Toshaan Bharvani
4 months ago
commit
04cca44c73
21 changed files with 1951 additions and 0 deletions
@ -0,0 +1,8 @@
@@ -0,0 +1,8 @@
|
||||
# Also see: |
||||
# https://fedoraproject.org/wiki/Starting_services_by_default |
||||
|
||||
# Installing presets is not the preferred solution but until another one |
||||
# presents itself: |
||||
# https://bugzilla.rpmfusion.org/show_bug.cgi?id=3713 |
||||
enable akmods.service |
||||
#enable akmods-shutdown.service |
@ -0,0 +1,65 @@
@@ -0,0 +1,65 @@
|
||||
#!/bin/bash - |
||||
# |
||||
# 95-akmodposttrans.install - Calls akmods for newly installed kernels |
||||
# |
||||
# Copyright (c) 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
|
||||
COMMAND="$1" |
||||
KERNEL_VERSION="$2" |
||||
BOOT_DIR_ABS="$3" |
||||
KERNEL_IMAGE="$4" |
||||
|
||||
# just check in case a user calls this directly |
||||
if [[ ! -w /var ]] ; then |
||||
echo "Needs to run as root to be able to install rpms." >&2 |
||||
exit 4 |
||||
fi |
||||
|
||||
if [[ ! -n "${KERNEL_VERSION}" ]] ; then |
||||
exit 1 |
||||
fi |
||||
|
||||
case "${COMMAND}" in |
||||
add) |
||||
# needs to run in background as rpmdb might be locked otherwise |
||||
if [ -e /bin/systemctl ] ; then |
||||
# Exit early if system-update.target is active - rhbz#1518401 |
||||
/bin/systemctl is-active system-update.target &>/dev/null |
||||
RET=$? |
||||
|
||||
[ $RET == 0 ] && exit 0 |
||||
|
||||
/bin/systemctl restart akmods@${KERNEL_VERSION}.service --no-block >/dev/null 2>&1 |
||||
else |
||||
nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${KERNEL_VERSION} > /dev/null 2>&1 & |
||||
fi |
||||
exit 0 |
||||
;; |
||||
remove) |
||||
# Nothing to do |
||||
;; |
||||
*) |
||||
;; |
||||
esac |
||||
|
||||
exit 0 |
@ -0,0 +1,18 @@
@@ -0,0 +1,18 @@
|
||||
Permission is hereby granted, free of charge, to any person obtaining |
||||
a copy of this software and associated documentation files (the |
||||
"Software"), to deal in the Software without restriction, including |
||||
without limitation the rights to use, copy, modify, merge, publish, |
||||
distribute, sublicense, and/or sell copies of the Software, and to |
||||
permit persons to whom the Software is furnished to do so, subject to |
||||
the following conditions: |
||||
|
||||
The above copyright notice and this permission notice shall be |
||||
included in all copies or substantial portions of the Software. |
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
Akmods startup script will rebuild akmod packages during system |
||||
boot, while its background daemon will build them for kernels right |
||||
after they were installed. |
||||
|
||||
The akmods systemd service provides both, and is enabled by default. |
||||
|
||||
The akmods-shutdown service is disabled by default but can, in some |
||||
circumstances, provide an additional chance to build and install a kernel |
||||
module. Users who would prefer longer shutdowns over delayed startups |
||||
may wish to consider enabling it with the following command: |
||||
|
||||
sudo systemctl enable --now akmods-shutdown.service |
@ -0,0 +1,51 @@
@@ -0,0 +1,51 @@
|
||||
Secure boot is a setup using UEFI firmware to check cryptographic |
||||
signatures on the bootloader and associated OS kernel to ensure they |
||||
have not been tampered with or bypassed in the boot process. |
||||
|
||||
This verification can be extended to Kernel and its modules. |
||||
It's default case in Fedora with UEFI and Secure boot enabled. |
||||
|
||||
Fedora Project have signed kernels and also main modules with Fedora |
||||
Key, but 3rd party modules as NVidia, VirtualBox, etc. need to be signed |
||||
to load. |
||||
|
||||
Akmods provides an enroll process to sign third party modules with your |
||||
own keypair. |
||||
|
||||
At the first run of the akmods.service, certificate and keypair will be |
||||
created with default value using the '/usr/sbin/kmodgenca' script. |
||||
|
||||
You may also wish to manually create your own certificate and keypair |
||||
with `/usr/sbin/kmodgenca` command. |
||||
If '/usr/sbin/kmodgenca' is launched with the '-a' parameter, it will |
||||
use default values to complete the cacert.config file, and to generate |
||||
automatically the cert and the private key. |
||||
If '/usr/sbin/kmodgenca' is launched without parameters, user will be |
||||
prompted to complete manually the cacert.config file, then the cert and |
||||
the private key will be automatically generated. |
||||
If the cert and the private key files already exist, |
||||
'/usr/sbin/kmodgenca' will exit unless the '-f' parameter is used. |
||||
|
||||
The cert and the private key are stored respectively in |
||||
/etc/pki/akmods/certs and /etc/pki/akmods/private/ directories. |
||||
|
||||
Now you need to enroll the public key in MOK, this process is described |
||||
below. |
||||
- Ask MOK to enroll new keypair with certificate with the command |
||||
`mokutil --import /etc/pki/akmods/certs/public_key.der`. |
||||
- mokutil asks to generate a password to enroll the public key. |
||||
- Rebooting the system is needed for MOK to enroll the new public key. |
||||
- On next boot MOK Management is launched and you have to choose |
||||
"Enroll MOK". |
||||
- Choose "Continue" to enroll the key or "View key 0" to show the keys |
||||
already enrolled. |
||||
- Confirm enrollment by selecting "Yes". |
||||
- You will be invited to enter the password generated above. |
||||
WARNING: keyboard is mapped to QWERTY! |
||||
- The new key is enrolled, and system ask you to reboot. |
||||
|
||||
You can confirm the enrollment of the new keypair once the system |
||||
rebooted with: |
||||
`mokutil --list-enrolled | grep Issuer` |
||||
or with: |
||||
`mokutil --test-key /etc/pki/akmods/certs/public_key.der` |
@ -0,0 +1,575 @@
@@ -0,0 +1,575 @@
|
||||
#!/bin/bash - |
||||
######################################################################## |
||||
# |
||||
# akmods - Rebuilds and install akmod RPMs |
||||
# Copyright (c) 2007, 2008 Thorsten Leemhuis <fedora@leemhuis.info> |
||||
# Copyright (c) 2018 Nicolas Chauvet <kwizart@gmail.com> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
######################################################################## |
||||
# |
||||
# ToDo: |
||||
# - use yum/dnf to install required kernel-devel packages? |
||||
# - better way to detect if a earlier build failed or succeeded |
||||
# - special kernel "all" (all that are installed with a matching -devel package; could be called from posttrans in akmods packages) |
||||
# - manpage |
||||
# - make it configurable if kmod building is done with nohup |
||||
# - check on shutdown if akmods is still running and let it finish before continuing |
||||
# - make it configurable if kmods from the repo replace local ones |
||||
|
||||
# global vars |
||||
myprog="akmods" |
||||
myver="0.5.7" |
||||
kmodlogfile= |
||||
continue_line="" |
||||
tmpdir= |
||||
kernels= |
||||
verboselevel=2 |
||||
# We cannot differenciate from a code failure to shutdown kill9 oom etc |
||||
# So we always retry anyway |
||||
alwaystry=1 |
||||
|
||||
akmods_echo() |
||||
{ |
||||
# where to output |
||||
local this_fd=${1} |
||||
shift |
||||
|
||||
# verboselevel |
||||
local this_verbose=${1} |
||||
shift |
||||
|
||||
# output to console |
||||
if (( ${verboselevel} >= ${this_verbose} )) ; then |
||||
if [[ "${1}" == "--success" ]] ; then |
||||
echo_success |
||||
continue_line="" |
||||
echo |
||||
return 0 |
||||
elif [[ "${1}" == "--failure" ]] ; then |
||||
echo_failure |
||||
echo |
||||
continue_line="" |
||||
return 0 |
||||
elif [[ "${1}" == "--warning" ]] ; then |
||||
echo_warning |
||||
echo |
||||
continue_line="" |
||||
return 0 |
||||
elif [[ "${1}" == "-n" ]] ; then |
||||
continue_line="true" |
||||
fi |
||||
echo "$@" >&${this_fd} |
||||
fi |
||||
|
||||
# no need to print the status flags in the logs |
||||
if [[ "${1}" == "--success" ]] || [[ "${1}" == "--failure" ]] || [[ "${1}" == "--warning" ]] ; then |
||||
return 0 |
||||
fi |
||||
|
||||
# no need to continues in the log |
||||
if [[ "${1}" == "-n" ]] ; then |
||||
shift |
||||
fi |
||||
|
||||
# global logfile |
||||
echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "/var/log/akmods/akmods.log" |
