UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

dist: remove usb-storage.ko and nouveau.ko when install private release 

For security reason, we don't need usb-storage.ko in private release.
Modprobe usb-storage.ko will cause /dev/sdx shift when BMC supply a usb
storage device, which will cause boot fail if some customer haven't using
UUID in /etc/fstab.

Inner customer will use commercial nvidia driver, which don't need kernel's
origin nouveau.ko.

For security reason, we don't need cfg80211.ko in private release; server
don't use wireless.

Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
Reviewed-by: Yongliang Gao <leonylgao@tencent.com>
This commit is contained in:
Jianping Liu 2024-05-26 16:41:44 +08:00
parent 3179f252be
commit a11e94beb2
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/sources/filter-modules.sh vendored
View File

@ -31,7 +31,7 @@ hiddrvs="surface-hid"
scsidrvs="aacraid aic7xxx aic94xx be2iscsi bfa bnx2i bnx2fc csiostor cxgbi esas2r fcoe fnic hisi_sas isci libsas lpfc megaraid mpt2sas mpt3sas mvsas pm8001 qla2xxx qla4xxx sym53c8xx_2 ufs qedf"
usbdrvs="atm image misc serial wusbcore"
usbdrvs="atm image misc serial storage wusbcore"
drmdrvs="amd ast bridge gma500 i2c i915 mgag200 nouveau panel radeon via"

15
dist/templates/kernel.template.spec vendored
View File

@ -1222,11 +1222,26 @@ if command -v weak-modules > /dev/null; then
fi
### Module package
%pre modules
# In TS private release, kernel command line will add "module.sig_enforce=1" and
# "module_blacklist=usb-storage".
# When install TS private release, do not need install "usb-storage nouveau cfg80211" into initramfs.
{ grep -q "module.sig_enforce=1" /etc/default/grub 2>/dev/null && \
grep -q "usb-storage" /etc/default/grub 2>/dev/null ; } && \
echo "omit_dracutmodules+=\" usb-storage nouveau cfg80211 \"" >> /etc/dracut.conf
%post modules
depmod -a %{kernel_unamer}
if [ ! -f %{_localstatedir}/lib/rpm-state/%{name}-%{version}-%{version}%{?dist}.installing_core ]; then
touch %{_localstatedir}/lib/rpm-state/%{name}-%{version}-%{version}%{?dist}.need_to_run_dracut
fi
# Because /lib link to /usr/lib, /lib/modules is the same to /usr/lib/modules.
# So, in TS private release, we only delete usb-storage and nouveau module in /usr/lib/modules dir.
grep -q "omit_dracutmodules+=\" usb-storage nouveau cfg80211 \"" /etc/dracut.conf 2>/dev/null && \
{ sed -i '/omit_dracutmodules+=\" usb-storage nouveau cfg80211 \"/d' /etc/dracut.conf ; \
rm -f /usr/lib/modules/%{kernel_unamer}/kernel/drivers/usb/storage/* ; \
rm -f /usr/lib/modules/%{kernel_unamer}/kernel/drivers/gpu/drm/nouveau/* ; \
rm -f /usr/lib/modules/%{kernel_unamer}/kernel/net/wireless/* ; }
%posttrans modules
if [ -f %{_localstatedir}/lib/rpm-state/%{name}-%{version}-%{version}%{?dist}.need_to_run_dracut ]; then\