From ba92d1fcad68758004d7b1102fe1905c0f25e63e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= Date: Tue, 27 Apr 2021 10:37:20 +0000 Subject: [PATCH] fix(systemd-verity): incorrect reference to cryptsetup target Incorrect include of remote-cryptsetup.target in hostonly. Corrected to point to remote-veritysetup.target --- dracut.spec | 2 +- .../01systemd-veritysetup/module-setup.sh | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100755 modules.d/01systemd-veritysetup/module-setup.sh diff --git a/dracut.spec b/dracut.spec index 42f7e8ff..fa78680c 100644 --- a/dracut.spec +++ b/dracut.spec @@ -335,7 +335,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{dracutlibdir}/modules.d/01systemd-sysusers %{dracutlibdir}/modules.d/01systemd-timedated %{dracutlibdir}/modules.d/01systemd-timesyncd -%{dracutlibdir}/modules.d/01systemd-verity +%{dracutlibdir}/modules.d/01systemd-veritysetup %{dracutlibdir}/modules.d/03modsign %{dracutlibdir}/modules.d/03rescue %{dracutlibdir}/modules.d/04watchdog diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh new file mode 100755 index 00000000..fecfecc8 --- /dev/null +++ b/modules.d/01systemd-veritysetup/module-setup.sh @@ -0,0 +1,60 @@ +#!/bin/bash +# This file is part of dracut. +# SPDX-License-Identifier: GPL-2.0-or-later + +# Prerequisite check(s) for module. +check() { + + # If the binary(s) requirements are not fulfilled the module can't be installed. + require_binaries \ + "$systemdutildir"/systemd-veritysetup \ + "$systemdutildir"/system-generators/systemd-veritysetup-generator \ + || return 1 + + # Return 255 to only include the module, if another module requires it. + return 255 + +} + +# Module dependency requirements. +depends() { + + # This module has external dependency on other module(s). + echo systemd dm + # Return 0 to include the dependent module(s) in the initramfs. + return 0 + +} + +# Install the required file(s) and directories for the module in the initramfs. +install() { + + inst_multiple -o \ + "$systemdutildir"/systemd-veritysetup \ + "$systemdutildir"/system-generators/systemd-veritysetup-generator \ + "$systemdsystemunitdir"/remote-veritysetup.target \ + "$systemdsystemunitdir"/veritysetup-pre.target \ + "$systemdsystemunitdir"/veritysetup.target \ + "$systemdsystemunitdir"/sysinit.target.wants/veritysetup.target \ + "$systemdsystemunitdir"/initrd-root-device.target.wants/remote-veritysetup.target + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then + inst_multiple -H -o \ + /etc/veritytab \ + "$systemdsystemconfdir"/veritysetup.target \ + "$systemdsystemconfdir/veritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/veritysetup-pre.target \ + "$systemdsystemconfdir/veritysetup-pre.target.wants/*.target" \ + "$systemdsystemconfdir"/remote-veritysetup.target \ + "$systemdsystemconfdir/remote-veritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/sysinit.target.wants/veritysetup.target \ + "$systemdsystemconfdir/sysinit.target.wants/veritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/initrd-root-device.target.wants/remote-veritysetup.target + fi + + # Install required libraries. + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" + +}