PiMaker · January 7, 2021 09:58
diff --git a/update-pve-edge-kernel-vendor-reset.sh b/update-pve-edge-kernel-vendor-reset.sh
 #!/bin/bash

 set -e

 # Install or update the latest version of pve-edge-kernel[0] and the AMD Navi
 # reset fix module 'vendor-reset'[1]. Run periodically to keep up to date.
 #
 # [0] https://github.com/fabianishere/pve-edge-kernel
 # [1] https://github.com/gnif/vendor-reset

 if [ $UID -ne 0 ]; then
  echo "Must run as root."
  exit 1
 fi


 echo "== Ensuring dependencies are installed =="
 apt-get install pve-headers dkms jq


 echo -e "\n== Downloading latest pve-edge-kernel =="

 BASE=$(pwd)
 DIR=$(mktemp -p . -d)
 cd "$DIR" || exit 1
 echo "Working directory: $DIR"

 cleanup() {
  cd "$BASE"
  echo
  read -r -p "Clean up download temp directory ($DIR)? [y/N] " resp
  if [[ "${resp,,}" =~ ^(yes|y)$ ]]; then
    rm -rf "$DIR"
  fi
 }
 trap cleanup EXIT

 echo "Downloading packages from GitHub..."
 wget -q -i \
  <(curl -s https://api.github.com/repos/fabianishere/pve-edge-kernel/releases/latest | \
    jq -r '.assets[].browser_download_url' | \
    grep -E 'linux-tools|pve-edge-headers|pve-edge-kernel.*zen|pve-kernel-libc-dev')

 KERNVER=""

 echo "Downloaded the following packages:"
 for p in ./*.deb; do
  echo -n " => $p"
  if [[ "$p" =~ pve-edge-kernel ]]; then
    KERNVER=$(echo "$p" | grep -Po '(?<=pve-edge-kernel-)\d+\.\d+\.\d+(-\d+)?')
    echo -n " (detected kernel: $KERNVER)"
  fi
  echo
 done

 read -r -p "Continue with installation? [y/N] " resp
 if ! [[ "${resp,,}" =~ ^(yes|y)$ ]]; then
  exit 1
 fi

 apt-get -y install ./*.deb

 echo -e "\n== Adding kernel to pve-efiboot-tool =="
 echo "Cleanup old kernel entry..."
 pve-efiboot-tool kernel remove $(pve-efiboot-tool kernel list | sed -n '2p') || true
 echo "Adding latest..."
 pve-efiboot-tool kernel add "$KERNVER"

 echo -e "\n== Patching AppArmor =="
 if grep -q 'PATCHED!' /etc/apparmor/parser.conf; then
  echo "Already patched!"
 else
  echo "Overwriting existing '/etc/apparmor/parser.conf'!"
  echo "Backup will be in '/etc/apparmor/parser.conf.pve'"
  mv /etc/apparmor/parser.conf /etc/apparmor/parser.conf.pve
  cat <<'EOF' >/etc/apparmor/parser.conf
 # PATCHED!
 # by update_kernel.sh
 features-file=/usr/share/apparmor-features/features.stock
 EOF
 fi

 cd ..


 echo -e "\n== Retrieving latest vendor-reset module =="

 if ! [[ -d "./vendor-reset" ]]; then
  echo "Repo not found, cloning..."
  git clone https://github.com/gnif/vendor-reset
 fi

 cd "./vendor-reset" || exit 1

 echo "Updating to latest master..."
 git pull --ff-only origin master

 echo -e "\n== Installing using dkms... =="

 echo "Removing old dkms installs (it's okay if this fails)..."
 dkms remove "vendor-reset/$(dkms status vendor-reset | \
  awk '{print substr($2, 1, length($2)-1)}')" --all || true

 echo "Installing new version..."
 dkms install . -k "$KERNVER"

 echo "Patching '/etc/modules'..."
 if grep -q 'vendor-reset' /etc/modules; then
  echo "Already patched!"
 else
  echo "Appending to existing '/etc/modules'..."
  echo -e "\nvendor-reset" >> /etc/modules
 fi


 echo -e "\n== Rebuilding initramfs =="
 update-initramfs -u -k "$KERNVER"


 echo -e "\n== Applying Windows guest MSR fix =="
 cat <<'EOF' > /etc/modprobe.d/kvm-msrs.conf
 options kvm ignore_msrs=1
 options kvm report_ignored_msrs=0
 EOF
 echo "Created '/etc/modprobe.d/kvm-msrs.conf'!"


