Toshaan Bharvani
4 months ago
commit
04cca44c73
21 changed files with 1951 additions and 0 deletions
@ -0,0 +1,8 @@ |
|||||||
|
# Also see: |
||||||
|
# https://fedoraproject.org/wiki/Starting_services_by_default |
||||||
|
|
||||||
|
# Installing presets is not the preferred solution but until another one |
||||||
|
# presents itself: |
||||||
|
# https://bugzilla.rpmfusion.org/show_bug.cgi?id=3713 |
||||||
|
enable akmods.service |
||||||
|
#enable akmods-shutdown.service |
@ -0,0 +1,65 @@ |
|||||||
|
#!/bin/bash - |
||||||
|
# |
||||||
|
# 95-akmodposttrans.install - Calls akmods for newly installed kernels |
||||||
|
# |
||||||
|
# Copyright (c) 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
|
||||||
|
COMMAND="$1" |
||||||
|
KERNEL_VERSION="$2" |
||||||
|
BOOT_DIR_ABS="$3" |
||||||
|
KERNEL_IMAGE="$4" |
||||||
|
|
||||||
|
# just check in case a user calls this directly |
||||||
|
if [[ ! -w /var ]] ; then |
||||||
|
echo "Needs to run as root to be able to install rpms." >&2 |
||||||
|
exit 4 |
||||||
|
fi |
||||||
|
|
||||||
|
if [[ ! -n "${KERNEL_VERSION}" ]] ; then |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
case "${COMMAND}" in |
||||||
|
add) |
||||||
|
# needs to run in background as rpmdb might be locked otherwise |
||||||
|
if [ -e /bin/systemctl ] ; then |
||||||
|
# Exit early if system-update.target is active - rhbz#1518401 |
||||||
|
/bin/systemctl is-active system-update.target &>/dev/null |
||||||
|
RET=$? |
||||||
|
|
||||||
|
[ $RET == 0 ] && exit 0 |
||||||
|
|
||||||
|
/bin/systemctl restart akmods@${KERNEL_VERSION}.service --no-block >/dev/null 2>&1 |
||||||
|
else |
||||||
|
nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${KERNEL_VERSION} > /dev/null 2>&1 & |
||||||
|
fi |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
remove) |
||||||
|
# Nothing to do |
||||||
|
;; |
||||||
|
*) |
||||||
|
;; |
||||||
|
esac |
||||||
|
|
||||||
|
exit 0 |
@ -0,0 +1,18 @@ |
|||||||
|
Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
a copy of this software and associated documentation files (the |
||||||
|
"Software"), to deal in the Software without restriction, including |
||||||
|
without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
permit persons to whom the Software is furnished to do so, subject to |
||||||
|
the following conditions: |
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be |
||||||
|
included in all copies or substantial portions of the Software. |
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
@ -0,0 +1,12 @@ |
|||||||
|
Akmods startup script will rebuild akmod packages during system |
||||||
|
boot, while its background daemon will build them for kernels right |
||||||
|
after they were installed. |
||||||
|
|
||||||
|
The akmods systemd service provides both, and is enabled by default. |
||||||
|
|
||||||
|
The akmods-shutdown service is disabled by default but can, in some |
||||||
|
circumstances, provide an additional chance to build and install a kernel |
||||||
|
module. Users who would prefer longer shutdowns over delayed startups |
||||||
|
may wish to consider enabling it with the following command: |
||||||
|
|
||||||
|
sudo systemctl enable --now akmods-shutdown.service |
@ -0,0 +1,51 @@ |
|||||||
|
Secure boot is a setup using UEFI firmware to check cryptographic |
||||||
|
signatures on the bootloader and associated OS kernel to ensure they |
||||||
|
have not been tampered with or bypassed in the boot process. |
||||||
|
|
||||||
|
This verification can be extended to Kernel and its modules. |
||||||
|
It's default case in Fedora with UEFI and Secure boot enabled. |
||||||
|
|
||||||
|
Fedora Project have signed kernels and also main modules with Fedora |
||||||
|
Key, but 3rd party modules as NVidia, VirtualBox, etc. need to be signed |
||||||
|
to load. |
||||||
|
|
||||||
|
Akmods provides an enroll process to sign third party modules with your |
||||||
|
own keypair. |
||||||
|
|
||||||
|
At the first run of the akmods.service, certificate and keypair will be |
||||||
|
created with default value using the '/usr/sbin/kmodgenca' script. |
||||||
|
|
||||||
|
You may also wish to manually create your own certificate and keypair |
||||||
|
with `/usr/sbin/kmodgenca` command. |
||||||
|
If '/usr/sbin/kmodgenca' is launched with the '-a' parameter, it will |
||||||
|
use default values to complete the cacert.config file, and to generate |
||||||
|
automatically the cert and the private key. |
||||||
|
If '/usr/sbin/kmodgenca' is launched without parameters, user will be |
||||||
|
prompted to complete manually the cacert.config file, then the cert and |
||||||
|
the private key will be automatically generated. |
||||||
|
If the cert and the private key files already exist, |
||||||
|
'/usr/sbin/kmodgenca' will exit unless the '-f' parameter is used. |
||||||
|
|
||||||
|
The cert and the private key are stored respectively in |
||||||
|
/etc/pki/akmods/certs and /etc/pki/akmods/private/ directories. |
||||||
|
|
||||||
|
Now you need to enroll the public key in MOK, this process is described |
||||||
|
below. |
||||||
|
- Ask MOK to enroll new keypair with certificate with the command |
||||||
|
`mokutil --import /etc/pki/akmods/certs/public_key.der`. |
||||||
|
- mokutil asks to generate a password to enroll the public key. |
||||||
|
- Rebooting the system is needed for MOK to enroll the new public key. |
||||||
|
- On next boot MOK Management is launched and you have to choose |
||||||
|
"Enroll MOK". |
||||||
|
- Choose "Continue" to enroll the key or "View key 0" to show the keys |
||||||
|
already enrolled. |
||||||
|
- Confirm enrollment by selecting "Yes". |
||||||
|
- You will be invited to enter the password generated above. |
||||||
|
WARNING: keyboard is mapped to QWERTY! |
||||||
|
- The new key is enrolled, and system ask you to reboot. |
||||||
|
|
||||||
|
You can confirm the enrollment of the new keypair once the system |
||||||
|
rebooted with: |
||||||
|
`mokutil --list-enrolled | grep Issuer` |
||||||
|
or with: |
||||||
|
`mokutil --test-key /etc/pki/akmods/certs/public_key.der` |
@ -0,0 +1,575 @@ |
|||||||
|
#!/bin/bash - |
||||||
|
######################################################################## |
||||||
|
# |
||||||
|
# akmods - Rebuilds and install akmod RPMs |
||||||
|
# Copyright (c) 2007, 2008 Thorsten Leemhuis <fedora@leemhuis.info> |
||||||
|
# Copyright (c) 2018 Nicolas Chauvet <kwizart@gmail.com> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
######################################################################## |
||||||
|
# |
||||||
|
# ToDo: |
||||||
|
# - use yum/dnf to install required kernel-devel packages? |
||||||
|
# - better way to detect if a earlier build failed or succeeded |
||||||
|
# - special kernel "all" (all that are installed with a matching -devel package; could be called from posttrans in akmods packages) |
||||||
|
# - manpage |
||||||
|
# - make it configurable if kmod building is done with nohup |
||||||
|
# - check on shutdown if akmods is still running and let it finish before continuing |
||||||
|
# - make it configurable if kmods from the repo replace local ones |
||||||
|
|
||||||
|
# global vars |
||||||
|
myprog="akmods" |
||||||
|
myver="0.5.7" |
||||||
|
kmodlogfile= |
||||||
|
continue_line="" |
||||||
|
tmpdir= |
||||||
|
kernels= |
||||||
|
verboselevel=2 |
||||||
|
# We cannot differenciate from a code failure to shutdown kill9 oom etc |
||||||
|
# So we always retry anyway |
||||||
|
alwaystry=1 |
||||||
|
|
||||||
|
akmods_echo() |
||||||
|
{ |
||||||
|
# where to output |
||||||
|
local this_fd=${1} |
||||||
|
shift |
||||||
|
|
||||||
|
# verboselevel |
||||||
|
local this_verbose=${1} |
||||||
|
shift |
||||||
|
|
||||||
|
# output to console |
||||||
|
if (( ${verboselevel} >= ${this_verbose} )) ; then |
||||||
|
if [[ "${1}" == "--success" ]] ; then |
||||||
|
echo_success |
||||||
|
continue_line="" |
||||||
|
echo |
||||||
|
return 0 |
||||||
|
elif [[ "${1}" == "--failure" ]] ; then |
||||||
|
echo_failure |
||||||
|
echo |
||||||
|
continue_line="" |
||||||
|
return 0 |
||||||
|
elif [[ "${1}" == "--warning" ]] ; then |
||||||
|
echo_warning |
||||||
|
echo |
||||||
|
continue_line="" |
||||||
|
return 0 |
||||||
|
elif [[ "${1}" == "-n" ]] ; then |
||||||
|
continue_line="true" |
||||||
|
fi |
||||||
|
echo "$@" >&${this_fd} |
||||||
|
fi |
||||||
|
|
||||||
|
# no need to print the status flags in the logs |
||||||
|
if [[ "${1}" == "--success" ]] || [[ "${1}" == "--failure" ]] || [[ "${1}" == "--warning" ]] ; then |
||||||
|
return 0 |
||||||
|
fi |
||||||
|
|
||||||
|
# no need to continues in the log |
||||||
|
if [[ "${1}" == "-n" ]] ; then |
||||||
|
shift |
||||||
|
fi |
||||||
|
|
||||||
|
# global logfile |
||||||
|
echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "/var/log/akmods/akmods.log" |
||||||
|
|
||||||
|
# the kmods logfile as well, if we work on a kmod |
||||||
|
if [[ -n "${kmodlogfile}" ]] ; then |
||||||
|
echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "${kmodlogfile}" |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
