|
@@ -0,0 +1,42 @@
|
|
|
+Subject: Install cryptsetup and tpm2_pcrlist in the initramfs
|
|
|
+Origin: v11-2-g3465859 <https://github.com/latchset/clevis/commit/v11-2-g3465859>
|
|
|
+Upstream-Author: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
+Date: Wed Nov 7 15:12:17 2018 +0100
|
|
|
+Bug-Debian: https://bugs.debian.org/bug=969361
|
|
|
+
|
|
|
+ The cryptsetup and tpm2_pcrlist are missing in the initramfs, this makes
|
|
|
+ automatic LUKS unlocking fail with the following errors:
|
|
|
+
|
|
|
+ dracut-initqueue[382]: /usr/libexec/clevis-luks-askpass: line 52: cryptsetup: command not found
|
|
|
+ dracut-initqueue[382]: /usr/bin/clevis-decrypt-tpm2: line 40: tpm2_pcrlist: command not found
|
|
|
+
|
|
|
+ Suggested-by: Federico Chiacchiaretta <federico.chia@gmail.com>
|
|
|
+
|
|
|
+ Fixes: #74
|
|
|
+
|
|
|
+--- a/src/luks/systemd/dracut/module-setup.sh.in
|
|
|
++++ b/src/luks/systemd/dracut/module-setup.sh.in
|
|
|
+@@ -40,6 +40,7 @@
|
|
|
+ clevis-decrypt-sss \
|
|
|
+ @libexecdir@/clevis-luks-askpass \
|
|
|
+ clevis-decrypt \
|
|
|
++ cryptsetup \
|
|
|
+ luksmeta \
|
|
|
+ clevis \
|
|
|
+ mktemp \
|
|
|
+@@ -49,6 +50,7 @@
|
|
|
+
|
|
|
+ for cmd in clevis-decrypt-tpm2 \
|
|
|
+ tpm2_createprimary \
|
|
|
++ tpm2_pcrlist \
|
|
|
+ tpm2_unseal \
|
|
|
+ tpm2_load; do
|
|
|
+
|
|
|
+@@ -60,6 +62,7 @@
|
|
|
+ if (($ret == 0)); then
|
|
|
+ inst_multiple clevis-decrypt-tpm2 \
|
|
|
+ tpm2_createprimary \
|
|
|
++ tpm2_pcrlist \
|
|
|
+ tpm2_unseal \
|
|
|
+ tpm2_load
|
|
|
+ fi
|