diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..80d2368 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/kmod-25.tar.xz diff --git a/0001-depmod-prevent-module-dependency-files-missing-durin.patch b/0001-depmod-prevent-module-dependency-files-missing-durin.patch new file mode 100644 index 0000000..0f62724 --- /dev/null +++ b/0001-depmod-prevent-module-dependency-files-missing-durin.patch @@ -0,0 +1,33 @@ +From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 10 Dec 2018 22:29:32 +0100 +Subject: [PATCH 1/2] depmod: prevent module dependency files missing during + depmod invocation + +depmod deletes the module dependency files before moving the temporary +files in their place. This results in user seeing no dependency files +while they are updated. Remove the unlink call. The rename call should +suffice to move the new file in place and unlink the old one. It should +also do both atomically so there is no window when no dependency file +exists. + +Signed-off-by: Michal Suchanek +--- + tools/depmod.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/depmod.c b/tools/depmod.c +index 989d9077926c..18c0d61b2db3 100644 +--- a/tools/depmod.c ++++ b/tools/depmod.c +@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out) + break; + } + +- unlinkat(dfd, itr->name, 0); + if (renameat(dfd, tmp, dfd, itr->name) != 0) { + err = -errno; + CRIT("renameat(%s, %s, %s, %s): %m\n", +-- +2.33.0 + diff --git a/0002-depmod-prevent-module-dependency-files-corruption-du.patch b/0002-depmod-prevent-module-dependency-files-corruption-du.patch new file mode 100644 index 0000000..f2fa4db --- /dev/null +++ b/0002-depmod-prevent-module-dependency-files-corruption-du.patch @@ -0,0 +1,62 @@ +From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 17 Dec 2018 23:46:28 +0100 +Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to + parallel invocation. + +Depmod does not use unique filename for temporary files. There is no +guarantee the user does not attempt to run mutiple depmod processes in +parallel. If that happens a temporary file might be created by +depmod(1st), truncated by depmod(2nd), and renamed to final name by +depmod(1st) resulting in corrupted file seen by user. + +Due to missing mkstempat() this is more complex than it should be. +Adding PID and timestamp to the filename should be reasonably reliable. +Adding O_EXCL as mkstemp does fails creating the file rather than +corrupting existing file. + +Signed-off-by: Michal Suchanek +--- + tools/depmod.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tools/depmod.c b/tools/depmod.c +index 18c0d61b2db3..0f7e33ccfd59 100644 +--- a/tools/depmod.c ++++ b/tools/depmod.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out) + }; + const char *dname = depmod->cfg->dirname; + int dfd, err = 0; ++ struct timeval tv; ++ ++ gettimeofday(&tv, NULL); + + if (out != NULL) + dfd = -1; +@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out) + int r, ferr; + + if (fp == NULL) { +- int flags = O_CREAT | O_TRUNC | O_WRONLY; ++ int flags = O_CREAT | O_EXCL | O_WRONLY; + int mode = 0644; + int fd; + +- snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name); ++ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(), ++ tv.tv_usec, tv.tv_sec); + fd = openat(dfd, tmp, flags, mode); + if (fd < 0) { + ERR("openat(%s, %s, %o, %o): %m\n", +-- +2.33.0 + diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/depmod.conf.dist b/depmod.conf.dist new file mode 100644 index 0000000..8513288 --- /dev/null +++ b/depmod.conf.dist @@ -0,0 +1,6 @@ +# +# depmod.conf +# + +# override default search ordering for kmod packaging +search updates extra built-in weak-updates diff --git a/kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch b/kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch new file mode 100644 index 0000000..dec995e --- /dev/null +++ b/kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch @@ -0,0 +1,328 @@ +From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001 +From: Yauheni Kaliuta +Date: Fri, 1 Feb 2019 22:20:02 +0200 +Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl + +The patch adds data fetching from the PKCS#7 certificate using +openssl library (which is used by scripts/sign-file.c in the linux +kernel to sign modules). + +In general the certificate can contain many signatures, but since +kmod (modinfo) supports only one signature at the moment, only first +one is taken. + +With the current sign-file.c certificate doesn't contain signer +key's fingerprint, so "serial number" is used for the key id. + +Signed-off-by: Yauheni Kaliuta +--- + Makefile.am | 4 +- + configure.ac | 11 ++ + libkmod/libkmod-internal.h | 3 + + libkmod/libkmod-module.c | 3 + + libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++- + 5 files changed, 213 insertions(+), 5 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 1ab1db585316..de1026f8bd46 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -35,6 +35,8 @@ SED_PROCESS = \ + -e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \ + -e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \ + -e 's,@zlib_LIBS\@,${zlib_LIBS},g' \ ++ -e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \ ++ -e 's,@openssl_LIBS\@,${openssl_LIBS},g' \ + < $< > $@ || rm $@ + + %.pc: %.pc.in Makefile +@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \ + ${top_srcdir}/libkmod/libkmod.sym + libkmod_libkmod_la_LIBADD = \ + shared/libshared.la \ +- ${liblzma_LIBS} ${zlib_LIBS} ++ ${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS} + + noinst_LTLIBRARIES += libkmod/libkmod-internal.la + libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES) +diff --git a/configure.ac b/configure.ac +index fbc7391b2d1b..2e33380a0cc2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [ + ]) + CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB]) + ++AC_ARG_WITH([openssl], ++ AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]), ++ [], [with_openssl=no]) ++AS_IF([test "x$with_openssl" != "xno"], [ ++ PKG_CHECK_MODULES([openssl], [openssl]) ++ AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.]) ++], [ ++ AC_MSG_NOTICE([openssl support not requested]) ++]) ++CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL]) ++ + AC_ARG_WITH([bashcompletiondir], + AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]), + [], +diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h +index 346579c71aab..a65ddd156f18 100644 +--- a/libkmod/libkmod-internal.h ++++ b/libkmod/libkmod-internal.h +@@ -188,5 +188,8 @@ struct kmod_signature_info { + const char *algo, *hash_algo, *id_type; + const char *sig; + size_t sig_len; ++ void (*free)(void *); ++ void *private; + }; + bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2))); ++void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull)); +diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c +index 889f26479a98..bffe715cdef4 100644 +--- a/libkmod/libkmod-module.c ++++ b/libkmod/libkmod-module.c +@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ + ret = count; + + list_error: ++ /* aux structures freed in normal case also */ ++ kmod_module_signature_info_free(&sig_info); ++ + if (ret < 0) { + kmod_module_info_free_list(*list); + *list = NULL; +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 429ffbd8a957..48d0145a7552 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -19,6 +19,10 @@ + + #include + #include ++#ifdef ENABLE_OPENSSL ++#include ++#include ++#endif + #include + #include + #include +@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size, + return true; + } + +-static bool fill_unknown(const char *mem, off_t size, +- const struct module_signature *modsig, size_t sig_len, +- struct kmod_signature_info *sig_info) ++#ifdef ENABLE_OPENSSL ++ ++struct pkcs7_private { ++ CMS_ContentInfo *cms; ++ unsigned char *key_id; ++ BIGNUM *sno; ++}; ++ ++static void pkcs7_free(void *s) ++{ ++ struct kmod_signature_info *si = s; ++ struct pkcs7_private *pvt = si->private; ++ ++ CMS_ContentInfo_free(pvt->cms); ++ BN_free(pvt->sno); ++ free(pvt->key_id); ++ free(pvt); ++ si->private = NULL; ++} ++ ++static int obj_to_hash_algo(const ASN1_OBJECT *o) ++{ ++ int nid; ++ ++ nid = OBJ_obj2nid(o); ++ switch (nid) { ++ case NID_md4: ++ return PKEY_HASH_MD4; ++ case NID_md5: ++ return PKEY_HASH_MD5; ++ case NID_sha1: ++ return PKEY_HASH_SHA1; ++ case NID_ripemd160: ++ return PKEY_HASH_RIPE_MD_160; ++ case NID_sha256: ++ return PKEY_HASH_SHA256; ++ case NID_sha384: ++ return PKEY_HASH_SHA384; ++ case NID_sha512: ++ return PKEY_HASH_SHA512; ++ case NID_sha224: ++ return PKEY_HASH_SHA224; ++ default: ++ return -1; ++ } ++ return -1; ++} ++ ++static const char *x509_name_to_str(X509_NAME *name) ++{ ++ int i; ++ X509_NAME_ENTRY *e; ++ ASN1_STRING *d; ++ ASN1_OBJECT *o; ++ int nid = -1; ++ const char *str; ++ ++ for (i = 0; i < X509_NAME_entry_count(name); i++) { ++ e = X509_NAME_get_entry(name, i); ++ o = X509_NAME_ENTRY_get_object(e); ++ nid = OBJ_obj2nid(o); ++ if (nid == NID_commonName) ++ break; ++ } ++ if (nid == -1) ++ return NULL; ++ ++ d = X509_NAME_ENTRY_get_data(e); ++ str = (const char *)ASN1_STRING_get0_data(d); ++ ++ return str; ++} ++ ++static bool fill_pkcs7(const char *mem, off_t size, ++ const struct module_signature *modsig, size_t sig_len, ++ struct kmod_signature_info *sig_info) ++{ ++ const char *pkcs7_raw; ++ CMS_ContentInfo *cms; ++ STACK_OF(CMS_SignerInfo) *sis; ++ CMS_SignerInfo *si; ++ int rc; ++ ASN1_OCTET_STRING *key_id; ++ X509_NAME *issuer; ++ ASN1_INTEGER *sno; ++ ASN1_OCTET_STRING *sig; ++ BIGNUM *sno_bn; ++ X509_ALGOR *dig_alg; ++ X509_ALGOR *sig_alg; ++ const ASN1_OBJECT *o; ++ BIO *in; ++ int len; ++ unsigned char *key_id_str; ++ struct pkcs7_private *pvt; ++ const char *issuer_str; ++ ++ size -= sig_len; ++ pkcs7_raw = mem + size; ++ ++ in = BIO_new_mem_buf(pkcs7_raw, sig_len); ++ ++ cms = d2i_CMS_bio(in, NULL); ++ if (cms == NULL) { ++ BIO_free(in); ++ return false; ++ } ++ ++ BIO_free(in); ++ ++ sis = CMS_get0_SignerInfos(cms); ++ if (sis == NULL) ++ goto err; ++ ++ si = sk_CMS_SignerInfo_value(sis, 0); ++ if (si == NULL) ++ goto err; ++ ++ rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno); ++ if (rc == 0) ++ goto err; ++ ++ sig = CMS_SignerInfo_get0_signature(si); ++ if (sig == NULL) ++ goto err; ++ ++ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg); ++ ++ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig); ++ sig_info->sig_len = ASN1_STRING_length(sig); ++ ++ sno_bn = ASN1_INTEGER_to_BN(sno, NULL); ++ if (sno_bn == NULL) ++ goto err; ++ ++ len = BN_num_bytes(sno_bn); ++ key_id_str = malloc(len); ++ if (key_id_str == NULL) ++ goto err2; ++ BN_bn2bin(sno_bn, key_id_str); ++ ++ sig_info->key_id = (const char *)key_id_str; ++ sig_info->key_id_len = len; ++ ++ issuer_str = x509_name_to_str(issuer); ++ if (issuer_str != NULL) { ++ sig_info->signer = issuer_str; ++ sig_info->signer_len = strlen(issuer_str); ++ } ++ ++ X509_ALGOR_get0(&o, NULL, NULL, dig_alg); ++ ++ sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)]; ++ sig_info->id_type = pkey_id_type[modsig->id_type]; ++ ++ pvt = malloc(sizeof(*pvt)); ++ if (pvt == NULL) ++ goto err3; ++ ++ pvt->cms = cms; ++ pvt->key_id = key_id_str; ++ pvt->sno = sno_bn; ++ sig_info->private = pvt; ++ ++ sig_info->free = pkcs7_free; ++ ++ return true; ++err3: ++ free(key_id_str); ++err2: ++ BN_free(sno_bn); ++err: ++ CMS_ContentInfo_free(cms); ++ return false; ++} ++ ++#else /* ENABLE OPENSSL */ ++ ++static bool fill_pkcs7(const char *mem, off_t size, ++ const struct module_signature *modsig, size_t sig_len, ++ struct kmod_signature_info *sig_info) + { + sig_info->hash_algo = "unknown"; + sig_info->id_type = pkey_id_type[modsig->id_type]; + return true; + } + ++#endif /* ENABLE OPENSSL */ ++ + #define SIG_MAGIC "~Module signature appended~\n" + + /* +@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat + + switch (modsig->id_type) { + case PKEY_ID_PKCS7: +- return fill_unknown(mem, size, modsig, sig_len, sig_info); ++ return fill_pkcs7(mem, size, modsig, sig_len, sig_info); + default: + return fill_default(mem, size, modsig, sig_len, sig_info); + } + } ++ ++void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) ++{ ++ if (sig_info->free) ++ sig_info->free(sig_info); ++} +-- +2.20.1 + diff --git a/kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch b/kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch new file mode 100644 index 0000000..69c1bd5 --- /dev/null +++ b/kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch @@ -0,0 +1,83 @@ +From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001 +From: Yauheni Kaliuta +Date: Thu, 31 Oct 2019 20:12:53 +0200 +Subject: [PATCH] modprobe: ignore builtin module on recursive removing + +If there are built-in dependencies and any of them is built-in in +the kernel, modprobe -r fails with + +modprobe: FATAL: Module module_name is builtin. + +It makes sense to ignore such dependencies for the case when +removing is called for non-top level module. + +Example: cifs module, it declares bunch of softdeps and the first +one fails on some kernel configs: + +modprobe: FATAL: Module gcm is builtin. + +Signed-off-by: Yauheni Kaliuta +--- + tools/modprobe.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/tools/modprobe.c b/tools/modprobe.c +index a9e2331567af..44cd15c2bf57 100644 +--- a/tools/modprobe.c ++++ b/tools/modprobe.c +@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod) + return err; + } + +-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies); ++static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies, ++ bool ignore_builtin); + + static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors) + { +@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors) + + kmod_list_foreach_reverse(l, list) { + struct kmod_module *m = kmod_module_get_module(l); +- int r = rmmod_do_module(m, false); ++ int r = rmmod_do_module(m, false, true); + kmod_module_unref(m); + + if (r < 0 && stop_on_errors) +@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors) + return 0; + } + +-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies) ++static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies, ++ bool ignore_builtin) + { + const char *modname = kmod_module_get_name(mod); + struct kmod_list *pre = NULL, *post = NULL; +@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies) + } + goto error; + } else if (state == KMOD_MODULE_BUILTIN) { +- LOG("Module %s is builtin.\n", modname); +- err = -ENOENT; ++ if (ignore_builtin) { ++ err = 0; ++ } else { ++ LOG("Module %s is builtin.