From 85b667ec5e700b10a5cbf25aab2460fe250dd3e0 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 6 Dec 2018 13:30:05 +0000 Subject: [PATCH] Work around network requirement for early boot --- ...1-for-the-time-being-so-tpm2-unlock-.patch | 34 +++++++++++++++++++ clevis.spec | 6 +++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 0001-Drop-rd.neednet-1-for-the-time-being-so-tpm2-unlock-.patch diff --git a/0001-Drop-rd.neednet-1-for-the-time-being-so-tpm2-unlock-.patch b/0001-Drop-rd.neednet-1-for-the-time-being-so-tpm2-unlock-.patch new file mode 100644 index 0000000..1677069 --- /dev/null +++ b/0001-Drop-rd.neednet-1-for-the-time-being-so-tpm2-unlock-.patch @@ -0,0 +1,34 @@ +From 3bf5ce692612fe96427d221b3dbdf3936a9dccb8 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Thu, 6 Dec 2018 11:33:41 +0000 +Subject: [PATCH] Drop rd.neednet=1 for the time being so tpm2 unlock will work + without network + +This is a temporary hack while a proper upstream fix is worked out to allow +tang and tpm2 configurations to co-exist. + +Being tracked in: +https://bugzilla.redhat.com/show_bug.cgi?id=1628258 +https://github.com/latchset/clevis/issues/54 + +Signed-off-by: Peter Robinson +--- + src/luks/systemd/dracut/module-setup.sh.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/luks/systemd/dracut/module-setup.sh.in b/src/luks/systemd/dracut/module-setup.sh.in +index 990bf4a..c2932d9 100755 +--- a/src/luks/systemd/dracut/module-setup.sh.in ++++ b/src/luks/systemd/dracut/module-setup.sh.in +@@ -24,7 +24,7 @@ depends() { + } + + cmdline() { +- echo "rd.neednet=1" ++ echo "" + } + + install() { +-- +2.19.2 + diff --git a/clevis.spec b/clevis.spec index 046c42a..189f311 100644 --- a/clevis.spec +++ b/clevis.spec @@ -2,7 +2,7 @@ Name: clevis Version: 11 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Automated decryption framework License: GPLv3+ @@ -12,6 +12,7 @@ Source0: https://github.com/latchset/%{name}/releases/download/v%{version Patch0: Delete-remaining-references-to-the-removed-http-pin.patch Patch1: Install-cryptsetup-and-tpm2_pcrlist-in-the-initramfs.patch Patch2: Add-device-TCTI-library-to-the-initramfs.patch +Patch3: 0001-Drop-rd.neednet-1-for-the-time-being-so-tpm2-unlock-.patch BuildRequires: gcc BuildRequires: meson @@ -159,6 +160,9 @@ exit 0 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %changelog +* Thu Dec 6 2018 Peter Robinson 11-3 +- Work around network requirement for early boot + * Fri Nov 09 2018 Javier Martinez Canillas - 11-2 - Delete remaining references to the removed http pin - Install cryptsetup and tpm2_pcrlist in the initramfs