From 338b43cd6a97cf767af2953ce5c69240d4c32290 Mon Sep 17 00:00:00 2001

From: Harald Hoyer <harald@redhat.com>

Date: Thu, 5 Jul 2012 10:42:22 +0200

Subject: [PATCH] fips: add instmods silent check mode "-c -s"

---

 dracut-functions.sh              |   18 ++++++++++++------

 modules.d/01fips/module-setup.sh |    4 ++--

 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/dracut-functions.sh b/dracut-functions.sh

index 6de7c72..d91e2a4 100755

--- a/dracut-functions.sh

+++ b/dracut-functions.sh

@@ -1290,8 +1290,8 @@ find_kernel_modules () {

     find_kernel_modules_by_path  drivers

 }

-# instmods [-c] <kernel module> [<kernel module> ... ]

-# instmods [-c] <kernel subsystem>

+# instmods [-c [-s]] <kernel module> [<kernel module> ... ]

+# instmods [-c [-s]] <kernel subsystem>

 # install kernel modules along with all their dependencies.

 # <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage"

 instmods() {

@@ -1299,11 +1299,17 @@ instmods() {

     # called [sub]functions inherit _fderr

     local _fderr=9

     local _check=no

+    local _silent=no

     if [[ $1 = '-c' ]]; then

         _check=yes

         shift

     fi

+    if [[ $1 = '-s' ]]; then

+        _silent=yes

+        shift

+    fi

+

     function inst1mod() {

         local _ret=0 _mod="$1"

         case $_mod in

@@ -1362,8 +1368,8 @@ instmods() {

         if (($# == 0)); then  # filenames from stdin

             while read _mod; do

                 inst1mod "${_mod%.ko*}" || {

-                    if [ "$_check" = "yes" ]; then

-                        dfatal "Failed to install $_mod"

+                    if [[ "$_check" == "yes" ]]; then

+                        [[ "$_silent" == "no" ]] && dfatal "Failed to install $_mod"

                         return 1

                     fi

                 }

@@ -1371,8 +1377,8 @@ instmods() {

         fi

         while (($# > 0)); do  # filenames as arguments

             inst1mod ${1%.ko*} || {

-                if [ "$_check" = "yes" ]; then

-                    dfatal "Failed to install $1"

+                if [[ "$_check" == "yes" ]]; then

+                    [[ "$_silent" == "no" ]] && dfatal "Failed to install $1"

                     return 1

                 fi

             }

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh

index dbf51e3..2d238fb 100755

--- a/modules.d/01fips/module-setup.sh

+++ b/modules.d/01fips/module-setup.sh

@@ -13,13 +13,13 @@ depends() {

 installkernel() {

     local _fipsmodules _mod

     _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr"

-    _fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256_generic sha512"

+    _fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256 sha256_generic sha512 sha512_generic"

     _fipsmodules+=" cryptomgr crypto_null tcrypt dm-mod dm-crypt"

     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"

     for _mod in $_fipsmodules; do

-        if hostonly='' instmods $_mod; then

+        if hostonly='' instmods -c -s $_mod; then

             echo $_mod >> "${initdir}/etc/fipsmodules"

             echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"

         fi