File kmp-post.sh of Package nvidia-open-driver-G06
# get rid of broken weak-updates symlinks created in some %post apparently;
# either by kmp itself or by kernel package update
for i in $(find /lib/modules/*/weak-updates -type l 2> /dev/null); do
test -e $i || rm $i
done
dirprefix=linux
%ifarch %ix86
arch=i386
%endif
%ifarch x86_64
arch=x86_64
%endif
%ifarch aarch64
arch=aarch64
# -Wall is upstream default
export CFLAGS="-Wall -mno-outline-atomics"
%endif
#export CONCURRENCY_LEVEL=nproc && \
#export JOBS=${CONCURRENCY_LEVEL} && \
#export __JOBS=${JOBS} && \
#export MAKEFLAGS="-j ${JOBS}"
if [ "$flavor" = "azure" ]; then
dir=$(pushd /usr/src &> /dev/null; ls -d linux-*-azure-obj|sort -n|tail -n 1; popd &> /dev/null)
kver=$(make -j$(nproc) -sC /usr/src/${dir}/$arch/$flavor kernelrelease)
else
kver=$(make -j$(nproc) -sC /usr/src/${dirprefix}-obj/$arch/$flavor kernelrelease)
fi
RES=0
# mold is not supported (boo#1223344)
export LD=ld.bfd
if [ "$flavor" = "azure" ]; then
export SYSSRC=/usr/src/${dirprefix}-azure
dir=$(pushd /usr/src &> /dev/null; ls -d linux-*-azure-obj|sort -n|tail -n 1; popd &> /dev/null)
export SYSOUT=/usr/src/${dir}/$arch/$flavor
else
export SYSSRC=/usr/src/${dirprefix}
export SYSOUT=/usr/src/${dirprefix}-obj/$arch/$flavor
fi
pushd /usr/src/kernel-modules/nvidia-%{version}-$flavor
make -j$(nproc) modules || RES=1
# remove still existing old kernel modules (boo#1174204)
rm -f /lib/modules/$kver/updates/nvidia*.ko
export INSTALL_MOD_DIR=updates
make modules_install
tw="false"
cat /etc/os-release | grep ^NAME | grep -q Tumbleweed && tw=true
# move kernel modules where they belong and can be found by weak-modules2 script
kver_build=$(cat kernel_version)
if [ "$kver" != "$kver_build" -a "$flavor" != "azure" -a "$tw" != "true" ]; then
mkdir -p %{kernel_module_directory}/$kver_build/updates
mv %{kernel_module_directory}/$kver/updates/nvidia*.ko \
%{kernel_module_directory}/$kver_build/updates
fi
# create initrd
/usr/lib/module-init-tools/weak-modules2 --add-kernel $kver
popd
depmod $kver
# cleanup (boo#1200310)
pushd /usr/src/kernel-modules/nvidia-%{version}-$flavor || true
cp -a Makefile{,.tmp} || true
make clean || true
# NVIDIA's "make clean" not being perfect (boo#1201937)
rm -f conftest*.c nv_compiler.h
mv Makefile{.tmp,} || true
popd || true
# Sign modules on secureboot systems
if [ -x /usr/bin/mokutil ]; then
mokutil --sb-state | grep -q "SecureBoot enabled"
if [ $? -eq 0 ]; then
privkey=$(mktemp /tmp/MOK.priv.XXXXXX)
pubkeydir=/var/lib/nvidia-pubkeys
pubkey=$pubkeydir/MOK-%{name}-%{version}-$flavor.der
# make sure creation of pubkey doesn't fail later
test -d pubkeydir || mkdir -p $pubkeydir
if [ $1 -eq 2 ] && [ -e $pubkey ]; then
# Special case: reinstall of the same pkg version
# ($pubkey file name includes version and release)
# Run mokutil --delete here, because we can't be sure preun
# will be run (bsc#1176146)
mv -f $pubkey $pubkey.delete
mokutil --delete $pubkey.delete --root-pw
# We can't remove $pubkey.delete, the preun script
# uses it as indicator not to delete $pubkey
else
rm -f $pubkey $pubkey.delete
fi
# Create a key pair (private key, public key)
openssl req -new -x509 -newkey rsa:2048 \
-keyout $privkey \
-outform DER -out $pubkey -days 1000 \
-subj "/CN=Local build for %{name} %{version} on $(date +"%Y-%m-%d")/" \
-addext "extendedKeyUsage=codeSigning" \
-nodes
# Install the public key to MOK
mokutil --import $pubkey --root-pw
# Sign the Nvidia modules (weak-updates appears to be broken)
if [ "$kver" != "$kver_build" -a "$flavor" != "azure" -a "$tw" != "true" ]; then
for i in /lib/modules/$kver_build/updates/nvidia*.ko; do
/lib/modules/$kver/build/scripts/sign-file sha256 $privkey $pubkey $i
done
else
for i in /lib/modules/$kver/updates/nvidia*.ko; do
/lib/modules/$kver/build/scripts/sign-file sha256 $privkey $pubkey $i
done
fi
# cleanup: private key no longer needed
rm -f $privkey
fi
fi
#needed to move this to specfile after running posttrans
#exit $RES
