clevis/clevis-pin-tpm2-module-setup.sh-test-for-required-bi.patch

From a9177d2dd4deadc3fa65ace235f4b35c43760fa4 Mon Sep 17 00:00:00 2001
From: Jonas Witschel <diabonas@gmx.de>
Date: Fri, 6 Sep 2019 15:20:08 +0200
Subject: [PATCH] clevis-pin-tpm2/module-setup.sh: test for required binaries
 in check()

If some of the dependencies are missing, dracut will now fail with a
warning of the form

dracut: dracut module 'clevis-pin-tpm2' will not be installed, because command '...' could not be found!

This is much better than silently failing during module installation.
---
 src/luks/systemd/dracut/module-setup.sh.in | 27 ++++++----------------
 1 file changed, 7 insertions(+), 20 deletions(-)

diff --git a/src/luks/systemd/dracut/module-setup.sh.in b/src/luks/systemd/dracut/module-setup.sh.in
index 399e468e8e0..2dcdb68549d 100755
--- a/src/luks/systemd/dracut/module-setup.sh.in
+++ b/src/luks/systemd/dracut/module-setup.sh.in
@@ -18,6 +18,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+check() {
+    require_binaries clevis-decrypt-tpm2 tpm2_createprimary tpm2_pcrlist tpm2_unseal tpm2_load || return 1
+    return 0
+}
+
 depends() {
     echo crypt systemd
     return 0
@@ -48,26 +53,8 @@ install() {
         jose \
         nc
 
-    for cmd in clevis-decrypt-tpm2 \
-	tpm2_createprimary \
-	tpm2_pcrlist \
-	tpm2_unseal \
-	tpm2_load; do
-
-	if ! find_binary "$cmd" &>/dev/null; then
-	    ((ret++))
-	fi
-    done
-
-    if (($ret == 0)); then
-	inst_multiple clevis-decrypt-tpm2 \
-	    tpm2_createprimary \
-	    tpm2_pcrlist \
-	    tpm2_unseal \
-	    tpm2_load
-	inst_libdir_file "libtss2-tcti-device.so*"
-    fi
-
+    inst_multiple clevis-decrypt-tpm2 tpm2_createprimary tpm2_pcrlist tpm2_unseal tpm2_load
+    inst_libdir_file "libtss2-tcti-device.so*"
     dracut_need_initqueue
 }
 
-- 
2.21.0
Add support for tpm2-tools 4.0 The tpm2-tools package in Fedora 32 was updated to version 4.0, but clevis still only has 3.0 support. Support for the latest release is in the works and will probable make it to the next clevis release. But until that happens, let's backport the patches that add tpm2-tools 4.0 support for clevis so it continues to work in Fedora 32. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> 2019-09-06 12:39:24 +00:00			`From a9177d2dd4deadc3fa65ace235f4b35c43760fa4 Mon Sep 17 00:00:00 2001`
			`From: Jonas Witschel <diabonas@gmx.de>`
			`Date: Fri, 6 Sep 2019 15:20:08 +0200`
			`Subject: [PATCH] clevis-pin-tpm2/module-setup.sh: test for required binaries`
			`in check()`

			`If some of the dependencies are missing, dracut will now fail with a`
			`warning of the form`

			`dracut: dracut module 'clevis-pin-tpm2' will not be installed, because command '...' could not be found!`

			`This is much better than silently failing during module installation.`
			`---`
			`src/luks/systemd/dracut/module-setup.sh.in \| 27 ++++++----------------`
			`1 file changed, 7 insertions(+), 20 deletions(-)`

			`diff --git a/src/luks/systemd/dracut/module-setup.sh.in b/src/luks/systemd/dracut/module-setup.sh.in`
			`index 399e468e8e0..2dcdb68549d 100755`
			`--- a/src/luks/systemd/dracut/module-setup.sh.in`
			`+++ b/src/luks/systemd/dracut/module-setup.sh.in`
			`@@ -18,6 +18,11 @@`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`

			`+check() {`
			`+ require_binaries clevis-decrypt-tpm2 tpm2_createprimary tpm2_pcrlist tpm2_unseal tpm2_load \|\| return 1`
			`+ return 0`
			`+}`
			`+`
			`depends() {`
			`echo crypt systemd`
			`return 0`
			`@@ -48,26 +53,8 @@ install() {`
			`jose \`
			`nc`

			`- for cmd in clevis-decrypt-tpm2 \`
			`- tpm2_createprimary \`
			`- tpm2_pcrlist \`
			`- tpm2_unseal \`
			`- tpm2_load; do`
			`-`
			`- if ! find_binary "$cmd" &>/dev/null; then`
			`- ((ret++))`
			`- fi`
			`- done`
			`-`
			`- if (($ret == 0)); then`
			`- inst_multiple clevis-decrypt-tpm2 \`
			`- tpm2_createprimary \`
			`- tpm2_pcrlist \`
			`- tpm2_unseal \`
			`- tpm2_load`
			`- inst_libdir_file "libtss2-tcti-device.so*"`
			`- fi`
			`-`
			`+ inst_multiple clevis-decrypt-tpm2 tpm2_createprimary tpm2_pcrlist tpm2_unseal tpm2_load`
			`+ inst_libdir_file "libtss2-tcti-device.so*"`
			`dracut_need_initqueue`
			`}`

			`--`
			`2.21.0`