diff options
Diffstat (limited to 'SOURCES/mod-denylist.sh')
-rwxr-xr-x | SOURCES/mod-denylist.sh | 112 |
1 files changed, 13 insertions, 99 deletions
diff --git a/SOURCES/mod-denylist.sh b/SOURCES/mod-denylist.sh index a143c15..e5e65a2 100755 --- a/SOURCES/mod-denylist.sh +++ b/SOURCES/mod-denylist.sh @@ -1,18 +1,16 @@ #! /bin/bash # shellcheck disable=SC2164 -RpmDir=$1 -ModDir=$2 -Dir="$1/$2" -# Note the list filename must have the format mod-[PACKAGE].list, for example, -# mod-internal.list or mod-extra.list. The PACKAGE is used to create a -# override directory for the modules. -List=$3 -Dest="$4" +rpm_buildroot="$1" +module_dir="$2" +module_list="$3" + +blacklist_conf_files="$(mktemp)" blacklist() { - cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + mkdir -p "$rpm_buildroot/etc/modprobe.d/" + cat > "$rpm_buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ # This kernel module can be automatically loaded by non-root users. To # enhance system security, the module is blacklisted by default to ensure # system administrators make the module available for use as needed. @@ -21,11 +19,12 @@ blacklist() # Remove the blacklist by adding a comment # at the start of the line. blacklist $1 __EOF__ + echo "%config(noreplace) /etc/modprobe.d/$1-blacklist.conf" >> "$blacklist_conf_files" } check_blacklist() { - mod=$(find "$RpmDir/$ModDir" -name "$1") + mod="$rpm_buildroot/$1" [ ! "$mod" ] && return 0 if modinfo "$mod" | grep -q '^alias:\s\+net-'; then mod="${1##*/}" @@ -35,28 +34,6 @@ check_blacklist() fi } -find_depends() -{ - dep=$1 - depends=$(modinfo "$dep" | sed -n -e "/^depends/ s/^depends:[ \t]*//p") - [ -z "$depends" ] && exit - for mod in ${depends//,/ } - do - match=$(grep "^$mod.ko" "$ListName") - [ -z "$match" ] && continue - # check if the module we are looking at is in mod-* too. - # if so we do not need to mark the dep as required. - mod2=${dep##*/} # same as $(basename $dep), but faster - match2=$(grep "^$mod2" "$ListName") - if [ -n "$match2" ] - then - #echo $mod2 >> notreq.list - continue - fi - echo "$mod".ko >> req.list - done -} - foreachp() { P=$(nproc) @@ -74,80 +51,17 @@ foreachp() wait } -# Destination was specified on the command line -test -n "$4" && echo "$0: Override Destination $Dest has been specified." - -pushd "$Dir" - -OverrideDir=$(basename "$List") -OverrideDir=${OverrideDir%.*} -OverrideDir=${OverrideDir#*-} -mkdir -p "$OverrideDir" - -rm -rf modnames -find . -name "*.ko" -type f > modnames -# Look through all of the modules, and throw any that have a dependency in -# our list into the list as well. -rm -rf dep.list dep2.list -rm -rf req.list req2.list -touch dep.list req.list -cp "$List" . - -# This variable needs to be exported because it is used in sub-script -# executed by xargs -ListName=$(basename "$List") -export ListName - -foreachp find_depends < modnames - -sort -u req.list > req2.list -sort -u "$ListName" > modules2.list -join -v 1 modules2.list req2.list > modules3.list - -while IFS= read -r mod -do - # get the path for the module - modpath=$(grep /"$mod" modnames) - [ -z "$modpath" ] && continue - echo "$modpath" >> dep.list -done < modules3.list - -sort -u dep.list > dep2.list - -if [ -n "$Dest" ]; then - # now move the modules into the $Dest directory - while IFS= read -r mod - do - newpath=$(dirname "$mod" | sed -e "s/kernel\\//$Dest\//") - mkdir -p "$newpath" - mv "$mod" "$newpath" - echo "$mod" | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> "$RpmDir"/"$ListName" - done < dep2.list -fi - -popd - -if [ -z "$Dest" ]; then - sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName" - echo "$RpmDir/$ListName created." - [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/" - foreachp check_blacklist < "$List" -fi - # Many BIOS-es export a PNP-id which causes the floppy driver to autoload # even though most modern systems don't have a 3.5" floppy driver anymore # this replaces the old die_floppy_die.patch which removed the PNP-id from # the module -floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*) +floppylist=("$rpm_buildroot"/"$module_dir"/kernel/drivers/block/floppy.ko*) if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then blacklist "floppy" fi -# avoid an empty kernel-extra package -echo "$ModDir/$OverrideDir" >> "$RpmDir/$ListName" +foreachp check_blacklist < "$module_list" -pushd "$Dir" -rm modnames dep.list dep2.list req.list req2.list -rm "$ListName" modules2.list modules3.list -popd +cat "$blacklist_conf_files" >> "$module_list" +rm -f "$blacklist_conf_files" |