Blame SOURCES/0003-systemd-account-for-unlocking-failures-in-clevis-luk.patch

f67e96
From 678ef82dd5608439c9a4222c594ab66d69009f06 Mon Sep 17 00:00:00 2001
f67e96
From: Sergio Correia <scorreia@redhat.com>
f67e96
Date: Fri, 29 Oct 2021 12:04:46 -0300
f67e96
Subject: [PATCH 3/3] systemd: account for unlocking failures in
f67e96
 clevis-luks-askpass (#343)
f67e96
f67e96
As unlock may fail for some reason, e.g. the network is not up yet,
f67e96
one way cause problems would be to add extra `rd.luks.uuid' params
f67e96
to the cmdline, which would then cause such devices to be unlocked
f67e96
in early boot. If the unlocking fail, those devices might not be
f67e96
accounted for in the clevis_devices_to_unlock() check, as it is
f67e96
based on crypttab.
f67e96
f67e96
Let's make sure there are no pending ask.* sockets waiting to be
f67e96
answered, before exiting.
f67e96
f67e96
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1878892
f67e96
---
f67e96
 src/luks/systemd/clevis-luks-askpass | 5 ++++-
f67e96
 1 file changed, 4 insertions(+), 1 deletion(-)
f67e96
f67e96
diff --git a/src/luks/systemd/clevis-luks-askpass b/src/luks/systemd/clevis-luks-askpass
f67e96
index 285bba4..f19671f 100755
f67e96
--- a/src/luks/systemd/clevis-luks-askpass
f67e96
+++ b/src/luks/systemd/clevis-luks-askpass
f67e96
@@ -67,8 +67,11 @@ while true; do
f67e96
     done
f67e96
 
f67e96
     [ "${loop}" != true ] && break
f67e96
+
f67e96
     # Checking for pending devices to be unlocked.
f67e96
-    if remaining=$(clevis_devices_to_unlock) && [ -z "${remaining}" ]; then
f67e96
+    remaining_crypttab=$(clevis_devices_to_unlock) ||:
f67e96
+    remaining_askfiles=$(ls "${path}"/ask.* 2>/dev/null) ||:
f67e96
+    if [ -z "${remaining_crypttab}" ] && [ -z "${remaining_askfiles}" ]; then
f67e96
         break;
f67e96
     fi
f67e96
 
f67e96
-- 
f67e96
2.33.1
f67e96