\n", modname); ++ err = -ENOENT; ++ } + goto error; + } + } +@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias) + + kmod_list_foreach(l, list) { + struct kmod_module *mod = kmod_module_get_module(l); +- err = rmmod_do_module(mod, true); ++ err = rmmod_do_module(mod, true, false); + kmod_module_unref(mod); + if (err < 0) + break; +-- +2.24.0 + diff --git a/kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch b/kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch new file mode 100644 index 0000000..03d62d5 --- /dev/null +++ b/kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch @@ -0,0 +1,116 @@ +From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001 +From: Yauheni Kaliuta +Date: Fri, 16 Nov 2018 10:56:34 +0200 +Subject: [PATCH] signature: do not report wrong data for pkc#7 signature + +when PKC#7 signing method is used the old structure doesn't contain +any useful data, but the data are encoded in the certificate. + +The info getting/showing code is not aware of that at the moment and +since 0 is a valid constant, shows, for example, wrong "md4" for the +hash algo. + +The patch splits the 2 mothods of gethering the info and reports +"unknown" for the algo. + +Signed-off-by: Yauheni Kaliuta +--- + libkmod/libkmod-module.c | 2 +- + libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------ + 2 files changed, 39 insertions(+), 19 deletions(-) + +diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c +index ee420f4ec2bf..889f26479a98 100644 +--- a/libkmod/libkmod-module.c ++++ b/libkmod/libkmod-module.c +@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ + struct kmod_elf *elf; + char **strings; + int i, count, ret = -ENOMEM; +- struct kmod_signature_info sig_info; ++ struct kmod_signature_info sig_info = {}; + + if (mod == NULL || list == NULL) + return -ENOENT; +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 1f3e26dea203..429ffbd8a957 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -92,6 +92,38 @@ struct module_signature { + uint32_t sig_len; /* Length of signature data (big endian) */ + }; + ++static bool fill_default(const char *mem, off_t size, ++ const struct module_signature *modsig, size_t sig_len, ++ struct kmod_signature_info *sig_info) ++{ ++ size -= sig_len; ++ sig_info->sig = mem + size; ++ sig_info->sig_len = sig_len; ++ ++ size -= modsig->key_id_len; ++ sig_info->key_id = mem + size; ++ sig_info->key_id_len = modsig->key_id_len; ++ ++ size -= modsig->signer_len; ++ sig_info->signer = mem + size; ++ sig_info->signer_len = modsig->signer_len; ++ ++ sig_info->algo = pkey_algo[modsig->algo]; ++ sig_info->hash_algo = pkey_hash_algo[modsig->hash]; ++ sig_info->id_type = pkey_id_type[modsig->id_type]; ++ ++ return true; ++} ++ ++static bool fill_unknown(const char *mem, off_t size, ++ const struct module_signature *modsig, size_t sig_len, ++ struct kmod_signature_info *sig_info) ++{ ++ sig_info->hash_algo = "unknown"; ++ sig_info->id_type = pkey_id_type[modsig->id_type]; ++ return true; ++} ++ + #define SIG_MAGIC "~Module signature appended~\n" + + /* +@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat + const struct module_signature *modsig; + size_t sig_len; + +- + size = kmod_file_get_size(file); + mem = kmod_file_get_contents(file); + if (size < (off_t)strlen(SIG_MAGIC)) +@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat + size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len)) + return false; + +- size -= sig_len; +- sig_info->sig = mem + size; +- sig_info->sig_len = sig_len; +- +- size -= modsig->key_id_len; +- sig_info->key_id = mem + size; +- sig_info->key_id_len = modsig->key_id_len; +- +- size -= modsig->signer_len; +- sig_info->signer = mem + size; +- sig_info->signer_len = modsig->signer_len; +- +- sig_info->algo = pkey_algo[modsig->algo]; +- sig_info->hash_algo = pkey_hash_algo[modsig->hash]; +- sig_info->id_type = pkey_id_type[modsig->id_type]; +- +- return true; ++ switch (modsig->id_type) { ++ case PKEY_ID_PKCS7: ++ return fill_unknown(mem, size, modsig, sig_len, sig_info); ++ default: ++ return fill_default(mem, size, modsig, sig_len, sig_info); ++ } + } +-- +2.20.1 + diff --git a/kmod.spec b/kmod.spec new file mode 100644 index 0000000..c016f42 --- /dev/null +++ b/kmod.spec @@ -0,0 +1,385 @@ +Name: kmod +Version: 25 +Release: 19%{?dist} +Summary: Linux kernel module management utilities + +Group: System Environment/Kernel +License: GPLv2+ +URL: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary +Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz +Source1: weak-modules +Source2: depmod.conf.dist +Exclusiveos: Linux + +Patch01: kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch +Patch02: kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch +Patch03: kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch +Patch04: 0001-depmod-prevent-module-dependency-files-missing-durin.patch +Patch05: 0002-depmod-prevent-module-dependency-files-corruption-du.patch + +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +BuildRequires: chrpath +BuildRequires: zlib-devel +BuildRequires: xz-devel +BuildRequires: libxslt +BuildRequires: openssl-devel +# Remove it as soon as no need for Patch02 anymore (Makefile.am updated) +BuildRequires: automake autoconf libtool + +Provides: module-init-tools = 4.0-1 +Obsoletes: module-init-tools < 4.0-1 +Provides: /sbin/modprobe + +%description +The kmod package provides various programs needed for automatic +loading and unloading of modules under 2.6, 3.x, and later kernels, as well +as other module management programs. Device drivers and filesystems are two +examples of loaded and unloaded modules. + +%package libs +Summary: Libraries to handle kernel module loading and unloading +License: LGPLv2+ +Group: System Environment/Libraries + +%description libs +The kmod-libs package provides runtime libraries for any application that +wishes to load or unload Linux kernel modules from the running system. + +%package devel +Summary: Header files for kmod development +Group: Development/Libraries +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +The kmod-devel package provides header files used for development of +applications that wish to load or unload Linux kernel modules. + +%prep +%setup -q +%patch01 -p1 +%patch02 -p1 +%patch03 -p1 +%patch04 -p1 +%patch05 -p1 + +%build +export V=1 +aclocal +autoreconf --install --symlink +%configure \ + --with-zlib \ + --with-xz \ + --with-openssl +make %{?_smp_mflags} + +%install +make install DESTDIR=$RPM_BUILD_ROOT +pushd $RPM_BUILD_ROOT/%{_mandir}/man5 +ln -s modprobe.d.5.gz modprobe.conf.5.gz +popd + +rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe +ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo +ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/insmod +ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/rmmod +ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/depmod +ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/lsmod + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d +mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d + +mkdir -p $RPM_BUILD_ROOT/sbin +install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules +install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +%dir %{_sysconfdir}/depmod.d +%dir %{_sysconfdir}/modprobe.d +%dir %{_prefix}/lib/modprobe.d +%{_bindir}/kmod +%{_sbindir}/modprobe +%{_sbindir}/modinfo +%{_sbindir}/insmod +%{_sbindir}/rmmod +%{_sbindir}/lsmod +%{_sbindir}/depmod +%{_sbindir}/weak-modules +%{_datadir}/bash-completion/ +%{_sysconfdir}/depmod.d/dist.conf +%attr(0644,root,root) %{_mandir}/man5/*.5* +%attr(0644,root,root) %{_mandir}/man8/*.8* +%doc NEWS README TODO + +%files libs +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_libdir}/libkmod.so.