 echo -e "\n== Done! Reboot to see changes ('uname -a' and 'lsmod' are your friends) =="
	#!/bin/bash

	set -e

	# Install or update the latest version of pve-edge-kernel[0] and the AMD Navi
	# reset fix module 'vendor-reset'[1]. Run periodically to keep up to date.
	#
	# [0] https://github.com/fabianishere/pve-edge-kernel
	# [1] https://github.com/gnif/vendor-reset

	if [ $UID -ne 0 ]; then
	echo "Must run as root."
	exit 1
	fi


	echo "== Ensuring dependencies are installed =="
	apt-get install pve-headers dkms jq


	echo -e "\n== Downloading latest pve-edge-kernel =="

	BASE=$(pwd)
	DIR=$(mktemp -p . -d)
	cd "$DIR" \|\| exit 1
	echo "Working directory: $DIR"

	cleanup() {
	cd "$BASE"
	echo
	read -r -p "Clean up download temp directory ($DIR)? [y/N] " resp
	if [[ "${resp,,}" =~ ^(yes\|y)$ ]]; then
	rm -rf "$DIR"
	fi
	}
	trap cleanup EXIT

	echo "Downloading packages from GitHub..."
	wget -q -i \
	<(curl -s https://api.github.com/repos/fabianishere/pve-edge-kernel/releases/latest \| \
	jq -r '.assets[].browser_download_url' \| \
	grep -E 'linux-tools\|pve-edge-headers\|pve-edge-kernel.*zen\|pve-kernel-libc-dev')

	KERNVER=""

	echo "Downloaded the following packages:"
	for p in ./*.deb; do
	echo -n " => $p"
	if [[ "$p" =~ pve-edge-kernel ]]; then
	KERNVER=$(echo "$p" \| grep -Po '(?<=pve-edge-kernel-)\d+\.\d+\.\d+(-\d+)?')
	echo -n " (detected kernel: $KERNVER)"
	fi
	echo
	done

	read -r -p "Continue with installation? [y/N] " resp
	if ! [[ "${resp,,}" =~ ^(yes\|y)$ ]]; then
	exit 1
	fi

	apt-get -y install ./*.deb

	echo -e "\n== Adding kernel to pve-efiboot-tool =="
	echo "Cleanup old kernel entry..."
	pve-efiboot-tool kernel remove $(pve-efiboot-tool kernel list \| sed -n '2p') \|\| true
	echo "Adding latest..."
	pve-efiboot-tool kernel add "$KERNVER"

	echo -e "\n== Patching AppArmor =="
	if grep -q 'PATCHED!' /etc/apparmor/parser.conf; then
	echo "Already patched!"
	else
	echo "Overwriting existing '/etc/apparmor/parser.conf'!"
	echo "Backup will be in '/etc/apparmor/parser.conf.pve'"
	mv /etc/apparmor/parser.conf /etc/apparmor/parser.conf.pve
	cat <<'EOF' >/etc/apparmor/parser.conf
	# PATCHED!
	# by update_kernel.sh
	features-file=/usr/share/apparmor-features/features.stock
	EOF
	fi

	cd ..


	echo -e "\n== Retrieving latest vendor-reset module =="

	if ! [[ -d "./vendor-reset" ]]; then
	echo "Repo not found, cloning..."
	git clone https://github.com/gnif/vendor-reset
	fi

	cd "./vendor-reset" \|\| exit 1

	echo "Updating to latest master..."
	git pull --ff-only origin master

	echo -e "\n== Installing using dkms... =="

	echo "Removing old dkms installs (it's okay if this fails)..."
	dkms remove "vendor-reset/$(dkms status vendor-reset \| \
	awk '{print substr($2, 1, length($2)-1)}')" --all \|\| true

	echo "Installing new version..."
	dkms install . -k "$KERNVER"

	echo "Patching '/etc/modules'..."
	if grep -q 'vendor-reset' /etc/modules; then
	echo "Already patched!"
	else
	echo "Appending to existing '/etc/modules'..."
	echo -e "\nvendor-reset" >> /etc/modules
	fi


	echo -e "\n== Rebuilding initramfs =="
	update-initramfs -u -k "$KERNVER"


	echo -e "\n== Applying Windows guest MSR fix =="
	cat <<'EOF' > /etc/modprobe.d/kvm-msrs.conf
	options kvm ignore_msrs=1
	options kvm report_ignored_msrs=0
	EOF
	echo "Created '/etc/modprobe.d/kvm-msrs.conf'!"


	echo -e "\n== Done! Reboot to see changes ('uname -a' and 'lsmod' are your friends) =="