|
|
f70460 |
#! /bin/bash
|
|
|
f70460 |
|
|
|
9e37a5 |
RpmDir=$1
|
|
|
9e37a5 |
ModDir=$2
|
|
|
9e37a5 |
Dir="$1/$2"
|
|
|
9e37a5 |
# Note the list filename must have the format mod-[PACKAGE].list, for example,
|
|
|
9e37a5 |
# mod-internal.list or mod-extra.list. The PACKAGE is used to create a
|
|
|
9e37a5 |
# override directory for the modules.
|
|
|
9e37a5 |
List=$3
|
|
|
9e37a5 |
Dest="$4"
|
|
|
9e37a5 |
|
|
|
9e37a5 |
blacklist()
|
|
|
9e37a5 |
{
|
|
|
9e37a5 |
cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
|
|
|
9e37a5 |
# This kernel module can be automatically loaded by non-root users. To
|
|
|
9e37a5 |
# enhance system security, the module is blacklisted by default to ensure
|
|
|
9e37a5 |
# system administrators make the module available for use as needed.
|
|
|
9e37a5 |
# See https://access.redhat.com/articles/3760101 for more details.
|
|
|
9e37a5 |
#
|
|
|
9e37a5 |
# Remove the blacklist by adding a comment # at the start of the line.
|
|
|
9e37a5 |
blacklist $1
|
|
|
9e37a5 |
__EOF__
|
|
|
9e37a5 |
}
|
|
|
9e37a5 |
|
|
|
9e37a5 |
check_blacklist()
|
|
|
9e37a5 |
{
|
|
|
9e37a5 |
mod=$(find $RpmDir/$ModDir -name "$1")
|
|
|
9e37a5 |
[ ! "$mod" ] && return 0
|
|
|
9e37a5 |
if modinfo $mod | grep -q '^alias:\s\+net-'; then
|
|
|
9e37a5 |
mod="${1##*/}"
|
|
|
9e37a5 |
mod="${mod%.ko*}"
|
|
|
9e37a5 |
echo "$mod has an alias that allows auto-loading. Blacklisting."
|
|
|
9e37a5 |
blacklist "$mod"
|
|
|
9e37a5 |
fi
|
|
|
9e37a5 |
}
|
|
|
9e37a5 |
|
|
|
9e37a5 |
find_depends()
|
|
|
9e37a5 |
{
|
|
|
9e37a5 |
dep=$1
|
|
|
9e37a5 |
depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
|
|
|
9e37a5 |
[ -z "$depends" ] && exit
|
|
|
9e37a5 |
for mod in ${depends//,/ }
|
|
|
9e37a5 |
do
|
|
|
9e37a5 |
match=$(grep "^$mod.ko" "$ListName")
|
|
|
9e37a5 |
[ -z "$match" ] && continue
|
|
|
9e37a5 |
# check if the module we are looking at is in mod-* too.
|
|
|
9e37a5 |
# if so we do not need to mark the dep as required.
|
|
|
9e37a5 |
mod2=${dep##*/} # same as `basename $dep`, but faster
|
|
|
9e37a5 |
match2=$(grep "^$mod2" "$ListName")
|
|
|
9e37a5 |
if [ -n "$match2" ]
|
|
|
9e37a5 |
then
|
|
|
9e37a5 |
#echo $mod2 >> notreq.list
|
|
|
9e37a5 |
continue
|
|
|
9e37a5 |
fi
|
|
|
9e37a5 |
echo $mod.ko >> req.list
|
|
|
9e37a5 |
done
|
|
|
9e37a5 |
}
|
|
|
9e37a5 |
|
|
|
9e37a5 |
foreachp()
|
|
|
9e37a5 |
{
|
|
|
9e37a5 |
P=$(nproc)
|
|
|
9e37a5 |
bgcount=0
|
|
|
9e37a5 |
while read mod; do
|
|
|
9e37a5 |
$1 "$mod" &
|
|
|
9e37a5 |
|
|
|
9e37a5 |
bgcount=$((bgcount + 1))
|
|
|
9e37a5 |
if [ $bgcount -eq $P ]; then
|
|
|
9e37a5 |
wait -n
|
|
|
9e37a5 |
bgcount=$((bgcount - 1))
|
|
|
9e37a5 |
fi
|
|
|
9e37a5 |
done
|
|
|
9e37a5 |
|
|
|
9e37a5 |
wait
|
|
|
9e37a5 |
}
|
|
|
f70460 |
|
|
|
f70460 |
# Destination was specified on the command line
|
|
|
9e37a5 |
test -n "$4" && echo "$0: Override Destination $Dest has been specified."
