fips: precreate /dev/random /dev/urandom

otherwise libgcrypt might be unhappy, if used before devtmpfs is mounted

https://bugzilla.redhat.com/show_bug.cgi?id=1401444

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 65177a96a82c3a1a962fd5e13ccd1739711db65c..263f981bc9e443ae39056dc5e56398b680fa3a5b 100755 (executable)
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -46,5 +46,16 @@ install() {
 
     inst_multiple -o prelink
     inst_simple /etc/system-fips
+    [ -c ${initdir}/dev/random ] || mknod ${initdir}/dev/random c 1 8 \
+        || {
+            dfatal "Cannot create /dev/random"
+            dfatal "To create an initramfs with fips support, dracut has to run as root"
+            return 1
+        }
+    [ -c ${initdir}/dev/urandom ] || mknod ${initdir}/dev/urandom c 1 9 \
+        || {
+            dfatal "Cannot create /dev/random"
+            dfatal "To create an initramfs with fips support, dracut has to run as root"
+            return 1
+        }
 }
-