* + +%files devel +%{_includedir}/libkmod.h +%{_libdir}/pkgconfig/libkmod.pc +%{_libdir}/libkmod.so + +%changelog +* Mon Nov 29 2021 Yauheni Kaliuta - 25-19 +- depmod: fix parallel execution issues + Resolves: rhbz#2026938 + +* Fri Apr 16 2021 Yauheni Kaliuta - 25-18 +- weak-modules: do not require dracut wneh using --no-initramfs + Resolves: rhbz#1935416 + +* Fri Dec 18 2020 Yauheni Kaliuta - 25-17 +- weak-modules: reset compatible_modules if configuration is not valid + Resolves: rhbz#1907855 + +* Mon Dec 9 2019 Yauheni Kaliuta - 25-16 +- weak-modules: update_modules_for_krel: always finish sandbox +- weak-modules: groupping: use dependencies of extra/ provider + Resolves: rhbz#1778889 + +* Mon Dec 9 2019 Yauheni Kaliuta - 25-15 +- weak-modules: reverse checking order for add-kernel + Resolves: rhbz#1755196 + +* Mon Dec 2 2019 Yauheni Kaliuta - 25-14 +- modprobe: do not fail on built-in modules + Resolves: rhbz#1767513 + +* Tue Apr 16 2019 Yauheni Kaliuta - 25-13 +- weak-modules: handle independent modules in one run + Resolves: rhbz#1695763 + +* Tue Apr 2 2019 Yauheni Kaliuta - 25-12 +- weak-modules: use asterisk for kernel version in sandbox + Resolves: rhbz#1689052 + +* Tue Feb 5 2019 Yauheni Kaliuta - 25-11 +- add PKCS7/openssl support. + Resolves: rhbz#1668459. + +* Tue Dec 11 2018 Yauheni Kaliuta - 25-10 +- weak-modules: group modules on add-kernel +- weak-modules: do not make groups if there are no extra modules + Resolves: rhbz#1649211 + +* Tue Oct 2 2018 Yauheni Kaliuta - 25-9 +- Rebuild with updated flags. + Resolves: rhbz#1630574. + +* Tue Sep 4 2018 Yauheni Kaliuta - 25-8 +- weak-modules: fix initial state creation for dry-run +- weak-modules: check compatibility in a temporary directory + Resolves: rhbz#1622990. + +* Tue Aug 28 2018 Yauheni Kaliuta - 25-7 +- weak-modules: use is_kernel_installed wrapper in update_modules_for_krel. +- weak-modules: more abstract symvers search implementation. +- weak-modules: use additional paths for System.map file. + Resolves: rhbz#1621306. + +* Thu Aug 09 2018 Eugene Syromiatnikov - 25-6 +- weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible + symvers file path. + Resolves: rhbz#1614119. + +* Mon Jul 30 2018 Yauheni Kaliuta - 25-5 +- weak-modules: handle versions with + and other special regex symbols +- weak-modules: fix misleading message when cannot find dracut. + Resolves: rhbz#1609372. + +* Fri Jul 27 2018 Yauheni Kaliuta - 25-4 +- fix dracut path, /usr/bin/dracut + +* Wed Jul 25 2018 Yauheni Kaliuta - 25-3 +- Add depmod.d/dist.conf. +- Update weak-modules to RHEL version. + +* Wed Feb 07 2018 Fedora Release Engineering - 25-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 09 2018 Josh Boyer - 25-1 +- Update to version 25 (rhbz 1532597) + +* Thu Aug 03 2017 Fedora Release Engineering - 24-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 24-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 24 2017 Josh Boyer - 24-1 +- Update to version 24 (rhbz 1426589) + +* Fri Feb 10 2017 Fedora Release Engineering - 23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jul 22 2016 Josh Boyer - 23-1 +- Update to version 23 + +* Thu Feb 25 2016 Peter Robinson 22-4 +- Add powerpc patch to fix ToC on 4.5 ppc64le kernel + +* Thu Feb 04 2016 Fedora Release Engineering - 22-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jan 07 2016 Josh Boyer - 22-2 +- Fix path to dracut in weak-modules (rhbz 1295038) + +* Wed Nov 18 2015 Josh Boyer - 22-1 +- Update to version 22 + +* Wed Jun 17 2015 Fedora Release Engineering - 21-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 15 2015 Ville Skyttä - 21-2 +- Own bash completion dirs not owned by anything in dep chain + +* Tue Jun 09 2015 Josh Boyer - 21-1 +- Update to verion 21 + +* Mon Mar 02 2015 Josh Boyer - 20.1 +- Update to version 20 + +* Sat Feb 21 2015 Till Maas - 19-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Sun Nov 16 2014 Josh Boyer - 19-1 +- Update to version 19 + +* Wed Oct 29 2014 Josh Boyer - 18-4 +- Backport patch to fix device node permissions (rhbz 1147248) + +* Sun Aug 17 2014 Fedora Release Engineering - 18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jul 12 2014 Tom Callaway - 18-2 +- fix license handling + +* Tue Jun 24 2014 Josh Boyer - 18-1 +- Update to version 18 + +* Sun Jun 08 2014 Fedora Release Engineering - 17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 09 2014 Josh Boyer - 17-1 +- Update to version 17 + +* Thu Jan 02 2014 Václav Pavlín - 16-1 +- Update to version 16 + +* Thu Aug 22 2013 Josh Boyer - 15-1 +- Update to version 15 + +* Sat Aug 03 2013 Fedora Release Engineering - 14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Jul 05 2013 Josh Boyer - 14-1 +- Update to version 14 + +* Fri Apr 19 2013 Václav Pavlín - 13-2 +- Main package should require -libs + +* Wed Apr 10 2013 Josh Boyer - 13-1 +- Update to version 13 + +* Wed Mar 20 2013 Weiping Pan - 12-3 +- Pull in weak-modules for kABI from Jon Masters + +* Mon Mar 18 2013 Josh Boyer +- Add patch to make rmmod understand built-in modules (rhbz 922187) + +* Thu Feb 14 2013 Fedora Release Engineering - 12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Dec 06 2012 Josh Boyer +- Update to version 12 + +* Thu Nov 08 2012 Josh Boyer +- Update to version 11 + +* Fri Sep 07 2012 Josh Boyer +- Update to version 10 + +* Mon Aug 27 2012 Josh Boyer +- Update to version 9 + +* Thu Jul 19 2012 Fedora Release Engineering - 8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed May 23 2012 Josh Boyer - 8-2 +- Provide modprobe.conf(5) (rhbz 824552) + +* Tue May 08 2012 Josh Boyer - 8-1 +- Update to version 8 + +* Mon Mar 19 2012 Kay Sievers - 7-1 +- update to version 7 + - fix issue with --show-depends, where built-in + modules of the running kernel fail to include + loadable modules of the kernel specified + +* Sun Mar 04 2012 Kay Sievers - 6-1 +- update to version 6 +- remove all patches, they are included in the release + +* Fri Feb 24 2012 Kay Sievers - 5-8 +- try to address brc#771285 + +* Sun Feb 12 2012 Kay Sievers - 5-7 +- fix infinite loop with softdeps + +* Thu Feb 09 2012 Harald Hoyer 5-6 +- add upstream patch to fix "modprobe --ignore-install --show-depends" + otherwise dracut misses a lot of modules, which are already loaded + +* Wed Feb 08 2012 Harald Hoyer 5-5 +- add "lsmod" + +* Tue Feb 7 2012 Kay Sievers - 5-4 +- remove temporarily added fake-provides + +* Tue Feb 7 2012 Kay Sievers - 5-3 +- temporarily add fake-provides to be able to bootstrap + the new udev which pulls the old udev into the buildroot + +* Tue Feb 7 2012 Kay Sievers - 5-1 +- Update to version 5 +- replace the module-init-tools package and provide all tools + as compatibility symlinks + +* Mon Jan 16 2012 Kay Sievers - 4-1 +- Update to version 4 +- set --with-rootprefix= +- enable zlib and xz support + +* Thu Jan 05 2012 Jon Masters - 3-1 +- Update to latest upstream (adds new depmod replacement utility) +- For the moment, use the "kmod" utility to test the various functions + +* Fri Dec 23 2011 Jon Masters - 2-6 +- Update kmod-2-with-rootlibdir patch with rebuild automake files + +* Fri Dec 23 2011 Jon Masters - 2-5 +- Initial build for Fedora following package import + +* Thu Dec 22 2011 Jon Masters - 2-4 +- There is no generic macro for non-multilib "/lib", hardcode like others + +* Thu Dec 22 2011 Jon Masters - 2-3 +- Update package incorporating fixes from initial review feedback +- Cleaups to SPEC, rpath, documentation, library and binary locations + +* Thu Dec 22 2011 Jon Masters - 2-2 +- Update package for posting to wider test audience (initial review submitted) + +* Thu Dec 22 2011 Jon Masters - 2-1 +- Initial Fedora package for module-init-tools replacement (kmod) library diff --git a/sources b/sources new file mode 100644 index 0000000..994a620 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (kmod-25.tar.xz) = d579cd0cea24a06362a74927b7a3c777e9e01c990306e1032e4781cd441ffe435c70f2c2c4f6ae39eb1d857e622746411d5824d0c0d8bb79f91dc9fa51956252 diff --git a/weak-modules b/weak-modules new file mode 100644 index 0000000..2b16275 --- /dev/null +++ b/weak-modules @@ -0,0 +1,1200 @@ +#!