|
|
|
f70460 |
|
|
|
f70460 |
pushd $Dir
|
|
|
9e37a5 |
|
|
|
9e37a5 |
OverrideDir=$(basename $List)
|
|
|
9e37a5 |
OverrideDir=${OverrideDir%.*}
|
|
|
9e37a5 |
OverrideDir=${OverrideDir#*-}
|
|
|
9e37a5 |
mkdir -p $OverrideDir
|
|
|
9e37a5 |
|
|
|
f70460 |
rm -rf modnames
|
|
|
f70460 |
find . -name "*.ko" -type f > modnames
|
|
|
f70460 |
# Look through all of the modules, and throw any that have a dependency in
|
|
|
f70460 |
# our list into the list as well.
|
|
|
f70460 |
rm -rf dep.list dep2.list
|
|
|
f70460 |
rm -rf req.list req2.list
|
|
|
f70460 |
touch dep.list req.list
|
|
|
f70460 |
cp "$List" .
|
|
|
f70460 |
|
|
|
f70460 |
# This variable needs to be exported because it is used in sub-script
|
|
|
f70460 |
# executed by xargs
|
|
|
f70460 |
export ListName=$(basename "$List")
|
|
|
f70460 |
|
|
|
9e37a5 |
foreachp find_depends < modnames
|
|
|
f70460 |
|
|
|
f70460 |
sort -u req.list > req2.list
|
|
|
f70460 |
sort -u "$ListName" > modules2.list
|
|
|
f70460 |
join -v 1 modules2.list req2.list > modules3.list
|
|
|
f70460 |
|
|
|
f70460 |
for mod in $(cat modules3.list)
|
|
|
f70460 |
do
|
|
|
f70460 |
# get the path for the module
|
|
|
f70460 |
modpath=`grep /$mod modnames`
|
|
|
f70460 |
[ -z "$modpath" ] && continue
|
|
|
f70460 |
echo $modpath >> dep.list
|
|
|
f70460 |
done
|
|
|
f70460 |
|
|
|
f70460 |
sort -u dep.list > dep2.list
|
|
|
f70460 |
|
|
|
9e37a5 |
if [ -n "$Dest" ]; then
|
|
|
9e37a5 |
# now move the modules into the $Dest directory
|
|
|
9e37a5 |
for mod in `cat dep2.list`
|
|
|
9e37a5 |
do
|
|
|
9e37a5 |
newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
|
|
|
9e37a5 |
mkdir -p $newpath
|
|
|
9e37a5 |
mv $mod $newpath
|
|
|
9e37a5 |
echo $mod | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> $RpmDir/$ListName
|
|
|
9e37a5 |
done
|
|
|
9e37a5 |
fi
|
|
|
f70460 |
|
|
|
f70460 |
popd
|
|
|
f70460 |
|
|
|
f70460 |
# If we're signing modules, we can't leave the .mod files for the .ko files
|
|
|
f70460 |
# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign'
|
|
|
f70460 |
# target doesn't try to sign a non-existent file. This is kinda ugly, but
|
|
|
9e37a5 |
# so are the modules-* packages.
|
|
|
f70460 |
|
|
|
f70460 |
for mod in `cat ${Dir}/dep2.list`
|
|
|
f70460 |
do
|
|
|
f70460 |
modfile=`basename $mod | sed -e 's/.ko/.mod/'`
|
|
|
f70460 |
rm .tmp_versions/$modfile
|
|
|
f70460 |
done
|
|
|
f70460 |
|
|
|
9e37a5 |
if [ ! -n "$Dest" ]; then
|
|
|
9e37a5 |
sed -e "s|^.|${ModDir}|g" ${Dir}/dep2.list > $RpmDir/$ListName
|
|
|
9e37a5 |
echo "./$RpmDir/$ListName created."
|
|
|
9e37a5 |
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
|
|
|
9e37a5 |
foreachp check_blacklist < $List
|
|
|
9e37a5 |
fi
|
|
|
9e37a5 |
|
|
|
9e37a5 |
# avoid an empty kernel-extra package
|
|
|
9e37a5 |
echo "$ModDir/$OverrideDir" >> $RpmDir/$ListName
|
|
|
9e37a5 |
|
|
|
f70460 |
pushd $Dir
|
|
|
f70460 |
rm modnames dep.list dep2.list req.list req2.list
|
|
|
f70460 |
rm "$ListName" modules2.list modules3.list
|
|
|
f70460 |
popd
|