commit 04cca44c735e7aa2ab2cea404b3d51e562937fec Author: Toshaan Bharvani Date: Wed Jan 24 14:05:47 2024 +0100 initial package creation Signed-off-by: Toshaan Bharvani diff --git a/SOURCES/95-akmods.preset b/SOURCES/95-akmods.preset new file mode 100644 index 0000000..2b2b8a8 --- /dev/null +++ b/SOURCES/95-akmods.preset @@ -0,0 +1,8 @@ +# Also see: +# https://fedoraproject.org/wiki/Starting_services_by_default + +# Installing presets is not the preferred solution but until another one +# presents itself: +# https://bugzilla.rpmfusion.org/show_bug.cgi?id=3713 +enable akmods.service +#enable akmods-shutdown.service diff --git a/SOURCES/95-akmodsposttrans.install b/SOURCES/95-akmodsposttrans.install new file mode 100755 index 0000000..b66551c --- /dev/null +++ b/SOURCES/95-akmodsposttrans.install @@ -0,0 +1,65 @@ +#!/bin/bash - +# +# 95-akmodposttrans.install - Calls akmods for newly installed kernels +# +# Copyright (c) 2019 Nicolas Viéville +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +# just check in case a user calls this directly +if [[ ! -w /var ]] ; then + echo "Needs to run as root to be able to install rpms." >&2 + exit 4 +fi + +if [[ ! -n "${KERNEL_VERSION}" ]] ; then + exit 1 +fi + +case "${COMMAND}" in + add) + # needs to run in background as rpmdb might be locked otherwise + if [ -e /bin/systemctl ] ; then + # Exit early if system-update.target is active - rhbz#1518401 + /bin/systemctl is-active system-update.target &>/dev/null + RET=$? + + [ $RET == 0 ] && exit 0 + + /bin/systemctl restart akmods@${KERNEL_VERSION}.service --no-block >/dev/null 2>&1 + else + nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${KERNEL_VERSION} > /dev/null 2>&1 & + fi + exit 0 + ;; + remove) + # Nothing to do + ;; + *) + ;; +esac + +exit 0 diff --git a/SOURCES/LICENSE b/SOURCES/LICENSE new file mode 100644 index 0000000..c9b44cb --- /dev/null +++ b/SOURCES/LICENSE @@ -0,0 +1,18 @@ +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/SOURCES/README b/SOURCES/README new file mode 100644 index 0000000..d4a9b47 --- /dev/null +++ b/SOURCES/README @@ -0,0 +1,12 @@ +Akmods startup script will rebuild akmod packages during system +boot, while its background daemon will build them for kernels right +after they were installed. + +The akmods systemd service provides both, and is enabled by default. + +The akmods-shutdown service is disabled by default but can, in some +circumstances, provide an additional chance to build and install a kernel +module. Users who would prefer longer shutdowns over delayed startups +may wish to consider enabling it with the following command: + + sudo systemctl enable --now akmods-shutdown.service diff --git a/SOURCES/README.secureboot b/SOURCES/README.secureboot new file mode 100644 index 0000000..059977f --- /dev/null +++ b/SOURCES/README.secureboot @@ -0,0 +1,51 @@ +Secure boot is a setup using UEFI firmware to check cryptographic +signatures on the bootloader and associated OS kernel to ensure they +have not been tampered with or bypassed in the boot process. + +This verification can be extended to Kernel and its modules. +It's default case in Fedora with UEFI and Secure boot enabled. + +Fedora Project have signed kernels and also main modules with Fedora +Key, but 3rd party modules as NVidia, VirtualBox, etc. need to be signed +to load. + +Akmods provides an enroll process to sign third party modules with your +own keypair. + +At the first run of the akmods.service, certificate and keypair will be +created with default value using the '/usr/sbin/kmodgenca' script. + +You may also wish to manually create your own certificate and keypair +with `/usr/sbin/kmodgenca` command. +If '/usr/sbin/kmodgenca' is launched with the '-a' parameter, it will +use default values to complete the cacert.config file, and to generate +automatically the cert and the private key. +If '/usr/sbin/kmodgenca' is launched without parameters, user will be +prompted to complete manually the cacert.config file, then the cert and +the private key will be automatically generated. +If the cert and the private key files already exist, +'/usr/sbin/kmodgenca' will exit unless the '-f' parameter is used. + +The cert and the private key are stored respectively in +/etc/pki/akmods/certs and /etc/pki/akmods/private/ directories. + +Now you need to enroll the public key in MOK, this process is described +below. +- Ask MOK to enroll new keypair with certificate with the command + `mokutil --import /etc/pki/akmods/certs/public_key.der`. +- mokutil asks to generate a password to enroll the public key. +- Rebooting the system is needed for MOK to enroll the new public key. +- On next boot MOK Management is launched and you have to choose + "Enroll MOK". +- Choose "Continue" to enroll the key or "View key 0" to show the keys + already enrolled. +- Confirm enrollment by selecting "Yes". +- You will be invited to enter the password generated above. + WARNING: keyboard is mapped to QWERTY! +- The new key is enrolled, and system ask you to reboot. + +You can confirm the enrollment of the new keypair once the system +rebooted with: + `mokutil --list-enrolled | grep Issuer` +or with: + `mokutil --test-key /etc/pki/akmods/certs/public_key.der` diff --git a/SOURCES/akmods b/SOURCES/akmods new file mode 100644 index 0000000..f66f61b --- /dev/null +++ b/SOURCES/akmods @@ -0,0 +1,575 @@ +#!/bin/bash - +######################################################################## +# +# akmods - Rebuilds and install akmod RPMs +# Copyright (c) 2007, 2008 Thorsten Leemhuis +# Copyright (c) 2018 Nicolas Chauvet +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +######################################################################## +# +# ToDo: +# - use yum/dnf to install required kernel-devel packages? +# - better way to detect if a earlier build failed or succeeded +# - special kernel "all" (all that are installed with a matching -devel package; could be called from posttrans in akmods packages) +# - manpage +# - make it configurable if kmod building is done with nohup +# - check on shutdown if akmods is still running and let it finish before continuing +# - make it configurable if kmods from the repo replace local ones + +# global vars +myprog="akmods" +myver="0.5.7" +kmodlogfile= +continue_line="" +tmpdir= +kernels= +verboselevel=2 +# We cannot differenciate from a code failure to shutdown kill9 oom etc +# So we always retry anyway +alwaystry=1 + +akmods_echo() +{ + # where to output + local this_fd=${1} + shift + + # verboselevel + local this_verbose=${1} + shift + + # output to console + if (( ${verboselevel} >= ${this_verbose} )) ; then + if [[ "${1}" == "--success" ]] ; then + echo_success + continue_line="" + echo + return 0 + elif [[ "${1}" == "--failure" ]] ; then + echo_failure + echo + continue_line="" + return 0 + elif [[ "${1}" == "--warning" ]] ; then + echo_warning + echo + continue_line="" + return 0 + elif [[ "${1}" == "-n" ]] ; then + continue_line="true" + fi + echo "$@" >&${this_fd} + fi + + # no need to print