[301] | 1 | #! /bin/sh
|
---|
[69327] | 2 | # $Id: vboxadd.sh 100853 2023-08-10 17:23:43Z vboxsync $
|
---|
| 3 | ## @file
|
---|
[21412] | 4 | # Linux Additions kernel module init script ($Revision: 100853 $)
|
---|
[1] | 5 | #
|
---|
[21412] | 6 |
|
---|
| 7 | #
|
---|
[98103] | 8 | # Copyright (C) 2006-2023 Oracle and/or its affiliates.
|
---|
[5999] | 9 | #
|
---|
[96407] | 10 | # This file is part of VirtualBox base platform packages, as
|
---|
| 11 | # available from https://www.virtualbox.org.
|
---|
[5999] | 12 | #
|
---|
[96407] | 13 | # This program is free software; you can redistribute it and/or
|
---|
| 14 | # modify it under the terms of the GNU General Public License
|
---|
| 15 | # as published by the Free Software Foundation, in version 3 of the
|
---|
| 16 | # License.
|
---|
| 17 | #
|
---|
| 18 | # This program is distributed in the hope that it will be useful, but
|
---|
| 19 | # WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
| 21 | # General Public License for more details.
|
---|
| 22 | #
|
---|
| 23 | # You should have received a copy of the GNU General Public License
|
---|
| 24 | # along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
| 25 | #
|
---|
| 26 | # SPDX-License-Identifier: GPL-3.0-only
|
---|
| 27 | #
|
---|
[1] | 28 |
|
---|
[67736] | 29 | # X-Start-Before is a Debian Addition which we use when converting to
|
---|
| 30 | # a systemd unit. X-Service-Type is our own invention, also for systemd.
|
---|
[1] | 31 |
|
---|
[60317] | 32 | # chkconfig: 345 10 90
|
---|
[15585] | 33 | # description: VirtualBox Linux Additions kernel modules
|
---|
[1] | 34 | #
|
---|
| 35 | ### BEGIN INIT INFO
|
---|
| 36 | # Provides: vboxadd
|
---|
[1520] | 37 | # Required-Start:
|
---|
[1] | 38 | # Required-Stop:
|
---|
[11274] | 39 | # Default-Start: 2 3 4 5
|
---|
| 40 | # Default-Stop: 0 1 6
|
---|
[67736] | 41 | # X-Start-Before: display-manager
|
---|
| 42 | # X-Service-Type: oneshot
|
---|
[15585] | 43 | # Description: VirtualBox Linux Additions kernel modules
|
---|
[1] | 44 | ### END INIT INFO
|
---|
| 45 |
|
---|
[61199] | 46 | ## @todo This file duplicates a lot of script with vboxdrv.sh. When making
|
---|
| 47 | # changes please try to reduce differences between the two wherever possible.
|
---|
| 48 |
|
---|
[66401] | 49 | # Testing:
|
---|
[66423] | 50 | # * Should fail if the configuration file is missing or missing INSTALL_DIR or
|
---|
| 51 | # INSTALL_VER entries.
|
---|
[93374] | 52 | # * vboxadd, vboxsf and vboxdrmipc user groups should be created if they do not exist - test
|
---|
[66423] | 53 | # by removing them before installing.
|
---|
[66401] | 54 | # * Shared folders can be mounted and auto-mounts accessible to vboxsf group,
|
---|
| 55 | # including on recent Fedoras with SELinux.
|
---|
[66423] | 56 | # * Setting INSTALL_NO_MODULE_BUILDS inhibits modules and module automatic
|
---|
| 57 | # rebuild script creation; otherwise modules, user, group, rebuild script,
|
---|
| 58 | # udev rule and shared folder mount helper should be created/set up.
|
---|
| 59 | # * Setting INSTALL_NO_MODULE_BUILDS inhibits module load and unload on start
|
---|
| 60 | # and stop.
|
---|
[66413] | 61 | # * Uninstalling the Additions and re-installing them does not trigger warnings.
|
---|
[66401] | 62 |
|
---|
[74579] | 63 | export LC_ALL=C
|
---|
[301] | 64 | PATH=$PATH:/bin:/sbin:/usr/sbin
|
---|
[24402] | 65 | PACKAGE=VBoxGuestAdditions
|
---|
[25687] | 66 | MODPROBE=/sbin/modprobe
|
---|
[39358] | 67 | OLDMODULES="vboxguest vboxadd vboxsf vboxvfs vboxvideo"
|
---|
[63870] | 68 | SERVICE="VirtualBox Guest Additions"
|
---|
[99524] | 69 | VBOXSERVICE_PIDFILE="/var/run/vboxadd-service.sh"
|
---|
[63870] | 70 | ## systemd logs information about service status, otherwise do that ourselves.
|
---|
| 71 | QUIET=
|
---|
[75839] | 72 | test -z "${TARGET_VER}" && TARGET_VER=`uname -r`
|
---|
[97539] | 73 |
|
---|
[84947] | 74 | export VBOX_KBUILD_TYPE
|
---|
[77306] | 75 | export USERNAME
|
---|
[301] | 76 |
|
---|
[68705] | 77 | setup_log()
|
---|
| 78 | {
|
---|
[75839] | 79 | test -z "${LOG}" || return 0
|
---|
[68705] | 80 | # Rotate log files
|
---|
| 81 | LOG="/var/log/vboxadd-setup.log"
|
---|
[98687] | 82 | mv -f "${LOG}.3" "${LOG}.4" 2>/dev/null
|
---|
| 83 | mv -f "${LOG}.2" "${LOG}.3" 2>/dev/null
|
---|
| 84 | mv -f "${LOG}.1" "${LOG}.2" 2>/dev/null
|
---|
| 85 | mv -f "${LOG}" "${LOG}.1" 2>/dev/null
|
---|
[68705] | 86 | }
|
---|
[63870] | 87 |
|
---|
[51193] | 88 | if $MODPROBE -c 2>/dev/null | grep -q '^allow_unsupported_modules *0'; then
|
---|
[25687] | 89 | MODPROBE="$MODPROBE --allow-unsupported-modules"
|
---|
| 90 | fi
|
---|
| 91 |
|
---|
[57945] | 92 | # Preamble for Gentoo
|
---|
| 93 | if [ "`which $0`" = "/sbin/rc" ]; then
|
---|
| 94 | shift
|
---|
[9108] | 95 | fi
|
---|
[1] | 96 |
|
---|
[57945] | 97 | begin()
|
---|
| 98 | {
|
---|
[75839] | 99 | test -n "${QUIET}" || echo "${SERVICE}: ${1}"
|
---|
[57945] | 100 | }
|
---|
[1] | 101 |
|
---|
[63870] | 102 | info()
|
---|
[57945] | 103 | {
|
---|
[63870] | 104 | if test -z "${QUIET}"; then
|
---|
[76912] | 105 | echo "${SERVICE}: $1" | fold -s
|
---|
[63870] | 106 | else
|
---|
[76912] | 107 | echo "$1" | fold -s
|
---|
[63870] | 108 | fi
|
---|
[57945] | 109 | }
|
---|
[9108] | 110 |
|
---|
[99510] | 111 | # When script is running as non-root, it does not have access to log
|
---|
| 112 | # files in /var. In this case, lets print error message to stdout and
|
---|
| 113 | # exit with bad status.
|
---|
| 114 | early_fail()
|
---|
| 115 | {
|
---|
| 116 | echo "$1" >&2
|
---|
| 117 | exit 1
|
---|
| 118 | }
|
---|
| 119 |
|
---|
[63870] | 120 | fail()
|
---|
[39358] | 121 | {
|
---|
[63870] | 122 | log "${1}"
|
---|
[99524] | 123 | echo "${SERVICE}: $1" >&2
|
---|
[63870] | 124 | echo "The log file $LOG may contain further information." >&2
|
---|
| 125 | exit 1
|
---|
[39358] | 126 | }
|
---|
| 127 |
|
---|
[63870] | 128 | log()
|
---|
[39358] | 129 | {
|
---|
[68705] | 130 | setup_log
|
---|
[63870] | 131 | echo "${1}" >> "${LOG}"
|
---|
[39358] | 132 | }
|
---|
| 133 |
|
---|
[72196] | 134 | module_build_log()
|
---|
| 135 | {
|
---|
[74412] | 136 | log "Error building the module. Build output follows."
|
---|
| 137 | echo ""
|
---|
| 138 | echo "${1}" >> "${LOG}"
|
---|
[72196] | 139 | }
|
---|
| 140 |
|
---|
[21412] | 141 | dev=/dev/vboxguest
|
---|
[17859] | 142 | userdev=/dev/vboxuser
|
---|
[39358] | 143 | config=/var/lib/VBoxGuestAdditions/config
|
---|
[98476] | 144 | user_config=/etc/virtualbox-guest-additions.conf
|
---|
[6969] | 145 | owner=vboxadd
|
---|
| 146 | group=1
|
---|
[1] | 147 |
|
---|
[98476] | 148 | # Include custom user configuration file.
|
---|
| 149 | [ -r "$user_config" ] && . "$user_config"
|
---|
| 150 |
|
---|
[66401] | 151 | if test -r $config; then
|
---|
| 152 | . $config
|
---|
| 153 | else
|
---|
| 154 | fail "Configuration file $config not found"
|
---|
| 155 | fi
|
---|
| 156 | test -n "$INSTALL_DIR" -a -n "$INSTALL_VER" ||
|
---|
| 157 | fail "Configuration file $config not complete"
|
---|
[77306] | 158 | MODULE_SRC="$INSTALL_DIR/src/vboxguest-$INSTALL_VER"
|
---|
| 159 | BUILDINTMP="$MODULE_SRC/build_in_tmp"
|
---|
[66401] | 160 |
|
---|
[99508] | 161 | # Path to VBoxService control script.
|
---|
[99511] | 162 | VBOX_SERVICE_SCRIPT="/sbin/rcvboxadd-service"
|
---|
[99508] | 163 |
|
---|
[94308] | 164 | # Attempt to detect VirtualBox Guest Additions version and revision information.
|
---|
[99505] | 165 | VBOXCONTROL="${INSTALL_DIR}/bin/VBoxControl"
|
---|
| 166 | VBOX_VERSION="`"$VBOXCONTROL" --version | cut -d r -f1`"
|
---|
[94308] | 167 | [ -n "$VBOX_VERSION" ] || VBOX_VERSION='unknown'
|
---|
[99505] | 168 | VBOX_REVISION="r`"$VBOXCONTROL" --version | cut -d r -f2`"
|
---|
[94308] | 169 | [ "$VBOX_REVISION" != "r" ] || VBOX_REVISION='unknown'
|
---|
| 170 |
|
---|
[99502] | 171 | # Returns if the vboxguest module is running or not.
