Hi Christoph,
The upstream.work-around-missing-dev-fd-links.patch doesn't
work for the tpm2 pin yet.
You replaced exec with a child process but in this case the on_exit trap
continues to run and the decryption with tpm2 pin will always fail with
Delete temporary files failed!
You need to clean up: $TMP
because files will try to be removed twice.
To fix, I've simply removed the lines 168-170 in clevis-decrypt-tpm2:
# The on_exit() trap will not be fired after exec, so let's clean up the temp
# directory at this point.
[ -d "${TMP}" ] && rm -rf "${TMP}"
because with subprocess the trap will be executed and now it works
without issues for me.
Thank you,
Marek
