Bug#934923: Acknowledgement (clevis: [dracut-initqueue] cryptsetup: command not found)
This issue is also present in clevis 11-2 On Fri, Aug 16, 2019 at 12:45 PM Debian Bug Tracking System < ow...@bugs.debian.org> wrote: > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 934923: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934923. > > This is an automatically generated reply to let you know your message > has been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > As you requested using X-Debbugs-CC, your message was also forwarded to > xwin...@gmail.com > (after having been given a Bug report number, if it did not have one). > > Your message has been sent to the package maintainer(s): > Christoph Biedl > > If you wish to submit further information on this problem, please > send it to 934...@bugs.debian.org. > > Please do not send mail to ow...@bugs.debian.org unless you wish > to report a problem with the Bug-tracking system. > > -- > 934923: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934923 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems >
Bug#934923: clevis: [dracut-initqueue] cryptsetup: command not found
Package: clevis
Version: 11-2
Severity: important
Dear Maintainer,
I am trying to use the tpm2 luks binding to non-interactively unlock a
partition during boot.
During `dracut-initqueue` on boot I get an error in `clevis-luks-askpass`
saying that
`cryptsetup` cannot be found on lines 52 and 67. This is despite `cryptsetup`
clearly
being placed in `usr/sbin/cryptsetup` during `dracut -f`.
```
$ sudo lsinitramfs /boot/initramfs-5.0.0-25-generic.img | grep cryptsetup
usr/lib/systemd/system-generators/systemd-cryptsetup-generator
usr/lib/systemd/system/cryptsetup.target
usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target
usr/lib/systemd/systemd-cryptsetup
usr/lib/x86_64-linux-gnu/libcryptsetup.so
usr/lib/x86_64-linux-gnu/libcryptsetup.so.12
usr/lib/x86_64-linux-gnu/libcryptsetup.so.12.4.0
usr/sbin/cryptsetup
```
This script enumerates the steps to reproduce this bug on a clean Debian 10
installation, using clevis 11-1. I have Debian installed as VMWare Fusion 11.1
guest with
a virtualized TPM and booting UEFI.
```
sudo apt install -y dracut clevis clevis-dracut clevis-udisks2 clevis-luks
clevis-tpm2
# Before continuing, remove `clevis-decrypt-http`
# from `/usr/lib/dracut/modules.d/60clevis/module-setup.sh` line 39
sudo cryptsetup luksDump /dev/sda3
# Clear all key slots except 0
for ks in {1..7}
do
sudo clevis luks unbind -d /dev/sda3 -s $ks
done
sudo tpm2_pcrlist
sudo tpm2_takeownership -c
sudo tpm2_pcrlist
echo "TPM Decryption Success" | sudo clevis encrypt tpm2 '{}' > hi.jwe
sudo clevis decrypt < hi.jwe
sudo clevis luks bind -d /dev/sda3 tpm2 '{}'
sudo cryptsetup luksDump /dev/sda3
sudo dracut -fv --regenerate-all
```
After completing these steps, shut down and then boot.
-- System Information:
Debian Release: 10.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clevis depends on:
ii cracklib-runtime2.9.6-2
ii curl7.64.0-4
ii jose10-2
ii libc6 2.28-10
ii libjansson4 2.12-1
ii libjose010-2
ii libpwquality-tools 1.4.0-3
ii libssl1.1 1.1.1c-1
ii luksmeta9-3
Versions of packages clevis recommends:
ii cryptsetup-bin 2:2.1.0-5
clevis suggests no packages.
-- no debconf information
Bug#934922: clevis: Reference to non-existant clevis-decrypt-http
Package: clevis Version: 11-2 Severity: grave Tags: upstream Justification: renders package unusable `src/luks/systemd/dracut/module-setup.sh.in` refers to a component that does not exist: `clevis-decrypt-http` https://sources.debian.org/src/clevis/11-2/src/luks/systemd/dracut/module- setup.sh.in/#L39 This issue has been fixed upstream, but is not reflected in a tagged release: https://github.com/latchset/clevis/commit/1e344dbf6a60fcd2c60a4b8512be455e112d8398 -- System Information: Debian Release: 10.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages clevis depends on: ii cracklib-runtime2.9.6-2 ii curl7.64.0-4 ii jose10-2 ii libc6 2.28-10 ii libjansson4 2.12-1 ii libjose010-2 ii libpwquality-tools 1.4.0-3 ii libssl1.1 1.1.1c-1 ii luksmeta9-3 Versions of packages clevis recommends: ii cryptsetup-bin 2:2.1.0-5 clevis suggests no packages. -- no debconf information
