Hello community,
here is the log from the commit of package dracut for openSUSE:Factory checked in at 2014-08-20 17:53:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dracut (Old)
and /work/SRC/openSUSE:Factory/.dracut.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dracut"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dracut/dracut.changes 2014-08-06 11:41:40.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.dracut.new/dracut.changes 2014-08-20 17:54:10.000000000 +0200
@@ -1,0 +2,20 @@
+Thu Aug 14 15:07:16 UTC 2014 - trenn@suse.de
+
+- Allow multiple configurations per network interface (bnc#887906)
+ Add 0133-Allow-multiple-configurations-per-network-interface-.patch
+- Remove bootdev warning (bnc#881112)
+ Add 0134-Remove-bootdev-warning-bnc-881112.patch
+- check for existance of 69-dm-lvm-metad.rules in modules_setup.sh, lvm module
+ (bnc#891791)
+ Add 0135-lvm-Fix-12819a579900b9691e2-check-for-existance-of-6.patch
+- Moved persistent network rule revert to another file (was not in github):
+ Delete: 0133-Remove-70-persistent-net.rules.patch
+ Add: 0136-Revert-95udev-rules-add-persistent-network-rule.patch
+- dracut-use-fipscheck-openssl.patch: Switch from Mozilla NSS sha256hmac
+ checking to fipscheck as recommended
+ Add: 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
+- warpclock: Do not use warpclock module on S390(x), hwclock does not exist
+ there (bnc#884513)
+ Add 0138-warpclock-Do-not-use-warpclock-module-on-S390-x-hwcl.patch
+
+-------------------------------------------------------------------
Old:
----
0133-Remove-70-persistent-net.rules.patch
New:
----
0133-Allow-multiple-configurations-per-network-interface-.patch
0134-Remove-bootdev-warning-bnc-881112.patch
0135-lvm-Fix-12819a579900b9691e2-check-for-existance-of-6.patch
0136-Revert-95udev-rules-add-persistent-network-rule.patch
0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
0138-warpclock-Do-not-use-warpclock-module-on-S390-x-hwcl.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dracut.spec ++++++
--- /var/tmp/diff_new_pack.1rNgLo/_old 2014-08-20 17:54:12.000000000 +0200
+++ /var/tmp/diff_new_pack.1rNgLo/_new 2014-08-20 17:54:12.000000000 +0200
@@ -153,7 +153,12 @@
Patch130: 0130-nfs-Always-add-all-kernel-modules-for-kdump.patch
Patch131: 0131-40network-handle-prefixed-IP-addresses-correctly.patch
Patch132: 0132-40network-fixup-static-network-configuration.patch
-Patch133: 0133-Remove-70-persistent-net.rules.patch
+Patch133: 0133-Allow-multiple-configurations-per-network-interface-.patch
+Patch134: 0134-Remove-bootdev-warning-bnc-881112.patch
+Patch135: 0135-lvm-Fix-12819a579900b9691e2-check-for-existance-of-6.patch
+Patch136: 0136-Revert-95udev-rules-add-persistent-network-rule.patch
+Patch137: 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
+Patch138: 0138-warpclock-Do-not-use-warpclock-module-on-S390-x-hwcl.patch
BuildRequires: asciidoc
BuildRequires: bash
@@ -195,7 +200,9 @@
Summary: Dracut modules to build a dracut initramfs with an integrity check
Group: System/Base
Requires: %{name} = %{version}-%{release}