finally() |
||||||
|
{ |
||||||
|
# remove tmpfiles |
||||||
|
remove_tmpdir |
||||||
|
|
||||||
|
# remove lockfile |
||||||
|
rm -f /var/cache/akmods/.lockfile |
||||||
|
|
||||||
|
exit ${1:-128} |
||||||
|
} |
||||||
|
|
||||||
|
# Make sure finally() is run regardless of reason for exiting. |
||||||
|
trap "finally" ABRT HUP INT QUIT |
||||||
|
|
||||||
|
create_tmpdir() |
||||||
|
{ |
||||||
|
if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then |
||||||
|
akmods_echo 2 1 "ERROR: failed to create tmpdir." |
||||||
|
akmods_echo 2 1 --failure ; return 1 |
||||||
|
fi |
||||||
|
if ! mkdir "${tmpdir}"results ; then |
||||||
|
akmods_echo 2 1 "ERROR: failed to create result tmpdir." |
||||||
|
akmods_echo 2 1 --failure ; return 1 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
remove_tmpdir() |
||||||
|
{ |
||||||
|
# remove tmpfiles |
||||||
|
if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]] ; then |
||||||
|
rm -f "${tmpdir}"results/* "${tmpdir}"*.log |
||||||
|
rmdir "${tmpdir}"results/ "${tmpdir}" |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
cleanup_cachedir () |
||||||
|
{ |
||||||
|
for one_file in $(ls /var/cache/akmods/*/* 2>/dev/null | \ |
||||||
|
grep -v "$(ls -I "*rescue*" /boot/vmlinuz-* | \ |
||||||
|
sed 's%.*vmlinuz-%%g')") ; do |
||||||
|
if $(grep -qE ".*\.rpm$" <<< "${one_file}") ; then |
||||||
|
if ! $(rpm -q "$(basename ${one_file%.rpm})" >/dev/null) ; then |
||||||
|
rm -f "${one_file}" |
||||||
|
fi |
||||||
|
else |
||||||
|
rm -f "${one_file}" |
||||||
|
fi |
||||||
|
done |
||||||
|
} |
||||||
|
|
||||||
|
init () |
||||||
|
{ |
||||||
|
# some security provisions |
||||||
|
\export PATH='/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' |
||||||
|
\unalias -a |
||||||
|
hash -r |
||||||
|
# https://bugzilla.rpmfusion.org/show_bug.cgi?id=4023 |
||||||
|
#ulimit -H -c 0 -- |
||||||
|
IFS=$' \t\n' |
||||||
|
UMASK=022 |
||||||
|
umask ${UMASK} |
||||||
|
|
||||||
|
# fall back to current kernel if user didn't provide one |
||||||
|
if [[ ! -n "${kernels}" ]] ; then |
||||||
|
kernels="$(uname -r)" |
||||||
|
fi |
||||||
|
# ensure to build for grub default kernel |
||||||
|
default_kernel=$(grubby --default-kernel | sed -e 's/^.*vmlinuz-//') |
||||||
|
if ! $(echo "${kernels}" | grep -q "${default_kernel}") ; then |
||||||
|
kernels="${kernels} ${default_kernel}" |
||||||
|
fi |
||||||
|
|
||||||
|
# we get the echo_{success,failure} stuff from there |
||||||
|
if [[ -r /etc/rc.d/init.d/functions ]] ; then |
||||||
|
source /etc/rc.d/init.d/functions |
||||||
|
else |
||||||
|
# Use our own simple replacements |
||||||
|
echo_success() { |
||||||
|
echo -ne " [ OK ]\r" |
||||||
|
return 0 |
||||||
|
} |
||||||
|
echo_failure() { |
||||||
|
echo -ne " [FAILED]\r" |
||||||
|
return 1 |
||||||
|
} |
||||||
|
echo_warning() { |
||||||
|
echo -ne " [WARNING]\r" |
||||||
|
return 1 |
||||||
|
} |
||||||
|
fi |
||||||
|
|
||||||
|
# needs root permissions |
||||||
|
if [[ ! -w /var ]] ; then |
||||||
|
echo -n "Needs to run as root to be able to install rpms." >&2 |
||||||
|
echo_failure ; echo ; exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# no akmods |
||||||
|
if [[ ! -d "/usr/src/akmods/" ]] ; then |
||||||
|
echo -n "/usr/src/akmods/ not found." >&2 |
||||||
|
echo_failure ; echo ; exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# if there are no akmod packages installed there is nothing to do for us |
||||||
|
if ! ls /usr/src/akmods/*-kmod.latest &> /dev/null ; then |
||||||
|
echo -n "No akmod packages found, nothing to do." >&2 |
||||||
|
echo_success ; echo ; exit 0 |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
# now that we know that we're root make sure our dir for logging and results is available |
||||||
|
if [[ ! -d "/var/cache/akmods/" ]] ; then |
||||||
|
if ! mkdir -p "/var/cache/akmods/" ; then |
||||||
|
echo -n "/var/cache/akmods/ not found and could not be created" >&2 |
||||||
|
echo_failure ; echo ; exit 1 |
||||||
|
fi |
||||||
|
fi |
||||||
|
if [[ ! -w "/var/cache/akmods/" ]] ; then |
||||||
|
echo -n "/var/cache/akmods/ not writable" >&2 |
||||||
|
echo_failure ; echo ; exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# tools needed |
||||||
|
for tool in akmodsbuild chown flock sed rpmdev-vercmp ; do |
||||||
|
if ! which "${tool}" &> /dev/null ; then |
||||||
|
echo -n "${tool} not found" >&2 |
||||||
|
echo_failure ; echo ; exit 1 |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
# create lockfile and wait till we get it |
||||||
|
exec 99>/run/akmods/akmods.lock |
||||||
|
flock -w 900 99 |
||||||
|
} |
||||||
|
|
||||||
|
buildinstall_kmod() |
||||||
|
{ |
||||||
|
local this_kernelver=${1} |
||||||
|
local this_kmodname=${2} |
||||||
|
local this_kmodsrpm=${3} |
||||||
|
local this_kmodverrel=${4} |
||||||
|
|
||||||
|
if [[ ! -r "${this_kmodsrpm}" ]] ; then |
||||||
|
akmods_echo 2 1 "ERROR: ${this_kmodsrpm} not found." |
||||||
|
akmods_echo 2 1 --failure ; return 1 |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
# result and logdir |
||||||
|
if [[ ! -d "/var/cache/akmods/${this_kmodname}" ]] ; then |
||||||
|
if ! mkdir "/var/cache/akmods/${this_kmodname}" ; then |
||||||
|
akmods_echo 2 1 "ERROR: could not create /var/cache/akmods/${this_kmodname}." |
||||||
|
akmods_echo 2 1 --failure ; return 1 |
||||||
|
fi |
||||||
|
fi |
||||||
|
|
||||||
|
## preparations |
||||||
|
# tmpdir |
||||||
|
create_tmpdir |
||||||
|
|
||||||
|
# akmods needs to write there (and nobody else, but mktemp takes care of that!) |
||||||
|
chown akmods "${tmpdir}" "${tmpdir}"results |
||||||
|
|
||||||
|
# remove old logfiles if they exist |
||||||
|
rm -f "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" "/var/cache/akmods/${this_kmodname}/.last.log" |
||||||
|
|
||||||
|
# create a per kmod logfile |
||||||
|
if ! touch "/var/cache/akmods/${this_kmodname}/.last.log" ; then |
||||||
|
akmods_echo 2 1 "ERROR: failed to create kmod specific logfile." |
||||||
|
return 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# akmods_echo will log to this file from now on as well |
||||||
|
kmodlogfile="/var/cache/akmods/${this_kmodname}/.last.log" |
||||||
|
|
||||||
|
# Unset TMPDIR since it is misused by "runuser" |
||||||
|
# https://bugzilla.rpmfusion.org/show_bug.cgi?id=2596 |
||||||
|
unset TMPDIR |
||||||
|
|
||||||
|
# build module using akmod |
||||||
|
akmods_echo 1 4 "Building RPM using the command '$(which akmodsbuild) --kernels ${this_kernelver} ${this_kmodsrpm}'" |
||||||
|
/sbin/runuser -s /bin/bash -c "$(which akmodsbuild) --quiet --kernels ${this_kernelver} --outputdir ${tmpdir}results --logfile ${tmpdir}/akmodsbuild.log ${this_kmodsrpm}" akmods >> "${kmodlogfile}" 2>&1 |
||||||
|
local returncode=$? |
||||||
|
|
||||||
|
# copy rpmbuild log to kmod specific logfile |
||||||
|
if [[ -s "${tmpdir}"/akmodsbuild.log ]] ; then |
||||||
|
while read line ; do |
||||||
|
echo "$(date +%Y/%m/%d\ %H:%M:%S) akmodsbuild: ${line}" >> "${kmodlogfile}" |
||||||
|
done < "${tmpdir}"/akmodsbuild.log |
||||||
|
fi |
||||||
|
|
||||||
|
# result |
||||||
|
if (( ! ${returncode} == 0 )) ; then |
||||||
|
if [[ -n "${continue_line}" ]] ; then |
||||||
|
akmods_echo 1 2 --failure |
||||||
|
fi |
||||||
|
akmods_echo 2 1 "Building rpms failed; see /var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log for details" |
||||||
|
cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" |
||||||
|
kmodlogfile="" |
||||||
|
remove_tmpdir |
||||||
|
return 4 |
||||||
|
fi |
||||||
|
|
||||||
|
# dnf/yum install - repository disabled on purpose see rfbz#3350 |
||||||
|
akmods_echo 1 4 "Installing newly built rpms" |
||||||
|
if [[ -f /usr/bin/dnf ]] ; then |
||||||
|
akmods_echo 1 4 "DNF detected" |
||||||
|
dnf -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1 |
||||||
|
else |
||||||
|
akmods_echo 1 4 "DNF not found, using YUM instead." |
||||||
|
yum -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1 |
||||||
|
fi |
||||||
|
local returncode=$? |
||||||
|
|
||||||
|
# place the newly built rpms where user expects them |
||||||
|
cp "${tmpdir}results/"* "/var/cache/akmods/${this_kmodname}/" |
||||||
|
|
||||||
|
# everything fine? |
||||||
|
if (( ${returncode} != 0 )) ; then |
||||||
|
if [[ -n "${continue_line}" ]] ; then |
||||||
|
akmods_echo 1 2 --failure |
||||||
|
fi |
||||||
|
akmods_echo 2 1 "Could not install newly built RPMs. You can find them and the logfile in:" |
||||||
|
akmods_echo 2 1 "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" |
||||||
|
cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log" |
||||||
|
kmodlogfile="" |
||||||
|
remove_tmpdir |
||||||
|
return 8 |
||||||
|
fi |
||||||
|
|
||||||
|
# finish |
||||||
|
akmods_echo 1 4 "Successful." |
||||||
|
cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" |
||||||
|
kmodlogfile="" |
||||||
|
remove_tmpdir |
||||||
|
|
||||||
|
return 0 |
||||||
|
} |
||||||
|
|
||||||
|
check_kmod_up2date() |
||||||
|
{ |
||||||
|
local this_kernelver=${1} |
||||||
|
local this_kmodname=${2} |
||||||
|
local kmodpackage_file="$(modinfo ${this_kmodname} -k ${this_kernelver} -n 2>/dev/null)" |
