diff options
Diffstat (limited to 'akmods')
| -rw-r--r-- | akmods/Containerfile | 21 | ||||
| -rw-r--r-- | akmods/NOTICE.md | 209 | ||||
| -rw-r--r-- | akmods/akmods-cert.spec | 25 | ||||
| -rwxr-xr-x | akmods/build_cert.sh | 8 | ||||
| -rwxr-xr-x | akmods/build_nvidia.sh | 28 | ||||
| -rw-r--r-- | akmods/certs/private_key.priv.test | 52 | ||||
| -rw-r--r-- | akmods/certs/public_key.der | bin | 0 -> 1458 bytes | |||
| -rw-r--r-- | akmods/certs/public_key.der.test | bin | 0 -> 1556 bytes | |||
| -rwxr-xr-x | akmods/install.sh | 7 | ||||
| -rwxr-xr-x | akmods/prep.sh | 27 |
10 files changed, 377 insertions, 0 deletions
diff --git a/akmods/Containerfile b/akmods/Containerfile new file mode 100644 index 0000000..5d2c892 --- /dev/null +++ b/akmods/Containerfile @@ -0,0 +1,21 @@ +ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/base" +ARG FEDORA_VERSION="${FEDORA_VERSION:-39}" + +FROM ${BASE_IMAGE}:${FEDORA_VERSION} as builder +ARG NVIDIA_VERSION="${NVIDIA_VERSION:-535}" + +COPY prep.sh /tmp/prep.sh +COPY build_*.sh /tmp +COPY install.sh /tmp/install.sh +COPY certs /tmp/certs +COPY akmods-cert.spec /tmp/akmods-cert/akmods-cert.spec + +RUN /tmp/prep.sh + +RUN /tmp/build_nvidia.sh ${NVIDIA_VERSION} +RUN /tmp/build_cert.sh + +RUN /tmp/install.sh + +FROM scratch +COPY --from=builder /var/cache/rpms /rpms diff --git a/akmods/NOTICE.md b/akmods/NOTICE.md new file mode 100644 index 0000000..99e8f10 --- /dev/null +++ b/akmods/NOTICE.md @@ -0,0 +1,209 @@ +# ublue-os/akmods + +The section uses code derived from ublue-os' [akmods](https://github.com/ublue-os/akmods) repository. +Specifically `build-ublue-os-akmods-addons.sh`, `ublue-os-akmods-addons.spec`, `build-prep.sh`, and +`build-kmod-nvidia.sh` were modified + +``` + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +``` diff --git a/akmods/akmods-cert.spec b/akmods/akmods-cert.spec new file mode 100644 index 0000000..3512f76 --- /dev/null +++ b/akmods/akmods-cert.spec @@ -0,0 +1,25 @@ +Name: getchoo-akmods-cert +Version: 0.1 +Release: %autorelease +Summary: getchoo's public certificate for signed akmods +License: MIT +URL: https://github.com/getchoo/fedora-oci-images +BuildArch: noarch +Supplements: mokutil policycoreutils + +Source0: public_key.der + +%description +getchoo's public certificate for enabling secure boot with applicable signed akmods + +%prep +%autosetup -c -T + +%install +install -Dm644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/akmods/certs/akmods-getchoo.der + +%files +%attr(0644,root,root) %{_sysconfdir}/pki/akmods/certs/akmods-getchoo.der + +%changelog +%autochangelog diff --git a/akmods/build_cert.sh b/akmods/build_cert.sh new file mode 100755 index 0000000..65e60e7 --- /dev/null +++ b/akmods/build_cert.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -euxo pipefail + +install -D /etc/pki/akmods/certs/public_key.der /tmp/akmods-cert/rpmbuild/SOURCES/public_key.der +rpmbuild -ba \ + --define '_topdir /tmp/akmods-cert/rpmbuild' \ + --define '%_tmppath %{_topdir}/tmp' \ + /tmp/akmods-cert/akmods-cert.spec diff --git a/akmods/build_nvidia.sh b/akmods/build_nvidia.sh new file mode 100755 index 0000000..1931149 --- /dev/null +++ b/akmods/build_nvidia.