Hello community, here is the log from the commit of package dracut for openSUSE:Factory checked in at 2017-10-09 19:36:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dracut (Old) and /work/SRC/openSUSE:Factory/.dracut.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dracut" Mon Oct 9 19:36:15 2017 rev:114 rq:532412 version:044.1 Changes: -------- --- /work/SRC/openSUSE:Factory/dracut/dracut.changes 2017-09-09 20:23:44.725680143 +0200 +++ /work/SRC/openSUSE:Factory/.dracut.new/dracut.changes 2017-10-09 19:36:16.859072241 +0200 @@ -1,0 +2,7 @@ +Thu Sep 28 11:35:43 UTC 2017 - [email protected] + +- Add IMA functionality (fate#323289) + This is implemented as a sub module analogous to FIPS + * adds 0539-Add-IMA-functionality-fate-323289.patch + +------------------------------------------------------------------- New: ---- 0539-Add-IMA-functionality-fate-323289.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dracut.spec ++++++ --- /var/tmp/diff_new_pack.s5dJaL/_old 2017-10-09 19:36:20.210924902 +0200 +++ /var/tmp/diff_new_pack.s5dJaL/_new 2017-10-09 19:36:20.214924727 +0200 @@ -220,6 +220,7 @@ Patch536: 0536-90multipath-drop-67-kpartx-compat.rules.patch Patch537: 0537-dracut-init.sh-ignore-crc32.ko-in-builtin-test.patch Patch538: 0538-Enable-core-dumps-with-systemd-from-initrd.patch +Patch539: 0539-Add-IMA-functionality-fate-323289.patch BuildRequires: asciidoc BuildRequires: bash @@ -276,6 +277,15 @@ initramfs with dracut, which does an integrity check of the kernel and its cryptography during startup. +%package ima +Summary: Dracut modules to build a dracut initramfs with IMA +Group: System/Base +Requires: %{name} = %{version}-%{release} + +%description ima +This package requires everything which is needed to build an +initramfs with dracut, which tries to load an IMA policy during startup. + %package tools Summary: Tools to build a local initramfs Group: System/Base @@ -467,6 +477,7 @@ %patch536 -p1 %patch537 -p1 %patch538 -p1 +%patch539 -p1 %build %configure\ @@ -487,11 +498,6 @@ rm -fr %{buildroot}/%{dracutlibdir}/modules.d/00dash rm -fr %{buildroot}/%{dracutlibdir}/modules.d/05busybox -# with systemd IMA and selinux modules do not make sense -rm -fr %{buildroot}/%{dracutlibdir}/modules.d/96securityfs -rm -fr %{buildroot}/%{dracutlibdir}/modules.d/97masterkey -rm -fr %{buildroot}/%{dracutlibdir}/modules.d/98integrity - # remove gentoo specific modules rm -fr %{buildroot}%{dracutlibdir}/modules.d/50gensplash @@ -503,6 +509,7 @@ install -D -m 0644 dracut.conf.d/suse.conf.example %{buildroot}/usr/lib/dracut/dracut.conf.d/01-dist.conf install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/dracut.conf.d/99-debug.conf install -m 0644 dracut.conf.d/fips.conf.example %{buildroot}%{_sysconfdir}/dracut.conf.d/40-fips.conf +install -m 0644 dracut.conf.d/ima.conf.example %{buildroot}%{_sysconfdir}/dracut.conf.d/40-ima.conf # bsc#915218 %ifarch s390 s390x install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/dracut.conf.d/10-s390x_persistent_device.conf @@ -545,6 +552,9 @@ %post fips %{?regenerate_initrd_post} +%post ima +%{?regenerate_initrd_post} + %preun %service_del_preun purge-kernels.service @@ -555,12 +565,18 @@ %postun fips %{?regenerate_initrd_post} +%postun ima +%{?regenerate_initrd_post} + %posttrans %{?regenerate_initrd_posttrans} %posttrans fips %{?regenerate_initrd_posttrans} +%posttrans ima +%{?regenerate_initrd_posttrans} + %files fips %defattr(-,root,root,0755) %doc COPYING @@ -568,6 +584,14 @@ %{dracutlibdir}/modules.d/01fips %{dracutlibdir}/modules.d/02fips-aesni +%files ima +%defattr(-,root,root,0755) +%doc COPYING +%config %{_sysconfdir}/dracut.conf.d/40-ima.conf +%{dracutlibdir}/modules.d/96securityfs +%{dracutlibdir}/modules.d/97masterkey +%{dracutlibdir}/modules.d/98integrity + %files tools %defattr(-,root,root,0755) %{_bindir}/dracut-catimages ++++++ 0539-Add-IMA-functionality-fate-323289.patch ++++++ >From 31f5f290cf74a719b93439bced08260f5af47f80 Mon Sep 17 00:00:00 2001 From: Daniel Molkentin <[email protected]> Date: Thu, 28 Sep 2017 13:16:33 +0200 Subject: [PATCH] Add IMA functionality (fate#323289) This is implemented as a sub module analogous to FIPS. (changes to spec file applied in OBS only) --- dracut.conf.d/ima.conf.example | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 dracut.conf.d/ima.conf.example diff --git a/dracut.conf.d/ima.conf.example b/dracut.conf.d/ima.conf.example new file mode 100644 index 00000000..b4c4eea7 --- /dev/null +++ b/dracut.conf.d/ima.conf.example @@ -0,0 +1,3 @@ +# turn on ima modules + +add_dracutmodules+=" integrity " -- 2.14.1
