diff options
| author | Harald Hoyer <harald@redhat.com> | 2012-11-21 10:47:38 +0100 |
|---|---|---|
| committer | Harald Hoyer <harald@redhat.com> | 2012-11-21 14:07:32 +0100 |
| commit | 2d9b156e9e56c7e5ff416f8b9fa94f28a6002acb (patch) | |
| tree | 992f57aec833207ac511f90b9b96d38d5b24ae57 /dracut.sh | |
| parent | 2b9be6f7077a5c6513aa40fc35944f118ed1e404 (diff) | |
| download | dracut-2d9b156e9e56c7e5ff416f8b9fa94f28a6002acb.tar.gz dracut-2d9b156e9e56c7e5ff416f8b9fa94f28a6002acb.tar.bz2 dracut-2d9b156e9e56c7e5ff416f8b9fa94f28a6002acb.zip | |
dracut.sh: do not strip signed kernel modules
https://bugzilla.redhat.com/show_bug.cgi?id=873796
Diffstat (limited to 'dracut.sh')
| -rwxr-xr-x | dracut.sh | 16 |
1 files changed, 11 insertions, 5 deletions
@@ -1041,21 +1041,27 @@ if [[ $do_strip = yes ]] ; then dinfo "*** Stripping files ***" if [[ $DRACUT_FIPS_MODE ]]; then find "$initdir" -type f \ - '(' -perm -0100 -or -perm -0010 -or -perm -0001 \ - -or -path '*/lib/modules/*.ko' ')' -print0 \ + -executable -not -path '*/lib/modules/*.ko' -print0 \ | while read -r -d $'\0' f; do if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \ && ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \ && ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then echo -n "$f"; echo -n -e "\000" fi - done |xargs -r -0 strip -g 2>/dev/null + done | xargs -r -0 strip -g 2>/dev/null else find "$initdir" -type f \ - '(' -perm -0100 -or -perm -0010 -or -perm -0001 \ - -or -path '*/lib/modules/*.ko' ')' -print0 \ + -executable -not -path '*/lib/modules/*.ko' -print0 \ | xargs -r -0 strip -g 2>/dev/null fi + + # strip kernel modules, but do not touch signed modules + find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \ + | while read -r -d $'\0' f; do + SIG=$(tail -c 28 "$f") + [[ $SIG == '~Module signature appended~' ]] || { echo -n "$f"; echo -n -e "\000"; } + done | xargs -r -0 strip -g + dinfo "*** Stripping files done ***" fi |