||||||
|
|
||||||
|
# kmod present, even with weak-modules? |
||||||
|
if [[ ! -n "${kmodpackage_file}" ]] && [[ ! -d /lib/modules/${this_kernelver}/extra/${this_kmodname}/ ]] ; then |
||||||
|
# build it |
||||||
|
return 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# kmod up2date? |
||||||
|
# Weak module symlink case |
||||||
|
if [ -n "${kmodpackage_file}" ] && [ -h "${kmodpackage_file}" ] && $(echo "${kmodpackage_file}" | grep -q "weak-updates") ; then |
||||||
|
local kmodpackage="$(rpm -qf $(readlink -e ${kmodpackage_file}) 2> /dev/null)" |
||||||
|
# Regular module file case |
||||||
|
else |
||||||
|
local kmodpackage="$(rpm -qf /lib/modules/${this_kernelver}/extra/${this_kmodname}/ 2> /dev/null)" |
||||||
|
fi |
||||||
|
if [[ ! -n "${kmodpackage}" ]] ; then |
||||||
|
# seems we didn't get what we wanted |
||||||
|
# well, better to do nothing in this case |
||||||
|
akmods_echo 1 2 -n "Warning: Could not determine what package owns /lib/modules/${this_kernelver}/extra/${this_kmodname}/" |
||||||
|
return 0 |
||||||
|
fi |
||||||
|
local kmodver=$(rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' "${kmodpackage}" | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g') |
||||||
|
local akmodver=$(rpm -qp --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' /usr/src/akmods/"${this_kmodname}"-kmod.latest | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g') |
||||||
|
|
||||||
|
rpmdev-vercmp "${kmodver}" "${akmodver}" &>/dev/null |
||||||
|
local retvalue=$? |
||||||
|
if [[ "$retvalue" == 0 ]] ; then |
||||||
|
# Versions are the same. Nothing to do. |
||||||
|
return 0 |
||||||
|
elif [[ "$retvalue" == 11 ]] ; then |
||||||
|
# kmod is newer, nothing to do. |
||||||
|
return 0 |
||||||
|
elif [[ "$retvalue" == 12 ]] ; then |
||||||
|
# akmod is newer, need to build kmod. |
||||||
|
return 1 |
||||||
|
else |
||||||
|
# Something went wrong |
||||||
|
akmods_echo 1 2 -n "Error: Could not determine if akmod is newer than the installed kmod" |
||||||
|
akmods_echo 1 2 --failure |
||||||
|
return 0 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
check_kmods() |
||||||
|
{ |
||||||
|
local this_kernelver="${1}" |
||||||
|
|
||||||
|
akmods_echo 1 2 -n "Checking kmods exist for ${this_kernelver}" |
||||||
|
for akmods_kmodfile in /usr/src/akmods/*-kmod.latest ; do |
||||||
|
local this_kmodname="$(basename ${akmods_kmodfile%%-kmod.latest})" |
||||||
|
|
||||||
|
# actually check this akmod? |
||||||
|
if [[ -n "${akmods}" ]] ; then |
||||||
|
for akmod in ${akmods} ; do |
||||||
|
if [[ "${this_kmodname}" != "${akmod}" ]] ; then |
||||||
|
# ignore this one |
||||||
|
continue 2 |
||||||
|
fi |
||||||
|
done |
||||||
|
fi |
||||||
|
|
||||||
|
# go |
||||||
|
if ! check_kmod_up2date ${this_kernelver} ${this_kmodname} ; then |
||||||
|
# okay, kmod wasn't found or is not up2date |
||||||
|
if [[ -n "${continue_line}" ]] ; then |
||||||
|
akmods_echo 1 2 --success |
||||||
|
# if the files for building modules are not available don't even try to build modules |
||||||
|
if [[ ! -r /usr/src/kernels/"${this_kernelver}"/Makefile ]] && \ |
||||||
|
[[ ! -r /lib/modules/"${this_kernelver}"/build/Makefile ]] ; then |
||||||
|
akmods_echo 1 2 "Files needed for building modules against kernel" |
||||||
|
akmods_echo 1 2 "${this_kernelver} could not be found as the following" |
||||||
|
akmods_echo 1 2 "directories are missing:" |
||||||
|
akmods_echo 1 2 "/usr/src/kernels/${this_kernelver}/" |
||||||
|
akmods_echo 1 2 -n "/lib/modules/${this_kernelver}/build/" |
||||||
|
akmods_echo 1 2 -n "Is the correct kernel-devel package installed?" |
||||||
|
akmods_echo 1 2 --failure |
||||||
|
return 1 |
||||||
|
fi |
||||||
|
fi |
||||||
|
|
||||||
|
local this_kmodverrel="$(rpm -qp --qf '%{VERSION}-%{RELEASE}' "${akmods_kmodfile}" | sed 's!\.\(fc\|el\|lvn\)[0-9]*!!g' )" |
||||||
|
if [[ ! -n "${alwaystry}" ]] && [[ -e "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}".failed.log ]] ; then |
||||||
|
akmods_echo 1 2 -n "Ignoring ${this_kmodname}-kmod as it failed earlier" |
||||||
|
akmods_echo 1 2 --warning |
||||||
|
local someignored="true" |
||||||
|
else |
||||||
|
akmods_echo 1 2 -n "Building and installing ${this_kmodname}-kmod" |
||||||
|
buildinstall_kmod ${this_kernelver} ${this_kmodname} ${akmods_kmodfile} ${this_kmodverrel} |
||||||
|
local returncode=$? |
||||||
|
if [[ "$returncode" == "0" ]] ; then |
||||||
|
akmods_echo 1 2 --success |
||||||
|
local somesucceeded="true" |
||||||
|
elif [[ "$returncode" == "8" ]] ; then |
||||||
|
akmods_echo 1 2 --failure "New kmod RPM was built but could not be installed." |
||||||
|
else |
||||||
|
local somefailed="true" |
||||||
|
fi |
||||||
|
fi |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
if [[ -n "${continue_line}" ]] ; then |
||||||
|
akmods_echo 1 2 --success |
||||||
|
elif [[ -n "${someignored}" ]] || [[ -n "${somefailed}" ]] ; then |
||||||
|
echo |
||||||
|
akmods_echo 1 2 "Hint: Some kmods were ignored or failed to build or install." |
||||||
|
akmods_echo 1 2 "You can try to rebuild and install them by by calling" |
||||||
|
akmods_echo 1 2 "'/usr/sbin/akmods --force' as root." |
||||||
|
echo |
||||||
|
sleep 2 |
||||||
|
fi |
||||||
|
|
||||||
|
# akmods for newly installed akmod rpms as wells as akmods.service run |
||||||
|
# after udev and systemd-modules-load.service have tried to load modules |
||||||
|
if [[ -n "${somesucceeded}" ]] && [[ ${this_kernelver} = "$(uname -r)" ]] ; then |
||||||
|
find /sys/devices -name modalias -print0 | xargs -0 cat | xargs modprobe -a -b -q |
||||||
|
if [ -f /usr/bin/systemctl ] ; then |
||||||
|
systemctl restart systemd-modules-load.service |
||||||
|
fi |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
myprog_help () |
||||||
|
{ |
||||||
|
echo "Checks the akmod packages and rebuilds them if needed" |
||||||
|
echo $'\n'"Usage: ${myprog} [OPTIONS]" |
||||||
|
echo $'\n'"Options:" |
||||||
|
echo " --force -- try all, even if they failed earlier" |
||||||
|
echo " --kernels <kernel> -- build and install only for kernel <kernel>" |
||||||
|
echo " (formatted the same as 'uname -r' would produce)" |
||||||
|
echo " --akmod <akmod> -- build and install only akmod <akmod>" |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
# first parse command line options |
||||||
|
while [ "${1}" ] ; do |
||||||
|
case "${1}" in |
||||||
|
--kernel|--kernels) |
||||||
|
shift |
||||||
|
if [[ ! -n "${1}" ]] ; then |
||||||
|
echo "ERROR: Please provide the kernel-version to build for together with --kernel" >&2 |
||||||
|
exit 1 |
||||||
|
elif [[ ! -r /usr/src/kernels/"${1}"/Makefile ]] && \ |
||||||
|
[[ ! -r /lib/modules/"${1}"/build/Makefile ]] ; then |
||||||
|
echo "Could not find files needed to compile modules for ${1}" |
||||||
|
echo "Are the development files for kernel ${1} or the appropriate kernel-devel package installed?" |
||||||
|
exit 1 |
||||||
|
elif [[ -r /usr/src/kernels/"${1}"/Makefile ]] && \ |
||||||
|
[[ ! -d /lib/modules/"${1}" ]] ; then |
||||||
|
# this is a red hat / fedora kernel-devel package, but the kernel for it is not installed |
||||||
|
# kmodtool would add a dep on that kernel when building; thus when we'd try to install the |
||||||
|
# rpms we'd run into a missing-dep problem. Thus we prevent that case |
||||||
|
echo "Kernel ${1} not installed" |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
# overwrites the default: |
||||||
|
if [[ ! -n "${kernels}" ]] ; then |
||||||
|
kernels="${1}" |
||||||
|
else |
||||||
|
kernels="${kernels} ${1}" |
||||||
|
fi |
||||||
|
# an try to build, even if we tried already |
||||||
|
alwaystry=true |
||||||
|
shift |
||||||
|
;; |
||||||
|
--akmod|--kmod) |
||||||
|
shift |
||||||
|
if [[ ! -n "${1}" ]] ; then |
||||||
|
echo "ERROR: Please provide a name of a akmod package together with --akmods" >&2 |
||||||
|
exit 1 |
||||||
|
elif [[ -r /usr/src/akmods/"${1}"-kmod.latest ]] ; then |
||||||
|
akmods="${akmods}${1} " |
||||||
|
elif [[ -r /usr/src/akmods/"${1}".latest ]] ; then |
||||||
|
akmods="${akmods}${1%%-kmod} " |
||||||
|
else |
||||||
|
echo "Could not find akmod ${1}" |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
shift |
||||||
|
;; |
||||||
|
--force) |
||||||
|
alwaystry=true |
||||||
|
shift |
||||||
|
;; |
||||||
|
--from-init) |
||||||
|
# just in case: remove stale lockfile if it exists: |
||||||
|
rm -f /var/cache/akmods/.lockfile |
||||||
|
# Clean old logs and rpm files from no more installed kmod |
||||||
|
# packages. |
||||||
|
cleanup_cachedir |
||||||
|
shift |
||||||
|
;; |
||||||
|
--from-posttrans|--from-kernel-posttrans|--from-akmod-posttrans) |
||||||
|
# ignored |
||||||
|
shift |
||||||
|
;; |
||||||
|
--verbose) |
||||||
|
let verboselevel++ |
||||||
|
shift |
||||||
|
;; |
||||||
|
--quiet) |
||||||
|
let verboselevel-- |
||||||
|
shift |
||||||
|
;; |
||||||
|
--help) |
||||||
|
myprog_help |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
--version) |
||||||
|
echo "${myprog} ${myver}" |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