the status flags in the logs + if [[ "${1}" == "--success" ]] || [[ "${1}" == "--failure" ]] || [[ "${1}" == "--warning" ]] ; then + return 0 + fi + + # no need to continues in the log + if [[ "${1}" == "-n" ]] ; then + shift + fi + + # global logfile + echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "/var/log/akmods/akmods.log" + + # the kmods logfile as well, if we work on a kmod + if [[ -n "${kmodlogfile}" ]] ; then + echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "${kmodlogfile}" + fi +} + +finally() +{ + # remove tmpfiles + remove_tmpdir + + # remove lockfile + rm -f /var/cache/akmods/.lockfile + + exit ${1:-128} +} + +# Make sure finally() is run regardless of reason for exiting. +trap "finally" ABRT HUP INT QUIT + +create_tmpdir() +{ + if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then + akmods_echo 2 1 "ERROR: failed to create tmpdir." + akmods_echo 2 1 --failure ; return 1 + fi + if ! mkdir "${tmpdir}"results ; then + akmods_echo 2 1 "ERROR: failed to create result tmpdir." + akmods_echo 2 1 --failure ; return 1 + fi +} + +remove_tmpdir() +{ + # remove tmpfiles + if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]] ; then + rm -f "${tmpdir}"results/* "${tmpdir}"*.log + rmdir "${tmpdir}"results/ "${tmpdir}" + fi +} + +cleanup_cachedir () +{ + for one_file in $(ls /var/cache/akmods/*/* 2>/dev/null | \ + grep -v "$(ls -I "*rescue*" /boot/vmlinuz-* | \ + sed 's%.*vmlinuz-%%g')") ; do + if $(grep -qE ".*\.rpm$" <<< "${one_file}") ; then + if ! $(rpm -q "$(basename ${one_file%.rpm})" >/dev/null) ; then + rm -f "${one_file}" + fi + else + rm -f "${one_file}" + fi + done +} + +init () +{ + # some security provisions + \export PATH='/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' + \unalias -a + hash -r + # https://bugzilla.rpmfusion.org/show_bug.cgi?id=4023 + #ulimit -H -c 0 -- + IFS=$' \t\n' + UMASK=022 + umask ${UMASK} + + # fall back to current kernel if user didn't provide one + if [[ ! -n "${kernels}" ]] ; then + kernels="$(uname -r)" + fi + # ensure to build for grub default kernel + default_kernel=$(grubby --default-kernel | sed -e 's/^.*vmlinuz-//') + if ! $(echo "${kernels}" | grep -q "${default_kernel}") ; then + kernels="${kernels} ${default_kernel}" + fi + + # we get the echo_{success,failure} stuff from there + if [[ -r /etc/rc.d/init.d/functions ]] ; then + source /etc/rc.d/init.d/functions + else + # Use our own simple replacements + echo_success() { + echo -ne " [ OK ]\r" + return 0 + } + echo_failure() { + echo -ne " [FAILED]\r" + return 1 + } + echo_warning() { + echo -ne " [WARNING]\r" + return 1 + } + fi + + # needs root permissions + if [[ ! -w /var ]] ; then + echo -n "Needs to run as root to be able to install rpms." >&2 + echo_failure ; echo ; exit 1 + fi + + # no akmods + if [[ ! -d "/usr/src/akmods/" ]] ; then + echo -n "/usr/src/akmods/ not found." >&2 + echo_failure ; echo ; exit 1 + fi + + # if there are no akmod packages installed there is nothing to do for us + if ! ls /usr/src/akmods/*-kmod.latest &> /dev/null ; then + echo -n "No akmod packages found, nothing to do." >&2 + echo_success ; echo ; exit 0 + fi + + + # now that we know that we're root make sure our dir for logging and results is available + if [[ ! -d "/var/cache/akmods/" ]] ; then + if ! mkdir -p "/var/cache/akmods/" ; then + echo -n "/var/cache/akmods/ not found and could not be created" >&2 + echo_failure ; echo ; exit 1 + fi + fi + if [[ ! -w "/var/cache/akmods/" ]] ; then + echo -n "/var/cache/akmods/ not writable" >&2 + echo_failure ; echo ; exit 1 + fi + + # tools needed + for tool in akmodsbuild chown flock sed rpmdev-vercmp ; do + if ! which "${tool}" &> /dev/null ; then + echo -n "${tool} not found" >&2 + echo_failure ; echo ; exit 1 + fi + done + + # create lockfile and wait till we get it + exec 99>/run/akmods/akmods.lock + flock -w 900 99 +} + +buildinstall_kmod() +{ + local this_kernelver=${1} + local this_kmodname=${2} + local this_kmodsrpm=${3} + local this_kmodverrel=${4} + + if [[ ! -r "${this_kmodsrpm}" ]] ; then + akmods_echo 2 1 "ERROR: ${this_kmodsrpm} not found." + akmods_echo 2 1 --failure ; return 1 + fi + + + # result and logdir + if [[ ! -d "/var/cache/akmods/${this_kmodname}" ]] ; then + if ! mkdir "/var/cache/akmods/${this_kmodname}" ; then + akmods_echo 2 1 "ERROR: could not create /var/cache/akmods/${this_kmodname}." + akmods_echo 2 1 --failure ; return 1 + fi + fi + + ## preparations + # tmpdir + create_tmpdir + + # akmods needs to write there (and nobody else, but mktemp takes care of that!) + chown akmods "${tmpdir}" "${tmpdir}"results + + # remove old logfiles if they exist + rm -f "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" "/var/cache/akmods/${this_kmodname}/.last.log" + + # create a per kmod logfile + if ! touch "/var/cache/akmods/${this_kmodname}/.last.log" ; then + akmods_echo 2 1 "ERROR: failed to create kmod specific logfile." + return 1 + fi + + # akmods_echo will log to this file from now on as well + kmodlogfile="/var/cache/akmods/${this_kmodname}/.last.log" + + # Unset TMPDIR since it is misused by "runuser" + # https://bugzilla.rpmfusion.org/show_bug.cgi?id=2596 + unset TMPDIR + + # build module using akmod + akmods_echo 1 4 "Building RPM using the command '$(which akmodsbuild) --kernels ${this_kernelver} ${this_kmodsrpm}'" + /sbin/runuser -s /bin/bash -c "$(which akmodsbuild) --quiet --kernels ${this_kernelver} --outputdir ${tmpdir}results --logfile ${tmpdir}/akmodsbuild.log ${this_kmodsrpm}" akmods >> "${kmodlogfile}" 2>&1 + local returncode=$? + + # copy rpmbuild log to kmod specific logfile + if [[ -s "${tmpdir}"/akmodsbuild.log ]] ; then + while read line ; do + echo "$(date +%Y/%m/%d\ %H:%M:%S) akmodsbuild: ${line}" >> "${kmodlogfile}" + done < "${tmpdir}"/akmodsbuild.log + fi + + # result + if (( ! ${returncode} == 0 )) ; then + if [[ -n "${continue_line}" ]] ; then + akmods_echo 1 2 --failure + fi + akmods_echo 2 1 "Building rpms failed; see /var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log for details" + cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" + kmodlogfile="" + remove_tmpdir + return 4 + fi + + # dnf/yum install - repository disabled on purpose see rfbz#3350 + akmods_echo 1 4 "Installing newly built rpms" + if [[ -f /usr/bin/dnf ]] ; then + akmods_echo 1 4 "DNF detected" + dnf -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1 + else + akmods_echo 1 4 "DNF not found, using YUM instead." + yum -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1 + fi + local returncode=$? + + # place the newly built rpms where user expects them + cp "${tmpdir}results/"* "/var/cache/akmods/${this_kmodname}/" + + # everything fine? + if (( ${returncode} != 0 )) ; then + if [[ -n "${continue_line}" ]] ; then + akmods_echo 1 2 --failure + fi + akmods_echo 2 1 "Could not install newly built RPMs. You can find them and the logfile in:" + akmods_echo 2 1 "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" + cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" + kmodlogfile="" + remove_tmpdir + return 8 + fi + + # finish + akmods_echo 1 4 "Successful." + cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" + kmodlogfile="" + remove_tmpdir + + return 0 +} + +check_kmod_up2date() +{ + local this_kernelver=${1} + local this_kmodname=${2} + local kmodpackage_file="$(modinfo ${this_kmodname} -k ${this_kernelver} -n 2>/dev/null)" + + # kmod present, even with weak-modules? + if [[ ! -n "${kmodpackage_file}" ]] && [[ ! -d /lib/modules/${this_kernelver}/extra/${this_kmodname}/ ]] ; then + # build it + return 1 + fi + + # kmod up2date? + # Weak module symlink case + if [ -n "${kmodpackage_file}" ] && [ -h "${kmodpackage_file}" ] && $(echo "${kmodpackage_file}" | grep -q "weak-updates") ; then + local kmodpackage="$(rpm -qf $(readlink -e ${kmodpackage_file}) 2> /dev/null)" + # Regular module file case + else + local kmodpackage="$(rpm -qf /lib/modules/${this_kernelver}/extra/${this_kmodname}/ 2> /dev/null)" + fi + if [[ ! -n "${kmodpackage}" ]] ; then + # seems we didn't get what we wanted + # well, better to do nothing in this case + akmods_echo 1 2 -n "Warning: Could not determine what package owns /lib/modules/${this_kernelver}/extra/${this_kmodname}/" + return 0 + fi + local kmodver=$(rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' "${kmodpackage}" | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g') + local akmodver=$(rpm -qp --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' /usr/src/akmods/"${this_kmodname}"-kmod.latest | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g') + + rpmdev-vercmp "${kmodver}" "${akmodver}" &>/dev/null + local retvalue=$? + if [[ "$retvalue" == 0 ]] ; then + # Versions are the same. Nothing to do. + return 0 + elif [[ "$retvalue" == 11 ]] ; then + # kmod is newer, nothing to do. + return 0 + elif [[ "$retvalue" == 12 ]] ; then + # akmod is newer, need to build kmod. + return 1 + else + # Something went wrong + akmods_echo 1 2 -n "Error: Could not determine if akmod is newer than the installed kmod" + akmods_echo 1 2 --failure + return 0 + fi +} + +check_kmods() +{ + local this_kernelver="${1}" + + akmods_echo 1 2 -n "Checking kmods exist for ${this_kernelver}" + for akmods_kmodfile in /usr/src/akmods/*-kmod.latest ; do + local this_kmodname="$(basename ${akmods_kmodfile%%-kmod.latest})" + + # actually check this akmod? + if [[ -n "${akmods}" ]] ; then + for akmod in ${akmods} ; do + if [[ "${this_kmodname}" != "${akmod}" ]] ; then + # ignore this one + continue 2 + fi + done + fi + + # go + if ! check_kmod_up2date ${this_kernelver} ${this_kmodname} ; then + # okay, kmod wasn't found or is not up2date + if [[ -n "${continue_line}" ]] ; then + akmods_echo 1 2 --success + # if the files for building modules are not available don't even try to build modules + if [[ ! -r /usr/src/kernels/"${this_kernelver}"/Makefile ]] && \ + [[ ! -r /lib/modules/"${this_kernelver}"/build/Makefile ]] ; then + akmods_echo 1 2 "Files needed for building modules against kernel" + akmods_echo 1 2 "${this_kernelver} could not be found as the following" + akmods_echo 1 2 "directories are missing:" + akmods_echo 1 2 "/usr/src/kernels/${this_kernelver}/" + akmods_echo 1 2 -n "/lib/modules/${this_kernelver}/build/" + akmods_echo 1 2 -n "Is the correct kernel-devel package installed?" + akmods_echo 1 2 --failure + return 1 + fi + fi + + local this_kmodverrel="$(rpm -qp --qf '%{VERSION}-%{RELEASE}' "${akmods_kmodfile}" | sed 's!\.\(fc\|el\|lvn\)[0-9]*!!g' )" + if [[ ! -n "${alwaystry}" ]] && [[ -e "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}".failed.log ]] ; then + akmods_echo 1 2 -n "Ignoring ${this_kmodname}-kmod as it failed earlier" + akmods_echo 1 2 --warning + local someignored="true" + else + akmods_echo 1 2 -n "Building and installing ${this_kmodname}-kmod" + buildinstall_kmod ${this_kernelver} ${this_kmodname} ${akmods_kmodfile} ${this_kmodverrel} + local returncode=$? + if [[ "$returncode" == "0" ]] ; then + akmods_echo 1 2 --success + local somesucceeded="true" + elif [[ "$returncode" == "8" ]] ; then + akmods_echo 1 2 --failure "New kmod RPM was built but could not be installed." + else + local somefailed="true" + fi + fi + fi + done + + if [[ -n "${continue_line}" ]] ; then + akmods_echo 1 2 --success + elif [[ -n "${someignored}" ]] || [[ -n "${somefailed}" ]] ; then + echo + akmods_echo 1 2 "Hint: Some kmods were ignored or failed to build or install." + akmods_echo 1 2 "You can try to rebuild and install them by by calling" + akmods_echo 1 2 "'/usr/sbin/akmods --force' as root." + echo + sleep 2 + fi + + # akmods for newly installed akmod rpms as wells as akmods.service run + # after udev and systemd-modules-load.service have tried to load modules + if [[ -n "${somesucceeded}" ]] && [[ ${this_kernelver} = "$(uname -r)" ]] ; then + find /sys/devices -name modalias -print0 | xargs -0 cat | xargs modprobe -a -b -q + if [ -f /usr/bin/systemctl ] ; then + systemctl restart systemd-modules-load.service + fi + fi +} + +myprog_help () +{ + echo "Checks the akmod packages and rebuilds them if needed" + echo $'\n'"Usage: ${myprog} [OPTIONS]" + echo $'\n'"Options:" + echo " --force -- try all, even if they failed earlier" + echo " --kernels -- build and install only for kernel " + echo " (formatted the same as 'uname -r' would produce)" + echo " --akmod -- build and install only akmod " +} + + +# first parse command line options +while [ "${1}" ] ; do + case "${1}" in + --kernel|--kernels) + shift + if [[ ! -n "${1}" ]] ; then + echo "ERROR: Please provide the kernel-version to build for together with --kernel" >&2 + exit 1 + elif [[ ! -r /usr/src/kernels/"${1}"/Makefile ]] && \ + [[ ! -r /lib/modules/"${1}"/build/Makefile ]] ; then + echo "Could not find files needed to compile modules for ${1}" + echo "Are the development files for kernel ${1} or the appropriate kernel-devel package installed?" + exit 1 + elif [[ -r /usr/src/kernels/"${1}"/Makefile ]] && \ + [[ ! -d /lib/modules/"${1}" ]] ; then + # this is a red hat / fedora kernel-devel package, but the kernel for it is not installed + # kmodtool would add a dep on that kernel when building; thus when we'd try to install the + # rpms we'd run into a missing-dep problem. Thus we prevent that case + echo "Kernel ${1} not installed" + exit 1 + fi + # overwrites the default: + if [[ ! -n "${kernels}" ]] ; then + kernels="${1}" + else + kernels="${kernels} ${1}" + fi + # an try to build, even if we tried already + alwaystry=true + shift + ;; + --akmod|--kmod) + shift + if [[ ! -n "${1}" ]] ; then + echo "ERROR: Please provide a name of a akmod package together with --akmods" >&2 + exit 1 + elif [[ -r /usr/src/akmods/"${1}"-kmod.latest ]] ; then + akmods="${akmods}${1} " + elif [[ -r /usr/src/akmods/"${1}".latest ]] ; then + akmods="${akmods}${1%%-kmod} " + else + echo "Could not find akmod ${1}" + exit 1 + fi + shift + ;; + --force) + alwaystry=true + shift + ;; + --from-init) + # just in case: remove stale lockfile if it exists: + rm -f /var/cache/akmods/.lockfile + # Clean old logs and