More files for stable Fedora

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2020-08-12 08:27:52 -05:00 · 2020-08-12 08:27:52 -05:00 · 426b17af14
parent 424795858b
commit 426b17af14
10 changed files with 338 additions and 191 deletions
--- a/mod-extra-blacklist.sh
+++ b/mod-extra-blacklist.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+
+buildroot="$1"
+kernel_base="$2"
+
+blacklist()
+{
+	cat > "$buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
+	# This kernel module can be automatically loaded by non-root users. To
+	# enhance system security, the module is blacklisted by default to ensure
+	# system administrators make the module available for use as needed.
+	# See https://access.redhat.com/articles/3760101 for more details.
+	#
+	# Remove the blacklist by adding a comment # at the start of the line.
+	blacklist $1
+__EOF__
+}
+
+check_blacklist()
+{
+	if modinfo "$1" | grep -q '^alias:\s\+net-'; then
+		mod="${1##*/}"
+		mod="${mod%.ko*}"
+		echo "$mod has an alias that allows auto-loading. Blacklisting."
+		blacklist "$mod"
+	fi
+}
+
+foreachp()
+{
+	P=$(nproc)
+	bgcount=0
+	while read mod; do
+		$1 "$mod" &
+
+		bgcount=$((bgcount + 1))
+		if [ $bgcount -eq $P ]; then
+			wait -n
+			bgcount=$((bgcount - 1))
+		fi
+	done
+
+	wait
+}
+
+[ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/"
+find "$buildroot/$kernel_base/extra" -name "*.ko*" | \
+	foreachp check_blacklist
+
+# Many BIOS-es export a PNP-id which causes the floppy driver to autoload
+# even though most modern systems don't have a 3.5" floppy driver anymore
+# this replaces the old die_floppy_die.patch which removed the PNP-id from
+# the module
+if [ -f $buildroot/$kernel_base/extra/drivers/block/floppy.ko* ]; then
+	blacklist "floppy"
+fi
--- a/mod-extra.list
+++ b/mod-extra.list
@ -0,0 +1,196 @@
+6pack.ko
+a3d.ko
+act200l-sir.ko
+actisys-sir.ko
+adi.ko
+aer_inject.ko
+af_802154.ko
+affs.ko
+ali-ircc.ko
+analog.ko
+appletalk.ko
+atm.ko
+avma1_cs.ko
+avm_cs.ko
+avmfritz.ko
+ax25.ko
+b1.ko
+bas_gigaset.ko
+batman-adv.ko
+baycom_par.ko
+baycom_ser_fdx.ko
+baycom_ser_hdx.ko
+befs.ko
+bpqether.ko
+br2684.ko
+capi.ko
+c_can.ko
+c_can_platform.ko
+clip.ko
+cobra.ko
+coda.ko
+cuse.ko
+db9.ko
+dccp_diag.ko
+dccp_ipv4.ko
+dccp_ipv6.ko
+dccp.ko
+dccp_probe.ko
+diva_idi.ko
+divas.ko
+dlm.ko
+ds1wm.ko
+ds2482.ko
+ds2490.ko
+dss1_divert.ko
+elsa_cs.ko
+ems_pci.ko
+ems_usb.ko
+esd_usb2.ko
+esi-sir.ko
+floppy.ko
+gamecon.ko
+gf2k.ko
+gfs2.ko
+gigaset.ko
+girbil-sir.ko
+grip.ko
+grip_mp.ko
+guillemot.ko
+hdlcdrv.ko
+hfc4s8s_l1.ko
+hfcmulti.ko
+hfcpci.ko
+hisax.ko
+hwa-rc.ko
+hysdn.ko
+i2400m.ko
+i2400m-sdio.ko
+i2400m-usb.ko
+ieee802154.ko
+iforce.ko
+interact.ko
+ipddp.ko
+ipx.ko
+isdn.ko
+joydump.ko
+kingsun-sir.ko
+ks959-sir.ko
+ksdazzle-sir.ko
+kvaser_pci.ko
+l2tp_core.ko
+l2tp_debugfs.ko
+l2tp_eth.ko
+l2tp_ip.ko
+l2tp_netlink.ko
+l2tp_ppp.ko
+lec.ko
+ma600-sir.ko
+magellan.ko
+mcp2120-sir.ko
+mISDN_core.ko
+mISDN_dsp.ko
+mkiss.ko
+mptbase.ko
+mptctl.ko
+mptfc.ko
+nci.ko
+ncpfs.ko
+netjet.ko
+netrom.ko
+nfc.ko
+nilfs2.ko
+ocfs2_dlmfs.ko
+ocfs2_dlm.ko
+ocfs2.ko
+ocfs2_nodemanager.ko
+ocfs2_stackglue.ko
+ocfs2_stack_o2cb.ko
+ocfs2_stack_user.ko
