chore: use fixed module list

Use a fixed list of modules to copy into Talos initramfs.

This makes sure we can still enable thing in Talos kernel as modules but
not ship it as default in Talos (extra modules could be extensions).

Also fixes: #7341

Signed-off-by: Noel Georgi <git@frezbo.dev>

Dockerfile

@@ -482,13 +482,41 @@ LABEL org.opencontainers.image.source https://github.com/siderolabs/talos
 ENTRYPOINT ["/talosctl"]
 
 # The kernel target is the linux kernel.
-
 FROM scratch AS kernel
 ARG TARGETARCH
 COPY --from=pkg-kernel /boot/vmlinuz /vmlinuz-${TARGETARCH}
 
-# The rootfs target provides the Talos rootfs.
+FROM tools AS depmod-amd64
+WORKDIR /staging
+COPY hack/modules-amd64.txt .
+COPY --from=pkg-kernel-amd64 /lib/modules lib/modules
+RUN <<EOF
+KERNEL_VERSION=$(ls lib/modules)
 
+xargs -a modules-amd64.txt -I {} install -D lib/modules/${KERNEL_VERSION}/{} /build/lib/modules/${KERNEL_VERSION}/{}
+
+depmod -b /build ${KERNEL_VERSION}
+EOF
+
+FROM scratch AS modules-amd64
+COPY --from=depmod-amd64 /build/lib/modules /lib/modules
+
+FROM tools AS depmod-arm64
+WORKDIR /staging
+COPY hack/modules-arm64.txt .
+COPY --from=pkg-kernel-arm64 /lib/modules lib/modules
+RUN <<EOF
+KERNEL_VERSION=$(ls lib/modules)
+
+xargs -a modules-arm64.txt -I {} install -D lib/modules/${KERNEL_VERSION}/{} /build/lib/modules/${KERNEL_VERSION}/{}
+
+depmod -b /build ${KERNEL_VERSION}
+EOF
+
+FROM scratch AS modules-arm64
+COPY --from=depmod-arm64 /build/lib/modules /lib/modules
+
+# The rootfs target provides the Talos rootfs.
 FROM build AS rootfs-base-amd64
 COPY --from=pkg-fhs / /rootfs
 COPY --from=pkg-ca-certificates / /rootfs
@@ -513,7 +541,7 @@ COPY --from=pkg-util-linux-amd64 /lib/libuuid.* /rootfs/lib/
 COPY --from=pkg-util-linux-amd64 /lib/libmount.* /rootfs/lib/
 COPY --from=pkg-kmod-amd64 /usr/lib/libkmod.* /rootfs/lib/
 COPY --from=pkg-kmod-amd64 /usr/bin/kmod /rootfs/sbin/modprobe
-COPY --from=pkg-kernel-amd64 /lib/modules /rootfs/lib/modules
+COPY --from=modules-amd64 /lib/modules /rootfs/lib/modules
 COPY --from=machined-build-amd64 /machined /rootfs/sbin/init
 # the orderly_poweroff call by the kernel will call '/sbin/poweroff'
 RUN ln /rootfs/sbin/init /rootfs/sbin/poweroff
@@ -567,7 +595,7 @@ COPY --from=pkg-util-linux-arm64 /lib/libuuid.* /rootfs/lib/
 COPY --from=pkg-util-linux-arm64 /lib/libmount.* /rootfs/lib/
 COPY --from=pkg-kmod-arm64 /usr/lib/libkmod.* /rootfs/lib/
 COPY --from=pkg-kmod-arm64 /usr/bin/kmod /rootfs/sbin/modprobe
-COPY --from=pkg-kernel-arm64 /lib/modules /rootfs/lib/modules
+COPY --from=modules-amd64 /lib/modules /rootfs/lib/modules
 COPY --from=machined-build-arm64 /machined /rootfs/sbin/init
 # the orderly_poweroff call by the kernel will call '/sbin/poweroff'
 RUN ln /rootfs/sbin/init /rootfs/sbin/poweroff
@@ -804,7 +832,7 @@ ONBUILD RUN xz -d /usr/install/${TARGETARCH}/initramfs.xz \
     && rm /usr/install/${TARGETARCH}/initramfs \
     && rm rootfs.sqsh
 ONBUILD COPY --from=customization / /rootfs
-ONBUILD RUN find /rootfs \
+ONBUILD RUN depmod -b /rootfs $(ls /rootfs/lib/modules) \
     && mksquashfs /rootfs rootfs.sqsh -all-root -noappend -comp xz -Xdict-size 100% -no-progress \
     && set -o pipefail && find . 2>/dev/null | cpio -H newc -o | xz -v -C crc32 -0 -e -T 0 -z >/usr/install/${TARGETARCH}/initramfs.xz \
     && rm -rf /rootfs \

Makefile

@@ -14,7 +14,7 @@ NAME = Talos
 
 ARTIFACTS := _out
 TOOLS ?= ghcr.io/siderolabs/tools:v1.5.0-alpha.0-14-ge0c76c0
-PKGS ?= v1.5.0-alpha.0-23-ga859f4f
+PKGS ?= v1.5.0-alpha.0-24-g1eefa66
 EXTRAS ?= v1.5.0-alpha.0-1-ga73d524
 # renovate: datasource=github-tags depName=golang/go
 GO_VERSION ?= 1.20

hack/modules-amd64.txt

@@ -0,0 +1,18 @@
+kernel/drivers/infiniband/sw/rxe/rdma_rxe.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_core.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko
+kernel/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxfw/mlxfw.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_i2c.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_minimal.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_pci.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_spectrum.ko
+kernel/drivers/virtio/virtio_balloon.ko
+kernel/drivers/virtio/virtio_input.ko
+kernel/drivers/virtio/virtio_mmio.ko
+kernel/drivers/virtio/virtio_pci.ko
+kernel/drivers/virtio/virtio_pci_legacy_dev.ko
+kernel/drivers/virtio/virtio_pci_modern_dev.ko
+kernel/lib/objagg.ko
+kernel/lib/parman.ko

hack/modules-arm64.txt

@@ -0,0 +1,14 @@
+kernel/drivers/infiniband/sw/rxe/rdma_rxe.ko
+kernel/drivers/irqchip/irq-imx-mu-msi.ko
+kernel/drivers/mailbox/bcm-flexrm-mailbox.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_core.ko
+kernel/drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko
+kernel/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxfw/mlxfw.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_core.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_i2c.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_minimal.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_pci.ko
+kernel/drivers/net/ethernet/mellanox/mlxsw/mlxsw_spectrum.ko
+kernel/lib/objagg.ko
+kernel/lib/parman.ko

pkg/machinery/gendata/data/pkgs

@@ -1 +1 @@
-v1.5.0-alpha.0-23-ga859f4f
+v1.5.0-alpha.0-24-g1eefa66

website/content/v1.5/talos-guides/configuration/nvidia-gpu-proprietary.md

@@ -64,7 +64,7 @@ COPY --from=ghcr.io/talos-user/kernel:{{< release >}}-nvidia /boot/vmlinuz /usr/
 Now build the image and push it to the registry.
 
 ```bash
-DOCKER_BUILDKIT=0 docker build --squash --build-arg RM="/lib/modules" -t ghcr.io/talos-user/installer:{{< release >}}-nvidia .
+DOCKER_BUILDKIT=0 docker build --squash -t ghcr.io/talos-user/installer:{{< release >}}-nvidia .
 docker push ghcr.io/talos-user/installer:{{< release >}}-nvidia
 ```