projects / platform / upstream / dracut.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 48dba7f)
fips: set /boot as symlink to /sysroot/boot if no boot= parameter
authorHarald Hoyer <harald@redhat.com>
Tue, 21 Aug 2012 13:01:08 +0000 (15:01 +0200)
committerHarald Hoyer <harald@redhat.com>
Tue, 21 Aug 2012 16:46:20 +0000 (18:46 +0200)
otherwise sha512hmac will error out with:

sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.

modules.d/01fips/fips.sh patch | blob | history

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 67eefb8..324e062 100755 (executable)
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -45,23 +45,23 @@ mount_boot()
         mkdir /boot
         info "Mounting $boot as /boot"
         mount -oro "$boot" /boot || return 1
+    elif [ -d "$NEWROOT/boot" ]; then
+        rm -fr /boot
+        ln -sf "$NEWROOT/boot" /boot
     fi
 }
 
 do_fips()
 {
     info "Checking integrity of kernel"
-    newroot=$NEWROOT
     KERNEL=$(uname -r)
 
-    [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ] || unset newroot
-
-    if ! [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ]; then
-        warn "$newroot/boot/.vmlinuz-${KERNEL}.hmac does not exist"
+    if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
+        warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
         return 1
     fi
 
-    sha512hmac -c "$newroot/boot/.vmlinuz-${KERNEL}.hmac" || return 1
+    sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1
 
     FIPSMODULES=$(cat /etc/fipsmodules)
 
Domain: System / Base;