File: //proc/2/cwd/usr/bin/fips-finish-install
#!/bin/bash
set -e
system_fips=/etc/system-fips
dracut_cfg_d=/etc/dracut.conf.d
dracut_cfg=$dracut_cfg_d/40-fips.conf
is_ostree_system=0
if test -f /run/ostree-booted; then
is_ostree_system=1
fi
if test x"$1" != x--complete ; then
echo "Complete the instalation of FIPS modules."
echo "usage: $0 --complete"
exit 2
fi
if [ $(id -u) != 0 ]; then
echo "You must be root to run $(basename $0)"
exit 1
fi
umask 022
trap "rm -f $system_fips $dracut_cfg" ERR
echo "# FIPS module installation complete" >$system_fips
if test ! -d $dracut_cfg_d -o ! -d /boot -o "$is_ostree_system" = 1 ; then
# No dracut configuration or boot directory present, do not try to modify it.
# Also, on OSTree systems, we currently rely on the initrd already including
# the FIPS module.
exit 0
fi
cat >$dracut_cfg <<EOF
# turn on fips module
add_dracutmodules+=" fips "
EOF
echo "Kernel initramdisks are being regenerated. This might take some time."
dracut -f --regenerate-all
# This is supposed to be a fast and safe operation that's always good to run.
# Regenerating an initrd and skipping it might render the system unbootable
# (RHBZ#2013195).
if test x"$(uname -m)" = xs390x; then
if command -v zipl >/dev/null; then
zipl >/dev/null 2>&1
else
echo '`zipl` execution has been skipped: `zipl` not found.'
fi
fi