From: Harald Hoyer <harald@redhat.com>
Date: Thu, 29 Jun 2017 08:38:09 +0000 (+0200)
Subject: Try BOOT_IMAGE and fallback to vmlinuz-${KERNEL}
X-Git-Tag: 046~48
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d875f77f3d1c5e4161794ca59025bc6bcd77eaa;p=thirdparty%2Fdracut.git

Try BOOT_IMAGE and fallback to vmlinuz-${KERNEL}

On s390 BOOT_IMAGE only denotes the number of the boot record that
was selected in the bootloader and not the path to the kernel image.

Also only bail out, if the kernel hmac checking relies on that path.
---

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 1f84526ac..1e5707c03 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -77,12 +77,6 @@ do_fips()
     local _module
 
     KERNEL=$(uname -r)
-    BOOT_IMAGE="$(getarg BOOT_IMAGE)"
-    BOOT_IMAGE="${BOOT_IMAGE:-/vmlinuz-${KERNEL}}"
-    if ! [ -e "/boot/.${BOOT_IMAGE}.hmac" ] && ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
-        warn "/boot/.${BOOT_IMAGE}.hmac does not exist"
-        return 1
-    fi
 
     FIPSMODULES=$(cat /etc/fipsmodules)
 
@@ -115,6 +109,13 @@ do_fips()
     elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then
         do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
     else
+        BOOT_IMAGE="$(getarg BOOT_IMAGE)"
+        [ -e "/boot/.${BOOT_IMAGE}.hmac" ] || BOOT_IMAGE="vmlinuz-${KERNEL}"
+
+        if ! [ -e "/boot/.${BOOT_IMAGE}.hmac" ]; then
+            warn "/boot/.${BOOT_IMAGE}.hmac does not exist"
+            return 1
+        fi
         sha512hmac -c "/boot/.${BOOT_IMAGE}.hmac" || return 1
     fi