import akmods-0.5.7-8.el9

7 months ago · 3a6264113e
commit 3a6264113e
22 changed files with 1954 additions and 0 deletions
--- a/.akmods.metadata
+++ b/.akmods.metadata
--- a/SOURCES/95-akmods.preset
+++ b/SOURCES/95-akmods.preset
@ -0,0 +1,8 @@
 # Also see:
 # https://fedoraproject.org/wiki/Starting_services_by_default
 # Installing presets is not the preferred solution but until another one
 # presents itself:
 # https://bugzilla.rpmfusion.org/show_bug.cgi?id=3713
 enable akmods.service
 #enable akmods-shutdown.service
--- a/SOURCES/95-akmodsposttrans.install
+++ b/SOURCES/95-akmodsposttrans.install
@ -0,0 +1,65 @@
 #!/bin/bash -
 #
 # 95-akmodposttrans.install - Calls akmods for newly installed kernels
 #
 # Copyright (c) 2019 Nicolas Viéville <nicolas.vieville@uphf.fr>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 COMMAND="$1"
 KERNEL_VERSION="$2"
 BOOT_DIR_ABS="$3"
 KERNEL_IMAGE="$4"
 # just check in case a user calls this directly
 if [[ ! -w /var ]] ; then
 	echo "Needs to run as root to be able to install rpms." >&2
 	exit 4
 fi
 if [[ ! -n "${KERNEL_VERSION}" ]] ; then
 	exit 1
 fi
 case "${COMMAND}" in
 	add)
 		# needs to run in background as rpmdb might be locked otherwise
 		if [ -e /bin/systemctl ] ; then
 			# Exit early if system-update.target is active - rhbz#1518401
 			/bin/systemctl is-active system-update.target &>/dev/null
 			RET=$?
 			[ $RET == 0 ] && exit 0
 			/bin/systemctl restart akmods@${KERNEL_VERSION}.service --no-block >/dev/null 2>&1
 		else
 			nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${KERNEL_VERSION} > /dev/null 2>&1 &
 		fi
 		exit 0
 		;;
 	remove)
 		# Nothing to do
 		;;
 	*)
 		;;
 esac
 exit 0
--- a/SOURCES/LICENSE
+++ b/SOURCES/LICENSE
@ -0,0 +1,18 @@
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
 "Software"), to deal in the Software without restriction, including
 without limitation the rights to use, copy, modify, merge, publish,
 distribute, sublicense, and/or sell copies of the Software, and to
 permit persons to whom the Software is furnished to do so, subject to
 the following conditions:
 The above copyright notice and this permission notice shall be
 included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/SOURCES/README
+++ b/SOURCES/README
@ -0,0 +1,12 @@
 Akmods startup script will rebuild akmod packages during system
 boot, while its background daemon will build them for kernels right
 after they were installed.
 The akmods systemd service provides both, and is enabled by default.
 The akmods-shutdown service is disabled by default but can, in some
 circumstances, provide an additional chance to build and install a kernel
 module. Users who would prefer longer shutdowns over delayed startups
 may wish to consider enabling it with the following command:
    sudo systemctl enable --now akmods-shutdown.service
--- a/SOURCES/README.secureboot
+++ b/SOURCES/README.secureboot
@ -0,0 +1,51 @@
 Secure boot is a setup using UEFI firmware to check cryptographic
 signatures on the bootloader and associated OS kernel to ensure they
 have not been tampered with or bypassed in the boot process.
 This verification can be extended to Kernel and its modules.
 It's default case in Fedora with UEFI and Secure boot enabled.
 Fedora Project have signed kernels and also main modules with Fedora
 Key, but 3rd party modules as NVidia, VirtualBox, etc. need to be signed
 to load.
 Akmods provides an enroll process to sign third party modules with your
 own keypair.
 At the first run of the akmods.service, certificate and keypair will be
 created with default value using the '/usr/sbin/kmodgenca' script.
 You may also wish to manually create your own certificate and keypair
 with `/usr/sbin/kmodgenca` command.
 If '/usr/sbin/kmodgenca' is launched with the '-a' parameter, it will
 use default values to complete the cacert.config file, and to generate
 automatically the cert and the private key.
 If '/usr/sbin/kmodgenca' is launched without parameters, user will be
 prompted to complete manually the cacert.config file, then the cert and
 the private key will be automatically generated.
 If the cert and the private key files already exist,
 '/usr/sbin/kmodgenca' will exit unless the '-f' parameter is used.
 The cert and the private key are stored respectively in
 /etc/pki/akmods/certs and /etc/pki/akmods/private/ directories.
 Now you need to enroll the public key in MOK, this process is described
 below.
 - Ask MOK to enroll new keypair with certificate with the command
  `mokutil --import /etc/pki/akmods/certs/public_key.der`.
 - mokutil asks to generate a password to enroll the public key.
 - Rebooting the system is needed for MOK to enroll the new public key.
 - On next boot MOK Management is launched and you have to choose
  "Enroll MOK".
 - Choose "Continue" to enroll the key or "View key 0" to show the keys
  already enrolled.
 - Confirm enrollment by selecting "Yes".
 - You will be invited to enter the password generated above.
  WARNING: keyboard is mapped to QWERTY!
 - The new key is enrolled, and system ask you to reboot.
 You can confirm the enrollment of the new keypair once the system
 rebooted with:
 `mokutil --list-enrolled | grep Issuer`
 or with:
 `mokutil --test-key /etc/pki/akmods/certs/public_key.der`
--- a/SOURCES/akmods
+++ b/SOURCES/akmods
@ -0,0 +1,575 @@
 #!/bin/bash -
 ########################################################################
 #
 # akmods - Rebuilds and install akmod RPMs
 # Copyright (c) 2007, 2008 Thorsten Leemhuis <fedora@leemhuis.info>
 # Copyright (c) 2018 Nicolas Chauvet <kwizart@gmail.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 ########################################################################
 #
 # ToDo:
 # - use yum/dnf to install required kernel-devel packages?
 # - better way to detect if a earlier build failed or succeeded
 # - special kernel "all" (all that are installed with a matching -devel package; could be called from posttrans in akmods packages)
 # - manpage
 # - make it configurable if kmod building is done with nohup
 # - check on shutdown if akmods is still running and let it finish before continuing
 # - make it configurable if kmods from the repo replace local ones
 # global vars
 myprog="akmods"
 myver="0.5.7"
 kmodlogfile=
 continue_line=""
 tmpdir=
 kernels=
 verboselevel=2
 # We cannot differenciate from a code failure to shutdown kill9 oom etc
 # So we always retry anyway
 alwaystry=1
 akmods_echo()
 {
 	# where to output
 	local this_fd=${1}
 	shift
 	# verboselevel
 	local this_verbose=${1}
 	shift
 	# output to console
 	if (( ${verboselevel} >= ${this_verbose} )) ; then
 		if [[ "${1}" == "--success" ]] ; then
 			echo_success
 			continue_line=""
 			echo
 			return 0
 		elif [[ "${1}" == "--failure" ]] ; then
 			echo_failure
 			echo
 			continue_line=""
 			return 0
 		elif [[ "${1}" == "--warning" ]] ; then
 			echo_warning
 			echo
 			continue_line=""
 			return 0
 		elif [[ "${1}" == "-n" ]] ; then
 			continue_line="true"
 		fi
 		echo "$@" >&${this_fd}
 	fi
 	# no need to print the status flags in the logs
 	if [[ "${1}" == "--success" ]] || [[ "${1}" == "--failure" ]] || [[ "${1}" == "--warning" ]] ; then
 		return 0
 	fi
 	# no need to continues in the log
 	if [[ "${1}" == "-n" ]] ; then
 		shift
 	fi
 	# global logfile
 	echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "/var/log/akmods/akmods.log"
 	# the kmods logfile as well, if we work on a kmod
 	if [[ -n "${kmodlogfile}" ]] ; then
 		echo "$(date +%Y/%m/%d\ %H:%M:%S) akmods: $@" >> "${kmodlogfile}"
 	fi
 }
 finally()
 {
 	# remove tmpfiles
 	remove_tmpdir
 	# remove lockfile
 	rm -f /var/cache/akmods/.lockfile
 	exit ${1:-128}
 }
 # Make sure finally() is run regardless of reason for exiting.
 trap "finally" ABRT HUP INT QUIT
 create_tmpdir()
 {
 	if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then
 		akmods_echo 2 1 "ERROR: failed to create tmpdir."
 		akmods_echo 2 1 --failure ; return 1
 	fi
 	if ! mkdir "${tmpdir}"results ; then
 		akmods_echo 2 1 "ERROR: failed to create result tmpdir."