/bin/bash +# +# weak-modules - determine which modules are kABI compatible with installed +# kernels and set up the symlinks in /lib/*/weak-updates. +# +unset LANG LC_ALL LC_COLLATE + +tmpdir=$(mktemp -td ${0##*/}.XXXXXX) +trap "rm -rf $tmpdir" EXIT +unset ${!changed_modules_*} ${!changed_initramfs_*} + +unset BASEDIR +unset CHECK_INITRAMFS +weak_updates_dir_override="" +default_initramfs_prefix="/boot" # will be combined with BASEDIR +dracut="/usr/bin/dracut" +depmod="/sbin/depmod" +depmod_orig="$depmod" +declare -a modules +declare -A module_krels +declare -A weak_modules_before + +declare -A groups +declare -A grouped_modules + +# output of validate_weak_links, one iteration +# short_name -> path +declare -A compatible_modules + +# state for update_modules_for_krel (needed for add_kernel case) +# short_name -> path +declare -A installed_modules + +# doit: +# A wrapper used whenever we're going to perform a real operation. +doit() { + [ -n "$verbose" ] && echo "$@" + [ -n "$dry_run" ] || "$@" +} + +# pr_verbose: +# print verbose -- wrapper used to print extra messages if required +pr_verbose() { + [ -n "$verbose" ] && echo "$@" +} + +# pr_warning: +# print warning +pr_warning() { + echo "WARNING: $*" +} + +# rpmsort: The sort in coreutils can't sort the RPM list how we want it so we +# instead transform the list into a form it will sort correctly, then sort. +rpmsort() { + local IFS=$' ' + REVERSE="" + rpmlist=($(cat)) + + if [ "-r" == "$1" ]; + then + REVERSE="-r" + fi + + echo ${rpmlist[@]} | \ + sed -e 's/-/../g' | \ + sort ${REVERSE} -n -t"." -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -k7,7 \ + -k8,8 -k9,9 -k10,10 | \ + sed -e 's/\.\./-/g' +} + +# krel_of_module: +# Compute the kernel release of a module. +krel_of_module() { + local module="$1" + + if [ x"${module_krels[$module]+set}" = x"set" ]; then + # version cached in the array already + echo "${module_krels[$module]}" + elif [ -f "$module" ]; then + krel_of_module_modinfo "$module" + else + # Try to extract the kernel release from the path + # delete case, the .ko already deleted + set -- "${module#*/lib/modules/}" + echo "${1%%/*}" + fi +} + +# krel_of_module_modinfo: +# Fetches module version from internal module info +krel_of_module_modinfo() { + local module="$1" + /sbin/modinfo -F vermagic "$module" | awk '{print $1}' +} + +# weak_updates_dir: +# gives the root directory for the weak-updates +# We need some flexibility here because of dry-run. +weak_updates_dir() { + local krel="$1" + + if [[ -z "$weak_updates_dir_override" ]]; then + echo "$BASEDIR/lib/modules/$krel/weak-updates" + else + echo "$weak_updates_dir_override" + fi +} + +# read_modules_list: +# Read in a list of modules from standard input. Convert the filenames into +# absolute paths and compute the kernel release for each module (either using +# the modinfo section or through the absolute path. +# If used with input redirect, should be used as read_module_list < input, +# not input | read_modules_list, the latter spawns a subshell +# and the arrays are not seen in the caller +read_modules_list() { + local IFS=$'\n' + modules=($(cat)) + + for ((n = 0; n < ${#modules[@]}; n++)); do + if [ ${modules[n]:0:1} != '/' ]; then + modules[n]="$PWD/${modules[n]}" + fi + module_krels["${modules[n]}"]=$(krel_of_module ${modules[n]}) + done +} + +decompress_initramfs() { + local input=$1 + local output=$2 + + # First, check if this is compressed at all + if cpio -i -t < "$input" > /dev/null 2>/dev/null; then + # If this archive contains a file early_cpio, it's a trick. Strip off + # the early cpio archive and try again. + if cpio -i -t < "$input" 2>/dev/null | grep -q '^early_cpio$' ; then + /usr/lib/dracut/skipcpio "$input" > "${tmpdir}/post_early_cpio.img" + decompress_initramfs "${tmpdir}/post_early_cpio.img" "$output" + retval="$?" + rm -f "${tmpdir}/post_early_cpio.img" + return $retval + fi + + cp "$input" "$output" + return 0 + fi + + # Try gzip + if gzip -cd < "$input" > "$output" 2>/dev/null ; then + return 0 + fi + + # Next try xz + if xz -cd < "$input" > "$output" 2>/dev/null ; then + return 0 + fi + + echo "Unable to decompress $input: Unknown format" >&2 + return 1 +} + +# List all module files and modprobe configuration that could require a new +# initramfs. The current directory must be the root of the uncompressed +# initramfs. The unsorted list of files is output to stdout. +list_module_files() { + find . -iname \*.ko -o -iname '*.ko.xz' -o -iname '*.ko.gz' 2>/dev/null + find etc/modprobe.d usr/lib/modprobe.d -name \*.conf 2>/dev/null +} + +# read_old_initramfs: +compare_initramfs_modules() { + local old_initramfs=$1 + local new_initramfs=$2 + + rm -rf "$tmpdir/old_initramfs" + rm -rf "$tmpdir/new_initramfs" + mkdir "$tmpdir/old_initramfs" + mkdir "$tmpdir/new_initramfs" + + decompress_initramfs "$old_initramfs" "$tmpdir/old_initramfs.img" + pushd "$tmpdir/old_initramfs" >/dev/null + cpio -i < "$tmpdir/old_initramfs.img" 2>/dev/null + rm "$tmpdir/old_initramfs.img" + n=0; for i in `list_module_files|sort`; do + old_initramfs_modules[n]="$i" + n=$((n+1)) + done + popd >/dev/null + + decompress_initramfs "$new_initramfs" "$tmpdir/new_initramfs.img" + pushd "$tmpdir/new_initramfs" >/dev/null + cpio -i < "$tmpdir/new_initramfs.img" 2>/dev/null + rm "$tmpdir/new_initramfs.img" + n=0; for i in `list_module_files|sort`; do + new_initramfs_modules[n]="$i" + n=$((n+1)) + done + popd >/dev/null + + # Compare the length and contents of the arrays + if [ "${#old_initramfs_modules[@]}" == "${#new_initramfs_modules[@]}" -a \ + "${old_initramfs_modules[*]}" == "${new_initramfs_modules[*]}" ]; + then + # If the file lists are the same, compare each file to find any that changed + for ((n = 0; n < ${#old_initramfs_modules[@]}; n++)); do + if ! cmp "$tmpdir/old_initramfs/${old_initramfs_modules[n]}" \ + "$tmpdir/new_initramfs/${new_initramfs_modules[n]}" \ + >/dev/null 2>&1 + then + return 1 + fi + done + else + return 1 + fi + + return 0 +} + +# check_initramfs: +# check and possibly also update the initramfs for changed kernels +check_initramfs() { + local kernel=$1 + + # If there is no initramfs already we will not make one here. + if [ -e "$initramfs_prefix/initramfs-$kernel.img" ]; + then + old_initramfs="$initramfs_prefix/initramfs-$kernel.img" + tmp_initramfs="$initramfs_prefix/initramfs-$kernel.tmp" + new_initramfs="$initramfs_prefix/initramfs-$kernel.img" + + $dracut -f "$tmp_initramfs" "$kernel" + + if ! compare_initramfs_modules "$old_initramfs" "$tmp_initramfs"; + then + doit mv "$tmp_initramfs" "$new_initramfs" + else + rm -f "$tmp_initramfs" + fi + fi +} + +usage() { + echo "Usage: ${0##*/} [options] {--add-modules|--remove-modules}" + echo "${0##*/} [options] {--add-kernel|--remove-kernel} {kernel-release}" + cat <<'EOF' +--add-modules + Add a list of modules read from standard input. Create + symlinks in compatible kernel's weak-updates/ directory. + The list of modules is read from standard input. + +--remove-modules + Remove compatibility symlinks from weak-updates/ directories + for a list of modules. The list of modules is read from + standard input. Note: it doesn't attempt to locate any + compatible modules to replace those being removed. + +--add-kernel + Add compatibility symlinks for all compatible modules to the + specified or running kernel. + +--remove-kernel + Remove all compatibility symlinks for the specified or current + kernel. + +--no-initramfs + Do not generate an initramfs. + +--verbose + Print the commands executed. + +--dry-run + Do not create/remove any files. +EOF + exit $1 +} + +# module_has_changed: +# Mark if an actual change occured that we need to deal with later by calling +# depmod or mkinitramfs against the affected kernel. +module_has_changed() { + + declare module=$1 krel=$2 + declare orig_module=$module + + module=${module%.ko} + [[ $module == $orig_module ]] && module=${module%.ko.xz} + [[ $module == $orig_module ]] && module=${module%.ko.gz} + module=${module##*/} + + eval "changed_modules_${krel//[^a-zA-Z0-9]/_}=$krel" + eval "changed_initramfs_${krel//[^a-zA-Z0-9]/_}=$krel" + +} + +# module_weak_link: +# Generate a weak link path for the module. +# Takes module file name and the target kernel release as arguments +# The way of generation intentionally left from the initial version +module_weak_link() { + local module="$1" + local krel="$2" + local module_krel + local subpath + local module_krel_escaped + + module_krel="$(krel_of_module "$module")" + module_krel_escaped=$(echo "$module_krel" | \ + sed 's/\([.+?^$\/\\|()\[]\|\]\)/\\\0/g') + subpath=$(echo $module | sed -nre "s:$BASEDIR(/usr)?