||||
|
||||
# the kmods logfile as well, if we work on a kmod |
||||
if [[ -n "${kmodlogfile}" ]] ; then |
||||
echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "${kmodlogfile}" |
||||
fi |
||||
} |
||||
|
||||
finally() |
||||
{ |
||||
# remove tmpfiles |
||||
remove_tmpdir |
||||
|
||||
# remove lockfile |
||||
rm -f /var/cache/akmods/.lockfile |
||||
|
||||
exit ${1:-128} |
||||
} |
||||
|
||||
# Make sure finally() is run regardless of reason for exiting. |
||||
trap "finally" ABRT HUP INT QUIT |
||||
|
||||
create_tmpdir() |
||||
{ |
||||
if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then |
||||
akmods_echo 2 1 "ERROR: failed to create tmpdir." |
||||
akmods_echo 2 1 --failure ; return 1 |
||||
fi |
||||
if ! mkdir "${tmpdir}"results ; then |
||||
akmods_echo 2 1 "ERROR: failed to create result tmpdir." |
||||
akmods_echo 2 1 --failure ; return 1 |
||||
fi |
||||
} |
||||
|
||||
remove_tmpdir() |
||||
{ |
||||
# remove tmpfiles |
||||
if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]] ; then |
||||
rm -f "${tmpdir}"results/* "${tmpdir}"*.log |
||||
rmdir "${tmpdir}"results/ "${tmpdir}" |
||||
fi |
||||
} |
||||
|
||||
cleanup_cachedir () |
||||
{ |
||||
for one_file in $(ls /var/cache/akmods/*/* 2>/dev/null | \ |
||||
grep -v "$(ls -I "*rescue*" /boot/vmlinuz-* | \ |
||||
sed 's%.*vmlinuz-%%g')") ; do |
||||
if $(grep -qE ".*\.rpm$" <<< "${one_file}") ; then |
||||
if ! $(rpm -q "$(basename ${one_file%.rpm})" >/dev/null) ; then |
||||
rm -f "${one_file}" |
||||
fi |
||||
else |
||||
rm -f "${one_file}" |
||||
fi |
||||
done |
||||
} |
||||
|
||||
init () |
||||
{ |
||||
# some security provisions |
||||
\export PATH='/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' |
||||
\unalias -a |
||||
hash -r |
||||
# https://bugzilla.rpmfusion.org/show_bug.cgi?id=4023 |
||||
#ulimit -H -c 0 -- |
||||
IFS=$' \t\n' |
||||
UMASK=022 |
||||
umask ${UMASK} |
||||
|
||||
# fall back to current kernel if user didn't provide one |
||||
if [[ ! -n "${kernels}" ]] ; then |
||||
kernels="$(uname -r)" |
||||
fi |
||||
# ensure to build for grub default kernel |
||||
default_kernel=$(grubby --default-kernel | sed -e 's/^.*vmlinuz-//') |
||||
if ! $(echo "${kernels}" | grep -q "${default_kernel}") ; then |
||||
kernels="${kernels} ${default_kernel}" |
||||
fi |
||||
|
||||
# we get the echo_{success,failure} stuff from there |
||||
if [[ -r /etc/rc.d/init.d/functions ]] ; then |
||||
source /etc/rc.d/init.d/functions |
||||
else |
||||
# Use our own simple replacements |
||||
echo_success() { |
||||
echo -ne " [ OK ]\r" |
||||
return 0 |
||||
} |
||||
echo_failure() { |
||||
echo -ne " [FAILED]\r" |
||||
return 1 |
||||
} |
||||
echo_warning() { |
||||
echo -ne " [WARNING]\r" |
||||
return 1 |
||||
} |
||||
fi |
||||
|
||||
# needs root permissions |
||||
if [[ ! -w /var ]] ; then |
||||
echo -n "Needs to run as root to be able to install rpms." >&2 |
||||
echo_failure ; echo ; exit 1 |
||||
fi |
||||
|
||||
# no akmods |
||||
if [[ ! -d "/usr/src/akmods/" ]] ; then |
||||
echo -n "/usr/src/akmods/ not found." >&2 |
||||
echo_failure ; echo ; exit 1 |
||||
fi |
||||
|
||||
# if there are no akmod packages installed there is nothing to do for us |
||||
if ! ls /usr/src/akmods/*-kmod.latest &> /dev/null ; then |
||||
echo -n "No akmod packages found, nothing to do." >&2 |
||||
echo_success ; echo ; exit 0 |
||||
fi |
||||
|
||||
|
||||
# now that we know that we're root make sure our dir for logging and results is available |
||||
if [[ ! -d "/var/cache/akmods/" ]] ; then |
||||
if ! mkdir -p "/var/cache/akmods/" ; then |
||||
echo -n "/var/cache/akmods/ not found and could not be created" >&2 |
||||
echo_failure ; echo ; exit 1 |
||||
fi |
||||
fi |
||||
if [[ ! -w "/var/cache/akmods/" ]] ; then |
||||
echo -n "/var/cache/akmods/ not writable" >&2 |
||||
echo_failure ; echo ; exit 1 |
||||
fi |
||||
|
||||
# tools needed |
||||
for tool in akmodsbuild chown flock sed rpmdev-vercmp ; do |
||||
if ! which "${tool}" &> /dev/null ; then |
||||
echo -n "${tool} not found" >&2 |
||||
echo_failure ; echo ; exit 1 |
||||
fi |
||||
done |
||||
|
||||
# create lockfile and wait till we get it |
||||
exec 99>/run/akmods/akmods.lock |
||||
flock -w 900 99 |
||||
} |
||||
|
||||
buildinstall_kmod() |
||||
{ |
||||
local this_kernelver=${1} |
||||
local this_kmodname=${2} |
||||
local this_kmodsrpm=${3} |
||||
local this_kmodverrel=${4} |
||||
|
||||
if [[ ! -r "${this_kmodsrpm}" ]] ; then |
||||
akmods_echo 2 1 "ERROR: ${this_kmodsrpm} not found." |
||||
akmods_echo 2 1 --failure ; return 1 |
||||
fi |
||||
|
||||
|
||||
# result and logdir |
||||
if [[ ! -d "/var/cache/akmods/${this_kmodname}" ]] ; then |
||||
if ! mkdir "/var/cache/akmods/${this_kmodname}" ; then |
||||
akmods_echo 2 1 "ERROR: could not create /var/cache/akmods/${this_kmodname}." |
||||
akmods_echo 2 1 --failure ; return 1 |
||||
fi |
||||
fi |
||||
|
||||
## preparations |
||||
# tmpdir |
||||
create_tmpdir |
||||
|
||||
# akmods needs to write there (and nobody else, but mktemp takes care of that!) |
||||
chown akmods "${tmpdir}" "${tmpdir}"results |
||||
|
||||
# remove old logfiles if they exist |
||||
rm -f "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" "/var/cache/akmods/${this_kmodname}/.last.log" |
||||
|
||||
# create a per kmod logfile |
||||
if ! touch "/var/cache/akmods/${this_kmodname}/.last.log" ; then |
||||
akmods_echo 2 1 "ERROR: failed to create kmod specific logfile." |
||||
return 1 |
||||
fi |
||||
|
||||
# akmods_echo will log to this file from now on as well |
||||
kmodlogfile="/var/cache/akmods/${this_kmodname}/.last.log" |
||||
|
||||
# Unset TMPDIR since it is misused by "runuser" |
||||
# https://bugzilla.rpmfusion.org/show_bug.cgi?id=2596 |
||||
unset TMPDIR |
||||
|
||||
# build module using akmod |
||||
akmods_echo 1 4 "Building RPM using the command '$(which akmodsbuild) --kernels ${this_kernelver} ${this_kmodsrpm}'" |
||||
/sbin/runuser -s /bin/bash -c "$(which akmodsbuild) --quiet --kernels ${this_kernelver} --outputdir ${tmpdir}results --logfile ${tmpdir}/akmodsbuild.log ${this_kmodsrpm}" akmods >> "${kmodlogfile}" 2>&1 |
||||
local returncode=$? |
||||
|
||||
# copy rpmbuild log to kmod specific logfile |
||||
if [[ -s "${tmpdir}"/akmodsbuild.log ]] ; then |
||||
while read line ; do |
||||
echo "$(date +%Y/%m/%d\ %H:%M:%S) akmodsbuild: ${line}" >> "${kmodlogfile}" |
||||
done < "${tmpdir}"/akmodsbuild.log |
||||
fi |
||||
|
||||
# result |
||||
if (( ! ${returncode} == 0 )) ; then |
||||
if [[ -n "${continue_line}" ]] ; then |
||||
akmods_echo 1 2 --failure |
||||
fi |
||||
akmods_echo 2 1 "Building rpms failed; see /var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log for details" |
||||
cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" |
||||
kmodlogfile="" |
||||
remove_tmpdir |
||||
return 4 |
||||
fi |
||||
|
||||
# dnf/yum install - repository disabled on purpose see rfbz#3350 |
||||
akmods_echo 1 4 "Installing newly built rpms" |
||||
if [[ -f /usr/bin/dnf ]] ; then |
||||
akmods_echo 1 4 "DNF detected" |
||||
dnf -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1 |
||||
else |
||||
akmods_echo 1 4 "DNF not found, using YUM instead." |
||||
yum -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1 |
||||
fi |
||||
local returncode=$? |
||||
|
||||
# place the newly built rpms where user expects them |
||||
cp "${tmpdir}results/"* "/var/cache/akmods/${this_kmodname}/" |
||||
|
||||
# everything fine? |
||||
if (( ${returncode} != 0 )) ; then |
||||
if [[ -n "${continue_line}" ]] ; then |
||||
akmods_echo 1 2 --failure |
||||
fi |
||||
akmods_echo 2 1 "Could not install newly built RPMs. You can find them and the logfile in:" |
||||
akmods_echo 2 1 "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" |
||||
cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" |
||||
kmodlogfile="" |
||||
remove_tmpdir |
||||
return 8 |
||||
fi |
||||
|
||||
# finish |
||||
akmods_echo 1 4 "Successful." |
||||
cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" |
||||
kmodlogfile="" |
||||
remove_tmpdir |
||||
|
||||
return 0 |
||||
} |
||||
|
||||
check_kmod_up2date() |
||||
{ |
||||
local this_kernelver=${1} |
||||
local this_kmodname=${2} |