 		akmods_echo 2 1 --failure ; return 1
 	fi
 }
 remove_tmpdir()
 {
 	# remove tmpfiles
 	if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]] ; then
 		rm -f "${tmpdir}"results/* "${tmpdir}"*.log
 		rmdir "${tmpdir}"results/ "${tmpdir}"
 	fi
 }
 cleanup_cachedir ()
 {
 	for one_file in $(ls /var/cache/akmods/*/* 2>/dev/null | \
 					  grep -v "$(ls -I "*rescue*" /boot/vmlinuz-* | \
 					  sed 's%.*vmlinuz-%%g')") ; do
 		if $(grep -qE ".*\.rpm$" <<< "${one_file}") ; then
 			if ! $(rpm -q "$(basename ${one_file%.rpm})" >/dev/null) ; then
 				rm -f "${one_file}"
 			fi
 		else
 			rm -f "${one_file}"
 		fi
 	done
 }
 init ()
 {
 	# some security provisions
 	\export PATH='/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'
 	\unalias -a
 	hash -r
 	# https://bugzilla.rpmfusion.org/show_bug.cgi?id=4023
 	#ulimit -H -c 0 --
 	IFS=$' \t\n'
 	UMASK=022
 	umask ${UMASK}
 	# fall back to current kernel if user didn't provide one
 	if [[ ! -n "${kernels}" ]] ; then
 		kernels="$(uname -r)"
 	fi
 	# ensure to build for grub default kernel
 	default_kernel=$(grubby --default-kernel | sed -e 's/^.*vmlinuz-//')
 	if ! $(echo "${kernels}" | grep -q "${default_kernel}") ; then
 		kernels="${kernels} ${default_kernel}"
 	fi
 	# we get the echo_{success,failure} stuff from there
 	if [[ -r /etc/rc.d/init.d/functions ]] ; then
 		source /etc/rc.d/init.d/functions
 	else
 		# Use our own simple replacements
 		echo_success() {
 			echo -ne " [  OK  ]\r"
 			return 0
 		}
 		echo_failure() {
 			echo -ne " [FAILED]\r"
 			return 1
 		}
 		echo_warning() {
 			echo -ne " [WARNING]\r"
 			return 1
 		}
 	fi
 	# needs root permissions
 	if [[ ! -w /var ]] ; then
 		echo -n "Needs to run as root to be able to install rpms." >&2
 		echo_failure ; echo ; exit 1
 	fi
 	# no akmods
 	if [[ ! -d "/usr/src/akmods/" ]] ; then
 		echo -n "/usr/src/akmods/ not found." >&2
 		echo_failure ; echo ; exit 1
 	fi
 	# if there are no akmod packages installed there is nothing to do for us
 	if ! ls /usr/src/akmods/*-kmod.latest &> /dev/null ; then
 		echo -n "No akmod packages found, nothing to do." >&2
 		echo_success ; echo ; exit 0
 	fi
 	# now that we know that we're root make sure our dir for logging and results is available
 	if [[ ! -d "/var/cache/akmods/" ]] ; then
 		if ! mkdir -p "/var/cache/akmods/" ; then
 			echo -n "/var/cache/akmods/ not found and could not be created" >&2
 			echo_failure ; echo ; exit 1
 		fi
 	fi
 	if [[ ! -w "/var/cache/akmods/" ]] ; then
 		echo -n "/var/cache/akmods/ not writable" >&2
 		echo_failure ; echo ; exit 1
 	fi
 	# tools needed
 	for tool in akmodsbuild chown flock sed rpmdev-vercmp ; do
 		if ! which "${tool}" &> /dev/null ; then
 			echo -n "${tool} not found" >&2
 			echo_failure ; echo ; exit 1
 		fi
 	done
 	# create lockfile and wait till we get it
 	exec 99>/run/akmods/akmods.lock
 	flock -w 900 99
 }
 buildinstall_kmod()
 {
 	local this_kernelver=${1}
 	local this_kmodname=${2}
 	local this_kmodsrpm=${3}
 	local this_kmodverrel=${4}
 	if [[ ! -r "${this_kmodsrpm}" ]] ; then
 		akmods_echo 2 1 "ERROR: ${this_kmodsrpm} not found."
 		akmods_echo 2 1 --failure ; return 1
 	fi
 	# result and logdir
 	if [[ ! -d "/var/cache/akmods/${this_kmodname}" ]] ; then
 		if ! mkdir "/var/cache/akmods/${this_kmodname}" ; then
 			akmods_echo 2 1 "ERROR: could not create /var/cache/akmods/${this_kmodname}."
 			akmods_echo 2 1 --failure ; return 1
 		fi
 	fi
 	## preparations
 	# tmpdir
 	create_tmpdir
 	# akmods needs to write there (and nobody else, but mktemp takes care of that!)
 	chown akmods "${tmpdir}" "${tmpdir}"results
 	# remove old logfiles if they exist
 	rm -f "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log" "/var/cache/akmods/${this_kmodname}/.last.log"
 	# create a per kmod logfile
 	if ! touch "/var/cache/akmods/${this_kmodname}/.last.log" ; then
 		akmods_echo 2 1 "ERROR: failed to create kmod specific logfile."
 		return 1
 	fi
 	# akmods_echo will log to this file from now on as well
 	kmodlogfile="/var/cache/akmods/${this_kmodname}/.last.log"
 	# Unset TMPDIR since it is misused by "runuser"
 	# https://bugzilla.rpmfusion.org/show_bug.cgi?id=2596
 	unset TMPDIR
 	# build module using akmod
 	akmods_echo 1 4 "Building RPM using the command '$(which akmodsbuild) --kernels ${this_kernelver} ${this_kmodsrpm}'"
 	/sbin/runuser -s /bin/bash -c "$(which akmodsbuild) --quiet --kernels ${this_kernelver} --outputdir ${tmpdir}results --logfile ${tmpdir}/akmodsbuild.log ${this_kmodsrpm}" akmods >> "${kmodlogfile}" 2>&1
 	local returncode=$?
 	# copy rpmbuild log to kmod specific logfile
 	if [[ -s "${tmpdir}"/akmodsbuild.log ]] ; then
 		while read line ; do
 			echo "$(date +%Y/%m/%d\ %H:%M:%S) akmodsbuild: ${line}" >> "${kmodlogfile}"
 		done < "${tmpdir}"/akmodsbuild.log
 	fi
 	# result
 	if (( ! ${returncode} == 0 )) ; then
 		if [[ -n "${continue_line}" ]] ; then
 			akmods_echo 1 2 --failure
 		fi
 		akmods_echo 2 1 "Building rpms failed; see /var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log for details"
 		cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log"
 		kmodlogfile=""
 		remove_tmpdir
 		return 4
 	fi
 	# dnf/yum install - repository disabled on purpose see rfbz#3350
 	akmods_echo 1 4 "Installing newly built rpms"
 	if [[ -f /usr/bin/dnf ]] ; then
 		akmods_echo 1 4 "DNF detected"
 		dnf -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1
 	else
 		akmods_echo 1 4 "DNF not found, using YUM instead."
 		yum -y install --disablerepo='*' $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) >> "${kmodlogfile}" 2>&1
 	fi
 	local returncode=$?
 	# place the newly built rpms where user expects them
 	cp "${tmpdir}results/"* "/var/cache/akmods/${this_kmodname}/"
 	# everything fine?
 	if (( ${returncode} != 0 )) ; then
 		if [[ -n "${continue_line}" ]] ; then
 			akmods_echo 1 2 --failure
 		fi
 		akmods_echo 2 1 "Could not install newly built RPMs. You can find them and the logfile in:"
 		akmods_echo 2 1 "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log"
 		cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.failed.log"
 		kmodlogfile=""
 		remove_tmpdir
 		return 8
 	fi
 	# finish
 	akmods_echo 1 4 "Successful."
