernelVer ; ln -s build source)
# dirs for additional modules per module-init-tools, kbuild/modules.txt
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra
+ mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/internal
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates
# first copy everything
@@ -1686,6 +1712,10 @@ BuildKernel() {
# Call the modules-extra script to move things around
%{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16}
+ # Blacklist net autoloadable modules in modules-extra
+ %{SOURCE19} $RPM_BUILD_ROOT lib/modules/$KernelVer
+ # Call the modules-extra script for internal modules
+ %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE44} internal
#
# Generate the kernel-core and kernel-modules files lists
@@ -1699,7 +1729,7 @@ BuildKernel() {
cp -r lib/modules/$KernelVer/* restore/.
# don't include anything going into k-m-e in the file lists
- rm -rf lib/modules/$KernelVer/extra
+ rm -rf lib/modules/$KernelVer/{extra,internal}
if [ $DoModules -eq 1 ]; then
@@ -2068,6 +2098,20 @@ fi\
%{nil}
#
+# This macro defines a %%post script for a kernel*-modules-internal package.
+# It also defines a %%postun script that does the same thing.
+# %%kernel_modules_internal_post [<subpackage>]
+#
+%define kernel_modules_internal_post() \
+%{expand:%%post %{?1:%{1}-}modules-internal}\
+/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
+%{nil}\
+%{expand:%%postun %{?1:%{1}-}modules-internal}\
+/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
+%{nil}
+
+
+#
# This macro defines a %%post script for a kernel*-modules package.
# It also defines a %%postun script that does the same thing.
# %%kernel_modules_post [<subpackage>]
@@ -2102,6 +2146,7 @@ fi\
%{expand:%%kernel_devel_post %{?-v*}}\
%{expand:%%kernel_modules_post %{?-v*}}\
%{expand:%%kernel_modules_extra_post %{?-v*}}\
+%{expand:%%kernel_modules_internal_post %{?-v*}}\
%{expand:%%kernel_variant_posttrans %{?-v*}}\
%{expand:%%post %{?-v*:%{-v*}-}core}\
%{-r:\
@@ -2237,7 +2282,13 @@ fi
%defverify(not mtime)\
/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\
%{expand:%%files %{?3:%{3}-}modules-extra}\
+%config(noreplace) /etc/modprobe.d/*-blacklist.conf\
/lib/modules/%{KVERREL}%{?3:+%{3}}/extra\
+%%defattr(-,root,root)\
+%defverify(not mtime)\
+/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\
+%{expand:%%files %{?3:%{3}-}modules-internal}\
+/lib/modules/%{KVERREL}%{?3:+%{3}}/internal\
%if %{with_debuginfo}\
%ifnarch noarch\
%{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\
diff --git a/mod-extra-blacklist.sh b/mod-extra-blacklist.sh
new file mode 100755
index 000000000..9569ef6f2
--- /dev/null
+++ b/mod-extra-blacklist.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+buildroot="$1"
+kernel_base="$2"
+
+blacklist()
+{
+ cat > "$buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
+ # This kernel module can be automatically loaded by non-root users. To
+ # enhance system security, the module is blacklisted by default to ensure
+ # system administrators make the module available for use as needed.
+ # See https://access.redhat.com/articles/3760101 for more details.
+ #
+ # Remove the blacklist by adding a comment # at the start of the line.
+ blacklist $1
+__EOF__
+}
+
+check_blacklist()
+{
+ if modinfo "$1" | grep -q '^alias:\s\+net-'; then
+ mod="${1##*/}"
+ mod="${mod%.ko*}"
+ echo "$mod has an alias that allows auto-loading. Blacklisting."
