Package: clevis-tpm2
Version: 15-2
Severity: important
Tags: patch
Hi,
Thanks for updating clevis to version 15. However, the patch which was
meant to fix the use of /dev/fd left clevis-decrypt-tpm2 broken, because
the workaround for "exec" not triggering the EXIT trap was left in
place, and the on_exit function is a bit too picky. This additional
patch makes TPM2 unlocking in the initramfs work:
--- clevis-decrypt-tpm2.orig 2021-01-02 17:55:37.257186026 +0100
+++ clevis-decrypt-tpm2 2021-01-02 17:55:47.281266001 +0100
@@ -165,9 +165,5 @@
exit 1
fi
-# The on_exit() trap will not be fired after exec, so let's clean up the temp
-# directory at this point.
-[ -d "${TMP}" ] && rm -rf "${TMP}"
-
(echo -n "$jwk$hdr."; /bin/cat) | jose jwe dec -k- -i-
exit $?
Regards,
Gabor
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (102, 'unstable'), (101,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.16 (SMP w/8 CPU threads)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages clevis-tpm2 depends on:
pn clevis <none>
ii tpm2-tools 5.0-1
Versions of packages clevis-tpm2 recommends:
ii cryptsetup-bin 2:2.3.4-1
clevis-tpm2 suggests no packages.