|
---|
| 172 | #
|
---|
| 173 | # Returns true if vboxguest module is running, false if not.
|
---|
[21412] | 174 | running_vboxguest()
|
---|
[15585] | 175 | {
|
---|
[21412] | 176 | lsmod | grep -q "vboxguest[^_-]"
|
---|
[1] | 177 | }
|
---|
| 178 |
|
---|
[99502] | 179 | # Returns if the vboxadd module is running or not.
|
---|
| 180 | #
|
---|
| 181 | # Returns true if vboxadd module is running, false if not.
|
---|
[24640] | 182 | running_vboxadd()
|
---|
| 183 | {
|
---|
| 184 | lsmod | grep -q "vboxadd[^_-]"
|
---|
| 185 | }
|
---|
| 186 |
|
---|
[99502] | 187 | # Returns if the vboxsf module is running or not.
|
---|
| 188 | #
|
---|
| 189 | # Returns true if vboxsf module is running, false if not.
|
---|
[28998] | 190 | running_vboxsf()
|
---|
[15585] | 191 | {
|
---|
[28998] | 192 | lsmod | grep -q "vboxsf[^_-]"
|
---|
[15585] | 193 | }
|
---|
| 194 |
|
---|
[99502] | 195 | # Returns if the vboxvideo module is running or not.
|
---|
| 196 | #
|
---|
| 197 | # Returns true if vboxvideo module is running, false if not.
|
---|
[43742] | 198 | running_vboxvideo()
|
---|
| 199 | {
|
---|
| 200 | lsmod | grep -q "vboxvideo[^_-]"
|
---|
| 201 | }
|
---|
| 202 |
|
---|
[99502] | 203 | # Returns if a specific module is running or not.
|
---|
| 204 | #
|
---|
| 205 | # Input $1: Module name to check running status for.
|
---|
| 206 | #
|
---|
| 207 | # Returns true if the module is running, false if not.
|
---|
[98609] | 208 | running_module()
|
---|
| 209 | {
|
---|
[98687] | 210 | lsmod | grep -q "$1"
|
---|
[98609] | 211 | }
|
---|
| 212 |
|
---|
[99502] | 213 | # Returns the version string of a currently running kernel module.
|
---|
| 214 | #
|
---|
| 215 | # Input $1: Module name to check.
|
---|
| 216 | #
|
---|
| 217 | # Returns the module version string if found, or none if not found.
|
---|
[98476] | 218 | running_module_version()
|
---|
| 219 | {
|
---|
[99502] | 220 | mod="$1"
|
---|
[98476] | 221 | version_string_path="/sys/module/"$mod"/version"
|
---|
| 222 |
|
---|
| 223 | [ -n "$mod" ] || return
|
---|
[99488] | 224 | if [ -r "$version_string_path" ]; then
|
---|
| 225 | cat "$version_string_path"
|
---|
| 226 | else
|
---|
[99510] | 227 | echo "unknown"
|
---|
[99488] | 228 | fi
|
---|
[98476] | 229 | }
|
---|
| 230 |
|
---|
[99502] | 231 | # Checks if a loaded kernel module version matches to the currently installed Guest Additions version and revision.
|
---|
| 232 | #
|
---|
| 233 | # Input $1: Module name to check.
|
---|
| 234 | #
|
---|
| 235 | # Returns "1" if the module matches the installed Guest Additions, or none if not.
|
---|
[98476] | 236 | check_running_module_version()
|
---|
| 237 | {
|
---|
| 238 | mod=$1
|
---|
| 239 | expected="$VBOX_VERSION $VBOX_REVISION"
|
---|
| 240 |
|
---|
| 241 | [ -n "$mod" ] || return
|
---|
| 242 | [ -n "$expected" ] || return
|
---|
| 243 |
|
---|
| 244 | [ "$expected" = "$(running_module_version "$mod")" ] || return
|
---|
| 245 | }
|
---|
| 246 |
|
---|
[35202] | 247 | do_vboxguest_non_udev()
|
---|
[15585] | 248 | {
|
---|
[1] | 249 | if [ ! -c $dev ]; then
|
---|
[21412] | 250 | maj=`sed -n 's;\([0-9]\+\) vboxguest;\1;p' /proc/devices`
|
---|
[423] | 251 | if [ ! -z "$maj" ]; then
|
---|
| 252 | min=0
|
---|
| 253 | else
|
---|
[21412] | 254 | min=`sed -n 's;\([0-9]\+\) vboxguest;\1;p' /proc/misc`
|
---|
[423] | 255 | if [ ! -z "$min" ]; then
|
---|
| 256 | maj=10
|
---|
| 257 | fi
|
---|
| 258 | fi
|
---|
[75839] | 259 | test -n "$maj" || {
|
---|
[21412] | 260 | rmmod vboxguest 2>/dev/null
|
---|
[9108] | 261 | fail "Cannot locate the VirtualBox device"
|
---|
[1] | 262 | }
|
---|
| 263 |
|
---|
[9108] | 264 | mknod -m 0664 $dev c $maj $min || {
|
---|
[21412] | 265 | rmmod vboxguest 2>/dev/null
|
---|
[9108] | 266 | fail "Cannot create device $dev with major $maj and minor $min"
|
---|
[1] | 267 | }
|
---|
| 268 | fi
|
---|
[18056] | 269 | chown $owner:$group $dev 2>/dev/null || {
|
---|
| 270 | rm -f $dev 2>/dev/null
|
---|
| 271 | rm -f $userdev 2>/dev/null
|
---|
[21412] | 272 | rmmod vboxguest 2>/dev/null
|
---|
[18056] | 273 | fail "Cannot change owner $owner:$group for device $dev"
|
---|
| 274 | }
|
---|
| 275 |
|
---|
[17859] | 276 | if [ ! -c $userdev ]; then
|
---|
[17950] | 277 | maj=10
|
---|
[17859] | 278 | min=`sed -n 's;\([0-9]\+\) vboxuser;\1;p' /proc/misc`
|
---|
| 279 | if [ ! -z "$min" ]; then
|
---|
[17950] | 280 | mknod -m 0666 $userdev c $maj $min || {
|
---|
| 281 | rm -f $dev 2>/dev/null
|
---|
[21412] | 282 | rmmod vboxguest 2>/dev/null
|
---|
[17950] | 283 | fail "Cannot create device $userdev with major $maj and minor $min"
|
---|
| 284 | }
|
---|
[18056] | 285 | chown $owner:$group $userdev 2>/dev/null || {
|
---|
| 286 | rm -f $dev 2>/dev/null
|
---|
| 287 | rm -f $userdev 2>/dev/null
|
---|
[21412] | 288 | rmmod vboxguest 2>/dev/null
|
---|
[18056] | 289 | fail "Cannot change owner $owner:$group for device $userdev"
|
---|
| 290 | }
|
---|
[17859] | 291 | fi
|
---|
| 292 | fi
|
---|
[35202] | 293 | }
|
---|
[6969] | 294 |
|
---|
[15585] | 295 | restart()
|
---|
| 296 | {
|
---|
[1] | 297 | stop && start
|
---|
| 298 | return 0
|
---|
| 299 | }
|
---|
| 300 |
|
---|
[99502] | 301 | ## Updates the initramfs. Debian and Ubuntu put the graphics driver in, and
|
---|
[74579] | 302 | # need the touch(1) command below. Everyone else that I checked just need
|
---|
| 303 | # the right module alias file from depmod(1) and only use the initramfs to
|
---|
| 304 | # load the root filesystem, not the boot splash. update-initramfs works
|
---|
| 305 | # for the first two and dracut for every one else I checked. We are only
|
---|
| 306 | # interested in distributions recent enough to use the KMS vboxvideo driver.
|
---|
| 307 | update_initramfs()
|
---|
| 308 | {
|
---|
| 309 | ## kernel version to update for.
|
---|
| 310 | version="${1}"
|
---|
| 311 | depmod "${version}"
|
---|
| 312 | rm -f "/lib/modules/${version}/initrd/vboxvideo"
|
---|
[75839] | 313 | test ! -d "/lib/modules/${version}/initrd" ||
|
---|
| 314 | test ! -f "/lib/modules/${version}/misc/vboxvideo.ko" ||
|
---|
[74579] | 315 | touch "/lib/modules/${version}/initrd/vboxvideo"
|
---|
[74964] | 316 |
|
---|
| 317 | # Systems without systemd-inhibit probably don't need their initramfs
|
---|
| 318 | # rebuild here anyway.
|
---|
| 319 | type systemd-inhibit >/dev/null 2>&1 || return
|
---|
[74579] | 320 | if type dracut >/dev/null 2>&1; then
|
---|
[74964] | 321 | systemd-inhibit --why="Installing VirtualBox Guest Additions" \
|
---|
| 322 | dracut -f --kver "${version}"
|
---|
[74579] | 323 | elif type update-initramfs >/dev/null 2>&1; then
|
---|
[74964] | 324 | systemd-inhibit --why="Installing VirtualBox Guest Additions" \
|
---|
| 325 | update-initramfs -u -k "${version}"
|
---|
[74579] | 326 | fi
|
---|
| 327 | }
|
---|
| 328 |
|
---|
[99502] | 329 | # Removes any existing VirtualBox guest kernel modules from the disk, but not
|
---|
[35200] | 330 | # from the kernel as they may still be in use
|
---|
| 331 | cleanup_modules()
|
---|
[15585] | 332 | {
|
---|
[74579] | 333 | # Needed for Ubuntu and Debian, see update_initramfs
|
---|
| 334 | rm -f /lib/modules/*/initrd/vboxvideo
|
---|
| 335 | for i in /lib/modules/*/misc; do
|
---|
[75839] | 336 | KERN_VER="${i%/misc}"
|
---|
| 337 | KERN_VER="${KERN_VER#/lib/modules/}"
|
---|
[74579] | 338 | unset do_update
|
---|
| 339 | for j in ${OLDMODULES}; do
|
---|
[97405] | 340 | for mod_ext in ko ko.gz ko.xz ko.zst; do
|
---|
| 341 | test -f "${i}/${j}.${mod_ext}" && do_update=1 && rm -f "${i}/${j}.${mod_ext}"
|
---|
| 342 | done
|
---|
[74579] | 343 | done
|
---|
[75839] | 344 | test -z "$do_update" || update_initramfs "$KERN_VER"
|
---|
[74579] | 345 | # Remove empty /lib/modules folders which may have been kept around
|
---|
| 346 | rmdir -p "${i}" 2>/dev/null || true
|
---|
| 347 | unset keep
|
---|
[75839] | 348 | for j in /lib/modules/"${KERN_VER}"/*; do
|
---|
[74579] | 349 | name="${j##*/}"
|
---|
| 350 | test -d "${name}" || test "${name%%.*}" != modules && keep=1
|
---|
| 351 | done
|
---|
| 352 | if test -z "${keep}"; then
|
---|
[75839] | 353 | rm -rf /lib/modules/"${KERN_VER}"
|
---|
| 354 | rm -f /boot/initrd.img-"${KERN_VER}"
|
---|
[74579] | 355 | fi
|
---|
| 356 | done
|
---|
[62676] | 357 | for i in ${OLDMODULES}; do
|
---|
| 358 | # We no longer support DKMS, remove any leftovers.
