rpms/clevis
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Revert "Enable debugging in clevis scripts when rd.debug is set"

Browse Source 
Related: rhbz#2022420
This commit is contained in:
Sergio Correia 2022-01-26 08:58:40 -03:00
parent dba0a7e102
commit 8ada4a1b49
2 changed files with 5 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
0003-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
View File

@ -1,45 +0,0 @@
From 6a238d8a774953e8832b5795ef2d9ba1ba8e6c28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?=
<1163635+rmetrich@users.noreply.github.com>
Date: Wed, 1 Dec 2021 09:37:35 -0300
Subject: [PATCH 3/3] luks: enable debugging in clevis scripts when rd.debug is
set (#340)
On Fedora/RHEL, the rd.debug kernel command line parameter controls
debugging.
By implementing the functionality inside clevis, troubleshooting will be
greatly eased.
See RHBZ #1980742 (https://bugzilla.redhat.com/show_bug.cgi?id=1980742).
---
src/luks/clevis-luks-common-functions.in | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
index a80639c..d53d2ab 100644
--- a/src/luks/clevis-luks-common-functions.in
+++ b/src/luks/clevis-luks-common-functions.in
@@ -20,6 +20,21 @@
CLEVIS_UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
+enable_debugging() {
+ # Automatically enable debugging if in initramfs phase and rd.debug
+ if [ -e /usr/lib/dracut-lib.sh ]; then
+ local bashopts=$-
+ # Because dracut is loosely written, disable hardening options temporarily
+ [[ $bashopts != *u* ]] || set +u
+ [[ $bashopts != *e* ]] || set +e
+ . /usr/lib/dracut-lib.sh
+ [[ $bashopts != *u* ]] || set -u
+ [[ $bashopts != *e* ]] || set -e
+ fi
+}
+
+enable_debugging
+
# valid_slot() will check whether a given slot is possibly valid, i.e., if it
# is a numeric value within the specified range.
valid_slot() {
--
2.33.1

7
clevis.spec
View File

@ -1,6 +1,6 @@
Name: clevis Name: clevis
Version: 18 Version: 18
Release: 100%{?dist} Release: 101%{?dist}
Summary: Automated decryption framework Summary: Automated decryption framework
License: GPLv3+ License: GPLv3+
@ -10,7 +10,6 @@ Source1: clevis.sysusers
Patch0001: 0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch Patch0001: 0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch
Patch0002: 0002-systemd-account-for-unlocking-failures-in-clevis-luk.patch Patch0002: 0002-systemd-account-for-unlocking-failures-in-clevis-luk.patch
Patch0003: 0003-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
Patch0004: 0004-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch Patch0004: 0004-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch
Patch0005: 0005-tang-dump-url-on-error-communication.patch Patch0005: 0005-tang-dump-url-on-error-communication.patch
@ -197,6 +196,10 @@ exit 0
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
%changelog %changelog
* Wed Jan 26 2022 Sergio Correia <scorreia@redhat.com> - 18-101
- Revert "Enable debugging in clevis scripts when rd.debug is set"
Related: rhbz#2022420
* Thu Jan 20 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-100 * Thu Jan 20 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-100
- Dump server information on server error communication - Dump server information on server error communication
Resolves: rhbz#2022423 Resolves: rhbz#2022423