-
-
Save Underknowledge/78bdf079469f3f5eb4d1dfb9419cc149 to your computer and use it in GitHub Desktop.
| #!/usr/bin/env bash | |
| # set -x | |
| Git_status=$(curl --silent -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/umlaeute/v4l2loopback/tags" ) | |
| TAR_dl=$( echo "${Git_status}" | jq -r ".[].tarball_url" | head -n1) | |
| TAR_v=$( echo "${Git_status}" | jq -r ".[].name" | head -n1) | |
| build_dir="${build_dir:-/usr/src/v4l2loopback-"${TAR_v}"}" | |
| tmp_dir="${tmp_dir:-/tmp}" | |
| mokutil_out_dir="${mokutil_out_dir:-/root/.ssh/mokutil-module-signing}" | |
| mokutil_509key_pass=$(cat "${mokutil_out_dir}"/.openssl_pass) | |
| mokutil_509key_pass="${mokutil_509key_pass:-$(openssl rand -hex 6)}" | |
| # https://github.com/umlaeute/v4l2loopback/issues/394 | |
| # https://unix.stackexchange.com/questions/445772/how-to-add-a-public-key-into-system-keyring-for-kernel-without-recompile | |
| # https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/#sect-signing-kernel-modules-for-secure-boot | |
| # ToDo: | |
| # - Maybe systemd service, needs testing | |
| source /etc/os-release || source /usr/lib/os-release | |
| case ${ID,,} in | |
| *suse*) pkg_mgr_cmd="zypper -n in"; sign_file_dir="/usr/src/linux-obj/x86_64/default/scripts" ;; | |
| centos|rhel|fedora) pkg_mgr_cmd="dnf install -y"; pkg_check_cmd="rpm -qa" ;; | |
| ubuntu|debian) pkg_mgr_cmd="apt-get install -y"; pkg_check_cmd="dpkg-query -l" ;; | |
| # Gentoo needs to have version set since it's rolling | |
| gentoo) pkg_mgr_cmd="emerge --jobs=4"; export VERSION="rolling" ;; | |
| *) warn "unsupported distribution: ${ID,,}" ;; | |
| esac | |
| function info { echo -e "\e[32m[info] $*\e[39m"; } | |
| function warn { echo -e "\e[33m[warn] $*\e[39m"; } | |
| function error { echo -e "\e[31m[error] $*\e[39m"; exit 1; } | |
| function check_install { ${pkg_check_cmd} "$*" | grep -q "$*" || ( ${pkg_mgr_cmd} "$*"; warn "you probably have to reboot" ; false ); } | |
| check_install kernel-headers | |
| check_install kernel-devel | |
| command -v openssl > /dev/null 2>&1 || ( warn "missing openssl"; ${pkg_mgr_cmd} openssl ) | |
| command -v jq > /dev/null 2>&1 || ( warn "missing jq"; ${pkg_mgr_cmd} jq ) | |
| command -v curl > /dev/null 2>&1 || ( warn "missing curl"; ${pkg_mgr_cmd} curl ) | |
| command -v mokutil > /dev/null 2>&1 || ( warn "missing mokutil" ; ${pkg_mgr_cmd} mokutil ) | |
| function check_key () { | |
| if [ -f "${mokutil_out_dir}"/MOK.priv ]; then | |
| info "probing MOK.der" | |
| if mokutil --test-key "${mokutil_out_dir}/MOK.der" | grep -q "already enrolled"; then | |
| info "The Key is already trusted" | |
| install_v4l2loopback | |
| else | |
| warn "info the key exist but is not trusted yet, reimporting it because it does not hurt. You missing a reboot?" | |
| import_trust | |
| fi | |
| else | |
| info "Generating keys to sign" | |
| mokutil_setup | |
| fi | |
| } | |
| function signing_ko () { | |
| export KBUILD_SIGN_PIN="${mokutil_509key_pass}" | |
| sign_file_dir="${sign_file_dir:-/usr/src/kernels/"$(uname -r)"/scripts}" | |
| if [[ -f /lib/modules/"$(uname -r)"/extra/v4l2loopback.ko.xz || -f /lib/modules/"$(uname -r)"/extra/v4l2loopback.ko ]]; then | |
| ko_folder="${ko_folder:-/lib/modules/$(uname -r)/extra}" | |