+ blacklist "$mod"
+ fi
+}
+
+foreachp()
+{
+ P=$(nproc)
+ bgcount=0
+ while read mod; do
+ $1 "$mod" &
+
+ bgcount=$((bgcount + 1))
+ if [ $bgcount -eq $P ]; then
+ wait -n
+ bgcount=$((bgcount - 1))
+ fi
+ done
+
+ wait
+}
+
+[ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/"
+find "$buildroot/$kernel_base/extra" -name "*.ko*" | \
+ foreachp check_blacklist
diff --git a/mod-extra.sh b/mod-extra.sh
index d121bd0b1..7dc075b98 100755
--- a/mod-extra.sh
+++ b/mod-extra.sh
@@ -2,6 +2,10 @@
Dir=$1
List=$2
+Dest="extra"
+
+# Destination was specified on the command line
+test -n "$3" && Dest="$3"
pushd $Dir
rm -rf modnames
@@ -11,43 +15,45 @@ find . -name "*.ko" -type f > modnames
rm -rf dep.list dep2.list
rm -rf req.list req2.list
touch dep.list req.list
-cp $2 .
+cp "$List" .
-for dep in `cat modnames`
-do
- depends=`modinfo $dep | grep depends| cut -f2 -d":" | sed -e 's/^[ \t]*//'`
- [ -z "$depends" ] && continue;
- for mod in `echo $depends | sed -e 's/,/ /g'`
+# This variable needs to be exported because it is used in sub-script
+# executed by xargs
+export ListName=$(basename "$List")
+
+# NB: this loop runs 2000+ iterations. Try to be fast.
+NPROC=`nproc`
+[ -z "$NPROC" ] && NPROC=1
+cat modnames | xargs -r -n1 -P $NPROC sh -c '
+ dep=$1
+ depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
+ [ -z "$depends" ] && exit
+ for mod in ${depends//,/ }
do
- match=`grep "^$mod.ko" mod-extra.list` ||:
- if [ -z "$match" ]
+ match=$(grep "^$mod.ko" "$ListName")
+ [ -z "$match" ] && continue
+ # check if the module we are looking at is in mod-extra too.
+ # if so we do not need to mark the dep as required.
+ mod2=${dep##*/} # same as `basename $dep`, but faster
+ match2=$(grep "^$mod2" "$ListName")
+ if [ -n "$match2" ]
then
+ #echo $mod2 >> notreq.list
continue
- else
- # check if the module we're looking at is in mod-extra too. if so
- # we don't need to mark the dep as required
- mod2=`basename $dep`
- match2=`grep "^$mod2" mod-extra.list` ||:
- if [ -n "$match2" ]
- then
- continue
- #echo $mod2 >> notreq.list
- else
- echo $mod.ko >> req.list
- fi
fi
+ echo $mod.ko >> req.list
done
-done
+' DUMMYARG0 # xargs appends MODNAME, which becomes $dep in the script above
sort -u req.list > req2.list
-sort -u mod-extra.list > mod-extra2.list
-join -v 1 mod-extra2.list req2.list > mod-extra3.list
+sort -u "$ListName" > modules2.list
+join -v 1 modules2.list req2.list > modules3.list
-for mod in `cat mod-extra3.list`
+for mod in $(cat modules3.list)
do
# get the path for the module
- modpath=`grep /$mod modnames` ||:
- [ -z "$modpath" ] && continue;
+ modpath=`grep /$mod modnames`
+ [ -z "$modpath" ] && continue
echo $modpath >> dep.list
done
@@ -56,7 +62,7 @@ sort -u dep.list > dep2.list
# now move the modules into the extra/ directory
for mod in `cat dep2.list`
do
- newpath=`dirname $mod | sed -e 's/kernel\//extra\//'`
+ newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
mkdir -p $newpath
mv $mod $newpath
done
@@ -76,5 +82,5 @@ done
pushd $Dir
rm modnames dep.list dep2.list req.list req2.list
-rm mod-extra.list mod-extra2.list mod-extra3.list
+rm "$ListName" modules2.list modules3.list
popd
diff --git a/mod-internal.list b/mod-internal.list
new file mode 100644
index 000000000..9270dcc3f
--- /dev/null
+++ b/mod-internal.list
@@ -0,0 +1,4 @@
+mac80211_hwsim
+netdevsim
+pktgen
+rocker