*) |
||||||
|
echo "Error: Unknown option '${1}'." >&2 |
||||||
|
myprog_help >&2 |
||||||
|
exit 2 |
||||||
|
;; |
||||||
|
esac |
||||||
|
done |
||||||
|
|
||||||
|
# sanity checks |
||||||
|
init |
||||||
|
|
||||||
|
# go |
||||||
|
for kernel in ${kernels} ; do |
||||||
|
check_kmods ${kernel} |
||||||
|
done |
||||||
|
|
||||||
|
# finished :) |
||||||
|
finally 0 |
@ -0,0 +1,3 @@ |
|||||||
|
[Unit] |
||||||
|
Wants=akmods-keygen@.service |
||||||
|
PartOf=akmods.service |
@ -0,0 +1,11 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Akmods Secure boot MOK Key Generation |
||||||
|
ConditionFileNotEmpty=|!/etc/pki/akmods/certs/public_key.der |
||||||
|
ConditionFileNotEmpty=|!/etc/pki/akmods/private/private_key.priv |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=oneshot |
||||||
|
ExecStart=/usr/sbin/kmodgenca -a |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=akmods-keygen.target |
@ -0,0 +1,151 @@ |
|||||||
|
#!/bin/bash |
||||||
|
# |
||||||
|
# kmodgenca - Helper script to create CA/Keypair to sign modules. |
||||||
|
# Copyright (c) 2017 Stanislas Leduc <stanislas.leduc@balinor.net> |
||||||
|
# Copyright (c) 2018-2019 Nicolas Viéville <nicolas.vieville@uphf.fr> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
MYPROG="kmodgenca" |
||||||
|
MYVER="0.5.7" |
||||||
|
FORCE_BUILD=0 |
||||||
|
AUTOMATIC_BUILD=0 |
||||||
|
AUTOMATIC_BUILD_OPTION="" |
||||||
|
|
||||||
|
myprog_help () |
||||||
|
{ |
||||||
|
echo "Build CA/Keypair to sign modules" |
||||||
|
echo $'\n'"Usage: ${MYPROG} [OPTIONS]" |
||||||
|
echo $'\n'"Options:" |
||||||
|
echo " -a, --auto -- generate default values for cacert.config file without prompt" |
||||||
|
echo " -f, --force -- build CA/Keypair even if there is already ones" |
||||||
|
echo " -h, --help -- print usage" |
||||||
|
echo " -V, --version -- show version" |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
# Parse command line options. |
||||||
|
# |
||||||
|
while [ "${1}" ] ; do |
||||||
|
case "${1}" in |
||||||
|
-a|--auto) |
||||||
|
AUTOMATIC_BUILD=1 |
||||||
|
shift |
||||||
|
;; |
||||||
|
-f|--force) |
||||||
|
FORCE_BUILD=1 |
||||||
|
shift |
||||||
|
;; |
||||||
|
-h|--help) |
||||||
|
myprog_help |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
-V|--version) |
||||||
|
echo "${MYPROG} ${MYVER}" |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
*) |
||||||
|
echo "Error: Unknown option '${1}'." >&2 |
||||||
|
myprog_help >&2 |
||||||
|
exit 2 |
||||||
|
;; |
||||||
|
esac |
||||||
|
done |
||||||
|
|
||||||
|
# Exit early if cert and private key already exist and if FORCE_BUILD |
||||||
|
# is not equal to 1. |
||||||
|
# |
||||||
|
if $(readlink -e /etc/pki/akmods/certs/public_key.der &>/dev/null) && \ |
||||||
|
$(readlink -e /etc/pki/akmods/private/private_key.priv &>/dev/null) && \ |
||||||
|
[ ${FORCE_BUILD} -eq 0 ] ; then |
||||||
|
exit 0 |
||||||
|
fi |
||||||
|
|
||||||
|
CACERT_CONFIG="/etc/pki/akmods/cacert.config" |
||||||
|
KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')" |
||||||
|
|
||||||
|
# Create cacert.config file with local values if AUTOMATIC_BUILD is set |
||||||
|
# or ask for values manually. |
||||||
|
# |
||||||
|
echo "Update cacert.config..." |
||||||
|
if [ ${AUTOMATIC_BUILD} -eq 1 ] ; then |
||||||
|
# Set OpenSSL fields values, comment default values and min/max ones. |
||||||
|
sed -e "s#\(0.organizationName *= \).*#\1$(hostname)#" \ |
||||||
|
-e "s#\(organizationalUnitName *= \).*#\1$(hostname)#" \ |
||||||
|
-e "s#\(emailAddress *= \).*#\1akmods@$(hostname)#" \ |
||||||
|
-e "s#\(localityName *= \).*#\1None#" \ |
||||||
|
-e "s#\(stateOrProvinceName *= \).*#\1None#" \ |
||||||
|
-e "s#\(countryName *= \).*#\1$(locale country_ab2)#" \ |
||||||
|
-e "s#\(commonName *= \).*#\1$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')#" \ |
||||||
|
-e "s/^[^#]*_default *= /#&/" \ |
||||||
|
-e "s/^[^#]*_min/#&/" \ |
||||||
|
-e "s/^[^#]*_max/#&/" ${CACERT_CONFIG}.in > ${CACERT_CONFIG} |
||||||
|
AUTOMATIC_BUILD_OPTION=" -batch" |
||||||
|
else |
||||||
|
# Activate prompt directive. |
||||||
|
sed -e "s#\(prompt *= \).*#\1yes#" ${CACERT_CONFIG}.in > ${CACERT_CONFIG} |
||||||
|
fi |
||||||
|
KEY_SUFF="$(date "+%F_%T_%N")" |
||||||
|
# If cert and private key files names already exists, do not overwrite |
||||||
|
# them but save them. |
||||||
|
# |
||||||
|
if [[ -e /etc/pki/akmods/certs/${KEYNAME}.der ]] ; then |
||||||
|
# If the cert has already been loaded in MOK, add "already_enrolled" |
||||||
|
# to the suffix of the backup file. |
||||||
|
# `mokutil --help` fails if EFI variables are not supported on the |
||||||
|
# system. It is therefore impossible to test the presence of the key |
||||||
|
# in MOK, and then do not add special suffix to the backup file. |
||||||
|
# |
||||||
|
if $(which mokutil &> /dev/null) && $(mokutil --help &> /dev/null) && $(mokutil --test-key /etc/pki/akmods/certs/${KEYNAME}.der &> /dev/null) ; then |
||||||
|
KEY_SUFF="${KEY_SUFF}_already_enrolled" |
||||||
|
fi |
||||||
|
mv /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/${KEYNAME}.der.${KEY_SUFF}.bak |
||||||
|
if [[ -e /etc/pki/akmods/private/${KEYNAME}.priv ]] ; then |
||||||
|
mv /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/${KEYNAME}.priv.${KEY_SUFF}.bak |
||||||
|
fi |
||||||
|
fi |
||||||
|
|
||||||
|
echo "Generate new keypair..." |
||||||
|
sg akmods -c " |
||||||
|
umask 037 |
||||||
|
openssl req -x509 -new -nodes -utf8 -sha256 -days 3650${AUTOMATIC_BUILD_OPTION} \ |
||||||
|
-config ${CACERT_CONFIG} -outform DER \ |
||||||
|
-out /etc/pki/akmods/certs/${KEYNAME}.der \ |
||||||
|
-keyout /etc/pki/akmods/private/${KEYNAME}.priv |
||||||
|
" |
||||||
|
|
||||||
|
# Ensure that akmods group can read keys. |
||||||
|
# |
||||||
|
chmod g+r /etc/pki/akmods/certs/${KEYNAME}.* |
||||||
|
chmod g+r /etc/pki/akmods/private/${KEYNAME}.* |
||||||
|
|
||||||
|
# Sanitize permissions. |
||||||
|
# |
||||||
|
if [[ -x /usr/sbin/restorecon ]] ; then |
||||||
|
/usr/sbin/restorecon /etc/pki/akmods/certs/${KEYNAME}.der |
||||||
|
/usr/sbin/restorecon /etc/pki/akmods/private/${KEYNAME}.priv |
||||||
|
fi |
||||||
|
|
||||||
|
# Update symlink to use new keypair. |
||||||
|
# |
||||||
|
ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der |
||||||
|
ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv |
||||||
|
|
||||||
|
exit 0 |
@ -0,0 +1,102 @@ |
|||||||
|
#!/bin/bash - |
||||||
|
############################################################################ |
||||||
|
# |
||||||
|
# akmods - Rebuilds and install akmod RPMs |
||||||
|
# Copyright (c) 2007, 2008 Thorsten Leemhuis <fedora@leemhuis.info> |
||||||
|
# Copyright (c) 2018 Nicolas Chauvet <kwizart@gmail.com> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
############################################################################ |
||||||
|
|
||||||
|
myprog="akmods-post" |
||||||
|
tmpdir= |
||||||
|
|
||||||
|
# Only do %post builds in ostree |
||||||
|
if ! grep -q OSTREE_VERSION= /etc/os-release && ! test -f /run/ostree-booted; then |
||||||
|
exit 0 |
||||||
|
fi |
||||||
|
|
||||||
|
kmodname=$1 |
||||||
|
srpm=$2 |
||||||
|
|
||||||
|
|
||||||
|
finally() |
||||||
|
{ |
||||||
|
# remove tmpfiles |
||||||
|
remove_tmpdir |
||||||
|
|
||||||
|
exit ${1:-128} |
||||||
|
} |
||||||
|
|
||||||
|
# Make sure finally() is run regardless of reason for exiting. |
||||||
|
trap "finally" ABRT HUP INT QUIT |
||||||
|
|
||||||
|
create_tmpdir() |
||||||
|
{ |
||||||
|
if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then |
||||||
|
echo "ERROR: failed to create tmpdir." >&2 |
||||||
|
finally 1 |
||||||
|
fi |
||||||
|
if ! mkdir "${tmpdir}"results ; then |
||||||
|
echo "ERROR: failed to create result tmpdir." >&2 |
||||||
|
finally 1 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
remove_tmpdir() |
||||||
|
{ |
||||||
|
# remove tmpfiles |
||||||
|
if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]]; then |
||||||
|
rm -rf "${tmpdir}" |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
# This is an ostree build, so do build for all |
||||||
|
# deployed kernels in the %post |
||||||
|
kernels="$(ls /lib/modules)" |
||||||
|
|
||||||
|
create_tmpdir |
||||||
|
|
||||||
|
for kernel in ${kernels} ; do |
||||||
|
echo "Building ${srpm} for kernel ${kernel}" |
||||||
|
# Note: This builds as root, but this is pretty safe because its happening in the ostree %post sandbox. |
||||||
|
# In fact, given that /usr is a rofiles-fuse mount no other user can access /usr in this sandbox anyway. |
||||||
|
akmodsbuild --quiet --kernels ${kernel} --outputdir ${tmpdir}results --logfile "${tmpdir}/akmodsbuild.log" "${srpm}" 2>&1 |
||||||
|
returncode=$? |
||||||
|
if (( ! ${returncode} == 0 )); then |
||||||
|
finally 1 |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
for f in $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) ; do |
||||||
|
rpm2cpio $f | cpio --quiet -D / -id |
||||||
|
returncode=$? |
||||||
|
if (( ! ${returncode} == 0 )); then |
||||||
|
echo "Extracting $f failed:" 2>&1 |
||||||
|
finally 1 |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