||||
local kmodpackage_file="$(modinfo ${this_kmodname} -k ${this_kernelver} -n 2>/dev/null)" |
||||
|
||||
# kmod present, even with weak-modules? |
||||
if [[ ! -n "${kmodpackage_file}" ]] && [[ ! -d /lib/modules/${this_kernelver}/extra/${this_kmodname}/ ]] ; then |
||||
# build it |
||||
return 1 |
||||
fi |
||||
|
||||
# kmod up2date? |
||||
# Weak module symlink case |
||||
if [ -n "${kmodpackage_file}" ] && [ -h "${kmodpackage_file}" ] && $(echo "${kmodpackage_file}" | grep -q "weak-updates") ; then |
||||
local kmodpackage="$(rpm -qf $(readlink -e ${kmodpackage_file}) 2> /dev/null)" |
||||
# Regular module file case |
||||
else |
||||
local kmodpackage="$(rpm -qf /lib/modules/${this_kernelver}/extra/${this_kmodname}/ 2> /dev/null)" |
||||
fi |
||||
if [[ ! -n "${kmodpackage}" ]] ; then |
||||
# seems we didn't get what we wanted |
||||
# well, better to do nothing in this case |
||||
akmods_echo 1 2 -n "Warning: Could not determine what package owns /lib/modules/${this_kernelver}/extra/${this_kmodname}/" |
||||
return 0 |
||||
fi |
||||
local kmodver=$(rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' "${kmodpackage}" | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g') |
||||
local akmodver=$(rpm -qp --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' /usr/src/akmods/"${this_kmodname}"-kmod.latest | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g') |
||||
|
||||
rpmdev-vercmp "${kmodver}" "${akmodver}" &>/dev/null |
||||
local retvalue=$? |
||||
if [[ "$retvalue" == 0 ]] ; then |
||||
# Versions are the same. Nothing to do. |
||||
return 0 |
||||
elif [[ "$retvalue" == 11 ]] ; then |
||||
# kmod is newer, nothing to do. |
||||
return 0 |
||||
elif [[ "$retvalue" == 12 ]] ; then |
||||
# akmod is newer, need to build kmod. |
||||
return 1 |
||||
else |
||||
# Something went wrong |
||||
akmods_echo 1 2 -n "Error: Could not determine if akmod is newer than the installed kmod" |
||||
akmods_echo 1 2 --failure |
||||
return 0 |
||||
fi |
||||
} |
||||
|
||||
check_kmods() |
||||
{ |
||||
local this_kernelver="${1}" |
||||
|
||||
akmods_echo 1 2 -n "Checking kmods exist for ${this_kernelver}" |
||||
for akmods_kmodfile in /usr/src/akmods/*-kmod.latest ; do |
||||
local this_kmodname="$(basename ${akmods_kmodfile%%-kmod.latest})" |
||||
|
||||
# actually check this akmod? |
||||
if [[ -n "${akmods}" ]] ; then |
||||
for akmod in ${akmods} ; do |
||||
if [[ "${this_kmodname}" != "${akmod}" ]] ; then |
||||
# ignore this one |
||||
continue 2 |
||||
fi |
||||
done |
||||
fi |
||||
|
||||
# go |
||||
if ! check_kmod_up2date ${this_kernelver} ${this_kmodname} ; then |
||||
# okay, kmod wasn't found or is not up2date |
||||
if [[ -n "${continue_line}" ]] ; then |
||||
akmods_echo 1 2 --success |
||||
# if the files for building modules are not available don't even try to build modules |
||||
if [[ ! -r /usr/src/kernels/"${this_kernelver}"/Makefile ]] && \ |
||||
[[ ! -r /lib/modules/"${this_kernelver}"/build/Makefile ]] ; then |
||||
akmods_echo 1 2 "Files needed for building modules against kernel" |
||||
akmods_echo 1 2 "${this_kernelver} could not be found as the following" |
||||
akmods_echo 1 2 "directories are missing:" |
||||
akmods_echo 1 2 "/usr/src/kernels/${this_kernelver}/" |
||||
akmods_echo 1 2 -n "/lib/modules/${this_kernelver}/build/" |
||||
akmods_echo 1 2 -n "Is the correct kernel-devel package installed?" |
||||
akmods_echo 1 2 --failure |
||||
return 1 |
||||
fi |
||||
fi |
||||
|
||||
local this_kmodverrel="$(rpm -qp --qf '%{VERSION}-%{RELEASE}' "${akmods_kmodfile}" | sed 's!\.\(fc\|el\|lvn\)[0-9]*!!g' )" |
||||
if [[ ! -n "${alwaystry}" ]] && [[ -e "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}".failed.log ]] ; then |
||||
akmods_echo 1 2 -n "Ignoring ${this_kmodname}-kmod as it failed earlier" |
||||
akmods_echo 1 2 --warning |
||||
local someignored="true" |
||||
else |
||||
akmods_echo 1 2 -n "Building and installing ${this_kmodname}-kmod" |
||||
buildinstall_kmod ${this_kernelver} ${this_kmodname} ${akmods_kmodfile} ${this_kmodverrel} |
||||
local returncode=$? |
||||
if [[ "$returncode" == "0" ]] ; then |
||||
akmods_echo 1 2 --success |
||||
local somesucceeded="true" |
||||
elif [[ "$returncode" == "8" ]] ; then |
||||
akmods_echo 1 2 --failure "New kmod RPM was built but could not be installed." |
||||
else |
||||
local somefailed="true" |
||||
fi |
||||
fi |
||||
fi |
||||
done |
||||
|
||||
if [[ -n "${continue_line}" ]] ; then |
||||
akmods_echo 1 2 --success |
||||
elif [[ -n "${someignored}" ]] || [[ -n "${somefailed}" ]] ; then |
||||
echo |
||||
akmods_echo 1 2 "Hint: Some kmods were ignored or failed to build or install." |
||||
akmods_echo 1 2 "You can try to rebuild and install them by by calling" |
||||
akmods_echo 1 2 "'/usr/sbin/akmods --force' as root." |
||||
echo |
||||
sleep 2 |
||||
fi |
||||
|
||||
# akmods for newly installed akmod rpms as wells as akmods.service run |
||||
# after udev and systemd-modules-load.service have tried to load modules |
||||
if [[ -n "${somesucceeded}" ]] && [[ ${this_kernelver} = "$(uname -r)" ]] ; then |
||||
find /sys/devices -name modalias -print0 | xargs -0 cat | xargs modprobe -a -b -q |
||||
if [ -f /usr/bin/systemctl ] ; then |
||||
systemctl restart systemd-modules-load.service |
||||
fi |
||||
fi |
||||
} |
||||
|
||||
myprog_help () |
||||
{ |
||||
echo "Checks the akmod packages and rebuilds them if needed" |
||||
echo $'\n'"Usage: ${myprog} [OPTIONS]" |
||||
echo $'\n'"Options:" |
||||
echo " --force -- try all, even if they failed earlier" |
||||
echo " --kernels <kernel> -- build and install only for kernel <kernel>" |
||||
echo " (formatted the same as 'uname -r' would produce)" |
||||
echo " --akmod <akmod> -- build and install only akmod <akmod>" |
||||
} |
||||
|
||||
|
||||
# first parse command line options |
||||
while [ "${1}" ] ; do |
||||
case "${1}" in |
||||
--kernel|--kernels) |
||||
shift |
||||
if [[ ! -n "${1}" ]] ; then |
||||
echo "ERROR: Please provide the kernel-version to build for together with --kernel" >&2 |
||||
exit 1 |
||||
elif [[ ! -r /usr/src/kernels/"${1}"/Makefile ]] && \ |
||||
[[ ! -r /lib/modules/"${1}"/build/Makefile ]] ; then |
||||
echo "Could not find files needed to compile modules for ${1}" |
||||
echo "Are the development files for kernel ${1} or the appropriate kernel-devel package installed?" |
||||
exit 1 |
||||
elif [[ -r /usr/src/kernels/"${1}"/Makefile ]] && \ |
||||
[[ ! -d /lib/modules/"${1}" ]] ; then |
||||
# this is a red hat / fedora kernel-devel package, but the kernel for it is not installed |
||||
# kmodtool would add a dep on that kernel when building; thus when we'd try to install the |
||||
# rpms we'd run into a missing-dep problem. Thus we prevent that case |
||||
echo "Kernel ${1} not installed" |
||||
exit 1 |
||||
fi |
||||
# overwrites the default: |
||||
if [[ ! -n "${kernels}" ]] ; then |
||||
kernels="${1}" |
||||
else |
||||
kernels="${kernels} ${1}" |
||||
fi |
||||
# an try to build, even if we tried already |
||||
alwaystry=true |
||||
shift |
||||
;; |
||||
--akmod|--kmod) |
||||
shift |
||||
if [[ ! -n "${1}" ]] ; then |
||||
echo "ERROR: Please provide a name of a akmod package together with --akmods" >&2 |
||||
exit 1 |
||||
elif [[ -r /usr/src/akmods/"${1}"-kmod.latest ]] ; then |
||||
akmods="${akmods}${1} " |
||||
elif [[ -r /usr/src/akmods/"${1}".latest ]] ; then |
||||
akmods="${akmods}${1%%-kmod} " |
||||
else |
||||
echo "Could not find akmod ${1}" |
||||
exit 1 |
||||
fi |
||||
shift |
||||
;; |
||||
--force) |
||||
alwaystry=true |
||||
shift |
||||
;; |
||||
--from-init) |
||||
# just in case: remove stale lockfile if it exists: |
||||
rm -f /var/cache/akmods/.lockfile |
||||
# Clean old logs and rpm files from no more installed kmod |
||||
# packages. |
||||
cleanup_cachedir |
||||
shift |
||||
;; |
||||
--from-posttrans|--from-kernel-posttrans|--from-akmod-posttrans) |
||||
# ignored |
||||
shift |
||||
;; |
||||
--verbose) |
||||
let verboselevel++ |
||||
shift |
||||
;; |
||||
--quiet) |
||||
let verboselevel-- |
||||
shift |
||||
;; |
||||
--help) |
||||
myprog_help |
||||
exit 0 |
||||
;; |
||||
--version) |
||||
echo "${myprog} ${myver}" |
||||
exit 0 |
||||
;; |
||||
*) |
||||
