Overview

File kmp-trigger.sh of Package nvidia-driver-G06

# get rid of broken weak-updates symlinks created in some %post apparently;
# either by kmp itself or by kernel package update
for i in $(find /lib/modules/*/weak-updates -type l 2> /dev/null); do
  test -e $(readlink -f $i) || rm $i
done
%ifarch %ix86
arch=i386
%endif
%ifarch x86_64
arch=x86_64
%endif
%ifarch aarch64
arch=aarch64
%endif
flavor=%1
#export CONCURRENCY_LEVEL=nproc && \ 
#export JOBS=${CONCURRENCY_LEVEL} && \
#export __JOBS=${JOBS} && \ 
#export MAKEFLAGS="-j ${JOBS}"
kver=$(make -j$(nproc) -sC /usr/src/linux-obj/$arch/$flavor kernelrelease)
RES=0
# mold is not supported (boo#1223344)
export LD=ld.bfd
make -j$(nproc) -C /usr/src/linux-obj/$arch/$flavor \
     modules \
     M=/usr/src/kernel-modules/nvidia-%{-v*}-$flavor \
     SYSSRC=/lib/modules/$kver/source \
     SYSOUT=/usr/src/linux-obj/$arch/$flavor || RES=1
cd /usr/src/kernel-modules/nvidia-%{-v*}-$flavor
make -j$(nproc) -f Makefile \
     nv-linux.o \
     SYSSRC=/lib/modules/$kver/source \
     SYSOUT=/usr/src/linux-obj/$arch/$flavor || RES=1
cd -
install -m 755 -d /lib/modules/$kver/updates
install -m 644 /usr/src/kernel-modules/nvidia-%{-v*}-$flavor/nvidia*.ko \
	/lib/modules/$kver/updates
depmod $kver

# cleanup (boo#1200310)
cd /usr/src/kernel-modules/nvidia-%{-v*}-$flavor || true
cp -a Makefile Makefile.tmp || true
make clean || true
# NVIDIA's "make clean" not being perfect (boo#1201937)
rm -f conftest*.c nv_compiler.h
mv Makefile.tmp Makefile || true
cd - || true

# Sign modules on secureboot systems
if [ -x /usr/bin/mokutil ]; then
  mokutil --sb-state | grep -q "SecureBoot enabled"
  if [ $? -eq 0 ]; then
    privkey=$(mktemp /tmp/MOK.priv.XXXXXX)
    pubkeydir=/usr/share/nvidia-pubkeys
    pubkey=$pubkeydir/MOK-%{name}-%{-v*}-%{-r*}-$flavor.der

    # make sure creation of pubkey doesn't fail later
    test -d pubkeydir || mkdir -p $pubkeydir
    if [ $1 -eq 2 ] && [ -e $pubkey ]; then
	# Special case: reinstall of the same pkg version
	# ($pubkey file name includes version and release)
	# Run mokutil --delete here, because we can't be sure preun
	# will be run (bsc#1176146)
	mv -f $pubkey $pubkey.delete
	mokutil --delete $pubkey.delete --root-pw
	# We can't remove $pubkey.delete, the preun script
	# uses it as indicator not to delete $pubkey
    else
	rm -f $pubkey $pubkey.delete
    fi

    # Create a key pair (private key, public key)
    openssl req -new -x509 -newkey rsa:2048 \
                -keyout $privkey \
                -outform DER -out $pubkey -days 1000 \
                -subj "/CN=Local build for %{name} %{-v*} on $(date +"%Y-%m-%d")/" \
                -addext "extendedKeyUsage=codeSigning" \
                -nodes

    # Install the public key to MOK
    mokutil --import $pubkey --root-pw

    # Sign the Nvidia modules (weak-updates appears to be broken)
    for i in /lib/modules/$kver/updates/nvidia*.ko; do
      /lib/modules/$kver/build/scripts/sign-file sha256 $privkey $pubkey $i
    done

    # cleanup: private key no longer needed
    rm -f $privkey
  fi
fi

# This is still needed for proprietary kernel modules; see also
# https://github.com/openSUSE/nvidia-driver-G06/issues/52
#
# Create symlinks for udev so these devices will get user ACLs by logind later (bnc#1000625)
mkdir -p /run/udev/static_node-tags/uaccess
mkdir -p /usr/lib/tmpfiles.d
ln -snf /dev/nvidiactl /run/udev/static_node-tags/uaccess/nvidiactl
ln -snf /dev/nvidia-uvm /run/udev/static_node-tags/uaccess/nvidia-uvm
ln -snf /dev/nvidia-uvm-tools /run/udev/static_node-tags/uaccess/nvidia-uvm-tools
ln -snf /dev/nvidia-modeset /run/udev/static_node-tags/uaccess/nvidia-modeset
cat >  /usr/lib/tmpfiles.d/nvidia-logind-acl-trick-G06.conf << EOF
L /run/udev/static_node-tags/uaccess/nvidiactl - - - - /dev/nvidiactl
L /run/udev/static_node-tags/uaccess/nvidia-uvm - - - - /dev/nvidia-uvm
L /run/udev/static_node-tags/uaccess/nvidia-uvm-tools - - - - /dev/nvidia-uvm-tools
L /run/udev/static_node-tags/uaccess/nvidia-modeset - - - - /dev/nvidia-modeset
EOF
devid=-1
for dev in $(ls -d /sys/bus/pci/devices/*); do
  vendorid=$(cat $dev/vendor)
  if [ "$vendorid" = "0x10de" ]; then
    class=$(cat $dev/class)
    classid=${class%%00}
    if [ "$classid" = "0x0300" -o "$classid" = "0x0302" ]; then
      devid=$((devid+1))
      ln -snf /dev/nvidia${devid} /run/udev/static_node-tags/uaccess/nvidia${devid}
      echo "L /run/udev/static_node-tags/uaccess/nvidia${devid} - - - - /dev/nvidia${devid}" >> /usr/lib/tmpfiles.d/nvidia-logind-acl-trick-G06.conf
    fi
  fi
done

# recreate initrd if old modules are still in there (gh issue#25)
if lsinitrd | grep -q nvidia.ko;  then
  # Let all initrds get generated by regenerate-initrd-posttrans
  mkdir -p /run/regenerate-initrd
  touch /run/regenerate-initrd/all
fi

exit $RES
openSUSE Build Service is sponsored by
Places