 	cp -fl "${kmodlogfile}" "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}.log"
 	kmodlogfile=""
 	remove_tmpdir
 	return 0
 }
 check_kmod_up2date()
 {
 	local this_kernelver=${1}
 	local this_kmodname=${2}
 	local kmodpackage_file="$(modinfo ${this_kmodname} -k ${this_kernelver} -n 2>/dev/null)"
 	# kmod present, even with weak-modules?
 	if [[ ! -n "${kmodpackage_file}" ]] && [[ ! -d /lib/modules/${this_kernelver}/extra/${this_kmodname}/ ]] ; then
 		# build it
 		return 1
 	fi
 	# kmod up2date?
 	# Weak module symlink case
 	if [ -n "${kmodpackage_file}" ] && [ -h "${kmodpackage_file}" ] && $(echo "${kmodpackage_file}" | grep -q "weak-updates") ; then
 		local kmodpackage="$(rpm -qf $(readlink -e ${kmodpackage_file}) 2> /dev/null)"
 	# Regular module file case
 	else
 		local kmodpackage="$(rpm -qf /lib/modules/${this_kernelver}/extra/${this_kmodname}/ 2> /dev/null)"
 	fi
 	if [[ ! -n "${kmodpackage}" ]] ; then
 		# seems we didn't get what we wanted
 		# well, better to do nothing in this case
 		akmods_echo 1 2 -n "Warning: Could not determine what package owns /lib/modules/${this_kernelver}/extra/${this_kmodname}/"
 		return 0
 	fi
 	local kmodver=$(rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' "${kmodpackage}" | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g')
 	local akmodver=$(rpm -qp --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' /usr/src/akmods/"${this_kmodname}"-kmod.latest | sed 's|(none)|0|; s!\.\(fc\|el\|lvn\)[0-9]*!!g')
 	rpmdev-vercmp "${kmodver}" "${akmodver}" &>/dev/null
 	local retvalue=$?
 	if [[ "$retvalue" == 0 ]] ; then
 		# Versions are the same. Nothing to do.
 		return 0
 	elif [[ "$retvalue" == 11 ]] ; then
 		# kmod is newer, nothing to do.
 		return 0
 	elif [[ "$retvalue" == 12 ]] ; then
 		# akmod is newer, need to build kmod.
 		return 1
 	else
 		# Something went wrong
 		akmods_echo 1 2 -n "Error: Could not determine if akmod is newer than the installed kmod"
 		akmods_echo 1 2 --failure
 		return 0
 	fi
 }
 check_kmods()
 {
 	local this_kernelver="${1}"
 	akmods_echo 1 2 -n "Checking kmods exist for ${this_kernelver}"
 	for akmods_kmodfile in /usr/src/akmods/*-kmod.latest ; do
 		local this_kmodname="$(basename ${akmods_kmodfile%%-kmod.latest})"
 		# actually check this akmod?
 		if [[ -n "${akmods}" ]] ; then
 			for akmod in ${akmods} ; do
 				if [[ "${this_kmodname}" != "${akmod}" ]] ; then
 					# ignore this one
 					continue 2
 				fi
 			done
 		fi
 		# go
 		if ! check_kmod_up2date ${this_kernelver} ${this_kmodname} ; then
 			# okay, kmod wasn't found or is not up2date
 			if [[ -n "${continue_line}" ]] ; then
 				akmods_echo 1 2 --success
 				# if the files for building modules are not available don't even try to build modules
 				if [[ ! -r /usr/src/kernels/"${this_kernelver}"/Makefile ]] && \
 				   [[ ! -r /lib/modules/"${this_kernelver}"/build/Makefile ]] ; then
 					akmods_echo 1 2 "Files needed for building modules against kernel"
 					akmods_echo 1 2 "${this_kernelver} could not be found as the following"
 					akmods_echo 1 2 "directories are missing:"
 					akmods_echo 1 2 "/usr/src/kernels/${this_kernelver}/"
 					akmods_echo 1 2 -n "/lib/modules/${this_kernelver}/build/"
 					akmods_echo 1 2 -n "Is the correct kernel-devel package installed?"
 					akmods_echo 1 2 --failure
 					return 1
 				fi
 			fi
 			local this_kmodverrel="$(rpm -qp --qf '%{VERSION}-%{RELEASE}' "${akmods_kmodfile}" | sed 's!\.\(fc\|el\|lvn\)[0-9]*!!g' )"
 			if [[ ! -n "${alwaystry}" ]] && [[ -e "/var/cache/akmods/${this_kmodname}/${this_kmodverrel}-for-${this_kernelver}".failed.log ]] ; then
 				akmods_echo 1 2 -n "Ignoring ${this_kmodname}-kmod as it failed earlier"
 				akmods_echo 1 2 --warning
 				local someignored="true"
 			else
 				akmods_echo 1 2 -n "Building and installing ${this_kmodname}-kmod"
 			 	buildinstall_kmod ${this_kernelver} ${this_kmodname} ${akmods_kmodfile} ${this_kmodverrel}
 				local returncode=$?
 				if [[ "$returncode" == "0" ]] ; then
 					akmods_echo 1 2 --success
 					local somesucceeded="true"
 				elif [[ "$returncode" == "8" ]] ; then
 					akmods_echo 1 2 --failure "New kmod RPM was built but could not be installed."
 				else
 					local somefailed="true"
 				fi
 			fi
 		fi
 	done
 	if [[ -n "${continue_line}" ]] ; then
 		akmods_echo 1 2 --success
 	elif [[ -n "${someignored}" ]] || [[ -n "${somefailed}" ]] ; then
 		echo
 		akmods_echo 1 2 "Hint: Some kmods were ignored or failed to build or install."
 		akmods_echo 1 2 "You can try to rebuild and install them by by calling"
 		akmods_echo 1 2 "'/usr/sbin/akmods --force' as root."
 		echo
 		sleep 2
 	fi
 	# akmods for newly installed akmod rpms as wells as akmods.service run
 	# after udev and systemd-modules-load.service have tried to load modules
 	if [[ -n "${somesucceeded}" ]] && [[ ${this_kernelver} = "$(uname -r)" ]] ; then
 		find /sys/devices -name modalias -print0 | xargs -0 cat | xargs modprobe -a -b -q
 		if [ -f /usr/bin/systemctl ] ; then
 			systemctl restart systemd-modules-load.service
 		fi
 	fi
 }
 myprog_help ()
 {
 	echo "Checks the akmod packages and rebuilds them if needed"
 	echo $'\n'"Usage: ${myprog} [OPTIONS]"
 	echo $'\n'"Options:"
 	echo " --force             -- try all, even if they failed earlier"
 	echo " --kernels <kernel>  -- build and install only for kernel <kernel>"
 	echo "                        (formatted the same as 'uname -r' would produce)"
 	echo " --akmod <akmod>     -- build and install only akmod <akmod>"
 }
 # first parse command line options
 while [ "${1}" ] ; do
 	case "${1}" in
 		--kernel|--kernels)
 			shift
 			if [[ ! -n "${1}" ]] ; then
 				echo "ERROR: Please provide the kernel-version to build for together with --kernel" >&2
 				exit 1
 			elif [[ ! -r /usr/src/kernels/"${1}"/Makefile ]] && \
 				 [[ ! -r /lib/modules/"${1}"/build/Makefile ]] ; then
 				echo "Could not find files needed to compile modules for ${1}"
 				echo "Are the development files for kernel ${1} or the appropriate kernel-devel package installed?"
 				exit 1
 			elif [[ -r /usr/src/kernels/"${1}"/Makefile ]] && \
 				 [[ ! -d /lib/modules/"${1}" ]] ; then
 				# this is a red hat / fedora kernel-devel package, but the kernel for it is not installed
 				# kmodtool would add a dep on that kernel when building; thus when we'd try to install the
 				# rpms we'd run into a missing-dep problem. Thus we prevent that case
 				echo "Kernel ${1} not installed"
 				exit 1
 			fi
 			# overwrites the default:
 			if [[ ! -n "${kernels}" ]] ; then
 				kernels="${1}"
 			else
 				kernels="${kernels} ${1}"
 			fi
 			# an try to build, even if we tried already
 			alwaystry=true
 			shift
 			;;
 		--akmod|--kmod)
 			shift
 			if [[ ! -n "${1}" ]] ; then
 				echo "ERROR: Please provide a name of a akmod package together with --akmods" >&2
 				exit 1
 			elif [[ -r /usr/src/akmods/"${1}"-kmod.latest ]] ; then
 				akmods="${akmods}${1} "
 			elif [[ -r /usr/src/akmods/"${1}".latest ]] ; then
 				akmods="${akmods}${1%%-kmod} "
 			else
 				echo "Could not find akmod ${1}"
 				exit 1
 			fi
 			shift
 			;;
 		--force)
 			alwaystry=true
 			shift
 			;;
 		--from-init)
