Browse Source

Cherry-pick "Install cryptsetup and tpm2_pcrlist in the initramfs" to assert cryptsetup is available in the initramfs. Closes: #969361

Christoph Biedl 3 years ago
parent
commit
bec3be17ab

+ 42 - 0
debian/patches/cherry-pick/1541599937.v11-2-g3465859.install-cryptsetup-and-tpm2-pcrlist-in-the-initramfs.patch

@@ -0,0 +1,42 @@
+Subject: Install cryptsetup and tpm2_pcrlist in the initramfs
+Origin: v11-2-g3465859 <https://github.com/latchset/clevis/commit/v11-2-g3465859>
+Upstream-Author: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed Nov 7 15:12:17 2018 +0100
+Bug-Debian: https://bugs.debian.org/bug=969361
+
+    The cryptsetup and tpm2_pcrlist are missing in the initramfs, this makes
+    automatic LUKS unlocking fail with the following errors:
+
+    dracut-initqueue[382]: /usr/libexec/clevis-luks-askpass: line 52: cryptsetup: command not found
+    dracut-initqueue[382]: /usr/bin/clevis-decrypt-tpm2: line 40: tpm2_pcrlist: command not found
+
+    Suggested-by: Federico Chiacchiaretta <federico.chia@gmail.com>
+
+    Fixes: #74
+
+--- a/src/luks/systemd/dracut/module-setup.sh.in
++++ b/src/luks/systemd/dracut/module-setup.sh.in
+@@ -40,6 +40,7 @@
+         clevis-decrypt-sss \
+         @libexecdir@/clevis-luks-askpass \
+         clevis-decrypt \
++        cryptsetup \
+         luksmeta \
+         clevis \
+         mktemp \
+@@ -49,6 +50,7 @@
+ 
+     for cmd in clevis-decrypt-tpm2 \
+ 	tpm2_createprimary \
++	tpm2_pcrlist \
+ 	tpm2_unseal \
+ 	tpm2_load; do
+ 
+@@ -60,6 +62,7 @@
+     if (($ret == 0)); then
+ 	inst_multiple clevis-decrypt-tpm2 \
+ 	    tpm2_createprimary \
++	    tpm2_pcrlist \
+ 	    tpm2_unseal \
+ 	    tpm2_load
+     fi

+ 1 - 1
debian/patches/debian.use-socat.patch

@@ -12,7 +12,7 @@ Forwarded: not-needed
 
 --- a/src/luks/systemd/dracut/module-setup.sh.in
 +++ b/src/luks/systemd/dracut/module-setup.sh.in
-@@ -45,7 +45,7 @@
+@@ -46,7 +46,7 @@
          mktemp \
          curl \
          jose \

+ 1 - 0
debian/patches/series

@@ -1,6 +1,7 @@
 
 # cherry-picked commits. Keep in upstream's chronological order
 cherry-pick/1541598788.v11-1-g1e344db.delete-remaining-references-to-the-removed-http-pin.patch
+cherry-pick/1541599937.v11-2-g3465859.install-cryptsetup-and-tpm2-pcrlist-in-the-initramfs.patch
 
 # local modifications
 debian.use-socat.patch