|
---|
[57969] | 359 | rm -rf "/var/lib/dkms/${i}"*
|
---|
| 360 | done
|
---|
[63738] | 361 | rm -f /etc/depmod.d/vboxvideo-upstream.conf
|
---|
[35200] | 362 | }
|
---|
| 363 |
|
---|
[96680] | 364 | # Secure boot state.
|
---|
| 365 | case "`mokutil --sb-state 2>/dev/null`" in
|
---|
| 366 | *"disabled in shim"*) unset HAVE_SEC_BOOT;;
|
---|
| 367 | *"SecureBoot enabled"*) HAVE_SEC_BOOT=true;;
|
---|
| 368 | *) unset HAVE_SEC_BOOT;;
|
---|
| 369 | esac
|
---|
| 370 | # So far we can only sign modules on Ubuntu and on Debian 10 and later.
|
---|
| 371 | DEB_PUB_KEY=/var/lib/shim-signed/mok/MOK.der
|
---|
| 372 | DEB_PRIV_KEY=/var/lib/shim-signed/mok/MOK.priv
|
---|
| 373 | # Check if key already enrolled.
|
---|
| 374 | unset HAVE_DEB_KEY
|
---|
| 375 | case "`mokutil --test-key "$DEB_PUB_KEY" 2>/dev/null`" in
|
---|
| 376 | *"is already"*) DEB_KEY_ENROLLED=true;;
|
---|
| 377 | *) unset DEB_KEY_ENROLLED;;
|
---|
| 378 | esac
|
---|
| 379 |
|
---|
[99502] | 380 | # Checks if update-secureboot-policy tool supports required commandline options.
|
---|
[97013] | 381 | update_secureboot_policy_supports()
|
---|
| 382 | {
|
---|
| 383 | opt_name="$1"
|
---|
| 384 | [ -n "$opt_name" ] || return
|
---|
[96680] | 385 |
|
---|
[97013] | 386 | [ -z "$(update-secureboot-policy --help 2>&1 | grep "$opt_name")" ] && return
|
---|
| 387 | echo "1"
|
---|
| 388 | }
|
---|
| 389 |
|
---|
| 390 | HAVE_UPDATE_SECUREBOOT_POLICY_TOOL=
|
---|
[96680] | 391 | if type update-secureboot-policy >/dev/null 2>&1; then
|
---|
[97013] | 392 | [ "$(update_secureboot_policy_supports new-key)" = "1" -a "$(update_secureboot_policy_supports enroll-key)" = "1" ] && \
|
---|
| 393 | HAVE_UPDATE_SECUREBOOT_POLICY_TOOL=true
|
---|
[96680] | 394 | fi
|
---|
| 395 |
|
---|
[97012] | 396 | # Reads kernel configuration option.
|
---|
| 397 | kernel_get_config_opt()
|
---|
| 398 | {
|
---|
[99536] | 399 | kern_ver="$1"
|
---|
| 400 | opt_name="$2"
|
---|
| 401 |
|
---|
| 402 | [ -n "$kern_ver" ] || return
|
---|
[97012] | 403 | [ -n "$opt_name" ] || return
|
---|
| 404 |
|
---|
| 405 | # Check if there is a kernel tool which can extract config option.
|
---|
[99536] | 406 | if test -x /lib/modules/"$kern_ver"/build/scripts/config; then
|
---|
| 407 | /lib/modules/"$kern_ver"/build/scripts/config \
|
---|
| 408 | --file /lib/modules/"$kern_ver"/build/.config \
|
---|
[97012] | 409 | --state "$opt_name" 2>/dev/null
|
---|
[99536] | 410 | elif test -f /lib/modules/"$kern_ver"/build/.config; then
|
---|
[97012] | 411 | # Extract config option manually.
|
---|
[99536] | 412 | grep "$opt_name=" /lib/modules/"$kern_ver"/build/.config | sed -e "s/^$opt_name=//" -e "s/\"//g"
|
---|
[97012] | 413 | fi
|
---|
| 414 | }
|
---|
| 415 |
|
---|
[96680] | 416 | # Reads CONFIG_MODULE_SIG_HASH from kernel config.
|
---|
| 417 | kernel_module_sig_hash()
|
---|
| 418 | {
|
---|
[99536] | 419 | kern_ver="$1"
|
---|
| 420 | [ -n "$kern_ver" ] || return
|
---|
| 421 |
|
---|
| 422 | kernel_get_config_opt "$kern_ver" "CONFIG_MODULE_SIG_HASH"
|
---|
[96680] | 423 | }
|
---|
| 424 |
|
---|
| 425 | # Returns "1" if kernel module signature hash algorithm
|
---|
| 426 | # is supported by us. Or empty string otherwise.
|
---|
| 427 | module_sig_hash_supported()
|
---|
| 428 | {
|
---|
| 429 | sig_hashalgo="$1"
|
---|
| 430 | [ -n "$sig_hashalgo" ] || return
|
---|
| 431 |
|
---|
| 432 | # Go through supported list.
|
---|
| 433 | [ "$sig_hashalgo" = "sha1" \
|
---|
| 434 | -o "$sig_hashalgo" = "sha224" \
|
---|
| 435 | -o "$sig_hashalgo" = "sha256" \
|
---|
| 436 | -o "$sig_hashalgo" = "sha384" \
|
---|
| 437 | -o "$sig_hashalgo" = "sha512" ] || return
|
---|
| 438 |
|
---|
| 439 | echo "1"
|
---|
| 440 | }
|
---|
| 441 |
|
---|
[99536] | 442 | # Check if kernel configuration requires modules signature.
|
---|
| 443 | kernel_requires_module_signature()
|
---|
| 444 | {
|
---|
| 445 | kern_ver="$1"
|
---|
| 446 | vbox_sys_lockdown_path="/sys/kernel/security/lockdown"
|
---|
| 447 |
|
---|
| 448 | [ -n "$kern_ver" ] || return
|
---|
| 449 |
|
---|
| 450 | requires=""
|
---|
| 451 | # We consider that if kernel is running in the following configurations,
|
---|
| 452 | # it will require modules to be signed.
|
---|
| 453 | if [ "$(kernel_get_config_opt "$kern_ver" "CONFIG_MODULE_SIG")" = "y" ]; then
|
---|
| 454 |
|
---|
| 455 | # Modules signature verification is hardcoded in kernel config.
|
---|
| 456 | [ "$(kernel_get_config_opt "$kern_ver" "CONFIG_MODULE_SIG_FORCE")" = "y" ] && requires="1"
|
---|
| 457 |
|
---|
| 458 | # Unsigned modules loading is restricted by "lockdown" feature in runtime.
|
---|
[99550] | 459 | if [ "$(kernel_get_config_opt "$kern_ver" "CONFIG_LOCK_DOWN_KERNEL")" = "y" \
|
---|
| 460 | -o "$(kernel_get_config_opt "$kern_ver" "CONFIG_SECURITY_LOCKDOWN_LSM")" = "y" \
|
---|
[99536] | 461 | -o "$(kernel_get_config_opt "$kern_ver" "CONFIG_SECURITY_LOCKDOWN_LSM_EARLY")" = "y" ]; then
|
---|
| 462 |
|
---|
| 463 | # Once lockdown level is set to something different from "none" (e.g., "integrity"
|
---|
| 464 | # or "confidentiality"), kernel will reject unsigned modules loading.
|
---|
| 465 | if [ -r "$vbox_sys_lockdown_path" ]; then
|
---|
| 466 | [ -n "$(cat "$vbox_sys_lockdown_path" | grep "\[integrity\]")" ] && requires="1"
|
---|
| 467 | [ -n "$(cat "$vbox_sys_lockdown_path" | grep "\[confidentiality\]")" ] && requires="1"
|
---|
| 468 | fi
|
---|
| 469 |
|
---|
| 470 | # This configuration is used by a number of modern Linux distributions and restricts
|
---|
| 471 | # unsigned modules loading when Secure Boot mode is enabled.
|
---|
| 472 | [ "$(kernel_get_config_opt "$kern_ver" "CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT")" = "y" -a -n "$HAVE_SEC_BOOT" ] && requires="1"
|
---|
| 473 | fi
|
---|
| 474 | fi
|
---|
| 475 |
|
---|
| 476 | [ -n "$requires" ] && echo "1"
|
---|
| 477 | }
|
---|
| 478 |
|
---|
[96680] | 479 | sign_modules()
|
---|
| 480 | {
|
---|
| 481 | KERN_VER="$1"
|
---|
| 482 | test -n "$KERN_VER" || return 1
|
---|
| 483 |
|
---|
| 484 | # Make list of mudules to sign.
|
---|
| 485 | MODULE_LIST="vboxguest vboxsf"
|
---|
| 486 | # vboxvideo might not present on for older kernels.
|
---|
| 487 | [ -f "/lib/modules/"$KERN_VER"/misc/vboxvideo.ko" ] && MODULE_LIST="$MODULE_LIST vboxvideo"
|
---|
| 488 |
|
---|
[99536] | 489 | # Sign kernel modules if kernel configuration requires it.
|
---|
| 490 | if test "$(kernel_requires_module_signature $KERN_VER)" = "1"; then
|
---|
[96680] | 491 | begin "Signing VirtualBox Guest Additions kernel modules"
|
---|
| 492 |
|
---|
| 493 | # Generate new signing key if needed.
|
---|
| 494 | [ -n "$HAVE_UPDATE_SECUREBOOT_POLICY_TOOL" ] && SHIM_NOTRIGGER=y update-secureboot-policy --new-key
|
---|
| 495 |
|
---|
| 496 | # Check if signing keys are in place.
