miércoles, 21 de enero de 2015

Supporting a kernel module on SUSE - Solid Driver Program

SUSE Solid Driver Program

You probably want to support your kernel module on SUSE, to successfully achieve that goal you can contact a SUSE representative.

In short you just need a flag added to your kernel module, there are two easy methods that I can't expose unfortunatly but Your mod info will look like this:

sles-ec2:/usr/src/zncryptfs-3.4.2 # modinfo zncryptfs.ko
filename:       zncryptfs.ko
suse_support_flag:      value_of_suse_support_tag
license:        GPL v2
description:    zncryptfs (v3.4.2-1024)
author:         Sergio Pena <sergio.pena@cloudera.com>
srcversion:     C061C84F42263E55560266A
vermagic:       3.0.101-0.7.17-ec2 SMP mod_unload modversions Xen
parm:           zncryptfs_stats_enabled:Enable data statistics (int)
parm:           zncryptfs_acl_cache_size:Set ACL cache size (int)
parm:           zncryptfs_acl_verbose:Display more information on an access denied (int)
parm:           zncryptfs_debug:Display debug information (int)
sles-ec2:/usr/src/zncryptfs-3.4.2 #

The tainted kernel flag will still be dirty, but SUSE engineers will know how to deal with that and if there is an error caused by your kernel module, then they will let you know:

sles-ec2:/usr/src/zncryptfs-3.4.2 # cat /proc/sys/kernel/tainted

You can find all information about this program at:




P.S. You can create your own flag

martes, 20 de enero de 2015

Building a kernel module on SLES 11 SP3

Building a kernel module on SLES 11 SP3

In this example I am using zncryptfs kernel module from Cloudera/Gazzang repo.

[root@hive-1 ~]# zypper install zncrypt-kernel-module

This will ask you to install a kernel module that doesn’t have the ‘dkms’ dependency, we will install the kernel module breaking that dependency:

Problem: nothing provides dkms needed by zncrypt-kernel-module-3.4.2_SLES11-1024.x86_64
Solution 1: do not install zncrypt-kernel-module-3.4.2_SLES11-1024.x86_64
Solution 2: break zncrypt-kernel-module-3.4.2_SLES11-1024.x86_64 by ignoring some of its dependencies

Choose from above solutions by number or cancel [1/2/c] (c): 2

Select option 2.

3.1.2 Update to the latest kernel module

Update the kernel:
hive-ne-SLES-1:~ # zypper install -y kernel-default
Several operations

Then reboot; the kernel version should be updated after reboot.

hive-ne-SLES-1:~ # uname -r

kernel module needs to be build manually 
First requirement to build the kernel module is to have the kernel headers installed, to install them check the kernel version and install its kernel headers accordingly:

hive-ne-SLES-1:~ #zypper install -y kernel-default-devel
Several operations

Once the kernel headers are installed you will see the include files at /usr/src/linux-3.0.101-0.40/include; then go to the zncrypt kernel module source code directory to build it.

hive-ne-SLES-1:~ # cd /usr/src/zncryptfs-3.4.2/

You may have the following error message:
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # make
Searching known bugs on kernel...
make -C /lib/modules/3.0.101-0.40-default/build M=/usr/src/zncryptfs-3.4.2 modules
make: *** /lib/modules/3.0.101-0.40-default/build: No such file or directory.  Stop.
make: *** [all] Error 2
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 #

To fix previous error create a symlink from /lib/modules/$(uname -r)/build to the x86_64 obj headers directory, then execute again make

hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # ln -s /usr/src/linux-3.0.101-0.40-obj/x86_64/default/ /lib/modules/$(uname -r)/build
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # make
Searching known bugs on kernel...
make -C /lib/modules/3.0.101-0.40-default/build M=/usr/src/zncryptfs-3.4.2 modules
make[1]: Entering directory `/usr/src/linux-3.0.101-0.40-obj/x86_64/default'
make -C ../../../linux-3.0.101-0.40 O=/usr/src/linux-3.0.101-0.40-obj/x86_64/default/. modules
 CC [M]  /usr/src/zncryptfs-3.4.2/main.o
 CC [M]  /usr/src/zncryptfs-3.4.2/hooks.o
 CC [M]  /usr/src/zncryptfs-3.4.2/messaging.o
 CC [M]  /usr/src/zncryptfs-3.4.2/auth.o
 CC [M]  /usr/src/zncryptfs-3.4.2/acl.o
 CC [M]  /usr/src/zncryptfs-3.4.2/profile.o
 CC [M]  /usr/src/zncryptfs-3.4.2/stats.o
 CC [M]  /usr/src/zncryptfs-3.4.2/procfs.o
 CC [M]  /usr/src/zncryptfs-3.4.2/timeconv.o
 CC [M]  /usr/src/zncryptfs-3.4.2/debug.o
 LD [M]  /usr/src/zncryptfs-3.4.2/zncryptfs.o
 Building modules, stage 2.
 MODPOST 1 modules
 CC      /usr/src/zncryptfs-3.4.2/zncryptfs.mod.o
 LD [M]  /usr/src/zncryptfs-3.4.2/zncryptfs.ko
make[1]: Leaving directory `/usr/src/linux-3.0.101-0.40-obj/x86_64/default'
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 #