 			# just in case: remove stale lockfile if it exists:
 			rm -f /var/cache/akmods/.lockfile
 			# Clean old logs and rpm files from no more installed kmod
 			# packages.
 			cleanup_cachedir
 			shift
 			;;
 		--from-posttrans|--from-kernel-posttrans|--from-akmod-posttrans)
 			# ignored
 			shift
 			;;
 		--verbose)
 			let verboselevel++
 			shift
 			;;
 		--quiet)
 			let verboselevel--
 			shift
 			;;
 		--help)
 			myprog_help
 			exit 0
 			;;
 		--version)
 			echo "${myprog} ${myver}"
 			exit 0
 			;;
 		*)
 			echo "Error: Unknown option '${1}'." >&2
 			myprog_help >&2
 			exit 2
 			;;
 	esac
 done
 # sanity checks
 init
 # go
 for kernel in ${kernels} ; do
 	check_kmods ${kernel}
 done
 # finished :)
 finally 0
--- a/SOURCES/akmods-keygen.target
+++ b/SOURCES/akmods-keygen.target
@ -0,0 +1,3 @@
 [Unit]
 Wants=akmods-keygen@.service
 PartOf=akmods.service
--- a/SOURCES/akmods-keygen@.service
+++ b/SOURCES/akmods-keygen@.service
@ -0,0 +1,11 @@
 [Unit]
 Description=Akmods Secure boot MOK Key Generation
 ConditionFileNotEmpty=|!/etc/pki/akmods/certs/public_key.der
 ConditionFileNotEmpty=|!/etc/pki/akmods/private/private_key.priv
 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/kmodgenca -a
 [Install]
 WantedBy=akmods-keygen.target
--- a/SOURCES/akmods-kmodgenca
+++ b/SOURCES/akmods-kmodgenca
@ -0,0 +1,151 @@
 #!/bin/bash
 #
 # kmodgenca - Helper script to create CA/Keypair to sign modules.
 # Copyright (c) 2017 Stanislas Leduc <stanislas.leduc@balinor.net>
 # Copyright (c) 2018-2019 Nicolas Viéville <nicolas.vieville@uphf.fr>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 MYPROG="kmodgenca"
 MYVER="0.5.7"
 FORCE_BUILD=0
 AUTOMATIC_BUILD=0
 AUTOMATIC_BUILD_OPTION=""
 myprog_help ()
 {
    echo "Build CA/Keypair to sign modules"
    echo $'\n'"Usage: ${MYPROG} [OPTIONS]"
    echo $'\n'"Options:"
    echo " -a, --auto          -- generate default values for cacert.config file without prompt"
    echo " -f, --force         -- build CA/Keypair even if there is already ones"
    echo " -h, --help          -- print usage"
    echo " -V, --version       -- show version"
 }
 # Parse command line options.
 #
 while [ "${1}" ] ; do
    case "${1}" in
 	-a|--auto)
 	    AUTOMATIC_BUILD=1
 	    shift
 	    ;;
 	-f|--force)
 	    FORCE_BUILD=1
 	    shift
 	    ;;
 	-h|--help)
 	    myprog_help
 	    exit 0
 	    ;;
 	-V|--version)
 	    echo "${MYPROG} ${MYVER}"
 	    exit 0
 	    ;;
 	*)
 	    echo "Error: Unknown option '${1}'." >&2
 	    myprog_help >&2
 	    exit 2
 	    ;;
    esac
 done
 # Exit early if cert and private key already exist and if FORCE_BUILD
 # is not equal to 1.
 #
 if $(readlink -e /etc/pki/akmods/certs/public_key.der &>/dev/null) && \
   $(readlink -e /etc/pki/akmods/private/private_key.priv &>/dev/null) && \
   [ ${FORCE_BUILD} -eq 0 ] ; then
    exit 0
 fi
 CACERT_CONFIG="/etc/pki/akmods/cacert.config"
 KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')"
 # Create cacert.config file with local values if AUTOMATIC_BUILD is set
 # or ask for values manually.
 #
 echo "Update cacert.config..."
 if [ ${AUTOMATIC_BUILD} -eq 1 ] ; then
    # Set OpenSSL fields values, comment default values and min/max ones.
    sed -e "s#\(0.organizationName *= \).*#\1$(hostname)#" \
        -e "s#\(organizationalUnitName *= \).*#\1$(hostname)#" \
 	-e "s#\(emailAddress *= \).*#\1akmods@$(hostname)#" \
 	-e "s#\(localityName *= \).*#\1None#" \
 	-e "s#\(stateOrProvinceName *= \).*#\1None#" \
 	-e "s#\(countryName *= \).*#\1$(locale country_ab2)#" \
 	-e "s#\(commonName *= \).*#\1$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')#" \
 	-e "s/^[^#]*_default *= /#&/" \
 	-e "s/^[^#]*_min/#&/" \
 	-e "s/^[^#]*_max/#&/" ${CACERT_CONFIG}.in > ${CACERT_CONFIG}
    AUTOMATIC_BUILD_OPTION=" -batch"
 else
    # Activate prompt directive.
    sed -e "s#\(prompt *= \).*#\1yes#" ${CACERT_CONFIG}.in > ${CACERT_CONFIG}
 fi
 KEY_SUFF="$(date "+%F_%T_%N")"
 # If cert and private key files names already exists, do not overwrite
 # them but save them.
 #
 if [[ -e /etc/pki/akmods/certs/${KEYNAME}.der ]] ; then
    # If the cert has already been loaded in MOK, add "already_enrolled"
    # to the suffix of the backup file.
    # `mokutil --help` fails if EFI variables are not supported on the
    # system. It is therefore impossible to test the presence of the key
    # in MOK, and then do not add special suffix to the backup file.
    #
    if $(which mokutil &> /dev/null) && $(mokutil --help &> /dev/null) && $(mokutil --test-key /etc/pki/akmods/certs/${KEYNAME}.der &> /dev/null) ; then
 	KEY_SUFF="${KEY_SUFF}_already_enrolled"
    fi
    mv /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/${KEYNAME}.der.${KEY_SUFF}.bak
    if [[ -e /etc/pki/akmods/private/${KEYNAME}.priv ]] ; then
 	mv /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/${KEYNAME}.priv.${KEY_SUFF}.bak
    fi
 fi
 echo "Generate new keypair..."
 sg akmods -c "
 umask 037
 openssl req -x509 -new -nodes -utf8 -sha256 -days 3650${AUTOMATIC_BUILD_OPTION} \
 -config ${CACERT_CONFIG} -outform DER \
 -out /etc/pki/akmods/certs/${KEYNAME}.der \
 -keyout /etc/pki/akmods/private/${KEYNAME}.priv
 "
 # Ensure that akmods group can read keys.
 #
 chmod g+r /etc/pki/akmods/certs/${KEYNAME}.*
 chmod g+r /etc/pki/akmods/private/${KEYNAME}.*
 # Sanitize permissions.
 #
 if [[ -x /usr/sbin/restorecon ]] ; then
    /usr/sbin/restorecon /etc/pki/akmods/certs/${KEYNAME}.der
    /usr/sbin/restorecon /etc/pki/akmods/private/${KEYNAME}.priv
 fi
 # Update symlink to use new keypair.
 #
 ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der
 ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv
 exit 0
--- a/SOURCES/akmods-ostree-post
+++ b/SOURCES/akmods-ostree-post
@ -0,0 +1,102 @@
 #!/bin/bash -
 ############################################################################
 #
 # akmods - Rebuilds and install akmod RPMs
 # Copyright (c) 2007, 2008 Thorsten Leemhuis <fedora@leemhuis.info>
 # Copyright (c) 2018 Nicolas Chauvet <kwizart@gmail.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 ############################################################################
 myprog="akmods-post"
 tmpdir=
 # Only do %post builds in ostree
 if ! grep -q OSTREE_VERSION= /etc/os-release && ! test -f /run/ostree-booted; then
 	exit 0
 fi
 kmodname=$1
 srpm=$2
 finally()
 {
 	# remove tmpfiles
 	remove_tmpdir
 	exit ${1:-128}
 }
 # Make sure finally() is run regardless of reason for exiting.
 trap "finally" ABRT HUP INT QUIT
 create_tmpdir()
 {
 	if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)/" ; then
 		echo "ERROR: failed to create tmpdir." >&2
 		finally 1
 	fi
 	if ! mkdir "${tmpdir}"results ; then
 		echo  "ERROR: failed to create result tmpdir." >&2
 		finally 1
 	fi
 }
 remove_tmpdir()
 {
 	# remove tmpfiles
 	if [[ -n "${tmpdir}" ]] && [[ -d "${tmpdir}" ]]; then
 		rm -rf "${tmpdir}"
 	fi
 }
 # This is an ostree build, so do build for all
 # deployed kernels in the %post
 kernels="$(ls /lib/modules)"
 create_tmpdir
 for kernel in ${kernels} ; do
 	echo "Building ${srpm} for kernel ${kernel}"
 	# Note: This builds as root, but this is pretty safe because its happening in the ostree %post sandbox.
 	#       In fact, given that /usr is a rofiles-fuse mount no other user can access /usr in this sandbox anyway.
 	akmodsbuild --quiet --kernels ${kernel} --outputdir ${tmpdir}results --logfile "${tmpdir}/akmodsbuild.log" "${srpm}"  2>&1
 	returncode=$?
