dracut/0042.patch

From ecc17a2cd574b31ce6f95f5a7d8ee6c62ecbb51b Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 16 Aug 2023 14:02:51 +0200
Subject: [PATCH] fix(fips): include openssl's fips.so and openssl.cnf

Resolves: #2176560
---
 modules.d/01fips/module-setup.sh | 13 +++++++++++++
 modules.d/01fips/openssl.cnf     |  7 +++++++
 2 files changed, 20 insertions(+)

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index cc9d15ce..7ff5e640 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -82,4 +82,17 @@ install() {
             dfatal "To create an initramfs with fips support, dracut has to run as root"
             return 1
         }
+
+    # if we have openssl we need to install their fips library and configuration
+    [ -x /usr/bin/openssl ] && {
+        read -r _ conf < <(openssl version -d)
+        conf=${conf#\"}
+        conf=${conf%\"}
+        inst_simple "${moddir}/openssl.cnf" "$conf/openssl.cnf"
+
+        read -r _ mod < <(openssl version -m)
+        mod=${mod#\"}
+        mod=${mod%\"}
+        inst_simple "$mod/fips.so"
+    }
 }
diff --git a/modules.d/01fips/openssl.cnf b/modules.d/01fips/openssl.cnf
new file mode 100644
index 00000000..ee9adcf0
--- /dev/null
+++ b/modules.d/01fips/openssl.cnf
@@ -0,0 +1,7 @@
+openssl_conf = openssl_init
+[openssl_init]
+providers = provider_sect
+[provider_sect]
+default = default_sect
+[default_sect]
+activate = 1