f8c4a0f4e5
- lsinitrd.sh: add old cpio signature - dracut.sh: call find with -print0 and cpio with --null - dracut.asc: small corrections - systemd/dracut-initqueue.sh: continue to boot if finished failed - dracut.sh/dracut-functions.sh: handle root on non-block device - dracut-functions.sh: removed non dracut-install shell functions - dracut-functions.sh: inst_multiple == dracut_install - 51-dracut-rescue.install: fixed rescue image creation - dracut.sh: do not strip in FIPS mode Resolves: rhbz#990250 - dracut.sh: check the value of --kver - crypt: Fix typo--/etc/crypttab not /etc/cryptab - network/net-lib.sh: fix ibft interface configuration - iscsi/module-setup.sh: install some modules regardless of hostonly - multipath: need_shutdown if multipath devices exist Resolves: rhbz#994913 - omit drivers fix
44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
From 5ae33613ab3145db12f21bca491d97832160cc1a Mon Sep 17 00:00:00 2001
|
|
From: Harald Hoyer <harald@redhat.com>
|
|
Date: Tue, 6 Aug 2013 11:43:58 +0200
|
|
Subject: [PATCH] dracut.sh: do not strip in FIPS mode
|
|
|
|
---
|
|
dracut.sh | 22 ++++------------------
|
|
1 file changed, 4 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/dracut.sh b/dracut.sh
|
|
index e119bd2..4ef71f3 100755
|
|
--- a/dracut.sh
|
|
+++ b/dracut.sh
|
|
@@ -1209,25 +1209,11 @@ if [[ $do_strip = yes ]] ; then
|
|
done
|
|
fi
|
|
|
|
-if [[ $do_strip = yes ]] ; then
|
|
+if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
|
|
dinfo "*** Stripping files ***"
|
|
- if [[ $DRACUT_FIPS_MODE ]]; then
|
|
- find "$initdir" -type f \
|
|
- -executable -not -path '*/lib/modules/*.ko' -print0 \
|
|
- | while read -r -d $'\0' f; do
|
|
- if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \
|
|
- && ! [[ -e "/lib/hmaccalc/${f##*/}.hmac" ]] \
|
|
- && ! [[ -e "/lib64/hmaccalc/${f##*/}.hmac" ]] \
|
|
- && ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \
|
|
- && ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then
|
|
- printf "%s\000" "$f";
|
|
- fi
|
|
- done | xargs -r -0 strip -g 2>/dev/null
|
|
- else
|
|
- find "$initdir" -type f \
|
|
- -executable -not -path '*/lib/modules/*.ko' -print0 \
|
|
- | xargs -r -0 strip -g 2>/dev/null
|
|
- fi
|
|
+ find "$initdir" -type f \
|
|
+ -executable -not -path '*/lib/modules/*.ko' -print0 \
|
|
+ | xargs -r -0 strip -g 2>/dev/null
|
|
|
|
# strip kernel modules, but do not touch signed modules
|
|
find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
|