Support to enable fips for the command sonic_installer #2154
Conversation
|
This pull request introduces 3 alerts when merging ce5ef1f into 1143869 - view on LGTM.com new alerts:
|
|
This pull request introduces 3 alerts when merging d119c2d into f64d280 - view on LGTM.com new alerts:
|
|
This pull request introduces 3 alerts when merging 691d393 into 3274b0e - view on LGTM.com new alerts:
|
|
This pull request introduces 2 alerts when merging 4e2cf1c into b5d6659 - view on LGTM.com new alerts:
|
|
This pull request introduces 2 alerts when merging 6b92447 into 3600639 - view on LGTM.com new alerts:
|
sonic_installer/main.py
Outdated
| # Set fips for image | ||
| @sonic_installer.command('set-fips') | ||
| @click.argument('image') | ||
| @click.option('--disable-fips', is_flag=True, |
There was a problem hiding this comment.
Changed to use --enable-fips/disable-fips.
sonic_installer/main.py
Outdated
| def set_fips(image): | ||
| """ Set fips for the image """ | ||
| bootloader = get_bootloader() | ||
| if image not in bootloader.get_installed_images(): |
There was a problem hiding this comment.
There is no function to retrieve the default image, if the image is not set, then we change the next image.
sonic_installer/main.py
Outdated
| sys.exit(1) | ||
| enable = bootloader.get_fips(image) | ||
| if enable: | ||
| click.echo("Fips is enabled") |
sonic_installer/bootloader/aboot.py
Outdated
| click.echo('Disabling FIPS...') | ||
| fips = "0" | ||
| cmdline = self._get_image_cmdline(image) | ||
| cmdline = re.sub(' sonic_fips=[^\s]', '', cmdline) + " sonic_fips=" + fips |
There was a problem hiding this comment.
It is to remove the old sonic-fips option, and then add the new setting, and we do not want to have impact on the other settings.
For example, the options as below:
rw console=tty0 console=ttyS0, 9600n8 quiet intel_idle.max_cstate=0 sonic_fips=0 og_size=4096
After changed, the options with multiple space characters will not be changed
rw console=tty0 console=ttyS0, 9600n8 quiet intel_idle.max_cstate=0 og_size=4096 sonic_fips=1
sonic_installer/bootloader/aboot.py
Outdated
| fips = "1" | ||
| else: | ||
| click.echo('Disabling FIPS...') | ||
| fips = "0" |
There was a problem hiding this comment.
Just use "1" if enable else "0" #Closed
|
@xumia this change cannot be cherry-picked cleanly. |
|
@xumia can you create separate PR for 202205 branch? |
What I did Cherry-pick #2154 Support to enable fips for the command sonic_installer See sonic-net/SONiC#997 How I did it sonic-installer set-fips [--enable-fips|--disable-fips] sonic-installer get-fips
What I did
Support to enable fips for the command sonic_installer
See sonic-net/SONiC#997
How I did it
sonic-installer set-fips![]()
[--enable-fips|--disable-fips]![]()
sonic-installer get-fips
How to verify it
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)