| elif [[ -f /lib/modules/"$(uname -r)"/extra/v4l2loopback/v4l2loopback.ko.xz || -f /lib/modules/"$(uname -r)"/extra/v4l2loopback/v4l2loopback.ko ]]; then | |
| ko_folder="${ko_folder:-/lib/modules/$(uname -r)/extra/v4l2loopback}" | |
| else | |
| warn "Can not locate the folder used for v4l2loopback.ko.xz to unxz and sign. Find the file and try to set the var 'ko_folder'" | |
| fi | |
| if [[ ! -f "${ko_folder}"/v4l2loopback.ko.xz || ! -f "${ko_folder}"/v4l2loopback.ko ]]; then | |
| warn "there might be no file to sign. Please check ${ko_folder}" ; ko_folder="${ko_folder:-/lib/modules/$(uname -r)/extra}" | |
| fi | |
| info "Cert Password:" | |
| info "$mokutil_509key_pass" | |
| unxz -f "${ko_folder}/v4l2loopback.ko.xz" | |
| ${sign_file_dir}/sign-file sha256 "${mokutil_out_dir}/MOK.priv" "${mokutil_out_dir}/MOK.der" "${build_dir}/v4l2loopback.ko" && info "${build_dir}/v4l2loopback.ko" | |
| ${sign_file_dir}/sign-file sha256 "${mokutil_out_dir}/MOK.priv" "${mokutil_out_dir}/MOK.der" "${ko_folder}/v4l2loopback.ko" && info "${ko_folder}/v4l2loopback.ko" | |
| xz -f "${ko_folder}/v4l2loopback.ko" | |
| info "finished signing_ko" | |
| } | |
| function mokutil_setup () { | |
| if [ ! -f "${mokutil_out_dir}"/MOK.priv ]; then | |
| info "Still no Private key found, Generating one" | |
| ( umask 077 && mkdir -p "${mokutil_out_dir}") | |
| name="$(hostname)_signing_key" | |
| echo "${mokutil_509key_pass}" > "${mokutil_out_dir}/.openssl_pass" | |
| openssl \ | |
| req -new -x509 \ | |
| -passin pass:"${mokutil_509key_pass}" \ | |
| -passout pass:"${mokutil_509key_pass}" \ | |
| -newkey rsa:2048 \ | |
| -keyout "${mokutil_out_dir}/MOK.priv" \ | |
| -outform DER \ | |
| -out "${mokutil_out_dir}/MOK.der" \ | |
| -days 31500 \ | |
| -subj "/CN=${name}/" \ | |
| -addext "extendedKeyUsage=codeSigning" || error "issue creating cert" | |
| openssl x509 -inform der -in "${mokutil_out_dir}"/MOK.der -out "${mokutil_out_dir}"/MOK.pem | |
| mkdir -p /usr/src/kernels/"$(uname -r)"/certs/ | |
| cat "${mokutil_out_dir}"/MOK.pem > /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem | |
| # cp "${mokutil_out_dir}"/MOK.der /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem | |
| chmod 600 "${mokutil_out_dir}"/MOK* | |
| chmod 600 "${mokutil_out_dir}"/.openssl_pass | |
| echo "The pasword for the x509 cert is: ${mokutil_509key_pass}" | |
| import_trust | |
| else | |
| echo "Private key already present" | |
| fi | |
| info "finished mokutil_setup" | |
| } | |
| function import_trust () { | |
| info "Enroling new cert" | |
| warn "Set a one-time import password, Make it memorablel, you have to type it into later" | |
| warn "for a example check https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4" | |
| mokutil --import "${mokutil_out_dir}"/MOK.der | |
| info "A Key has been generated and importet into mokutil" | |
| mokutil --list-new | |
| info "Now reboot your machine and import the certificate with the just typed password" | |
| exit 0 | |
| info "finished import_trust" | |
| } | |
| function install_v4l2loopback () { | |
| info "start install_v4l2loopback" | |
| curl -SL "${TAR_dl}" -o "${tmp_dir}"/v4l2loopback_"${TAR_v}".tar.gz | |
| mkdir -p "${build_dir}" | |
| tar xfv "${tmp_dir}"/v4l2loopback_"${TAR_v}".tar.gz --directory="${build_dir}" | |
| mv "${build_dir}"/umlaeute-v4l2loopback-*/* "${build_dir}"/. | |
