dracut.sh: do not strip signed kernel modules
https://bugzilla.redhat.com/show_bug.cgi?id=873796master
parent
2b9be6f707
commit
2d9b156e9e
16
dracut.sh
16
dracut.sh
|
@ -1041,21 +1041,27 @@ if [[ $do_strip = yes ]] ; then
|
||||||
dinfo "*** Stripping files ***"
|
dinfo "*** Stripping files ***"
|
||||||
if [[ $DRACUT_FIPS_MODE ]]; then
|
if [[ $DRACUT_FIPS_MODE ]]; then
|
||||||
find "$initdir" -type f \
|
find "$initdir" -type f \
|
||||||
'(' -perm -0100 -or -perm -0010 -or -perm -0001 \
|
-executable -not -path '*/lib/modules/*.ko' -print0 \
|
||||||
-or -path '*/lib/modules/*.ko' ')' -print0 \
|
|
||||||
| while read -r -d $'\0' f; do
|
| while read -r -d $'\0' f; do
|
||||||
if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \
|
if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \
|
||||||
&& ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \
|
&& ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \
|
||||||
&& ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then
|
&& ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then
|
||||||
echo -n "$f"; echo -n -e "\000"
|
echo -n "$f"; echo -n -e "\000"
|
||||||
fi
|
fi
|
||||||
done |xargs -r -0 strip -g 2>/dev/null
|
done | xargs -r -0 strip -g 2>/dev/null
|
||||||
else
|
else
|
||||||
find "$initdir" -type f \
|
find "$initdir" -type f \
|
||||||
'(' -perm -0100 -or -perm -0010 -or -perm -0001 \
|
-executable -not -path '*/lib/modules/*.ko' -print0 \
|
||||||
-or -path '*/lib/modules/*.ko' ')' -print0 \
|
|
||||||
| xargs -r -0 strip -g 2>/dev/null
|
| xargs -r -0 strip -g 2>/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# strip kernel modules, but do not touch signed modules
|
||||||
|
find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
|
||||||
|
| while read -r -d $'\0' f; do
|
||||||
|
SIG=$(tail -c 28 "$f")
|
||||||
|
[[ $SIG == '~Module signature appended~' ]] || { echo -n "$f"; echo -n -e "\000"; }
|
||||||
|
done | xargs -r -0 strip -g
|
||||||
|
|
||||||
dinfo "*** Stripping files done ***"
|
dinfo "*** Stripping files done ***"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue