fips: removed false-positive 'FATAL: Module xxx not found' error message when kernel...

author Renaud Métrich <rmetrich@redhat.com>

Wed, 14 Nov 2018 12:19:27 +0000 (13:19 +0100)

committer Harald Hoyer <harald@hoyer.xyz>

Thu, 15 Nov 2018 09:46:24 +0000 (10:46 +0100)
author Renaud Métrich <rmetrich@redhat.com>
Wed, 14 Nov 2018 12:19:27 +0000 (13:19 +0100)
committer Harald Hoyer <harald@hoyer.xyz>
Thu, 15 Nov 2018 09:46:24 +0000 (10:46 +0100)
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh

index 9bc089f21ee2559df817d71ce87ade34eca4412c..c6c986cf7cd35b641f0e705a4e11454a40fad48d 100755 (executable)
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -84,7 +84,7 @@ do_fips()
      mv /etc/modprobe.d/fips.conf /etc/modprobe.d/fips.conf.bak
      for _module in $FIPSMODULES; do
          if [ "$_module" != "tcrypt" ]; then
-            if ! modprobe "${_module}"; then
+            if ! modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
                  # check if kernel provides generic algo
                  _found=0
                  while read _k _s _v || [ -n "$_k" ]; do
@@ -93,7 +93,7 @@ do_fips()
                      _found=1
                      break
                  done </proc/crypto
-                [ "$_found" = "0" ] && return 1
+                [ "$_found" = "0" ] && cat /tmp/fips.modprobe_err >&2 && return 1
              fi
          fi
      done
author	Renaud Métrich <rmetrich@redhat.com>
	Wed, 14 Nov 2018 12:19:27 +0000 (13:19 +0100)
committer	Harald Hoyer <harald@hoyer.xyz>
	Thu, 15 Nov 2018 09:46:24 +0000 (10:46 +0100)