File kmp-post.sh of Package nvidia-driver-G06
%if 0%{?req_random_kernel_sources} == 1
dir=linux-obj
%else
dir=linux-%{2}*-obj
%endif
%ifarch %ix86
arch=i386
%endif
%ifarch x86_64
arch=x86_64
%endif
%ifarch aarch64
arch=aarch64
%endif
flavor=%1
#export CONCURRENCY_LEVEL=nproc && \
#export JOBS=${CONCURRENCY_LEVEL} && \
#export __JOBS=${JOBS} && \
#export MAKEFLAGS="-j ${JOBS}"
kver=$(make -j$(nproc) -sC /usr/src/$dir/$arch/$flavor kernelrelease)
RES=0
# mold is not supported (boo#1223344)
export LD=ld.bfd
make -j$(nproc) -C /usr/src/$dir/$arch/$flavor \
modules \
M=/usr/src/kernel-modules/nvidia-%{-v*}-$flavor \
SYSSRC=/lib/modules/$kver/source \
SYSOUT=/usr/src/$dir/$arch/$flavor || RES=1
cd /usr/src/kernel-modules/nvidia-%{-v*}-$flavor
make -j$(nproc) -f Makefile \
nv-linux.o \
SYSSRC=/lib/modules/$kver/source \
SYSOUT=/usr/src/$dir/$arch/$flavor CC=gcc || RES=1
cd -
# remove still existing old kernel modules (boo#1174204)
rm -f /lib/modules/$kver/updates/nvidia*.ko
install -m 755 -d /lib/modules/$kver/updates
install -m 644 /usr/src/kernel-modules/nvidia-%{-v*}-$flavor/nvidia*.ko \
/lib/modules/$kver/updates
%if 0%{?req_random_kernel_sources} == 1
# move kernel modules where they belong and can be found by weak-modules2 script
if [ "$flavor" != "azure" ]; then
kver_build=$(cat /usr/src/kernel-modules/nvidia-%{-v*}-$flavor/kernel_version)
if [ "$kver" != "$kver_build" ]; then
mkdir -p %{kernel_module_directory}/$kver_build/updates
mv %{kernel_module_directory}/$kver/updates/nvidia*.ko \
%{kernel_module_directory}/$kver_build/updates
# create weak-updates symlinks (and initrd)
/usr/lib/module-init-tools/weak-modules2 --add-kernel $kver
fi
fi
%endif
depmod $kver || true
# cleanup (boo#1200310)
cd /usr/src/kernel-modules/nvidia-%{-v*}-$flavor || true
cp -a Makefile Makefile.tmp || true
make clean CC=gcc || true
# NVIDIA's "make clean" not being perfect (boo#1201937)
rm -f conftest*.c nv_compiler.h
mv Makefile.tmp Makefile || true
cd - || true
# Sign modules on secureboot systems
if [ -x /usr/bin/mokutil ]; then
mokutil --sb-state | grep -q "SecureBoot enabled"
if [ $? -eq 0 ]; then
privkey=$(mktemp /tmp/MOK.priv.XXXXXX)
pubkeydir=/usr/share/nvidia-pubkeys
pubkey=$pubkeydir/MOK-%{name}-%{-v*}-%{-r*}-$flavor.der
# make sure creation of pubkey doesn't fail later
test -d pubkeydir || mkdir -p $pubkeydir
if [ $1 -eq 2 ] && [ -e $pubkey ]; then
# Special case: reinstall of the same pkg version
# ($pubkey file name includes version and release)
# Run mokutil --delete here, because we can't be sure preun
# will be run (bsc#1176146)
mv -f $pubkey $pubkey.delete
mokutil --delete $pubkey.delete --root-pw
# We can't remove $pubkey.delete, the preun script
# uses it as indicator not to delete $pubkey
else
rm -f $pubkey $pubkey.delete
fi
# Create a key pair (private key, public key)
openssl req -new -x509 -newkey rsa:2048 \
-keyout $privkey \
-outform DER -out $pubkey -days 1000 \
-subj "/CN=Local build for %{name} %{-v*} on $(date +"%Y-%m-%d")/" \
-addext "extendedKeyUsage=codeSigning" \
-nodes
# Install the public key to MOK
mokutil --import $pubkey --root-pw
# Sign the Nvidia modules (weak-updates appears to be broken)
%if 0%{?req_random_kernel_sources} == 1
if [ "$flavor" != "azure" ]; then
for i in /lib/modules/$kver_build/updates/nvidia*.ko; do
/lib/modules/$kver/build/scripts/sign-file sha256 $privkey $pubkey $i
done
else
for i in /lib/modules/$kver/updates/nvidia*.ko; do
/lib/modules/$kver/build/scripts/sign-file sha256 $privkey $pubkey $i
done
fi
%else
for i in /lib/modules/$kver/updates/nvidia*.ko; do
/lib/modules/$kver/build/scripts/sign-file sha256 $privkey $pubkey $i
done
%endif
# cleanup: private key no longer needed
rm -f $privkey
fi
fi
# recreate initrd if old modules are still in there (gh issue#25)
eval $(/sbin/pbl --default-settings) || true
if lsinitrd "$initrd" 2> /dev/null | grep -l -E "/nvidia.*\.ko"; then
# Let all initrds get generated by regenerate-initrd-posttrans
mkdir -p /run/regenerate-initrd
touch /run/regenerate-initrd/all
else
true
fi
#needed to move this to specfile after running weak-modules2 (boo#1145316)
#exit $RES