echo "Error: Unknown option '${1}'." >&2 |
||||
myprog_help >&2 |
||||
exit 2 |
||||
;; |
||||
esac |
||||
done |
||||
|
||||
# sanity checks |
||||
init |
||||
|
||||
# go |
||||
for kernel in ${kernels} ; do |
||||
check_kmods ${kernel} |
||||
done |
||||
|
||||
# finished :) |
||||
finally 0 |
@ -0,0 +1,3 @@
@@ -0,0 +1,3 @@
|
||||
[Unit] |
||||
Wants=akmods-keygen@.service |
||||
PartOf=akmods.service |
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
[Unit] |
||||
Description=Akmods Secure boot MOK Key Generation |
||||
ConditionFileNotEmpty=|!/etc/pki/akmods/certs/public_key.der |
||||
ConditionFileNotEmpty=|!/etc/pki/akmods/private/private_key.priv |
||||
|
||||
[Service] |
||||
Type=oneshot |
||||
ExecStart=/usr/sbin/kmodgenca -a |
||||
|
||||
[Install] |
||||
WantedBy=akmods-keygen.target |
@ -0,0 +1,151 @@
@@ -0,0 +1,151 @@
|
||||
#!/bin/bash |
||||
# |
||||
# kmodgenca - Helper script to create CA/Keypair to sign modules. |
||||
# Copyright (c) 2017 Stanislas Leduc <stanislas.leduc@balinor.net> |
||||
# Copyright (c) 2018-2019 Nicolas Viéville <nicolas.vieville@uphf.fr> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
MYPROG="kmodgenca" |
||||
MYVER="0.5.7" |
||||
FORCE_BUILD=0 |
||||
AUTOMATIC_BUILD=0 |
||||
AUTOMATIC_BUILD_OPTION="" |
||||
|
||||
myprog_help () |
||||
{ |
||||
echo "Build CA/Keypair to sign modules" |
||||
echo $'\n'"Usage: ${MYPROG} [OPTIONS]" |
||||
echo $'\n'"Options:" |
||||
echo " -a, --auto -- generate default values for cacert.config file without prompt" |
||||
echo " -f, --force -- build CA/Keypair even if there is already ones" |
||||
echo " -h, --help -- print usage" |
||||
echo " -V, --version -- show version" |
||||
} |
||||
|
||||
|
||||
# Parse command line options. |
||||
# |
||||
while [ "${1}" ] ; do |
||||
case "${1}" in |
||||
-a|--auto) |
||||
AUTOMATIC_BUILD=1 |
||||
shift |
||||
;; |
||||
-f|--force) |
||||
FORCE_BUILD=1 |
||||
shift |
||||
;; |
||||
-h|--help) |
||||
myprog_help |
||||
exit 0 |
||||
;; |
||||
-V|--version) |
||||
echo "${MYPROG} ${MYVER}" |
||||
exit 0 |
||||
;; |
||||
*) |
||||
echo "Error: Unknown option '${1}'." >&2 |
||||
myprog_help >&2 |
||||
exit 2 |
||||
;; |
||||
esac |
||||
done |
||||
|
||||
# Exit early if cert and private key already exist and if FORCE_BUILD |
||||
# is not equal to 1. |
||||
# |
||||
if $(readlink -e /etc/pki/akmods/certs/public_key.der &>/dev/null) && \ |
||||
$(readlink -e /etc/pki/akmods/private/private_key.priv &>/dev/null) && \ |
||||
[ ${FORCE_BUILD} -eq 0 ] ; then |
||||
exit 0 |
||||
fi |
||||
|
||||
CACERT_CONFIG="/etc/pki/akmods/cacert.config" |
||||
KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')" |
||||
|
||||
# Create cacert.config file with local values if AUTOMATIC_BUILD is set |
||||
# or ask for values manually. |
||||
# |
||||
echo "Update cacert.config..." |
||||
if [ ${AUTOMATIC_BUILD} -eq 1 ] ; then |
||||
# Set OpenSSL fields values, comment default values and min/max ones. |
||||
sed -e "s#\(0.organizationName *= \).*#\1$(hostname)#" \ |
||||
-e "s#\(organizationalUnitName *= \).*#\1$(hostname)#" \ |
||||
-e "s#\(emailAddress *= \).*#\1akmods@$(hostname)#" \ |
||||
-e "s#\(localityName *= \).*#\1None#" \ |
||||
-e "s#\(stateOrProvinceName *= \).*#\1None#" \ |
||||
-e "s#\(countryName *= \).*#\1$(locale country_ab2)#" \ |
||||
-e "s#\(commonName *= \).*#\1$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')#" \ |
||||
-e "s/^[^#]*_default *= /#&/" \ |
||||
-e "s/^[^#]*_min/#&/" \ |
||||
-e "s/^[^#]*_max/#&/" ${CACERT_CONFIG}.in > ${CACERT_CONFIG} |
||||
AUTOMATIC_BUILD_OPTION=" -batch" |
||||
else |
||||
# Activate prompt directive. |
||||
sed -e "s#\(prompt *= \).*#\1yes#" ${CACERT_CONFIG}.in > ${CACERT_CONFIG} |
||||
fi |
||||
KEY_SUFF="$(date "+%F_%T_%N")" |
||||
# If cert and private key files names already exists, do not overwrite |
||||
# them but save them. |
||||
# |
||||
if [[ -e /etc/pki/akmods/certs/${KEYNAME}.der ]] ; then |
||||
# If the cert has already been loaded in MOK, add "already_enrolled" |
||||
# to the suffix of the backup file. |
||||
# `mokutil --help` fails if EFI variables are not supported on the |
||||
# system. It is therefore impossible to test the presence of the key |
||||
# in MOK, and then do not add special suffix to the backup file. |
||||
# |
||||
if $(which mokutil &> /dev/null) && $(mokutil --help &> /dev/null) && $(mokutil --test-key /etc/pki/akmods/certs/${KEYNAME}.der &> /dev/null) ; then |
||||
KEY_SUFF="${KEY_SUFF}_already_enrolled" |
||||
fi |
||||
mv /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/${KEYNAME}.der.${KEY_SUFF}.bak |
||||
if [[ -e /etc/pki/akmods/private/${KEYNAME}.priv ]] ; then |
||||
mv /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/${KEYNAME}.priv.${KEY_SUFF}.bak |
||||
fi |
||||
fi |
||||
|
||||
echo "Generate new keypair..." |
||||
sg akmods -c " |
||||
umask 037 |
||||
openssl req -x509 -new -nodes -utf8 -sha256 -days 3650${AUTOMATIC_BUILD_OPTION} \ |
||||
-config ${CACERT_CONFIG} -outform DER \ |
||||
-out /etc/pki/akmods/certs/${KEYNAME}.der \ |
||||
-keyout /etc/pki/akmods/private/${KEYNAME}.priv |
||||
" |
||||
|
||||
# Ensure that akmods group can read keys. |
||||
# |
||||
chmod g+r /etc/pki/akmods/certs/${KEYNAME}.* |
||||
chmod g+r /etc/pki/akmods/private/${KEYNAME}.* |
||||
|
||||
# Sanitize permissions. |
||||
# |
||||
if [[ -x /usr/sbin/restorecon ]] ; then |
||||
/usr/sbin/restorecon /etc/pki/akmods/certs/${KEYNAME}.der |
||||
/usr/sbin/restorecon /etc/pki/akmods/private/${KEYNAME}.priv |
||||
fi |
||||
|
||||
# Update symlink to use new keypair. |
||||
# |
||||
ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der |
||||
ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv |
||||
|
||||
exit 0 |
@ -0,0 +1,102 @@
@@ -0,0 +1,102 @@
|
||||
#!/bin/bash - |
||||
############################################################################ |
||||
# |
||||
# akmods - Rebuilds and install akmod RPMs |
||||
# Copyright (c) 2007, 2008 Thorsten Leemhuis <fedora@leemhuis.info> |
||||
# Copyright (c) 2018 Nicolas Chauvet <kwizart@gmail.com> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
############################################################################ |
||||
|
||||
myprog="akmods-post" |
||||
tmpdir= |
||||
|
||||
# Only do %post builds in ostree |
||||
if ! grep -q OSTREE_VERSION= /etc/os-release && ! test -f /run/ostree-booted; then |
||||
exit 0 |
||||
fi |
||||
|
||||
kmodname=$1 |
||||
srpm=$2 |
||||
|
||||
|
||||
finally() |
||||
{ |
||||
# remove tmpfiles |
||||
remove_tmpdir |
||||
|
||||
exit ${1:-128} |
||||
} |
||||
|
||||
# Make sure finally() is run regardless of reason for exiting. |
||||
trap "finally" ABRT HUP INT QUIT |
||||
|
||||
create_tmpdir() |
||||
{ |
||||
if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then |
||||
echo "ERROR: failed to create tmpdir." >&2 |
||||
finally 1 |
||||
fi |
||||
if ! mkdir "${tmpdir}"results ; then |
||||
echo "ERROR: failed to create result tmpdir." >&2 |
||||
finally 1 |
||||
fi |
||||
} |
||||
|
||||
remove_tmpdir() |
||||
{ |
||||
# remove tmpfiles |
||||
if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]]; then |
||||
rm -rf "${tmpdir}" |
||||
fi |
||||
} |
||||
|
||||
# This is an ostree build, so do build for all |
||||
# deployed kernels in the %post |
||||
kernels="$(ls /lib/modules)" |
||||
|
||||
create_tmpdir |
||||
|
||||
for kernel in ${kernels} ; do |
||||
echo "Building ${srpm} for kernel ${kernel}" |
||||
# Note: This builds as root, but this is pretty safe because its happening in the ostree %post sandbox. |
||||
# In fact, given that /usr is a rofiles-fuse mount no other user can access /usr in this sandbox anyway. |
||||
akmodsbuild --quiet --kernels ${kernel} --outputdir ${tmpdir}results --logfile "${tmpdir}/akmodsbuild.log" "${srpm}" 2>&1 |
||||
returncode=$? |
||||
if (( ! ${returncode} == 0 )); then |
||||
finally 1 |
||||
fi |
||||
done |
||||
|
||||
for f in $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) ; do |
||||
rpm2cpio $f | cpio --quiet -D / -id |
||||
returncode=$? |
||||
if (( ! ${returncode} == 0 )); then |
||||
echo "Extracting $f failed:" 2>&1 |
||||
finally 1 |
||||
fi |
||||
done |
||||
|
||||
for kernel in ${kernels} ; do |
||||
depmod -v ${kernel} 2>&1 |