/lib/modules/$module_krel_escaped/([^/]*)/(.*):\3:p") + + if [[ -z $subpath ]]; then + # module is not in /lib/modules/$krel? + # It's possible for example for Oracle ACFS compatibility check + # Install it with its full path as a /lib/modules subpath + subpath="$module" + fi + + echo "$(weak_updates_dir $krel)/${subpath#/}" +} + +# module_short_name: +# 'basename' version purely in bash, cuts off path from the filename +module_short_name() { + echo "${1##*/}" +} + +#### Helper predicates + +# is_weak_for_module_valid: +# Takes real module filename and target kernel as arguments. +# Calculates weak symlink filename for the corresponding module +# for the target kernel, +# returns 'true' if the symlink filename is a symlink +# and the symlink points to a readable file +# EVEN if it points to a different filename +is_weak_for_module_valid() { + local module="$1" + local krel="$2" + local weak_link + + weak_link="$(module_weak_link $module $krel)" + [[ -L "$weak_link" ]] && [[ -r "$weak_link" ]] +} + +# is_weak_link: +# Takes a filename and a kernel release. +# 'true' if the filename is symlink under weak-updates/ for the kernel. +# It doesn't matter, if it's a valid symlink (points to a real file) or not. +is_weak_link() { + local link="$1" + local krel="$2" + + echo $link | grep -q "$(weak_updates_dir $krel)" || return 1 + [[ -L $link ]] +} + +# is_extra_exists: +# Takes a module filename, the module's kernel release and target kernel release. +# The module filename should be a real, not a symlink, filename (i.e. in extra/). +# Returns 'true' if the same module exists for the target kernel. +is_extra_exists() { + local module="$1" + local module_krel="$2" + local krel="$3" + local subpath="${module#*/lib/modules/$module_krel/extra/}" + + [[ -f $BASEDIR/lib/modules/$krel/extra/$subpath ]] +} + +is_kernel_installed() { + local krel="$1" + + find_symvers_file "$krel" > /dev/null && + find_systemmap_file "$krel" > /dev/null +} + +is_empty_file() { + local file="$1" + + [[ "$(wc -l "$file" | cut -f 1 -d ' ')" == 0 ]] +} + +#### Helpers + +# find_modules: +# Takes kernel release and a list of subdirectories. +# Produces list of module files in the subdirectories for the kernel +find_modules() { + local krel="$1" + shift + local dirs="$*" + + for dir in $dirs; do + find $BASEDIR/lib/modules/$krel/$dir \ + -name '*.ko' -o -name '*.ko.xz' -o -name '*.ko.gz' \ + 2>/dev/null + done +} + +# find_modules_dirs: +# Takes a list of directories. +# Produces list of module files in the subdirectories +find_modules_dirs() { + local dirs="$*" + + for dir in $dirs; do + find $dir -name '*.ko' -o -name '*.ko.xz' -o -name '*.ko.gz' \ + 2>/dev/null + done +} + +# find_installed_kernels: +# Produces list of kernels, which modules are still installed +find_installed_kernels() { + ls $BASEDIR/lib/modules/ +} + +# find_kernels_with_extra: +# Produces list of kernels, where exists extra/ directory +find_kernels_with_extra() { + local krel + local extra_dir + + for krel in $(find_installed_kernels); do + extra_dir="$BASEDIR/lib/modules/$krel/extra" + [[ -d "$extra_dir" ]] || continue + echo "$krel" + done +} + +# remove_weak_link_quiet: +# Takes symlink filename and target kernel release. +# Removes the symlink and the directory tree +# if it was the last file in the tree +remove_weak_link_quiet() { + local link="$1" + local krel="$2" + local subpath="${link#*$(weak_updates_dir $krel)}" + + rm -f $link + ( cd "$(weak_updates_dir $krel)" && \ + rmdir --parents --ignore-fail-on-non-empty "$(dirname "${subpath#/}")" 2>/dev/null ) +} + +# prepare_sandbox: +# Takes kernel release, creates temporary weak-modules directory for it +# and depmod config to operate on it. +# Sets the global state accordingly + +prepare_sandbox() { + local krel="$1" + local orig_dir + local dir + local conf="$tmpdir/depmod.conf" + + #directory + orig_dir=$(weak_updates_dir $krel) + dir="$tmpdir/$krel/weak-updates" + + mkdir -p "$dir" + # the orig_dir can be empty + cp -R "$orig_dir"/* "$dir" 2>/dev/null + + weak_updates_dir_override="$dir" + + #config + echo "search external extra built-in weak-updates" >"$conf" + echo "external * $dir" >>"$conf" + + depmod="$depmod_orig -C $conf" +} + +# discard_installed: +# remove installed_modules[] from modules[] +discard_installed() +{ + local short_name + + for m in "${!modules[@]}"; do + short_name="$(module_short_name "${modules[$m]}")" + + [[ -z "${installed_modules[$short_name]}" ]] && continue + + unset "modules[$m]" + done +} + +# update_installed: +# add compatible_modules[] to installed_modules[] +update_installed() +{ + for m in "${!compatible_modules[@]}"; do + installed_modules[$m]="${compatible_modules[$m]}" + done +} + +# finish_sandbox: +# restore global state after sandboxing +# copy configuration to the kernel directory if not dry run +finish_sandbox() { + local krel="$1" + local override="$weak_updates_dir_override" + local wa_dir + + weak_updates_dir_override="" + depmod="$depmod_orig" + + [[ -n "$dry_run" ]] && return + + wa_dir="$(weak_updates_dir $krel)" + + rm -rf "$wa_dir" + mkdir -p "$wa_dir" + + cp -R "${override}"/* "$wa_dir" 2>/dev/null +} + +# Auxiliary functions to find symvers file +make_kernel_file_names() { + local krel="$1" + local file="$2" + local suffix="$3" + + echo "${BASEDIR}/boot/${file}-${krel}${suffix}" + echo "${BASEDIR}/lib/modules/${krel}/${file}${suffix}" +} + +find_kernel_file() { + local krel="$1" + local file="$2" + local suffix="$3" + local print="$4" + local i + + if [[ "$print" != "" ]]; then + make_kernel_file_names "$krel" "$file" "$suffix" + return 0 + fi + + for i in $(make_kernel_file_names "$krel" "$file" "$suffix"); do + if [[ -r "$i" ]]; then + echo "$i" + return 0 + fi + done + + return 1 +} + +# find_symvers_file: +# Since /boot/ files population process is now controlled by systemd's +# kernel-install bash script and its plug-ins, it might be the case +# that, while present, symvers file is not populated in /boot. +# Let's also check for /lib/modules/$kver/symvers.gz, since that's where +# it is populated from. +# +# $1 - krel +# return - 0 if symvers file is found, 1 otherwise. +# Prints symvers path if found, empty string otherwise. +find_symvers_file() { + local krel="$1" + local print="$2" + + find_kernel_file "$krel" symvers .gz "$print" +} + +# find_systemmap_file: +# Same as above but for System.map +find_systemmap_file() { + local krel="$1" + local print="$2" + local no_suffix="" + + find_kernel_file "$krel" System.map "$no_suffix" "$print" +} + +#### Main logic + +# update_modules_for_krel: +# Takes kernel release and "action" function name. +# Skips kernel without symvers, +# otherwise triggers the main logic of modules installing/removing +# for the given kernel, which is: +# - save current state of weak modules symlinks +# - install/remove the symlinks for the given (via stdin) list of modules +# - validate the state and remove invalid symlinks +# (for the modules, which are not compatible (became incompatible) for +# the given kernel) +# - check the state after validation to produce needed messages +# and trigger initrd regeneration if the list changed. +# +update_modules_for_krel() { + local krel="$1" + local func="$2" + local force_update="$3" + + is_kernel_installed "$krel" || return + + prepare_sandbox $krel + + global_link_state_save $krel + + # remove already installed from modules[] + discard_installed + + # do not run heavy validation procedure if no modules to install + if [[ "${#modules[@]}" -eq 0 ]]; then + finish_sandbox $krel + return + fi + + $func $krel + + if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then + global_link_state_restore $krel + compatible_modules=() + fi + + # add compatible to installed + update_installed + + global_link_state_announce_changes $krel + + finish_sandbox $krel +} + +# update_modules: +# Common entry point for add/remove modules command +# Takes the "action" function, the module list is supplied via stdin. +# Reads the module list and triggers modules update for all installed +# kernels. +# Triggers initrd rebuild for the kernels, which modules are installed. +update_modules() { + local func="$1" + local force_update="$2" + local module_krel + declare -a saved_modules + + read_modules_list || exit 1 + [[ ${#modules[@]} -gt 0 ]] || return + saved_modules=("${modules[@]}") + + for krel in $(find_installed_kernels); do + update_modules_for_krel $krel $func $force_update + modules=("${saved_modules[@]}") + installed_modules=() + done + + for module in "${modules[@]}"; do + # Module was built against this kernel, update initramfs. + module_krel="${module_krels[$module]}" + module_has_changed $module $module_krel + done +} + +# add_weak_links: +# Action function for the "add-modules" command +# Takes the kernel release, where the modules are added +# and the modules[] and module_krels[] global arrays. +# Install symlinks for the kernel with minimal checks +# (just filename checks, no symbol checks) +add_weak_links() { + local krel="$1" + local module_krel + local weak_link + + for module in "${modules[@]}"; do + module_krel="$(krel_of_module $module)" + + case "$module" in + $BASEDIR/lib/modules/$krel/*) + # Module already installed to the current kernel + continue ;; + esac + + if is_extra_exists $module $module_krel $krel; then + pr_verbose "found $(module_short_name $module) for $krel while installing for $module_krel, update case?" + fi + + if is_weak_for_module_valid $module $krel; then + pr_verbose "weak module for $(module_short_name $module) already exists for kernel $krel, update case?" + # we should update initrd in update case, + # the change is not seen by the symlink detector + # (global_link_state_announce_changes()) + module_has_changed $module $krel + fi + + weak_link="$(module_weak_link $module $krel)" + + mkdir -p "$(dirname $weak_link)" + ln -sf $module $weak_link + + done +} + +# remove_weak_links: +# Action function for the "remove-modules" command +# Takes the kernel release, where the modules are removed +# and the modules[] and module_krels[] global arrays. +# Removes symlinks from the given kernel if they are installed +# for the modules in the list. +remove_weak_links() { + local krel="$1" + local weak_link + local target + local module_krel + + for module in "${modules[@]}"; do + module_krel="$(krel_of_module $module)" + + weak_link="$(module_weak_link $module $krel)" + target="$(readlink $weak_link)" + + if [[ "$module" != "$target" ]]; then + pr_verbose "Skipping symlink $weak_link" + continue + fi + # In update case the --remove-modules call is performed + # after --add-modules (from postuninstall). + # So, we shouldn't really remove the symlink in this case. + # But in the remove case the actual target already removed. + if ! is_weak_for_module_valid "$module" "$krel"; then + remove_weak_link_quiet "$weak_link" "$krel" + fi + done +} + +# validate_weak_links: +# Takes kernel release. +# Checks if all the weak symlinks are suitable for the given kernel. +# Uses depmod to perform the actual symbol checks and parses the output. +# Since depmod internally creates the module list in the beginning of its work +# accroding to the priority list in its configuration, but without symbol +# check and doesn't amend the list during the check, the function runs it +# in a loop in which it removes discovered incompatible symlinks +# +# Returns 0 (success) if proposal is fine or +# 1 (false) if some incompatible symlinks were removed +# initializes global hashmap compatible_modules with all the valid ones +validate_weak_links() { + local krel="$1" + local basedir=${BASEDIR:+-b $BASEDIR} + local tmp + declare -A symbols + local is_updates_changed=1 + local module + local module_krel + local target + local modpath + local symbol + local weak_link + # to return to caller that original proposal is not valid + # here 0 is true, 1 is false, since it will be the return code + local is_configuration_valid=0 + + tmp=$(mktemp -p $tmpdir) + compatible_modules=() + + if ! [[ -e $tmpdir/symvers-$krel ]]; then + local symvers_path=$(find_symvers_file "$krel") + + [[ -n "$symvers_path" ]] || return + zcat "$symvers_path" > $tmpdir/symvers-$krel + fi + + while ((is_updates_changed)); do + is_updates_changed=0 + + # again $tmp because of subshell, see read_modules_list() comment + # create incompatibility report by depmod + # Shorcut if depmod finds a lot of incompatible modules elsewhere, + # we care only about weak-updates + $depmod $basedir -naeE $tmpdir/symvers-$krel $krel 2>&1 1>/dev/null | \ + grep "$(weak_updates_dir $krel)" 2>/dev/null >$tmp + # parse it into symbols[] associative array in form a-la + # symbols["/path/to/the/module"]="list of bad symbols" + while read line; do + set -- $(echo $line | awk '/needs unknown symbol/{print $3 " " $NF}') + modpath=$1 + symbol=$2 + if [[ -n "$modpath" ]]; then + symbols[$modpath]="${symbols[$modpath]} $symbol" + continue + fi + + set -- $(echo $line | awk '/disagrees about version of symbol/{print $3 " " $NF}') + modpath=$1 + symbol=$2 + if [[ -n "$modpath" ]]; then + symbols[$modpath]="${symbols[$modpath]} $symbol" + continue + fi + done < $tmp + + # loop through all the weak links from the list of incompatible + # modules and remove them. Skips non-weak incompatibilities + for modpath in "${!symbols[@]}"; do + is_weak_link $modpath $krel || continue + + target=$(readlink $modpath) + module_krel=$(krel_of_module $target) + + remove_weak_link_quiet "$modpath" "$krel" + + pr_verbose "Module $(module_short_name $modpath) from kernel $module_krel is not compatible with kernel $krel in symbols: ${symbols[$modpath]}" + is_updates_changed=1 + is_configuration_valid=1 # inversed value + done + done + rm -f $tmp + + # this loop is just to produce verbose compatibility messages + # for the compatible modules + for module in "${modules[@]}"; do + is_weak_for_module_valid $module $krel || continue + + weak_link="$(module_weak_link $module $krel)" + target="$(readlink $weak_link)" + module_krel=$(krel_of_module $target) + + if [[ "$module" == "$target" ]]; then + short_name="$(module_short_name "$module")" + compatible_modules+=([$short_name]="$module") + + pr_verbose "Module ${module##*/} from kernel $module_krel is compatible with kernel $krel" + fi + done + return $is_configuration_valid +} + +# global_link_state_save: +# Takes kernel release +# Saves the given kernel's weak symlinks state into the global array +# weak_modules_before[] for later processing +global_link_state_save() { + local krel="$1" + local link + local target + + weak_modules_before=() + for link in $(find_modules_dirs $(weak_updates_dir $krel) | xargs); do + target=$(readlink $link) + weak_modules_before[$link]=$target + done +} + +# global_link_state_restore: +# Takes kernel release +# Restores the previous weak links state +# (for example, if incompatible modules were installed) +global_link_state_restore() { + local krel="$1" + local link + local target + + pr_verbose "Falling back weak-modules state for kernel $krel" + + ( cd "$(weak_updates_dir $krel)" 2>/dev/null && rm -rf * ) + + for link in "${!weak_modules_before[@]}"; do + target=${weak_modules_before[$link]} + + mkdir -p "$(dirname $link)" + ln -sf $target $link + done +} + +# global_link_state_announce_changes: +# Takes kernel release +# Reads the given kernel's weak symlinks state, compares to the saved, +# triggers initrd rebuild if there were changes +# and produces message on symlink removal +global_link_state_announce_changes() { + local krel="$1" + local link + local target + local new_target + declare -A weak_modules_after + + for link