 	if (( ! ${returncode} == 0 )); then
 		finally 1
 	fi
 done
 for f in $(find "${tmpdir}results" -type f -name '*.rpm' | grep -v debuginfo) ; do
 	rpm2cpio $f | cpio --quiet  -D / -id
 	returncode=$?
 	if (( ! ${returncode} == 0 )); then
 		echo "Extracting $f failed:" 2>&1
 		finally 1
 	fi
 done
 for kernel in ${kernels} ; do
   depmod -v ${kernel} 2>&1
 done
 finally 0
--- a/SOURCES/akmods-shutdown
+++ b/SOURCES/akmods-shutdown
@ -0,0 +1,31 @@
 #!/bin/bash
 #
 # akmods-shutdown - Helper script to build kernel modules on shutdown
 # Copyright (c) 2012 Richard shaw <hobbes1069@gmail.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 echo "Building modules for all installed kernels."
 for kernel in /usr/src/kernels/* ; do
 	kernel=$(basename $kernel)
 	/usr/sbin/akmods --kernels $kernel
 done
--- a/SOURCES/akmods-shutdown.service
+++ b/SOURCES/akmods-shutdown.service
@ -0,0 +1,14 @@
 [Unit]
 Description=Builds and install new kmods from akmod packages
 Before=shutdown.service reboot.service halt.service
 Conflicts=shutdown.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/bin/true
 ExecStop=-/usr/sbin/akmods-shutdown
 TimeoutStopSec=5min
 [Install]
 WantedBy=multi-user.target
--- a/SOURCES/akmods-tmpfiles.conf
+++ b/SOURCES/akmods-tmpfiles.conf
@ -0,0 +1,2 @@
 # See tmpfiles.d(5) for details
 d /run/akmods 0770 root akmods -
--- a/SOURCES/akmods.h2m
+++ b/SOURCES/akmods.h2m
@ -0,0 +1,12 @@
 [BUGS]
 https://bugzilla.rpmfusion.org/buglist.cgi?product=Fedora&component=akmods&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED
 [REPORTING BUGS]
 Submit a bug against the akmods component at:
 .br
 https://bugzilla.rpmfusion.org/enter_bug.cgi?product=Fedora
 [AUTHOR]
 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info>
 [MAINTAINER]
 Richard Shaw <hobbes1069 [AT] gmail [DOT] com>
 [SEE ALSO]
 http://rpmfusion.org/Packaging/KernelModules/Akmods
--- a/SOURCES/akmods.log
+++ b/SOURCES/akmods.log
@ -0,0 +1,8 @@
 /var/log/akmods/akmods.log {
    monthly
    rotate 12
    missingok
    notifempty
    create 644 root root
    su root akmods
 }
--- a/SOURCES/akmods.service.in
+++ b/SOURCES/akmods.service.in
@ -0,0 +1,14 @@
 [Unit]
 Description=Builds and install new kmods from akmod packages
 ConditionPathExists=!/run/ostree-booted
 Before=@SERVICE@
 After=akmods-keygen.target
 Wants=akmods-keygen.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/sbin/akmods --from-init
 [Install]
 WantedBy=multi-user.target
--- a/SOURCES/akmods@.service
+++ b/SOURCES/akmods@.service
@ -0,0 +1,12 @@
 [Unit]
 Description=Builds and install new kmods from akmod for a given kernel
 Wants=akmods-keygen.target
 After=akmods-keygen.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/bin/systemd-inhibit --mode=block --what=idle:sleep:shutdown --who="akmods" --why="Akmods Transaction running" /usr/sbin/akmods --from-kernel-posttrans --kernels %i
 [Install]
 WantedBy=multi-user.target
--- a/SOURCES/akmodsbuild
+++ b/SOURCES/akmodsbuild
@ -0,0 +1,358 @@
 #!/bin/bash
 #
 # akmodbuild - Helper script for building kernel module SRPMs
 # Copyright (c) 2007 Thorsten Leemhuis <fedora@leemhuis.info>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 myprog="akmodsbuild"
 myver="0.5.6"
 # defaults that might get overwritten by user:
 kernels="$(uname -r)"
 target="$(uname -m)"
 if [[ "${target}" == "armv7l" ]] ; then
 	target="armv7hl"
 fi
 numberofjobs=$(grep -c processor /proc/cpuinfo 2> /dev/null)
 verboselevel=2
 outputdir="${PWD}"
 srpms=
 init ()
 {
 	## startup checks
 	# prevent root-usage
 	if [[ -w /var ]] ; then
 		echo "ERROR: Not to be used as root; start as user or '${myprog}' instead." >&2
 		exit 1
 	fi
 	# do we have everything we need to build for the kernels in question?
 	for kernel in ${kernels}; do
 		if [[ ! -e /usr/src/kernels/${kernel}/Makefile ]] && [[ ! -e /usr/lib/modules/${kernel}/build/Makefile ]] ; then
 			echo "ERROR: Files needed for building modules against kernel" >&2
 			echo " ${kernel} could not be found as the following" >&2
 			echo " directories are missing:"
 			echo " /usr/src/kernels/${kernel}/" >&2
 			echo " /usr/lib/modules/${kernel}/build/" >&2
 			exit 2
 		fi
 	done
 	if [[ ! -n "${srpms}" ]] ; then
 		echo "ERROR: Please provide a list of SRPM-files to build."
 		exit 2
 	fi
 	# SRPMS available?
 	for srpm in ${srpms}; do
 		if [[ ! -r ${srpm} ]] ; then
 			echo "ERROR: Can't find SRPM ${srpm}"
 			exit 1
 		fi
 	done
 	# room to save things
 	if [[ ! -d "${outputdir}" ]] ; then
 		echo "ERROR: ${outputdir} is not a directory" >&2
 		exit 1
 	elif [[ ! -w "${outputdir}" ]] ; then
 		echo "ERROR: ${outputdir} is not a writable" >&2
 		exit 1
 	fi
 	# make sure this is a number
 	if ! (( ${numberofjobs} > 0 )) ; then
 		echo "Warning: using hardcoded defaut value for number of jobs"
 		numberofjobs=2
 	fi
 	## preparations
 	# tmpdir
 	if ! tmpdir="$(mktemp -d -p /tmp ${myprog}.XXXXXXXX)" ; then
 		echo "ERROR: Could create tempdir."
 		exit 1
 	fi
 	# buildtreee
 	mkdir "${tmpdir}"/{BUILD,SOURCES,SPECS,SRPMS,RPMS,RPMS/"${target}"}
 	# logfile
 	if [[ ! -n "${logfile}" ]] ; then
 		logfile="${tmpdir}/logfile"
 	fi
 	if ( [[ -e "${logfile}" ]] && [[ ! -w "${logfile}" ]] ) || ! touch "${logfile}" ; then
 		echo "ERROR: Could not write logfile."