| rm -r "${build_dir}"/umlaeute-v4l2loopback-* | |
| pushd "${build_dir}" || exit | |
| make clean | |
| make || build_failed | |
| mkdir -p /usr/src/kernels/"$(uname -r)"/certs/ | |
| if [[ -z "$skip_signing" ]]; then | |
| info "Cert Password:" | |
| info "$mokutil_509key_pass" | |
| export KBUILD_SIGN_PIN="${mokutil_509key_pass}" | |
| cp "${mokutil_out_dir}"/MOK.pem /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem | |
| chmod 444 /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem | |
| # info "stat file" | |
| # stat /usr/src/kernels/"$(uname -r)"/certs/signing_key.pem | |
| fi | |
| make install | |
| ls /lib/modules/"$(uname -r)"/extra/ | |
| if [[ -z "$skip_signing" ]]; then | |
| info "Now Manually singing" | |
| signing_ko | |
| fi | |
| popd || return | |
| depmod -a | |
| modprobe v4l2loopback | |
| modinfo v4l2loopback | |
| info "finished install_v4l2loopback" | |
| lsmod | grep -q v4l2loopback && info "v4l2loopback loaded!" | |
| } | |
| function slr_as_webcam () { | |
| # https://medium.com/nerdery/dslr-webcam-setup-for-linux-9b6d1b79ae22 | |
| command -v ffmpeg > /dev/null 2>&1 || ( warn "missing ffmpeg"; ${pkg_mgr_cmd} ffmpeg ) | |
| command -v gphoto2 > /dev/null 2>&1 || ( warn "missing gphoto2" ; ${pkg_mgr_cmd} gphoto2 ) | |
| # Best formats | |
| # https://stackoverflow.com/a/59574988 | |
| warn "quick 5s test" | |
| timeout 5 gphoto2 --stdout --capture-movie | ffmpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 "$(v4l2-ctl --list-devices | grep v4l2loopback -A 1 | grep -oe "/dev/video.*" | head -n 1)" | |
| # https://github.com/umlaeute/v4l2loopback/issues/391#issuecomment-800941494 | |
| echo "v4l2loopback" > /etc/modules-load.d/v4l2loopback.conf | |
| cat << EOF > /etc/modprobe.d/v4l2loopback.conf | |
| # Module options for v4l2loopback | |
| options v4l2loopback exclusive_caps=1,1 | |
| options v4l2loopback devices=2 | |
| options v4l2loopback max_buffers=2 | |
| options v4l2loopback video_nr=63,102 | |
| options v4l2loopback card_label="obs,slr" | |
| EOF | |
| info "Config to Automaticaly load Kernel module added" | |
| } | |
| function build_failed () { | |
| echo " | |
| When you see | |
| *** No rule to make target 'clean'. Stop. | |
| Probably kernel-headers and kernel do not have the same version… Install, reboot and try again! | |
| otherwise you could try running 'dnf donwgrade gcc' https://ask.fedoraproject.org/t/fedora-34-beta-and-oot-kmod-nvidia-virtualbox-v4l2loopback-etc/12778 | |
| " | |
| } | |
| function help () { | |
| echo " | |
| just run the script, reboot (you will have to type a pass you set) and run again! | |
| you can also run '$0 slr_as_webcam' to install tools you need to use a dslr as webcam | |
| " | |
| } | |
| if [ "$EUID" -ne 0 ] | |
| then error "Please run as root" | |
| else | |
| if [ "$#" -eq "1" ] | |
| then | |
| $1 | |
| exit 0 | |
| else | |
| if mokutil --sb-state | grep -q "SecureBoot enabled"; then | |
| grep -q "v4l2loopback" /proc/modules && info "v4l2loopback is loaded" || ( info "Secure boot is enabled and you have to setup singing" ; check_key) | |
| else | |
| warn "no need to sing Stuff!" | |
| export skip_signing=1 | |
| grep -q "v4l2loopback" /proc/modules || install_v4l2loopback | |
| fi | |
| fi | |
| fi |
@2ndBillGates maybe, could you setup a copr repo?