-Requires: hmaccalc
+Requires: fipscheck
+Requires: libcryptsetup4-hmac
+Requires: libgcrypt20-hmac
%description fips
This package requires everything which is needed to build an
@@ -328,6 +335,11 @@
%patch131 -p1
%patch132 -p1
%patch133 -p1
+%patch134 -p1
+%patch135 -p1
+%patch136 -p1
+%patch137 -p1
+%patch138 -p1
%build
%configure\
++++++ 0133-Allow-multiple-configurations-per-network-interface-.patch ++++++
From 114aadff326cb6ac63d2b3926fafe944b1670a62 Mon Sep 17 00:00:00 2001
From: Julian Wolf
Date: Thu, 31 Jul 2014 17:11:16 +0200
Subject: Allow multiple configurations per network interface bnc#887906
Signed-off-by: Julian Wolf
---
modules.d/40network/ifup.sh | 91 ++++++++++++++++++++++------------
modules.d/40network/net-genrules.sh | 2 +-
modules.d/40network/net-lib.sh | 4 +-
modules.d/40network/parse-ibft.sh | 4 +-
modules.d/40network/parse-ip-opts.sh | 14 ++---
5 files changed, 70 insertions(+), 45 deletions(-)
diff --git a/modules.d/40network/ifup.sh b/modules.d/40network/ifup.sh
index 84dc530..0362287 100755
--- a/modules.d/40network/ifup.sh
+++ b/modules.d/40network/ifup.sh
@@ -91,6 +91,7 @@ else
fi
dhcp_apply() {
+ unset IPADDR INTERFACE BROADCAST NETWORK PREFIXLEN ROUTES GATEWAYS HOSTNAME DNSDOMAIN DNSSEARCH DNSSERVERS
if [ -f /tmp/leaseinfo.${netif}.dhcp.ipv${1:1:1} ]; then
. /tmp/leaseinfo.${netif}.dhcp.ipv${1:1:1}
else
@@ -132,24 +133,37 @@ dhcp_apply() {
[ -n "${HOSTNAME}" ] && hostname "$HOSTNAME"
# If nameserver= has not been specified, use what dhcp provides
- if [ ! -s /tmp/net.$netif.resolv.conf ]; then
+ if [ ! -s /tmp/net.$netif.resolv.conf.ipv${1:1:1} ]; then
if [ -n "${DNSDOMAIN}" ]; then
echo domain "${DNSDOMAIN}"
- fi >> /tmp/net.$netif.resolv.conf
+ fi >> /tmp/net.$netif.resolv.conf.ipv${1:1:1}
if [ -n "${DNSSEARCH}" ]; then
echo search "${DNSSEARCH}"
- fi >> /tmp/net.$netif.resolv.conf
+ fi >> /tmp/net.$netif.resolv.conf.ipv${1:1:1}
if [ -n "${DNSSERVERS}" ] ; then
for s in ${DNSSERVERS}; do
echo nameserver "$s"
done
- fi >> /tmp/net.$netif.resolv.conf
+ fi >> /tmp/net.$netif.resolv.conf.ipv${1:1:1}
fi
- [ -e /tmp/net.$netif.resolv.conf ] && \
- cp -f /tmp/net.$netif.resolv.conf /etc/resolv.conf
-
+ # copy resolv.conf if it doesn't exist yet, modify otherwise
+ if [ -e /tmp/net.$netif.resolv.conf.ipv${1:1:1} ] && [ ! -e /etc/resolv.conf ]; then
+ cp -f /tmp/net.$netif.resolv.conf.ipv${1:1:1} /etc/resolv.conf
+ else
+ if [ -n "$(sed -n '/^search .*$/p' /etc/resolv.conf)" ]; then
+ sed -i "s/\(^search .*\)$/\1 ${DNSSEARCH}/" /etc/resolv.conf
+ else
+ echo search ${DNSSEARCH} >> /etc/resolv.conf
+ fi
+ if [ -n "${DNSSERVERS}" ] ; then
+ for s in ${DNSSERVERS}; do
+ echo nameserver "$s"
+ done
+ fi >> /etc/resolv.conf
+ fi
+
info "DHCP is finished successfully"
return 0
}
@@ -171,9 +185,6 @@ do_dhcp() {
dhclient="wickedd-dhcp6"
fi
- # Address changed
- ip $1 addr flush dev "$netif"
-
if ! iface_has_link $netif; then
warn "No carrier detected"
warn "Trying to set $netif up..."
@@ -188,7 +199,6 @@ do_dhcp() {
$dhclient --test $netif > /tmp/leaseinfo.${netif}.dhcp.ipv${1:1:1}
dhcp_apply $1 || return $?