rpm files from no more installed kmod + # packages. + cleanup_cachedir + shift + ;; + --from-posttrans|--from-kernel-posttrans|--from-akmod-posttrans) + # ignored + shift + ;; + --verbose) + let verboselevel++ + shift + ;; + --quiet) + let verboselevel-- + shift + ;; + --help) + myprog_help + exit 0 + ;; + --version) + echo "${myprog} ${myver}" + exit 0 + ;; + *) + echo "Error: Unknown option '${1}'." >&2 + myprog_help >&2 + exit 2 + ;; + esac +done + +# sanity checks +init + +# go +for kernel in ${kernels} ; do + check_kmods ${kernel} +done + +# finished :) +finally 0 diff --git a/SOURCES/akmods-keygen.target b/SOURCES/akmods-keygen.target new file mode 100644 index 0000000..5df7494 --- /dev/null +++ b/SOURCES/akmods-keygen.target @@ -0,0 +1,3 @@ +[Unit] +Wants=akmods-keygen@.service +PartOf=akmods.service diff --git a/SOURCES/akmods-keygen@.service b/SOURCES/akmods-keygen@.service new file mode 100644 index 0000000..8ae60ee --- /dev/null +++ b/SOURCES/akmods-keygen@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Akmods Secure boot MOK Key Generation +ConditionFileNotEmpty=|!/etc/pki/akmods/certs/public_key.der +ConditionFileNotEmpty=|!/etc/pki/akmods/private/private_key.priv + +[Service] +Type=oneshot +ExecStart=/usr/sbin/kmodgenca -a + +[Install] +WantedBy=akmods-keygen.target diff --git a/SOURCES/akmods-kmodgenca b/SOURCES/akmods-kmodgenca new file mode 100644 index 0000000..48891d7 --- /dev/null +++ b/SOURCES/akmods-kmodgenca @@ -0,0 +1,151 @@ +#!/bin/bash +# +# kmodgenca - Helper script to create CA/Keypair to sign modules. +# Copyright (c) 2017 Stanislas Leduc +# Copyright (c) 2018-2019 Nicolas Viéville +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +MYPROG="kmodgenca" +MYVER="0.5.7" +FORCE_BUILD=0 +AUTOMATIC_BUILD=0 +AUTOMATIC_BUILD_OPTION="" + +myprog_help () +{ + echo "Build CA/Keypair to sign modules" + echo $'\n'"Usage: ${MYPROG} [OPTIONS]" + echo $'\n'"Options:" + echo " -a, --auto -- generate default values for cacert.config file without prompt" + echo " -f, --force -- build CA/Keypair even if there is already ones" + echo " -h, --help -- print usage" + echo " -V, --version -- show version" +} + + +# Parse command line options. +# +while [ "${1}" ] ; do + case "${1}" in + -a|--auto) + AUTOMATIC_BUILD=1 + shift + ;; + -f|--force) + FORCE_BUILD=1 + shift + ;; + -h|--help) + myprog_help + exit 0 + ;; + -V|--version) + echo "${MYPROG} ${MYVER}" + exit 0 + ;; + *) + echo "Error: Unknown option '${1}'." >&2 + myprog_help >&2 + exit 2 + ;; + esac +done + +# Exit early if cert and private key already exist and if FORCE_BUILD +# is not equal to 1. +# +if $(readlink -e /etc/pki/akmods/certs/public_key.der &>/dev/null) && \ + $(readlink -e /etc/pki/akmods/private/private_key.priv &>/dev/null) && \ + [ ${FORCE_BUILD} -eq 0 ] ; then + exit 0 +fi + +CACERT_CONFIG="/etc/pki/akmods/cacert.config" +KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')" + +# Create cacert.config file with local values if AUTOMATIC_BUILD is set +# or ask for values manually. +# +echo "Update cacert.config..." +if [ ${AUTOMATIC_BUILD} -eq 1 ] ; then + # Set OpenSSL fields values, comment default values and min/max ones. + sed -e "s#\(0.organizationName *= \).*#\1$(hostname)#" \ + -e "s#\(organizationalUnitName *= \).*#\1$(hostname)#" \ + -e "s#\(emailAddress *= \).*#\1akmods@$(hostname)#" \ + -e "s#\(localityName *= \).*#\1None#" \ + -e "s#\(stateOrProvinceName *= \).*#\1None#" \ + -e "s#\(countryName *= \).*#\1$(locale country_ab2)#" \ + -e "s#\(commonName *= \).*#\1$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')#" \ + -e "s/^[^#]*_default *= /#&/" \ + -e "s/^[^#]*_min/#&/" \ + -e "s/^[^#]*_max/#&/" ${CACERT_CONFIG}.in > ${CACERT_CONFIG} + AUTOMATIC_BUILD_OPTION=" -batch" +else + # Activate prompt directive. + sed -e "s#\(prompt *= \).*#\1yes#" ${CACERT_CONFIG}.in > ${CACERT_CONFIG} +fi +KEY_SUFF="$(date "+%F_%T_%N")" +# If cert and private key files names already exists, do not overwrite +# them but save them. +# +if [[ -e /etc/pki/akmods/certs/${KEYNAME}.der ]] ; then + # If the cert has already been loaded in MOK, add "already_enrolled" + # to the suffix of the backup file. + # `mokutil --help` fails if EFI variables are not supported on the + # system. It is therefore impossible to test the presence of the key + # in MOK, and then do not add special suffix to the backup file. + # + if $(which mokutil &> /dev/null) && $(mokutil --help &> /dev/null) && $(mokutil --test-key /etc/pki/akmods/certs/${KEYNAME}.der &> /dev/null) ; then + KEY_SUFF="${KEY_SUFF}_already_enrolled" + fi + mv /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/${KEYNAME}.der.${KEY_SUFF}.bak + if [[ -e /etc/pki/akmods/private/${KEYNAME}.priv ]] ; then + mv /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/${KEYNAME}.priv.${KEY_SUFF}.bak + fi +fi + +echo "Generate new keypair..." +sg akmods -c " +umask 037 +openssl req -x509 -new -nodes -utf8 -sha256 -days 3650${AUTOMATIC_BUILD_OPTION} \ + -config ${CACERT_CONFIG} -outform DER \ + -out /etc/pki/akmods/certs/${KEYNAME}.der \ + -keyout /etc/pki/akmods/private/${KEYNAME}.priv +" + +# Ensure that akmods group can read keys. +# +chmod g+r /etc/pki/akmods/certs/${KEYNAME}.* +chmod g+r /etc/pki/akmods/private/${KEYNAME}.* + +# Sanitize permissions. +# +if [[ -x /usr/sbin/restorecon ]] ; then + /usr/sbin/restorecon /etc/pki/akmods/certs/${KEYNAME}.der + /usr/sbin/restorecon /etc/pki/akmods/private/${KEYNAME}.priv +fi + +# Update symlink to use new keypair. +# +ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der +ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv + +exit 0 diff --git a/SOURCES/akmods-ostree-post b/SOURCES/akmods-ostree-post new file mode 100644 index 0000000..517e1b3 --- /dev/null +++ b/SOURCES/akmods-ostree-post @@ -0,0 +1,102 @@ +#!/bin/bash - +############################################################################ +# +# akmods - Rebuilds and install akmod RPMs +# Copyright (c) 2007, 2008 Thorsten Leemhuis +# Copyright (c) 2018 Nicolas Chauvet +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +############################################################################ + +myprog="akmods-post" +tmpdir= + +# Only do %post builds in ostree +if ! grep -q OSTREE_VERSION= /etc/os-release && ! test -f /run/ostree-booted; then + exit 0 +fi + +kmodname=$1 +srpm=$2 + + +finally() +{ + # remove tmpfiles + remove_tmpdir + + exit ${1:-128} +} + +# Make sure finally() is run regardless of reason for exiting. +trap "finally" ABRT HUP INT QUIT + +create_tmpdir() +{ + if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then + echo "ERROR: failed to create tmpdir." >&2 + finally 1 + fi + if ! mkdir "${tmpdir}"results ; then + echo "ERROR: failed to create result tmpdir." >&2 + finally 1 + fi +} + +remove_tmpdir() +{ + # remove tmpfiles + if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]]; then + rm -rf "${tmpdir}" + fi +} + +# This is an ostree build, so do build for all +# deployed kernels in the %post +kernels="$(ls /lib/modules)" + +create_tmpdir + +for kernel in ${kernels} ; do + echo "Building ${srpm} for kernel ${kernel}" + # Note: This builds as root, but this is pretty safe because its happening in the ostree %post sandbox. + # In fact, given that /usr is a rofiles-fuse mount no other user can access /usr in this sandbox anyway. + akmodsbuild --quiet --kernels ${kernel} --outputdir ${tmpdir}results --logfile "${tmpdir}/akmodsbuild.log" "${srpm}" 2>&1 + returncode=$? + if (( ! ${returncode} == 0 )); then + finally 1 + fi +done + +for f in $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) ; do + rpm2cpio $f | cpio --quiet -D / -id + returncode=$? + if (( ! ${returncode} == 0 )); then + echo "Extracting $f failed:" 2>&1 + finally 1 + fi +done + +for kernel in ${kernels} ; do + depmod -v ${kernel} 2>&1 +done + +finally 0 diff --git a/SOURCES/akmods-shutdown b/SOURCES/akmods-shutdown new file mode 100644 index 0000000..adcf005 --- /dev/null +++ b/SOURCES/akmods-shutdown @@ -0,0 +1,31 @@ +#!