||||
done |
||||
|
||||
finally 0 |
@ -0,0 +1,31 @@
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash |
||||
# |
||||
# akmods-shutdown - Helper script to build kernel modules on shutdown |
||||
# Copyright (c) 2012 Richard shaw <hobbes1069@gmail.com> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
|
||||
echo "Building modules for all installed kernels." |
||||
for kernel in /usr/src/kernels/* ; do |
||||
kernel=$(basename $kernel) |
||||
/usr/sbin/akmods --kernels $kernel |
||||
done |
||||
|
@ -0,0 +1,14 @@
@@ -0,0 +1,14 @@
|
||||
[Unit] |
||||
Description=Builds and install new kmods from akmod packages |
||||
Before=shutdown.service reboot.service halt.service |
||||
Conflicts=shutdown.target |
||||
|
||||
[Service] |
||||
Type=oneshot |
||||
RemainAfterExit=yes |
||||
ExecStart=/bin/true |
||||
ExecStop=-/usr/sbin/akmods-shutdown |
||||
TimeoutStopSec=5min |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,2 @@
@@ -0,0 +1,2 @@
|
||||
# See tmpfiles.d(5) for details |
||||
d /run/akmods 0770 root akmods - |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
[BUGS] |
||||
https://bugzilla.rpmfusion.org/buglist.cgi?product=Fedora&component=akmods&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED |
||||
[REPORTING BUGS] |
||||
Submit a bug against the akmods component at: |
||||
.br |
||||
https://bugzilla.rpmfusion.org/enter_bug.cgi?product=Fedora |
||||
[AUTHOR] |
||||
Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> |
||||
[MAINTAINER] |
||||
Richard Shaw <hobbes1069 [AT] gmail [DOT] com> |
||||
[SEE ALSO] |
||||
http://rpmfusion.org/Packaging/KernelModules/Akmods |
@ -0,0 +1,8 @@
@@ -0,0 +1,8 @@
|
||||
/var/log/akmods/akmods.log { |
||||
monthly |
||||
rotate 12 |
||||
missingok |
||||
notifempty |
||||
create 644 root root |
||||
su root akmods |
||||
} |
@ -0,0 +1,14 @@
@@ -0,0 +1,14 @@
|
||||
[Unit] |
||||
Description=Builds and install new kmods from akmod packages |
||||
ConditionPathExists=!/run/ostree-booted |
||||
Before=@SERVICE@ |
||||
After=akmods-keygen.target |
||||
Wants=akmods-keygen.target |
||||
|
||||
[Service] |
||||
Type=oneshot |
||||
RemainAfterExit=yes |
||||
ExecStart=/usr/sbin/akmods --from-init |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
[Unit] |
||||
Description=Builds and install new kmods from akmod for a given kernel |
||||
Wants=akmods-keygen.target |
||||
After=akmods-keygen.target |
||||
|
||||
[Service] |
||||
Type=oneshot |
||||
RemainAfterExit=yes |
||||
ExecStart=/usr/bin/systemd-inhibit --mode=block --what=idle:sleep:shutdown --who="akmods" --why="Akmods Transaction running" /usr/sbin/akmods --from-kernel-posttrans --kernels %i |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,358 @@
@@ -0,0 +1,358 @@
|
||||
#!/bin/bash |
||||
# |
||||
# akmodbuild - Helper script for building kernel module SRPMs |
||||
# Copyright (c) 2007 Thorsten Leemhuis <fedora@leemhuis.info> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
myprog="akmodsbuild" |
||||
myver="0.5.6" |
||||
|
||||
# defaults that might get overwritten by user: |
||||
kernels="$(uname -r)" |
||||
target="$(uname -m)" |
||||
if [[ "${target}" == "armv7l" ]] ; then |
||||
target="armv7hl" |
||||
fi |
||||
numberofjobs=$(grep -c processor /proc/cpuinfo 2> /dev/null) |
||||
verboselevel=2 |
||||
outputdir="${PWD}" |
||||
srpms= |
||||
|
||||
init () |
||||
{ |
||||
## startup checks |
||||
# prevent root-usage |
||||
if [[ -w /var ]] ; then |
||||
echo "ERROR: Not to be used as root; start as user or '${myprog}' instead." >&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
# do we have everything we need to build for the kernels in question? |
||||
for kernel in ${kernels}; do |
||||
if [[ ! -e /usr/src/kernels/${kernel}/Makefile ]] && [[ ! -e /usr/lib/modules/${kernel}/build/Makefile ]] ; then |
||||
echo "ERROR: Files needed for building modules against kernel" >&2 |
||||
echo " ${kernel} could not be found as the following" >&2 |
||||
echo " directories are missing:" |
||||
echo " /usr/src/kernels/${kernel}/" >&2 |
||||
echo " /usr/lib/modules/${kernel}/build/" >&2 |
||||
exit 2 |
||||
fi |
||||
done |
||||
|
||||
if [[ ! -n "${srpms}" ]] ; then |
||||
echo "ERROR: Please provide a list of SRPM-files to build." |
||||
exit 2 |
||||
fi |
||||
|
||||
# SRPMS available? |
||||
for srpm in ${srpms}; do |
||||
if [[ ! -r ${srpm} ]] ; then |
||||
echo "ERROR: Can't find SRPM ${srpm}" |
||||
exit 1 |
||||
fi |
||||
done |
||||
|
||||
# room to save things |
||||
if [[ ! -d "${outputdir}" ]] ; then |
||||
echo "ERROR: ${outputdir} is not a directory" >&2 |
||||
exit 1 |
||||
elif [[ ! -w "${outputdir}" ]] ; then |
||||
echo "ERROR: ${outputdir} is not a writable" >&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
|
||||
# make sure this is a number |
||||
if ! (( ${numberofjobs} > 0 )) ; then |
||||
echo "Warning: using hardcoded defaut value for number of jobs" |
||||
numberofjobs=2 |
||||
fi |
||||
|
||||
## preparations |
||||
# tmpdir |
||||
if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)" ; then |
||||
echo "ERROR: Could create tempdir." |
||||
exit 1 |
||||
fi |
||||
|
||||
# buildtreee |
||||
mkdir "${tmpdir}"/{BUILD,SOURCES,SPECS,SRPMS,RPMS,RPMS/"${target}"} |
||||
|
||||
# logfile |
||||
if [[ ! -n "${logfile}" ]] ; then |
||||
logfile="${tmpdir}/logfile" |
||||
fi |
||||
|
||||
if ( [[ -e "${logfile}" ]] && [[ ! -w "${logfile}" ]] ) || ! touch "${logfile}" ; then |
||||
echo "ERROR: Could not write logfile." |
||||
finally |
||||
exit 1 |
||||
fi |
||||
} |
||||
|
||||
|
||||
finally() |
||||
{ |
||||
# kill background jobs if needed |
||||
if [[ -n "${watch_jobid}" ]] ; then |
||||
kill "${watch_jobid}" |
||||
fi |
||||
if [[ -n "${rpmbuild_jobid}" ]] ; then |
||||
kill "${rpmbuild_jobid}" |
||||
fi |
||||
|
||||
# remove tmpfiles |
||||
if [[ -d "${tmpdir}" ]] ; then |
||||
rm -rf "${tmpdir}" |
||||
fi |
||||
} |
||||
trap "finally" 2 |
||||
|
||||
|
||||
akmods_echo() |
||||
{ |
||||
# where to output |
||||
local this_fd=${1} |
||||
shift |
||||
|
||||
# verboselevel |
||||
local this_verbose=${1} |
||||
shift |
||||
|
||||
if [[ "${1}" == "--not-logfile" ]] ; then |
||||
local notlogfile=true |
||||
shift |
||||
fi |
||||
|
||||
# output to console |
||||
if (( ${verboselevel} >= ${this_verbose} )) ; then |
||||
echo "$@" >&${this_fd} |
||||
fi |
||||
|
||||
# global logfile |
||||
if [[ ! -n ${notlogfile} ]] ; then |
||||
echo "$@" >> "${logfile}" |
||||
fi |
||||
} |
||||
|
||||
|
||||
watch_rpmbuild() |
||||
{ |
||||
# background function to show rpmbuild progress |
||||
# does't use akmods_echo here; this stage handles the output on its own |
||||
# (seperate process and there is no need to log this) |
||||
if (( ${verboselevel} == 2 )) ; then |
||||
tail --pid ${1} -n +1 -s 0.1 -f ${2} 2>/dev/null | grep --line-buffered -e '%prep' -e '%build' -e '%install' -e '%clean' | while read line ; do |
||||
if [[ "${line}" != "${line##*prep}" ]] ; then |
||||
echo -n "prep " |
||||
elif [[ "${line}" != "${line##*build}" ]] ; then |
||||
echo -n "build " |
||||
elif [[ "${line}" != "${line##*install}" ]] ; then |
||||
echo -n "install " |
||||
elif [[ "${line}" != "${line##*clean}" ]] ; then |
||||
echo -n "clean; " |
||||
# last linefeed is done by the caller |
||||
fi |
||||
done |
||||
elif (( ${verboselevel} > 2 )) ; then |
||||
tail --pid ${1} -n +1 -s 0.1 -f ${2} |
||||
fi |
||||
} |
||||
|
||||
process_srpm() |
||||
{ |
||||
local source_rpm="${1}" |
||||
|
||||
# status info |
||||
akmods_echo 1 2 -n "* Rebuilding ${source_rpm} for kernel(s) ${kernels}: " |
||||
|
||||
# kick off rebuild into background |
||||
/usr/bin/time --format='%x' --output="${tmpdir}/.jobexit" rpmbuild \ |
||||
--define "_topdir ${tmpdir}/" \ |
||||
--define "_buildtree ${tmpdir}/BUILD" \ |
||||
--define "_specdir ${tmpdir}/SPECS" \ |
||||
--define "_sourcedir ${tmpdir}/SOURCES" \ |
||||
--define "_srcrpmdir ${tmpdir}/SRPMS" \ |
||||
--define "_rpmdir ${tmpdir}/RPMS" \ |
||||
--define "_smp_mflags -j${numberofjobs}" \ |
||||
--define "kernels ${kernels}" \ |
||||
--target ${target} \ |
||||
--rebuild "${source_rpm}" 2>&1 | tee -a "${logfile}" > "${tmpdir}/.joblog" & |
||||
|
||||
local rpmbuild_jobid=$! |
||||
|
||||
# show progress |
||||