|
---|
| 497 | if test ! -f "$DEB_PUB_KEY" || ! test -f "$DEB_PRIV_KEY"; then
|
---|
| 498 | # update-secureboot-policy tool present in the system, but keys were not generated.
|
---|
[97010] | 499 | [ -n "$HAVE_UPDATE_SECUREBOOT_POLICY_TOOL" ] && info "
|
---|
| 500 |
|
---|
| 501 | update-secureboot-policy tool does not generate signing keys
|
---|
| 502 | in your distribution, see below on how to generate them manually."
|
---|
[96680] | 503 | # update-secureboot-policy not present in the system, recommend generate keys manually.
|
---|
| 504 | fail "
|
---|
| 505 |
|
---|
| 506 | System is running in Secure Boot mode, however your distribution
|
---|
| 507 | does not provide tools for automatic generation of keys needed for
|
---|
| 508 | modules signing. Please consider to generate and enroll them manually:
|
---|
| 509 |
|
---|
| 510 | sudo mkdir -p /var/lib/shim-signed/mok
|
---|
[97284] | 511 | sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext \"extendedKeyUsage=codeSigning\" -keyout $DEB_PRIV_KEY -out $DEB_PUB_KEY
|
---|
[97259] | 512 | sudo mokutil --import $DEB_PUB_KEY
|
---|
[96680] | 513 | sudo reboot
|
---|
| 514 |
|
---|
| 515 | Restart \"rcvboxadd setup\" after system is rebooted.
|
---|
| 516 | "
|
---|
| 517 | fi
|
---|
| 518 |
|
---|
| 519 | # Get kernel signature hash algorithm from kernel config and validate it.
|
---|
[99536] | 520 | sig_hashalgo=$(kernel_module_sig_hash "$KERN_VER")
|
---|
[96680] | 521 | [ "$(module_sig_hash_supported $sig_hashalgo)" = "1" ] \
|
---|
[97009] | 522 | || fail "Unsupported kernel signature hash algorithm $sig_hashalgo"
|
---|
[96680] | 523 |
|
---|
| 524 | # Sign modules.
|
---|
| 525 | for i in $MODULE_LIST; do
|
---|
[97011] | 526 |
|
---|
| 527 | # Try to find a tool for modules signing.
|
---|
| 528 | SIGN_TOOL=$(which kmodsign 2>/dev/null)
|
---|
| 529 | # Attempt to use in-kernel signing tool if kmodsign not found.
|
---|
| 530 | if test -z "$SIGN_TOOL"; then
|
---|
| 531 | if test -x "/lib/modules/$KERN_VER/build/scripts/sign-file"; then
|
---|
| 532 | SIGN_TOOL="/lib/modules/$KERN_VER/build/scripts/sign-file"
|
---|
| 533 | fi
|
---|
| 534 | fi
|
---|
| 535 |
|
---|
| 536 | # Check if signing tool is available.
|
---|
| 537 | [ -n "$SIGN_TOOL" ] || fail "Unable to find signing tool"
|
---|
| 538 |
|
---|
[96680] | 539 | "$SIGN_TOOL" "$sig_hashalgo" "$DEB_PRIV_KEY" "$DEB_PUB_KEY" \
|
---|
| 540 | /lib/modules/"$KERN_VER"/misc/"$i".ko || fail "Unable to sign $i.ko"
|
---|
| 541 | done
|
---|
| 542 | # Enroll signing key if needed.
|
---|
| 543 | if test -n "$HAVE_UPDATE_SECUREBOOT_POLICY_TOOL"; then
|
---|
| 544 | # update-secureboot-policy "expects" DKMS modules.
|
---|
| 545 | # Work around this and talk to the authors as soon
|
---|
| 546 | # as possible to fix it.
|
---|
| 547 | mkdir -p /var/lib/dkms/vbox-temp
|
---|
| 548 | update-secureboot-policy --enroll-key 2>/dev/null ||
|
---|
| 549 | fail "Failed to enroll secure boot key."
|
---|
| 550 | rmdir -p /var/lib/dkms/vbox-temp 2>/dev/null
|
---|
| 551 |
|
---|
| 552 | # Indicate that key has been enrolled and reboot is needed.
|
---|
| 553 | HAVE_DEB_KEY=true
|
---|
| 554 | fi
|
---|
| 555 | fi
|
---|
| 556 | }
|
---|
| 557 |
|
---|
[35200] | 558 | # Build and install the VirtualBox guest kernel modules
|
---|
| 559 | setup_modules()
|
---|
| 560 | {
|
---|
[75839] | 561 | KERN_VER="$1"
|
---|
| 562 | test -n "$KERN_VER" || return 1
|
---|
[77328] | 563 | # Match (at least): vboxguest.o; vboxguest.ko; vboxguest.ko.xz
|
---|
| 564 | set /lib/modules/"$KERN_VER"/misc/vboxguest.*o*
|
---|
[96680] | 565 | #test ! -f "$1" || return 0
|
---|
[75839] | 566 | test -d /lib/modules/"$KERN_VER"/build || return 0
|
---|
| 567 | export KERN_VER
|
---|
| 568 | info "Building the modules for kernel $KERN_VER."
|
---|
[35200] | 569 |
|
---|
[97650] | 570 | # Prepend PATH for building UEK7 on OL8 distribution.
|
---|
| 571 | case "$KERN_VER" in
|
---|
| 572 | 5.15.0-*.el8uek*) PATH="/opt/rh/gcc-toolset-11/root/usr/bin:$PATH";;
|
---|
| 573 | esac
|
---|
| 574 |
|
---|
[95409] | 575 | # Detect if kernel was built with clang.
|
---|
| 576 | unset LLVM
|
---|
[99536] | 577 | vbox_cc_is_clang=$(kernel_get_config_opt "$KERN_VER" "CONFIG_CC_IS_CLANG")
|
---|
[95409] | 578 | if test "${vbox_cc_is_clang}" = "y"; then
|
---|
| 579 | info "Using clang compiler."
|
---|
| 580 | export LLVM=1
|
---|
| 581 | fi
|
---|
| 582 |
|
---|
[79438] | 583 | log "Building the main Guest Additions $INSTALL_VER module for kernel $KERN_VER."
|
---|
[72196] | 584 | if ! myerr=`$BUILDINTMP \
|
---|
[61206] | 585 | --save-module-symvers /tmp/vboxguest-Module.symvers \
|
---|
| 586 | --module-source $MODULE_SRC/vboxguest \
|
---|
[72196] | 587 | --no-print-directory install 2>&1`; then
|
---|
[64718] | 588 | # If check_module_dependencies.sh fails it prints a message itself.
|
---|
[72196] | 589 | module_build_log "$myerr"
|
---|
[64718] | 590 | "${INSTALL_DIR}"/other/check_module_dependencies.sh 2>&1 &&
|
---|
| 591 | info "Look at $LOG to find out what went wrong"
|
---|
[66401] | 592 | return 0
|
---|
[61206] | 593 | fi
|
---|
[72196] | 594 | log "Building the shared folder support module."
|
---|
| 595 | if ! myerr=`$BUILDINTMP \
|
---|
[61206] | 596 | --use-module-symvers /tmp/vboxguest-Module.symvers \
|
---|
| 597 | --module-source $MODULE_SRC/vboxsf \
|
---|
[72196] | 598 | --no-print-directory install 2>&1`; then
|
---|
| 599 | module_build_log "$myerr"
|
---|
[63870] | 600 | info "Look at $LOG to find out what went wrong"
|
---|
[66401] | 601 | return 0
|
---|
[61206] | 602 | fi
|
---|
[72196] | 603 | log "Building the graphics driver module."
|
---|
| 604 | if ! myerr=`$BUILDINTMP \
|
---|
[61206] | 605 | --use-module-symvers /tmp/vboxguest-Module.symvers \
|
---|
| 606 | --module-source $MODULE_SRC/vboxvideo \
|
---|
[72196] | 607 | --no-print-directory install 2>&1`; then
|
---|
| 608 | module_build_log "$myerr"
|
---|
[63870] | 609 | info "Look at $LOG to find out what went wrong"
|
---|
[61206] | 610 | fi
|
---|
[65872] | 611 | [ -d /etc/depmod.d ] || mkdir /etc/depmod.d
|
---|
[64311] | 612 | echo "override vboxguest * misc" > /etc/depmod.d/vboxvideo-upstream.conf
|
---|
[64705] | 613 | echo "override vboxsf * misc" >> /etc/depmod.d/vboxvideo-upstream.conf
|
---|
| 614 | echo "override vboxvideo * misc" >> /etc/depmod.d/vboxvideo-upstream.conf
|
---|
[96680] | 615 |
|
---|
| 616 | sign_modules "${KERN_VER}"
|
---|
| 617 |
|
---|
[74579] | 618 | update_initramfs "${KERN_VER}"
|
---|
[97539] | 619 |
|
---|
[35200] | 620 | return 0
|
---|
| 621 | }
|
---|
[24361] | 622 |
|
---|
[66401] | 623 | create_vbox_user()
|
---|
[35200] | 624 | {
|
---|
[24361] | 625 | # This is the LSB version of useradd and should work on recent
|
---|
| 626 | # distributions
|
---|
[74579] | 627 | useradd -d /var/run/vboxadd -g 1 -r -s /bin/false vboxadd >/dev/null 2>&1 || true
|
---|
[24361] | 628 | # And for the others, we choose a UID ourselves
|
---|
[74579] | 629 | useradd -d /var/run/vboxadd -g 1 -u 501 -o -s /bin/false vboxadd >/dev/null 2>&1 || true
|
---|
[24361] | 630 |
|
---|
[66401] | 631 | }
|
---|
[31315] | 632 |
|
---|
[66401] | 633 | create_udev_rule()
|
---|
| 634 | {
|
---|
[24361] | 635 | # Create udev description file
|
---|
| 636 | if [ -d /etc/udev/rules.d ]; then
|
---|
| 637 | udev_call=""
|
---|
| 638 | udev_app=`which udevadm 2> /dev/null`
|
---|
| 639 | if [ $? -eq 0 ]; then
|
---|
| 640 | udev_call="${udev_app} version 2> /dev/null"
|
---|
| 641 | else
|
---|
| 642 | udev_app=`which udevinfo 2> /dev/null`
|
---|
| 643 | if [ $? -eq 0 ]; then
|
---|
| 644 | udev_call="${udev_app} -V 2> /dev/null"
|
---|
| 645 | fi
|
---|
| 646 | fi
|
---|
| 647 | udev_fix="="
|
---|
| 648 | if [ "${udev_call}" != "" ]; then
|
---|
| 649 | udev_out=`${udev_call}`
|
---|
| 650 | udev_ver=`expr "$udev_out" : '[^0-9]*\([0-9]*\)'`
|
---|
| 651 | if [ "$udev_ver" = "" -o "$udev_ver" -lt 55 ]; then
|
---|
| 652 | udev_fix=""
|
---|
| 653 | fi
|
---|
| 654 | fi
|
---|
| 655 | ## @todo 60-vboxadd.rules -> 60-vboxguest.rules ?