/bin/bash +# +# akmods-shutdown - Helper script to build kernel modules on shutdown +# Copyright (c) 2012 Richard shaw +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# + +echo "Building modules for all installed kernels." +for kernel in /usr/src/kernels/* ; do + kernel=$(basename $kernel) + /usr/sbin/akmods --kernels $kernel +done + diff --git a/SOURCES/akmods-shutdown.service b/SOURCES/akmods-shutdown.service new file mode 100644 index 0000000..7fcccc1 --- /dev/null +++ b/SOURCES/akmods-shutdown.service @@ -0,0 +1,14 @@ +[Unit] +Description=Builds and install new kmods from akmod packages +Before=shutdown.service reboot.service halt.service +Conflicts=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecStop=-/usr/sbin/akmods-shutdown +TimeoutStopSec=5min + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/akmods-tmpfiles.conf b/SOURCES/akmods-tmpfiles.conf new file mode 100644 index 0000000..5197d7e --- /dev/null +++ b/SOURCES/akmods-tmpfiles.conf @@ -0,0 +1,2 @@ +# See tmpfiles.d(5) for details +d /run/akmods 0770 root akmods - diff --git a/SOURCES/akmods.h2m b/SOURCES/akmods.h2m new file mode 100644 index 0000000..22f3e55 --- /dev/null +++ b/SOURCES/akmods.h2m @@ -0,0 +1,12 @@ +[BUGS] +https://bugzilla.rpmfusion.org/buglist.cgi?product=Fedora&component=akmods&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED +[REPORTING BUGS] +Submit a bug against the akmods component at: +.br +https://bugzilla.rpmfusion.org/enter_bug.cgi?product=Fedora +[AUTHOR] +Thorsten Leemhuis +[MAINTAINER] +Richard Shaw +[SEE ALSO] +http://rpmfusion.org/Packaging/KernelModules/Akmods diff --git a/SOURCES/akmods.log b/SOURCES/akmods.log new file mode 100644 index 0000000..884c151 --- /dev/null +++ b/SOURCES/akmods.log @@ -0,0 +1,8 @@ +/var/log/akmods/akmods.log { + monthly + rotate 12 + missingok + notifempty + create 644 root root + su root akmods +} diff --git a/SOURCES/akmods.service.in b/SOURCES/akmods.service.in new file mode 100644 index 0000000..22530d3 --- /dev/null +++ b/SOURCES/akmods.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=Builds and install new kmods from akmod packages +ConditionPathExists=!/run/ostree-booted +Before=@SERVICE@ +After=akmods-keygen.target +Wants=akmods-keygen.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/akmods --from-init + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/akmods@.service b/SOURCES/akmods@.service new file mode 100644 index 0000000..32103ab --- /dev/null +++ b/SOURCES/akmods@.service @@ -0,0 +1,12 @@ +[Unit] +Description=Builds and install new kmods from akmod for a given kernel +Wants=akmods-keygen.target +After=akmods-keygen.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/systemd-inhibit --mode=block --what=idle:sleep:shutdown --who="akmods" --why="Akmods Transaction running" /usr/sbin/akmods --from-kernel-posttrans --kernels %i + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/akmodsbuild b/SOURCES/akmodsbuild new file mode 100644 index 0000000..848c392 --- /dev/null +++ b/SOURCES/akmodsbuild @@ -0,0 +1,358 @@ +#!/bin/bash +# +# akmodbuild - Helper script for building kernel module SRPMs +# Copyright (c) 2007 Thorsten Leemhuis +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +myprog="akmodsbuild" +myver="0.5.6" + +# defaults that might get overwritten by user: +kernels="$(uname -r)" +target="$(uname -m)" +if [[ "${target}" == "armv7l" ]] ; then + target="armv7hl" +fi +numberofjobs=$(grep -c processor /proc/cpuinfo 2> /dev/null) +verboselevel=2 +outputdir="${PWD}" +srpms= + +init () +{ + ## startup checks + # prevent root-usage + if [[ -w /var ]] ; then + echo "ERROR: Not to be used as root; start as user or '${myprog}' instead." >&2 + exit 1 + fi + + # do we have everything we need to build for the kernels in question? + for kernel in ${kernels}; do + if [[ ! -e /usr/src/kernels/${kernel}/Makefile ]] && [[ ! -e /usr/lib/modules/${kernel}/build/Makefile ]] ; then + echo "ERROR: Files needed for building modules against kernel" >&2 + echo " ${kernel} could not be found as the following" >&2 + echo " directories are missing:" + echo " /usr/src/kernels/${kernel}/" >&2 + echo " /usr/lib/modules/${kernel}/build/" >&2 + exit 2 + fi + done + + if [[ ! -n "${srpms}" ]] ; then + echo "ERROR: Please provide a list of SRPM-files to build." + exit 2 + fi + + # SRPMS available? + for srpm in ${srpms}; do + if [[ ! -r ${srpm} ]] ; then + echo "ERROR: Can't find SRPM ${srpm}" + exit 1 + fi + done + + # room to save things + if [[ ! -d "${outputdir}" ]] ; then + echo "ERROR: ${outputdir} is not a directory" >&2 + exit 1 + elif [[ ! -w "${outputdir}" ]] ; then + echo "ERROR: ${outputdir} is not a writable" >&2 + exit 1 + fi + + + # make sure this is a number + if ! (( ${numberofjobs} > 0 )) ; then + echo "Warning: using hardcoded defaut value for number of jobs" + numberofjobs=2 + fi + + ## preparations + # tmpdir + if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)" ; then + echo "ERROR: Could create tempdir." + exit 1 + fi + + # buildtreee + mkdir "${tmpdir}"/{BUILD,SOURCES,SPECS,SRPMS,RPMS,RPMS/"${target}"} + + # logfile + if [[ ! -n "${logfile}" ]] ; then + logfile="${tmpdir}/logfile" + fi + + if ( [[ -e "${logfile}" ]] && [[ ! -w "${logfile}" ]] ) || ! touch "${logfile}" ; then + echo "ERROR: Could not write logfile." + finally + exit 1 + fi +} + + +finally() +{ + # kill background jobs if needed + if [[ -n "${watch_jobid}" ]] ; then + kill "${watch_jobid}" + fi + if [[ -n "${rpmbuild_jobid}" ]] ; then + kill "${rpmbuild_jobid}" + fi + + # remove tmpfiles + if [[ -d "${tmpdir}" ]] ; then + rm -rf "${tmpdir}" + fi +} +trap "finally" 2 + + +akmods_echo() +{ + # where to output + local this_fd=${1} + shift + + # verboselevel + local this_verbose=${1} + shift + + if [[ "${1}" == "--not-logfile" ]] ; then + local notlogfile=true + shift + fi + + # output to console + if (( ${verboselevel} >= ${this_verbose} )) ; then + echo "$@" >&${this_fd} + fi + + # global logfile + if [[ ! -n ${notlogfile} ]] ; then + echo "$@" >> "${logfile}" + fi +} + + +watch_rpmbuild() +{ + # background function to show rpmbuild progress + # does't use akmods_echo here; this stage handles the output on its own + # (seperate process and there is no need to log this) + if (( ${verboselevel} == 2 )) ; then + tail --pid ${1} -n +1 -s 0.1 -f ${2} 2>/dev/null | grep --line-buffered -e '%prep' -e '%build' -e '%install' -e '%clean' | while read line ; do + if [[ "${line}" != "${line##*prep}" ]] ; then + echo -n "prep " + elif [[ "${line}" != "${line##*build}" ]] ; then + echo -n "build " + elif [[ "${line}" != "${line##*install}" ]] ; then + echo -n "install " + elif [[ "${line}" != "${line##*clean}" ]] ; then + echo -n "clean; " + # last linefeed is done by the caller + fi + done + elif (( ${verboselevel} > 2 )) ; then + tail --pid ${1} -n +1 -s 0.1 -f ${2} + fi +} + +process_srpm() +{ + local source_rpm="${1}" + + # status info + akmods_echo 1 2 -n "* Rebuilding ${source_rpm} for kernel(s) ${kernels}: " + + # kick off rebuild into background + /usr/bin/time --format='%x' --output="${tmpdir}/.jobexit" rpmbuild \ + --define "_topdir ${tmpdir}/" \ + --define "_buildtree ${tmpdir}/BUILD" \ + --define "_specdir ${tmpdir}/SPECS" \ + --define "_sourcedir ${tmpdir}/SOURCES" \ + --define "_srcrpmdir ${tmpdir}/SRPMS" \ + --define "_rpmdir ${tmpdir}/RPMS" \ + --define "_smp_mflags -j${numberofjobs}" \ + --define "kernels ${kernels}" \ + --target ${target} \ + --rebuild "${source_rpm}" 2>&1 | tee -a "${logfile}" > "${tmpdir}/.joblog" & + + local rpmbuild_jobid=$! + + # show progress + if (( ${verboselevel} >= 2 )) ; then + watch_rpmbuild ${rpmbuild_jobid} "${tmpdir}/.joblog" 2> /dev/null & + local watch_jobid=$! + fi + + # wait for rpmbuild + wait ${rpmbuild_jobid} + local rpmbuild_returncode=$(tail -n 1 "${tmpdir}/.jobexit") + unset rpmbuild_jobid + + # give watch_rpmbuild a moment to catch up; kill it if it does not + if (( ${verboselevel} >= 2 )) ; then + sleep 0.5 + kill ${watch_jobid} &> /dev/null + unset watch_jobid + fi + + # did rpmbuild succeed? + if (( ${rpmbuild_returncode} != 0 )) ; then + # linefeed: + akmods_echo 1 2 "" + + akmods_echo 2 2 --not-logfile "rpmbuild failed with errorcode ${rpmbuild_returncode}; last 35 Lines of log:" + akmods_echo 2 2 --not-logfile "--- " + tail -n 35 "${tmpdir}/.joblog" >&2 + akmods_echo 2 2 --not-logfile "---" + return ${rpmbuild_returncode} + fi + + # finish status for watch_rpmbuild + if (( ${verboselevel} >= 2 )) ; then + akmods_echo 1 2 -n "Successfull; " + fi + + local rpms_built="$(cd "${tmpdir}"/RPMS/"${target}" ; echo *)" + + if ! mv "${tmpdir}/RPMS/${target}/"* "${outputdir}" ; then + # linefeed: + akmods_echo 1 2 "" + + akmods_echo 2 2 "Failed to move ${tmpdir}/RPMS/${target}/"* "to ${outputdir}" + return 128 + fi + + if (( ${verboselevel} == 1 )) ; then + for rpm in ${rpms_built}; do + echo "${outputdir%%/}/${rpm}" + done + elif (( ${verboselevel} >= 2 )) ; then + akmods_echo 1 2 "Saved ${rpms_built} in ${outputdir%%/}/" + fi + + + # finished + return 0 +} + +myprog_help () +{ + echo "Rebuilds kmod SRPM(s)" + echo $'\n'"Usage: ${myprog} [OPTIONS] " + echo $'\n'"Options:" + echo " -k, --kernels -- build for kernel-versions (output from 'uname -r')" + echo " -l, --logfile -- save rpmbuild output to " + echo " -o, --outputdir -- save rpms and logs here (current directory)" + echo " -t, --target -- target-arch (output from 'uname -m')" + echo " -v, --verbose -- increase verboseness" + echo " -q, --quiet -- be more quiet" + echo " -h, --help -- show usage" + echo " -V, --version -- show version" +} + +while [ "${1}" ] ; do + case "${1}" in + -k|--kernels) + shift + if [[ ! -n "${1}" ]] ; then + echo "ERROR: Please provide kernel-version(s) to build for together with --kernel" >&2 + exit 1 + fi + kernels="${1}" + shift + ;; + -l|--logfile) + shift + if [[ ! -n "${1}" ]] ; then + echo "ERROR: Please provide a filename together with --logfile" >&2 + exit 1 + fi + logfile="${1}" + shift + ;; + -o|--outputdir) + shift + if [[ ! -n "${1}" ]] ; then + echo "ERROR: Please provide the output directory together with --outputdir" >&2 + exit 1 + fi + outputdir="${1}" + shift + ;; + -t|--target) + shift + if [[ ! -n "${1}" ]] ; then + echo "ERROR: Please provide the target-arch together with --target" >&2 + exit 1 + fi + target="${1}" + shift + ;; + -v|--verbose) + let verboselevel++ + shift + ;; + -q|--quiet) + let verboselevel-- + shift + ;; + -h|--help) + myprog_help + exit 0 + ;; + -V|--version) + echo "${myprog} ${myver}" + exit 0 + ;; + --*) + echo "Error: Unknown option '${1}'." >&2 + myprog_help >&2 + exit 2 + ;; + *) + srpms="${srpms} ${1}" + shift + ;; + esac +done + +# sanity checks +init + +# go +for srpm in ${srpms}; do + process_srpm ${srpm} + returncode=$? + + if (( ${returncode} != 0 )) ; then + finally + exit ${returncode} + fi +done + +# finished +finally + +exit 0 diff --git a/SOURCES/akmodsposttrans b/SOURCES/akmodsposttrans new file mode 100755 index 0000000..12b1804 --- /dev/null +++ b/SOURCES/akmodsposttrans @@ -0,0 +1,47 @@ +#!/bin/bash - +# +# akmodposttrans - Calls akmods for newly installed kernels +# +# Copyright (c) 2009 Thorsten Leemhuis +# Copyright (c) 2017 Nicolas Chauvet +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# + +# just check in case a user calls this directly +if [[ ! -w /var ]] ; then + echo "Needs to run as root to be able to install rpms." >&2 + exit 4 +fi + +# needs to run in background as rpmdb might be locked otherwise +if [ -e /bin/systemctl ] ; then + # Exit early if system-update.target is active - rhbz#1518401 + /bin/systemctl is-active system-update.target &>/dev/null + RET=$? + + [ $RET == 0 ] && exit 0 + + /bin/systemctl restart akmods@${1}.service --no-block >/dev/null 2>&1 +else + nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${1} > /dev/null 2>&1 & +fi + +exit 0 diff --git a/SOURCES/cacert.config.in b/SOURCES/cacert.config.in new file mode 100644 index 0000000..20a2098 --- /dev/null +++ b/SOURCES/cacert.config.in @@ -0,0 +1,41 @@ +# Default OpenSSL settings and configuration file for kmodgenca +# shell-script. +# +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +utf8 = yes +string_mask = utf8only +x509_extensions = req_exts + +[ req_distinguished_name ] +# Values settings +# +0.organizationName = Organization Name (eg, company) +organizationalUnitName = Organizational Unit Name (eg, section) +emailAddress = Email Address +emailAddress_max = 64 +localityName = Locality Name (eg, city) +stateOrProvinceName = State or Province Name (full name) +countryName = Country Name (2 letter code) +countryName_min = 2 +countryName_max = 2 +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 + +# Default values +# +0.organizationName_default = akmods local +organizationalUnitName_default = akmods +emailAddress_default = akmods@localhost.localdomain +localityName_default = None +stateOrProvinceName_default = None +countryName_default = XX +commonName_default = akmods local signing CA + +[ req_exts ] +basicConstraints = critical,CA:FALSE +keyUsage = digitalSignature +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid diff --git a/SPECS/akmods.spec b/SPECS/akmods.spec new file mode 100644 index 0000000..85f1170 --- /dev/null +++ b/SPECS/akmods.spec @@ -0,0 +1,416 @@ +Name: akmods +Version: 0.5.7 +Release: 8%{?dist} +Summary: Automatic kmods build and install tool + +License: MIT +URL: http://rpmfusion.org/Packaging/KernelModules/Akmods + +# We are upstream, these files are maintained directly in pkg-git +Source0: 95-akmods.preset +Source1: akmods +Source2: akmodsbuild +Source3: akmods.h2m +Source5: akmodsposttrans +Source6: akmods.service.in +Source7: akmods-shutdown +Source8: akmods-shutdown.service +Source9: README +Source10: LICENSE +Source11: akmods@.service +Source12: akmods-ostree-post +Source13: 95-akmodsposttrans.install +Source14: akmods.log +Source15: README.secureboot +Source16: cacert.config.in +Source17: akmods-kmodgenca +Source18: akmods-keygen.target +Source19: akmods-keygen@.service +Source20: %{name}-tmpfiles.conf + +BuildArch: noarch + +BuildRequires: help2man + +# not picked up automatically +%if 0%{?rhel} == 6 +Requires: %{_bindir}/nohup +%endif +Requires: %{_bindir}/flock +Requires: %{_bindir}/time + +# needed for actually building kmods: +Requires: %{_bindir}/rpmdev-vercmp +Requires: kmodtool >= 1.1-1 + +# needed to create CA/Keypair to sign modules +Requires: openssl + +# this should track in all stuff that is normally needed to compile modules: +Requires: bzip2 coreutils diffutils file findutils gawk gcc grep +Requires: gzip make sed tar unzip util-linux which rpm-build + +# On EL, kABI list was renamed +%if 0%{?rhel} +%if 0%{?rhel} >= 8 +Requires: (kernel-abi-stablelists or kernel-abi-whitelists) +%else +Requires: kernel-abi-whitelists +%endif +%endif + +%if 0%{?fedora} || 0%{?rhel} > 7 +# We use a virtual provide that would match either +# kernel-devel or kernel-PAE-devel +Requires: kernel-devel-uname-r +# kernel-devel-matched enforces the same kernel version as the -devel +%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 +Requires: (kernel-debug-devel-matched if kernel-debug-core) +Requires: (kernel-devel-matched if kernel-core) +Requires: (kernel-lpae-devel-matched if kernel-lpae-core) +%else +Suggests: (kernel-debug-devel if kernel-debug) +Suggests: (kernel-devel if kernel) +Suggests: (kernel-lpae-devel if kernel-lpae) +%endif +Suggests: (kernel-PAE-devel if kernel-PAE) +Suggests: (kernel-PAEdebug-devel if kernel-PAEdebug) +# Theses are from planetccrma-core or rhel-7-server-rt-rpms +Suggests: (kernel-rt-devel if kernel-rt) +Suggests: (kernel-rtPAE-devel if kernel-rtPAE) +%else +# There is no much variant there, so using a sane default +Requires: kernel-devel +%endif + +# we create a special user that used by akmods to build kmod packages +Requires(pre): shadow-utils + +# systemd unit requirements. +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +# Optional but good to have on recent kernel +Requires: pkgconfig(libelf) + + +%description +Akmods startup script will rebuild akmod packages during system +boot, while its background daemon will build them for kernels right +after they were installed. + + +%prep +%setup -q -c -T +cp -p %{SOURCE9} %{SOURCE10} %{SOURCE15} . + + +%build +# Nothing to build + + +%install +mkdir -p %{buildroot}%{_usrsrc}/%{name} \ + %{buildroot}%{_sbindir} \ + %{buildroot}%{_sysconfdir}/rpm \ + %{buildroot}%{_sysconfdir}/pki/%{name}/certs \ + %{buildroot}%{_sysconfdir}/pki/%{name}/private \ + %{buildroot}%{_sysconfdir}/kernel/postinst.d \ + %{buildroot}%{_sysconfdir}/logrotate.d \ + %{buildroot}%{_localstatedir}/cache/%{name} \ + %{buildroot}%{_localstatedir}/log/%{name} \ + %{buildroot}%{_tmpfilesdir} + +install -pm 0755 %{SOURCE1} %{buildroot}%{_sbindir}/ +install -pm 0755 %{SOURCE2} %{buildroot}%{_sbindir}/ +install -pm 0755 %{SOURCE12} %{buildroot}%{_sbindir}/ +install -pm 0755 %{SOURCE5} %{buildroot}%{_sysconfdir}/kernel/postinst.d/ +install -pm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +install -pm 0640 %{SOURCE16} %{buildroot}%{_sysconfdir}/pki/%{name}/ +install -pm 0755 %{SOURCE17} %{buildroot}%{_sbindir}/kmodgenca +install -pm 0644 %{SOURCE20} %{buildroot}%{_tmpfilesdir}/%{name}.conf +install -dpm 0770 %{buildroot}%{_rundir}/%{name}/ + +mkdir -p %{buildroot}%{_prefix}/lib/kernel/install.d +install -pm 0755 %{SOURCE13} %{buildroot}%{_prefix}/lib/kernel/install.d/ +mkdir -p \ + %{buildroot}%{_unitdir} \ + %{buildroot}%{_presetdir} +sed "s|@SERVICE@|display-manager.service|" %{SOURCE6} >\ + %{buildroot}%{_unitdir}/akmods.service +install -pm 0644 %{SOURCE0} %{buildroot}%{_presetdir}/ +install -pm 0755 %{SOURCE7} %{buildroot}%{_sbindir}/ +install -pm 0644 %{SOURCE8} %{buildroot}%{_unitdir}/ +install -pm 0644 %{SOURCE11} %{buildroot}%{_unitdir}/ +install -pm 0644 %{SOURCE18} %{buildroot}%{_unitdir}/ +install -pm 0644 %{SOURCE19} %{buildroot}%{_unitdir}/ + +# Generate and install man pages. +mkdir -p %{buildroot}%{_mandir}/man1 +help2man -N -i %{SOURCE3} -s 1 \ + -o %{buildroot}%{_mandir}/man1/akmods.1 \ + %{buildroot}%{_sbindir}/akmods +help2man -N -i %{SOURCE3} -s 1 \ + -o %{buildroot}%{_mandir}/man1/akmodsbuild.1 \ + %{buildroot}%{_sbindir}/akmodsbuild + + +%pre +# create group and user +getent group akmods >/dev/null || groupadd -r akmods +getent passwd akmods >/dev/null || \ +useradd -r -g akmods -d /var/cache/akmods/ -s /sbin/nologin \ + -c "User is used by akmods to build akmod packages" akmods + +%post +%systemd_post akmods.service +%systemd_post akmods@.service +%systemd_post akmods-shutdown.service + +%preun +%systemd_preun akmods.service +%systemd_preun akmods@.service +%systemd_preun akmods-shutdown.service + +%postun +%systemd_postun akmods.service +%systemd_postun akmods@.service +%systemd_postun akmods-shutdown.service + + +%files +%doc README README.secureboot +%license LICENSE +%{_sbindir}/akmodsbuild +%{_sbindir}/akmods +%{_sbindir}/akmods-ostree-post +%{_sbindir}/kmodgenca +%dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/certs +%dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/private +%config(noreplace) %attr(640,root,akmods) %{_sysconfdir}/pki/%{name}/cacert.config.in +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_sysconfdir}/kernel/postinst.d/akmodsposttrans +%{_unitdir}/akmods.service +%{_unitdir}/akmods@.service +%{_sbindir}/akmods-shutdown +%{_unitdir}/akmods-shutdown.service +%{_prefix}/lib/kernel/install.d/95-akmodsposttrans.install +%attr(0644,root,root) %{_unitdir}/akmods-keygen.target +%attr(0644,root,root) %{_unitdir}/akmods-keygen@.service +%dir %attr(0770,root,akmods) %{_rundir}/%{name} +%{_tmpfilesdir}/%{name}.conf +# akmods was enabled in the default preset by f28 +%if 0%{?rhel} +%{_presetdir}/95-akmods.preset +%else +%exclude %{_presetdir}/95-akmods.preset +%endif +%{_usrsrc}/akmods +%dir %attr(-,akmods,akmods) %{_localstatedir}/cache/akmods +%dir %attr(0775,root,akmods) %{_localstatedir}/log/%{name} +%{_mandir}/man1/* + + +%changelog +* Wed May 04 2022 Nicolas Chauvet - 0.5.7-8 +- Fix logrotate permission access to /var/log/akmods directory - rhbz#2078490 +- Rename logrotate config file + +* Wed Mar 09 2022 Timothée Ravier - 0.5.7-7 +- Use 'Require' instead of 'Suggest' for kernel*-devel packages. + +* Thu Jan 27 2022 Nicolas Viéville - 0.5.7-6 +- Adapt usage of lockfile to systemd-tmpfiles +- Re-locate akmods logs in /var/log + +* Wed Jan 26 2022 Timothée Ravier - 0.5.7-5 +- Use kernel*-core variants in conditional Suggests + +* Wed Jan 19 2022 Fedora Release Engineering - 0.5.