for kernel in ${kernels} ; do |
||||||
|
depmod -v ${kernel} 2>&1 |
||||||
|
done |
||||||
|
|
||||||
|
finally 0 |
@ -0,0 +1,31 @@ |
|||||||
|
#!/bin/bash |
||||||
|
# |
||||||
|
# akmods-shutdown - Helper script to build kernel modules on shutdown |
||||||
|
# Copyright (c) 2012 Richard shaw <hobbes1069@gmail.com> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
|
||||||
|
echo "Building modules for all installed kernels." |
||||||
|
for kernel in /usr/src/kernels/* ; do |
||||||
|
kernel=$(basename $kernel) |
||||||
|
/usr/sbin/akmods --kernels $kernel |
||||||
|
done |
||||||
|
|
@ -0,0 +1,14 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Builds and install new kmods from akmod packages |
||||||
|
Before=shutdown.service reboot.service halt.service |
||||||
|
Conflicts=shutdown.target |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=oneshot |
||||||
|
RemainAfterExit=yes |
||||||
|
ExecStart=/bin/true |
||||||
|
ExecStop=-/usr/sbin/akmods-shutdown |
||||||
|
TimeoutStopSec=5min |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1,2 @@ |
|||||||
|
# See tmpfiles.d(5) for details |
||||||
|
d /run/akmods 0770 root akmods - |
@ -0,0 +1,12 @@ |
|||||||
|
[BUGS] |
||||||
|
https://bugzilla.rpmfusion.org/buglist.cgi?product=Fedora&component=akmods&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED |
||||||
|
[REPORTING BUGS] |
||||||
|
Submit a bug against the akmods component at: |
||||||
|
.br |
||||||
|
https://bugzilla.rpmfusion.org/enter_bug.cgi?product=Fedora |
||||||
|
[AUTHOR] |
||||||
|
Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> |
||||||
|
[MAINTAINER] |
||||||
|
Richard Shaw <hobbes1069 [AT] gmail [DOT] com> |
||||||
|
[SEE ALSO] |
||||||
|
http://rpmfusion.org/Packaging/KernelModules/Akmods |
@ -0,0 +1,8 @@ |
|||||||
|
/var/log/akmods/akmods.log { |
||||||
|
monthly |
||||||
|
rotate 12 |
||||||
|
missingok |
||||||
|
notifempty |
||||||
|
create 644 root root |
||||||
|
su root akmods |
||||||
|
} |
@ -0,0 +1,14 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Builds and install new kmods from akmod packages |
||||||
|
ConditionPathExists=!/run/ostree-booted |
||||||
|
Before=@SERVICE@ |
||||||
|
After=akmods-keygen.target |
||||||
|
Wants=akmods-keygen.target |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=oneshot |
||||||
|
RemainAfterExit=yes |
||||||
|
ExecStart=/usr/sbin/akmods --from-init |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1,12 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Builds and install new kmods from akmod for a given kernel |
||||||
|
Wants=akmods-keygen.target |
||||||
|
After=akmods-keygen.target |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=oneshot |
||||||
|
RemainAfterExit=yes |
||||||
|
ExecStart=/usr/bin/systemd-inhibit --mode=block --what=idle:sleep:shutdown --who="akmods" --why="Akmods Transaction running" /usr/sbin/akmods --from-kernel-posttrans --kernels %i |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1,358 @@ |
|||||||
|
#!/bin/bash |
||||||
|
# |
||||||
|
# akmodbuild - Helper script for building kernel module SRPMs |
||||||
|
# Copyright (c) 2007 Thorsten Leemhuis <fedora@leemhuis.info> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
myprog="akmodsbuild" |
||||||
|
myver="0.5.6" |
||||||
|
|
||||||
|
# defaults that might get overwritten by user: |
||||||
|
kernels="$(uname -r)" |
||||||
|
target="$(uname -m)" |
||||||
|
if [[ "${target}" == "armv7l" ]] ; then |
||||||
|
target="armv7hl" |
||||||
|
fi |
||||||
|
numberofjobs=$(grep -c processor /proc/cpuinfo 2> /dev/null) |
||||||
|
verboselevel=2 |
||||||
|
outputdir="${PWD}" |
||||||
|
srpms= |
||||||
|
|
||||||
|
init () |
||||||
|
{ |
||||||
|
## startup checks |
||||||
|
# prevent root-usage |
||||||
|
if [[ -w /var ]] ; then |
||||||
|
echo "ERROR: Not to be used as root; start as user or '${myprog}' instead." >&2 |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# do we have everything we need to build for the kernels in question? |
||||||
|
for kernel in ${kernels}; do |
||||||
|
if [[ ! -e /usr/src/kernels/${kernel}/Makefile ]] && [[ ! -e /usr/lib/modules/${kernel}/build/Makefile ]] ; then |
||||||
|
echo "ERROR: Files needed for building modules against kernel" >&2 |
||||||
|
echo " ${kernel} could not be found as the following" >&2 |
||||||
|
echo " directories are missing:" |
||||||
|
echo " /usr/src/kernels/${kernel}/" >&2 |
||||||
|
echo " /usr/lib/modules/${kernel}/build/" >&2 |
||||||
|
exit 2 |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
if [[ ! -n "${srpms}" ]] ; then |
||||||
|
echo "ERROR: Please provide a list of SRPM-files to build." |
||||||
|
exit 2 |
||||||
|
fi |
||||||
|
|
||||||
|
# SRPMS available? |
||||||
|
for srpm in ${srpms}; do |
||||||
|
if [[ ! -r ${srpm} ]] ; then |
||||||
|
echo "ERROR: Can't find SRPM ${srpm}" |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
# room to save things |
||||||
|
if [[ ! -d "${outputdir}" ]] ; then |
||||||
|
echo "ERROR: ${outputdir} is not a directory" >&2 |
||||||
|
exit 1 |
||||||
|
elif [[ ! -w "${outputdir}" ]] ; then |
||||||
|
echo "ERROR: ${outputdir} is not a writable" >&2 |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
# make sure this is a number |
||||||
|
if ! (( ${numberofjobs} > 0 )) ; then |
||||||
|
echo "Warning: using hardcoded defaut value for number of jobs" |
||||||
|
numberofjobs=2 |
||||||
|
fi |
||||||
|
|
||||||
|
## preparations |
||||||
|
# tmpdir |
||||||
|
if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)" ; then |
||||||
|
echo "ERROR: Could create tempdir." |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
# buildtreee |
||||||
|
mkdir "${tmpdir}"/{BUILD,SOURCES,SPECS,SRPMS,RPMS,RPMS/"${target}"} |
||||||
|
|
||||||
|
# logfile |
||||||
|
if [[ ! -n "${logfile}" ]] ; then |
||||||
|
logfile="${tmpdir}/logfile" |
||||||
|
fi |
||||||
|
|
||||||
|
if ( [[ -e "${logfile}" ]] && [[ ! -w "${logfile}" ]] ) || ! touch "${logfile}" ; then |
||||||
|
echo "ERROR: Could not write logfile." |
||||||
|
finally |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
finally() |
||||||
|
{ |
||||||
|
# kill background jobs if needed |
||||||
|
if [[ -n "${watch_jobid}" ]] ; then |
||||||
|
kill "${watch_jobid}" |
||||||
|
fi |
||||||
|
if [[ -n "${rpmbuild_jobid}" ]] ; then |
||||||
|
kill "${rpmbuild_jobid}" |
||||||
|
fi |
||||||
|
|
||||||
|
# remove tmpfiles |
||||||
|
if [[ -d "${tmpdir}" ]] ; then |
||||||
|
rm -rf "${tmpdir}" |
||||||
|
fi |
||||||
|
} |
||||||
|
trap "finally" 2 |
||||||
|
|
||||||
|
|
||||||
|
akmods_echo() |
||||||
|
{ |
||||||
|
# where to output |
||||||
|
local this_fd=${1} |
||||||
|
shift |
||||||
|
|
||||||
|
# verboselevel |
||||||
|
local this_verbose=${1} |
||||||
|
shift |
||||||
|
|
||||||
|
if [[ "${1}" == "--not-logfile" ]] ; then |
||||||
|
local notlogfile=true |
||||||
|
shift |
||||||
|
fi |
||||||
|
|
||||||
|
# output to console |
||||||
|
if (( ${verboselevel} >= ${this_verbose} )) ; then |
||||||
|
echo "$@" >&${this_fd} |
||||||
|
fi |
||||||
|
|
||||||
|
# global logfile |
||||||
|
if [[ ! -n ${notlogfile} ]] ; then |
||||||
|
echo "$@" >> "${logfile}" |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
watch_rpmbuild() |
||||||
|
{ |
||||||
|
# background function to show rpmbuild progress |
||||||
|
# does't use akmods_echo here; this stage handles the output on its own |
||||||
|
# (seperate process and there is no need to log this) |
||||||
|
if (( ${verboselevel} == 2 )) ; then |
||||||
|
tail --pid ${1} -n +1 -s 0.1 -f ${2} 2>/dev/null | grep --line-buffered -e '%prep' -e '%build' -e '%install' -e '%clean' | while read line ; do |
||||||
|
if [[ "${line}" != "${line##*prep}" ]] ; then |
||||||
|
echo -n "prep " |
||||||
|
elif [[ "${line}" != "${line##*build}" ]] ; then |
||||||
|
echo -n "build " |
||||||
|
elif [[ "${line}" != "${line##*install}" ]] ; then |
||||||
|
echo -n "install " |
||||||
|
elif [[ "${line}" != "${line##*clean}" ]] ; then |
||||||
|
echo -n "clean; " |
||||||
|
# last linefeed is done by the caller |
||||||
|
fi |
||||||
|
done |
||||||
|
elif (( ${verboselevel} > 2 )) ; then |
||||||
|
tail --pid ${1} -n +1 -s 0.1 -f ${2} |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
process_srpm() |
||||||
|
{ |
||||||
|
local source_rpm="${1}" |
||||||
|
|
||||||
|
# status info |
||||||
|
akmods_echo 1 2 -n "* Rebuilding ${source_rpm} for kernel(s) ${kernels}: " |
||||||
|
|
||||||
|
# kick off rebuild into background |
||||||
|
/usr/bin/time --format='%x' --output="${tmpdir}/.jobexit" rpmbuild \ |
||||||
|
--define "_topdir ${tmpdir}/" \ |
||||||
|
--define "_buildtree ${tmpdir}/BUILD" \ |
||||||
|
--define "_specdir ${tmpdir}/SPECS" \ |
||||||
|
--define "_sourcedir ${tmpdir}/SOURCES" \ |
||||||
|
--define "_srcrpmdir ${tmpdir}/SRPMS" \ |
||||||
|
--define "_rpmdir ${tmpdir}/RPMS" \ |
||||||
|
--define "_smp_mflags -j${numberofjobs}" \ |
||||||
|
--define "kernels ${kernels}" \ |
||||||
|
--target ${target} \ |
||||||
|
--rebuild "${source_rpm}" 2>&1 | tee -a "${logfile}" > "${tmpdir}/.joblog" & |
||||||
|
|
||||||
|
local rpmbuild_jobid=$! |
