From 5f09294360b270560cc95bd747c48002e6f13258 Mon Sep 17 00:00:00 2001 From: wangyueliang Date: Thu, 22 Aug 2024 16:17:21 +0800 Subject: [PATCH] gf-mksquashfs: Fips mode is not supported currently, blocking kernel hmac file related processing --- docs/changelog-compared-with-upstream.md | 1 + src/gf-mksquashfs | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/changelog-compared-with-upstream.md b/docs/changelog-compared-with-upstream.md index 9148090f..48f72759 100644 --- a/docs/changelog-compared-with-upstream.md +++ b/docs/changelog-compared-with-upstream.md @@ -54,6 +54,7 @@ #### 屏蔽不支持的kola选项 #### 暂不支持以osbuild方式构建磁盘镜像 #### 支持添加自签名根证书 +#### 暂不支持fips模式,屏蔽src/gf-mksquashfs文件中内核hmac文件相关处理 #### buildupload命令新增支持通过scp方式归档构建数据 #### plume update-release-index命令新增支持通过https和scp的方式更新release index文件 #### 新增指令cmd-rollout diff --git a/src/gf-mksquashfs b/src/gf-mksquashfs index fc30a76a..e8a24aec 100755 --- a/src/gf-mksquashfs +++ b/src/gf-mksquashfs @@ -40,8 +40,13 @@ coreos_gf upload "${tmpd}/config.new" /ostree/repo/config # And ensure that the kernel binary and hmac file is in the place that dracut # expects it to be; xref https://issues.redhat.com/browse/OCPBUGS-15843 kernel_binary=$(coreos_gf glob-expand /boot/ostree/*/vmlinuz*) -kernel_hmac=$(coreos_gf glob-expand /boot/ostree/*/.*.hmac) -coreos_gf ln "${kernel_hmac}" "/boot/$(basename "${kernel_hmac}")" + +# openEuler kernel currently do not support FIPS, and NestOS will maintain the status quo. Resulting in: +# 1.The following file processing is not currently required +# 2.To enable, the kernel package should provide the file /lib/modules/$kver/.vmlinuz.hmac + +# kernel_hmac=$(coreos_gf glob-expand /boot/ostree/*/.*.hmac) +# coreos_gf ln "${kernel_hmac}" "/boot/$(basename "${kernel_hmac}")" coreos_gf ln "${kernel_binary}" "/boot/$(basename "${kernel_binary}")" coreos_gf mksquashfs / "${tmp_dest}" "compress:${compression}" -- Gitee