fix(modules): strip inline comments in modules.list parser
Some checks failed
ARM64 Build / Build generic ARM64 disk image (push) Failing after 5s
CI / Go Tests (push) Successful in 2m35s
CI / Shellcheck (push) Successful in 1m23s
CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Successful in 1m53s
CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Successful in 1m47s
Some checks failed
ARM64 Build / Build generic ARM64 disk image (push) Failing after 5s
CI / Go Tests (push) Successful in 2m35s
CI / Shellcheck (push) Successful in 1m23s
CI / Build Go Binaries (amd64, linux, linux-amd64) (push) Successful in 1m53s
CI / Build Go Binaries (arm64, linux, linux-arm64) (push) Successful in 1m47s
3bcf2e1 added nft_numgen / nft_hash / nft_limit / nft_log to both module
lists but in a format the inject parser doesn't handle:
nft_numgen # numgen random/inc mod N vmap — Service endpoint LB
The parser's only comment skip is `case "$mod" in \#*|"") continue ;;`
which matches lines STARTING with #, not lines with inline #-comments.
So each new line was passed to modprobe verbatim as a single (invalid)
module name, modprobe returned nonzero, and the .ko never made it into
the initramfs. ls'ing the rootfs after the rootfs rebuild confirmed:
ls .../lib/modules/*/kernel/net/netfilter/ | grep nft_numgen
<empty>
Two changes:
1. Strip inline comments from the new entries in modules.list and
modules-arm64.list. Each module name on its own line, matching the
convention the rest of the file uses.
2. Harden the parser in inject-kubesolo.sh to handle "name # comment"
regardless. Single-line tweak: `mod="${mod%%#*}"` before the
continue check. Prevents a future contributor's inline doc from
silently dropping a module the same way.
After rebuilding the rootfs on the Odroid (no kernel rebuild needed —
this is a rootfs-only change), the four .ko files should appear at
build/rootfs-work/rootfs/lib/modules/*/kernel/net/netfilter/.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>This commit is contained in:
@@ -60,10 +60,12 @@ nft_fib_ipv6
|
||||
# Loading these at boot (stage 30) is mandatory because stage 85 sets
|
||||
# kernel.modules_disabled=1, which would otherwise block kube-proxy from
|
||||
# auto-loading them on first rule install.
|
||||
nft_numgen # numgen random/inc mod N vmap — Service endpoint LB
|
||||
nft_hash # hash — consistent-hash LB for sessionAffinity=ClientIP
|
||||
nft_limit # rate-limit expression
|
||||
nft_log # log expression
|
||||
# (Note: list parser only honours full-line "#"-prefixed comments, NOT
|
||||
# inline "module # comment". Keep module names on their own line.)
|
||||
nft_numgen
|
||||
nft_hash
|
||||
nft_limit
|
||||
nft_log
|
||||
|
||||
# Reject targets (used by kube-proxy iptables-restore rules)
|
||||
nf_reject_ipv4
|
||||
|
||||
@@ -56,10 +56,11 @@ nft_fib_ipv6
|
||||
|
||||
# nft expressions used by the Kubernetes 1.34+ nftables kube-proxy backend.
|
||||
# Must be loaded at stage 30 because stage 85 sets modules_disabled=1.
|
||||
nft_numgen # numgen random/inc mod N vmap — Service endpoint LB
|
||||
nft_hash # hash — consistent-hash LB for sessionAffinity=ClientIP
|
||||
nft_limit # rate-limit expression
|
||||
nft_log # log expression
|
||||
# (Parser ignores full-line "#" comments only — keep module names alone.)
|
||||
nft_numgen
|
||||
nft_hash
|
||||
nft_limit
|
||||
nft_log
|
||||
|
||||
# Reject targets (used by kube-proxy iptables-restore rules)
|
||||
nf_reject_ipv4
|
||||
|
||||
Reference in New Issue
Block a user