|
---|
| 656 | echo "KERNEL=${udev_fix}\"vboxguest\", NAME=\"vboxguest\", OWNER=\"vboxadd\", MODE=\"0660\"" > /etc/udev/rules.d/60-vboxadd.rules
|
---|
| 657 | echo "KERNEL=${udev_fix}\"vboxuser\", NAME=\"vboxuser\", OWNER=\"vboxadd\", MODE=\"0666\"" >> /etc/udev/rules.d/60-vboxadd.rules
|
---|
[79510] | 658 | # Make sure the new rule is noticed.
|
---|
[86650] | 659 | udevadm control --reload >/dev/null 2>&1 || true
|
---|
[79666] | 660 | udevcontrol reload_rules >/dev/null 2>&1 || true
|
---|
[24361] | 661 | fi
|
---|
[66401] | 662 | }
|
---|
[24361] | 663 |
|
---|
[75963] | 664 | create_module_rebuild_script()
|
---|
| 665 | {
|
---|
| 666 | # And a post-installation script for rebuilding modules when a new kernel
|
---|
| 667 | # is installed.
|
---|
| 668 | mkdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d
|
---|
| 669 | cat << EOF > /etc/kernel/postinst.d/vboxadd
|
---|
| 670 | #!/bin/sh
|
---|
| 671 | # This only works correctly on Debian derivatives - Red Hat calls it before
|
---|
| 672 | # installing the right header files.
|
---|
| 673 | /sbin/rcvboxadd quicksetup "\${1}"
|
---|
| 674 | exit 0
|
---|
| 675 | EOF
|
---|
| 676 | cat << EOF > /etc/kernel/prerm.d/vboxadd
|
---|
| 677 | #!/bin/sh
|
---|
| 678 | for i in ${OLDMODULES}; do rm -f /lib/modules/"\${1}"/misc/"\${i}".ko; done
|
---|
[77306] | 679 | rmdir -p /lib/modules/"\$1"/misc 2>/dev/null || true
|
---|
[75963] | 680 | exit 0
|
---|
| 681 | EOF
|
---|
| 682 | chmod 0755 /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd
|
---|
| 683 | }
|
---|
| 684 |
|
---|
[66401] | 685 | shared_folder_setup()
|
---|
| 686 | {
|
---|
| 687 | # Add a group "vboxsf" for Shared Folders access
|
---|
| 688 | # All users which want to access the auto-mounted Shared Folders have to
|
---|
| 689 | # be added to this group.
|
---|
| 690 | groupadd -r -f vboxsf >/dev/null 2>&1
|
---|
| 691 |
|
---|
| 692 | # Put the mount.vboxsf mount helper in the right place.
|
---|
| 693 | ## @todo It would be nicer if the kernel module just parsed parameters
|
---|
| 694 | # itself instead of needing a separate binary to do that.
|
---|
| 695 | ln -sf "${INSTALL_DIR}/other/mount.vboxsf" /sbin
|
---|
[62394] | 696 | # SELinux security context for the mount helper.
|
---|
| 697 | if test -e /etc/selinux/config; then
|
---|
| 698 | # This is correct. semanage maps this to the real path, and it aborts
|
---|
| 699 | # with an error, telling you what you should have typed, if you specify
|
---|
[62749] | 700 | # the real path. The "chcon" is there as a back-up for old guests.
|
---|
| 701 | command -v semanage > /dev/null &&
|
---|
[63890] | 702 | semanage fcontext -a -t mount_exec_t "${INSTALL_DIR}/other/mount.vboxsf"
|
---|
[77049] | 703 | chcon -t mount_exec_t "${INSTALL_DIR}/other/mount.vboxsf" 2>/dev/null
|
---|
[62394] | 704 | fi
|
---|
[35200] | 705 | }
|
---|
| 706 |
|
---|
[99502] | 707 | # Returns path to a module file as seen by modinfo(8), or none if not found.
|
---|
| 708 | #
|
---|
| 709 | # Input $1: Module name to get path for.
|
---|
| 710 | #
|
---|
| 711 | # Returns the module path as a string.
|
---|
[94308] | 712 | module_path()
|
---|
| 713 | {
|
---|
| 714 | mod="$1"
|
---|
| 715 | [ -n "$mod" ] || return
|
---|
| 716 |
|
---|
| 717 | modinfo "$mod" 2>/dev/null | grep -e "^filename:" | tr -s ' ' | cut -d " " -f2
|
---|
| 718 | }
|
---|
| 719 |
|
---|
[99502] | 720 | # Returns module version if module is available, or none if not found.
|
---|
| 721 | #
|
---|
| 722 | # Input $1: Module name to get version for.
|
---|
| 723 | #
|
---|
| 724 | # Returns the module version as a string.
|
---|
[94308] | 725 | module_version()
|
---|
| 726 | {
|
---|
| 727 | mod="$1"
|
---|
| 728 | [ -n "$mod" ] || return
|
---|
| 729 |
|
---|
| 730 | modinfo "$mod" 2>/dev/null | grep -e "^version:" | tr -s ' ' | cut -d " " -f2
|
---|
| 731 | }
|
---|
| 732 |
|
---|
[99502] | 733 | # Returns the module revision if module is available in the system, or none if not found.
|
---|
| 734 | #
|
---|
| 735 | # Input $1: Module name to get revision for.
|
---|
| 736 | #
|
---|
| 737 | # Returns the module revision as a string.
|
---|
[94308] | 738 | module_revision()
|
---|
| 739 | {
|
---|
| 740 | mod="$1"
|
---|
| 741 | [ -n "$mod" ] || return
|
---|
| 742 |
|
---|
| 743 | modinfo "$mod" 2>/dev/null | grep -e "^version:" | tr -s ' ' | cut -d " " -f3
|
---|
| 744 | }
|
---|
| 745 |
|
---|
[99502] | 746 | # Checks if a given kernel module is properly signed or not.
|
---|
| 747 | #
|
---|
| 748 | # Input $1: Module name to check.
|
---|
| 749 | #
|
---|
[96680] | 750 | # Returns "1" if module is signed and signature can be verified
|
---|
[99502] | 751 | # with public key provided in DEB_PUB_KEY, or none otherwise.
|
---|
[96680] | 752 | module_signed()
|
---|
| 753 | {
|
---|
| 754 | mod="$1"
|
---|
| 755 | [ -n "$mod" ] || return
|
---|
| 756 |
|
---|
[98476] | 757 | # Be nice with distributions which do not provide tools which we
|
---|
| 758 | # use in order to verify module signature. This variable needs to
|
---|
| 759 | # be explicitly set by administrator. This script will look for it
|
---|
| 760 | # in /etc/virtualbox-guest-additions.conf. Make sure that you know
|
---|
| 761 | # what you do!
|
---|
| 762 | if [ "$VBOX_BYPASS_MODULES_SIGNATURE_CHECK" = "1" ]; then
|
---|
| 763 | echo "1"
|
---|
| 764 | return
|
---|
| 765 | fi
|
---|
| 766 |
|
---|
[96680] | 767 | extraction_tool=/lib/modules/"$(uname -r)"/build/scripts/extract-module-sig.pl
|
---|
| 768 | mod_path=$(module_path "$mod" 2>/dev/null)
|
---|
| 769 | openssl_tool=$(which openssl 2>/dev/null)
|
---|
| 770 | # Do not use built-in printf!
|
---|
| 771 | printf_tool=$(which printf 2>/dev/null)
|
---|
| 772 |
|
---|
| 773 | # Make sure all the tools required for signature validation are available.
|
---|
| 774 | [ -x "$extraction_tool" ] || return
|
---|
| 775 | [ -n "$mod_path" ] || return
|
---|
| 776 | [ -n "$openssl_tool" ] || return
|
---|
| 777 | [ -n "$printf_tool" ] || return
|
---|
| 778 |
|
---|
| 779 | # Make sure openssl can handle hash algorithm.
|
---|
[97326] | 780 | sig_hashalgo=$(modinfo -F sig_hashalgo "$mod" 2>/dev/null)
|
---|
[96680] | 781 | [ "$(module_sig_hash_supported $sig_hashalgo)" = "1" ] || return
|
---|
| 782 |
|
---|
| 783 | # Generate file names for temporary stuff.
|
---|
| 784 | mod_pub_key=$(mktemp -u)
|
---|
| 785 | mod_signature=$(mktemp -u)
|
---|
| 786 | mod_unsigned=$(mktemp -u)
|
---|
| 787 |
|
---|
| 788 | # Convert public key in DER format into X509 certificate form.
|
---|
| 789 | "$openssl_tool" x509 -pubkey -inform DER -in "$DEB_PUB_KEY" -out "$mod_pub_key" 2>/dev/null
|
---|
| 790 | # Extract raw module signature and convert it into binary format.
|
---|
| 791 | "$printf_tool" \\x$(modinfo -F signature "$mod" | sed -z 's/[ \t\n]//g' | sed -e "s/:/\\\x/g") 2>/dev/null > "$mod_signature"
|
---|
| 792 | # Extract unsigned module for further digest calculation.
|
---|
| 793 | "$extraction_tool" -0 "$mod_path" 2>/dev/null > "$mod_unsigned"
|
---|
| 794 |
|
---|
| 795 | # Verify signature.
|
---|
| 796 | rc=""
|
---|
| 797 | "$openssl_tool" dgst "-$sig_hashalgo" -binary -verify "$mod_pub_key" -signature "$mod_signature" "$mod_unsigned" 2>&1 >/dev/null && rc="1"
|
---|
| 798 | # Clean up.
|
---|
| 799 | rm -f $mod_pub_key $mod_signature $mod_unsigned
|
---|
| 800 |
|
---|
| 801 | # Check result.
|
---|
| 802 | [ "$rc" = "1" ] || return
|
---|
| 803 |
|
---|
| 804 | echo "1"
|
---|
| 805 | }
|
---|
| 806 |
|
---|
[99502] | 807 | # Checks if a given kernel module matches the installed VirtualBox Guest Additions version.
