Hi.
fiddling with Stream 9 - is this a fluke or intentional,
-> $ systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build.
and why if the latter , would anybody know?
many thanks, L.
Hi,
On 10/25/21 11:53 PM, lejeczek via CentOS-devel wrote:
Hi.
fiddling with Stream 9 - is this a fluke or intentional,
-> $ systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build.
and why if the latter , would anybody know?
TPM should be enabled[0], however, systemd in C9S inherited the "weak" dependencies, i.e. certain dependencies are dlopen()-ed when needed instead of linking with them directly. TPM is one of such dependencies[1], so make sure you have libtss2-rc.so.0 and libtss2-mu.so.0 installed (provided by tpm2-tss).
[0] https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c9s/systemd.spec... [1] https://github.com/redhat-plumbers/systemd-rhel9/blob/2c98d6adc22458d030f164...
many thanks, L. _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
On 26/10/2021 09:53, František Šumšal wrote:
Hi,
On 10/25/21 11:53 PM, lejeczek via CentOS-devel wrote:
Hi.
fiddling with Stream 9 - is this a fluke or intentional,
-> $ systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build.
and why if the latter , would anybody know?
TPM should be enabled[0], however, systemd in C9S inherited the "weak" dependencies, i.e. certain dependencies are dlopen()-ed when needed instead of linking with them directly. TPM is one of such dependencies[1], so make sure you have libtss2-rc.so.0 and libtss2-mu.so.0 installed (provided by tpm2-tss).
Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps? thanks, L.
[0] https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c9s/systemd.spec... [1] https://github.com/redhat-plumbers/systemd-rhel9/blob/2c98d6adc22458d030f164...
On 10/26/21 09:50, lejeczek via CentOS-devel wrote:
Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?
Possibly. The message "TPM2 not supported on this build" indicates that support was disabled at build time:
https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122
(HAVE_TPM2 was not defined)
Apologies, the build support is indeed not enabled, I confused the `-Dtpm=` option with `-Dtpm2=`, which is the one that matters here. And since we don't have a BuildRequires for tpm2-tss, it gets disabled automagically during the build.
So, as Gordon pointed out, please open a BZ for systemd.
On 10/26/21 19:46, Gordon Messmer wrote:
On 10/26/21 09:50, lejeczek via CentOS-devel wrote:
Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?
Possibly. The message "TPM2 not supported on this build" indicates that support was disabled at build time:
https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122
(HAVE_TPM2 was not defined)
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
If you could post the BZ id here once you've got it, I'll subscribe myself (I've got some interest on the TPM2 front).
Pat
On Tue, 2021-10-26 at 19:55 +0200, František Šumšal wrote:
Apologies, the build support is indeed not enabled, I confused the `- Dtpm=` option with `-Dtpm2=`, which is the one that matters here. And since we don't have a BuildRequires for tpm2-tss, it gets disabled automagically during the build.
So, as Gordon pointed out, please open a BZ for systemd.
On 10/26/21 19:46, Gordon Messmer wrote:
On 10/26/21 09:50, lejeczek via CentOS-devel wrote:
Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?
Possibly. The message "TPM2 not supported on this build" indicates that support was disabled at build time:
https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122
(HAVE_TPM2 was not defined)
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
-- PGP Key ID: 0xFB738CE27B634E4B _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
On 26/10/2021 20:10, Patrick Riehecky wrote:
If you could post the BZ id here once you've got it, I'll subscribe myself (I've got some interest on the TPM2 front).
Pat
On Tue, 2021-10-26 at 19:55 +0200, František Šumšal wrote:
Apologies, the build support is indeed not enabled, I confused the `- Dtpm=` option with `-Dtpm2=`, which is the one that matters here. And since we don't have a BuildRequires for tpm2-tss, it gets disabled automagically during the build.
So, as Gordon pointed out, please open a BZ for systemd.
On 10/26/21 19:46, Gordon Messmer wrote:
On 10/26/21 09:50, lejeczek via CentOS-devel wrote:
Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?
Possibly. The message "TPM2 not supported on this build" indicates that support was disabled at build time:
https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122
(HAVE_TPM2 was not defined)
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
On 26/10/2021 20:10, Patrick Riehecky wrote:
If you could post the BZ id here once you've got it, I'll subscribe myself (I've got some interest on the TPM2 front).