- echo $netif > /tmp/net.${netif}.did-setup
echo $netif > /tmp/setup_net_${netif}.ok
return 0
}
@@ -218,6 +228,31 @@ do_ipv6auto() {
# Handle static ip configuration
do_static() {
+ if [ "$autoconf" = "static" ] &&
+ [ -e /etc/sysconfig/network/ifcfg-${netif} ] ; then
+ # Pull in existing static configuration
+ . /etc/sysconfig/network/ifcfg-${netif}
+
+ # loop over all configurations in ifcfg-$netif (IPADDR*) and apply
+ for conf in ${!IPADDR@}; do
+ ip=${!conf}
+ [ -z "$ip" ] && continue
+ ext=${conf#IPADDR}
+ concat="PREFIXLEN$ext" && [ -n "${!concat}" ] && mtu=${!concat}
+ concat="MTU$ext" && [ -n "${!concat}" ] && mtu=${!concat}
+ concat="REMOTE_IPADDR$ext" && [ -n "${!concat}" ] && server=${!concat}
+ concat="GATEWAY$ext" && [ -n "${!concat}" ] && gw=${!concat}
+ concat="BOOTPROTO$ext" && [ -n "${!concat}" ] && autoconf=${!concat}
+ do_static_setup
+ done
+ else
+ do_static_setup
+ fi
+
+ return 0
+}
+
+do_static_setup() {
strglobin $ip '*:*:*' && load_ipv6
linkup $netif
@@ -237,7 +272,6 @@ do_static() {
else
# Assume /24 prefix for IPv4
[ -z "$prefix" ] && prefix=24
- ip addr flush dev $netif
ip addr add $ip/$prefix ${srv:+peer $srv} brd + dev $netif
fi
@@ -256,8 +290,6 @@ do_static() {
done
[ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
-
- return 0
}
# loopback is always handled the same way
@@ -404,6 +436,14 @@ for p in $(getargs ip=); do
ip_to_var $p
# skip ibft
[ "$autoconf" = "ibft" ] && continue
+
+ # skip if same configuration appears twice
+ while read line
+ do
+ [ "$line" = "$p" ] && continue 2
+ done < /tmp/net.${netif}.conf
+
+ echo $p >> /tmp/net.${netif}.conf
case "$dev" in
??:??:??:??:??:??) # MAC address
@@ -421,29 +461,12 @@ for p in $(getargs ip=); do
[ "$use_bridge" != 'true' ] && \
[ "$use_vlan" != 'true' ] && continue
- if [ "$autoconf" = "static" ] &&
- [ -e /etc/sysconfig/network/ifcfg-${netif} ] ; then
- # Pull in existing static configuration
- . /etc/sysconfig/network/ifcfg-${netif}
- ip=${IPADDR}
- prefix=${PREFIXLEN}
- mtu=${MTU}
- server=${REMOTE_IPADDR}
- gw=${GATEWAY}
- autoconf=${BOOTPROTO}
- fi
-
# setup nameserver
namesrv="$dns1 $dns2 $(getargs nameserver)"
for s in $namesrv; do
echo nameserver $s >> /tmp/net.$netif.resolv.conf
done
- # Store config for later use
- for i in ip srv gw mask prefix hostname macaddr dns1 dns2; do
- eval '[ "$'$i'" ] && echo '$i'="$'$i'"'
- done > /tmp/net.$netif.override
-
case $autoconf in
dhcp4|dhcp|on|any)
do_dhcp -4 ;;
@@ -466,7 +489,6 @@ for p in $(getargs ip=); do
fi
fi
- exit 0
done
# netif isn't the top stack? Then we should exit here.
@@ -486,4 +508,9 @@ if [ ! -e /tmp/net.${netif}.up ]; then
fi
fi
+if [ -e /tmp/net.${netif}.up ]; then
+ > /tmp/net.$netif.did-setup
+ [ -e /sys/class/net/$netif/address ] && \
+ > /tmp/net.$(cat /sys/class/net/$netif/address).did-setup
+fi
exit 0
diff --git a/modules.d/40network/net-genrules.sh b/modules.d/40network/net-genrules.sh
index 2fd8c6b..9d0ed20 100755
--- a/modules.d/40network/net-genrules.sh
+++ b/modules.d/40network/net-genrules.sh
@@ -99,7 +99,7 @@ command -v fix_bootif >/dev/null || . /lib/net-lib.sh
# if you change the name of "91-default-net.rules", also change modules.d/80cms/cmssetup.sh
if [ "$NEEDNET" = "1" ]; then
echo "$cond, $runcmd" > /etc/udev/rules.d/91-default-net.rules
- echo "[ -f /tmp/net.*.did-setup ]" >$hookdir/initqueue/finished/wait-network.sh
+ echo "ls -1 /tmp/net.*.did-setup >/dev/null 2>&1" >$hookdir/initqueue/finished/wait-network.sh