|
---|
| 808 | #
|
---|
| 809 | # Input $1: Module name to check.
|
---|
| 810 | #
|
---|
[94308] | 811 | # Returns "1" if externally built module is available in the system and its
|
---|
| 812 | # version and revision number do match to current VirtualBox installation.
|
---|
[99502] | 813 | # None otherwise.
|
---|
[94308] | 814 | module_available()
|
---|
| 815 | {
|
---|
| 816 | mod="$1"
|
---|
| 817 | [ -n "$mod" ] || return
|
---|
| 818 |
|
---|
| 819 | [ "$VBOX_VERSION" = "$(module_version "$mod")" ] || return
|
---|
| 820 | [ "$VBOX_REVISION" = "$(module_revision "$mod")" ] || return
|
---|
| 821 |
|
---|
| 822 | # Check if module belongs to VirtualBox installation.
|
---|
| 823 | #
|
---|
| 824 | # We have a convention that only modules from /lib/modules/*/misc
|
---|
| 825 | # belong to us. Modules from other locations are treated as
|
---|
| 826 | # externally built.
|
---|
| 827 | mod_path="$(module_path "$mod")"
|
---|
| 828 |
|
---|
| 829 | # If module path points to a symbolic link, resolve actual file location.
|
---|
| 830 | [ -L "$mod_path" ] && mod_path="$(readlink -e -- "$mod_path")"
|
---|
| 831 |
|
---|
| 832 | # File exists?
|
---|
| 833 | [ -f "$mod_path" ] || return
|
---|
| 834 |
|
---|
| 835 | # Extract last component of module path and check whether it is located
|
---|
| 836 | # outside of /lib/modules/*/misc.
|
---|
| 837 | mod_dir="$(dirname "$mod_path" | sed 's;^.*/;;')"
|
---|
| 838 | [ "$mod_dir" = "misc" ] || return
|
---|
| 839 |
|
---|
[99536] | 840 | # In case if kernel configuration (for currently loaded kernel) requires
|
---|
| 841 | # module signature, check if module is signed.
|
---|
| 842 | if test "$(kernel_requires_module_signature $(uname -r))" = "1"; then
|
---|
[96680] | 843 | [ "$(module_signed "$mod")" = "1" ] || return
|
---|
| 844 | fi
|
---|
| 845 |
|
---|
[94308] | 846 | echo "1"
|
---|
| 847 | }
|
---|
| 848 |
|
---|
| 849 | # Check if required modules are installed in the system and versions match.
|
---|
[99502] | 850 | #
|
---|
| 851 | # Returns "1" on success, none otherwise.
|
---|
[94308] | 852 | setup_complete()
|
---|
| 853 | {
|
---|
| 854 | [ "$(module_available vboxguest)" = "1" ] || return
|
---|
| 855 | [ "$(module_available vboxsf)" = "1" ] || return
|
---|
| 856 |
|
---|
| 857 | # All modules are in place.
|
---|
| 858 | echo "1"
|
---|
| 859 | }
|
---|
| 860 |
|
---|
[35200] | 861 | # setup_script
|
---|
| 862 | setup()
|
---|
| 863 | {
|
---|
[96680] | 864 | info "Setting up modules"
|
---|
| 865 |
|
---|
[77049] | 866 | # chcon is needed on old Fedora/Redhat systems. No one remembers which.
|
---|
[75839] | 867 | test ! -e /etc/selinux/config ||
|
---|
[77049] | 868 | chcon -t bin_t "$BUILDINTMP" 2>/dev/null
|
---|
[39358] | 869 |
|
---|
[75839] | 870 | if test -z "$INSTALL_NO_MODULE_BUILDS"; then
|
---|
[94308] | 871 | # Check whether modules setup is already complete for currently running kernel.
|
---|
| 872 | # Prevent unnecessary rebuilding in order to speed up booting process.
|
---|
| 873 | if test "$(setup_complete)" = "1"; then
|
---|
[96680] | 874 | info "VirtualBox Guest Additions kernel modules $VBOX_VERSION $VBOX_REVISION are \
|
---|
| 875 | already available for kernel $TARGET_VER and do not require to be rebuilt."
|
---|
[77306] | 876 | else
|
---|
[94308] | 877 | info "Building the VirtualBox Guest Additions kernel modules. This may take a while."
|
---|
| 878 | info "To build modules for other installed kernels, run"
|
---|
| 879 | info " /sbin/rcvboxadd quicksetup <version>"
|
---|
| 880 | info "or"
|
---|
| 881 | info " /sbin/rcvboxadd quicksetup all"
|
---|
| 882 | if test -d /lib/modules/"$TARGET_VER"/build; then
|
---|
| 883 | setup_modules "$TARGET_VER"
|
---|
| 884 | depmod
|
---|
| 885 | else
|
---|
| 886 | info "Kernel headers not found for target kernel $TARGET_VER. \
|
---|
[76912] | 887 | Please install them and execute
|
---|
| 888 | /sbin/rcvboxadd setup"
|
---|
[94308] | 889 | fi
|
---|
[77306] | 890 | fi
|
---|
[75839] | 891 | fi
|
---|
[66401] | 892 | create_vbox_user
|
---|
| 893 | create_udev_rule
|
---|
[75963] | 894 | test -n "${INSTALL_NO_MODULE_BUILDS}" || create_module_rebuild_script
|
---|
[66401] | 895 | shared_folder_setup
|
---|
[93374] | 896 | # Create user group which will have permissive access to DRP IPC server socket.
|
---|
| 897 | groupadd -r -f vboxdrmipc >/dev/null 2>&1
|
---|
| 898 |
|
---|
[66401] | 899 | if running_vboxguest || running_vboxadd; then
|
---|
[98476] | 900 | # Only warn user if currently loaded modules version do not match Guest Additions Installation.
|
---|
| 901 | check_running_module_version "vboxguest" || info "Running kernel modules will not be replaced until the system is restarted or 'rcvboxadd reload' triggered"
|
---|
[58820] | 902 | fi
|
---|
[77306] | 903 |
|
---|
| 904 | # Put the X.Org driver in place. This is harmless if it is not needed.
|
---|
| 905 | # Also set up the OpenGL library.
|
---|
| 906 | myerr=`"${INSTALL_DIR}/init/vboxadd-x11" setup 2>&1`
|
---|
| 907 | test -z "${myerr}" || log "${myerr}"
|
---|
| 908 |
|
---|
[66401] | 909 | return 0
|
---|
[15585] | 910 | }
|
---|
| 911 |
|
---|
[24361] | 912 | # cleanup_script
|
---|
| 913 | cleanup()
|
---|
| 914 | {
|
---|
[66423] | 915 | if test -z "${INSTALL_NO_MODULE_BUILDS}"; then
|
---|
| 916 | # Delete old versions of VBox modules.
|
---|
| 917 | cleanup_modules
|
---|
| 918 | depmod
|
---|
[24361] | 919 |
|
---|
[66423] | 920 | # Remove old module sources
|
---|
| 921 | for i in $OLDMODULES; do
|
---|
| 922 | rm -rf /usr/src/$i-*
|
---|
| 923 | done
|
---|
| 924 | fi
|
---|
[24531] | 925 |
|
---|
[60103] | 926 | # Clean-up X11-related bits
|
---|
[72196] | 927 | "${INSTALL_DIR}/init/vboxadd-x11" cleanup
|
---|
[60103] | 928 |
|
---|
[24361] | 929 | # Remove other files
|
---|
[75963] | 930 | if test -z "${INSTALL_NO_MODULE_BUILDS}"; then
|
---|
| 931 | rm -f /etc/kernel/postinst.d/vboxadd /etc/kernel/prerm.d/vboxadd
|
---|
[77306] | 932 | rmdir -p /etc/kernel/postinst.d /etc/kernel/prerm.d 2>/dev/null || true
|
---|
[75963] | 933 | fi
|
---|
[77306] | 934 | rm -f /sbin/mount.vboxsf 2>/dev/null
|
---|
| 935 | rm -f /etc/udev/rules.d/60-vboxadd.rules 2>/dev/null
|
---|
[79666] | 936 | udevadm control --reload >/dev/null 2>&1 || true
|
---|
| 937 | udevcontrol reload_rules >/dev/null 2>&1 || true
|
---|
[24361] | 938 | }
|
---|
| 939 |
|
---|
[77306] | 940 | start()
|
---|
| 941 | {
|
---|
| 942 | begin "Starting."
|
---|
[97539] | 943 |
|
---|
| 944 | # Check if kernel modules for currently running kernel are ready
|
---|
| 945 | # and rebuild them if needed.
|
---|
[98476] | 946 | test "$(setup_complete)" = "1" || setup
|
---|
[96680] | 947 |
|
---|
| 948 | # Warn if Secure Boot setup not yet complete.
|
---|
[99536] | 949 | if test "$(kernel_requires_module_signature)" = "1" && test -z "$DEB_KEY_ENROLLED"; then
|
---|
[96680] | 950 | if test -n "$HAVE_DEB_KEY"; then
|
---|
| 951 | info "You must re-start your system to finish secure boot set-up."
|
---|
| 952 | else
|
---|
| 953 | info "You must sign vboxguest, vboxsf and
|
---|
| 954 | vboxvideo (if present) kernel modules before using
|
---|
| 955 | VirtualBox Guest Additions. See the documentation
|
---|
| 956 | for your Linux distribution."
|
---|
| 957 | fi
|
---|
| 958 | fi
|
---|
| 959 |
|
---|
[77306] | 960 | if test -z "${INSTALL_NO_MODULE_BUILDS}"; then
|
---|
| 961 | test -d /sys &&
|
---|
| 962 | ps -A -o comm | grep -q '/*udevd$' 2>/dev/null ||
|
---|
| 963 | no_udev=1
|
---|
[98595] | 964 | check_running_module_version "vboxguest" || {
|
---|
[77306] | 965 | rm -f $dev || {
|
---|
| 966 | fail "Cannot remove $dev"
|
---|
| 967 | }
|
---|
| 968 | rm -f $userdev || {
|
---|
| 969 | fail "Cannot remove $userdev"
|
---|
| 970 | }
|
---|
[98595] | 971 | # Assuming modules were just (re-)built, try to reload everything.
