On 10/26/21 09:50, lejeczek via CentOS-devel wrote:

Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?

Possibly.  The message "TPM2 not supported on this build" indicates that support was disabled at build time:

https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122

(HAVE_TPM2 was not defined)

If you could post the BZ id here once you've got it, I'll subscribe myself (I've got some interest on the TPM2 front).

Pat

On Tue, 2021-10-26 at 19:55 +0200, František Šumšal wrote:

Apologies, the build support is indeed not enabled, I confused the `- Dtpm=` option with `-Dtpm2=`, which is the one that matters here. And since we don't have a BuildRequires for tpm2-tss, it gets disabled automagically during the build.

So, as Gordon pointed out, please open a BZ for systemd.

On 10/26/21 19:46, Gordon Messmer wrote:

...

On 10/26/21 09:50, lejeczek via CentOS-devel wrote:

...

Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?

Possibly.  The message "TPM2 not supported on this build" indicates that support was disabled at build time:

https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122

(HAVE_TPM2 was not defined)

---

CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel

-- PGP Key ID: 0xFB738CE27B634E4B _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel

On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:

On 26/10/2021 20:10, Patrick Riehecky wrote:

...

If you could post the BZ id here once you've got it, I'll subscribe myself (I've got some interest on the TPM2 front).

Pat

On Tue, 2021-10-26 at 19:55 +0200, František Šumšal wrote:

...

Apologies, the build support is indeed not enabled, I confused the `- Dtpm=` option with `-Dtpm2=`, which is the one that matters here. And since we don't have a BuildRequires for tpm2-tss, it gets disabled automagically during the build.

So, as Gordon pointed out, please open a BZ for systemd.

On 10/26/21 19:46, Gordon Messmer wrote:

...

On 10/26/21 09:50, lejeczek via CentOS-devel wrote:

...

Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?

Possibly.  The message "TPM2 not supported on this build" indicates that support was disabled at build time:

https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122

(HAVE_TPM2 was not defined)

---

https://bugzilla.redhat.com/show_bug.cgi?id=2017541

ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)

On 27/10/2021 16:23, Sergio Correia wrote:

On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:

...

On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:

[snip]

...

...

...

...

...

---

https://bugzilla.redhat.com/show_bug.cgi?id=2017541

ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)

Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.

Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos? many thanks, L.

On 28/10/2021 13:30, Neal Gompa wrote:

On Thu, Oct 28, 2021 at 7:30 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:

...

On 27/10/2021 16:23, Sergio Correia wrote:

...

On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:

...

On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:

[snip]

...

...

...

>> _______________________________________________ >>

https://bugzilla.redhat.com/show_bug.cgi?id=2017541

ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)

Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.

Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos?

When builds are made, they get tagged for c9s-gate, which is where they sit until they pass through automated and manual validation. After that's complete, they move from c9s-gate to c9s, where they get published and released in the next compose. Composes typically happen multiple times a day.

And how long before those should be in yum/dnf repos?

On 30/10/2021 12:54, Neal Gompa wrote:

On Sat, Oct 30, 2021 at 7:45 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:

...

On 28/10/2021 13:30, Neal Gompa wrote:

...

On Thu, Oct 28, 2021 at 7:30 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:

...

On 27/10/2021 16:23, Sergio Correia wrote:

...

On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:

...

On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:

[snip]

...

>>>> _______________________________________________ >>>> > https://bugzilla.redhat.com/show_bug.cgi?id=2017541 > ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)

Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.

Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos?

When builds are made, they get tagged for c9s-gate, which is where they sit until they pass through automated and manual validation. After that's complete, they move from c9s-gate to c9s, where they get published and released in the next compose. Composes typically happen multiple times a day.

And how long before those should be in yum/dnf repos?

A compose *includes* RPM repositories, so once a compose is released, the repositories are updated with the contents of the new compose.

No tpm2 version you mentioned in rpm repos as of this moment.