From 86b4a65bcecf9fab1e790c585bab159276895672 Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Tue, 2 Aug 2022 10:27:49 -0300
Subject: [PATCH] Enable debugging in clevis scripts when rd.debug is set

Resolves: rhbz#2022420
---
 ...gging-in-clevis-scripts-when-rd.debu.patch | 45 +++++++++++++++++++
 clevis.spec                                   |  7 ++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch

diff --git a/0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch b/0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
new file mode 100644
index 0000000..0be4271
--- /dev/null
+++ b/0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
@@ -0,0 +1,45 @@
+From 0654fd3f3fd1ebc080cb1140774120d8f392137b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Renaud=20M=C3=A9trich?=
+ <1163635+rmetrich@users.noreply.github.com>
+Date: Wed, 1 Dec 2021 09:37:35 -0300
+Subject: [PATCH] luks: enable debugging in clevis scripts when rd.debug is set
+ (#340)
+
+On Fedora/RHEL, the rd.debug kernel command line parameter controls
+debugging.
+By implementing the functionality inside clevis, troubleshooting will be
+greatly eased.
+See RHBZ #1980742 (https://bugzilla.redhat.com/show_bug.cgi?id=1980742).
+---
+ src/luks/clevis-luks-common-functions.in | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
+index d059aae..87b370f 100644
+--- a/src/luks/clevis-luks-common-functions.in
++++ b/src/luks/clevis-luks-common-functions.in
+@@ -20,6 +20,21 @@
+ 
+ CLEVIS_UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
+ 
++enable_debugging() {
++    # Automatically enable debugging if in initramfs phase and rd.debug
++    if [ -e /usr/lib/dracut-lib.sh ]; then
++        local bashopts=$-
++        # Because dracut is loosely written, disable hardening options temporarily
++        [[ $bashopts != *u* ]] || set +u
++        [[ $bashopts != *e* ]] || set +e
++        . /usr/lib/dracut-lib.sh
++        [[ $bashopts != *u* ]] || set -u
++        [[ $bashopts != *e* ]] || set -e
++    fi
++}
++
++enable_debugging
++
+ # valid_slot() will check whether a given slot is possibly valid, i.e., if it
+ # is a numeric value within the specified range.
+ valid_slot() {
+-- 
+2.35.1
+
diff --git a/clevis.spec b/clevis.spec
index 1fa483b..6d7dd25 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -1,6 +1,6 @@
 Name:           clevis
 Version:        18
-Release:        105%{?dist}
+Release:        106%{?dist}
 Summary:        Automated decryption framework
 
 License:        GPLv3+
@@ -15,6 +15,7 @@ Patch0005: 0005-tang-dump-url-on-error-communication.patch
 Patch0006: 0006-feat-rename-the-test-pin-to-null-pin.patch
 Patch0007: 0007-avoid-clevis-invalid-msg.patch
 Patch0008: 0008-Improve-boot-performance-by-removing-key-check.patch
+Patch0009: 0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
 
 BuildRequires:  git-core
 BuildRequires:  gcc
@@ -195,6 +196,10 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
 
 %changelog
+* Tue Aug 02 2022 Sergio Correia <scorreia@redhat.com> - 18-106
+- Enable debugging in clevis scripts when rd.debug is set
+  Resolves: rhbz#2022420
+
 * Tue Aug 02 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-105
 - Start clevis-luks-askpass.path service according to global policy
   Resolves: rhbz#2107078