Pat
On Tue, 2021-10-26 at 19:55 +0200, František Šumšal wrote:
Apologies, the build support is indeed not enabled, I confused the `- Dtpm=` option with `-Dtpm2=`, which is the one that matters here. And since we don't have a BuildRequires for tpm2-tss, it gets disabled automagically during the build.
So, as Gordon pointed out, please open a BZ for systemd.
On 10/26/21 19:46, Gordon Messmer wrote:
On 10/26/21 09:50, lejeczek via CentOS-devel wrote:
Nope, tpm2-tss is present in system. Should this go into Bugzilla perhaps?
Possibly. The message "TPM2 not supported on this build" indicates that support was disabled at build time:
https://github.com/systemd/systemd/blob/main/src/shared/tpm2-util.c#L1122
(HAVE_TPM2 was not defined)
ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
[snip]
ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.
On 27/10/2021 16:23, Sergio Correia wrote:
On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
[snip]
ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.
Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos? many thanks, L.
On Thu, Oct 28, 2021 at 7:30 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 16:23, Sergio Correia wrote:
On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
[snip]
> _______________________________________________ >
ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.
Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos?
When builds are made, they get tagged for c9s-gate, which is where they sit until they pass through automated and manual validation. After that's complete, they move from c9s-gate to c9s, where they get published and released in the next compose. Composes typically happen multiple times a day.
-- 真実はいつも一つ!/ Always, there's only one truth!
On 28/10/2021 13:30, Neal Gompa wrote:
On Thu, Oct 28, 2021 at 7:30 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 16:23, Sergio Correia wrote:
On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
[snip]
>> _______________________________________________ >>
ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.
Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos?
When builds are made, they get tagged for c9s-gate, which is where they sit until they pass through automated and manual validation. After that's complete, they move from c9s-gate to c9s, where they get published and released in the next compose. Composes typically happen multiple times a day.
And how long before those should be in yum/dnf repos?
On Sat, Oct 30, 2021 at 7:45 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 28/10/2021 13:30, Neal Gompa wrote:
On Thu, Oct 28, 2021 at 7:30 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 16:23, Sergio Correia wrote:
On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
[snip]
>>> _______________________________________________ >>> https://bugzilla.redhat.com/show_bug.cgi?id=2017541
ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.
Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos?
When builds are made, they get tagged for c9s-gate, which is where they sit until they pass through automated and manual validation. After that's complete, they move from c9s-gate to c9s, where they get published and released in the next compose. Composes typically happen multiple times a day.
And how long before those should be in yum/dnf repos?
A compose *includes* RPM repositories, so once a compose is released, the repositories are updated with the contents of the new compose.
On 30/10/2021 12:54, Neal Gompa wrote:
On Sat, Oct 30, 2021 at 7:45 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 28/10/2021 13:30, Neal Gompa wrote:
On Thu, Oct 28, 2021 at 7:30 AM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 16:23, Sergio Correia wrote:
On Wed, Oct 27, 2021 at 12:13 PM lejeczek via CentOS-devel centos-devel@centos.org wrote:
On 27/10/2021 12:43, lejeczek via CentOS-devel wrote:
[snip]
>>>> _______________________________________________ >>>> > https://bugzilla.redhat.com/show_bug.cgi?id=2017541 > ps. at the moment Stream 9 is kind of tpm2-fcuked, for clevis too do not do tpm2 :)
Actually clevis should be working again, with tpm2-tools-5.0-10.el9, which was built yesterday.
Great that the problem is fixed "somewhere" but, do those fixes go, as updates, straight into the repos?
When builds are made, they get tagged for c9s-gate, which is where they sit until they pass through automated and manual validation. After that's complete, they move from c9s-gate to c9s, where they get published and released in the next compose. Composes typically happen multiple times a day.
And how long before those should be in yum/dnf repos?
A compose *includes* RPM repositories, so once a compose is released, the repositories are updated with the contents of the new compose.
No tpm2 version you mentioned in rpm repos as of this moment.
-
František Šumšal -
Gordon Messmer -
lejeczek -
Neal Gompa -
Patrick Riehecky -
Sergio Correia