|
---|
| 972 | reload
|
---|
[77306] | 973 | }
|
---|
| 974 | case "$no_udev" in 1)
|
---|
| 975 | do_vboxguest_non_udev;;
|
---|
| 976 | esac
|
---|
| 977 | fi # INSTALL_NO_MODULE_BUILDS
|
---|
| 978 |
|
---|
| 979 | return 0
|
---|
| 980 | }
|
---|
| 981 |
|
---|
| 982 | stop()
|
---|
| 983 | {
|
---|
| 984 | begin "Stopping."
|
---|
[98595] | 985 |
|
---|
[77306] | 986 | if test -r /etc/ld.so.conf.d/00vboxvideo.conf; then
|
---|
| 987 | rm /etc/ld.so.conf.d/00vboxvideo.conf
|
---|
| 988 | ldconfig
|
---|
| 989 | fi
|
---|
| 990 | if ! umount -a -t vboxsf 2>/dev/null; then
|
---|
[80581] | 991 | # Make sure we only fail, if there are truly no more vboxsf
|
---|
| 992 | # mounts in the system.
|
---|
| 993 | [ -n "$(findmnt -t vboxsf)" ] && fail "Cannot unmount vboxsf folders"
|
---|
[77306] | 994 | fi
|
---|
| 995 | test -n "${INSTALL_NO_MODULE_BUILDS}" ||
|
---|
[98476] | 996 | info "You may need to restart your guest system to finish removing guest drivers or consider running 'rcvboxadd reload'."
|
---|
[77306] | 997 | return 0
|
---|
| 998 | }
|
---|
| 999 |
|
---|
[99510] | 1000 | check_root()
|
---|
| 1001 | {
|
---|
| 1002 | # Check if script is running with root privileges and exit if it does not.
|
---|
| 1003 | [ `id -u` -eq 0 ] || early_fail "root privileges are required"
|
---|
| 1004 | }
|
---|
| 1005 |
|
---|
[98476] | 1006 | # Check if process with this PID is running.
|
---|
| 1007 | check_pid()
|
---|
| 1008 | {
|
---|
[99524] | 1009 | pid="$1"
|
---|
[98476] | 1010 |
|
---|
[98687] | 1011 | test -n "$pid" -a -d "/proc/$pid"
|
---|
[98476] | 1012 | }
|
---|
| 1013 |
|
---|
[98687] | 1014 | # A wrapper for check_running_module_version.
|
---|
| 1015 | # Go through the list of Guest Additions' modules and
|
---|
| 1016 | # verify if they are loaded and running version matches
|
---|
| 1017 | # to current installation version. Skip vboxvideo since
|
---|
| 1018 | # it is not loaded for old guests.
|
---|
| 1019 | check_status_kernel()
|
---|
| 1020 | {
|
---|
| 1021 | for mod in vboxguest vboxsf; do
|
---|
| 1022 |
|
---|
| 1023 | for attempt in 1 2 3 4 5; do
|
---|
| 1024 |
|
---|
| 1025 | # Wait before the next attempt.
|
---|
| 1026 | [ $? -ne 0 ] && sleep 1
|
---|
| 1027 |
|
---|
| 1028 | running_module "$mod"
|
---|
| 1029 | if [ $? -eq 0 ]; then
|
---|
| 1030 | mod_is_running="1"
|
---|
| 1031 | check_running_module_version "$mod"
|
---|
| 1032 | [ $? -eq 0 ] && break
|
---|
| 1033 | else
|
---|
| 1034 | mod_is_running=""
|
---|
| 1035 | false
|
---|
| 1036 | fi
|
---|
| 1037 |
|
---|
| 1038 | done
|
---|
| 1039 |
|
---|
| 1040 | # In case of error, try to print out proper reason of failure.
|
---|
| 1041 | if [ $? -ne 0 ]; then
|
---|
| 1042 | # Was module loaded?
|
---|
[99525] | 1043 | if [ -z "$mod_is_running" ]; then
|
---|
| 1044 | info "module $mod is not loaded"
|
---|
| 1045 | else
|
---|
| 1046 | # If module was loaded it means that it has incorrect version.
|
---|
| 1047 | info "currently loaded module $mod version ($(running_module_version "$mod")) does not match to VirtualBox Guest Additions installation version ($VBOX_VERSION $VBOX_REVISION)"
|
---|
| 1048 | fi
|
---|
| 1049 |
|
---|
| 1050 | # Set "bad" rc.
|
---|
| 1051 | false
|
---|
[98687] | 1052 | fi
|
---|
| 1053 |
|
---|
| 1054 | done
|
---|
| 1055 | }
|
---|
| 1056 |
|
---|
| 1057 | # Check whether user-land processes are running.
|
---|
| 1058 | # Currently only check for VBoxService.
|
---|
| 1059 | check_status_user()
|
---|
| 1060 | {
|
---|
[99524] | 1061 | [ -r "$VBOXSERVICE_PIDFILE" ] && check_pid "$(cat $VBOXSERVICE_PIDFILE)" >/dev/null 2>&1
|
---|
[98687] | 1062 | }
|
---|
| 1063 |
|
---|
[99524] | 1064 | send_signal_by_pidfile()
|
---|
[98476] | 1065 | {
|
---|
[99524] | 1066 | sig="$1"
|
---|
| 1067 | pidfile="$2"
|
---|
[98476] | 1068 |
|
---|
| 1069 | if [ -f "$pidfile" ]; then
|
---|
| 1070 | check_pid $(cat "$pidfile")
|
---|
| 1071 | if [ $? -eq 0 ]; then
|
---|
[99524] | 1072 | kill "$sig" $(cat "$pidfile") >/dev/null 2>&1
|
---|
[98476] | 1073 | else
|
---|
| 1074 | # Do not spoil $?.
|
---|
| 1075 | true
|
---|
| 1076 | fi
|
---|
| 1077 | else
|
---|
| 1078 | # Do not spoil $?.
|
---|
| 1079 | true
|
---|
| 1080 | fi
|
---|
| 1081 | }
|
---|
| 1082 |
|
---|
| 1083 | # SIGUSR1 is used in order to notify VBoxClient processes that system
|
---|
| 1084 | # update is started or kernel modules are going to be reloaded,
|
---|
| 1085 | # so VBoxClient can release vboxguest.ko resources and then restart itself.
|
---|
[99524] | 1086 | send_signal()
|
---|
[98476] | 1087 | {
|
---|
[99524] | 1088 | sig="$1"
|
---|
[98476] | 1089 | # Specify whether we sending signal to VBoxClient parent (control)
|
---|
| 1090 | # process or a child (actual service) process.
|
---|
[99524] | 1091 | process_type="$2"
|
---|
[98476] | 1092 |
|
---|
| 1093 | pidfile_postfix=""
|
---|
| 1094 | [ -z "$process_type" ] || pidfile_postfix="-$process_type"
|
---|
| 1095 |
|
---|
[99537] | 1096 | for user_name in $(getent passwd | cut -d ':' -f 1); do
|
---|
[98476] | 1097 |
|
---|
[99537] | 1098 | # Filter out empty login names (paranoia).
|
---|
| 1099 | [ -n "$user_name" ] || continue
|
---|
[98476] | 1100 |
|
---|
[99537] | 1101 | user_shell=$(getent passwd "$user_name" | cut -d ':' -f 7)
|
---|
[98476] | 1102 |
|
---|
[99537] | 1103 | # Filter out login names with not specified shells (paranoia).
|
---|
| 1104 | [ -n "$user_shell" ] || continue
|
---|
[98476] | 1105 |
|
---|
[99537] | 1106 | # Filter out know non-login account names.
|
---|
| 1107 | case "$user_shell" in
|
---|
| 1108 | *nologin) skip_user_home="1";;
|
---|
| 1109 | *sync) skip_user_home="1";;
|
---|
| 1110 | *shutdown) skip_user_home="1";;
|
---|
| 1111 | *halt) skip_user_home="1";;
|
---|
| 1112 | *) skip_user_home=""
|
---|
| 1113 | esac
|
---|
| 1114 | [ -z "$skip_user_home" ] || continue;
|
---|
| 1115 |
|
---|
| 1116 | user_home=$(getent passwd "$user_name" | cut -d ':' -f 6)
|
---|
| 1117 |
|
---|
| 1118 | for pid_file in "$user_home"/.vboxclient-*"$pidfile_postfix".pid; do
|
---|
| 1119 |
|
---|
| 1120 | [ -r "$pid_file" ] || continue
|
---|
| 1121 |
|
---|
| 1122 | # If process type was not specified, we assume that signal supposed
|
---|
| 1123 | # to be sent to legacy VBoxClient processes which have different
|
---|
| 1124 | # pidfile name pattern (it does not contain "control" or "service").
|
---|
| 1125 | # Skip those pidfiles who has.
|
---|
| 1126 | [ -z "$process_type" -a -n "$(echo "$pid_file" | grep "control")" ] && continue
|
---|
| 1127 | [ -z "$process_type" -a -n "$(echo "$pid_file" | grep "service")" ] && continue
|
---|
| 1128 |
|
---|
| 1129 | send_signal_by_pidfile -USR1 "$pid_file"
|
---|
| 1130 |
|
---|
| 1131 | done
|
---|
[98476] | 1132 | done
|
---|
| 1133 | }
|
---|
| 1134 |
|
---|
[99524] | 1135 | # Helper function which executes a command, prints error message if command fails,
|
---|
| 1136 | # and preserves command execution status for further processing.
|
---|
| 1137 | try_load_preserve_rc()
|
---|
| 1138 | {
|
---|
| 1139 | cmd="$1"
|
---|
| 1140 | msg="$2"
|
---|
| 1141 |
|
---|
| 1142 | $cmd >/dev/null 2>&1
|
---|
| 1143 |
|
---|
| 1144 | rc=$?
|
---|
| 1145 | [ $rc -eq 0 ] || info "$msg"
|
---|
| 1146 |
|
---|
| 1147 | return $rc
|
---|
| 1148 | }
|
---|
| 1149 |
|
---|
[98476] | 1150 | reload()
|
---|
| 1151 | {
|
---|
| 1152 | begin "reloading kernel modules and services"
|
---|
| 1153 |
|
---|
[98687] | 1154 | # Stop VBoxService if running.
|
---|
[99508] | 1155 | $VBOX_SERVICE_SCRIPT status >/dev/null 2>&1
|
---|
[98687] | 1156 | if [ $? -eq 0 ]; then
|
---|
[99508] | 1157 | $VBOX_SERVICE_SCRIPT stop >/dev/null 2>&1 || fail "unable to stop VBoxService"
|
---|
[98687] | 1158 | fi
|
---|
[98476] | 1159 |
|
---|
| 1160 | # Unmount Shared Folders.