if (( ${verboselevel} >= 2 )) ; then |
||||
watch_rpmbuild ${rpmbuild_jobid} "${tmpdir}/.joblog" 2> /dev/null & |
||||
local watch_jobid=$! |
||||
fi |
||||
|
||||
# wait for rpmbuild |
||||
wait ${rpmbuild_jobid} |
||||
local rpmbuild_returncode=$(tail -n 1 "${tmpdir}/.jobexit") |
||||
unset rpmbuild_jobid |
||||
|
||||
# give watch_rpmbuild a moment to catch up; kill it if it does not |
||||
if (( ${verboselevel} >= 2 )) ; then |
||||
sleep 0.5 |
||||
kill ${watch_jobid} &> /dev/null |
||||
unset watch_jobid |
||||
fi |
||||
|
||||
# did rpmbuild succeed? |
||||
if (( ${rpmbuild_returncode} != 0 )) ; then |
||||
# linefeed: |
||||
akmods_echo 1 2 "" |
||||
|
||||
akmods_echo 2 2 --not-logfile "rpmbuild failed with errorcode ${rpmbuild_returncode}; last 35 Lines of log:" |
||||
akmods_echo 2 2 --not-logfile "--- " |
||||
tail -n 35 "${tmpdir}/.joblog" >&2 |
||||
akmods_echo 2 2 --not-logfile "---" |
||||
return ${rpmbuild_returncode} |
||||
fi |
||||
|
||||
# finish status for watch_rpmbuild |
||||
if (( ${verboselevel} >= 2 )) ; then |
||||
akmods_echo 1 2 -n "Successfull; " |
||||
fi |
||||
|
||||
local rpms_built="$(cd "${tmpdir}"/RPMS/"${target}" ; echo *)" |
||||
|
||||
if ! mv "${tmpdir}/RPMS/${target}/"* "${outputdir}" ; then |
||||
# linefeed: |
||||
akmods_echo 1 2 "" |
||||
|
||||
akmods_echo 2 2 "Failed to move ${tmpdir}/RPMS/${target}/"* "to ${outputdir}" |
||||
return 128 |
||||
fi |
||||
|
||||
if (( ${verboselevel} == 1 )) ; then |
||||
for rpm in ${rpms_built}; do |
||||
echo "${outputdir%%/}/${rpm}" |
||||
done |
||||
elif (( ${verboselevel} >= 2 )) ; then |
||||
akmods_echo 1 2 "Saved ${rpms_built} in ${outputdir%%/}/" |
||||
fi |
||||
|
||||
|
||||
# finished |
||||
return 0 |
||||
} |
||||
|
||||
myprog_help () |
||||
{ |
||||
echo "Rebuilds kmod SRPM(s)" |
||||
echo $'\n'"Usage: ${myprog} [OPTIONS] <SRPMS>" |
||||
echo $'\n'"Options:" |
||||
echo " -k, --kernels -- build for kernel-versions (output from 'uname -r')" |
||||
echo " -l, --logfile <file> -- save rpmbuild output to <file>" |
||||
echo " -o, --outputdir <dir> -- save rpms and logs here (current directory)" |
||||
echo " -t, --target -- target-arch (output from 'uname -m')" |
||||
echo " -v, --verbose -- increase verboseness" |
||||
echo " -q, --quiet -- be more quiet" |
||||
echo " -h, --help -- show usage" |
||||
echo " -V, --version -- show version" |
||||
} |
||||
|
||||
while [ "${1}" ] ; do |
||||
case "${1}" in |
||||
-k|--kernels) |
||||
shift |
||||
if [[ ! -n "${1}" ]] ; then |
||||
echo "ERROR: Please provide kernel-version(s) to build for together with --kernel" >&2 |
||||
exit 1 |
||||
fi |
||||
kernels="${1}" |
||||
shift |
||||
;; |
||||
-l|--logfile) |
||||
shift |
||||
if [[ ! -n "${1}" ]] ; then |
||||
echo "ERROR: Please provide a filename together with --logfile" >&2 |
||||
exit 1 |
||||
fi |
||||
logfile="${1}" |
||||
shift |
||||
;; |
||||
-o|--outputdir) |
||||
shift |
||||
if [[ ! -n "${1}" ]] ; then |
||||
echo "ERROR: Please provide the output directory together with --outputdir" >&2 |
||||
exit 1 |
||||
fi |
||||
outputdir="${1}" |
||||
shift |
||||
;; |
||||
-t|--target) |
||||
shift |
||||
if [[ ! -n "${1}" ]] ; then |
||||
echo "ERROR: Please provide the target-arch together with --target" >&2 |
||||
exit 1 |
||||
fi |
||||
target="${1}" |
||||
shift |
||||
;; |
||||
-v|--verbose) |
||||
let verboselevel++ |
||||
shift |
||||
;; |
||||
-q|--quiet) |
||||
let verboselevel-- |
||||
shift |
||||
;; |
||||
-h|--help) |
||||
myprog_help |
||||
exit 0 |
||||
;; |
||||
-V|--version) |
||||
echo "${myprog} ${myver}" |
||||
exit 0 |
||||
;; |
||||
--*) |
||||
echo "Error: Unknown option '${1}'." >&2 |
||||
myprog_help >&2 |
||||
exit 2 |
||||
;; |
||||
*) |
||||
srpms="${srpms} ${1}" |
||||
shift |
||||
;; |
||||
esac |
||||
done |
||||
|
||||
# sanity checks |
||||
init |
||||
|
||||
# go |
||||
for srpm in ${srpms}; do |
||||
process_srpm ${srpm} |
||||
returncode=$? |
||||
|
||||
if (( ${returncode} != 0 )) ; then |
||||
finally |
||||
exit ${returncode} |
||||
fi |
||||
done |
||||
|
||||
# finished |
||||
finally |
||||
|
||||
exit 0 |
@ -0,0 +1,47 @@
@@ -0,0 +1,47 @@
|
||||
#!/bin/bash - |
||||
# |
||||
# akmodposttrans - Calls akmods for newly installed kernels |
||||
# |
||||
# Copyright (c) 2009 Thorsten Leemhuis <fedora@leemhuis.info> |
||||
# Copyright (c) 2017 Nicolas Chauvet <kwizart@gmail.com> |
||||
# |
||||
# Permission is hereby granted, free of charge, to any person obtaining |
||||
# a copy of this software and associated documentation files (the |
||||
# "Software"), to deal in the Software without restriction, including |
||||
# without limitation the rights to use, copy, modify, merge, publish, |
||||
# distribute, sublicense, and/or sell copies of the Software, and to |
||||
# permit persons to whom the Software is furnished to do so, subject to |
||||
# the following conditions: |
||||
# |
||||
# The above copyright notice and this permission notice shall be |
||||
# included in all copies or substantial portions of the Software. |
||||
# |
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||
# |
||||
|
||||
# just check in case a user calls this directly |
||||
if [[ ! -w /var ]] ; then |
||||
echo "Needs to run as root to be able to install rpms." >&2 |
||||
exit 4 |
||||
fi |
||||
|
||||
# needs to run in background as rpmdb might be locked otherwise |
||||
if [ -e /bin/systemctl ] ; then |
||||
# Exit early if system-update.target is active - rhbz#1518401 |
||||
/bin/systemctl is-active system-update.target &>/dev/null |
||||
RET=$? |
||||
|
||||
[ $RET == 0 ] && exit 0 |
||||
|
||||
/bin/systemctl restart akmods@${1}.service --no-block >/dev/null 2>&1 |
||||
else |
||||
nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${1} > /dev/null 2>&1 & |
||||
fi |
||||
|
||||
exit 0 |
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
# Default OpenSSL settings and configuration file for kmodgenca |
||||
# shell-script. |
||||
# |
||||
[ req ] |
||||
default_bits = 4096 |
||||
distinguished_name = req_distinguished_name |
||||
prompt = no |
||||
utf8 = yes |
||||
string_mask = utf8only |
||||
x509_extensions = req_exts |
||||
|
||||
[ req_distinguished_name ] |
||||
# Values settings |
||||
# |
||||
0.organizationName = Organization Name (eg, company) |
||||
organizationalUnitName = Organizational Unit Name (eg, section) |
||||
emailAddress = Email Address |
||||
emailAddress_max = 64 |
||||
localityName = Locality Name (eg, city) |
||||
stateOrProvinceName = State or Province Name (full name) |
||||
countryName = Country Name (2 letter code) |
||||
countryName_min = 2 |
||||
countryName_max = 2 |
||||
commonName = Common Name (eg, your name or your server\'s hostname) |
||||
commonName_max = 64 |
||||
|
||||
# Default values |
||||
# |
||||
0.organizationName_default = akmods local |
||||
organizationalUnitName_default = akmods |
||||
emailAddress_default = akmods@localhost.localdomain |
||||
localityName_default = None |
||||
stateOrProvinceName_default = None |
||||
countryName_default = XX |
||||
commonName_default = akmods local signing CA |
||||
|
||||
[ req_exts ] |
||||
basicConstraints = critical,CA:FALSE |
||||
keyUsage = digitalSignature |
||||
subjectKeyIdentifier = hash |
||||
authorityKeyIdentifier = keyid |
@ -0,0 +1,416 @@
@@ -0,0 +1,416 @@
|
||||
Name: akmods |
||||
Version: 0.5.7 |
||||
Release: 8%{?dist} |
||||
Summary: Automatic kmods build and install tool |
||||
|
||||
License: MIT |
||||
URL: http://rpmfusion.org/Packaging/KernelModules/Akmods |
||||
|
||||
# We are upstream, these files are maintained directly in pkg-git |
||||
Source0: 95-akmods.preset |
||||
Source1: akmods |
||||
Source2: akmodsbuild |
||||
Source3: akmods.h2m |
||||
Source5: akmodsposttrans |
||||
Source6: akmods.service.in |
||||
Source7: akmods-shutdown |
||||
Source8: akmods-shutdown.service |
||||
Source9: README |
||||
Source10: LICENSE |
||||
Source11: akmods@.service |
||||
Source12: akmods-ostree-post |
||||
Source13: 95-akmodsposttrans.install |
||||
Source14: akmods.log |
||||
Source15: README.secureboot |
||||
Source16: cacert.config.in |
||||
Source17: akmods-kmodgenca |
||||
Source18: akmods-keygen.target |
||||
Source19: akmods-keygen@.service |
||||