 		finally
 		exit 1
 	fi
 }
 finally()
 {
 	# kill background jobs if needed
 	if [[ -n "${watch_jobid}" ]] ; then
 		kill "${watch_jobid}"
 	fi
 	if [[ -n "${rpmbuild_jobid}" ]] ; then
 		kill "${rpmbuild_jobid}"
 	fi
 	# remove tmpfiles
 	if [[ -d "${tmpdir}" ]] ; then
 		rm -rf "${tmpdir}"
 	fi
 }
 trap "finally" 2
 akmods_echo()
 {
 	# where to output
 	local this_fd=${1}
 	shift
 	# verboselevel
 	local this_verbose=${1}
 	shift
 	if [[ "${1}" == "--not-logfile" ]] ; then
 		local notlogfile=true
 		shift
 	fi
 	# output to console
 	if (( ${verboselevel} >= ${this_verbose} )) ; then
 		echo "$@" >&${this_fd}
 	fi
 	# global logfile
 	if [[ ! -n ${notlogfile} ]] ; then
 		echo "$@" >> "${logfile}"
 	fi
 }
 watch_rpmbuild()
 {
 	# background function to show rpmbuild progress
 	# does't use akmods_echo here; this stage handles the output on its own
 	# (seperate process and there is no need to log this)
 	if (( ${verboselevel} == 2 )) ; then
 		tail --pid ${1} -n +1 -s 0.1 -f ${2} 2>/dev/null | grep --line-buffered -e '%prep' -e '%build' -e '%install' -e '%clean' | while read line ; do
 			if [[ "${line}" != "${line##*prep}" ]] ; then
 				echo -n "prep "
 			elif [[ "${line}" != "${line##*build}" ]] ; then
 				echo -n "build "
 			elif [[ "${line}" != "${line##*install}" ]] ; then
 				echo -n "install "
 			elif [[ "${line}" != "${line##*clean}" ]] ; then
 				echo -n "clean; "
 				# last linefeed is done by the caller
 			fi
 		done
 	elif (( ${verboselevel} > 2 )) ; then
 		tail --pid ${1} -n +1 -s 0.1 -f ${2}
 	fi
 }
 process_srpm()
 {
 	local source_rpm="${1}"
 	# status info
 	akmods_echo 1 2 -n "* Rebuilding ${source_rpm} for kernel(s) ${kernels}: "
 	# kick off rebuild into background
 	/usr/bin/time --format='%x' --output="${tmpdir}/.jobexit" rpmbuild \
 		--define "_topdir     ${tmpdir}/" \
 		--define "_buildtree  ${tmpdir}/BUILD" \
 		--define "_specdir    ${tmpdir}/SPECS" \
 		--define "_sourcedir  ${tmpdir}/SOURCES" \
 		--define "_srcrpmdir  ${tmpdir}/SRPMS" \
 		--define "_rpmdir     ${tmpdir}/RPMS" \
 		--define "_smp_mflags -j${numberofjobs}" \
 		--define "kernels     ${kernels}" \
 		--target ${target} \
 		--rebuild "${source_rpm}" 2>&1 | tee -a "${logfile}" > "${tmpdir}/.joblog"  &
 	local rpmbuild_jobid=$!
 	# show progress
 	if (( ${verboselevel} >= 2 )) ; then
 		watch_rpmbuild ${rpmbuild_jobid} "${tmpdir}/.joblog" 2> /dev/null &
 		local watch_jobid=$!
 	fi
 	# wait for rpmbuild
 	wait ${rpmbuild_jobid}
 	local rpmbuild_returncode=$(tail -n 1 "${tmpdir}/.jobexit")
 	unset rpmbuild_jobid
 	# give watch_rpmbuild a moment to catch up; kill it if it does not
 	if (( ${verboselevel} >= 2 )) ; then
 		sleep 0.5
 		kill ${watch_jobid} &> /dev/null
 		unset watch_jobid
 	fi
 	# did rpmbuild succeed?
 	if (( ${rpmbuild_returncode} != 0 )) ; then
 		# linefeed:
 		akmods_echo 1 2 ""
 		akmods_echo 2 2 --not-logfile "rpmbuild failed with errorcode ${rpmbuild_returncode}; last 35 Lines of log:"
 		akmods_echo 2 2 --not-logfile "--- "
 		tail -n 35 "${tmpdir}/.joblog" >&2
 		akmods_echo 2 2  --not-logfile "---"
 		return ${rpmbuild_returncode}
 	fi
 	# finish status for watch_rpmbuild
 	if (( ${verboselevel} >= 2 )) ; then
 		akmods_echo 1 2 -n "Successfull; "
 	fi
 	local rpms_built="$(cd "${tmpdir}"/RPMS/"${target}" ; echo *)"
 	if ! mv "${tmpdir}/RPMS/${target}/"* "${outputdir}" ; then
 		# linefeed:
 		akmods_echo 1 2 ""
 		akmods_echo 2 2 "Failed to move ${tmpdir}/RPMS/${target}/"* "to ${outputdir}"
 		return 128
 	fi
 	if (( ${verboselevel} == 1 )) ; then
 		for rpm in ${rpms_built}; do
 			echo "${outputdir%%/}/${rpm}"
 		done
 	elif (( ${verboselevel} >= 2 )) ; then
 		akmods_echo 1 2  "Saved ${rpms_built} in ${outputdir%%/}/"
 	fi
 	# finished
 	return 0
 }
 myprog_help ()
 {
 	echo "Rebuilds kmod SRPM(s)"
 	echo $'\n'"Usage: ${myprog} [OPTIONS] <SRPMS>"
 	echo $'\n'"Options:"
 	echo " -k, --kernels         -- build for kernel-versions (output from 'uname -r')"
 	echo " -l, --logfile <file>  -- save rpmbuild output to <file>"
 	echo " -o, --outputdir <dir> -- save rpms and logs here (current directory)"
 	echo " -t, --target          -- target-arch (output from 'uname -m')"
 	echo " -v, --verbose         -- increase verboseness"
 	echo " -q, --quiet           -- be more quiet"
 	echo " -h, --help            -- show usage"
 	echo " -V, --version         -- show version"
 }
 while [ "${1}" ] ; do
 	case "${1}" in
 		-k|--kernels)
 			shift
 			if [[ ! -n "${1}" ]] ; then
 				echo "ERROR: Please provide kernel-version(s) to build for together with --kernel" >&2
 				exit 1
 			fi
 			kernels="${1}"
 			shift
 			;;
 		-l|--logfile)
 			shift
 			if [[ ! -n "${1}" ]] ; then
 				echo "ERROR: Please provide a filename together with --logfile" >&2
 				exit 1
 			fi
 			logfile="${1}"
 			shift
 			;;
 		-o|--outputdir)
 			shift
 			if [[ ! -n "${1}" ]] ; then
 				echo "ERROR: Please provide the output directory together with --outputdir" >&2
 				exit 1
 			fi
 			outputdir="${1}"
 			shift
 			;;
 		-t|--target)
 			shift
 			if [[ ! -n "${1}" ]] ; then
 				echo "ERROR: Please provide the target-arch together with --target" >&2
 				exit 1
 			fi
 			target="${1}"
 			shift
 			;;
 		-v|--verbose)
 			let verboselevel++
 			shift
 			;;
 		-q|--quiet)
 			let verboselevel--
 			shift
 			;;
 		-h|--help)
 			myprog_help
 			exit 0
 			;;
 		-V|--version)
 			echo "${myprog} ${myver}"
 			exit 0
 			;;
 		--*)
 			echo "Error: Unknown option '${1}'." >&2
 			myprog_help >&2
 			exit 2
 			;;
 		*)
 			srpms="${srpms} ${1}"
 			shift
 			;;
 	esac
 done
 # sanity checks
 init
 # go
 for srpm in ${srpms}; do
 	process_srpm ${srpm}
 	returncode=$?
 	if (( ${returncode} != 0 )) ; then
 		finally
 		exit ${returncode}
 	fi
 done
 # finished
 finally
 exit 0
--- a/SOURCES/akmodsposttrans
+++ b/SOURCES/akmodsposttrans
@ -0,0 +1,47 @@
 #!/bin/bash -
 #
 # akmodposttrans - Calls akmods for newly installed kernels
 #
 # Copyright (c) 2009 Thorsten Leemhuis <fedora@leemhuis.info>
 # Copyright (c) 2017 Nicolas Chauvet <kwizart@gmail.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 # distribute, sublicense, and/or sell copies of the Software, and to
 # permit persons to whom the Software is furnished to do so, subject to
 # the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 # just check in case a user calls this directly
 if [[ ! -w /var ]] ; then
 	echo "Needs to run as root to be able to install rpms." >&2
 	exit 4
 fi
 # needs to run in background as rpmdb might be locked otherwise
 if [ -e /bin/systemctl ] ; then
 	# Exit early if system-update.target is active - rhbz#1518401
 	/bin/systemctl is-active system-update.target &>/dev/null
 	RET=$?