At this point the kernel module is build you can see it at /usr/src/zncryptfs-3.4.2/zncryptfs.ko

3.1.3 Load the module

hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # depmod -a
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # modprobe zncryptfs
FATAL: Module zncryptfs not found.
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 #

That error means that the kernel module is not part of the modules of the current kernel $(uname -r).

To fix that a symlink needs to be created to point to this kernel module or it can be copied.

hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # ln -s /usr/src/zncryptfs-3.4.2/zncryptfs.ko /lib/modules/$(uname -r)/
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # depmod -a
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # modprobe zncryptfs
FATAL: module '/lib/modules/3.0.101-0.8-default/zncryptfs.ko' is unsupported
Use --allow-unsupported or set allow_unsupported_modules to 1 in
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 #

This is the last error we might see, it refers that the policy to allow unsupported modules, just change the variable of the config file as indicated (set allow_unsupported_modules to 1) :

hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # vi /etc/modprobe.d/unsupported-modules

Then run:

hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # depmod -a
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # modprobe zncryptfs
hive-ne-SLES-1:/usr/src/zncryptfs-3.4.2 # lsmod | grep zncrypt
zncryptfs              82143  0

The module is loaded and ready to be used

P.S. There is a Queen that has her own flag

jueves, 15 de enero de 2015

Install gpgme-devel on redhat 7

4 commands are needed:

Need to install rpmforce and gpgme03-devel

# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

# rpm -Uvh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

# wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

# rpm --import RPM-GPG-KEY.dag.txt

# yum install gpgme03-devel

Executing those commands you get:

[root@rhel7 navencrypt]# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
--2015-01-15 09:27:57--  http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
Resolving pkgs.repoforge.org (pkgs.repoforge.org)...
Connecting to pkgs.repoforge.org (pkgs.repoforge.org)||:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://rpmforge.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm [following]
--2015-01-15 09:27:57--  http://rpmforge.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
Resolving rpmforge.sw.be (rpmforge.sw.be)...
Connecting to rpmforge.sw.be (rpmforge.sw.be)||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://tree.repoforge.org/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm [following]
--2015-01-15 09:27:58--  http://tree.repoforge.org/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
Resolving tree.repoforge.org (tree.repoforge.org)...
Connecting to tree.repoforge.org (tree.repoforge.org)||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://apt.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm [following]
--2015-01-15 09:27:58--  http://apt.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
Resolving apt.sw.be (apt.sw.be)...
Connecting to apt.sw.be (apt.sw.be)||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12520 (12K) [application/x-redhat-package-manager]
Saving to: ‘rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm’

100%[==========================================================================================================================================================================================================================================>] 12,520      39.9KB/s   in 0.3s  

2015-01-15 09:27:59 (39.9 KB/s) - ‘rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm’ saved [12520/12520]

[root@rhel7 navencrypt]# rpm -Uvh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
warning: rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:rpmforge-release-0.5.3-1.el7.rf  ################################# [100%]
[root@rhel7 navencrypt]# wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
--2015-01-15 09:28:17--  http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
Resolving dag.wieers.com (dag.wieers.com)...
Connecting to dag.wieers.com (dag.wieers.com)||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://dag.wiee.rs/rpm/packages/RPM-GPG-KEY.dag.txt [following]
--2015-01-15 09:28:17--  http://dag.wiee.rs/rpm/packages/RPM-GPG-KEY.dag.txt
Resolving dag.wiee.rs (dag.wiee.rs)...
Connecting to dag.wiee.rs (dag.wiee.rs)||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://apt.sw.be/RPM-GPG-KEY.dag.txt [following]
--2015-01-15 09:28:18--  http://apt.sw.be/RPM-GPG-KEY.dag.txt
Resolving apt.sw.be (apt.sw.be)...
Connecting to apt.sw.be (apt.sw.be)||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1672 (1.6K) [text/plain]
Saving to: ‘RPM-GPG-KEY.dag.txt’

