From c9a9968dfc7f8fb644909cbb52e27fe7312156a7 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Tue, 21 Aug 2012 15:01:08 +0200
Subject: [PATCH] fips: set /boot as symlink to /sysroot/boot if no boot=
 parameter

otherwise sha512hmac will error out with:

sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.
---
 modules.d/01fips/fips.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 67eefb8..324e062 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -45,23 +45,23 @@ mount_boot()
         mkdir /boot
         info "Mounting $boot as /boot"
         mount -oro "$boot" /boot || return 1
+    elif [ -d "$NEWROOT/boot" ]; then
+        rm -fr /boot
+        ln -sf "$NEWROOT/boot" /boot
     fi
 }
 
 do_fips()
 {
     info "Checking integrity of kernel"
-    newroot=$NEWROOT
     KERNEL=$(uname -r)
 
-    [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ] || unset newroot
-
-    if ! [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ]; then
-        warn "$newroot/boot/.vmlinuz-${KERNEL}.hmac does not exist"
+    if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
+        warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
         return 1
     fi
 
-    sha512hmac -c "$newroot/boot/.vmlinuz-${KERNEL}.hmac" || return 1
+    sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1
 
     FIPSMODULES=$(cat /etc/fipsmodules)