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +set -euxo pipefail + +_usage=" +usage: ./build_nvidia.sh nvidia_driver_version +" + +if [ $# -lt 1 ]; then + echo "$_usage" + exit 1 +fi + +NVIDIA_VERSION="$1" +release="$(rpm -E '%fedora.%_arch')" + +rpm-ostree install \ + akmod-nvidia-"$NVIDIA_VERSION"* \ + xorg-x11-drv-nvidia-{cuda,power}-"$NVIDIA_VERSION"* \ + +# Either successfully build and install the kernel modules, or fail early with debug output +kernel_version="$(rpm -q kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" +akmod_version="$(basename "$(rpm -q akmod-nvidia --queryformat '%{VERSION}-%{RELEASE}')" ".fc${release%%.*}")" + +akmods --force --kernels "$kernel_version" --kmod nvidia + +if ! modinfo /usr/lib/modules/"$kernel_version"/extra/nvidia/nvidia{,-drm,-modeset,-peermem,-uvm}.ko.xz &> /dev/null; then + cat /var/cache/akmods/nvidia/"$akmod_version"-for-"$kernel_version".failed.log && exit 1 +fi diff --git a/akmods/certs/private_key.priv.test b/akmods/certs/private_key.priv.test new file mode 100644 index 0000000..7eaeb62 --- /dev/null +++ b/akmods/certs/private_key.priv.test @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCnhbl1MBCEH530 +8yr+Hz0pnp4If2+fUX2p2fEdEYYhKCPV35PnICTkMxQQn/ZFSb+XN12e96ljgjne +mt7O87xrzaGKr6COEHiq7oT+y8gl3QOP4nJaufDQSOFpI+RIgNH40Kids1KJe82z +kAjSXIAeCX2P1CxvE1PFUN7QlsEm/6iVyGb6g6WmQ4mETBHJqJO0uKvj1+SmPo5p +QE1zixHJganmqwurpFdbpuj6Ss2HUtyEzFq7b7wFJiOiVQW70ihErUAHh+Kvy5cO +jjGvpOdkbvxJEQG/G9TkaUBwO/a+u1HSGVMEpQcVTJwgHWBd59ueTApm1bNQDFM4 +RsxoltFe1x0NLpbBDgHouTz+6JIIn4qC/ALWA54pQsjBhzEk49maZdgztyGYYGuE +TkSwIBPud+13syY38FgbOQwCCYz4JN00Q0BPmkBhKdvxcbwTR/s/QXUssinjR5JS +Ynp1keKXx7ITLT+N9euVhMGBt1WPFNSYaFQ575yOKPSQ627ioJDvFByJGlew5hOI +sRjIRsifu7uncSaOb1PqMwHVqWqSfQOrh7qvNUuTyTojsWpeS1PB5qAE8D7NWzhl +fUvJyIaYqt4APj3vrBOcdRD4humDJQ2ezuaAOg9DtqqdQ0sI1yMG/eV+BlP9a987 +VTO2DqjGwQeLdy78biY5WUqftmyTaQIDAQABAoICAAy/HnKJ4NXWzIdq+cBaiuY3 +7x0lKi6AjjvebQvZzZ+H/PsM7yVw0xHIh6wwqbXRs9nrEOzzugAr9GCJXu73CYUX +4UTq0mAA5ZeW/Mhg49aqs5bPA4W+/HFyvDEKdbglEiT5Jn1SW9NBd/BD40HzXx25 ++eN34NYmTbNXsQ6EzAdeQFr+Q8Snv/LP1H68JYXXNX70psKYRqn2HFKqnYIPSMAR +BUcbiHCr2WhMQdGqn6sebVBO9s/og3FOWruDNeOZzO3V02eHScK3zmOBgwsS9HbW +QYzDNiNvGBK1pf0sON0AJoyCmAgkUO7IVKBWb+LRTasErO1wcPuEJpBjhbHnGODb +cqxXOUJFESxkJpeWwmGVJ3IF8tF0j2jTsPpSCCB9doqog5tK5w8J7ZP2SflfZ8RC +U+JBJzBSu5IefoUgvCpxwBBGPX7ctWPoffDu68t9FVeD8Htucvj8tlN4g6U2C38r +IeamGl2eeMnQE7HCUJGAJcvuCasG+zmd2VO3oUV2ApI4YTTkO5F6VRPry2kGcFx0 +c6gj7X4+LIkAOWUvEy3cEuePzNIiKZS2b9tlwemSy8r39SPNXjxJgk0XdGCXW1ua +opjaD+kY9G2IfnfMHTXbVSjbRUA3ovXnLe0B5NBTIHbKwZW0XDBokh/fXewyFD8G +tkBCqDcoL8H6VGatvV0RAoIBAQDmUo/PaBDlel6oOKQL9xkoKOEUMZGpl/LyhDIy +LnaNdn/pd9sJF/i5TbfYCunTCyayERM0twN1OueyXavxIsTcIV0otAbMP9hU8Nbw +bCYFmDJiB9qSfGUMyPJwnq/EKZ3jAd/Lz5mgfZzGo/P4KM680heriHNGu1zxiRVl +O3pHgRvmFUU1ZVhTHVs+Rd6liz45A2iEm7lIHAPvNF4pC6/JE6zjp6a7+C28heSf +rOKViC+Hb8CApczo5B7VDTEYHUYXhF5wDEPqnKKwMxPXCk8/AJSKbVWcfV3iJpoR +lExJRqUpfm7tg9LJx+j/qM6+J2A+QEHZOgzKjNZJrN7s4pg5AoIBAQC6MtZYPYS+ +BtNxZbQwnSaqPGkCjZcP9TZkTKUZPmKcOtyR9oL37raLI1K1l5DnSHFrLdQeXAgf +gg+hrWMAAhQ6tjr6S1ZhHZDxUM5+lGIij1//xq4Xd/opSklH9ufc0WHr+YCcaq/3 +lvZ1aJkZKKQY4BIge00ph+e6zswvDMPjHNcGtS6hhghdVkFSl7rc5KZYJh9IdHdq +XbuGqxuLhJOx0AsHQ5uorgwp2Oc+l9RfMIhDyBwcLC2KUYY4DGLc2/yKfzfS/lGo +weJEVlkJ8V1jy2H+ZHCMlLnILYZw39PH6jwMBSKRxpj7dHGra9QVBxpkgDms0fc1 +vd3UaUeMA/SxAoIBAAao5n2hzbNE+Y21rZCnAXQ20mNKF6MmwKCgj+8Bhu4KOiKf +E5dMuSVqiOFXV3GBxgmqErsYe6IdJOv0Z29eiQCwekgeBIBNbEzwddaX2fWZdAN/ +pKNNs4JOISx+eiia53TT7guvogqQ90KLJRfM3kV5cbPFC0hFTKezRgoaUSvWIN9j +SBAGMSqeE7BWRtzUjOULIy+KbS4XmUmGYx6etuOCjSI8C8ctouzrljPDxP175Zvt +8EwH/0fQqM+SRRQkbI1rh2uH/0K+arnbkDxMkQQKWUEzbiFLQrayVQwjFJ2dzFLJ +1B1MDYFGJYeW8vtumgrSwtSsKAiHT/7rX7rLxokCggEAPMb7UDJEcgKoYgtglb22 +MTsmy76L4JmZ94NNIMBMT9KmzL46YdN5olEVXlDq65Op8eIzqvU/cYlysMN33TjQ +gZmaBrkwqOKNvTczL/4fSkiifUrM6Lww2+lzohnl9R4jaHM4l9X7OkX8jLZnwt6R +Mc1yHUgiF7xU15VI8NKp3ig7x+S8I90sPcs550u/ovq/kWZgL7ZUhFO0MnEHvLK5 +wwC1mNlopdaqAb7bPIMyvx+IWxemlUuWUd/qf8ELRCxKcqqz/hslbIBc6xGEXsp6 +QWjRw8flNP4W5lB14cItzsOWdhX3Ar5gkTOhJuM7huGaq9NvAApJNzGShxMWV42z +AQKCAQEA2MYJY/MDQErTLj9KDHY9/z+WQCzFJhqTUGabiTgKCW7kKo3amnkMHUT6 +Rrs+bGtBc5pE8w8lfTNNrt2uI8O5dKAymc+ZUFMozwp3y80tJsYxHFm+I85siu5p +OEsYgBe1NM9zkB2JhuC80G/4J/EPjEpbUcYBqutTNPMGh0TGMGotDSfWGlen/N+2 +pWRib9UosuHO32jgke8CmyffOmYsSIJtedofn8wWOCh0qcFhILkL665Y6t5MQ2ag +7C0nihqnxnH8mXRRgXEBajfsep4idNu3dmuGpSFWqNqLUEpo6f27UE4xnlNgOBu0 +zZ2p5aYoccVEV0+x6AvPPwe3Gc9vvw== +-----END PRIVATE KEY----- diff --git a/akmods/certs/public_key.der b/akmods/certs/public_key.der Binary files differnew file mode 100644 index 0000000..52c36da --- /dev/null +++ b/akmods/certs/public_key.der diff --git a/akmods/certs/public_key.der.test b/akmods/certs/public_key.der.test Binary files differnew file mode 100644 index 0000000..73af0d3 --- /dev/null +++ b/akmods/certs/public_key.der.test diff --git a/akmods/install.sh b/akmods/install.sh new file mode 100755 index 0000000..d8d1a87 --- /dev/null +++ b/akmods/install.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -euxo pipefail + +cp /tmp/akmods-cert/rpmbuild/RPMS/noarch/getchoo-akmods-cert*.rpm /var/cache/rpms/akmods-cert/ +find /var/cache/akmods -type f -name \*.rpm | while read -r rpm; do + cp "$rpm" /var/cache/rpms/kmods/ +done diff --git a/akmods/prep.sh b/akmods/prep.sh new file mode 100755 index 0000000..b7ee4ae --- /dev/null +++ b/akmods/prep.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +set -euxo pipefail + +# enable alternatives (for ld to be available) +mkdir -p /var/lib/alternatives + +# install rpmfusion +release=$(rpm -E %fedora) +rpm-ostree install \ + "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$release.noarch.rpm" \ + "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$release.noarch.rpm" + +rpm-ostree install akmods mock + +if [ ! -e /tmp/certs/private_key.priv ]; then + echo "WARNING: Using test signing key." >> "${GITHUB_OUTPUT:-/dev/stdout}" + cp /tmp/certs/private_key.priv{.test,} + cp /tmp/certs/public_key.der{.test,} +fi + +install -Dm644 {/tmp/certs,/etc/pki/akmods/certs}/public_key.der +install -Dm644 {/tmp/certs,/etc/pki/akmods/private}/private_key.priv + +# directory for signed artifacts +mkdir -p /var/cache/rpms/kmods +# directory for akmods public cert +mkdir -p /var/cache/rpms/akmods-cert |