From: Daniel Molkentin <dmolkentin@suse.com>
Date: Mon, 6 Jul 2020 12:47:28 +0000 (+0200)
Subject: 01fips: modprobe failures during manual module loading is not fatal
X-Git-Tag: 051~88
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da4c9a950f339f2e87a021f7d060bf7ac07f4f00;p=thirdparty%2Fdracut.git

01fips: modprobe failures during manual module loading is not fatal

Users might see

"modprobe: FATAL: Module xyz not found in directory"

The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.

It now reads "Module xyz not found in directory"

Reference: bsc#1169997
---

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 8fba135b2..37cde0c05 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -69,6 +69,14 @@ do_rhevh_check()
     return 0
 }
 
+nonfatal_modprobe()
+{
+    modprobe $1 2>&1 > /dev/stdout |
+        while read -r line || [ -n "$line" ]; do
+            echo "${line#modprobe: FATAL: }" >&2
+        done
+}
+
 fips_load_crypto()
 {
     FIPSMODULES=$(cat /etc/fipsmodules)
@@ -77,7 +85,7 @@ fips_load_crypto()
     mv /etc/modprobe.d/fips.conf /etc/modprobe.d/fips.conf.bak
     for _module in $FIPSMODULES; do
         if [ "$_module" != "tcrypt" ]; then
-            if ! modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
+            if ! nonfatal_modprobe "${_module}" 2>/tmp/fips.modprobe_err; then
                 # check if kernel provides generic algo
                 _found=0
                 while read _k _s _v || [ -n "$_k" ]; do