fipsify: Remove fipsify & photon-checksum-generator

  -  As Linux kernel crypto modules are going to be canisterized,
We do not need fipsify package, dracut fipsify module and
photon-checksum-generator package to verify the integrity of the
kernel crypto canister.

Change-Id: Iec858091dfd1a19e4369c042fead7b3cc4c4be5a
Signed-off-by: srinidhira0 <[email protected]>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/11350
Reviewed-by: Keerthana K <[email protected]>
Tested-by: Anish Swaminathan <[email protected]>

SPECS/dracut/dracut.spec

@@ -4,7 +4,7 @@
 Summary:        dracut to create initramfs
 Name:           dracut
 Version:        050
-Release:        4%{?dist}
+Release:        5%{?dist}
 Group:          System Environment/Base
 # The entire source code is GPLv2+
 # except install/* which is LGPLv2+
@@ -19,8 +19,7 @@ Source1:        https://www.gnu.org/licenses/lgpl-2.1.txt
 Patch0:         disable-xattr.patch
 Patch1:         fix-initrd-naming-for-photon.patch
 Patch2:         lvm-no-read-only-locking.patch
-Patch3:         fips-changes.patch
-Patch4:         fix-hostonly.patch
+Patch3:         fix-hostonly.patch
 
 BuildRequires:  bash git
 BuildRequires:  pkg-config
@@ -68,6 +67,7 @@ make %{?_smp_mflags} install \
 
 echo "DRACUT_VERSION=%{version}-%{release}" > $RPM_BUILD_ROOT/%{dracutlibdir}/dracut-version.sh
 
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/01fips
 rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/02fips-aesni
 
 rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/00bootchart
@@ -156,6 +156,8 @@ rm -rf -- $RPM_BUILD_ROOT
 %dir /var/lib/dracut/overlay
 
 %changelog
+*   Tue Nov 03 2020 Srinidhi Rao <[email protected]> 050-5
+-   Remove fipsify support
 *   Fri Oct 09 2020 Shreenidhi Shedi <[email protected]> 050-4
 -   Fixed hostonly setting logic to generate initrd properly
 *   Mon Oct 05 2020 Susant Sahani <[email protected]> 050-3

SPECS/initramfs/initramfs.spec

@@ -1,7 +1,7 @@
 Summary:	initramfs
 Name:		initramfs
 Version:	2.0
-Release:	5%{?dist}
+Release:	6%{?dist}
 Source0:	fscks.conf
 License:	Apache License
 Group:		System Environment/Base
@@ -19,7 +19,7 @@ install -D -m644 %{SOURCE0} %{buildroot}%{_sysconfdir}/dracut.conf.d/
 install -d -m755 %{buildroot}%{_localstatedir}/lib/initramfs/kernel
 
 %define watched_path %{_sbindir} %{_libdir}/udev/rules.d %{_libdir}/systemd/system /lib/modules %{_sysconfdir}/dracut.conf.d
-%define watched_pkgs e2fsprogs, systemd, kpartx, device-mapper-multipath fipsify
+%define watched_pkgs e2fsprogs, systemd, kpartx, device-mapper-multipath
 
 %define removal_action() rm -rf %{_localstatedir}/lib/rpm-state/initramfs
 
@@ -111,6 +111,8 @@ echo "initramfs" %{version}-%{release} "postun" >&2
 %dir %{_localstatedir}/lib/initramfs/kernel
 
 %changelog
+*   Tue Nov 03 2020 Srinidhi Rao <[email protected]> 2.0-6
+-   Remove the trigger for fipsify
 *   Tue Mar 17 2020 Vikash Bansal <[email protected]> 2.0-5
 -   Added trigger for fipsify
 *   Mon Aug 27 2018 Dheeraj Shetty <[email protected]> 2.0-4

SPECS/linux/linux-aws.spec

@@ -1,6 +1,5 @@
 %{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
 %global security_hardening none
-%global photon_checksum_generator_version 1.1
 %ifarch x86_64
 %define arch x86_64
 %define archdir x86
@@ -9,7 +8,7 @@
 Summary:        Kernel
 Name:           linux-aws
 Version:        5.9.0
-Release:        1%{?kat_build:.kat}%{?dist}
+Release:        2%{?kat_build:.kat}%{?dist}
 License:    	GPLv2
 URL:        	http://www.kernel.org/
 Group:        	System Environment/Kernel
@@ -25,10 +24,6 @@ Source1:	config-aws
 Source2:	initramfs.trigger
 Source3:        pre-preun-postun-tasks.inc
 Source4:        check_for_config_applicability.inc
-# Photon-checksum-generator kernel module
-Source5:        https://github.com/vmware/photon-checksum-generator/releases/photon-checksum-generator-%{photon_checksum_generator_version}.tar.gz
-%define sha1 photon-checksum-generator=1d5c2e1855a9d1368cf87ea9a8a5838841752dc3
-Source6:        genhmac.inc
 
 # common
 Patch0:         net-Double-tcp_mem-limits.patch
@@ -159,14 +154,6 @@ Requires:       python3
 %description docs
 The Linux package contains the Linux kernel doc files
 
