From ba5d1f10055be7ef014ff0bd7795ccf122b95be2 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 20 Jan 2025 14:16:38 +0100
Subject: [PATCH] feat: add openssl module

---
 .distro/dracut.spec                  |  6 +++++-
 modules.d/99openssl/module-setup.sh  | 19 +++++++++++++++++++
 modules.d/99openssl/openssl-check.sh | 27 +++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100755 modules.d/99openssl/module-setup.sh
 create mode 100755 modules.d/99openssl/openssl-check.sh

diff --git a/.distro/dracut.spec b/.distro/dracut.spec
index e89233f8..01f32365 100644
--- a/.distro/dracut.spec
+++ b/.distro/dracut.spec
@@ -8,7 +8,7 @@
 
 Name: dracut
 Version: 103
-Release: 1%{?dist}
+Release: 3%{?dist}
 
 Summary: Initramfs generator using udev
 
@@ -352,6 +352,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
 %{dracutlibdir}/modules.d/99base
 %{dracutlibdir}/modules.d/99memstrack
 %{dracutlibdir}/modules.d/99fs-lib
+%{dracutlibdir}/modules.d/99openssl
 %{dracutlibdir}/modules.d/99shutdown
 %attr(0644,root,root) %ghost %config(missingok,noreplace) %{_localstatedir}/log/dracut.log
 %dir %{_sharedstatedir}/initramfs
@@ -431,6 +432,9 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
 %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install
 
 %changelog
+* Mon Jan 20 2025 Pavel Valena <pvalena@redhat.com> - 103-3
+- feat: add openssl module
+
 * Mon Sep 16 2024 Pavel Valena <pvalena@redhat.com> - 103-1
 - Update to dracut 103.
 
diff --git a/modules.d/99openssl/module-setup.sh b/modules.d/99openssl/module-setup.sh
new file mode 100755
index 00000000..b5f5cbb2
--- /dev/null
+++ b/modules.d/99openssl/module-setup.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+check() {
+    require_binaries openssl || return 1
+
+    return 255
+}
+
+install() {
+
+    inst_simple "$moddir"/openssl-check.sh "/lib/openssl-check.sh"
+
+    inst_multiple -o \
+      /usr/bin/openssl \
+      /etc/pki/tls/openssl.cnf \
+      /etc/pki/tls/openssl.d/* \
+      /etc/crypto-policies/back-ends/opensslcnf.config \
+      /usr/lib64/ossl-modules/*.so
+}
diff --git a/modules.d/99openssl/openssl-check.sh b/modules.d/99openssl/openssl-check.sh
new file mode 100755
index 00000000..a839d0b6
--- /dev/null
+++ b/modules.d/99openssl/openssl-check.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+eok () {
+
+  {
+    [ $1 -eq 0 ] && echo OK || echo FAIL
+
+    echo
+
+  } 2>/dev/null
+}
+
+set -x
+
+openssl list -providers
+
+eok "$?"
+
+#openssl s_client -connect “$dns_server_ip:$dns_server_port” -servername “$dns_server_name” </dev/null
+
+#openssl s_client -connect “$test_hostname:$test_port” </dev/null
+
+#openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out localhost.key
+
+#openssl req -x509 -new -key localhost.key -subj /CN=localhost -days 365 -addext "subjectAltName = DNS:localhost" -out localhost.crt
+
+#openssl s_server -cert localhost.crt -key localhost.key -port “$test_port”