Source20: %{name}-tmpfiles.conf |
||||
|
||||
BuildArch: noarch |
||||
|
||||
BuildRequires: help2man |
||||
|
||||
# not picked up automatically |
||||
%if 0%{?rhel} == 6 |
||||
Requires: %{_bindir}/nohup |
||||
%endif |
||||
Requires: %{_bindir}/flock |
||||
Requires: %{_bindir}/time |
||||
|
||||
# needed for actually building kmods: |
||||
Requires: %{_bindir}/rpmdev-vercmp |
||||
Requires: kmodtool >= 1.1-1 |
||||
|
||||
# needed to create CA/Keypair to sign modules |
||||
Requires: openssl |
||||
|
||||
# this should track in all stuff that is normally needed to compile modules: |
||||
Requires: bzip2 coreutils diffutils file findutils gawk gcc grep |
||||
Requires: gzip make sed tar unzip util-linux which rpm-build |
||||
|
||||
# On EL, kABI list was renamed |
||||
%if 0%{?rhel} |
||||
%if 0%{?rhel} >= 8 |
||||
Requires: (kernel-abi-stablelists or kernel-abi-whitelists) |
||||
%else |
||||
Requires: kernel-abi-whitelists |
||||
%endif |
||||
%endif |
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7 |
||||
# We use a virtual provide that would match either |
||||
# kernel-devel or kernel-PAE-devel |
||||
Requires: kernel-devel-uname-r |
||||
# kernel-devel-matched enforces the same kernel version as the -devel |
||||
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 |
||||
Requires: (kernel-debug-devel-matched if kernel-debug-core) |
||||
Requires: (kernel-devel-matched if kernel-core) |
||||
Requires: (kernel-lpae-devel-matched if kernel-lpae-core) |
||||
%else |
||||
Suggests: (kernel-debug-devel if kernel-debug) |
||||
Suggests: (kernel-devel if kernel) |
||||
Suggests: (kernel-lpae-devel if kernel-lpae) |
||||
%endif |
||||
Suggests: (kernel-PAE-devel if kernel-PAE) |
||||
Suggests: (kernel-PAEdebug-devel if kernel-PAEdebug) |
||||
# Theses are from planetccrma-core or rhel-7-server-rt-rpms |
||||
Suggests: (kernel-rt-devel if kernel-rt) |
||||
Suggests: (kernel-rtPAE-devel if kernel-rtPAE) |
||||
%else |
||||
# There is no much variant there, so using a sane default |
||||
Requires: kernel-devel |
||||
%endif |
||||
|
||||
# we create a special user that used by akmods to build kmod packages |
||||
Requires(pre): shadow-utils |
||||
|
||||
# systemd unit requirements. |
||||
BuildRequires: systemd |
||||
Requires(post): systemd |
||||
Requires(preun): systemd |
||||
Requires(postun): systemd |
||||
# Optional but good to have on recent kernel |
||||
Requires: pkgconfig(libelf) |
||||
|
||||
|
||||
%description |
||||
Akmods startup script will rebuild akmod packages during system |
||||
boot, while its background daemon will build them for kernels right |
||||
after they were installed. |
||||
|
||||
|
||||
%prep |
||||
%setup -q -c -T |
||||
cp -p %{SOURCE9} %{SOURCE10} %{SOURCE15} . |
||||
|
||||
|
||||
%build |
||||
# Nothing to build |
||||
|
||||
|
||||
%install |
||||
mkdir -p %{buildroot}%{_usrsrc}/%{name} \ |
||||
%{buildroot}%{_sbindir} \ |
||||
%{buildroot}%{_sysconfdir}/rpm \ |
||||
%{buildroot}%{_sysconfdir}/pki/%{name}/certs \ |
||||
%{buildroot}%{_sysconfdir}/pki/%{name}/private \ |
||||
%{buildroot}%{_sysconfdir}/kernel/postinst.d \ |
||||
%{buildroot}%{_sysconfdir}/logrotate.d \ |
||||
%{buildroot}%{_localstatedir}/cache/%{name} \ |
||||
%{buildroot}%{_localstatedir}/log/%{name} \ |
||||
%{buildroot}%{_tmpfilesdir} |
||||
|
||||
install -pm 0755 %{SOURCE1} %{buildroot}%{_sbindir}/ |
||||
install -pm 0755 %{SOURCE2} %{buildroot}%{_sbindir}/ |
||||
install -pm 0755 %{SOURCE12} %{buildroot}%{_sbindir}/ |
||||
install -pm 0755 %{SOURCE5} %{buildroot}%{_sysconfdir}/kernel/postinst.d/ |
||||
install -pm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} |
||||
install -pm 0640 %{SOURCE16} %{buildroot}%{_sysconfdir}/pki/%{name}/ |
||||
install -pm 0755 %{SOURCE17} %{buildroot}%{_sbindir}/kmodgenca |
||||
install -pm 0644 %{SOURCE20} %{buildroot}%{_tmpfilesdir}/%{name}.conf |
||||
install -dpm 0770 %{buildroot}%{_rundir}/%{name}/ |
||||
|
||||
mkdir -p %{buildroot}%{_prefix}/lib/kernel/install.d |
||||
install -pm 0755 %{SOURCE13} %{buildroot}%{_prefix}/lib/kernel/install.d/ |
||||
mkdir -p \ |
||||
%{buildroot}%{_unitdir} \ |
||||
%{buildroot}%{_presetdir} |
||||
sed "s|@SERVICE@|display-manager.service|" %{SOURCE6} >\ |
||||
%{buildroot}%{_unitdir}/akmods.service |
||||
install -pm 0644 %{SOURCE0} %{buildroot}%{_presetdir}/ |
||||
install -pm 0755 %{SOURCE7} %{buildroot}%{_sbindir}/ |
||||
install -pm 0644 %{SOURCE8} %{buildroot}%{_unitdir}/ |
||||
install -pm 0644 %{SOURCE11} %{buildroot}%{_unitdir}/ |
||||
install -pm 0644 %{SOURCE18} %{buildroot}%{_unitdir}/ |
||||
install -pm 0644 %{SOURCE19} %{buildroot}%{_unitdir}/ |
||||
|
||||
# Generate and install man pages. |
||||
mkdir -p %{buildroot}%{_mandir}/man1 |
||||
help2man -N -i %{SOURCE3} -s 1 \ |
||||
-o %{buildroot}%{_mandir}/man1/akmods.1 \ |
||||
%{buildroot}%{_sbindir}/akmods |
||||
help2man -N -i %{SOURCE3} -s 1 \ |
||||
-o %{buildroot}%{_mandir}/man1/akmodsbuild.1 \ |
||||
%{buildroot}%{_sbindir}/akmodsbuild |
||||
|
||||
|
||||
%pre |
||||
# create group and user |
||||
getent group akmods >/dev/null || groupadd -r akmods |
||||
getent passwd akmods >/dev/null || \ |
||||
useradd -r -g akmods -d /var/cache/akmods/ -s /sbin/nologin \ |
||||
-c "User is used by akmods to build akmod packages" akmods |
||||
|
||||
%post |
||||
%systemd_post akmods.service |
||||
%systemd_post akmods@.service |
||||
%systemd_post akmods-shutdown.service |
||||
|
||||
%preun |
||||
%systemd_preun akmods.service |
||||
%systemd_preun akmods@.service |
||||
%systemd_preun akmods-shutdown.service |
||||
|
||||
%postun |
||||
%systemd_postun akmods.service |
||||
%systemd_postun akmods@.service |
||||
%systemd_postun akmods-shutdown.service |
||||
|
||||
|
||||
%files |
||||
%doc README README.secureboot |
||||
%license LICENSE |
||||
%{_sbindir}/akmodsbuild |
||||
%{_sbindir}/akmods |
||||
%{_sbindir}/akmods-ostree-post |
||||
%{_sbindir}/kmodgenca |
||||
%dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/certs |
||||
%dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/private |
||||
%config(noreplace) %attr(640,root,akmods) %{_sysconfdir}/pki/%{name}/cacert.config.in |
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} |
||||
%{_sysconfdir}/kernel/postinst.d/akmodsposttrans |
||||
%{_unitdir}/akmods.service |
||||
%{_unitdir}/akmods@.service |
||||
%{_sbindir}/akmods-shutdown |
||||
%{_unitdir}/akmods-shutdown.service |
||||
%{_prefix}/lib/kernel/install.d/95-akmodsposttrans.install |
||||
%attr(0644,root,root) %{_unitdir}/akmods-keygen.target |
||||
%attr(0644,root,root) %{_unitdir}/akmods-keygen@.service |
||||
%dir %attr(0770,root,akmods) %{_rundir}/%{name} |
||||
%{_tmpfilesdir}/%{name}.conf |
||||
# akmods was enabled in the default preset by f28 |
||||
%if 0%{?rhel} |
||||
%{_presetdir}/95-akmods.preset |
||||
%else |
||||
%exclude %{_presetdir}/95-akmods.preset |
||||
%endif |
||||
%{_usrsrc}/akmods |
||||
%dir %attr(-,akmods,akmods) %{_localstatedir}/cache/akmods |
||||
%dir %attr(0775,root,akmods) %{_localstatedir}/log/%{name} |
||||
%{_mandir}/man1/* |
||||
|
||||
|
||||
%changelog |
||||
* Wed May 04 2022 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-8 |
||||
- Fix logrotate permission access to /var/log/akmods directory - rhbz#2078490 |
||||
- Rename logrotate config file |
||||
|
||||
* Wed Mar 09 2022 Timothée Ravier <tim@siosm.fr> - 0.5.7-7 |
||||
- Use 'Require' instead of 'Suggest' for kernel*-devel packages. |
||||
|
||||
* Thu Jan 27 2022 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.7-6 |
||||
- Adapt usage of lockfile to systemd-tmpfiles |
||||
- Re-locate akmods logs in /var/log |
||||
|
||||
* Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.5.7-5 |
||||
- Use kernel*-core variants in conditional Suggests |
||||
|
||||
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.7-4 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild |
||||
|
||||
* Mon Dec 20 2021 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-3 |
||||
- Drop perl-interpeter |
||||
- Drop akmodsinit |
||||
- Only use preset on rhel |
||||
- kernel-devel-matched support |
||||
see also https://src.fedoraproject.org/rpms/akmods/pull-request/7 |
||||
|
||||
* Fri Dec 10 2021 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-2 |
