From 34c1b859c2e3a33d278013cff5e13298906de0df Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Wed, 21 Nov 2012 10:47:38 +0100
Subject: [PATCH] dracut.sh: do not strip signed kernel modules
https://bugzilla.redhat.com/show_bug.cgi?id=873796
---
dracut.sh | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/dracut.sh b/dracut.sh
index e463404..469f408 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1041,21 +1041,27 @@ if [[ $do_strip = yes ]] ; then
dinfo "*** Stripping files ***"
if [[ $DRACUT_FIPS_MODE ]]; then
find "$initdir" -type f \
- '(' -perm -0100 -or -perm -0010 -or -perm -0001 \
- -or -path '*/lib/modules/*.ko' ')' -print0 \
+ -executable -not -path '*/lib/modules/*.ko' -print0 \
| while read -r -d $'\0' f; do
if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \
&& ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \
&& ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then
echo -n "$f"; echo -n -e "\000"
fi
- done |xargs -r -0 strip -g 2>/dev/null
+ done | xargs -r -0 strip -g 2>/dev/null
else
find "$initdir" -type f \
- '(' -perm -0100 -or -perm -0010 -or -perm -0001 \
- -or -path '*/lib/modules/*.ko' ')' -print0 \
+ -executable -not -path '*/lib/modules/*.ko' -print0 \
| xargs -r -0 strip -g 2>/dev/null
fi
+
+ # strip kernel modules, but do not touch signed modules
+ find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
+ | while read -r -d $'\0' f; do
+ SIG=$(tail -c 28 "$f")
+ [[ $SIG == '~Module signature appended~' ]] || { echo -n "$f"; echo -n -e "\000"; }
+ done | xargs -r -0 strip -g
+
dinfo "*** Stripping files done ***"
fi