Merge pull request #518 from yast/backport-fips_fix

FIPS fix backport
yast · Jun 5, 2018 · fc68a9c · fc68a9c
2 parents ad7a301 + 4c9b792
commit fc68a9c
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 3 deletions.
diff --git a/package/yast2-bootloader.changes b/package/yast2-bootloader.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jun  4 15:08:17 UTC 2018 - jreidinger@suse.com
+
+- Propose fips boot parameter if it is used for installation
+  on s390 (bsc#1043029)
+- Propagate net.ifnames boot parameter on s390 (bsc#1086665)
+- 3.2.28
+
 -------------------------------------------------------------------
 Fri Apr 13 11:26:20 UTC 2018 - jreidinger@suse.com
 

diff --git a/package/yast2-bootloader.spec b/package/yast2-bootloader.spec
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-bootloader
-Version:        3.2.27
+Version:        3.2.28
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

diff --git a/src/modules/BootArch.rb b/src/modules/BootArch.rb
@@ -33,6 +33,13 @@ def main
       Yast.import "Stage"
     end
 
+    # list of regexp to match kernel params that should be added
+    # from installation to running kernel on s390 (bsc#1086665)
+    S390_WHITELIST = [
+      /net\.ifnames=\S*/,
+      /fips=\S*/
+    ].freeze
+
     # Get parameters for the default kernel
     # @param [String] resume string device to resume from (or empty not to set it)
     # @return [String] parameters for default kernel
@@ -57,6 +64,11 @@ def DefaultKernelParams(resume)
           "hvc_iucv=8 TERM=dumb"
         end
         parameters = "#{features} #{termparm}"
+        # pick selected params from installation command line
+        S390_WHITELIST.each do |pattern|
+          parameters << " #{Regexp.last_match(0)}" if kernel_cmdline =~ pattern
+        end
+
         parameters << " resume=#{resume}" unless resume.empty?
         return parameters
       else

diff --git a/test/boot_arch_test.rb b/test/boot_arch_test.rb
@@ -104,8 +104,23 @@ def stub_arch(arch)
         expect(subject.DefaultKernelParams("/dev/dasd2")).to include("resume=/dev/dasd2")
       end
 
-      # JR: temporary disabled as it cause build service only failure
-      it "does not add parameters from boot command line"
+      it "adds net.ifnames if boot command line contains it" do
+        allow(Yast::Kernel).to receive(:GetCmdLine).and_return("danger kill=1 murder=allowed net.ifnames=1 anarchy=0")
+        expect(subject.DefaultKernelParams("/dev/dasd2")).to include("net.ifnames=1")
+      end
+
+      it "adds fips if boot command line contains it" do
+        allow(Yast::Kernel).to receive(:GetCmdLine).and_return("danger kill=1 murder=allowed fips=1 anarchy=0")
+        expect(subject.DefaultKernelParams("/dev/dasd2")).to include("fips=1")
+      end
+
+      it "does not add other boot params" do
+        allow(Yast::Kernel).to receive(:GetCmdLine).and_return("danger kill=1 murder=allowed anarchy=0")
+        expect(subject.DefaultKernelParams("/dev/dasd2")).to_not include("danger")
+        expect(subject.DefaultKernelParams("/dev/dasd2")).to_not include("kill=1")
+        expect(subject.DefaultKernelParams("/dev/dasd2")).to_not include("murder=allowed")
+        expect(subject.DefaultKernelParams("/dev/dasd2")).to_not include("anarchy=0")
+      end
     end
 
     context "on POWER archs" do