100%[==========================================================================================================================================================================================================================================>] 1,672       --.-K/s   in 0s     

2015-01-15 09:28:18 (179 MB/s) - ‘RPM-GPG-KEY.dag.txt’ saved [1672/1672]

[root@rhel7 navencrypt]# rpm --import RPM-GPG-KEY.dag.txt
[root@rhel7 navencrypt]# yum search gpgme-devel
Loaded plugins: amazon-id, rhui-lb
Warning: No matches found for: gpgme-devel
No matches found
[root@rhel7 navencrypt]# yum search gpg
Loaded plugins: amazon-id, rhui-lb
================================================================================================================================= N/S matched: gpg =================================================================================================================================
kgpg.x86_64 : Manage GPG encryption keys
gpgme.i686 : GnuPG Made Easy - high level crypto API
gpgme03-devel.x86_64 : Static libraries and header files from GPGME, GnuPG Made Easy
libgpg-error.i686 : Library for error values used by GnuPG components
libgpg-error-devel.i686 : Development files for the libgpg-error package
libgpg-error-devel.x86_64 : Development files for the libgpg-error package
mingw32-libgpg-error.noarch : MinGW Windows libgpg-error compression library for the win32 target
mingw32-libgpg-error-static.noarch : Static library for mingw32-libgpg-error development
mingw64-libgpg-error.noarch : MinGW Windows libgpg-error compression library for the win64 target
mingw64-libgpg-error-static.noarch : Static library for mingw64-libgpg-error development
perl-Crypt-GPG.noarch : Object Oriented Interface to GnuPG
gpgme.x86_64 : GnuPG Made Easy - high level crypto API
gpgme03.x86_64 : GnuPG Made Easy
libgpg-error.x86_64 : Library for error values used by GnuPG components
nasty.x86_64 : Recover the passphrase of a PGP or GPG key
perl-Crypt-RSA.noarch : RSA public-key cryptosystem
perl-GnuPG-Interface.noarch : Perl interface to GnuPG
perl-Mail-GPG.noarch : Handling of GnuPG encrypted / signed mails
perl-Mail-GnuPG.noarch : Process email with GPG
pygpgme.x86_64 : Python module for working with OpenPGP messages
python-GnuPGInterface.noarch : A Python module to interface with GnuPG
python-pgpdump.noarch : PGP packet parser library in Python 2.x
seahorse.x86_64 : A GNOME application for managing encryption keys
thunderbird-enigmail.x86_64 : Authentication and encryption extension for Mozilla Thunderbird

  Name and summary matches only, use "search all" for everything.
[root@rhel7 navencrypt]# yum install gpgme03-devel
Loaded plugins: amazon-id, rhui-lb
Resolving Dependencies
--> Running transaction check
---> Package gpgme03-devel.x86_64 0:0.3.16-1.el6.rf will be installed
--> Processing Dependency: gpgme03 = 0.3.16 for package: gpgme03-devel-0.3.16-1.el6.rf.x86_64
--> Processing Dependency: libgpgme.so.6()(64bit) for package: gpgme03-devel-0.3.16-1.el6.rf.x86_64
--> Running transaction check
---> Package gpgme03.x86_64 0:0.3.16-1.el6.rf will be installed
--> Finished Dependency Resolution

Dependencies Resolved

 Package                                                              Arch                                                          Version                                                                   Repository                                                       Size
 gpgme03-devel                                                        x86_64                                                        0.3.16-1.el6.rf                                                           rpmforge                                                        119 k
Installing for dependencies:
 gpgme03                                                              x86_64                                                        0.3.16-1.el6.rf                                                           rpmforge                                                        161 k

Transaction Summary
Install  1 Package (+1 Dependent package)

Total size: 280 k
Installed size: 792 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : gpgme03-0.3.16-1.el6.rf.x86_64                                                                                                                                                                                                                                   1/2
  Installing : gpgme03-devel-0.3.16-1.el6.rf.x86_64                                                                                                                                                                                                                             2/2
  Verifying  : gpgme03-devel-0.3.16-1.el6.rf.x86_64                                                                                                                                                                                                                             1/2
  Verifying  : gpgme03-0.3.16-1.el6.rf.x86_64                                                                                                                                                                                                                                   2/2

  gpgme03-devel.x86_64 0:0.3.16-1.el6.rf                                                                                                                                                                                                                                           

Dependency Installed:
  gpgme03.x86_64 0:0.3.16-1.el6.rf                                                                                                                                                                                                                                                 

[root@rhel7 navencrypt]#

P.S. Libya and Burma changed their flags recently