Bug 1770480
Summary: | clevis-encrypt-tpm2 depends on removed tpm2_pcrlist program | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sam Morris <sam> |
Component: | clevis | Assignee: | Daniel Kopeček <dkopecek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 31 | CC: | bordjukov, dkopecek, fmartine, jeremy, mikhail.zabaluev, npmccallum, rsroka, scorreia |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | clevis-11-8.fc31 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-12-19 15:16:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sam Morris
2019-11-09 17:15:31 UTC
(In reply to Sam Morris from comment #0) > clevis-encrypt-tpm2 requires the tpm2_pcrlist program which doesn't appear > to be available in Fedora 31. > > Version-Release number of selected component (if applicable): > 11-6.fc31 > > Reproduction: > > $ echo hello | clevis encrypt tpm2 '{}'/usr/bin/clevis-encrypt-tpm2: line > 62: tpm2_pcrlist: command not found > > tpm2_pcrlist appears to have existed in an older version of tpm2-tools: > > $ dnf whatprovides tpm2_pcrlist > Last metadata expiration check: 0:17:08 ago on Sat 09 Nov 2019 16:15:43 GMT. > tpm2-tools-3.2.0-3.fc31.x86_64 : A TPM2.0 testing tool build upon TPM2.0-TSS > Repo : fedora > Matched from: > Filename : /usr/bin/tpm2_pcrlist > > But not in the current version: > > $ rpm -q tpm2-tools > tpm2-tools-4.0.1-1.fc31.x86_64 The problem is that the tpm2-tools package was updated to 4.0 in Fedora 31 and this is a non-backward compatible change. So clevis needs to be updated as well with the patches to support the tpm2-tools 4.0 version. This has already been fixed upstream in Clevis: https://github.com/latchset/clevis/commit/c86cf48bd608a590cac11d79868140fd16fc0113 You'll need to ship this fix in the Fedora–packaged copy of Clevis. There is an updated package in -testing that supports tpm2-tools 4.0: https://bodhi.fedoraproject.org/updates/FEDORA-2019-23fd8b9534 It should be available in -stable soon. Works as expected with clevis-11-8.fc31. Thank you. Closing as this was fixed in clevis-11-8.fc31. |