in $(find_modules_dirs $(weak_updates_dir $krel) | xargs); do + target=${weak_modules_before[$link]} + new_target=$(readlink $link) + weak_modules_after[$link]=$new_target + + # report change of existing link and appearing of a new link + [[ "$target" == "$new_target" ]] || module_has_changed $new_target $krel + done + + for link in "${!weak_modules_before[@]}"; do + target=${weak_modules_before[$link]} + new_target=${weak_modules_after[$link]} + + # report change of existing link and disappearing of an old link + [[ "$target" == "$new_target" ]] && continue + module_has_changed $target $krel + [[ -n "$new_target" ]] || + pr_verbose "Removing compatible module $(module_short_name $target) from kernel $krel" + done +} + +# remove_modules: +# Read in a list of modules from stdinput and process them for removal. +# Parameter (noreplace) is deprecated, acts always as "noreplace". +# There is no sense in the "replace" functionality since according +# to the current requirements RPM will track existing of only one version +# of extra/ module (no same extra/ modules for different kernels). +remove_modules() { + update_modules remove_weak_links force_update +} + +# add_modules: +# Read in a list of modules from stdinput and process them for compatibility +# with installed kernels under /lib/modules. +add_modules() { + no_force_update="" + + update_modules add_weak_links $no_force_update +} + +# do_make_groups: +# Takes tmp file which contains preprocessed modules.dep +# output (or modules.dep) +# +# reads modules.dep format information from stdin +# produces groups associative array +# the group is a maximum subset of modules having at least a link +# +# more fine tuned extra filtering. +do_make_groups() +{ + local tmp="$1" + local group_name + local mod + declare -a mods + + while read i; do + mods=($i) + + echo "${mods[0]}" |grep -q "extra/" || continue + + # if the module already met, then its dependencies already counted + module_group="${grouped_modules[${mods[0]}]}" + [[ -n $module_group ]] && continue + + # new group + group_name="${mods[0]}" + + for mod in "${mods[@]}"; do + echo "$mod" |grep -q "extra/" || continue + + # if there is already such group, + # it is a subset of the one being created + # due to depmod output + unset groups[$mod] + + # extra space doesn't matter, since later (in add_kernel()) + # it is expanded without quotes + groups[$group_name]+=" $mod" + grouped_modules[$mod]=$group_name + done + done < $tmp # avoid subshell +} + +# filter_depmod_deps: +# preprocess output for make_groups +# depmod -n produces also aliases, so it cuts them off +# also it removes colon after the first module +cut_depmod_deps() +{ + awk 'BEGIN { pr = 1 } /^#/{ pr = 0 } pr == 1 {sub(":",""); print $0}' +} + +# filter_extra_absoluted: +# Takes kernel version +# makes full path from the relative module path +# (produced by depmod for in-kernel-dir modules) +# filter only extra/ modules +filter_extra_absoluted() +{ + local kver="$1" + local mod + declare -a mods + + while read i; do + # skip non-extra. The check is not perfect, but ok + # to speed up handling in general cases + echo "$i" |grep -q "extra/" || continue + + mods=($i) + for j in "${!mods[@]}"; do + mod="${mods[$j]}" + + [[ ${mod:0:1} == "/" ]] || mod="$BASEDIR/lib/modules/$kver/$mod" + mods[$j]="$mod" + done + echo "${mods[@]}" + done +} + +# make_groups: +# takes k -- kernel version, we are installing extras from +# prepares and feeds to do_make_groups +# to create the module groups (global) +make_groups() +{ + local k="$1" + local tmp2=$(mktemp -p $tmpdir) + local basedir=${BASEDIR:+-b $BASEDIR} + + groups=() + grouped_modules=() + + $depmod -n $basedir $k 2>/dev/null | + cut_depmod_deps | filter_extra_absoluted $k > $tmp2 + + do_make_groups $tmp2 + + rm -f $tmp2 +} + +add_kernel() { + local krel=${1:-$(uname -r)} + local tmp + local no_force_update="" + local num + + tmp=$(mktemp -p $tmpdir) + + if ! find_symvers_file "$krel" > /dev/null; then + echo "Symvers dump file is not found in" \ + $(find_symvers_file "$krel" print) >&2 + exit 1 + fi + + for k in $(find_kernels_with_extra | rpmsort -r); do + [[ "$krel" == "$k" ]] && continue + find_modules $k extra > $tmp + + is_empty_file "$tmp" || make_groups $k + + # reuse tmp + + # optimization, check independent modules in one run. + # first try groups with one element in each. + # it means independent modules, so we can safely remove + # incompatible links + # some cut and paste here + + echo > $tmp + for g in "${groups[@]}"; do + num="$(echo "$g" | wc -w)" + [ "$num" -gt 1 ] && continue + + printf '%s\n' $g >> $tmp + done + # to avoid subshell, see the read_modules_list comment + read_modules_list < $tmp + update_modules_for_krel $krel add_weak_links force_update + + for g in "${groups[@]}"; do + num="$(echo "$g" | wc -w)" + [ "$num" -eq 1 ] && continue + + printf '%s\n' $g > $tmp + read_modules_list < $tmp + update_modules_for_krel $krel add_weak_links $no_force_update + done + done + + rm -f $tmp + +} + +remove_kernel() { + remove_krel=${1:-$(uname -r)} + weak_modules="$(weak_updates_dir $remove_krel)" + module_has_changed $weak_modules $remove_krel + + # Remove everything beneath the weak-updates directory + ( cd "$weak_modules" && doit rm -rf * ) +} + +################################################################################ +################################## MAIN GUTS ################################### +################################################################################ + +options=`getopt -o h --long help,add-modules,remove-modules \ + --long add-kernel,remove-kernel \ + --long dry-run,no-initramfs,verbose,delete-modules \ + --long basedir:,dracut:,check-initramfs-prog: -- "$@"` + +[ $? -eq 0 ] || usage 1 + +eval set -- "$options" + +while :; do + case "$1" in + --add-modules) + do_add_modules=1 + ;; + --remove-modules) + do_remove_modules=1 + ;; + --add-kernel) + do_add_kernel=1 + ;; + --remove-kernel) + do_remove_kernel=1 + ;; + --dry-run) + dry_run=1 + # --dry-run option is not pure dry run anymore, + # because of depmod used internally. + # For add/remove modules we have to add/remove the symlinks + # and just restore the original configuration afterwards. + ;; + --no-initramfs) + no_initramfs=1 + ;; + --verbose) + verbose=1 + ;; + --delete-modules) + pr_warning "--delete-modules is deprecated, no effect" + ;; + --basedir) + BASEDIR="$2" + shift + ;; + --dracut) + dracut="$2" + shift + ;; + --check-initramfs-prog) + CHECK_INITRAMFS="$2" + shift + ;; + -h|--help) + usage 0 + ;; + --) + shift + break + ;; + esac + shift +done + +if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ] +then + echo "weak-modules: could not find dracut at $dracut" + exit 1 +fi + +initramfs_prefix="$BASEDIR/${default_initramfs_prefix#/}" + +if [ -n "$do_add_modules" ]; then + add_modules + +elif [ -n "$do_remove_modules" ]; then + remove_modules + +elif [ -n "$do_add_kernel" ]; then + kernel=${1:-$(uname -r)} + add_kernel $kernel + +elif [ -n "$do_remove_kernel" ]; then + kernel=${1:-$(uname -r)} + remove_kernel $kernel + + exit 0 +else + usage 1 +fi + +################################################################################ +###################### CLEANUP POST ADD/REMOVE MODULE/KERNEL ################### +################################################################################ + +# run depmod and dracut as needed +for krel in ${!changed_modules_*}; do + krel=${!krel} + basedir=${BASEDIR:+-b $BASEDIR} + + if is_kernel_installed $krel; then + doit $depmod $basedir -ae -F $(find_systemmap_file $krel) $krel + else + pr_verbose "Skipping depmod for non-installed kernel $krel" + fi +done + +for krel in ${!changed_initramfs_*}; do + krel=${!krel} + + if [ ! -n "$no_initramfs" ]; then + ${CHECK_INITRAMFS:-check_initramfs} $krel + fi +done