 	[ $RET == 0 ] && exit 0
 	/bin/systemctl restart akmods@${1}.service --no-block >/dev/null 2>&1
 else
 	nohup /usr/sbin/akmods --from-kernel-posttrans --kernels ${1} > /dev/null 2>&1 &
 fi
 exit 0
--- a/SOURCES/cacert.config.in
+++ b/SOURCES/cacert.config.in
@ -0,0 +1,41 @@
 # Default OpenSSL settings and configuration file for kmodgenca
 # shell-script.
 #
 [ req ]
 default_bits                    = 4096
 distinguished_name              = req_distinguished_name
 prompt                          = no
 utf8                            = yes
 string_mask                     = utf8only
 x509_extensions                 = req_exts
 [ req_distinguished_name ]
 # Values settings
 #
 0.organizationName              = Organization Name (eg, company)
 organizationalUnitName          = Organizational Unit Name (eg, section)
 emailAddress                    = Email Address
 emailAddress_max                = 64
 localityName                    = Locality Name (eg, city)
 stateOrProvinceName             = State or Province Name (full name)
 countryName                     = Country Name (2 letter code)
 countryName_min                 = 2
 countryName_max                 = 2
 commonName                      = Common Name (eg, your name or your server\'s hostname)
 commonName_max                  = 64
 # Default values
 #
 0.organizationName_default      = akmods local
 organizationalUnitName_default  = akmods
 emailAddress_default            = akmods@localhost.localdomain
 localityName_default            = None
 stateOrProvinceName_default     = None
 countryName_default             = XX
 commonName_default              = akmods local signing CA
 [ req_exts ]
 basicConstraints                = critical,CA:FALSE
 keyUsage                        = digitalSignature
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid
--- a/SPECS/akmods.spec
+++ b/SPECS/akmods.spec
@ -0,0 +1,419 @@
 Name:           akmods
 Version:        0.5.7
 Release:        8%{?dist}
 Summary:        Automatic kmods build and install tool
 License:        MIT
 URL:            http://rpmfusion.org/Packaging/KernelModules/Akmods
 # We are upstream, these files are maintained directly in pkg-git
 Source0:        95-akmods.preset
 Source1:        akmods
 Source2:        akmodsbuild
 Source3:        akmods.h2m
 Source5:        akmodsposttrans
 Source6:        akmods.service.in
 Source7:        akmods-shutdown
 Source8:        akmods-shutdown.service
 Source9:        README
 Source10:       LICENSE
 Source11:       akmods@.service
 Source12:       akmods-ostree-post
 Source13:       95-akmodsposttrans.install
 Source14:       akmods.log
 Source15:       README.secureboot
 Source16:       cacert.config.in
 Source17:       akmods-kmodgenca
 Source18:       akmods-keygen.target
 Source19:       akmods-keygen@.service
 Source20:       %{name}-tmpfiles.conf
 BuildArch:      noarch
 BuildRequires:  help2man
 # not picked up automatically
 %if 0%{?rhel} == 6
 Requires:       %{_bindir}/nohup
 %endif
 Requires:       %{_bindir}/flock
 Requires:       %{_bindir}/time
 # needed for actually building kmods:
 Requires:       %{_bindir}/rpmdev-vercmp
 Requires:       kmodtool >= 1.1-1
 # needed to create CA/Keypair to sign modules
 Requires:       openssl
 # this should track in all stuff that is normally needed to compile modules:
 Requires:       bzip2 coreutils diffutils file findutils gawk gcc grep
 Requires:       gzip make sed tar unzip util-linux which rpm-build
 # On EL, kABI list was renamed
 %if 0%{?rhel}
 %if 0%{?rhel} >= 8
 Requires:       (kernel-abi-stablelists or kernel-abi-whitelists)
 %else
 Requires:       kernel-abi-whitelists
 %endif
 %endif
 %if 0%{?fedora} || 0%{?rhel} > 7
 # We use a virtual provide that would match either
 # kernel-devel or kernel-PAE-devel
 Requires:       kernel-devel-uname-r
 # kernel-devel-matched enforces the same kernel version as the -devel
 %if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
 Requires:       (kernel-debug-devel-matched if kernel-debug-core)
 Requires:       (kernel-devel-matched if kernel-core)
 Requires:       (kernel-lpae-devel-matched if kernel-lpae-core)
 %else
 Suggests:       (kernel-debug-devel if kernel-debug)
 Suggests:       (kernel-devel if kernel)
 Suggests:       (kernel-lpae-devel if kernel-lpae)
 %endif
 Suggests:       (kernel-PAE-devel if kernel-PAE)
 Suggests:       (kernel-PAEdebug-devel if kernel-PAEdebug)
 # Theses are from planetccrma-core or rhel-7-server-rt-rpms
 Suggests:       (kernel-rt-devel if kernel-rt)
 Suggests:       (kernel-rtPAE-devel if kernel-rtPAE)
 %else
 # There is no much variant there, so using a sane default
 Requires:       kernel-devel
 %endif
 # we create a special user that used by akmods to build kmod packages
 Requires(pre):  shadow-utils
 # systemd unit requirements.
 BuildRequires:  systemd
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 # Optional but good to have on recent kernel
 Requires: pkgconfig(libelf)
 %description
 Akmods startup script will rebuild akmod packages during system
 boot, while its background daemon will build them for kernels right
 after they were installed.
 %prep
 %setup -q -c -T
 cp -p %{SOURCE9} %{SOURCE10} %{SOURCE15} .
 %build
 # Nothing to build
 %install
 mkdir -p %{buildroot}%{_usrsrc}/%{name} \
         %{buildroot}%{_sbindir} \
         %{buildroot}%{_sysconfdir}/rpm \
         %{buildroot}%{_sysconfdir}/pki/%{name}/certs \
         %{buildroot}%{_sysconfdir}/pki/%{name}/private \
         %{buildroot}%{_sysconfdir}/kernel/postinst.d \
         %{buildroot}%{_sysconfdir}/logrotate.d \
         %{buildroot}%{_localstatedir}/cache/%{name} \
         %{buildroot}%{_localstatedir}/log/%{name} \
         %{buildroot}%{_tmpfilesdir}
 install -pm 0755 %{SOURCE1} %{buildroot}%{_sbindir}/
 install -pm 0755 %{SOURCE2} %{buildroot}%{_sbindir}/
 install -pm 0755 %{SOURCE12} %{buildroot}%{_sbindir}/
 install -pm 0755 %{SOURCE5} %{buildroot}%{_sysconfdir}/kernel/postinst.d/
 install -pm 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 install -pm 0640 %{SOURCE16} %{buildroot}%{_sysconfdir}/pki/%{name}/
 install -pm 0755 %{SOURCE17} %{buildroot}%{_sbindir}/kmodgenca
 install -pm 0644 %{SOURCE20} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 install -dpm 0770 %{buildroot}%{_rundir}/%{name}/
 mkdir -p %{buildroot}%{_prefix}/lib/kernel/install.d
 install -pm 0755 %{SOURCE13} %{buildroot}%{_prefix}/lib/kernel/install.d/
 mkdir -p \
         %{buildroot}%{_unitdir} \
         %{buildroot}%{_presetdir}
 sed "s|@SERVICE@|display-manager.service|" %{SOURCE6} >\
    %{buildroot}%{_unitdir}/akmods.service
 install -pm 0644 %{SOURCE0} %{buildroot}%{_presetdir}/
 install -pm 0755 %{SOURCE7} %{buildroot}%{_sbindir}/
 install -pm 0644 %{SOURCE8} %{buildroot}%{_unitdir}/
 install -pm 0644 %{SOURCE11} %{buildroot}%{_unitdir}/
 install -pm 0644 %{SOURCE18} %{buildroot}%{_unitdir}/
 install -pm 0644 %{SOURCE19} %{buildroot}%{_unitdir}/
 # Generate and install man pages.
 mkdir -p %{buildroot}%{_mandir}/man1
 help2man -N -i %{SOURCE3} -s 1 \
    -o %{buildroot}%{_mandir}/man1/akmods.1 \
       %{buildroot}%{_sbindir}/akmods
 help2man -N -i %{SOURCE3} -s 1 \
    -o %{buildroot}%{_mandir}/man1/akmodsbuild.1 \
       %{buildroot}%{_sbindir}/akmodsbuild
 %pre
 # create group and user
 getent group akmods >/dev/null || groupadd -r akmods
 getent passwd akmods >/dev/null || \
 useradd -r -g akmods -d /var/cache/akmods/ -s /sbin/nologin \
    -c "User is used by akmods to build akmod packages" akmods
 %post
 %systemd_post akmods.service
 %systemd_post akmods@.service
 %systemd_post akmods-shutdown.service
 %preun
 %systemd_preun akmods.service
 %systemd_preun akmods@.service
 %systemd_preun akmods-shutdown.service
 %postun
 %systemd_postun akmods.service
 %systemd_postun akmods@.service
 %systemd_postun akmods-shutdown.service
 %files
 %doc README README.secureboot
 %license LICENSE
 %{_sbindir}/akmodsbuild
 %{_sbindir}/akmods
 %{_sbindir}/akmods-ostree-post
 %{_sbindir}/kmodgenca
 %dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/certs
 %dir %attr(750,root,akmods) %{_sysconfdir}/pki/%{name}/private
 %config(noreplace) %attr(640,root,akmods) %{_sysconfdir}/pki/%{name}/cacert.config.in
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %{_sysconfdir}/kernel/postinst.d/akmodsposttrans
 %{_unitdir}/akmods.service
 %{_unitdir}/akmods@.service
 %{_sbindir}/akmods-shutdown
 %{_unitdir}/akmods-shutdown.service
 %{_prefix}/lib/kernel/install.d/95-akmodsposttrans.install
 %attr(0644,root,root) %{_unitdir}/akmods-keygen.target
 %attr(0644,root,root) %{_unitdir}/akmods-keygen@.service
 %dir %attr(0770,root,akmods) %{_rundir}/%{name}
 %{_tmpfilesdir}/%{name}.conf
 # akmods was enabled in the default preset by f28
 %if 0%{?rhel}
 %{_presetdir}/95-akmods.preset
 %else
 %exclude %{_presetdir}/95-akmods.preset
 %endif
 %{_usrsrc}/akmods
 %dir %attr(-,akmods,akmods) %{_localstatedir}/cache/akmods
 %dir %attr(0775,root,akmods) %{_localstatedir}/log/%{name}
 %{_mandir}/man1/*
 %changelog
 * Wed Jun 05 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 0.5.7-8
 - Rebuilt for MSVSphere 9.4
 * Wed May 04 2022 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-8
 - Fix logrotate permission access to /var/log/akmods directory - rhbz#2078490
 - Rename logrotate config file
 * Wed Mar 09 2022 Timothée Ravier <tim@siosm.fr> - 0.5.7-7
 - Use 'Require' instead of 'Suggest' for kernel*-devel packages.
