clevis/debian/patches/debian.use-socat.patch

Description: Use socat in clevis-luks-askpass
Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: 2018-10-30
Forwarded: not-needed

    Upstream assumes the nc program is ncat as provided by nmap. Since
    nmap is a fairly huge package and does not ship a separate ncat
    package (#881639), use socat instead for the time being.

    Thanks Anthony R Fletcher <arif@mail.nih.gov> for figuring out
    and testing.

--- a/src/luks/systemd/dracut/module-setup.sh.in
+++ b/src/luks/systemd/dracut/module-setup.sh.in
@@ -46,7 +46,7 @@
         mktemp \
         curl \
         jose \
-        nc
+        socat
 
     for cmd in clevis-decrypt-tpm2 \
 	tpm2_createprimary \
--- a/src/luks/systemd/clevis-luks-askpass
+++ b/src/luks/systemd/clevis-luks-askpass
@@ -59,7 +59,7 @@
                 metadata=true
 
                 if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
-                    echo -n "+$pt" | nc -U -u --send-only "$s"
+                    echo -n "+$pt" | socat -U "UNIX:$s" -
                     unlocked=true
                     break
                 fi
@@ -72,7 +72,7 @@
                 metadata=true
 
                 if pt=`echo -n "$jwe" | clevis decrypt`; then
-                    echo -n "+$pt" | nc -U -u --send-only "$s"
+                    echo -n "+$pt" | socat -U "UNIX:$s" -
                     unlocked=true
                     break
                 fi