import clevis-15-1.el8_5.1
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
dbe4f9bd04
commit
b849e005f3
@ -0,0 +1,41 @@
|
||||
From 719781346d87d2d268a71083b902761325559877 Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Correia <scorreia@redhat.com>
|
||||
Date: Fri, 29 Oct 2021 12:04:46 -0300
|
||||
Subject: [PATCH 3/3] systemd: account for unlocking failures in
|
||||
clevis-luks-askpass (#343)
|
||||
|
||||
As unlock may fail for some reason, e.g. the network is not up yet,
|
||||
one way cause problems would be to add extra `rd.luks.uuid' params
|
||||
to the cmdline, which would then cause such devices to be unlocked
|
||||
in early boot. If the unlocking fail, those devices might not be
|
||||
accounted for in the clevis_devices_to_unlock() check, as it is
|
||||
based on crypttab.
|
||||
|
||||
Let's make sure there are no pending ask.* sockets waiting to be
|
||||
answered, before exiting.
|
||||
|
||||
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1878892
|
||||
---
|
||||
src/luks/systemd/clevis-luks-askpass | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/luks/systemd/clevis-luks-askpass b/src/luks/systemd/clevis-luks-askpass
|
||||
index 285bba4..f19671f 100755
|
||||
--- a/src/luks/systemd/clevis-luks-askpass
|
||||
+++ b/src/luks/systemd/clevis-luks-askpass
|
||||
@@ -67,8 +67,11 @@ while true; do
|
||||
done
|
||||
|
||||
[ "${loop}" != true ] && break
|
||||
+
|
||||
# Checking for pending devices to be unlocked.
|
||||
- if remaining=$(clevis_devices_to_unlock) && [ -z "${remaining}" ]; then
|
||||
+ remaining_crypttab=$(clevis_devices_to_unlock) ||:
|
||||
+ remaining_askfiles=$(ls "${path}"/ask.* 2>/dev/null) ||:
|
||||
+ if [ -z "${remaining_crypttab}" ] && [ -z "${remaining_askfiles}" ]; then
|
||||
break;
|
||||
fi
|
||||
|
||||
--
|
||||
2.33.1
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: clevis
|
||||
Version: 15
|
||||
Release: 1%{?dist}
|
||||
Release: 1%{?dist}.1
|
||||
Summary: Automated decryption framework
|
||||
|
||||
License: GPLv3+
|
||||
@ -11,6 +11,7 @@ Source0: https://github.com/latchset/%{name}/releases/download/v%{version
|
||||
|
||||
Patch0001: 0001-Fixes-for-dealing-with-newer-tang-without-tangd-upda.patch
|
||||
Patch0002: 0002-Add-the-option-to-extract-luks-passphrase-used-for-b.patch
|
||||
Patch0003: 0003-systemd-account-for-unlocking-failures-in-clevis-luk.patch
|
||||
|
||||
BuildRequires: git
|
||||
BuildRequires: gcc
|
||||
@ -196,6 +197,10 @@ exit 0
|
||||
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
|
||||
|
||||
%changelog
|
||||
* Thu Nov 18 2021 Sergio Correia <scorreia@redhat.com> - 15-1.1
|
||||
- Account for unlocking failures in clevis-luks-askpass
|
||||
Resolves: rhbz#2023256
|
||||
|
||||
* Mon Oct 26 2020 Sergio Correia <scorreia@redhat.com> - 15-1
|
||||
- Update to latest upstream release, v15
|
||||
Resolves: rhbz#1887836
|
||||
|
||||
Loading…
Reference in New Issue
Block a user