fi
fi
diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh
index fce845a..e8d898a 100755
--- a/modules.d/40network/net-lib.sh
+++ b/modules.d/40network/net-lib.sh
@@ -111,6 +111,7 @@ ifdown() {
ip addr flush dev $netif
echo "#empty" > /etc/resolv.conf
rm -f -- /tmp/net.$netif.did-setup
+ rm -f -- /tmp/net.$netif.conf
[ -e /sys/class/net/$netif/address ] && \
rm -f -- /tmp/net.$(cat /sys/class/net/$netif/address).did-setup
# TODO: send "offline" uevent?
@@ -165,9 +166,6 @@ setup_net() {
fi
unset layer2
- > /tmp/net.$netif.did-setup
- [ -e /sys/class/net/$netif/address ] && \
- > /tmp/net.$(cat /sys/class/net/$netif/address).did-setup
}
save_netinfo() {
diff --git a/modules.d/40network/parse-ibft.sh b/modules.d/40network/parse-ibft.sh
index 9776c75..b81ddb1 100755
--- a/modules.d/40network/parse-ibft.sh
+++ b/modules.d/40network/parse-ibft.sh
@@ -6,5 +6,7 @@ command -v getarg >/dev/null || . /lib/dracut-lib.sh
command -v ibft_to_cmdline >/dev/null || . /lib/net-lib.sh
# If ibft is requested, read ibft vals and write ip=XXX cmdline args
-[ "ibft" = "$(getarg ip=)" ] && ibft_to_cmdline
+for i in $(getargs ip=); do
+ [ "ibft" = "$i" ] && ibft_to_cmdline && break
+done
diff --git a/modules.d/40network/parse-ip-opts.sh b/modules.d/40network/parse-ip-opts.sh
index 52a1923..13bc45c 100755
--- a/modules.d/40network/parse-ip-opts.sh
+++ b/modules.d/40network/parse-ip-opts.sh
@@ -78,24 +78,22 @@ for p in $(getargs ip=); do
die "Sorry, automatic calculation of netmask is not yet supported"
;;
auto6);;
- dhcp|dhcp6|on|any) \
- [ -n "$NEEDBOOTDEV" ] && [ -z "$dev" ] && \
- die "Sorry, 'ip=$p' does not make sense for multiple interface configurations"
- [ -n "$ip" ] && \
- die "For argument 'ip=$p'\nSorry, setting client-ip does not make sense for '$autoconf'"
- ;;
+ dhcp|dhcp6|on|any) ;;
*) die "For argument 'ip=$p'\nSorry, unknown value '$autoconf'";;
esac
+ dup=0
if [ -n "$dev" ] ; then
# We don't like duplicate device configs
if [ -n "$IFACES" ] ; then
for i in $IFACES ; do
- [ "$dev" = "$i" ] && die "For argument 'ip=$p'\nDuplication configurations for '$dev'"
+ [ "$dev" = "$i" ] && dup=1 && break
done
fi
# IFACES list for later use
- IFACES="$IFACES $dev"
+ if [ $dup -eq 0 ]; then
+ IFACES="$IFACES $dev"
+ fi
fi
# Do we need to check for specific options?
--
1.7.6.1
++++++ 0134-Remove-bootdev-warning-bnc-881112.patch ++++++
From 819be42f7f95d8bac0fd952a6fcc95df019064c7 Mon Sep 17 00:00:00 2001
From: Julian Wolf
Date: Tue, 12 Aug 2014 17:11:44 +0200
Subject: Remove bootdev warning (bnc#881112)
Signed-off-by: Julian Wolf
---
modules.d/40network/parse-ip-opts.sh | 19 ++-----------------
1 files changed, 2 insertions(+), 17 deletions(-)
diff --git a/modules.d/40network/parse-ip-opts.sh b/modules.d/40network/parse-ip-opts.sh
index 13bc45c..abd8e17 100755
--- a/modules.d/40network/parse-ip-opts.sh
+++ b/modules.d/40network/parse-ip-opts.sh
@@ -21,23 +21,8 @@ if [ -n "$netroot" ] && [ -z "$(getarg ip=)" ] && [ -z "$(getarg BOOTIF=)" ]; th
return;
fi
-# Count ip= lines to decide whether we need bootdev= or not
-if [ -z "$NEEDBOOTDEV" ] ; then
- count=0
- for p in $(getargs ip=); do
- count=$(( $count + 1 ))
- done
