From c9a9968dfc7f8fb644909cbb52e27fe7312156a7 Mon Sep 17 00:00:00 2001

From: Harald Hoyer <harald@redhat.com>

Date: Tue, 21 Aug 2012 15:01:08 +0200

Subject: [PATCH] fips: set /boot as symlink to /sysroot/boot if no boot=

 parameter

otherwise sha512hmac will error out with:

sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac

Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.

---

 modules.d/01fips/fips.sh | 12 ++++++------

 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh

index 67eefb8..324e062 100755

--- a/modules.d/01fips/fips.sh

+++ b/modules.d/01fips/fips.sh

@@ -45,23 +45,23 @@ mount_boot()

         mkdir /boot

         info "Mounting $boot as /boot"

         mount -oro "$boot" /boot || return 1

+    elif [ -d "$NEWROOT/boot" ]; then

+        rm -fr /boot

+        ln -sf "$NEWROOT/boot" /boot

     fi

 }

 do_fips()

 {

     info "Checking integrity of kernel"

-    newroot=$NEWROOT

     KERNEL=$(uname -r)

-    [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ] || unset newroot

-

-    if ! [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ]; then

-        warn "$newroot/boot/.vmlinuz-${KERNEL}.hmac does not exist"

+    if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then

+        warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"

         return 1

     fi

-    sha512hmac -c "$newroot/boot/.vmlinuz-${KERNEL}.hmac" || return 1

+    sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1

     FIPSMODULES=$(cat /etc/fipsmodules)