Kraków, Poland
Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
I evaluated depending on 91tpm2-tss here but it's impossible since it hard-depends on tpm2(1) which we don't care about and don't depend on, so this would be breaking for no reason. Enabling it doesn't interfere with anything though.
Released in
v0.4.1.
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
наб referenced this ticket in commit 82b5118.
RESOLVED FIXED RESOLVED FIXED
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
наб referenced this ticket in commit 588cce3.
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
наб referenced this ticket in commit 82b5118.
REPORTED RESOLVED FIXED
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
~projectgus, can you try to apply the above to your system directly by, in
/usr/lib/dracut/modules.d/91tzpfms/module-setup.sh, replacing the line that starts with "inst_library $(find /usr/lib" withinst_libdir_file 'libtss2-tcti*.so*'and disabling 91tpm2-tss?
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
наб referenced this ticket in commit 588cce3.
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
Thanks for reporting this, I don't really (have a way to) test this continuously on sid.
The two users are:
$ git grep inst_library initrd/dracut/module-setup.sh: inst_library $(find /usr/lib -name 'libtss2-tcti*.so*') # TODO: there's got to be a better way™! initrd/dracut/module-setup.sh: INSTALL_TPM1X{inst_binary tcsd; inst_binary ip; inst_binary ss, initdir, inst_simple, inst_simple, inst_simple, inst_library}and the latter is
databases="$(awk '/^(group|hosts)/ {for(i = 2; i <= NF; ++i) if($i !~ /[^a-z0-9_-]/) db[$i]=0} END {for(d in db) print d}' /etc/nsswitch.conf)" for db in $databases; do for f in /lib/*/"libnss_$db"*; do INST_LIB "$f" done donefzifdso is not affected.
I think a solid replacement would be inst_libdir_file since upstream basically uses it like that
modules.d/95cifs/module-setup.sh: inst_libdir_file 'libcap-ng.so*' modules.d/95cifs/module-setup.sh: inst_libdir_file -n "$_nsslibs" 'libnss_*.so*' modules.d/95fcoe/module-setup.sh: inst_libdir_file 'libhbalinux.so*' modules.d/95iscsi/module-setup.sh: inst_libdir_file 'libgcc_s.so*'and we save on looping ourselves. Funnily enough, 95cifs is doing basically the same thing with nsswitch.conf as the loops above.
Bookworm dracut ships a
inst_libdir_file()identical to upstream trunk, so this is convenient.You do absolutely need the right
libtss2-tcti-$plugin.sofor your device, so 91tpm2-tss pulling it in is definitely saving you here.Depending on dracut's TPM2 module is definitely in the TODO list, but last time I looked it was barely nascent, then the fork, ... I'll have to see if we can have it now.
Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht
I created https://git.sr.ht/~nabijaczleweli/pre-rename with visibility private.
This means that if, say, ~nabijaczleweli-evil-twin guesses
git@git.sr.ht:~nabijaczleweli/pre-renameit gets "Access denied." (as opposed to "Repository not found." but whatever). This makes the existence of any repository queriable at unlisted-equivalent visibility.Then I renamed it to https://git.sr.ht/~nabijaczleweli/post-rename.
git clone git@git.sr.ht:~nabijaczleweli/pre-renamefrom both ~nabijaczleweli and ~nabijaczleweli-evil-twin getsNOTICE: This repository has moved. Please update your remote to: https://git.sr.ht/~nabijaczleweli/post-rename fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.which I consider to be an unacceptable information leak; the ACL of the new repository should affect the ACL of the redirect (as is clearly the intent in
git.sr.ht-shellI think from a quick skim).
Comment by ~nabijaczleweli on ~nabijaczleweli/tzpfms
наб referenced this ticket in commit 44f9b25.
RESOLVED FIXED RESOLVED FIXED