sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4633da7750
diskimage-builder/diskimage_builder/elements
History
Julia Kreger 4633da7750 Correct boot path to cover FIPS usage cases 
When your booting a Linux system using dracut, i.e. with any
redhat style distribution, dracut's internal code looks to validate
the kernel hmac signature in before proceeding to userspace.

It does this by looking at the /boot/ folder file for the kernel
hmac file.

And it normally does this with the root filesystem. Except if the
kernel is not on the root filesystem and is instead on a /boot
filesystem, this breaks horribly. This is compounded because
DIB enables the operator to restructure the OS image/layout
to fit their needs. In order for this to be navigated, as dracut
is written, we need to pass a "boot=" argument to the kernel.

So now we attempt to purge any prior boot entry in the disk image
content, which is good because any filesystem operations invalidate
it, and then we attempt to identify the boot filesystem, and save a
boot kernel command line parameter so the resulting image can
boot properly if FIPS was enabled in the prior image.

Regex developed with https://sed.js.org utilizing stdin:

VAR="quiet boot=UUID=173c759f-1302-48a3-9d51-a17784c21e03 text"
VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03"
VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03 reboot=meow"
VAR="quiet boot=UUID=/dev/sda1 text"
VAR="quiet boot=/dev/sda1"
VAR="quiet boot=/dev/sda1 reboot=meow"
VAR="quiet after_boot=1 reboot=meow boot=/dev/sda1"
VAR="quiet after_boot=1 reboot=meow"

Which resulted in stdout:

VAR="quiet text"
VAR="quiet"
VAR="quiet reboot=meow"
VAR="quiet text"
VAR="quiet"
VAR="quiet reboot=meow"
VAR="quiet after_boot=1 reboot=meow"
VAR="quiet after_boot=1 reboot=meow"

