From 7aa71188b9dc48ed3486cc1134d32d786a942e78 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Mon, 29 Aug 2016 08:46:06 -0700
Subject: [PATCH] Include the dracut fips module in the initrd (#1341280)

This will allow anaconda to fetch kickstarts using https when installing
with fips=1

Leave vmlinuz and .vmlinuz.hmac in /boot

dracut-fips module needs the vmlinuz.hmac file in order to boot.

Resolves: rhbz#1341280
---
 share/runtime-cleanup.tmpl | 7 ++++++-
 share/runtime-install.tmpl | 2 +-
 src/pylorax/__init__.py    | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/share/runtime-cleanup.tmpl b/share/runtime-cleanup.tmpl
index 4edcbf37..11089fdf 100644
--- a/share/runtime-cleanup.tmpl
+++ b/share/runtime-cleanup.tmpl
@@ -67,7 +67,7 @@ removepkg tigervnc-license ttmkfdir xml-common xorg-x11-font-utils
 removepkg xorg-x11-server-common yum-utils
 
 ## other removals
-remove /boot /home /media /opt /srv /tmp/*
+remove /home /media /opt /srv /tmp/*
 remove /usr/etc /usr/games /usr/local /usr/tmp
 remove /usr/share/doc /usr/share/info /usr/share/man /usr/share/gnome
 remove /usr/share/mime/application /usr/share/mime/audio /usr/share/mime/image
@@ -347,6 +347,11 @@ removefrom subscription-manager --allbut /etc/rhsm/* /usr/share/rhsm/* /var/log/
 runcmd find ${root} -name "*.pyo" -type f -delete
 runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \;
 
+## cleanup /boot/ leaving vmlinuz, and .*hmac files
+runcmd chroot ${root} find /boot \! -name "vmlinuz*" \
+                            -and \! -name ".vmlinuz*" \
+                            -and \! -name boot -delete
+
 ## remove any broken links in /etc or /usr
 ## (broken systemd service links lead to confusing noise at boot)
 ## NOTE: not checking /var because we want to keep /var/run
diff --git a/share/runtime-install.tmpl b/share/runtime-install.tmpl
index b84f0cbc..c52698fd 100644
--- a/share/runtime-install.tmpl
+++ b/share/runtime-install.tmpl
@@ -53,7 +53,7 @@ installpkg kernel
 installpkg plymouth
 
 ## extra dracut modules
-installpkg anaconda-dracut dracut-network dracut-config-generic
+installpkg anaconda-dracut dracut-network dracut-config-generic dracut-fips
 
 ## redhat-upgrade-dracut handles upgrades on RHEL
 installpkg redhat-upgrade-dracut redhat-upgrade-dracut-plymouth
diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py
index b22a8ef4..f33cd646 100644
--- a/src/pylorax/__init__.py
+++ b/src/pylorax/__init__.py
@@ -311,7 +311,7 @@ class Lorax(BaseLoraxClass):
                                   workdir=self.workdir)
 
         logger.info("rebuilding initramfs images")
-        dracut_args = ["--xz", "--install", "/.buildstamp", "--no-early-microcode"]
+        dracut_args = ["--xz", "--install", "/.buildstamp", "--no-early-microcode", "--add", "fips"]
         anaconda_args = dracut_args + ["--add", "anaconda pollcdrom"]
 
         # ppc64 cannot boot an initrd > 32MiB so remove some drivers