On Fri, Oct 21, 2022 at 03:11:27PM +0200, Marco d'Itri wrote:

Hi,

> > I thought --ignore-install was completely broken, but no, because without 
> > it, the output contains *more* "install" lines:
> What you are actually seeing is that --ignore-install is applied only to 
> the nfs module (the one which you have requested to load) but not to its 
> own dependencies:

Yes, and this is in fact in agreement with the documentation:

 -i, --ignore-install, --ignore-remove
    This option causes modprobe to ignore install and remove commands in the 
configuration file (if any) *for the module specified on the command line (any 
dependent modules are still subject to commands set for them in the 
configuration file)*.

This doesn't look like useful behaviour to me, but I don't pretend to be aware 
of all use-cases (the only one I *am* aware of is the one in mkinitramfs, which 
this behaviour breaks).

Unfortunately the current output can't, as I see it, be parsed to obtain a list 
of dependencies, because the 'install' commands can be arbitrary command lines 
with arbitrary side effects, any of which might be loading a module that isn't 
even named in the command line.

> No matter what happens to --ignore-install I suggest that  nfs-kernel-server 
> will replace the modprobe configuration with some udev  rules like this one 
> (untested):
> 
> ACTION=="add", SUBSYSTEM=="module", KERNEL=="sunrpc", RUN+="/sbin/sysctl -q 
> --pattern sunrpc --system"

I see several ways forward:

1. packages that obfuscate module dependencies by supplying 'install' commands 
for modules that other modules may depend on should be required to include 
initramfs (and dracut?) hooks that install all dependencies in the initramfs if 
a depending module is installed in it. This is arguably the correct solution; 
in the case of nfs-kernel-server, for example, the 'install' command wants to 
invoke sysctl --pattern, but the busybox sysctl installed in the initramfs by 
default doesn't support --pattern. So the package would need to force initramfs 
to include the /sbin/sysctl from procps, and maybe also any pertinent files 
from /etc/sysctl.d.

2. in addition to looking at modprobe output, mkinitramfs should also look at 
the depends: line in modinfo(8) output to find dependencies, and transitively 
close the set of modules it includes. This seems like a relatively easy 
workaround but it's not correct in that it won't cause /sbin/sysctl to be 
included even if an 'install' command calls it (or whatever other binary and 
configuration may be needed).

3. Debian could forbid including 'install' commands for modules that other 
modules depend on and that may (frequently?) need to be included in an 
initramfs (requiring, for example, the kind of udev rule Marco proposed).

AndrĂ¡s

-- 
                     The bride got a new name and a dress.

Reply via email to