almalinux/lorax
13
0
Fork 0
Code Issues Pull Requests Releases Activity

Include the dracut fips module in the initrd (#1341280)

Browse Source 
This will allow anaconda to fetch kickstarts using https when installing
with fips=1

Leave vmlinuz and .vmlinuz.hmac in /boot

dracut-fips module needs the vmlinuz.hmac file in order to boot.
This commit is contained in:
Brian C. Lane 2017-08-14 13:20:27 -07:00
parent 7bc818507c
commit 8154b3f7a3
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
share/templates.d/99-generic/runtime-cleanup.tmpl
View File

@ -70,7 +70,7 @@ removepkg tigervnc-license ttmkfdir xml-common xorg-x11-font-utils
removepkg xorg-x11-server-common yum-utils firewalld removepkg xorg-x11-server-common yum-utils firewalld
## other removals ## other removals
remove /boot /home /media /opt /srv /tmp/* remove /home /media /opt /srv /tmp/*
remove /usr/etc /usr/games /usr/local /usr/tmp remove /usr/etc /usr/games /usr/local /usr/tmp
remove /usr/share/doc /usr/share/info /usr/share/man /usr/share/gnome remove /usr/share/doc /usr/share/info /usr/share/man /usr/share/gnome
remove /usr/share/mime/application /usr/share/mime/audio /usr/share/mime/image remove /usr/share/mime/application /usr/share/mime/audio /usr/share/mime/image
@ -333,6 +333,11 @@ removefrom ${product.name}-logos /usr/share/{firstboot,gnome-screensaver,kde4,pi
runcmd find ${root} -name "*.pyo" -type f -delete runcmd find ${root} -name "*.pyo" -type f -delete
runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \; runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \;
## cleanup /boot/ leaving vmlinuz, and .*hmac files
runcmd chroot ${root} find /boot \! -name "vmlinuz*" \
-and \! -name ".vmlinuz*" \
-and \! -name boot -delete
## remove any broken links in /etc or /usr ## remove any broken links in /etc or /usr
## (broken systemd service links lead to confusing noise at boot) ## (broken systemd service links lead to confusing noise at boot)
## NOTE: not checking /var because we want to keep /var/run ## NOTE: not checking /var because we want to keep /var/run

2
share/templates.d/99-generic/runtime-install.tmpl
View File

@ -60,7 +60,7 @@ installpkg glibc-all-langpacks
installpkg plymouth installpkg plymouth
## extra dracut modules ## extra dracut modules
installpkg anaconda-dracut dracut-network dracut-config-generic installpkg anaconda-dracut dracut-network dracut-config-generic dracut-fips
## rescue needs this ## rescue needs this
installpkg cryptsetup installpkg cryptsetup

2
src/pylorax/__init__.py
View File

@ -340,7 +340,7 @@ class Lorax(BaseLoraxClass):
workdir=self.workdir) workdir=self.workdir)
logger.info("rebuilding initramfs images") logger.info("rebuilding initramfs images")
dracut_args = ["--xz", "--install", "/.buildstamp", "--no-early-microcode"] dracut_args = ["--xz", "--install", "/.buildstamp", "--no-early-microcode", "--add", "fips"]
anaconda_args = dracut_args + ["--add", "anaconda pollcdrom qemu qemu-net"] anaconda_args = dracut_args + ["--add", "anaconda pollcdrom qemu qemu-net"]
# ppc64 cannot boot an initrd > 32MiB so remove some drivers # ppc64 cannot boot an initrd > 32MiB so remove some drivers