||||||
|
|
||||||
|
# show progress |
||||||
|
if (( ${verboselevel} >= 2 )) ; then |
||||||
|
watch_rpmbuild ${rpmbuild_jobid} "${tmpdir}/.joblog" 2> /dev/null & |
||||||
|
local watch_jobid=$! |
||||||
|
fi |
||||||
|
|
||||||
|
# wait for rpmbuild |
||||||
|
wait ${rpmbuild_jobid} |
||||||
|
local rpmbuild_returncode=$(tail -n 1 "${tmpdir}/.jobexit") |
||||||
|
unset rpmbuild_jobid |
||||||
|
|
||||||
|
# give watch_rpmbuild a moment to catch up; kill it if it does not |
||||||
|
if (( ${verboselevel} >= 2 )) ; then |
||||||
|
sleep 0.5 |
||||||
|
kill ${watch_jobid} &> /dev/null |
||||||
|
unset watch_jobid |
||||||
|
fi |
||||||
|
|
||||||
|
# did rpmbuild succeed? |
||||||
|
if (( ${rpmbuild_returncode} != 0 )) ; then |
||||||
|
# linefeed: |
||||||
|
akmods_echo 1 2 "" |
||||||
|
|
||||||
|
akmods_echo 2 2 --not-logfile "rpmbuild failed with errorcode ${rpmbuild_returncode}; last 35 Lines of log:" |
||||||
|
akmods_echo 2 2 --not-logfile "--- " |
||||||
|
tail -n 35 "${tmpdir}/.joblog" >&2 |
||||||
|
akmods_echo 2 2 --not-logfile "---" |
||||||
|
return ${rpmbuild_returncode} |
||||||
|
fi |
||||||
|
|
||||||
|
# finish status for watch_rpmbuild |
||||||
|
if (( ${verboselevel} >= 2 )) ; then |
||||||
|
akmods_echo 1 2 -n "Successfull; " |
||||||
|
fi |
||||||
|
|
||||||
|
local rpms_built="$(cd "${tmpdir}"/RPMS/"${target}" ; echo *)" |
||||||
|
|
||||||
|
if ! mv "${tmpdir}/RPMS/${target}/"* "${outputdir}" ; then |
||||||
|
# linefeed: |
||||||
|
akmods_echo 1 2 "" |
||||||
|
|
||||||
|
akmods_echo 2 2 "Failed to move ${tmpdir}/RPMS/${target}/"* "to ${outputdir}" |
||||||
|
return 128 |
||||||
|
fi |
||||||
|
|
||||||
|
if (( ${verboselevel} == 1 )) ; then |
||||||
|
for rpm in ${rpms_built}; do |
||||||
|
echo "${outputdir%%/}/${rpm}" |
||||||
|
done |
||||||
|
elif (( ${verboselevel} >= 2 )) ; then |
||||||
|
akmods_echo 1 2 "Saved ${rpms_built} in ${outputdir%%/}/" |
||||||
|
fi |
||||||
|
|
||||||
|
|
||||||
|
# finished |
||||||
|
return 0 |
||||||
|
} |
||||||
|
|
||||||
|
myprog_help () |
||||||
|
{ |
||||||
|
echo "Rebuilds kmod SRPM(s)" |
||||||
|
echo $'\n'"Usage: ${myprog} [OPTIONS] <SRPMS>" |
||||||
|
echo $'\n'"Options:" |
||||||
|
echo " -k, --kernels -- build for kernel-versions (output from 'uname -r')" |
||||||
|
echo " -l, --logfile <file> -- save rpmbuild output to <file>" |
||||||
|
echo " -o, --outputdir <dir> -- save rpms and logs here (current directory)" |
||||||
|
echo " -t, --target -- target-arch (output from 'uname -m')" |
||||||
|
echo " -v, --verbose -- increase verboseness" |
||||||
|
echo " -q, --quiet -- be more quiet" |
||||||
|
echo " -h, --help -- show usage" |
||||||
|
echo " -V, --version -- show version" |
||||||
|
} |
||||||
|
|
||||||
|
while [ "${1}" ] ; do |
||||||
|
case "${1}" in |
||||||
|
-k|--kernels) |
||||||
|
shift |
||||||
|
if [[ ! -n "${1}" ]] ; then |
||||||
|
echo "ERROR: Please provide kernel-version(s) to build for together with --kernel" >&2 |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
kernels="${1}" |
||||||
|
shift |
||||||
|
;; |
||||||
|
-l|--logfile) |
||||||
|
shift |
||||||
|
if [[ ! -n "${1}" ]] ; then |
||||||
|
echo "ERROR: Please provide a filename together with --logfile" >&2 |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
logfile="${1}" |
||||||
|
shift |
||||||
|
;; |
||||||
|
-o|--outputdir) |
||||||
|
shift |
||||||
|
if [[ ! -n "${1}" ]] ; then |
||||||
|
echo "ERROR: Please provide the output directory together with --outputdir" >&2 |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
outputdir="${1}" |
||||||
|
shift |
||||||
|
;; |
||||||
|
-t|--target) |
||||||
|
shift |
||||||
|
if [[ ! -n "${1}" ]] ; then |
||||||
|
echo "ERROR: Please provide the target-arch together with --target" >&2 |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
target="${1}" |
||||||
|
shift |
||||||
|
;; |
||||||
|
-v|--verbose) |
||||||
|
let verboselevel++ |
||||||
|
shift |
||||||
|
;; |
||||||
|
-q|--quiet) |
||||||
|
let verboselevel-- |
||||||
|
shift |
||||||
|
;; |
||||||
|
-h|--help) |
||||||
|
myprog_help |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
-V|--version) |
||||||
|
echo "${myprog} ${myver}" |
||||||
|
exit 0 |
||||||
|
;; |
||||||
|
--*) |
||||||
|
echo "Error: Unknown option '${1}'." >&2 |
||||||
|
myprog_help >&2 |
||||||
|
exit 2 |
||||||
|
;; |
||||||
|
*) |
||||||
|
srpms="${srpms} ${1}" |
||||||
|
shift |
||||||
|
;; |
||||||
|
esac |
||||||
|
done |
||||||
|
|
||||||
|
# sanity checks |
||||||
|
init |
||||||
|
|
||||||
|
# go |
||||||
|
for srpm in ${srpms}; do |
||||||
|
process_srpm ${srpm} |
||||||
|
returncode=$? |
||||||
|
|
||||||
|
if (( ${returncode} != 0 )) ; then |
||||||
|
finally |
||||||
|
exit ${returncode} |
||||||
|
fi |
||||||
|
done |
||||||
|
|
||||||
|
# finished |
||||||
|
finally |
||||||
|
|
||||||
|
exit 0 |
@ -0,0 +1,47 @@ |
|||||||
|
#!/bin/bash - |
||||||
|
# |
||||||
|
# akmodposttrans - Calls akmods for newly installed kernels |
||||||
|
# |
||||||
|
# Copyright (c) 2009 Thorsten Leemhuis <fedora@leemhuis.info> |
||||||
|
# Copyright (c) 2017 Nicolas Chauvet <kwizart@gmail.com> |
||||||
|
# |
||||||
|
# Permission is hereby granted, free of charge, to any person obtaining |
||||||
|
# a copy of this software and associated documentation files (the |
||||||
|
# "Software"), to deal in the Software without restriction, including |
||||||
|
# without limitation the rights to use, copy, modify, merge, publish, |
||||||
|
# distribute, sublicense, and/or sell copies of the Software, and to |
||||||
|
# permit persons to whom the Software is furnished to do so, subject to |
||||||
|
# the following conditions: |
||||||
|
# |
||||||
|
# The above copyright notice and this permission notice shall be |
||||||
|
# included in all copies or substantial portions of the Software. |
||||||
|
# |
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
||||||
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
||||||
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
||||||
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
||||||
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
||||||
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
||||||
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
||||||
|
# |
||||||
|
|
||||||
|
# just check in case a user calls this directly |
||||||
|
if [[ ! -w /var ]] ; then |
||||||
|
echo "Needs to run as root to be able to install rpms." >&2 |
||||||
|
exit 4 |
||||||
|
fi |
||||||
|
|
||||||
|
# needs to run in background as rpmdb might be locked otherwise |
||||||
|
if [ -e /bin/systemctl ] ; then |
||||||
|
# Exit early if system-update.target is active - rhbz#1518401 |
||||||
|
/bin/systemctl is-active system-update.target &>/dev/null |
||||||
|
RET=$? |
||||||
|
|
||||||
|
[ $RET == 0 ] && exit 0 |
||||||
|
|
||||||
|
/bin/systemctl restart akmods@${1}.service --no-block >/dev/null 2>&1 |
||||||
|
else |
||||||
|
nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${1} > /dev/null 2>&1 & |
||||||
|
fi |
||||||
|
|
||||||
|
exit 0 |
@ -0,0 +1,41 @@ |
|||||||
|
# Default OpenSSL settings and configuration file for kmodgenca |
||||||
|
# shell-script. |
||||||
|
# |
||||||
|
[ req ] |
||||||
|
default_bits = 4096 |
||||||
|
distinguished_name = req_distinguished_name |
||||||
|
prompt = no |
||||||
|
utf8 = yes |
||||||
|
string_mask = utf8only |
||||||
|
x509_extensions = req_exts |
||||||
|
|
||||||
|
[ req_distinguished_name ] |
||||||
|
# Values settings |
||||||
|
# |
||||||
|
0.organizationName = Organization Name (eg, company) |
||||||
|
organizationalUnitName = Organizational Unit Name (eg, section) |
||||||
|
emailAddress = Email Address |
||||||
|
emailAddress_max = 64 |
||||||
|
localityName = Locality Name (eg, city) |
||||||
|
stateOrProvinceName = State or Province Name (full name) |
||||||
|
countryName = Country Name (2 letter code) |
||||||
|
countryName_min = 2 |
||||||
|
countryName_max = 2 |
||||||
|
commonName = Common Name (eg, your name or your server\'s hostname) |
||||||
|
commonName_max = 64 |
||||||
|
|
||||||
|
# Default values |
||||||
|
# |
||||||
|
0.organizationName_default = akmods local |
||||||
|
organizationalUnitName_default = akmods |
||||||
|
emailAddress_default = akmods@localhost.localdomain |
||||||
|
localityName_default = None |
||||||
|
stateOrProvinceName_default = None |
||||||
|
countryName_default = XX |
||||||
|
commonName_default = akmods local signing CA |
||||||
|
|
||||||
|
[ req_exts ] |
||||||
|
basicConstraints = critical,CA:FALSE |
||||||
|
keyUsage = digitalSignature |
||||||
|
subjectKeyIdentifier = hash |
||||||
|
authorityKeyIdentifier = keyid |
@ -0,0 +1,416 @@ |
|||||||
|
Name: akmods |
||||||
|
Version: 0.5.7 |
||||||
|
Release: 8%{?dist} |
||||||
|
Summary: Automatic kmods build and install tool |
||||||
|
|
||||||
|
License: MIT |
||||||
|
URL: http://rpmfusion.org/Packaging/KernelModules/Akmods |
||||||
|
|
||||||
|
# We are upstream, these files are maintained directly in pkg-git |
||||||
|
Source0: 95-akmods.preset |
||||||
|
Source1: akmods |
||||||
|
Source2: akmodsbuild |
||||||
