Add support for clevis-initramfs

debian/clevis-dracut.install

@@ -1,3 +1,6 @@
 
+usr/lib/dracut/modules.d/60clevis-pin-sss/module-setup.sh
+usr/lib/dracut/modules.d/60clevis-pin-tang/module-setup.sh
+usr/lib/dracut/modules.d/60clevis-pin-tpm2/module-setup.sh
 usr/lib/dracut/modules.d/60clevis/clevis-hook.sh
 usr/lib/dracut/modules.d/60clevis/module-setup.sh

debian/clevis-initramfs.install

@@ -0,0 +1,4 @@
+
+usr/share/initramfs-tools/hooks/clevis
+usr/share/initramfs-tools/scripts/local-bottom/clevis
+usr/share/initramfs-tools/scripts/local-top/clevis

debian/clevis-luks.manpages

@@ -1,5 +1,5 @@
 
 debian/tmp/usr/share/man/man1/clevis-luks-bind.1
+debian/tmp/usr/share/man/man1/clevis-luks-unbind.1
 debian/tmp/usr/share/man/man1/clevis-luks-unlock.1
 debian/tmp/usr/share/man/man7/clevis-luks-unlockers.7
-debian/tmp/usr/share/man/man1/clevis-luks-unbind.1

debian/clevis-tpm2.manpages

@@ -1,2 +1,2 @@
 
-usr/share/man/man1/clevis-encrypt-tpm2.1
+debian/tmp/usr/share/man/man1/clevis-encrypt-tpm2.1

debian/clevis.manpages

@@ -1,5 +1,5 @@
 
+debian/tmp/usr/share/man/man1/clevis.1
 debian/tmp/usr/share/man/man1/clevis-decrypt.1
 debian/tmp/usr/share/man/man1/clevis-encrypt-sss.1
 debian/tmp/usr/share/man/man1/clevis-encrypt-tang.1
-debian/tmp/usr/share/man/man1/clevis.1

debian/control

@@ -8,7 +8,8 @@ Build-Depends: debhelper (>= 11~),
     asciidoctor,
     bash-completion,
     curl,
-    dracut (>= 047+31-1~),
+    dracut-core,
+    initramfs-tools,
     jose,
     libaudit-dev (>= 1:2.7.8),
     libglib2.0-dev,
@@ -45,7 +46,7 @@ Description: automated encryption framework
 
 Package: clevis-tpm2
 Architecture: linux-any
-Depends: ${misc:Depends}, ${shlibs:Depends},
+Depends: ${misc:Depends},
     clevis,
     tpm2-tools,
 Recommends:
@@ -67,6 +68,16 @@ Description: Dracut integration for clevis
  provides integration for the dracut initramfs to automatically unlock
  LUKSv1 block devices in early boot.
 
+Package: clevis-initramfs
+Architecture: all
+Depends: ${misc:Depends},
+    clevis-luks,
+    initramfs-tools,
+Description: Dracut integration for initramfs
+ Clevis is a plugable framework for automated decryption. This package
+ provides integration for the initramfs-tools initrd to automatically
+ unlock LUKSv1 block devices in early boot.
+
 Package: clevis-luks
 Architecture: all
 Depends: ${misc:Depends},

debian/patches/fix-crypttab-identification.patch

@@ -0,0 +1,15 @@
+Subject: Use the --null-data option of grep to scan the environment
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Date: 2002-02-24
+
+--- a/src/initramfs-tools/scripts/local-top/clevis.in
++++ b/src/initramfs-tools/scripts/local-top/clevis.in
+@@ -106,7 +106,7 @@
+         done
+ 
+         # Import CRYPTTAB_SOURCE from the askpass process.
+-        local "$(grep '^CRYPTTAB_SOURCE=' /proc/"$pid"/environ)"
++        local "$(grep -z '^CRYPTTAB_SOURCE=' /proc/"$pid"/environ)"
+ 
+         # Make sure that CRYPTTAB_SOURCE is actually a block device
+         [ ! -b "$CRYPTTAB_SOURCE" ] && continue

debian/patches/series

@@ -1 +1,2 @@
 debian.use-asciidoctor-to-build-manpages.patch
+fix-crypttab-identification.patch