Package: clevis Version: 13-2 Severity: normal Dear Maintainer,
* What led up to the situation? I set up a new system with encrypted root device. I set up a tang server. I set up "clevis luks bind ..." and everything else according to the book. When I rebooted, I had to enter the password to unlock the disk manually - the clevis part did not work. After various debugging attempts, which after small detours boiled down to removing some "2> /dev/null", the following error message appeared: /bin/clevis-decrypt: line 49: /dev/fd/62: No such file or directory (ignore potential typos there, I had to retype this manually) this line 49 contains the following statement: exec "$cmd" < <(echo -n "$hdr."; /bin/cat) After changing this line to ... (echo -n "$hdr."; /bin/cat) | "$cmd" exit $? ... I was able to proceed ... a little bit, just to be greeted with: /bin/clevis-decrypt-tang: line 95: /dev/fd/62: No such file or directory and so I changed line 95 of the second script from ... exec jose jwe dec -k- -i- < <(echo -n "$jwk$hdr."; /bin/cat) ... to ... (echo -n "$jwk$hdr."; /bin/cat) | jose jwe dec -k- -i- exit $? ... and the system booted by contacting the tang server, and without me having to enter the decryption password. When running the unmodified scripts on a completely booted system, they work. So it seems that the '< <(...)' mechanism fails only in initrd (no idea why). And while my modifications work for me, please note that I am not a bash expert, so there may be side effects that I am not aware of. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages clevis depends on: ii cracklib-runtime 2.9.6-3.2+b1 ii curl 7.68.0-1+b1 ii jose 10-3 ii libc6 2.31-3 ii libjansson4 2.13.1-1 ii libjose0 10-3 ii libpwquality-tools 1.4.2-1+b1 ii libssl1.1 1.1.1g-1 ii luksmeta 9-3 Versions of packages clevis recommends: ii cryptsetup-bin 2:2.3.3-1+b1 clevis suggests no packages. -- no debconf information -- debsums errors found: debsums: changed file /usr/bin/clevis-decrypt (from clevis package) debsums: changed file /usr/bin/clevis-decrypt-tang (from clevis package)