|
Source3: akmods.h2m |
||||||
|
Source5: akmodsposttrans |
||||||
|
Source6: akmods.service.in |
||||||
|
Source7: akmods-shutdown |
||||||
|
Source8: akmods-shutdown.service |
||||||
|
Source9: README |
||||||
|
Source10: LICENSE |
||||||
|
Source11: akmods@.service |
||||||
|
Source12: akmods-ostree-post |
||||||
|
Source13: 95-akmodsposttrans.install |
||||||
|
Source14: akmods.log |
||||||
|
Source15: README.secureboot |
||||||
|
Source16: cacert.config.in |
||||||
|
Source17: akmods-kmodgenca |
||||||
|
Source18: akmods-keygen.target |
||||||
|
Source19: akmods-keygen@.service |
||||||
|
Source20: %{name}-tmpfiles.conf |
||||||
|
|
||||||
|
BuildArch: noarch |
||||||
|
|
||||||
|
BuildRequires: help2man |
||||||
|
|
||||||
|
# not picked up automatically |
||||||
|
%if 0%{?rhel} == 6 |
||||||
|
Requires: %{_bindir}/nohup |
||||||
|
%endif |
||||||
|
Requires: %{_bindir}/flock |
||||||
|
Requires: %{_bindir}/time |
||||||
|
|
||||||
|
# needed for actually building kmods: |
||||||
|
Requires: %{_bindir}/rpmdev-vercmp |
||||||
|
Requires: kmodtool >= 1.1-1 |
||||||
|
|
||||||
|
# needed to create CA/Keypair to sign modules |
||||||
|
Requires: openssl |
||||||
|
|
||||||
|
# this should track in all stuff that is normally needed to compile modules: |
||||||
|
Requires: bzip2 coreutils diffutils file findutils gawk gcc grep |
||||||
|
Requires: gzip make sed tar unzip util-linux which rpm-build |
||||||
|
|
||||||
|
# On EL, kABI list was renamed |
||||||
|
%if 0%{?rhel} |
||||||
|
%if 0%{?rhel} >= 8 |
||||||
|
Requires: (kernel-abi-stablelists or kernel-abi-whitelists) |
||||||
|
%else |
||||||
|
Requires: kernel-abi-whitelists |
||||||
|
%endif |
||||||
|
%endif |
||||||
|
|
||||||
|
%if 0%{?fedora} || 0%{?rhel} > 7 |
||||||
|
# We use a virtual provide that would match either |
||||||
|
# kernel-devel or kernel-PAE-devel |
||||||
|
Requires: kernel-devel-uname-r |
||||||
|
# kernel-devel-matched enforces the same kernel version as the -devel |
||||||
|
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 |
||||||
|
Requires: (kernel-debug-devel-matched if kernel-debug-core) |
||||||
|
Requires: (kernel-devel-matched if kernel-core) |
||||||
|
Requires: (kernel-lpae-devel-matched if kernel-lpae-core) |
||||||
|
%else |
||||||
|
Suggests: (kernel-debug-devel if kernel-debug) |
||||||
|
Suggests: (kernel-devel if kernel) |
||||||
|
Suggests: (kernel-lpae-devel if kernel-lpae) |
||||||
|
%endif |
||||||
|
Suggests: (kernel-PAE-devel if kernel-PAE) |
||||||
|
Suggests: (kernel-PAEdebug-devel if kernel-PAEdebug) |
||||||
|
# Theses are from planetccrma-core or rhel-7-server-rt-rpms |
||||||
|
Suggests: (kernel-rt-devel if kernel-rt) |
||||||
|
Suggests: (kernel-rtPAE-devel if kernel-rtPAE) |
||||||
|
%else |
||||||
|
# There is no much variant there, so using a sane default |
||||||
|
Requires: kernel-devel |
||||||
|
%endif |
||||||
|
|
||||||
|
# we create a special user that used by akmods to build kmod packages |
||||||
|
Requires(pre): shadow-utils |
||||||
|
|
||||||
|
# systemd unit requirements. |
||||||
|
BuildRequires: systemd |
||||||
|
Requires(post): systemd |
||||||
|
Requires(preun): systemd |
||||||
|
Requires(postun): systemd |
||||||
|
# Optional but good to have on recent kernel |
||||||
|
Requires: pkgconfig(libelf) |
||||||
|
|
||||||
|
|
||||||
|
%description |
||||||
|
Akmods startup script will rebuild akmod packages during system |
||||||
|
boot, while its background daemon will build them for kernels right |
||||||
|
after they were installed. |
||||||
|
|
||||||
|
|
||||||
|
%prep |
||||||
|
%setup -q -c -T |
||||||
|
cp -p %{SOURCE9} %{SOURCE10} %{SOURCE15} . |
||||||
|
|
||||||
|
|
||||||
|
%build |
||||||
|
# Nothing to build |
||||||
|
|
||||||
|
|
||||||
|
%install |
||||||
|
mkdir -p %{buildroot}%{_usrsrc}/%{name} \ |
||||||
|
%{buildroot}%{_sbindir} \ |
||||||
|
%{buildroot}%{_sysconfdir}/rpm \ |
||||||
|
%{buildroot}%{_sysconfdir}/pki/%{name}/certs \ |
||||||
|
%{buildroot}%{_sysconfdir}/pki/%{name}/private \ |
||||||
|
%{buildroot}%{_sysconfdir}/kernel/postinst.d \ |
||||||
|
%{buildroot}%{_sysconfdir}/logrotate.d \ |
||||||
|
%{buildroot}%{_localstatedir}/cache/%{name} \ |
||||||
|
%{buildroot}%{_localstatedir}/log/%{name} \ |
||||||
|
%{buildroot}%{_tmpfilesdir} |
||||||
|
|
||||||
|
install -pm 0755 %{SOURCE1} %{buildroot}%{_sbindir}/ |
||||||
|
install -pm 0755 %{SOURCE2} %{buildroot}%{_sbindir}/ |
||||||
|
install -pm 0755 %{SOURCE12} %{buildroot}%{_sbindir}/ |
||||||
|
install -pm 0755 %{SOURCE5} %{buildroot}%{_sysconfdir}/kernel/postinst.d/ |
||||||
|
install -pm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} |
||||||
|
install -pm 0640 %{SOURCE16} %{buildroot}%{_sysconfdir}/pki/%{name}/ |
||||||
|
install -pm 0755 %{SOURCE17} %{buildroot}%{_sbindir}/kmodgenca |
||||||
|
install -pm 0644 %{SOURCE20} %{buildroot}%{_tmpfilesdir}/%{name}.conf |
||||||
|
install -dpm 0770 %{buildroot}%{_rundir}/%{name}/ |
||||||
|
|
||||||
|
mkdir -p %{buildroot}%{_prefix}/lib/kernel/install.d |
||||||
|
install -pm 0755 %{SOURCE13} %{buildroot}%{_prefix}/lib/kernel/install.d/ |
||||||
|
mkdir -p \ |
||||||
|
%{buildroot}%{_unitdir} \ |
||||||
|
%{buildroot}%{_presetdir} |
||||||
|
sed "s|@SERVICE@|display-manager.service|" %{SOURCE6} >\ |
||||||
|
%{buildroot}%{_unitdir}/akmods.service |
||||||
|
install -pm 0644 %{SOURCE0} %{buildroot}%{_presetdir}/ |
||||||
|
install -pm 0755 %{SOURCE7} %{buildroot}%{_sbindir}/ |
||||||
|
install -pm 0644 %{SOURCE8} %{buildroot}%{_unitdir}/ |
||||||
|
install -pm 0644 %{SOURCE11} %{buildroot}%{_unitdir}/ |
||||||
|
install -pm 0644 %{SOURCE18} %{buildroot}%{_unitdir}/ |
||||||
|
install -pm 0644 %{SOURCE19} %{buildroot}%{_unitdir}/ |
||||||
|
|
||||||
|
# Generate and install man pages. |
||||||
|
mkdir -p %{buildroot}%{_mandir}/man1 |
||||||
|
help2man -N -i %{SOURCE3} -s 1 \ |
||||||
|
-o %{buildroot}%{_mandir}/man1/akmods.1 \ |
||||||
|
%{buildroot}%{_sbindir}/akmods |
||||||
|
help2man -N -i %{SOURCE3} -s 1 \ |
||||||
|
-o %{buildroot}%{_mandir}/man1/akmodsbuild.1 \ |
||||||
|
%{buildroot}%{_sbindir}/akmodsbuild |
||||||
|
|
||||||
|
|
||||||
|
%pre |
||||||
|
# create group and user |
||||||
|
getent group akmods >/dev/null || groupadd -r akmods |
||||||
|
getent passwd akmods >/dev/null || \ |
||||||
|
useradd -r -g akmods -d /var/cache/akmods/ -s /sbin/nologin \ |
||||||
|
-c "User is used by akmods to build akmod packages" akmods |
||||||
|
|
||||||
|
%post |
||||||
|
%systemd_post akmods.service |
||||||
|
%systemd_post akmods@.service |
||||||
|
%systemd_post akmods-shutdown.service |
||||||
|
|
||||||
|
%preun |
||||||
|
%systemd_preun akmods.service |
||||||
|
%systemd_preun akmods@.service |
||||||
|
%systemd_preun akmods-shutdown.service |
||||||
|
|
||||||
|
%postun |
||||||
|
%systemd_postun akmods.service |
||||||
|
%systemd_postun akmods@.service |
||||||
|
%systemd_postun akmods-shutdown.service |
||||||
|
|
||||||
|
|
||||||
|
%files |
||||||
|
%doc README README.secureboot |
||||||
|
%license LICENSE |
||||||
|
%{_sbindir}/akmodsbuild |
||||||
|
%{_sbindir}/akmods |
||||||
|
%{_sbindir}/akmods-ostree-post |
||||||
|
%{_sbindir}/kmodgenca |
||||||
|
%dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/certs |
||||||
|
%dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/private |
||||||
|
%config(noreplace) %attr(640,root,akmods) %{_sysconfdir}/pki/%{name}/cacert.config.in |
||||||
|
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} |
||||||
|
%{_sysconfdir}/kernel/postinst.d/akmodsposttrans |
||||||
|
%{_unitdir}/akmods.service |
||||||
|
%{_unitdir}/akmods@.service |
||||||
|
%{_sbindir}/akmods-shutdown |
||||||
|
%{_unitdir}/akmods-shutdown.service |
||||||
|
%{_prefix}/lib/kernel/install.d/95-akmodsposttrans.install |
||||||
|
%attr(0644,root,root) %{_unitdir}/akmods-keygen.target |
||||||
|
%attr(0644,root,root) %{_unitdir}/akmods-keygen@.service |
||||||
|
%dir %attr(0770,root,akmods) %{_rundir}/%{name} |
||||||
|
%{_tmpfilesdir}/%{name}.conf |
||||||
|
# akmods was enabled in the default preset by f28 |
||||||
|
%if 0%{?rhel} |
||||||
|
%{_presetdir}/95-akmods.preset |
||||||
|
%else |
||||||
|
%exclude %{_presetdir}/95-akmods.preset |
||||||
|
%endif |
||||||
|
%{_usrsrc}/akmods |
||||||
|
%dir %attr(-,akmods,akmods) %{_localstatedir}/cache/akmods |
||||||
|
%dir %attr(0775,root,akmods) %{_localstatedir}/log/%{name} |
||||||
|
%{_mandir}/man1/* |
||||||
|
|
||||||
|
|
||||||
|
%changelog |
||||||
|
* Wed May 04 2022 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-8 |
||||||
|
- Fix logrotate permission access to /var/log/akmods directory - rhbz#2078490 |
||||||
|
- Rename logrotate config file |
||||||
|
|
||||||
|
* Wed Mar 09 2022 Timothée Ravier <tim@siosm.fr> - 0.5.7-7 |
||||||
|
- Use 'Require' instead of 'Suggest' for kernel*-devel packages. |
||||||
|
|
||||||
|
* Thu Jan 27 2022 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.7-6 |
||||||
|
- Adapt usage of lockfile to systemd-tmpfiles |
||||||
|
- Re-locate akmods logs in /var/log |
||||||
|
|
||||||
|
* Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.5.7-5 |
||||||
|