|
---|
[99524] | 1161 | umount -a -t vboxsf >/dev/null 2>&1 || fail "unable to unmount shared folders, mount point(s) might be still in use"
|
---|
[98476] | 1162 |
|
---|
| 1163 | # Stop VBoxDRMClient.
|
---|
[99524] | 1164 | send_signal_by_pidfile "-USR1" "/var/run/VBoxDRMClient" || fail "unable to stop VBoxDRMClient"
|
---|
[98476] | 1165 |
|
---|
| 1166 | if [ $? -eq 0 ]; then
|
---|
| 1167 | # Tell legacy VBoxClient processes to release vboxguest.ko references.
|
---|
[99524] | 1168 | send_signal "-USR1" ""
|
---|
[98476] | 1169 |
|
---|
| 1170 | # Tell compatible VBoxClient processes to release vboxguest.ko references.
|
---|
[99524] | 1171 | send_signal "-USR1" "service"
|
---|
[98476] | 1172 |
|
---|
| 1173 | # Try unload.
|
---|
| 1174 | for attempt in 1 2 3 4 5; do
|
---|
| 1175 |
|
---|
| 1176 | # Give VBoxClient processes some time to close reference to vboxguest module.
|
---|
| 1177 | [ $? -ne 0 ] && sleep 1
|
---|
| 1178 |
|
---|
| 1179 | # Try unload drivers unconditionally (ignore previous command exit code).
|
---|
| 1180 | # If final goal of unloading vboxguest.ko won't be met, we will fail on
|
---|
| 1181 | # the next step anyway.
|
---|
| 1182 | running_vboxsf && modprobe -r vboxsf >/dev/null 2>&1
|
---|
| 1183 | running_vboxguest
|
---|
| 1184 | if [ $? -eq 0 ]; then
|
---|
| 1185 | modprobe -r vboxguest >/dev/null 2>&1
|
---|
[98687] | 1186 | [ $? -eq 0 ] && break
|
---|
[98476] | 1187 | else
|
---|
| 1188 | # Do not spoil $?.
|
---|
| 1189 | true
|
---|
| 1190 | fi
|
---|
| 1191 | done
|
---|
| 1192 |
|
---|
| 1193 | # Check if we succeeded with unloading vboxguest after several attempts.
|
---|
| 1194 | running_vboxguest
|
---|
| 1195 | if [ $? -eq 0 ]; then
|
---|
[99524] | 1196 | info "cannot reload kernel modules: one or more module(s) is still in use"
|
---|
| 1197 | false
|
---|
[98476] | 1198 | else
|
---|
| 1199 | # Do not spoil $?.
|
---|
| 1200 | true
|
---|
| 1201 | fi
|
---|
| 1202 |
|
---|
| 1203 | # Load drivers (skip vboxvideo since it is not loaded for very old guests).
|
---|
[99524] | 1204 | [ $? -eq 0 ] && try_load_preserve_rc "modprobe vboxguest" "unable to load vboxguest kernel module, see dmesg"
|
---|
| 1205 | [ $? -eq 0 ] && try_load_preserve_rc "modprobe vboxsf" "unable to load vboxsf kernel module, see dmesg"
|
---|
[98476] | 1206 |
|
---|
[99512] | 1207 | # Start VBoxService and VBoxDRMClient.
|
---|
[99524] | 1208 | [ $? -eq 0 ] && try_load_preserve_rc "$VBOX_SERVICE_SCRIPT start" "unable to start VBoxService"
|
---|
[98476] | 1209 |
|
---|
| 1210 | # Reload VBoxClient processes.
|
---|
[99525] | 1211 | [ $? -eq 0 ] && try_load_preserve_rc "send_signal -USR1 control" "unable to reload user session services"
|
---|
[98476] | 1212 |
|
---|
[99525] | 1213 | # Check if we just loaded modules of correct version.
|
---|
| 1214 | [ $? -eq 0 ] && try_load_preserve_rc "check_status_kernel" "kernel modules were not reloaded"
|
---|
[98476] | 1215 |
|
---|
[99525] | 1216 | # Check if user-land processes were restarted as well.
|
---|
| 1217 | [ $? -eq 0 ] && try_load_preserve_rc "check_status_user" "user-land services were not started"
|
---|
[98609] | 1218 |
|
---|
[99525] | 1219 | if [ $? -eq 0 ]; then
|
---|
[98687] | 1220 | # Take reported version of running Guest Additions from running vboxguest module (as a paranoia check).
|
---|
| 1221 | info "kernel modules and services $(running_module_version "vboxguest") reloaded"
|
---|
| 1222 | info "NOTE: you may still consider to re-login if some user session specific services (Shared Clipboard, Drag and Drop, Seamless or Guest Screen Resize) were not restarted automatically"
|
---|
| 1223 | else
|
---|
[99524] | 1224 | # In case of failure, sent SIGTERM to abandoned control processes to remove leftovers from failed reloading.
|
---|
| 1225 | send_signal "-TERM" "control"
|
---|
| 1226 |
|
---|
| 1227 | fail "kernel modules and services were not reloaded"
|
---|
[98687] | 1228 | fi
|
---|
[98476] | 1229 | else
|
---|
[98687] | 1230 | fail "cannot stop user services"
|
---|
[98476] | 1231 | fi
|
---|
| 1232 | }
|
---|
| 1233 |
|
---|
[15585] | 1234 | dmnstatus()
|
---|
| 1235 | {
|
---|
[21412] | 1236 | if running_vboxguest; then
|
---|
[1] | 1237 | echo "The VirtualBox Additions are currently running."
|
---|
| 1238 | else
|
---|
| 1239 | echo "The VirtualBox Additions are not currently running."
|
---|
| 1240 | fi
|
---|
| 1241 | }
|
---|
| 1242 |
|
---|
[77306] | 1243 | for i; do
|
---|
| 1244 | case "$i" in quiet) QUIET=yes;; esac
|
---|
| 1245 | done
|
---|
[1] | 1246 | case "$1" in
|
---|
[77306] | 1247 | # Does setup without clean-up first and marks all kernels currently found on the
|
---|
| 1248 | # system so that we can see later if any were added.
|
---|
[1] | 1249 | start)
|
---|
[99510] | 1250 | check_root
|
---|
[1] | 1251 | start
|
---|
| 1252 | ;;
|
---|
[77306] | 1253 | # Tries to build kernel modules for kernels added since start. Tries to unmount
|
---|
| 1254 | # shared folders. Uninstalls our Chromium 3D libraries since we can't always do
|
---|
| 1255 | # this fast enough at start time if we discover we do not want to use them.
|
---|
[1] | 1256 | stop)
|
---|
[99510] | 1257 | check_root
|
---|
[1] | 1258 | stop
|
---|
| 1259 | ;;
|
---|
| 1260 | restart)
|
---|
[99510] | 1261 | check_root
|
---|
[1] | 1262 | restart
|
---|
| 1263 | ;;
|
---|
[98476] | 1264 | # Tries to reload kernel modules and restart user processes.
|
---|
| 1265 | reload)
|
---|
[99510] | 1266 | check_root
|
---|
[98476] | 1267 | reload
|
---|
| 1268 | ;;
|
---|
[77306] | 1269 | # Setup does a clean-up (see below) and re-does all Additions-specific
|
---|
| 1270 | # configuration of the guest system, including building kernel modules for the
|
---|
| 1271 | # current kernel.
|
---|
[15585] | 1272 | setup)
|
---|
[99510] | 1273 | check_root
|
---|
[77306] | 1274 | cleanup && start
|
---|
[15585] | 1275 | ;;
|
---|
[77306] | 1276 | # Builds kernel modules for the specified kernels if they are not already built.
|
---|
[61199] | 1277 | quicksetup)
|
---|
[99510] | 1278 | check_root
|
---|
[77306] | 1279 | if test x"$2" = xall; then
|
---|
[77307] | 1280 | for topi in /lib/modules/*; do
|
---|
| 1281 | KERN_VER="${topi%/misc}"
|
---|
[77306] | 1282 | KERN_VER="${KERN_VER#/lib/modules/}"
|
---|
| 1283 | setup_modules "$KERN_VER"
|
---|
| 1284 | done
|
---|
| 1285 | elif test -n "$2"; then
|
---|
| 1286 | setup_modules "$2"
|
---|
| 1287 | else
|
---|
| 1288 | setup_modules "$TARGET_VER"
|
---|
| 1289 | fi
|
---|
[61199] | 1290 | ;;
|
---|
[77306] | 1291 | # Clean-up removes all Additions-specific configuration of the guest system,
|
---|
| 1292 | # including all kernel modules.
|
---|
[66413] | 1293 | cleanup)
|
---|
[99510] | 1294 | check_root
|
---|
[66423] | 1295 | cleanup
|
---|
[66413] | 1296 | ;;
|
---|
[1] | 1297 | status)
|
---|
| 1298 | dmnstatus
|
---|
| 1299 | ;;
|
---|
[98609] | 1300 | status-kernel)
|
---|
[99510] | 1301 | check_root
|
---|
[99525] | 1302 | check_status_kernel
|
---|
| 1303 | if [ $? -eq 0 ]; then
|
---|
[100853] | 1304 | info "kernel modules $VBOX_VERSION $VBOX_REVISION are loaded"
|
---|
[99525] | 1305 | else
|
---|
[100853] | 1306 | info "kernel modules $VBOX_VERSION $VBOX_REVISION were not loaded"
|
---|
[99525] | 1307 | false
|
---|
| 1308 | fi
|
---|
[98609] | 1309 | ;;
|
---|
| 1310 | status-user)
|
---|
[99510] | 1311 | check_root
|
---|
[98609] | 1312 | check_status_user
|
---|
| 1313 | if [ $? -eq 0 ]; then
|
---|
[100853] | 1314 | info "user-land services $VBOX_VERSION $VBOX_REVISION are running"
|
---|
[98609] | 1315 | else
|
---|
[100853] | 1316 | info "user-land services $VBOX_VERSION $VBOX_REVISION are not running"
|
---|
[99524] | 1317 | false
|
---|
[98609] | 1318 | fi
|
---|
| 1319 | ;;
|
---|
[1] | 1320 | *)
|
---|
[98609] | 1321 | echo "Usage: $0 {start|stop|restart|reload|status|status-kernel|status-user|setup|quicksetup|cleanup} [quiet]"
|
---|
[1] | 1322 | exit 1
|
---|
| 1323 | esac
|
---|
| 1324 |
|
---|
| 1325 | exit
|
---|