On Fedora/RHEL, libcryto will verify both itself and libssl on start, if
libssl is missing, FIPS self test will fail. However libssl is not a
dependency of libcryto so dracut will not install it, unless some other
binary or library pulls it in. Systemd requires libssl, so in most cases
it just worked, but could fail in some corner cases where systemd is not
used.
Signed-off-by: Kairui Song <kasong@redhat.com>
break 2
done
done
+
+ # FIPS workaround for Fedora/RHEL: libcrypto needs libssl when FIPS is enabled
+ if [[ $DRACUT_FIPS_MODE ]]; then
+ for _dir in $libdirs; do
+ for _f in "$dracutsysrootdir$_dir/libcrypto.so"*; do
+ [[ -e "$_f" ]] || continue
+ inst_libdir_file -o "libssl.so*"
+ break 2
+ done
+ done
+ fi
fi
if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then