pool/dracut
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8532cba494
dracut/0551-fips-use-lib-modules-uname-r-modules.fips.patch
Marcus Meissner 9a8b47f48c Accepting request 563307 from home:dmolkentin:branches:Base:System 
- FIPS: Try to fetch list of fips modules from the kernel's modules dir (bsc#1074984)
  * Adds 0551-fips-use-lib-modules-uname-r-modules.fips.patch
- Annotated patches regarding their upstream state

OBS-URL: https://build.opensuse.org/request/show/563307
OBS-URL: https://build.opensuse.org/package/show/Base:System/dracut?expand=0&rev=332
2018-01-11 16:25:35 +00:00

53 lines
2.6 KiB
Diff
Raw Blame History

From 2a7f2be7475dfaf5090bbafbbf5b7eb3067eef46 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Wed, 10 Jan 2018 11:03:22 +0100
Subject: [PATCH] fips: use /lib/modules/$(uname -r)/modules.fips
if /lib/modules/$(uname -r)/modules.fips exists, use that list instead
of the hardcoded dracut module list.
Backported from upstream's master branch
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 9e5eca4f..709cfc85 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -13,18 +13,22 @@ depends() {
# called by dracut
installkernel() {
local _fipsmodules _mod
- _fipsmodules="ansi_cprng arc4 authenc ccm "
- _fipsmodules+="ctr cts deflate drbg "
- _fipsmodules+="ecb fcrypt gcm ghash_generic khazad md4 michael_mic rmd128 "
- _fipsmodules+="rmd160 rmd256 rmd320 seed "
- _fipsmodules+="sha512_generic tcrypt tea wp512 xts "
- _fipsmodules+="aes_s390 des_s390 sha256_s390 ghash_s390 sha1_s390 sha512_s390 "
- _fipsmodules+="gf128mul "
- _fipsmodules+="cmac vmac xcbc salsa20_generic salsa20_x86_64 camellia_generic camellia_x86_64 pcbc tgr192 anubis "
- _fipsmodules+="cast6_generic cast5_generic cast_common sha512_ssse3 serpent_sse2_x86_64 serpent_generic twofish_generic "
- _fipsmodules+="ablk_helper cryptd twofish_x86_64_3way lrw glue_helper twofish_x86_64 twofish_common blowfish_generic "
- _fipsmodules+="blowfish_x86_64 blowfish_common des_generic cbc "
- _fipsmodules+="algif_hash af_alg crypto_user "
+ if [[ -f "${srcmods}/modules.fips" ]]; then
+ _fipsmodules="$(cat "${srcmods}/modules.fips")"
+ else
+ _fipsmodules="ansi_cprng arc4 authenc ccm "
+ _fipsmodules+="ctr cts deflate drbg "
+ _fipsmodules+="ecb fcrypt gcm ghash_generic khazad md4 michael_mic rmd128 "
+ _fipsmodules+="rmd160 rmd256 rmd320 seed "
+ _fipsmodules+="sha512_generic tcrypt tea wp512 xts "
+ _fipsmodules+="aes_s390 des_s390 sha256_s390 ghash_s390 sha1_s390 sha512_s390 "
+ _fipsmodules+="gf128mul "
+ _fipsmodules+="cmac vmac xcbc salsa20_generic salsa20_x86_64 camellia_generic camellia_x86_64 pcbc tgr192 anubis "
+ _fipsmodules+="cast6_generic cast5_generic cast_common sha512_ssse3 serpent_sse2_x86_64 serpent_generic twofish_generic "
+ _fipsmodules+="ablk_helper cryptd twofish_x86_64_3way lrw glue_helper twofish_x86_64 twofish_common blowfish_generic "
+ _fipsmodules+="blowfish_x86_64 blowfish_common des_generic cbc "
+ _fipsmodules+="algif_hash af_alg crypto_user "
+ fi
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
--
2.13.6
Reference in New Issue View Git Blame Copy Permalink