almalinux/lorax
14
1
Fork 0
Code Issues Pull Requests Releases Activity

Include the dracut fips module in the initrd (#1341280)

Browse Source 
This will allow anaconda to fetch kickstarts using https when installing
with fips=1

Leave vmlinuz and .vmlinuz.hmac in /boot

dracut-fips module needs the vmlinuz.hmac file in order to boot.

Resolves: rhbz#1341280
This commit is contained in:
Brian C. Lane 2016-08-29 08:46:06 -07:00
parent a883412ccc
commit 7aa71188b9
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
share/runtime-cleanup.tmpl
View File

@ -67,7 +67,7 @@ removepkg tigervnc-license ttmkfdir xml-common xorg-x11-font-utils
removepkg xorg-x11-server-common yum-utils removepkg xorg-x11-server-common yum-utils
## other removals ## other removals
remove /boot /home /media /opt /srv /tmp/* remove /home /media /opt /srv /tmp/*
remove /usr/etc /usr/games /usr/local /usr/tmp remove /usr/etc /usr/games /usr/local /usr/tmp
remove /usr/share/doc /usr/share/info /usr/share/man /usr/share/gnome remove /usr/share/doc /usr/share/info /usr/share/man /usr/share/gnome
remove /usr/share/mime/application /usr/share/mime/audio /usr/share/mime/image remove /usr/share/mime/application /usr/share/mime/audio /usr/share/mime/image
@ -347,6 +347,11 @@ removefrom subscription-manager --allbut /etc/rhsm/* /usr/share/rhsm/* /var/log/
runcmd find ${root} -name "*.pyo" -type f -delete runcmd find ${root} -name "*.pyo" -type f -delete
runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \; runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \;
## cleanup /boot/ leaving vmlinuz, and .*hmac files
runcmd chroot ${root} find /boot \! -name "vmlinuz*" \
-and \! -name ".vmlinuz*" \
-and \! -name boot -delete
## remove any broken links in /etc or /usr ## remove any broken links in /etc or /usr
## (broken systemd service links lead to confusing noise at boot) ## (broken systemd service links lead to confusing noise at boot)
## NOTE: not checking /var because we want to keep /var/run ## NOTE: not checking /var because we want to keep /var/run

2
share/runtime-install.tmpl
View File

@ -53,7 +53,7 @@ installpkg kernel
installpkg plymouth installpkg plymouth
## extra dracut modules ## extra dracut modules
installpkg anaconda-dracut dracut-network dracut-config-generic installpkg anaconda-dracut dracut-network dracut-config-generic dracut-fips
## redhat-upgrade-dracut handles upgrades on RHEL ## redhat-upgrade-dracut handles upgrades on RHEL
installpkg redhat-upgrade-dracut redhat-upgrade-dracut-plymouth installpkg redhat-upgrade-dracut redhat-upgrade-dracut-plymouth

2
src/pylorax/__init__.py
View File

@ -311,7 +311,7 @@ class Lorax(BaseLoraxClass):
workdir=self.workdir) workdir=self.workdir)
logger.info("rebuilding initramfs images") logger.info("rebuilding initramfs images")
dracut_args = ["--xz", "--install", "/.buildstamp", "--no-early-microcode"] dracut_args = ["--xz", "--install", "/.buildstamp", "--no-early-microcode", "--add", "fips"]
anaconda_args = dracut_args + ["--add", "anaconda pollcdrom"] anaconda_args = dracut_args + ["--add", "anaconda pollcdrom"]
# ppc64 cannot boot an initrd > 32MiB so remove some drivers # ppc64 cannot boot an initrd > 32MiB so remove some drivers