|
@@ -1,43 +0,0 @@
|
|
-Description: Use socat in clevis-luks-askpass
|
|
|
|
-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
|
|
|
|
-Date: 2018-10-30
|
|
|
|
-Forwarded: not-needed
|
|
|
|
-
|
|
|
|
- Upstream assumes the nc program is ncat as provided by nmap. Since
|
|
|
|
- nmap is a fairly huge package and does not ship a separate ncat
|
|
|
|
- package (#881639), use socat instead for the time being.
|
|
|
|
-
|
|
|
|
- Thanks Anthony R Fletcher <arif@mail.nih.gov> for figuring out
|
|
|
|
- and testing.
|
|
|
|
-
|
|
|
|
---- a/src/luks/systemd/dracut/module-setup.sh.in
|
|
|
|
-+++ b/src/luks/systemd/dracut/module-setup.sh.in
|
|
|
|
-@@ -46,7 +46,7 @@
|
|
|
|
- mktemp \
|
|
|
|
- curl \
|
|
|
|
- jose \
|
|
|
|
-- nc
|
|
|
|
-+ socat
|
|
|
|
-
|
|
|
|
- for cmd in clevis-decrypt-tpm2 \
|
|
|
|
- tpm2_createprimary \
|
|
|
|
---- a/src/luks/systemd/clevis-luks-askpass
|
|
|
|
-+++ b/src/luks/systemd/clevis-luks-askpass
|
|
|
|
-@@ -59,7 +59,7 @@
|
|
|
|
- metadata=true
|
|
|
|
-
|
|
|
|
- if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
|
|
|
|
-- echo -n "+$pt" | nc -U -u --send-only "$s"
|
|
|
|
-+ echo -n "+$pt" | socat -U "UNIX:$s" -
|
|
|
|
- unlocked=true
|
|
|
|
- break
|
|
|
|
- fi
|
|
|
|
-@@ -72,7 +72,7 @@
|
|
|
|
- metadata=true
|
|
|
|
-
|
|
|
|
- if pt=`echo -n "$jwe" | clevis decrypt`; then
|
|
|
|
-- echo -n "+$pt" | nc -U -u --send-only "$s"
|
|
|
|
-+ echo -n "+$pt" | socat -U "UNIX:$s" -
|
|
|
|
- unlocked=true
|
|
|
|
- break
|
|
|
|
- fi
|
|
|