- [ $count -gt 1 ] && NEEDBOOTDEV=1
-fi
-unset count
-
-# If needed, check if bootdev= contains anything usable
BOOTDEV=$(getarg bootdev=)
-if [ -n "$NEEDBOOTDEV" ] ; then
- [ -z "$BOOTDEV" ] && warn "Please supply bootdev argument for multiple ip= lines"
-fi
-
# Check ip= lines
# XXX Would be nice if we could errorcheck ip addresses here as well
for p in $(getargs ip=); do
@@ -46,14 +31,14 @@ for p in $(getargs ip=); do
# make first device specified the BOOTDEV
if [ -z "$BOOTDEV" ] && [ -n "$dev" ]; then
BOOTDEV="$dev"
- [ -n "$NEEDBOOTDEV" ] && warn "Setting bootdev to '$BOOTDEV'"
+ warn "Setting bootdev to '$BOOTDEV'"
fi
# skip ibft since we did it above
[ "$autoconf" = "ibft" ] && continue
# We need to have an ip= line for the specified bootdev
- [ -n "$NEEDBOOTDEV" ] && [ "$dev" = "$BOOTDEV" ] && BOOTDEVOK=1
+ [ "$dev" = "$BOOTDEV" ] && BOOTDEVOK=1
# Empty autoconf defaults to 'dhcp'
if [ -z "$autoconf" ] ; then
--
1.7.6.1
++++++ 0135-lvm-Fix-12819a579900b9691e2-check-for-existance-of-6.patch ++++++
From 416e3ebbabcf7a7786aeb642f5fcbd62a7850ff0 Mon Sep 17 00:00:00 2001
From: Thomas Renninger
Date: Thu, 14 Aug 2014 15:50:29 +0200
Subject: lvm: Fix 12819a579900b9691e2 check for existance of
69-dm-lvm-metad.rules
Move last sed into if condition that checks for 69-dm-lvm-metad.rules existence
Signed-off-by: Thomas Renninger
---
modules.d/90lvm/module-setup.sh | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/modules.d/90lvm/module-setup.sh b/modules.d/90lvm/module-setup.sh
index 77f9e9d..6fda69e 100755
--- a/modules.d/90lvm/module-setup.sh
+++ b/modules.d/90lvm/module-setup.sh
@@ -84,13 +84,14 @@ install() {
inst_rules 11-dm-lvm.rules 69-dm-lvm-metad.rules
# Do not run lvmetad update via pvscan in udev rule - lvmetad is not running yet in dracut!
- if [[ -f ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules ]] && \
- grep -q SYSTEMD_WANTS ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules; then
+ if [[ -f ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules ]];then
+ if grep -q SYSTEMD_WANTS ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules; then
sed -i -e 's/^ENV{SYSTEMD_ALIAS}=.*/# No LVM pvscan in dracut - lvmetad is not running yet/' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules
sed -i -e 's/^ENV{ID_MODEL}=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules
sed -i -e 's/^ENV{SYSTEMD_WANTS}=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules
- else
- sed -i -e 's/.*lvm pvscan.*/# No LVM pvscan for in dracut - lvmetad is not running yet/' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules
+ else
+ sed -i -e 's/.*lvm pvscan.*/# No LVM pvscan for in dracut - lvmetad is not running yet/' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules
+ fi
fi
# Gentoo ebuild for LVM2 prior to 2.02.63-r1 doesn't install above rules
--
1.7.6.1
++++++ 0136-Revert-95udev-rules-add-persistent-network-rule.patch ++++++
From 200629fb5957d091525057ccde391b8282074ed7 Mon Sep 17 00:00:00 2001
From: Thomas Renninger
Date: Thu, 14 Aug 2014 16:08:23 +0200
Subject: Revert "95udev-rules: add persistent network rule"
This reverts commit 577e9e8a0d5e060e14ac1caef28201bfa208275c.
