From 33cf47a60870cc290bd5b59c9cf87c54ad37051f Mon Sep 17 00:00:00 2001
From: Tony Asleson <tasleson@redhat.com>
Date: Tue, 19 Oct 2021 15:18:26 -0500
Subject: [PATCH] feat(systemd-integritysetup): introducing the
 systemd-integritysetup module

Module to allow root FS to be a dm-integrity volume.  Utilizes
functionality added with: https://github.com/systemd/systemd/pull/20902

Information on dm-integrity:
https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html

Signed-off-by: Tony Asleson <tasleson@redhat.com>
---
 .../01systemd-integritysetup/module-setup.sh  | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100755 modules.d/01systemd-integritysetup/module-setup.sh

diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh
new file mode 100755
index 0000000000..3d17640495
--- /dev/null
+++ b/modules.d/01systemd-integritysetup/module-setup.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd dm
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+installkernel() {
+    instmods dm-integrity
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    inst_multiple -o \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        "$systemdsystemunitdir"/integritysetup-pre.target \
+        "$systemdsystemunitdir"/integritysetup.target \
+        "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            /etc/integritytab \
+            "$systemdsystemconfdir"/integritysetup.target \
+            "$systemdsystemconfdir/integritysetup.target.wants/*.target" \
+            "$systemdsystemconfdir"/integritysetup-pre.target \
+            "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \
+            "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \
+            "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target"
+    fi
+
+    # Install required libraries.
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*"
+
+}