From bc3300e7e7765c65bb98e66b0adbf499ee130033 Mon Sep 17 00:00:00 2001 From: Adolfo Delorenzo Date: Fri, 15 May 2026 15:10:09 -0600 Subject: [PATCH] fix(modules): strip inline comments in modules.list parser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 3bcf2e1 added nft_numgen / nft_hash / nft_limit / nft_log to both module lists but in a format the inject parser doesn't handle: nft_numgen # numgen random/inc mod N vmap — Service endpoint LB The parser's only comment skip is `case "$mod" in \#*|"") continue ;;` which matches lines STARTING with #, not lines with inline #-comments. So each new line was passed to modprobe verbatim as a single (invalid) module name, modprobe returned nonzero, and the .ko never made it into the initramfs. ls'ing the rootfs after the rootfs rebuild confirmed: ls .../lib/modules/*/kernel/net/netfilter/ | grep nft_numgen Two changes: 1. Strip inline comments from the new entries in modules.list and modules-arm64.list. Each module name on its own line, matching the convention the rest of the file uses. 2. Harden the parser in inject-kubesolo.sh to handle "name # comment" regardless. Single-line tweak: `mod="${mod%%#*}"` before the continue check. Prevents a future contributor's inline doc from silently dropping a module the same way. After rebuilding the rootfs on the Odroid (no kernel rebuild needed — this is a rootfs-only change), the four .ko files should appear at build/rootfs-work/rootfs/lib/modules/*/kernel/net/netfilter/. Co-Authored-By: Claude Opus 4.7 (1M context) --- build/config/modules-arm64.list | 10 ++++++---- build/config/modules.list | 9 +++++---- build/scripts/inject-kubesolo.sh | 11 ++++++++--- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/build/config/modules-arm64.list b/build/config/modules-arm64.list index 92ae51f..424ad9a 100644 --- a/build/config/modules-arm64.list +++ b/build/config/modules-arm64.list @@ -60,10 +60,12 @@ nft_fib_ipv6 # Loading these at boot (stage 30) is mandatory because stage 85 sets # kernel.modules_disabled=1, which would otherwise block kube-proxy from # auto-loading them on first rule install. -nft_numgen # numgen random/inc mod N vmap — Service endpoint LB -nft_hash # hash — consistent-hash LB for sessionAffinity=ClientIP -nft_limit # rate-limit expression -nft_log # log expression +# (Note: list parser only honours full-line "#"-prefixed comments, NOT +# inline "module # comment". Keep module names on their own line.) +nft_numgen +nft_hash +nft_limit +nft_log # Reject targets (used by kube-proxy iptables-restore rules) nf_reject_ipv4 diff --git a/build/config/modules.list b/build/config/modules.list index 983728b..405e259 100644 --- a/build/config/modules.list +++ b/build/config/modules.list @@ -56,10 +56,11 @@ nft_fib_ipv6 # nft expressions used by the Kubernetes 1.34+ nftables kube-proxy backend. # Must be loaded at stage 30 because stage 85 sets modules_disabled=1. -nft_numgen # numgen random/inc mod N vmap — Service endpoint LB -nft_hash # hash — consistent-hash LB for sessionAffinity=ClientIP -nft_limit # rate-limit expression -nft_log # log expression +# (Parser ignores full-line "#" comments only — keep module names alone.) +nft_numgen +nft_hash +nft_limit +nft_log # Reject targets (used by kube-proxy iptables-restore rules) nf_reject_ipv4 diff --git a/build/scripts/inject-kubesolo.sh b/build/scripts/inject-kubesolo.sh index 19d8fda..6ad3dd9 100755 --- a/build/scripts/inject-kubesolo.sh +++ b/build/scripts/inject-kubesolo.sh @@ -224,9 +224,14 @@ if [ -f "$CUSTOM_VMLINUZ" ] && [ -d "$CUSTOM_MODULES/lib/modules/$KVER" ]; then fi while IFS= read -r mod; do - # Skip comments and blank lines - case "$mod" in \#*|"") continue ;; esac - mod=$(echo "$mod" | xargs) # trim whitespace + # Strip any inline "# comment" tail before further processing — + # several entries in the upstream lists started carrying inline + # docs and silently broke module loading because modprobe got + # passed "name # comment" as the module name. + mod="${mod%%#*}" + # Skip blank-or-comment-only lines + case "$mod" in "") continue ;; esac + mod=$(echo "$mod" | xargs) # trim whitespace + collapse internal [ -z "$mod" ] && continue if [ "$MODPROBE_WORKS" = true ]; then