---
modules.d/95udev-rules/module-setup.sh | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/modules.d/95udev-rules/module-setup.sh b/modules.d/95udev-rules/module-setup.sh
index 059ad0d..864897f 100755
--- a/modules.d/95udev-rules/module-setup.sh
+++ b/modules.d/95udev-rules/module-setup.sh
@@ -34,7 +34,6 @@ install() {
60-pcmcia.rules \
50-udev.rules 95-late.rules \
50-firmware.rules \
- 70-persistent-net.rules \
59-scsi-sg3_utils.rules \
75-net-description.rules \
80-net-name-slot.rules 80-net-setup-link.rules \
--
1.7.6.1
++++++ 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch ++++++
From 6a85f188d671723ad76bb729307c12e89199b7bd Mon Sep 17 00:00:00 2001
From: Marcus Meissner
Date: Thu, 14 Aug 2014 16:13:55 +0200
Subject: Switch from Mozilla NSS sha256hmac checking to fipscheck as
recommended
Signed-off-by: Thomas Renninger
---
modules.d/01fips/fips.sh | 6 ++----
modules.d/01fips/module-setup.sh | 13 +++++++------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 07bd1da..19a2d8e 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -61,9 +61,7 @@ do_rhevh_check()
kpath=${1}
# If we're on RHEV-H, the kernel is in /run/initramfs/live/vmlinuz0
- HMAC_SUM_ORIG=$(cat $NEWROOT/boot/.vmlinuz-${KERNEL}.hmac | while read a b; do printf "%s\n" $a; done)
- HMAC_SUM_CALC=$(sha512hmac $kpath | while read a b; do printf "%s\n" $a; done || return 1)
- if [ -z "$HMAC_SUM_ORIG" ] || [ -z "$HMAC_SUM_CALC" ] || [ "${HMAC_SUM_ORIG}" != "${HMAC_SUM_CALC}" ]; then
+ if fipscheck $NEWROOT/boot/vmlinuz-${KERNEL} ; then
warn "HMAC sum mismatch"
return 1
fi
@@ -128,7 +126,7 @@ do_fips()
elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then
do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
else
- sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1
+ fipscheck "/boot/vmlinuz-${KERNEL}" || return 1
fi
info "All initrd crypto checks done"
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 8437e56..009b2ca 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -23,7 +23,7 @@ installkernel() {
_fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "
_fipsmodules+="ghash-clmulni-intel "
- _fipsmodules+="drbg "
+ _fipsmodules+="drbg"
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
@@ -42,15 +42,16 @@ install() {
inst_hook pre-pivot 01 "$moddir/fips-noboot.sh"
inst_script "$moddir/fips.sh" /sbin/fips.sh
- inst_multiple sha512hmac rmmod insmod mount uname umount fipscheck
+ inst_multiple rmmod insmod mount uname umount fipscheck strace
- inst_libdir_file libsoftokn3.so libsoftokn3.so \
- libsoftokn3.chk libfreebl3.so libfreebl3.chk \
- libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10 \
+ inst_libdir_file \
+ fipscheck .fipscheck.hmac \
+ libfipscheck.so.1 \
+ .libfipscheck.so.1.hmac .libfipscheck.so.1.1.0.hmac \
+ libcrypto.so.1.0.0 libssl.so.1.0.0 \
.libcrypto.so.1.0.0.hmac .libssl.so.1.0.0.hmac \
.libcryptsetup.so.4.5.0.hmac .libcryptsetup.so.4.hmac \
.libgcrypt.so.20.hmac \
- .libfipscheck.so.1.hmac .libfipscheck.so.1.1.0.hmac
# we do not use prelink at SUSE
#inst_multiple -o prelink
--
1.7.6.1
++++++ 0138-warpclock-Do-not-use-warpclock-module-on-S390-x-hwcl.patch ++++++
From 56b5871a7336b1d90c76a282fa3d7f76e7f10769 Mon Sep 17 00:00:00 2001
From: Thomas Renninger
Date: Thu, 14 Aug 2014 16:59:16 +0200
Subject: warpclock: Do not use warpclock module on S390(x), hwclock does not
exist there
bnc#884513
Signed-off-by: Thomas Renninger
---
modules.d/00warpclock/module-setup.sh | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/modules.d/00warpclock/module-setup.sh b/modules.d/00warpclock/module-setup.sh
index 5aec4eb..9af1ee7 100755
--- a/modules.d/00warpclock/module-setup.sh
+++ b/modules.d/00warpclock/module-setup.sh
@@ -4,6 +4,10 @@
# called by dracut
check() {
+ # hwclock does not exist on S390(x), bail out silently then
+ local _arch=$(uname -m)
+ [ "$_arch" = "s390" -o "$_arch" = "s390x" ] && return 1
+
[ -e /etc/localtime -a -e /etc/adjtime ] || return 1
require_binaries /sbin/hwclock || return 1
}
--
1.7.6.1
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org