From aef2192a6584e7934086eae0caab6faba52a8ac1 Mon Sep 17 00:00:00 2001
From: Noel Georgi <git@frezbo.dev>
Date: Fri, 9 Jun 2023 00:06:55 +0530
Subject: [PATCH] chore: use fixed module list

Use a fixed list of modules to copy into Talos initramfs.

This makes sure we can still enable thing in Talos kernel as modules but
not ship it as default in Talos (extra modules could be extensions).

Also fixes: #7341

Signed-off-by: Noel Georgi <git@frezbo.dev>
---
 Dockerfile                                    | 38 ++++++++++++++++---
 Makefile                                      |  2 +-
 hack/modules-amd64.txt                        | 18 +++++++++
 hack/modules-arm64.txt                        | 14 +++++++
 pkg/machinery/gendata/data/pkgs               |  2 +-
 .../configuration/nvidia-gpu-proprietary.md   |  2 +-
 6 files changed, 68 insertions(+), 8 deletions(-)
 create mode 100644 hack/modules-amd64.txt
 create mode 100644 hack/modules-arm64.txt

diff --git a/Dockerfile b/Dockerfile
index e8b4c8208..b5911d0fb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -482,13 +482,41 @@ LABEL org.opencontainers.image.source https://github.com/siderolabs/talos
 ENTRYPOINT ["/talosctl"]
 
 # The kernel target is the linux kernel.
-
 FROM scratch AS kernel
 ARG TARGETARCH
 COPY --from=pkg-kernel /boot/vmlinuz /vmlinuz-${TARGETARCH}
 
-# The rootfs target provides the Talos rootfs.
+FROM tools AS depmod-amd64
+WORKDIR /staging
+COPY hack/modules-amd64.txt .
+COPY --from=pkg-kernel-amd64 /lib/modules lib/modules
+RUN <<EOF
+KERNEL_VERSION=$(ls lib/modules)
 
+xargs -a modules-amd64.txt -I {} install -D lib/modules/${KERNEL_VERSION}/{} /build/lib/modules/${KERNEL_VERSION}/{}
+
+depmod -b /build ${KERNEL_VERSION}
+EOF
+
+FROM scratch AS modules-amd64
+COPY --from=depmod-amd64 /build/lib/modules /lib/modules
+
+FROM tools AS depmod-arm64
+WORKDIR /staging
+COPY hack/modules-arm64.txt .
+COPY --from=pkg-kernel-arm64 /lib/modules lib/modules
+RUN <<EOF
+KERNEL_VERSION=$(ls lib/modules)
+
+xargs -a modules-arm64.txt -I {} install -D lib/modules/${KERNEL_VERSION}/{} /build/lib/modules/${KERNEL_VERSION}/{}
+
+depmod -b /build ${KERNEL_VERSION}
+EOF
+
+FROM scratch AS modules-arm64
+COPY --from=depmod-arm64 /build/lib/modules /lib/modules
+
+# The rootfs target provides the Talos rootfs.
 FROM build AS rootfs-base-amd64
 COPY --from=pkg-fhs / /rootfs
 COPY --from=pkg-ca-certificates / /rootfs
@@ -513,7 +541,7 @@ COPY --from=pkg-util-linux-amd64 /lib/libuuid.* /rootfs/lib/
 COPY --from=pkg-util-linux-amd64 /lib/libmount.* /rootfs/lib/
 COPY --from=pkg-kmod-amd64 /usr/lib/libkmod.* /rootfs/lib/
 COPY --from=pkg-kmod-amd64 /usr/bin/kmod /rootfs/sbin/modprobe
-COPY --from=pkg-kernel-amd64 /lib/modules /rootfs/lib/modules
+COPY --from=modules-amd64 /lib/modules /rootfs/lib/modules
 COPY --from=machined-build-amd64 /machined /rootfs/sbin/init
 # the orderly_poweroff call by the kernel will call '/sbin/poweroff'
 RUN ln /rootfs/sbin/init /rootfs/sbin/poweroff
@@ -567,7 +595,7 @@ COPY --from=pkg-util-linux-arm64 /lib/libuuid.* /rootfs/lib/
 COPY --from=pkg-util-linux-arm64 /lib/libmount.* /rootfs/lib/
 COPY --from=pkg-kmod-arm64 /usr/lib/libkmod.* /rootfs/lib/
 COPY --from=pkg-kmod-arm64 /usr/bin/kmod /rootfs/sbin/modprobe
-COPY --from=pkg-kernel-arm64 /lib/modules /rootfs/lib/modules
+COPY --from=modules-amd64 /lib/modules /rootfs/lib/modules
 COPY --from=machined-build-arm64 /machined /rootfs/sbin/init
 # the orderly_poweroff call by the kernel will call '/sbin/poweroff'
 RUN ln /rootfs/sbin/init /rootfs/sbin/poweroff
@@ -804,7 +832,7 @@ ONBUILD RUN xz -d /usr/install/${TARGETARCH}/initramfs.xz \
     && rm /usr/install/${TARGETARCH}/initramfs \
     && rm rootfs.sqsh
 ONBUILD COPY --from=customization / /rootfs
-ONBUILD RUN find /rootfs \
+ONBUILD RUN depmod -b /rootfs $(ls /rootfs/lib/modules) \
     && mksquashfs /rootfs rootfs.sqsh -all-root -noappend -comp xz -Xdict-size 100% -no-progress \
     && set -o pipefail && find . 2>/dev/null | cpio -H newc -o | xz -v -C crc32 -0 -e -T 0 -z >/usr/install/${TARGETARCH}/initramfs.xz \
     && rm -rf /rootfs \
diff --git a/Makefile b/Makefile
index dabeee525..dd47c6bc2 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ NAME = Talos
 
