1 files changed, 43 insertions, 0 deletions

diff --git a/0015-dracut.sh-do-not-strip-in-FIPS-mode.patch b/0015-dracut.sh-do-not-strip-in-FIPS-mode.patch
new file mode 100644
index 0000000..32c4ca3
--- /dev/null
+++ b/0015-dracut.sh-do-not-strip-in-FIPS-mode.patch
@@ -0,0 +1,43 @@
+From 5ae33613ab3145db12f21bca491d97832160cc1a Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Tue, 6 Aug 2013 11:43:58 +0200
+Subject: [PATCH] dracut.sh: do not strip in FIPS mode
+
+---
+ dracut.sh | 22 ++++------------------
+ 1 file changed, 4 insertions(+), 18 deletions(-)
+
+diff --git a/dracut.sh b/dracut.sh
+index e119bd2..4ef71f3 100755
+--- a/dracut.sh
++++ b/dracut.sh
+@@ -1209,25 +1209,11 @@ if [[ $do_strip = yes ]] ; then
+     done
+ fi
+ 
+-if [[ $do_strip = yes ]] ; then
++if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
+     dinfo "*** Stripping files ***"
+-    if [[ $DRACUT_FIPS_MODE ]]; then
+-        find "$initdir" -type f \
+-            -executable -not -path '*/lib/modules/*.ko' -print0 \
+-            | while read -r -d $'\0' f; do
+-            if ! [[ -e "${f%/*}/.${f##*/}.hmac" ]] \
+-                && ! [[ -e "/lib/hmaccalc/${f##*/}.hmac" ]] \
+-                && ! [[ -e "/lib64/hmaccalc/${f##*/}.hmac" ]] \
+-                && ! [[ -e "/lib/fipscheck/${f##*/}.hmac" ]] \
+-                && ! [[ -e "/lib64/fipscheck/${f##*/}.hmac" ]]; then
+-                printf "%s\000" "$f";
+-            fi
+-        done | xargs -r -0 strip -g 2>/dev/null
+-    else
+-        find "$initdir" -type f \
+-            -executable -not -path '*/lib/modules/*.ko' -print0 \
+-            | xargs -r -0 strip -g 2>/dev/null
+-    fi
++    find "$initdir" -type f \
++        -executable -not -path '*/lib/modules/*.ko' -print0 \
++        | xargs -r -0 strip -g 2>/dev/null
+ 
+     # strip kernel modules, but do not touch signed modules
+     find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \