rpms / dracut

Clone
Source Code
GIT

Blame 0068.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   99c74373eee952f26c7d256f12c024fe29397ae6
  2.   0068.patch
Blob History Raw
Harald Hoyer 460d2c 
From 5a4c3469338410b6aea9452994b4b0af1ba59be7 Mon Sep 17 00:00:00 2001
Harald Hoyer 460d2c 
From: Kairui Song <kasong@redhat.com>
Harald Hoyer 460d2c 
Date: Wed, 10 Jun 2020 15:57:20 +0800
Harald Hoyer 460d2c 
Subject: [PATCH] dracut.sh: FIPS workaround for openssl-libs on Fedora/RHEL
Harald Hoyer 460d2c
Harald Hoyer 460d2c 
On Fedora/RHEL, libcryto will verify both itself and libssl on start, if
Harald Hoyer 460d2c 
libssl is missing, FIPS self test will fail. However libssl is not a
Harald Hoyer 460d2c 
dependency of libcryto so dracut will not install it, unless some other
Harald Hoyer 460d2c 
binary or library pulls it in. Systemd requires libssl, so in most cases
Harald Hoyer 460d2c 
it just worked, but could fail in some corner cases where systemd is not
Harald Hoyer 460d2c 
used.
Harald Hoyer 460d2c
Harald Hoyer 460d2c 
Signed-off-by: Kairui Song <kasong@redhat.com>
Harald Hoyer 460d2c 
---
Harald Hoyer 460d2c 
 dracut.sh | 11 +++++++++++
Harald Hoyer 460d2c 
 1 file changed, 11 insertions(+)
Harald Hoyer 460d2c
Harald Hoyer 460d2c 
diff --git a/dracut.sh b/dracut.sh
Harald Hoyer 460d2c 
index 9ee722c9..e3195499 100755
Harald Hoyer 460d2c 
--- a/dracut.sh
Harald Hoyer 460d2c 
+++ b/dracut.sh
Harald Hoyer 460d2c 
@@ -1941,6 +1941,17 @@ if [[ $kernel_only != yes ]]; then
Harald Hoyer 460d2c 
             break 2
Harald Hoyer 460d2c 
         done
Harald Hoyer 460d2c 
     done
Harald Hoyer 460d2c 
+
Harald Hoyer 460d2c 
+    # FIPS workaround for Fedora/RHEL: libcrypto needs libssl when FIPS is enabled
Harald Hoyer 460d2c 
+    if [[ $DRACUT_FIPS_MODE ]]; then
Harald Hoyer 460d2c 
+      for _dir in $libdirs; do
Harald Hoyer 460d2c 
+          for _f in "$dracutsysrootdir$_dir/libcrypto.so"*; do
Harald Hoyer 460d2c 
+              [[ -e "$_f" ]] || continue
Harald Hoyer 460d2c 
+              inst_libdir_file -o "libssl.so*"
Harald Hoyer 460d2c 
+              break 2
Harald Hoyer 460d2c 
+          done
Harald Hoyer 460d2c 
+      done
Harald Hoyer 460d2c 
+    fi
Harald Hoyer 460d2c 
 fi
Harald Hoyer 460d2c
Harald Hoyer 460d2c 
 if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
Harald Hoyer 460d2c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation