hiromitsuhanada / rpms / kernel-rt

Forked from rpms/kernel-rt 4 years ago
Clone

Blame SOURCES/mod-blacklist.sh

f70460
#! /bin/bash
f70460
9e37a5
RpmDir=$1
9e37a5
ModDir=$2
9e37a5
Dir="$1/$2"
9e37a5
# Note the list filename must have the format mod-[PACKAGE].list, for example,
9e37a5
# mod-internal.list or mod-extra.list.  The PACKAGE is used to create a
9e37a5
# override directory for the modules.
9e37a5
List=$3
9e37a5
Dest="$4"
9e37a5
9e37a5
blacklist()
9e37a5
{
9e37a5
	cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
9e37a5
	# This kernel module can be automatically loaded by non-root users. To
9e37a5
	# enhance system security, the module is blacklisted by default to ensure
9e37a5
	# system administrators make the module available for use as needed.
9e37a5
	# See https://access.redhat.com/articles/3760101 for more details.
9e37a5
	#
9e37a5
	# Remove the blacklist by adding a comment # at the start of the line.
9e37a5
	blacklist $1
9e37a5
__EOF__
9e37a5
}
9e37a5
9e37a5
check_blacklist()
9e37a5
{
9e37a5
	mod=$(find $RpmDir/$ModDir -name "$1")
9e37a5
	[ ! "$mod" ] && return 0
9e37a5
	if modinfo $mod | grep -q '^alias:\s\+net-'; then
9e37a5
		mod="${1##*/}"
9e37a5
		mod="${mod%.ko*}"
9e37a5
		echo "$mod has an alias that allows auto-loading. Blacklisting."
9e37a5
		blacklist "$mod"
9e37a5
	fi
9e37a5
}
9e37a5
9e37a5
find_depends()
9e37a5
{
9e37a5
	dep=$1
9e37a5
	depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
9e37a5
	[ -z "$depends" ] && exit
9e37a5
	for mod in ${depends//,/ }
9e37a5
	do
9e37a5
		match=$(grep "^$mod.ko" "$ListName")
9e37a5
		[ -z "$match" ] && continue
9e37a5
		# check if the module we are looking at is in mod-* too.
9e37a5
		# if so we do not need to mark the dep as required.
9e37a5
		mod2=${dep##*/}  # same as `basename $dep`, but faster
9e37a5
		match2=$(grep "^$mod2" "$ListName")
9e37a5
		if [ -n "$match2" ]
9e37a5
		then
9e37a5
			#echo $mod2 >> notreq.list
9e37a5
			continue
9e37a5
		fi
9e37a5
		echo $mod.ko >> req.list
9e37a5
	done
9e37a5
}
9e37a5
9e37a5
foreachp()
9e37a5
{
9e37a5
	P=$(nproc)
9e37a5
	bgcount=0
9e37a5
	while read mod; do
9e37a5
		$1 "$mod" &
9e37a5
9e37a5
		bgcount=$((bgcount + 1))
9e37a5
		if [ $bgcount -eq $P ]; then
9e37a5
			wait -n
9e37a5
			bgcount=$((bgcount - 1))
9e37a5
		fi
9e37a5
	done
9e37a5
9e37a5
	wait
9e37a5
}
f70460
f70460
# Destination was specified on the command line
9e37a5
test -n "$4" && echo "$0: Override Destination $Dest has been specified."
f70460
f70460
pushd $Dir
9e37a5
9e37a5
OverrideDir=$(basename $List)
9e37a5
OverrideDir=${OverrideDir%.*}
9e37a5
OverrideDir=${OverrideDir#*-}
9e37a5
mkdir -p $OverrideDir
9e37a5
f70460
rm -rf modnames
f70460
find . -name "*.ko" -type f > modnames
f70460
# Look through all of the modules, and throw any that have a dependency in
f70460
# our list into the list as well.
f70460
rm -rf dep.list dep2.list
f70460
rm -rf req.list req2.list
f70460
touch dep.list req.list
f70460
cp "$List" .
f70460
f70460
# This variable needs to be exported because it is used in sub-script
f70460
# executed by xargs
f70460
export ListName=$(basename "$List")
f70460
9e37a5
foreachp find_depends < modnames
f70460
f70460
sort -u req.list > req2.list
f70460
sort -u "$ListName" > modules2.list
f70460
join -v 1 modules2.list req2.list > modules3.list
f70460
f70460
for mod in $(cat modules3.list)
f70460
do
f70460
  # get the path for the module
f70460
  modpath=`grep /$mod modnames`
f70460
  [ -z "$modpath" ] && continue
f70460
  echo $modpath >> dep.list
f70460
done
f70460
f70460
sort -u dep.list > dep2.list
f70460
9e37a5
if [ -n "$Dest" ]; then
9e37a5
	# now move the modules into the $Dest directory
9e37a5
	for mod in `cat dep2.list`
9e37a5
	do
9e37a5
	  newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
9e37a5
	  mkdir -p $newpath
9e37a5
	  mv $mod $newpath
9e37a5
	  echo $mod | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> $RpmDir/$ListName
9e37a5
	done
9e37a5
fi
f70460
f70460
popd
f70460
f70460
# If we're signing modules, we can't leave the .mod files for the .ko files
f70460
# we've moved in .tmp_versions/.  Remove them so the Kbuild 'modules_sign'
f70460
# target doesn't try to sign a non-existent file.  This is kinda ugly, but
9e37a5
# so are the modules-* packages.
f70460
f70460
for mod in `cat ${Dir}/dep2.list`
f70460
do
f70460
  modfile=`basename $mod | sed -e 's/.ko/.mod/'`
f70460
  rm .tmp_versions/$modfile
f70460
done
f70460
9e37a5
if [ ! -n "$Dest" ]; then
9e37a5
	sed -e "s|^.|${ModDir}|g" ${Dir}/dep2.list > $RpmDir/$ListName
9e37a5
	echo "./$RpmDir/$ListName created."
9e37a5
	[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
9e37a5
	foreachp check_blacklist < $List
9e37a5
fi
9e37a5
9e37a5
# avoid an empty kernel-extra package
9e37a5
echo "$ModDir/$OverrideDir" >> $RpmDir/$ListName
9e37a5
f70460
pushd $Dir
f70460
rm modnames dep.list dep2.list req.list req2.list
f70460
rm "$ListName" modules2.list modules3.list
f70460
popd