@domrany64 Well, this is not a repo, it is just a gist, but you're right. should move this to one.
More or less just execute it.
The script checks for certain stuff (Is the module loaded, secure-boot enabled, is there a key, generated from the script and so on) and then does things in the right order.
- first run it, it will prompt you to do a reboot and enrol the key.
- After a reboot run it again, it will install the module
- then optional, run the script with the argument
slr_as_webcamwhen you want to have the module automatically loaded and have 2 devices to be used with OBS.
Whenever you installed a newer kernel version, you have to rerun the script.
Hello,
I am running Fedora 36 on Surface-Linux kernel.
uname -r 5.17.12-1.surface.fc36.x86_64
ls /lib/modules/$(uname -r)
ls /lib/modules/$(uname -r)/extra v4l2loopback
Error while running modprobe - modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service
Error While Installation:
/usr/src/v4l2loopback-v0.12.7
/home/boffice/tmp/cam rm -f *~ rm -f Module.symvers Module.markers modules.order make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 clean make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make[1]: *** No rule to make target 'clean'. Stop. make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make: *** [Makefile:63: clean] Error 2 Building v4l2-loopback driver... make -C /lib/modules/uname -r`/build M=/usr/src/v4l2loopback-v0.12.7 modules
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'```
make: *** [Makefile:43: v4l2loopback.ko] Error 2
When you see
*** No rule to make target 'clean'. Stop.
Probably kernel-headers and kernel do not have the same version… Install, reboot and try again!
otherwise you could try running 'dnf donwgrade gcc' https://ask.fedoraproject.org/t/fedora-34-beta-and-oot-kmod-nvidia-virtualbox-v4l2loopback-etc/12778
[info] Cert Password:
[info] 8c2c882e4c6e
make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 modules_install
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules_install'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make: *** [Makefile:47: install] Error 2
v4l2loopback
[info] Now Manually singing
[warn] there might be no file to sign. Please check /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback
[info] Cert Password:
[info] 8c2c882e4c6e
./key.sh: line 74: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
./key.sh: line 75: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
[info] finished signing_ko
/home/boffice/tmp/cam
modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service
filename: /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback/v4l2loopback.ko.xz
license: GPL
author: Vasily Levin, IOhannes m zmoelnig [email protected],Stefan Diewald,Anton Novikovet al.
description: V4L2 loopback video device
rhelversion: 9.99
depends: videodev
retpoline: Y
name: v4l2loopback
vermagic: 5.17.12-1.surface.fc36.x86_64 SMP preempt mod_unload
parm: debug:debugging level (higher values == more verbose) (int)
parm: max_buffers:how many buffers should be allocated (int)
parm: max_openers:how many users can open loopback device (int)
parm: devices:how many devices should be created (int)
parm: video_nr:video device numbers (-1=auto, 0=/dev/video0, etc.) (array of int)
parm: card_label:card labels for every device (array of charp)
parm: exclusive_caps:whether to announce OUTPUT/CAPTURE capabilities exclusively or not (array of bool)
parm: max_width:maximum frame width (int)
parm: max_height:maximum frame height (int)
Hello, I am running Fedora 36 on Surface-Linux kernel.
uname -r5.17.12-1.surface.fc36.x86_64ls /lib/modules/$(uname -r)
bls.conf config kernel modules.alias.bin modules.builtin.alias.bin modules.builtin.modinfo modules.dep.bin modules.order modules.symbols source vmlinuz build extra modules.alias modules.builtin modules.builtin.bin modules.dep modules.devname modules.softdep modules.symbols.bin System.map
ls /lib/modules/$(uname -r)/extrav4l2loopbackError while running modprobe -
modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by serviceError While Installation:
/usr/src/v4l2loopback-v0.12.7
/home/boffice/tmp/cam rm -f *~ rm -f Module.symvers Module.markers modules.order make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 clean make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make[1]: *** No rule to make target 'clean'. Stop. make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64' make: *** [Makefile:63: clean] Error 2 Building v4l2-loopback driver... make -C /lib/modules/uname -r`/build M=/usr/src/v4l2loopback-v0.12.7 modules
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'```
make: *** [Makefile:43: v4l2loopback.ko] Error 2When you see *** No rule to make target 'clean'. Stop. Probably kernel-headers and kernel do not have the same version… Install, reboot and try again! otherwise you could try running 'dnf donwgrade gcc' https://ask.fedoraproject.org/t/fedora-34-beta-and-oot-kmod-nvidia-virtualbox-v4l2loopback-etc/12778[info] Cert Password:
[info] 8c2c882e4c6e
make -C /lib/modules/uname -r/build M=/usr/src/v4l2loopback-v0.12.7 modules_install
make[1]: Entering directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make[1]: *** No rule to make target 'modules_install'. Stop.
make[1]: Leaving directory '/usr/src/kernels/5.17.12-1.surface.fc36.x86_64'
make: *** [Makefile:47: install] Error 2
v4l2loopback
[info] Now Manually singing
[warn] there might be no file to sign. Please check /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback
[info] Cert Password:
[info] 8c2c882e4c6e
./key.sh: line 74: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
./key.sh: line 75: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
[info] finished signing_ko
/home/boffice/tmp/cam
modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by service
filename: /lib/modules/5.17.12-1.surface.fc36.x86_64/extra/v4l2loopback/v4l2loopback.ko.xz
license: GPL
author: Vasily Levin, IOhannes m zmoelnig [email protected],Stefan Diewald,Anton Novikovet al.
description: V4L2 loopback video device
rhelversion: 9.99
depends: videodev
retpoline: Y
name: v4l2loopback
vermagic: 5.17.12-1.surface.fc36.x86_64 SMP preempt mod_unload
parm: debug:debugging level (higher values == more verbose) (int)
parm: max_buffers:how many buffers should be allocated (int)
parm: max_openers:how many users can open loopback device (int)
parm: devices:how many devices should be created (int)
parm: video_nr:video device numbers (-1=auto, 0=/dev/video0, etc.) (array of int)
parm: card_label:card labels for every device (array of charp)
parm: exclusive_caps:whether to announce OUTPUT/CAPTURE capabilities exclusively or not (array of bool)
parm: max_width:maximum frame width (int)
parm: max_height:maximum frame height (int)
I'm also using fedora 36 and surface kernel
It appears that your module is still not signed yet. also you don't have the sign-file script in your system.
./key.sh: line 74: /usr/src/kernels/5.17.12-1.surface.fc36.x86_64/scripts/sign-file: No such file or directory
Have you installed package kernel-surface-devel yet?
once you're installed try to manual sign the module with the step I provided above.
I had posted more details in this thread as well, look it up.
Also, if you want to install module to Surface Kernel. check this out
https://github.com/linux-surface/linux-surface/issues/803#issuecomment-1128410963
sorry for the broken link
Here
There is no README on this repo, so I have to ask what is the procedure to install
v4l2loopbackproperly?I'm trying to use the plugin on OBS studio by installing it on Fedora 36 simply using
dnf install v4l2loopbackHowever, after installation, when I try to use it, it throws the error:
modprobe: ERROR: could not insert 'v4l2loopback': Key was rejected by serviceBy searching the web, I found your repo. But I don't know what are the steps!
Saving your script and running it, then reboot the system, and then what?