 * Thu Jan 27 2022 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.7-6
 - Adapt usage of lockfile to systemd-tmpfiles
 - Re-locate akmods logs in /var/log
 * Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.5.7-5
 - Use kernel*-core variants in conditional Suggests
 * Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Mon Dec 20 2021 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-3
 - Drop perl-interpeter
 - Drop akmodsinit
 - Only use preset on rhel
 - kernel-devel-matched support
  see also https://src.fedoraproject.org/rpms/akmods/pull-request/7
 * Fri Dec 10 2021 Nicolas Chauvet <kwizart@gmail.com> - 0.5.7-2
 - Bump kmodtool requirement
 - Rename kABI list
 - Drop EL6 support
 - Switch to distro agnostic deps
 * Fri Oct 22 2021 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.7-1
 - Add local akmods CA signing keys and support tools to sign modules for
  Secure boot thanks to Stanislas Leduc <stanislas.leduc@balinor.net>
 - Add akmods-keygen service to generate MOK key pair on first run
 * Fri Oct 22 2021 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-29
 - Remove trailing spaces and clean-up
 - Use %%{name} when possible
 - Convert if statement from "[!] $variable" to "[!] -n $variable"
 - Fix kernel list build when parsing command line options
 - Ensure to build for grub default kernel
 - Improve detection of already installed (weak-)modules in akmods (RHEL)
 - akmods uses logrotate and clean-up /var/cache/akmods sub-directories of
  old logs and rpm files from no more installed kmod packages
  (rhbz #1542658).
 * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-28
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-26
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Nov 20 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-24
 - Check kernel presence differently for systemd-boot machines - rhbz#1769144
 * Wed Oct 16 2019 Leigh Scott <leigh123linux@googlemail.com> - 0.5.6-23
 - Add requires kernel-abi-whitelists for RHEL
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-22
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Mon May 20 2019 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-21
 - Add check for rhel8
 * Wed May 15 2019 Nicolas Viéville <nicolas.vieville@uphf.fr> - 0.5.6-20
 - Fix akmodsposttrans after kernel update/install on Fedora >= 28 and
  RHEL >= 7 - rhbz#1709055
 * Thu Feb 28 2019 Alexander Larsson <alexl@redhat.com> - 0.5.6-19
 - Support ostree/silverblue builds - rhbz#1667014
 * Thu Feb 28 2019 Hans de Goede <hdegoede@redhat.com>
 - Do not fail when the old initscripts pkg is not installed - rhbz#1680121
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-18
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Mon Nov 05 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-17
 - Don't enforce target arch - rhbz#1644430
 - Rework log file path
 - Avoid using /usr/lib/modules for el6 compat
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-16
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Mon Mar 26 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-15
 - Add inihibitor for akmods@.service
 - Use restart on akmodsposttrans
 * Mon Mar 26 2018 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-14
 - Switch to always retry by default
 - Drop akmods preset by f28
 - Don't enable service on ah
 - Test a rw directory
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Dec 13 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-12
 - Update kernel posttrans method - rhbz#1518401
 * Thu Aug 03 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-11
 - Rework kernel-devel requires on el
 * Thu Aug 03 2017 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-10
 - Enable suggests on fedora
 - Add back el6 support in spec
 - Add Requires elfutils-libelf-devel
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.6-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 0.5.6-8
 - perl dependency renamed to perl-interpreter
  <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
 * Thu May  4 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-7
 - "udevadm trigger" may have bad side-effects (rhbz#454407) instead
  look for modalias files under /sys/devices and call modprobe directly
 - Fix exit status when no akmod packages are installed, so that systemd
  does not consider the akmods.service as having failed to start
 * Wed May  3 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-6
 - Run "udevadm trigger" and "systemctl restart systemd-modules-load.service"
  when new kmod packages have been build and installed so that the new
  modules may be used immediately without requiring a reboot
 * Mon Mar  6 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-5
 - Add LICENSE file (rhbz#1422918)
 * Fri Feb 24 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-4
 - Replace %%{_prefix}/lib/systemd/system-preset with %%{_presetdir}
 * Thu Feb 16 2017 Hans de Goede <hdegoede@redhat.com> - 0.5.6-3
 - Submit to Fedora for package review
 * Mon Nov 28 2016 Nicolas Chauvet <kwizart@gmail.com> - 0.5.6-2
 - Use Suggests kernel-devel weak-dependency - see rfbz#3386
 * Fri Oct 14 2016 Richard Shaw <hobbes1069@gmail.com> - 0.5.6-1
 - Disable shutdown systemd service file by default.
 - Remove modprobe line from main service file.
 * Wed Aug 17 2016 Sérgio Basto <sergio@serjux.com> - 0.5.4-3
 - New release
 * Sun Jan 03 2016 Nicolas Chauvet <kwizart@gmail.com> - 0.5.4-2
 - Revert conflicts kernel-debug-devel
 * Thu Jul 23 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.4-1
 - Do not mark a build as failed when only installing the RPM fails.
 - Run akmods-shutdown script instead of akmods on shutdown.
 - Add systemd preset file to enable services by default.
 * Wed Jul 15 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.3-2
 - Add package conflicts to stop pulling in kernel-debug-devel, fixes BZ#3386.
 - Add description for the formatting of the <kernel> parameter, BZ#3580.
 - Update static man pages and clean them up.
 - Fixed another instance of TMPDIR causing issues.
 - Added detection of dnf vs yum to akmods, fixed BZ#3481.
 * Wed Apr  1 2015 Richard Shaw <hobbes1069@gmail.com> - 0.5.2-1
 - Fix temporary directory creation when TMPDIR environment variable is set,
  fixes BZ#2596.
 - Update systemd scripts to use macros.
 - Fix akmods run on shutdown systemd unit file, fixes BZ#3503.
 * Sun Nov 16 2014 Nicolas Chauvet <kwizart@gmail.com> - 0.5.1-4
 - Fix akmods on armhfp - rfbz#3117
 - Use yum instead of rpm to install packages - rfbz#3350
  Switch to a better date format
 * Fri Jan 11 2013 Richard Shaw <hobbes1069@gmail.com> - 0.5.1-3
 - Really fix akmods.service.in.
 * Fri Jun 01 2012 Richard Shaw <hobbes1069@gmail.com> - 0.5.1-2
 - Add service file to run again on shutdown.
 - Add conditional for Fedora 18 to specify correct systemd graphical service.
 * Thu Apr 12 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.0-4
 - Rebuilt
 * Tue Mar 20 2012 Richard Shaw <hobbes1069@gmail.com> - 0.4.0-3
 - Add additional error output if the needed kernel development files are not
  installed. (Fixes #561)
 * Mon Mar 05 2012 Richard Shaw <hobbes1069@gmail.com> - 0.4.0-2
 - Remove remaining references to previous Fedora releases
 - Remove legacy SysV init script from CVS.
 - Added man page for akmods and cleaned up man page for akmodsbuild.
 * Tue Feb 07 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.0-1
 - Update for UsrMove support
 - Remove unused references to older fedora
 - Change Requires from kernel-devel to kernel-devel-uname-r
		`@ -0,0 +1,2 @@`
							`# See tmpfiles.d(5) for details`
							`d /run/akmods 0770 root akmods -`