#!/usr/bin/bash set -e system_fips=/etc/system-fips dracut_cfg_d=/etc/dracut.conf.d dracut_cfg=$dracut_cfg_d/40-fips.conf is_ostree_system=0 if test -f /run/ostree-booted; then is_ostree_system=1 fi if test x"$1" != x--complete ; then echo "Complete the installation of FIPS modules." echo "usage: $0 --complete" exit 2 fi if [ $(id -u) != 0 ]; then echo "You must be root to run $(basename $0)" exit 1 fi umask 022 trap "rm -f $system_fips $dracut_cfg" ERR echo "# FIPS module installation complete" >$system_fips if test ! -d $dracut_cfg_d -o ! -d /boot -o "$is_ostree_system" = 1 ; then # No dracut configuration or boot directory present, do not try to modify it. # Also, on OSTree systems, we currently rely on the initrd already including # the FIPS module. exit 0 fi cat >$dracut_cfg </dev/null; then zipl else echo '`zipl` execution has been skipped: `zipl` not found.' fi fi