|
 |
ad54c5 |
From a6c4171117924cacaa727a9828e72f70e09b1fa9 Mon Sep 17 00:00:00 2001
|
|
|
ad54c5 |
From: Pavel Valena <pvalena@redhat.com>
|
|
|
ad54c5 |
Date: Tue, 12 Jul 2022 14:15:25 +0200
|
|
|
ad54c5 |
Subject: [PATCH] fix(fips): enhance commit 'handle s390x OSTree systems'
|
|
|
c2f1e0 |
|
|
|
ad54c5 |
78557f05a69fe718a97df85d2ed741ce10d3f806
|
|
|
ad54c5 |
|
|
|
ad54c5 |
Refactored to enhance readability.
|
|
|
ad54c5 |
|
|
|
ad54c5 |
Related: rhbz#2050567
|
|
|
c2f1e0 |
---
|
|
|
ad54c5 |
modules.d/01fips/fips.sh | 15 +++++++++++----
|
|
|
ad54c5 |
modules.d/01fips/module-setup.sh | 2 +-
|
|
|
ad54c5 |
2 files changed, 12 insertions(+), 5 deletions(-)
|
|
|
c2f1e0 |
|
|
|
ad54c5 |
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
|
|
|
ad54c5 |
index 26f65414..6ad61df8 100755
|
|
|
ad54c5 |
--- a/modules.d/01fips/fips.sh
|
|
|
ad54c5 |
+++ b/modules.d/01fips/fips.sh
|
|
|
ad54c5 |
@@ -132,10 +132,17 @@ do_fips() {
|
|
|
ad54c5 |
if [ -e "/boot/vmlinuz-${KERNEL}" ]; then
|
|
|
ad54c5 |
BOOT_IMAGE="vmlinuz-${KERNEL}"
|
|
|
ad54c5 |
elif [ -d /boot/loader/entries ]; then
|
|
|
ad54c5 |
- bls=$(find /boot/loader/entries -name '*.conf' | sort -rV | sed -n "$((BOOT_IMAGE + 1))p")
|
|
|
ad54c5 |
- if [ -e "${bls}" ]; then
|
|
|
ad54c5 |
- BOOT_IMAGE=$(grep ^linux "${bls}" | cut -d' ' -f2)
|
|
|
ad54c5 |
- fi
|
|
|
ad54c5 |
+ i=0
|
|
|
ad54c5 |
+ # shellcheck disable=SC2012
|
|
|
ad54c5 |
+ for bls in $(ls -d /boot/loader/entries/*.conf | sort -rV); do
|
|
|
ad54c5 |
+ if [ "$i" -eq "${BOOT_IMAGE:-0}" ] && [ -r "$bls" ]; then
|
|
|
ad54c5 |
+ BOOT_IMAGE="$(grep -e '^linux' "$bls" | grep -o ' .*$')"
|
|
|
ad54c5 |
+ BOOT_IMAGE=${BOOT_IMAGE## }
|
|
|
ad54c5 |
+ break
|
|
|
ad54c5 |
+ fi
|
|
|
ad54c5 |
+
|
|
|
ad54c5 |
+ i=$((i + 1))
|
|
|
ad54c5 |
+ done
|
|
|
ad54c5 |
fi
|
|
|
ad54c5 |
fi
|
|
|
c2f1e0 |
|
|
|
ad54c5 |
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
|
|
|
ad54c5 |
index 8860159d..cc9d15ce 100755
|
|
|
ad54c5 |
--- a/modules.d/01fips/module-setup.sh
|
|
|
ad54c5 |
+++ b/modules.d/01fips/module-setup.sh
|
|
|
ad54c5 |
@@ -67,7 +67,7 @@ install() {
|
|
|
ad54c5 |
inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh"
|
|
|
ad54c5 |
inst_script "$moddir/fips.sh" /sbin/fips.sh
|
|
|
c2f1e0 |
|
|
|
ad54c5 |
- inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort
|
|
|
ad54c5 |
+ inst_multiple sha512hmac rmmod insmod mount uname umount grep sed sort
|
|
|
c2f1e0 |
|
|
|
ad54c5 |
inst_simple /etc/system-fips
|
|
|
ad54c5 |
[ -c "${initdir}"/dev/random ] || mknod "${initdir}"/dev/random c 1 8 \
|
|
|
c2f1e0 |
|