rpms / dracut

Clone
Source Code
GIT

Blame 0015-dracut.sh-do-not-strip-in-FIPS-mode.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   f8c4a0f4e5e46e7b415502f39eb98c7f261086a3
  2.   0015-dracut.sh-do-not-strip-in-FIPS-mode.patch
Blob History Raw
Harald Hoyer f8c4a0 
From 5ae33613ab3145db12f21bca491d97832160cc1a Mon Sep 17 00:00:00 2001
Harald Hoyer f8c4a0 
From: Harald Hoyer <harald@redhat.com>
Harald Hoyer f8c4a0 
Date: Tue, 6 Aug 2013 11:43:58 +0200
Harald Hoyer f8c4a0 
Subject: [PATCH] dracut.sh: do not strip in FIPS mode
Harald Hoyer f8c4a0
Harald Hoyer f8c4a0 
---
Harald Hoyer f8c4a0 
 dracut.sh | 22 ++++------------------
Harald Hoyer f8c4a0 
 1 file changed, 4 insertions(+), 18 deletions(-)
Harald Hoyer f8c4a0
Harald Hoyer f8c4a0 
diff --git a/dracut.sh b/dracut.sh
Harald Hoyer f8c4a0 
index e119bd2..4ef71f3 100755
Harald Hoyer f8c4a0 
--- a/dracut.sh
Harald Hoyer f8c4a0 
+++ b/dracut.sh
Harald Hoyer f8c4a0 
@@ -1209,25 +1209,11 @@ if [[ $do_strip = yes ]] ; then
Harald Hoyer f8c4a0 
     done
Harald Hoyer f8c4a0 
 fi
Harald Hoyer f8c4a0
Harald Hoyer f8c4a0 
-if [[ $do_strip = yes ]] ; then
Harald Hoyer f8c4a0 
+if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
Harald Hoyer f8c4a0 
     dinfo "*** Stripping files ***"
Harald Hoyer f8c4a0 
-    if [[ $DRACUT_FIPS_MODE ]]; then
Harald Hoyer f8c4a0 
-        find "$initdir" -type f \
Harald Hoyer f8c4a0 
-            -executable -not -path '*/lib/modules/*.ko' -print0 \
Harald Hoyer f8c4a0 
-            | while read -r -d $'\0' f; do
Harald Hoyer f8c4a0 
-            if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \
Harald Hoyer f8c4a0 
-                && ! [[ -e "/lib/hmaccalc/${f##*/}.hmac" ]] \
Harald Hoyer f8c4a0 
-                && ! [[ -e "/lib64/hmaccalc/${f##*/}.hmac" ]] \
Harald Hoyer f8c4a0 
-                && ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \
Harald Hoyer f8c4a0 
-                && ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then
Harald Hoyer f8c4a0 
-                printf "%s\000" "$f";
Harald Hoyer f8c4a0 
-            fi
Harald Hoyer f8c4a0 
-        done | xargs -r -0 strip -g 2>/dev/null
Harald Hoyer f8c4a0 
-    else
Harald Hoyer f8c4a0 
-        find "$initdir" -type f \
Harald Hoyer f8c4a0 
-            -executable -not -path '*/lib/modules/*.ko' -print0 \
Harald Hoyer f8c4a0 
-            | xargs -r -0 strip -g 2>/dev/null
Harald Hoyer f8c4a0 
-    fi
Harald Hoyer f8c4a0 
+    find "$initdir" -type f \
Harald Hoyer f8c4a0 
+        -executable -not -path '*/lib/modules/*.ko' -print0 \
Harald Hoyer f8c4a0 
+        | xargs -r -0 strip -g 2>/dev/null
Harald Hoyer f8c4a0
Harald Hoyer f8c4a0 
     # strip kernel modules, but do not touch signed modules
Harald Hoyer f8c4a0 
     find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation