rpms/clevis
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable debugging in clevis scripts when rd.debug is set

Browse Source 
Resolves: rhbz#2022420
This commit is contained in:
Sergio Correia 2022-08-02 10:27:49 -03:00
parent 339ed7dfb9
commit 86b4a65bce
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch Normal file
View File

@ -0,0 +1,45 @@
From 0654fd3f3fd1ebc080cb1140774120d8f392137b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?=
<1163635+rmetrich@users.noreply.github.com>
Date: Wed, 1 Dec 2021 09:37:35 -0300
Subject: [PATCH] luks: enable debugging in clevis scripts when rd.debug is set
(#340)
On Fedora/RHEL, the rd.debug kernel command line parameter controls
debugging.
By implementing the functionality inside clevis, troubleshooting will be
greatly eased.
See RHBZ #1980742 (https://bugzilla.redhat.com/show_bug.cgi?id=1980742).
---
src/luks/clevis-luks-common-functions.in | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
index d059aae..87b370f 100644
--- a/src/luks/clevis-luks-common-functions.in
+++ b/src/luks/clevis-luks-common-functions.in
@@ -20,6 +20,21 @@
CLEVIS_UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
+enable_debugging() {
+ # Automatically enable debugging if in initramfs phase and rd.debug
+ if [ -e /usr/lib/dracut-lib.sh ]; then
+ local bashopts=$-
+ # Because dracut is loosely written, disable hardening options temporarily
+ [[ $bashopts != *u* ]] || set +u
+ [[ $bashopts != *e* ]] || set +e
+ . /usr/lib/dracut-lib.sh
+ [[ $bashopts != *u* ]] || set -u
+ [[ $bashopts != *e* ]] || set -e
+ fi
+}
+
+enable_debugging
+
# valid_slot() will check whether a given slot is possibly valid, i.e., if it
# is a numeric value within the specified range.
valid_slot() {
--
2.35.1

7
clevis.spec
View File

@ -1,6 +1,6 @@
Name: clevis Name: clevis
Version: 18 Version: 18
Release: 105%{?dist} Release: 106%{?dist}
Summary: Automated decryption framework Summary: Automated decryption framework
License: GPLv3+ License: GPLv3+
@ -15,6 +15,7 @@ Patch0005: 0005-tang-dump-url-on-error-communication.patch
Patch0006: 0006-feat-rename-the-test-pin-to-null-pin.patch Patch0006: 0006-feat-rename-the-test-pin-to-null-pin.patch
Patch0007: 0007-avoid-clevis-invalid-msg.patch Patch0007: 0007-avoid-clevis-invalid-msg.patch
Patch0008: 0008-Improve-boot-performance-by-removing-key-check.patch Patch0008: 0008-Improve-boot-performance-by-removing-key-check.patch
Patch0009: 0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
BuildRequires: git-core BuildRequires: git-core
BuildRequires: gcc BuildRequires: gcc
@ -195,6 +196,10 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
%changelog %changelog
* Tue Aug 02 2022 Sergio Correia <scorreia@redhat.com> - 18-106
- Enable debugging in clevis scripts when rd.debug is set
Resolves: rhbz#2022420
* Tue Aug 02 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-105 * Tue Aug 02 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-105
- Start clevis-luks-askpass.path service according to global policy - Start clevis-luks-askpass.path service according to global policy
Resolves: rhbz#2107078 Resolves: rhbz#2107078