Change-Id: I9034c21e84deda2ba2c0ec0d1d6d6595ed10bed4
2023-03-15 11:25:21 -07:00
..
apt-conf Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
apt-preferences Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
apt-sources Use local mirror for ubuntu-minimal jobs 2017-06-21 12:01:31 +10:00
baremetal Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
base Debuntu: add apt-transport-https 2020-04-02 10:11:35 +11:00
block-device-efi Document EFI elements requirements 2021-11-26 08:46:42 +01:00
block-device-efi-lvm Document EFI elements requirements 2021-11-26 08:46:42 +01:00
block-device-gpt Choose appropriate bootloader for block-device 2018-02-23 10:04:44 +11:00
block-device-mbr Choose appropriate bootloader for block-device 2018-02-23 10:04:44 +11:00
bootloader Correct boot path to cover FIPS usage cases 2023-03-15 11:25:21 -07:00
cache-url cache-url: Give up on curl install for Redhat platforms 2023-01-20 17:29:13 +11:00
centos Fix wrong yum.conf name of CentOS 9 Stream 2022-08-08 22:53:21 +09:00
centos7 Support secure-boot bootloader where possible 2021-03-11 10:27:59 +13:00
centos-minimal Merge "Cleanup more CentOS 8 bits" 2022-02-09 04:39:00 +00:00
cleanup-kernel-initrd Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
cloud-init Ensure cloud-init is configured to generated host keys 2022-05-06 11:10:54 +02:00
cloud-init-datasources Drop support for Ubuntu precise 2017-05-31 14:36:30 +02:00
cloud-init-disable-resizefs Disable growpart in cloud-init-disable-resizefs 2020-10-06 14:03:57 +02:00
cloud-init-growpart Added example configuration 2022-10-20 10:00:18 +02:00
cloud-init-nocloud Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
containerfile tox jobs: pin to correct nodesets; use host networking for containerfile 2022-12-16 09:52:46 +11:00
debian Fix cron not installed in debian 2021-09-01 23:49:27 +02:00
debian-minimal Futher bootloader cleanups 2022-02-10 15:08:56 +11:00
debian-systemd Install systemd earlier for Stretch 2017-06-19 13:27:33 +10:00
debian-upstart Install systemd earlier for Stretch 2017-06-19 13:27:33 +10:00
debootstrap debian-minimal: Set bullseye version 2021-04-28 09:48:22 -07:00
deploy-baremetal Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
deploy-kexec Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
deploy-targetcli Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
deploy-tgtadm Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
devuser install sudo in the devuser element 2018-03-22 00:16:09 -05:00
dhcp-all-interfaces Use internal dhcp client for centos 9-stream and beyond 2022-06-28 11:02:03 -07:00
dib-init-system Introduce manual setting of DIB_INIT_SYSTEM 2019-11-21 12:38:15 +11:00
dib-python Convert multi line if statement to case 2021-04-07 07:17:19 +00:00
dib-run-parts Revert "dib-lint: use yamllint to parse YAML files" 2020-05-28 16:44:49 +10:00
disable-nouveau Ensure nouveau is blacklisted in initramfs too 2019-10-23 10:16:00 +11:00
disable-selinux dib-lint: test elements have README.rst file 2020-01-20 11:43:43 +01:00
dkms Adopted dkms element to work on Ubuntu Jammy and nvidia drivers 2022-05-12 10:20:25 +00:00
docker Run dib-run-parts out of /tmp 2017-04-05 13:11:22 +10:00
dpkg Rename duplicating 10-debian-minimal.bash 2020-09-18 14:52:56 +10:00
dracut-network Remove dracut-network element 2017-05-31 08:36:56 +10:00
dracut-ramdisk Merge "Remove use of 'which'." 2017-06-11 09:30:34 +00:00
dracut-regenerate dracut-regenerate: drop Python 2 packages 2021-10-27 11:11:50 +11:00
dynamic-login Fix openssl example command in dynamic-login 2022-05-24 14:10:01 +03:00
element-manifest Release 1.24.0 2017-01-31 14:14:19 +11:00
elrepo Start running dib-lint again 2022-09-21 07:56:05 +10:00
enable-serial-console update various gentoo bits 2020-08-24 10:21:35 -05:00
ensure-venv Add ensure-venv element, install glean with it 2020-03-10 11:57:43 +11:00
epel CentOS Stream 9 has EPEL now 2022-04-07 09:01:13 +02:00
fedora chore: support building Fedora on arm64 AKA aarch64 2023-03-10 09:32:08 -08:00
fedora-container Add Fedora 36 support 2022-06-21 14:47:12 +10:00
fedora-minimal Remove OS CI mirror role from fedora(-minimal) tests 2022-02-18 08:11:18 -08:00
gentoo Allow Gentoo to manage python versions by itself 2022-07-10 22:12:03 -05:00
growroot Revert "dib-lint: use yamllint to parse YAML files" 2020-05-28 16:44:49 +10:00
growvols Reduce thin pool by one more extent 2022-12-22 17:24:03 +13:00
grub2 Remove centos 9 and rhel 8 block in grub2 pkg-map 2022-01-17 23:40:24 +01:00
hpdsa replace the link which is in the 06-hpdsa file 2021-03-12 19:16:50 +08:00
hwburnin Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
hwdiscovery Remove use of 'which'. 2017-05-19 12:43:36 -07:00
ibft-interfaces Add an element to configure iBFT network interfaces 2018-11-20 14:11:11 +01:00
ilo Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
install-bin pip-and-virtualenv: drop f31 & tumbleweed, rework suse 15 install 2020-04-23 08:10:26 +10:00
install-static Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
install-types Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
iscsi-boot Fix centos 8.3 partition image building error with element iscsi-boot 2021-01-14 02:05:20 +00:00
iso Merge "Change paths for bootloader files in iso element" 2021-03-16 09:56:07 +00:00
journal-to-console journal-to-console: element to send systemd journal to console 2019-07-25 11:24:49 +10:00
keylime-agent Update keylime-agent and tpm-emulator elements 2021-10-06 15:05:28 -04:00
local-config Merge remote-tracking branch 'origin/master' into merge-branch 2016-11-29 07:43:46 +11:00
lvm changed release check logic in lvm element 2022-09-02 12:37:15 +02:00
manifests Set manifest permissions in the image 2017-05-24 15:20:55 +10:00
mellanox Mellanox element: removed ibutils,libibcm,libmlx4-dev 2020-03-23 00:06:53 +02:00
modprobe modprobe.d: use $TMP_MOUNT_PATH 2019-12-18 11:42:02 -05:00
modprobe-blacklist Add new modprobe element 2018-06-28 13:55:53 +02:00
no-final-image Remove the deprecated ironic-agent element 2021-01-21 14:06:08 +01:00
oat-client Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
openeuler-minimal Upgrade openEuler to 22.03 LTS 2022-08-01 19:22:35 +08:00
openssh-server openssh-server: harden sshd config 2019-05-01 11:42:21 -04:00
openstack-ci-mirrors Update centos element for 9-stream 2021-10-20 09:39:27 +11:00
opensuse opensuse: better report checksum errors 2022-07-12 14:03:10 +10:00
opensuse-minimal Support secure-boot bootloader where possible 2021-03-11 10:27:59 +13:00
package-installs Deprecate dib-python; remove from in-tree elements 2020-08-07 10:38:16 +10:00
pip-and-virtualenv Remove extra if/then/else construct in pip element 2021-12-29 16:43:00 +01:00
pip-cache Fix DIB ubuntu-minimal running on bionic (18.04) 2018-10-01 19:59:30 -07:00
pkg-map Add new container element - Rocky Linux 2022-01-31 17:26:16 +00:00
posix Merge remote-tracking branch 'origin/master' into merge-branch 2016-11-29 07:43:46 +11:00
proliant-tools Fix installation of proliant tools 2021-03-03 19:04:50 +01:00
pypi Deprecate dib-python; remove from in-tree elements 2020-08-07 10:38:16 +10:00
python-brickclient Merge branch 'master' into merge-branch 2017-02-09 13:35:53 +11:00
python-stow-versions Fix python-stow-versions 2020-11-17 09:23:32 +00:00
ramdisk Mount /sys RO 2021-07-05 11:45:02 +10:00
ramdisk-base Remove use of 'which'. 2017-05-19 12:43:36 -07:00
rax-nova-agent Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
redhat-common Revert "CentOS 9-stream : work around selinux permissions issue" 2022-06-16 11:24:24 +10:00
rhel Fix BLS entries for /boot partitions 2022-06-28 02:41:21 +00:00
rhel7 Deprecate rhel7 in favor of rhel 2019-05-29 12:07:44 +00:00
rhel-common Add subscription-manager repo names for RHEL-9 2022-08-02 08:53:13 +00:00
rocky-container Add Rocky 9 ARM64 functional test 2022-09-21 15:08:20 +10:00
rpm-distro Futher bootloader cleanups 2022-02-10 15:08:56 +11:00
runtime-ssh-host-keys Release 1.21.1 2017-02-02 20:36:23 +11:00
select-boot-kernel-initrd Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
selinux-permissive move selinux-permissive configure to pre-install phase 2018-11-19 13:13:57 +11:00
simple-init Install Fedora ifcfg NM compat package 2022-09-20 08:58:37 -07:00
source-repositories source-repositories : use explicit sudo/-C args when in REPO_DEST 2022-04-14 16:53:37 +00:00
stable-interface-names Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
svc-map update various gentoo bits 2020-08-24 10:21:35 -05:00
sysctl Release 1.25.2 2017-02-02 11:20:00 +11:00
sysprep Fix issue in extract image 2022-11-02 14:21:16 +00:00
tpm-emulator Update keylime-agent and tpm-emulator elements 2021-10-06 15:05:28 -04:00
uboot Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
ubuntu Merge "Removing old grub removal step" 2022-07-25 04:32:11 +00:00
ubuntu-common Bump Ubuntu release to focal 2021-08-26 23:28:33 -03:00
ubuntu-minimal Add Jammy functesting to dib 2022-05-04 13:03:50 -07:00
ubuntu-signed Use sphinx warning-is-error 2017-03-14 14:49:49 +11:00
ubuntu-systemd-container ubuntu-systemd-container: deprecate and remove jobs 2021-10-20 09:39:27 +11:00
vm Add block-device defaults 2018-02-23 10:04:40 +11:00
yum Add variable for check installing python3 in yum element 2022-12-16 03:51:10 +00:00
yum-minimal yum-minimal: workaround missing $releasedir variable 2022-05-03 15:47:55 +00:00
zipl Delete the duplicate words in 50-zipl 2019-01-07 10:02:35 +08:00
zypper Fix login.defs config for tumbleweed 2019-12-02 16:21:45 -08:00
zypper-minimal Mount /sys RO 2021-07-05 11:45:02 +10:00
__init__.py Fix unit tests for elements 2018-11-28 11:04:50 +11:00