#!/bin/bash

if ! grep -qs "install algif_aead /bin/false" /etc/modprobe.d/disable-algif_aead.conf \
     && ! grep -qs "install algif_aead /bin/false" /etc/modprobe.d/eole-disable-algif_aead.conf
then
    echo "Disable algif_aead module due to CVE-2026-31431 (AKA copy.fail)"
    cat > /etc/modprobe.d/eole-disable-algif_aead.conf <<EOF
# Disable algif_aead module due to CVE-2026-31431 (AKA copy.fail)
# This will likely be re-enabled in a subsequent update once an updated
# kernel has been deployed.
# Blacklisting the module isn't sufficient, we need to do as below:
install algif_aead /bin/false
EOF
    rmmod algif_aead || /bin/true
fi

exit 0
