View file File name : fips-finish-install Content :#!/bin/bash set -e system_fips=/etc/system-fips dracut_cfg_d=/etc/dracut.conf.d dracut_cfg=$dracut_cfg_d/40-fips.conf is_ostree_system=0 if test -f /run/ostree-booted; then is_ostree_system=1 fi if test x"$1" != x--complete ; then echo "Complete the instalation of FIPS modules." echo "usage: $0 --complete" exit 2 fi if [ $(id -u) != 0 ]; then echo "You must be root to run $(basename $0)" exit 1 fi umask 022 trap "rm -f $system_fips $dracut_cfg" ERR echo "# FIPS module installation complete" >$system_fips if test ! -d $dracut_cfg_d -o ! -d /boot -o "$is_ostree_system" = 1 ; then # No dracut configuration or boot directory present, do not try to modify it. # Also, on OSTree systems, we currently rely on the initrd already including # the FIPS module. exit 0 fi cat >$dracut_cfg <<EOF # turn on fips module add_dracutmodules+=" fips " EOF echo "Kernel initramdisks are being regenerated. This might take some time." dracut -f --regenerate-all # This is supposed to be a fast and safe operation that's always good to run. # Regenerating an initrd and skipping it might render the system unbootable # (RHBZ#2013195). if test x"$(uname -m)" = xs390x; then if command -v zipl >/dev/null; then zipl >/dev/null 2>&1 else echo '`zipl` execution has been skipped: `zipl` not found.' fi fi