kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

01fips: run sha512hmac from directory HMAC file directory 

That way, the HMAC file can contain a relative path instead of an
absolute one. The issue is that right now the kernel RPM bakes the
`/boot/vmlinuz-${kver}` path into the HMAC file which poses an issue for
rpm-ostree systems (and any other system where the kernel isn't simply
in the top-level `/boot`.

For now, we're hacking around this in rpm-ostree:
https://github.com/coreos/rpm-ostree/pull/1934

Though I'd like to propose the same change in the kernel spec file.
master
Jonathan Lebon 2019-10-29 16:47:34 -04:00 committed by Lukáš Nykrýn
parent 9e759aa969
commit ba813779bf
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules.d/01fips/fips.sh
View File

@ -135,7 +135,7 @@ do_fips()
return 1
fi

sha512hmac -c "${BOOT_IMAGE_HMAC}" || return 1
(cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1
fi

info "All initrd crypto checks done"