dracut/0068.patch
Harald Hoyer 460d2c99f9 dracut-050-157.git20201002
git snapshot
2020-10-02 14:08:26 +02:00

41 lines
1.3 KiB
Diff

From 5a4c3469338410b6aea9452994b4b0af1ba59be7 Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Wed, 10 Jun 2020 15:57:20 +0800
Subject: [PATCH] dracut.sh: FIPS workaround for openssl-libs on Fedora/RHEL
On Fedora/RHEL, libcryto will verify both itself and libssl on start, if
libssl is missing, FIPS self test will fail. However libssl is not a
dependency of libcryto so dracut will not install it, unless some other
binary or library pulls it in. Systemd requires libssl, so in most cases
it just worked, but could fail in some corner cases where systemd is not
used.
Signed-off-by: Kairui Song <kasong@redhat.com>
---
dracut.sh | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/dracut.sh b/dracut.sh
index 9ee722c9..e3195499 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1941,6 +1941,17 @@ if [[ $kernel_only != yes ]]; then
break 2
done
done
+
+ # FIPS workaround for Fedora/RHEL: libcrypto needs libssl when FIPS is enabled
+ if [[ $DRACUT_FIPS_MODE ]]; then
+ for _dir in $libdirs; do
+ for _f in "$dracutsysrootdir$_dir/libcrypto.so"*; do
+ [[ -e "$_f" ]] || continue
+ inst_libdir_file -o "libssl.so*"
+ break 2
+ done
+ done
+ fi
fi
if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then