-%package hmacgen
-Summary:        HMAC SHA256/HMAC SHA512 generator
-Group:          System Environment/Kernel
-Requires:      %{name} = %{version}-%{release}
-Enhances:       %{name}
-%description hmacgen
-This Linux package contains hmac sha generator kernel module.
-
 %ifarch x86_64
 %package oprofile
 Summary:        Kernel driver for oprofile, a statistical profiler for Linux systems
@@ -179,7 +166,6 @@ Kernel driver for oprofile, a statistical profiler for Linux systems
 %prep
 #TODO: remove rcN after 5.9 goes out of rc
 %setup -q -n linux-%{version}
-%setup -D -b 5 -n linux-%{version}
 
 %patch0 -p1
 %patch1 -p1
@@ -262,12 +248,6 @@ sed -i 's/CONFIG_LOCALVERSION="-aws"/CONFIG_LOCALVERSION="-%{release}-aws"/' .co
 
 make VERBOSE=1 KBUILD_BUILD_VERSION="1-photon" KBUILD_BUILD_HOST="photon" ARCH=%{arch} %{?_smp_mflags}
 
-#build photon-checksum-generator module
-bldroot=`pwd`
-pushd ../photon-checksum-generator-%{photon_checksum_generator_version}/kernel
-make -C $bldroot M=`pwd` modules
-popd
-
 %define __modules_install_post \
 for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \
     ./scripts/sign-file sha512 certs/signing_key.pem certs/signing_key.x509 $MODULE \
@@ -276,16 +256,13 @@ for MODULE in `find %{buildroot}/lib/modules/%{uname_r} -name *.ko` ; do \
     done \
 %{nil}
 
-%include %{SOURCE6}
-
 # We want to compress modules after stripping. Extra step is added to
 # the default __spec_install_post.
 %define __spec_install_post\
     %{?__debug_package:%{__debug_install_post}}\
     %{__arch_install_post}\
     %{__os_install_post}\
     %{__modules_install_post}\
-    %{__modules_gen_hmac}\
 %{nil}
 
 %install
@@ -296,12 +273,6 @@ install -vdm 755 %{buildroot}%{_usrsrc}/%{name}-headers-%{uname_r}
 install -vdm 755 %{buildroot}/usr/lib/debug/lib/modules/%{uname_r}
 make INSTALL_MOD_PATH=%{buildroot} modules_install
 
-#install photon-checksum-generator module
-bldroot=`pwd`
-pushd ../photon-checksum-generator-%{photon_checksum_generator_version}/kernel
-make -C $bldroot M=`pwd` INSTALL_MOD_PATH=%{buildroot} modules_install
-popd
-
 %ifarch x86_64
 
 # Verify for build-id match
@@ -369,9 +340,6 @@ find %{buildroot}/lib/modules -name '*.ko' -print0 | xargs -0 chmod u+x
 /sbin/depmod -aq %{uname_r}
 ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
 
-%post hmacgen
-/sbin/depmod -a %{uname_r}
-
 %post drivers-gpu
 /sbin/depmod -aq %{uname_r}
 
@@ -388,16 +356,13 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
 /boot/System.map-%{uname_r}
 /boot/config-%{uname_r}
 /boot/vmlinuz-%{uname_r}
-/boot/.vmlinuz-%{uname_r}.hmac
 %config(noreplace) /boot/%{name}-%{uname_r}.cfg
 %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
 %defattr(0644,root,root)
 /lib/modules/%{uname_r}/*
 %exclude /lib/modules/%{uname_r}/build
 %exclude /lib/modules/%{uname_r}/kernel/drivers/gpu
 %exclude /lib/modules/%{uname_r}/kernel/sound
-%exclude /lib/modules/%{uname_r}/extra/hmac_generator.ko.xz
-%exclude /lib/modules/%{uname_r}/extra/.hmac_generator.ko.xz.hmac
 %ifarch x86_64
 %exclude /lib/modules/%{uname_r}/kernel/arch/x86/oprofile/
 %endif
@@ -416,11 +381,6 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
 %exclude /lib/modules/%{uname_r}/kernel/drivers/gpu/drm/cirrus/
 /lib/modules/%{uname_r}/kernel/drivers/gpu
 
-%files hmacgen
-%defattr(-,root,root)
-/lib/modules/%{uname_r}/extra/hmac_generator.ko.xz
-/lib/modules/%{uname_r}/extra/.hmac_generator.ko.xz.hmac
-
 %files sound
 %defattr(-,root,root)
 /lib/modules/%{uname_r}/kernel/sound
@@ -432,6 +392,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
 %endif
 
 %changelog
+*   Tue Nov 03 2020 Srinidhi Rao <[email protected]> 5.9.0-2
+-   Remove the support of fipsify and hmacgen
 *   Wed Oct 28 2020 Him Kalyan Bordoloi <[email protected]> 5.9.0-1
 -   Update to version 5.9.0
 *   Tue Sep 29 2020 Satya Naga Vasamsetty <[email protected]> 4.19.127-3