- Use kernel*-core variants in conditional Suggests |
||||||
|
|
||||||
|
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.7-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Dec 20 2021 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-3 |
||||||
|
- Drop perl-interpeter |
||||||
|
- Drop akmodsinit |
||||||
|
- Only use preset on rhel |
||||||
|
- kernel-devel-matched support |
||||||
|
see also https://src.fedoraproject.org/rpms/akmods/pull-request/7 |
||||||
|
|
||||||
|
* Fri Dec 10 2021 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-2 |
||||||
|
- Bump kmodtool requirement |
||||||
|
- Rename kABI list |
||||||
|
- Drop EL6 support |
||||||
|
- Switch to distro agnostic deps |
||||||
|
|
||||||
|
* Fri Oct 22 2021 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.7-1 |
||||||
|
- Add local akmods CA signing keys and support tools to sign modules for |
||||||
|
Secure boot thanks to Stanislas Leduc <stanislas.leduc@balinor.net> |
||||||
|
- Add akmods-keygen service to generate MOK key pair on first run |
||||||
|
|
||||||
|
* Fri Oct 22 2021 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-29 |
||||||
|
- Remove trailing spaces and clean-up |
||||||
|
- Use %%{name} when possible |
||||||
|
- Convert if statement from "[!] $variable" to "[!] -n $variable" |
||||||
|
- Fix kernel list build when parsing command line options |
||||||
|
- Ensure to build for grub default kernel |
||||||
|
- Improve detection of already installed (weak-)modules in akmods (RHEL) |
||||||
|
- akmods uses logrotate and clean-up /var/cache/akmods sub-directories of |
||||||
|
old logs and rpm files from no more installed kmod packages |
||||||
|
(rhbz #1542658). |
||||||
|
|
||||||
|
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-28 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-27 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-26 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-25 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Nov 20 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-24 |
||||||
|
- Check kernel presence differently for systemd-boot machines - rhbz#1769144 |
||||||
|
|
||||||
|
* Wed Oct 16 2019 Leigh Scott <leigh123linux@googlemail.com> - 0.5.6-23 |
||||||
|
- Add requires kernel-abi-whitelists for RHEL |
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-22 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon May 20 2019 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-21 |
||||||
|
- Add check for rhel8 |
||||||
|
|
||||||
|
* Wed May 15 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-20 |
||||||
|
- Fix akmodsposttrans after kernel update/install on Fedora >= 28 and |
||||||
|
RHEL >= 7 - rhbz#1709055 |
||||||
|
|
||||||
|
* Thu Feb 28 2019 Alexander Larsson <alexl@redhat.com> - 0.5.6-19 |
||||||
|
- Support ostree/silverblue builds - rhbz#1667014 |
||||||
|
|
||||||
|
* Thu Feb 28 2019 Hans de Goede <hdegoede@redhat.com> |
||||||
|
- Do not fail when the old initscripts pkg is not installed - rhbz#1680121 |
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-18 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Nov 05 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-17 |
||||||
|
- Don't enforce target arch - rhbz#1644430 |
||||||
|
- Rework log file path |
||||||
|
- Avoid using /usr/lib/modules for el6 compat |
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-16 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Mar 26 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-15 |
||||||
|
- Add inihibitor for akmods@.service |
||||||
|
- Use restart on akmodsposttrans |
||||||
|
|
||||||
|
* Mon Mar 26 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-14 |
||||||
|
- Switch to always retry by default |
||||||
|
- Drop akmods preset by f28 |
||||||
|
- Don't enable service on ah |
||||||
|
- Test a rw directory |
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-13 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Dec 13 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-12 |
||||||
|
- Update kernel posttrans method - rhbz#1518401 |
||||||
|
|
||||||
|
* Thu Aug 03 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-11 |
||||||
|
- Rework kernel-devel requires on el |
||||||
|
|
||||||
|
* Thu Aug 03 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-10 |
||||||
|
- Enable suggests on fedora |
||||||
|
- Add back el6 support in spec |
||||||
|
- Add Requires elfutils-libelf-devel |
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-9 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 0.5.6-8 |
||||||
|
- perl dependency renamed to perl-interpreter |
||||||
|
<https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> |
||||||
|
|
||||||
|
* Thu May 4 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-7 |
||||||
|
- "udevadm trigger" may have bad side-effects (rhbz#454407) instead |
||||||
|
look for modalias files under /sys/devices and call modprobe directly |
||||||
|
- Fix exit status when no akmod packages are installed, so that systemd |
||||||
|
does not consider the akmods.service as having failed to start |
||||||
|
|
||||||
|
* Wed May 3 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-6 |
||||||
|
- Run "udevadm trigger" and "systemctl restart systemd-modules-load.service" |
||||||
|
when new kmod packages have been build and installed so that the new |
||||||
|
modules may be used immediately without requiring a reboot |
||||||
|
|
||||||
|
* Mon Mar 6 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-5 |
||||||
|
- Add LICENSE file (rhbz#1422918) |
||||||
|
|
||||||
|
* Fri Feb 24 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-4 |
||||||
|
- Replace %%{_prefix}/lib/systemd/system-preset with %%{_presetdir} |
||||||
|
|
||||||
|
* Thu Feb 16 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-3 |
||||||
|
- Submit to Fedora for package review |
||||||
|
|
||||||
|
* Mon Nov 28 2016 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-2 |
||||||
|
- Use Suggests kernel-devel weak-dependency - see rfbz#3386 |
||||||
|
|
||||||
|
* Fri Oct 14 2016 Richard Shaw <hobbes1069@gmail.com> - 0.5.6-1 |
||||||
|
- Disable shutdown systemd service file by default. |
||||||
|
- Remove modprobe line from main service file. |
||||||
|
|
||||||
|
* Wed Aug 17 2016 Sérgio Basto <sergio@serjux.com> - 0.5.4-3 |
||||||
|
- New release |
||||||
|
|
||||||
|
* Sun Jan 03 2016 Nicolas Chauvet <kwizart@gmail.com> - 0.5.4-2 |
||||||
|
- Revert conflicts kernel-debug-devel |
||||||
|
|
||||||
|
* Thu Jul 23 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.4-1 |
||||||
|
- Do not mark a build as failed when only installing the RPM fails. |
||||||
|
- Run akmods-shutdown script instead of akmods on shutdown. |
||||||
|
- Add systemd preset file to enable services by default. |
||||||
|
|
||||||
|
* Wed Jul 15 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.3-2 |
||||||
|
- Add package conflicts to stop pulling in kernel-debug-devel, fixes BZ#3386. |
||||||
|
- Add description for the formatting of the <kernel> parameter, BZ#3580. |
||||||
|
- Update static man pages and clean them up. |
||||||
|
- Fixed another instance of TMPDIR causing issues. |
||||||
|
- Added detection of dnf vs yum to akmods, fixed BZ#3481. |
||||||
|
|
||||||
|
* Wed Apr 1 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.2-1 |
||||||
|
- Fix temporary directory creation when TMPDIR environment variable is set, |
||||||
|
fixes BZ#2596. |
||||||
|
- Update systemd scripts to use macros. |
||||||
|
- Fix akmods run on shutdown systemd unit file, fixes BZ#3503. |
||||||
|
|
||||||
|
* Sun Nov 16 2014 Nicolas Chauvet <kwizart@gmail.com> - 0.5.1-4 |
||||||
|
- Fix akmods on armhfp - rfbz#3117 |
||||||
|
- Use yum instead of rpm to install packages - rfbz#3350 |
||||||
|
Switch to a better date format |
||||||
|
|
||||||
|
* Fri Jan 11 2013 Richard Shaw <hobbes1069@gmail.com> - 0.5.1-3 |
||||||
|
- Really fix akmods.service.in. |
||||||
|
|
||||||
|
* Fri Jun 01 2012 Richard Shaw <hobbes1069@gmail.com> - 0.5.1-2 |
||||||
|
- Add service file to run again on shutdown. |
||||||
|
- Add conditional for Fedora 18 to specify correct systemd graphical service. |
||||||
|
|
||||||
|
* Thu Apr 12 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.0-4 |
||||||
|
- Rebuilt |
||||||
|
|
||||||
|
* Tue Mar 20 2012 Richard Shaw <hobbes1069@gmail.com> - 0.4.0-3 |
||||||
|
- Add additional error output if the needed kernel development files are not |
||||||
|
installed. (Fixes #561) |
||||||
|
|
||||||
|
* Mon Mar 05 2012 Richard Shaw <hobbes1069@gmail.com> - 0.4.0-2 |
||||||
|
- Remove remaining references to previous Fedora releases |
||||||
|
- Remove legacy SysV init script from CVS. |
||||||
|
- Added man page for akmods and cleaned up man page for akmodsbuild. |
||||||
|
|
||||||
|
* Tue Feb 07 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.0-1 |
||||||
|
- Update for UsrMove support |
||||||
|
- Remove unused references to older fedora |
||||||
|
- Change Requires from kernel-devel to kernel-devel-uname-r |
Loading…
Reference in new issue