On 04/21/2009 01:43 PM, Hans de Goede wrote:
> +if [ "$withfips" -eq 1 ]; then
> + if ! grep -q /boot $fstab; then
This check is bad, it catches /boot/efi and other such mountpoints erroneously.
Better to check if "bootfs" is set 3 lines later. We probably ought to add a
similar check in anaconda, so that you can't ever get into the situation where
fips is enabled and /boot isn't separate.
> + inst /usr/bin/sha512hmac $MNTIMAGE/bin/sha512hmac
> + # sha512mac is dynamically linked and uses dlopen-ed .so files,
> + # this must be this way for libnss fips cert.
> + libs=$(ldd /usr/bin/sha512hmac | cut -d ' ' -f 3)
These libs will get pulled in by the "inst" line above.
> + ld_linux=$(ldd /usr/bin/sha512hmac | cut -d ' ' -f 1 | grep ld-linux)
This will also get pulled in by the "inst" above. Also, "ld-linux" isn't in
the name on all platforms.
> + if echo "$libs" | grep -q lib64; then
> + libdir="lib64"
> + else
> + libdir="lib"
> + fi
> + libs="$libs $ld_linux"
> + libs="$libs /usr/$libdir/libsoftokn3.so /usr/$libdir/libsoftokn3.chk"
> + libs="$libs /usr/$libdir/libfreebl3.so /usr/$libdir/libfreebl3.chk"
This should probably just be:
libdir=lib
file /usr/bin/sha512hmac | grep -q 64-bit && libdir=lib64
libs="/usr/$libdir/libsoftokn3.so /usr/$libdir/libsoftokn3.chk"
libs="$libs /usr/$libdir/libfreebl3.so /usr/$libdir/libfreebl3.chk"
Hardcoding these libraries seems like it'll create maintenance needs later, but
I don't really have a better answer.
--
Peter
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
