Add mod-internal package

Some of the downstream users want to package some modules for
internal use only. While Fedora isn't internal, it's still
useful to have packaging aligned. Add a few modules to this
package.
This commit is contained in:
Laura Abbott 2019-10-23 14:53:43 -04:00
parent 11fa12d6aa
commit 5648544aab
4 changed files with 138 additions and 29 deletions

View File

@ -525,6 +525,7 @@ Source15: merge.pl
Source16: mod-extra.list
Source17: mod-extra.sh
Source18: mod-sign.sh
Source19: mod-extra-blacklist.sh
Source90: filter-x86_64.sh
Source91: filter-armv7hl.sh
Source92: filter-i686.sh
@ -555,6 +556,8 @@ Source41: generate_debug_configs.sh
Source42: process_configs.sh
Source43: generate_bls_conf.sh
Source44: mod-internal.list
# This file is intentionally left empty in the stock kernel. Its a nicety
# added for those wanting to do custom rebuilds with altered config opts.
Source1000: kernel-local
@ -831,6 +834,27 @@ AutoReqProv: no\
This package provides *.ipa-clones files.\
%{nil}
#
# This macro creates a kernel-<subpackage>-modules-internal package.
# %%kernel_modules_internal_package <subpackage> <pretty-name>
#
%define kernel_modules_internal_package() \
%package %{?1:%{1}-}modules-internal\
Summary: Extra kernel modules to match the %{?2:%{2} }kernel\
Group: System Environment/Kernel\
Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}\
Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\
Provides: kernel%{?1:-%{1}}-modules-internal = %{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
%{nil}
#
# This macro creates a kernel-<subpackage>-modules-extra package.
# %%kernel_modules_extra_package <subpackage> <pretty-name>
@ -904,6 +928,7 @@ Obsoletes: kernel-bootwrapper\
%{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
%{expand:%%kernel_debuginfo_package %{?1:%{1}}}\
%{nil}
@ -1464,6 +1489,7 @@ BuildKernel() {
(cd $RPM_BUILD_ROOT/lib/modules/$KernelVer ; ln -s build source)
# dirs for additional modules per module-init-tools, kbuild/modules.txt
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/internal
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates
# first copy everything
@ -1686,6 +1712,10 @@ BuildKernel() {
# Call the modules-extra script to move things around
%{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16}
# Blacklist net autoloadable modules in modules-extra
%{SOURCE19} $RPM_BUILD_ROOT lib/modules/$KernelVer
# Call the modules-extra script for internal modules
%{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE44} internal
#
# Generate the kernel-core and kernel-modules files lists
@ -1699,7 +1729,7 @@ BuildKernel() {
cp -r lib/modules/$KernelVer/* restore/.
# don't include anything going into k-m-e in the file lists
rm -rf lib/modules/$KernelVer/extra
rm -rf lib/modules/$KernelVer/{extra,internal}
if [ $DoModules -eq 1 ]; then
@ -2067,6 +2097,20 @@ fi\
/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
%{nil}
#
# This macro defines a %%post script for a kernel*-modules-internal package.
# It also defines a %%postun script that does the same thing.
# %%kernel_modules_internal_post [<subpackage>]
#
%define kernel_modules_internal_post() \
%{expand:%%post %{?1:%{1}-}modules-internal}\
/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
%{nil}\
%{expand:%%postun %{?1:%{1}-}modules-internal}\
/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
%{nil}
#
# This macro defines a %%post script for a kernel*-modules package.
# It also defines a %%postun script that does the same thing.
@ -2102,6 +2146,7 @@ fi\
%{expand:%%kernel_devel_post %{?-v*}}\
%{expand:%%kernel_modules_post %{?-v*}}\
%{expand:%%kernel_modules_extra_post %{?-v*}}\
%{expand:%%kernel_modules_internal_post %{?-v*}}\
%{expand:%%kernel_variant_posttrans %{?-v*}}\
%{expand:%%post %{?-v*:%{-v*}-}core}\
%{-r:\
@ -2237,7 +2282,13 @@ fi
%defverify(not mtime)\
/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\
%{expand:%%files %{?3:%{3}-}modules-extra}\
%config(noreplace) /etc/modprobe.d/*-blacklist.conf\
/lib/modules/%{KVERREL}%{?3:+%{3}}/extra\
%%defattr(-,root,root)\
%defverify(not mtime)\
/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\
%{expand:%%files %{?3:%{3}-}modules-internal}\
/lib/modules/%{KVERREL}%{?3:+%{3}}/internal\
%if %{with_debuginfo}\
%ifnarch noarch\
%{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\

48
mod-extra-blacklist.sh Executable file
View File

@ -0,0 +1,48 @@
#!/bin/bash
buildroot="$1"
kernel_base="$2"
blacklist()
{
cat > "$buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
# This kernel module can be automatically loaded by non-root users. To
# enhance system security, the module is blacklisted by default to ensure
# system administrators make the module available for use as needed.
# See https://access.redhat.com/articles/3760101 for more details.
#
# Remove the blacklist by adding a comment # at the start of the line.
blacklist $1
__EOF__
}
check_blacklist()
{
if modinfo "$1" | grep -q '^alias:\s\+net-'; then
mod="${1##*/}"
mod="${mod%.ko*}"
echo "$mod has an alias that allows auto-loading. Blacklisting."
blacklist "$mod"
fi
}
foreachp()
{
P=$(nproc)
bgcount=0
while read mod; do
$1 "$mod" &
bgcount=$((bgcount + 1))
if [ $bgcount -eq $P ]; then
wait -n
bgcount=$((bgcount - 1))
fi
done
wait
}
[ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/"
find "$buildroot/$kernel_base/extra" -name "*.ko*" | \
foreachp check_blacklist

View File

@ -2,6 +2,10 @@
Dir=$1
List=$2
Dest="extra"
# Destination was specified on the command line
test -n "$3" && Dest="$3"
pushd $Dir
rm -rf modnames
@ -11,43 +15,45 @@ find . -name "*.ko" -type f > modnames
rm -rf dep.list dep2.list
rm -rf req.list req2.list
touch dep.list req.list
cp $2 .
cp "$List" .
for dep in `cat modnames`
do
depends=`modinfo $dep | grep depends| cut -f2 -d":" | sed -e 's/^[ \t]*//'`
[ -z "$depends" ] && continue;
for mod in `echo $depends | sed -e 's/,/ /g'`
# This variable needs to be exported because it is used in sub-script
# executed by xargs
export ListName=$(basename "$List")
# NB: this loop runs 2000+ iterations. Try to be fast.
NPROC=`nproc`
[ -z "$NPROC" ] && NPROC=1
cat modnames | xargs -r -n1 -P $NPROC sh -c '
dep=$1
depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
[ -z "$depends" ] && exit
for mod in ${depends//,/ }
do
match=`grep "^$mod.ko" mod-extra.list` ||:
if [ -z "$match" ]
then
continue
else
# check if the module we're looking at is in mod-extra too. if so
# we don't need to mark the dep as required
mod2=`basename $dep`
match2=`grep "^$mod2" mod-extra.list` ||:
match=$(grep "^$mod.ko" "$ListName")
[ -z "$match" ] && continue
# check if the module we are looking at is in mod-extra too.
# if so we do not need to mark the dep as required.
mod2=${dep##*/} # same as `basename $dep`, but faster
match2=$(grep "^$mod2" "$ListName")
if [ -n "$match2" ]
then
continue
#echo $mod2 >> notreq.list
else
continue
fi
echo $mod.ko >> req.list
fi
fi
done
done
' DUMMYARG0 # xargs appends MODNAME, which becomes $dep in the script above
sort -u req.list > req2.list
sort -u mod-extra.list > mod-extra2.list
join -v 1 mod-extra2.list req2.list > mod-extra3.list
sort -u "$ListName" > modules2.list
join -v 1 modules2.list req2.list > modules3.list
for mod in `cat mod-extra3.list`
for mod in $(cat modules3.list)
do
# get the path for the module
modpath=`grep /$mod modnames` ||:
[ -z "$modpath" ] && continue;
modpath=`grep /$mod modnames`
[ -z "$modpath" ] && continue
echo $modpath >> dep.list
done
@ -56,7 +62,7 @@ sort -u dep.list > dep2.list
# now move the modules into the extra/ directory
for mod in `cat dep2.list`
do
newpath=`dirname $mod | sed -e 's/kernel\//extra\//'`
newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
mkdir -p $newpath
mv $mod $newpath
done
@ -76,5 +82,5 @@ done
pushd $Dir
rm modnames dep.list dep2.list req.list req2.list
rm mod-extra.list mod-extra2.list mod-extra3.list
rm "$ListName" modules2.list modules3.list
popd

4
mod-internal.list Normal file
View File

@ -0,0 +1,4 @@
mac80211_hwsim
netdevsim
pktgen
rocker