From 77a21063367337b874e9396547b3d1439eef2754 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 6 Sep 2019 11:44:49 -0400
Subject: [PATCH] Rename disable_prelink -> bash_disable_prelink

Per conversation in #4746, we should probably prefix bash remediation
helpers with the bash_ prefix. This lets us quickly identify which
language a particular macro is for, especially when macros with similar
functionality behave differently across languages.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 .../system/software/integrity/disable_prelink/bash/shared.sh    | 2 +-
 .../integrity/fips/grub2_enable_fips_mode/bash/shared.sh        | 2 +-
 shared/macros-bash.jinja                                        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/disable_prelink/bash/shared.sh b/linux_os/guide/system/software/integrity/disable_prelink/bash/shared.sh
index a79bd71ab0..ed6a388d0a 100644
--- a/linux_os/guide/system/software/integrity/disable_prelink/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/disable_prelink/bash/shared.sh
@@ -1,2 +1,2 @@
 # platform = multi_platform_all
-{{{ disable_prelink() }}}
+{{{ bash_disable_prelink() }}}
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh
index 2b99be11a7..18b57e6f87 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh
@@ -3,7 +3,7 @@
 # include remediation functions library
 . /usr/share/scap-security-guide/remediation_functions
 
-{{{ disable_prelink() }}}
+{{{ bash_disable_prelink() }}}
 
 if grep -q -m1 -o aes /proc/cpuinfo; then
 	{{{ bash_package_install("dracut-fips-aesni") }}}
diff --git a/shared/macros-bash.jinja b/shared/macros-bash.jinja
index 1af0143805..8a6b9b5099 100644
--- a/shared/macros-bash.jinja
+++ b/shared/macros-bash.jinja
@@ -87,7 +87,7 @@ apt-get remove -y "{{{ package }}}"
 {{%- endif -%}}
 {{%- endmacro -%}}
 
-{{%- macro disable_prelink() -%}}
+{{%- macro bash_disable_prelink() -%}}
 # prelink not installed
 if test ! -e /etc/sysconfig/prelink -a ! -e /usr/sbin/prelink; then
     return 0
From 747a407d54a4c3549795fbf2a484092d175a39a4 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 6 Nov 2019 15:45:47 +0100
Subject: [PATCH 1/2] Invert logic when testing for prelink package presence.

Since this piece of code is not a bash function anymore, it is not
possible to use the return statement, so inverting the logic of the test
did the trick.
---
 shared/macros-bash.jinja | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/shared/macros-bash.jinja b/shared/macros-bash.jinja
index 49ef874f0b..62b1b165a8 100644
--- a/shared/macros-bash.jinja
+++ b/shared/macros-bash.jinja
@@ -89,21 +89,19 @@ apt-get remove -y "{{{ package }}}"
 
 {{%- macro bash_disable_prelink() -%}}
 # prelink not installed
-if test ! -e /etc/sysconfig/prelink -a ! -e /usr/sbin/prelink; then
-    return 0
-fi
-
-if grep -q ^PRELINKING /etc/sysconfig/prelink
-then
-    sed -i 's/^PRELINKING[:blank:]*=[:blank:]*[:alpha:]*/PRELINKING=no/' /etc/sysconfig/prelink
-else
-    printf '\n' >> /etc/sysconfig/prelink
-    printf '%s\n' '# Set PRELINKING=no per security requirements' 'PRELINKING=no' >> /etc/sysconfig/prelink
-fi
+if test -e /etc/sysconfig/prelink -o -e /usr/sbin/prelink; then
+    if grep -q ^PRELINKING /etc/sysconfig/prelink
+    then
+        sed -i 's/^PRELINKING[:blank:]*=[:blank:]*[:alpha:]*/PRELINKING=no/' /etc/sysconfig/prelink
+    else
+        printf '\n' >> /etc/sysconfig/prelink
+        printf '%s\n' '# Set PRELINKING=no per security requirements' 'PRELINKING=no' >> /etc/sysconfig/prelink
+    fi
 
-# Undo previous prelink changes to binaries if prelink is available.
-if test -x /usr/sbin/prelink; then
-    /usr/sbin/prelink -ua
+    # Undo previous prelink changes to binaries if prelink is available.
+    if test -x /usr/sbin/prelink; then
+        /usr/sbin/prelink -ua
+    fi
 fi
 {{%- endmacro -%}}
 

From 6c7182016b956d53ac5cf306da6d1b4efda953ab Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 6 Nov 2019 17:15:47 +0100
Subject: [PATCH 2/2] Add dracut-fips-aesni package to grub2_enable_fips_mode
 anaconda remediation.

---
 .../fips/grub2_enable_fips_mode/anaconda/shared.anaconda        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/anaconda/shared.anaconda b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/anaconda/shared.anaconda
index 4a329df8f4..2dd06202b3 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/anaconda/shared.anaconda
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/anaconda/shared.anaconda
@@ -1,3 +1,3 @@
 # platform = Red Hat Enterprise Linux 7,Oracle Linux 7
 
-package --add=dracut-fips
+package --add=dracut-fips --add=dracut-fips-aesni