 ARTIFACTS := _out
 TOOLS ?= ghcr.io/siderolabs/tools:v1.5.0-alpha.0-14-ge0c76c0
-PKGS ?= v1.5.0-alpha.0-23-ga859f4f
+PKGS ?= v1.5.0-alpha.0-24-g1eefa66
 EXTRAS ?= v1.5.0-alpha.0-1-ga73d524
 # renovate: datasource=github-tags depName=golang/go
 GO_VERSION ?= 1.20
diff --git a/hack/modules-amd64.txt b/hack/modules-amd64.txt
new file mode 100644
index 000000000..7f3a4d025
--- /dev/null
+++ b/hack/modules-amd64.txt
@@ -0,0 +1,18 @@
+kernel/drivers/infiniband/sw/rxe/rdma_rxe.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_core.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko
+kernel/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxfw/mlxfw.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_i2c.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_minimal.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_pci.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_spectrum.ko
+kernel/drivers/virtio/virtio_balloon.ko
+kernel/drivers/virtio/virtio_input.ko
+kernel/drivers/virtio/virtio_mmio.ko
+kernel/drivers/virtio/virtio_pci.ko
+kernel/drivers/virtio/virtio_pci_legacy_dev.ko
+kernel/drivers/virtio/virtio_pci_modern_dev.ko
+kernel/lib/objagg.ko
+kernel/lib/parman.ko
diff --git a/hack/modules-arm64.txt b/hack/modules-arm64.txt
new file mode 100644
index 000000000..ecd955f5d
--- /dev/null
+++ b/hack/modules-arm64.txt
@@ -0,0 +1,14 @@
+kernel/drivers/infiniband/sw/rxe/rdma_rxe.ko
+kernel/drivers/irqchip/irq-imx-mu-msi.ko
+kernel/drivers/mailbox/bcm-flexrm-mailbox.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_core.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko
+kernel/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxfw/mlxfw.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_i2c.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_minimal.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_pci.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_spectrum.ko
+kernel/lib/objagg.ko
+kernel/lib/parman.ko
diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs
index 93ca6fbc1..101609a03 100644
--- a/pkg/machinery/gendata/data/pkgs
+++ b/pkg/machinery/gendata/data/pkgs
@@ -1 +1 @@
-v1.5.0-alpha.0-23-ga859f4f
\ No newline at end of file
+v1.5.0-alpha.0-24-g1eefa66
\ No newline at end of file
diff --git a/website/content/v1.5/talos-guides/configuration/nvidia-gpu-proprietary.md b/website/content/v1.5/talos-guides/configuration/nvidia-gpu-proprietary.md
index ddd909776..1ecbcb8e8 100644
--- a/website/content/v1.5/talos-guides/configuration/nvidia-gpu-proprietary.md
+++ b/website/content/v1.5/talos-guides/configuration/nvidia-gpu-proprietary.md
@@ -64,7 +64,7 @@ COPY --from=ghcr.io/talos-user/kernel:{{< release >}}-nvidia /boot/vmlinuz /usr/
 Now build the image and push it to the registry.
 
 ```bash
-DOCKER_BUILDKIT=0 docker build --squash --build-arg RM="/lib/modules" -t ghcr.io/talos-user/installer:{{< release >}}-nvidia .
+DOCKER_BUILDKIT=0 docker build --squash -t ghcr.io/talos-user/installer:{{< release >}}-nvidia .
 docker push ghcr.io/talos-user/installer:{{< release >}}-nvidia
 ```