aboutsummaryrefslogtreecommitdiff
path: root/SOURCES/mod-denylist.sh
diff options
context:
space:
mode:
Diffstat (limited to 'SOURCES/mod-denylist.sh')
-rwxr-xr-xSOURCES/mod-denylist.sh112
1 files changed, 13 insertions, 99 deletions
diff --git a/SOURCES/mod-denylist.sh b/SOURCES/mod-denylist.sh
index a143c15..e5e65a2 100755
--- a/SOURCES/mod-denylist.sh
+++ b/SOURCES/mod-denylist.sh
@@ -1,18 +1,16 @@
#! /bin/bash
# shellcheck disable=SC2164
-RpmDir=$1
-ModDir=$2
-Dir="$1/$2"
-# Note the list filename must have the format mod-[PACKAGE].list, for example,
-# mod-internal.list or mod-extra.list. The PACKAGE is used to create a
-# override directory for the modules.
-List=$3
-Dest="$4"
+rpm_buildroot="$1"
+module_dir="$2"
+module_list="$3"
+
+blacklist_conf_files="$(mktemp)"
blacklist()
{
- cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
+ mkdir -p "$rpm_buildroot/etc/modprobe.d/"
+ cat > "$rpm_buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
# This kernel module can be automatically loaded by non-root users. To
# enhance system security, the module is blacklisted by default to ensure
# system administrators make the module available for use as needed.
@@ -21,11 +19,12 @@ blacklist()
# Remove the blacklist by adding a comment # at the start of the line.
blacklist $1
__EOF__
+ echo "%config(noreplace) /etc/modprobe.d/$1-blacklist.conf" >> "$blacklist_conf_files"
}
check_blacklist()
{
- mod=$(find "$RpmDir/$ModDir" -name "$1")
+ mod="$rpm_buildroot/$1"
[ ! "$mod" ] && return 0
if modinfo "$mod" | grep -q '^alias:\s\+net-'; then
mod="${1##*/}"
@@ -35,28 +34,6 @@ check_blacklist()
fi
}
-find_depends()
-{
- dep=$1
- depends=$(modinfo "$dep" | sed -n -e "/^depends/ s/^depends:[ \t]*//p")
- [ -z "$depends" ] && exit
- for mod in ${depends//,/ }
- do
- match=$(grep "^$mod.ko" "$ListName")
- [ -z "$match" ] && continue
- # check if the module we are looking at is in mod-* too.
- # if so we do not need to mark the dep as required.
- mod2=${dep##*/} # same as $(basename $dep), but faster
- match2=$(grep "^$mod2" "$ListName")
- if [ -n "$match2" ]
- then
- #echo $mod2 >> notreq.list
- continue
- fi
- echo "$mod".ko >> req.list
- done
-}
-
foreachp()
{
P=$(nproc)
@@ -74,80 +51,17 @@ foreachp()
wait
}
-# Destination was specified on the command line
-test -n "$4" && echo "$0: Override Destination $Dest has been specified."
-
-pushd "$Dir"
-
-OverrideDir=$(basename "$List")
-OverrideDir=${OverrideDir%.*}
-OverrideDir=${OverrideDir#*-}
-mkdir -p "$OverrideDir"
-
-rm -rf modnames
-find . -name "*.ko" -type f > modnames
-# Look through all of the modules, and throw any that have a dependency in
-# our list into the list as well.
-rm -rf dep.list dep2.list
-rm -rf req.list req2.list
-touch dep.list req.list
-cp "$List" .
-
-# This variable needs to be exported because it is used in sub-script
-# executed by xargs
-ListName=$(basename "$List")
-export ListName
-
-foreachp find_depends < modnames
-
-sort -u req.list > req2.list
-sort -u "$ListName" > modules2.list
-join -v 1 modules2.list req2.list > modules3.list
-
-while IFS= read -r mod
-do
- # get the path for the module
- modpath=$(grep /"$mod" modnames)
- [ -z "$modpath" ] && continue
- echo "$modpath" >> dep.list
-done < modules3.list
-
-sort -u dep.list > dep2.list
-
-if [ -n "$Dest" ]; then
- # now move the modules into the $Dest directory
- while IFS= read -r mod
- do
- newpath=$(dirname "$mod" | sed -e "s/kernel\\//$Dest\//")
- mkdir -p "$newpath"
- mv "$mod" "$newpath"
- echo "$mod" | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> "$RpmDir"/"$ListName"
- done < dep2.list
-fi
-
-popd
-
-if [ -z "$Dest" ]; then
- sed -e "s|^.|${ModDir}|g" "$Dir"/dep2.list > "$RpmDir/$ListName"
- echo "$RpmDir/$ListName created."
- [ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
- foreachp check_blacklist < "$List"
-fi
-
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload
# even though most modern systems don't have a 3.5" floppy driver anymore
# this replaces the old die_floppy_die.patch which removed the PNP-id from
# the module
-floppylist=("$RpmDir"/"$ModDir"/kernel/drivers/block/floppy.ko*)
+floppylist=("$rpm_buildroot"/"$module_dir"/kernel/drivers/block/floppy.ko*)
if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then
blacklist "floppy"
fi
-# avoid an empty kernel-extra package
-echo "$ModDir/$OverrideDir" >> "$RpmDir/$ListName"
+foreachp check_blacklist < "$module_list"
-pushd "$Dir"
-rm modnames dep.list dep2.list req.list req2.list
-rm "$ListName" modules2.list modules3.list
-popd
+cat "$blacklist_conf_files" >> "$module_list"
+rm -f "$blacklist_conf_files"