||||
- Bump kmodtool requirement |
||||
- Rename kABI list |
||||
- Drop EL6 support |
||||
- Switch to distro agnostic deps |
||||
|
||||
* Fri Oct 22 2021 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.7-1 |
||||
- Add local akmods CA signing keys and support tools to sign modules for |
||||
Secure boot thanks to Stanislas Leduc <stanislas.leduc@balinor.net> |
||||
- Add akmods-keygen service to generate MOK key pair on first run |
||||
|
||||
* Fri Oct 22 2021 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-29 |
||||
- Remove trailing spaces and clean-up |
||||
- Use %%{name} when possible |
||||
- Convert if statement from "[!] $variable" to "[!] -n $variable" |
||||
- Fix kernel list build when parsing command line options |
||||
- Ensure to build for grub default kernel |
||||
- Improve detection of already installed (weak-)modules in akmods (RHEL) |
||||
- akmods uses logrotate and clean-up /var/cache/akmods sub-directories of |
||||
old logs and rpm files from no more installed kmod packages |
||||
(rhbz #1542658). |
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-28 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild |
||||
|
||||
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-27 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-26 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-25 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild |
||||
|
||||
* Wed Nov 20 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-24 |
||||
- Check kernel presence differently for systemd-boot machines - rhbz#1769144 |
||||
|
||||
* Wed Oct 16 2019 Leigh Scott <leigh123linux@googlemail.com> - 0.5.6-23 |
||||
- Add requires kernel-abi-whitelists for RHEL |
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-22 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||
|
||||
* Mon May 20 2019 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-21 |
||||
- Add check for rhel8 |
||||
|
||||
* Wed May 15 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-20 |
||||
- Fix akmodsposttrans after kernel update/install on Fedora >= 28 and |
||||
RHEL >= 7 - rhbz#1709055 |
||||
|
||||
* Thu Feb 28 2019 Alexander Larsson <alexl@redhat.com> - 0.5.6-19 |
||||
- Support ostree/silverblue builds - rhbz#1667014 |
||||
|
||||
* Thu Feb 28 2019 Hans de Goede <hdegoede@redhat.com> |
||||
- Do not fail when the old initscripts pkg is not installed - rhbz#1680121 |
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-18 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |
||||
|
||||
* Mon Nov 05 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-17 |
||||
- Don't enforce target arch - rhbz#1644430 |
||||
- Rework log file path |
||||
- Avoid using /usr/lib/modules for el6 compat |
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-16 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||
|
||||
* Mon Mar 26 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-15 |
||||
- Add inihibitor for akmods@.service |
||||
- Use restart on akmodsposttrans |
||||
|
||||
* Mon Mar 26 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-14 |
||||
- Switch to always retry by default |
||||
- Drop akmods preset by f28 |
||||
- Don't enable service on ah |
||||
- Test a rw directory |
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-13 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||
|
||||
* Wed Dec 13 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-12 |
||||
- Update kernel posttrans method - rhbz#1518401 |
||||
|
||||
* Thu Aug 03 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-11 |
||||
- Rework kernel-devel requires on el |
||||
|
||||
* Thu Aug 03 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-10 |
||||
- Enable suggests on fedora |
||||
- Add back el6 support in spec |
||||
- Add Requires elfutils-libelf-devel |
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-9 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
||||
|
||||
* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 0.5.6-8 |
||||
- perl dependency renamed to perl-interpreter |
||||
<https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> |
||||
|
||||
* Thu May 4 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-7 |
||||
- "udevadm trigger" may have bad side-effects (rhbz#454407) instead |
||||
look for modalias files under /sys/devices and call modprobe directly |
||||
- Fix exit status when no akmod packages are installed, so that systemd |
||||
does not consider the akmods.service as having failed to start |
||||
|
||||
* Wed May 3 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-6 |
||||
- Run "udevadm trigger" and "systemctl restart systemd-modules-load.service" |
||||
when new kmod packages have been build and installed so that the new |
||||
modules may be used immediately without requiring a reboot |
||||
|
||||
* Mon Mar 6 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-5 |
||||
- Add LICENSE file (rhbz#1422918) |
||||
|
||||
* Fri Feb 24 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-4 |
||||
- Replace %%{_prefix}/lib/systemd/system-preset with %%{_presetdir} |
||||
|
||||
* Thu Feb 16 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-3 |
||||
- Submit to Fedora for package review |
||||
|
||||
* Mon Nov 28 2016 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-2 |
||||
- Use Suggests kernel-devel weak-dependency - see rfbz#3386 |
||||
|
||||
* Fri Oct 14 2016 Richard Shaw <hobbes1069@gmail.com> - 0.5.6-1 |
||||
- Disable shutdown systemd service file by default. |
||||
- Remove modprobe line from main service file. |
||||
|
||||
* Wed Aug 17 2016 Sérgio Basto <sergio@serjux.com> - 0.5.4-3 |
||||
- New release |
||||
|
||||
* Sun Jan 03 2016 Nicolas Chauvet <kwizart@gmail.com> - 0.5.4-2 |
||||
- Revert conflicts kernel-debug-devel |
||||
|
||||
* Thu Jul 23 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.4-1 |
||||
- Do not mark a build as failed when only installing the RPM fails. |
||||
- Run akmods-shutdown script instead of akmods on shutdown. |
||||
- Add systemd preset file to enable services by default. |
||||
|
||||
* Wed Jul 15 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.3-2 |
||||
- Add package conflicts to stop pulling in kernel-debug-devel, fixes BZ#3386. |
||||
- Add description for the formatting of the <kernel> parameter, BZ#3580. |
||||
- Update static man pages and clean them up. |
||||
- Fixed another instance of TMPDIR causing issues. |
||||
- Added detection of dnf vs yum to akmods, fixed BZ#3481. |
||||
|
||||
* Wed Apr 1 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.2-1 |
||||
- Fix temporary directory creation when TMPDIR environment variable is set, |
||||
fixes BZ#2596. |
||||
- Update systemd scripts to use macros. |
||||
- Fix akmods run on shutdown systemd unit file, fixes BZ#3503. |
||||
|
||||
* Sun Nov 16 2014 Nicolas Chauvet <kwizart@gmail.com> - 0.5.1-4 |
||||
- Fix akmods on armhfp - rfbz#3117 |
||||
- Use yum instead of rpm to install packages - rfbz#3350 |
||||
Switch to a better date format |
||||
|
||||
* Fri Jan 11 2013 Richard Shaw <hobbes1069@gmail.com> - 0.5.1-3 |
||||
- Really fix akmods.service.in. |
||||
|
||||
* Fri Jun 01 2012 Richard Shaw <hobbes1069@gmail.com> - 0.5.1-2 |
||||
- Add service file to run again on shutdown. |
||||
- Add conditional for Fedora 18 to specify correct systemd graphical service. |
||||
|
||||
* Thu Apr 12 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.0-4 |
||||
- Rebuilt |
||||
|
||||
* Tue Mar 20 2012 Richard Shaw <hobbes1069@gmail.com> - 0.4.0-3 |
||||
- Add additional error output if the needed kernel development files are not |
||||
installed. (Fixes #561) |
||||
|
||||
* Mon Mar 05 2012 Richard Shaw <hobbes1069@gmail.com> - 0.4.0-2 |
||||
- Remove remaining references to previous Fedora releases |
||||
- Remove legacy SysV init script from CVS. |
||||
- Added man page for akmods and cleaned up man page for akmodsbuild. |
||||
|
||||
* Tue Feb 07 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.0-1 |
||||
- Update for UsrMove support |
||||
- Remove unused references to older fedora |
||||
- Change Requires from kernel-devel to kernel-devel-uname-r |
Loading…
Reference in new issue