fips-mode-setup: gracefully handle OSTree-based systems
The script wants to inspect the initramfs and rebuild it. This is technically possible to do in Fedora CoreOS and RHEL CoreOS, but really we handle FIPS mode much earlier there without having to rebuild the initrd. The rationale is that we don't use Anaconda, and so we need to do some special maneuvers during firstboot in the initrd prior to any crypto-related code runs.
However, we do still want fips-mode-setup
for handling
update-crypto-policies
. We also want fips-mode-setup --check
to work
correctly.
Signed-off-by: Jonathan Lebon jonathan@jlebon.com