+old_belkin-sir.ko
+orinoco_cs.ko
+orinoco.ko
+orinoco_nortel.ko
+orinoco_pci.ko
+orinoco_plx.ko
+orinoco_usb.ko
+pcspkr.ko
+plx_pci.ko
+pn_pep.ko
+pppoatm.ko
+rds.ko
+rds_rdma.ko
+rds_tcp.ko
+rose.ko
+sch_atm.ko
+sch_cbq.ko
+sch_choke.ko
+sch_drr.ko
+sch_dsmark.ko
+sch_etf.ko
+sch_gred.ko
+sch_mqprio.ko
+sch_multiq.ko
+sch_netem.ko
+sch_qfq.ko
+sch_red.ko
+sch_sfb.ko
+sch_teql.ko
+sctp.ko
+sctp_probe.ko
+sidewinder.ko
+sja1000.ko
+sja1000_platform.ko
+slcan.ko
+slip.ko
+softing_cs.ko
+softing.ko
+spaceball.ko
+spaceorb.ko
+stinger.ko
+sysv.ko
+tcp_bic.ko
+tcp_highspeed.ko
+tcp_htcp.ko
+tcp_hybla.ko
+tcp_illinois.ko
+tcp_lp.ko
+tcp_scalable.ko
+tcp_vegas.ko
+tcp_veno.ko
+tcp_westwood.ko
+tcp_yeah.ko
+tekram-sir.ko
+tmdc.ko
+toim3232-sir.ko
+trancevibrator.ko
+turbografx.ko
+twidjoy.ko
+ubifs.ko
+ufs.ko
+umc.ko
+usbip-core.ko
+usbip-host.ko
+uwb.ko
+vcan.ko
+vhci-hcd.ko
+w1_bq27000.ko
+w1_ds2408.ko
+w1_ds2423.ko
+w1_ds2431.ko
+w1_ds2433.ko
+w1_ds2760.ko
+w1_ds2780.ko
+w1_ds2781.ko
+w1_ds28e04.ko
+w1_smem.ko
+w1_therm.ko
+w6692.ko
+walkera0701.ko
+wanrouter.ko
+warrior.ko
+whci.ko
+wire.ko
+xpad.ko
+yam.ko
+zhenhua.ko
--- a/mod-extra.list.rhel
+++ b/mod-extra.list.rhel
@ -1,191 +0,0 @@
-6pack.ko
-a3d.ko
-act200l-sir.ko
-actisys-sir.ko
-adi.ko
-aer_inject.ko
-af_802154.ko
-affs.ko
-ali-ircc.ko
-analog.ko
-appletalk.ko
-atm.ko
-avma1_cs.ko
-avm_cs.ko
-avmfritz.ko
-ax25.ko
-b1.ko
-bas_gigaset.ko
-batman-adv.ko
-baycom_par.ko
-baycom_ser_fdx.ko
-baycom_ser_hdx.ko
-befs.ko
-bpqether.ko
-br2684.ko
-capi.ko
-c_can.ko
-c_can_platform.ko
-clip.ko
-cobra.ko
-coda.ko
-cuse.ko
-db9.ko
-dccp_diag.ko
-dccp_ipv4.ko
-dccp_ipv6.ko
-dccp.ko
-dccp_probe.ko
-diva_idi.ko
-divas.ko
-ds1wm.ko
-ds2482.ko
-ds2490.ko
-dss1_divert.ko
-elsa_cs.ko
-ems_pci.ko
-ems_usb.ko
-esd_usb2.ko
-esi-sir.ko
-gamecon.ko
-gf2k.ko
-gigaset.ko
-girbil-sir.ko
-grip.ko
-grip_mp.ko
-guillemot.ko
-hdlcdrv.ko
-hfc4s8s_l1.ko
-hfcmulti.ko
-hfcpci.ko
-hisax.ko
-hwa-rc.ko
-hysdn.ko
-i2400m.ko
-i2400m-sdio.ko
-i2400m-usb.ko
-ieee802154.ko
-iforce.ko
-interact.ko
-ipddp.ko
-ipx.ko
-isdn.ko
-joydump.ko
-kingsun-sir.ko
-ks959-sir.ko
-ksdazzle-sir.ko
-kvaser_pci.ko
-l2tp_core.ko
-l2tp_debugfs.ko
-l2tp_eth.ko
-l2tp_ip.ko
-l2tp_netlink.ko
-l2tp_ppp.ko
-lec.ko
-ma600-sir.ko
-magellan.ko
-mcp2120-sir.ko
-mISDN_core.ko
-mISDN_dsp.ko
-mkiss.ko
-mptbase.ko
-mptctl.ko
-mptfc.ko
-nci.ko
-ncpfs.ko
-netjet.ko
-netrom.ko
-nfc.ko
-nilfs2.ko
-ocfs2_dlmfs.ko
-ocfs2_dlm.ko
-ocfs2.ko
-ocfs2_nodemanager.ko
-ocfs2_stackglue.ko
-ocfs2_stack_o2cb.ko
-ocfs2_stack_user.ko
-old_belkin-sir.ko
-orinoco_cs.ko
-orinoco.ko
-orinoco_nortel.ko
-orinoco_pci.ko
-orinoco_plx.ko
-orinoco_usb.ko
-plx_pci.ko
-pn_pep.ko
-pppoatm.ko
-rds.ko
-rds_rdma.ko
-rds_tcp.ko
-rose.ko
-sch_atm.ko
-sch_cbq.ko
-sch_choke.ko
-sch_drr.ko
-sch_dsmark.ko
-sch_gred.ko
-sch_mqprio.ko
-sch_multiq.ko
-sch_netem.ko
-sch_qfq.ko
-sch_red.ko
-sch_sfb.ko
-sch_teql.ko
-sctp.ko
-sctp_probe.ko
-sidewinder.ko
-sja1000.ko
-sja1000_platform.ko
-slcan.ko
-slip.ko
-softing_cs.ko
-softing.ko
-spaceball.ko
-spaceorb.ko
-stinger.ko
-sysv.ko
-tcp_bic.ko
-tcp_highspeed.ko
-tcp_htcp.ko
-tcp_hybla.ko
-tcp_illinois.ko
-tcp_lp.ko
-tcp_scalable.ko
-tcp_vegas.ko
-tcp_veno.ko
-tcp_westwood.ko
-tcp_yeah.ko
-tekram-sir.ko
-tmdc.ko
-toim3232-sir.ko
-trancevibrator.ko
-turbografx.ko
-twidjoy.ko
-ubifs.ko
-ufs.ko
-umc.ko
-usbip-core.ko
-usbip-host.ko
-uwb.ko
-vcan.ko
-vhci-hcd.ko
-w1_bq27000.ko
-w1_ds2408.ko
-w1_ds2423.ko
-w1_ds2431.ko
-w1_ds2433.ko
-w1_ds2760.ko
-w1_ds2780.ko
-w1_ds2781.ko
-w1_ds28e04.ko
-w1_smem.ko
-w1_therm.ko
-w6692.ko
-walkera0701.ko
-wanrouter.ko
-warrior.ko
-whci.ko
-wire.ko
-xpad.ko
-yam.ko
-zhenhua.ko
--- a/mod-extra.sh
+++ b/mod-extra.sh
@ -0,0 +1,86 @@
+#! /bin/bash
+
+Dir=$1
+List=$2
+Dest="extra"
+
+# Destination was specified on the command line
+test -n "$3" && Dest="$3"
+
+pushd $Dir
+rm -rf modnames
+find . -name "*.ko" -type f > modnames
+# Look through all of the modules, and throw any that have a dependency in
+# our list into the list as well.
+rm -rf dep.list dep2.list
+rm -rf req.list req2.list
+touch dep.list req.list
+cp "$List" .
+
+# This variable needs to be exported because it is used in sub-script
+# executed by xargs
+export ListName=$(basename "$List")
+
+# NB: this loop runs 2000+ iterations. Try to be fast.
+NPROC=`nproc`
+[ -z "$NPROC" ] && NPROC=1
+cat modnames | xargs -r -n1 -P $NPROC sh -c '
+  dep=$1
+  depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
+  [ -z "$depends" ] && exit
+  for mod in ${depends//,/ }
+  do
+    match=$(grep "^$mod.ko" "$ListName")
+    [ -z "$match" ] && continue
+    # check if the module we are looking at is in mod-extra too.
+    # if so we do not need to mark the dep as required.
+    mod2=${dep##*/}  # same as `basename $dep`, but faster
+    match2=$(grep "^$mod2" "$ListName")
+    if [ -n "$match2" ]
+    then
+      #echo $mod2 >> notreq.list
+      continue
+    fi
+    echo $mod.ko >> req.list
+  done
+' DUMMYARG0   # xargs appends MODNAME, which becomes $dep in the script above
+
+sort -u req.list > req2.list
+sort -u "$ListName" > modules2.list
+join -v 1 modules2.list req2.list > modules3.list
+
+for mod in $(cat modules3.list)
+do
+  # get the path for the module
+  modpath=`grep /$mod modnames`
+  [ -z "$modpath" ] && continue
+  echo $modpath >> dep.list
+done
+
+sort -u dep.list > dep2.list
+
+# now move the modules into the extra/ directory
+for mod in `cat dep2.list`
+do
+  newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
+  mkdir -p $newpath
+  mv $mod $newpath
+done
+
+popd
+
+# If we're signing modules, we can't leave the .mod files for the .ko files
+# we've moved in .tmp_versions/.  Remove them so the Kbuild 'modules_sign'
+# target doesn't try to sign a non-existent file.  This is kinda ugly, but
+# so is modules-extra.
+
+for mod in `cat ${Dir}/dep2.list`
+do
+  modfile=`basename $mod | sed -e 's/.ko/.mod/'`
+  rm .tmp_versions/$modfile
+done
+
+pushd $Dir
+rm modnames dep.list dep2.list req.list req2.list
+rm "$ListName" modules2.list modules3.list
+popd
--- a/redhatsecureboot301.cer
+++ b/redhatsecureboot301.cer
--- a/redhatsecureboot501.cer
+++ b/redhatsecureboot501.cer
--- a/redhatsecurebootca1.cer
+++ b/redhatsecurebootca1.cer
--- a/redhatsecurebootca5.cer
+++ b/redhatsecurebootca5.cer
--- a/secureboot_ppc.cer
+++ b/secureboot_ppc.cer
--- a/secureboot_s390.cer
+++ b/secureboot_s390.cer