debian.use-socat.patch 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243
  1. Description: Use socat in clevis-luks-askpass
  2. Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
  3. Date: 2018-10-30
  4. Forwarded: not-needed
  5. Upstream assumes the nc program is ncat as provided by nmap. Since
  6. nmap is a fairly huge package and does not ship a separate ncat
  7. package (#881639), use socat instead for the time being.
  8. Thanks Anthony R Fletcher <arif@mail.nih.gov> for figuring out
  9. and testing.
  10. --- a/src/luks/systemd/dracut/module-setup.sh.in
  11. +++ b/src/luks/systemd/dracut/module-setup.sh.in
  12. @@ -46,7 +46,7 @@
  13. mktemp \
  14. curl \
  15. jose \
  16. - nc
  17. + socat
  18. for cmd in clevis-decrypt-tpm2 \
  19. tpm2_createprimary \
  20. --- a/src/luks/systemd/clevis-luks-askpass
  21. +++ b/src/luks/systemd/clevis-luks-askpass
  22. @@ -59,7 +59,7 @@
  23. metadata=true
  24. if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
  25. - echo -n "+$pt" | nc -U -u --send-only "$s"
  26. + echo -n "+$pt" | socat -U "UNIX:$s" -
  27. unlocked=true
  28. break
  29. fi
  30. @@ -72,7 +72,7 @@
  31. metadata=true
  32. if pt=`echo -n "$jwe" | clevis decrypt`; then
  33. - echo -n "+$pt" | nc -U -u --send-only "$s"
  34. + echo -n "+$pt" | socat -U "UNIX:$s" -
  35. unlocked=true
  36. break
  37. fi