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Dec 20 2021 Nicolas Chauvet - 0.5.7-3 +- Drop perl-interpeter +- Drop akmodsinit +- Only use preset on rhel +- kernel-devel-matched support + see also https://src.fedoraproject.org/rpms/akmods/pull-request/7 + +* Fri Dec 10 2021 Nicolas Chauvet - 0.5.7-2 +- Bump kmodtool requirement +- Rename kABI list +- Drop EL6 support +- Switch to distro agnostic deps + +* Fri Oct 22 2021 Nicolas Viéville - 0.5.7-1 +- Add local akmods CA signing keys and support tools to sign modules for + Secure boot thanks to Stanislas Leduc +- Add akmods-keygen service to generate MOK key pair on first run + +* Fri Oct 22 2021 Nicolas Viéville - 0.5.6-29 +- Remove trailing spaces and clean-up +- Use %%{name} when possible +- Convert if statement from "[!] $variable" to "[!] -n $variable" +- Fix kernel list build when parsing command line options +- Ensure to build for grub default kernel +- Improve detection of already installed (weak-)modules in akmods (RHEL) +- akmods uses logrotate and clean-up /var/cache/akmods sub-directories of + old logs and rpm files from no more installed kmod packages + (rhbz #1542658). + +* Wed Jul 21 2021 Fedora Release Engineering - 0.5.6-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jan 25 2021 Fedora Release Engineering - 0.5.6-27 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 0.5.6-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 0.5.6-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Nov 20 2019 Nicolas Viéville - 0.5.6-24 +- Check kernel presence differently for systemd-boot machines - rhbz#1769144 + +* Wed Oct 16 2019 Leigh Scott - 0.5.6-23 +- Add requires kernel-abi-whitelists for RHEL + +* Wed Jul 24 2019 Fedora Release Engineering - 0.5.6-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon May 20 2019 Nicolas Chauvet - 0.5.6-21 +- Add check for rhel8 + +* Wed May 15 2019 Nicolas Viéville - 0.5.6-20 +- Fix akmodsposttrans after kernel update/install on Fedora >= 28 and + RHEL >= 7 - rhbz#1709055 + +* Thu Feb 28 2019 Alexander Larsson - 0.5.6-19 +- Support ostree/silverblue builds - rhbz#1667014 + +* Thu Feb 28 2019 Hans de Goede +- Do not fail when the old initscripts pkg is not installed - rhbz#1680121 + +* Thu Jan 31 2019 Fedora Release Engineering - 0.5.6-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Nov 05 2018 Nicolas Chauvet - 0.5.6-17 +- Don't enforce target arch - rhbz#1644430 +- Rework log file path +- Avoid using /usr/lib/modules for el6 compat + +* Thu Jul 12 2018 Fedora Release Engineering - 0.5.6-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Mar 26 2018 Nicolas Chauvet - 0.5.6-15 +- Add inihibitor for akmods@.service +- Use restart on akmodsposttrans + +* Mon Mar 26 2018 Nicolas Chauvet - 0.5.6-14 +- Switch to always retry by default +- Drop akmods preset by f28 +- Don't enable service on ah +- Test a rw directory + +* Wed Feb 07 2018 Fedora Release Engineering - 0.5.6-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Dec 13 2017 Nicolas Chauvet - 0.5.6-12 +- Update kernel posttrans method - rhbz#1518401 + +* Thu Aug 03 2017 Nicolas Chauvet - 0.5.6-11 +- Rework kernel-devel requires on el + +* Thu Aug 03 2017 Nicolas Chauvet - 0.5.6-10 +- Enable suggests on fedora +- Add back el6 support in spec +- Add Requires elfutils-libelf-devel + +* Wed Jul 26 2017 Fedora Release Engineering - 0.5.6-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 13 2017 Petr Pisar - 0.5.6-8 +- perl dependency renamed to perl-interpreter + + +* Thu May 4 2017 Hans de Goede - 0.5.6-7 +- "udevadm trigger" may have bad side-effects (rhbz#454407) instead + look for modalias files under /sys/devices and call modprobe directly +- Fix exit status when no akmod packages are installed, so that systemd + does not consider the akmods.service as having failed to start + +* Wed May 3 2017 Hans de Goede - 0.5.6-6 +- Run "udevadm trigger" and "systemctl restart systemd-modules-load.service" + when new kmod packages have been build and installed so that the new + modules may be used immediately without requiring a reboot + +* Mon Mar 6 2017 Hans de Goede - 0.5.6-5 +- Add LICENSE file (rhbz#1422918) + +* Fri Feb 24 2017 Hans de Goede - 0.5.6-4 +- Replace %%{_prefix}/lib/systemd/system-preset with %%{_presetdir} + +* Thu Feb 16 2017 Hans de Goede - 0.5.6-3 +- Submit to Fedora for package review + +* Mon Nov 28 2016 Nicolas Chauvet - 0.5.6-2 +- Use Suggests kernel-devel weak-dependency - see rfbz#3386 + +* Fri Oct 14 2016 Richard Shaw - 0.5.6-1 +- Disable shutdown systemd service file by default. +- Remove modprobe line from main service file. + +* Wed Aug 17 2016 Sérgio Basto - 0.5.4-3 +- New release + +* Sun Jan 03 2016 Nicolas Chauvet - 0.5.4-2 +- Revert conflicts kernel-debug-devel + +* Thu Jul 23 2015 Richard Shaw - 0.5.4-1 +- Do not mark a build as failed when only installing the RPM fails. +- Run akmods-shutdown script instead of akmods on shutdown. +- Add systemd preset file to enable services by default. + +* Wed Jul 15 2015 Richard Shaw - 0.5.3-2 +- Add package conflicts to stop pulling in kernel-debug-devel, fixes BZ#3386. +- Add description for the formatting of the parameter, BZ#3580. +- Update static man pages and clean them up. +- Fixed another instance of TMPDIR causing issues. +- Added detection of dnf vs yum to akmods, fixed BZ#3481. + +* Wed Apr 1 2015 Richard Shaw - 0.5.2-1 +- Fix temporary directory creation when TMPDIR environment variable is set, + fixes BZ#2596. +- Update systemd scripts to use macros. +- Fix akmods run on shutdown systemd unit file, fixes BZ#3503. + +* Sun Nov 16 2014 Nicolas Chauvet - 0.5.1-4 +- Fix akmods on armhfp - rfbz#3117 +- Use yum instead of rpm to install packages - rfbz#3350 + Switch to a better date format + +* Fri Jan 11 2013 Richard Shaw - 0.5.1-3 +- Really fix akmods.service.in. + +* Fri Jun 01 2012 Richard Shaw - 0.5.1-2 +- Add service file to run again on shutdown. +- Add conditional for Fedora 18 to specify correct systemd graphical service. + +* Thu Apr 12 2012 Nicolas Chauvet - 0.4.0-4 +- Rebuilt + +* Tue Mar 20 2012 Richard Shaw - 0.4.0-3 +- Add additional error output if the needed kernel development files are not + installed. (Fixes #561) + +* Mon Mar 05 2012 Richard Shaw - 0.4.0-2 +- Remove remaining references to previous Fedora releases +- Remove legacy SysV init script from CVS. +- Added man page for akmods and cleaned up man page for akmodsbuild. + +* Tue Feb 07 2012 Nicolas Chauvet - 0.4.0-1 +- Update for UsrMove support +- Remove unused references to older fedora +- Change Requires from kernel-devel to kernel-devel-uname-r