Skip to content

systemd: Fix systemd-{cryptenroll,cryptsetup} TPM2 and FIDO2 support#179819

Closed
Kranzes wants to merge 29 commits intoNixOS:stagingfrom
Kranzes:systemd-cryptsetup
Closed

systemd: Fix systemd-{cryptenroll,cryptsetup} TPM2 and FIDO2 support#179819
Kranzes wants to merge 29 commits intoNixOS:stagingfrom
Kranzes:systemd-cryptsetup

Conversation

@Kranzes
Copy link
Member

@Kranzes Kranzes commented Jul 1, 2022

Description of changes

With this change it is now possible to decrypt LUKs protected partitions with a FIDO2 or TPM2 token.

Reviving #171242

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

jvanbruegge and others added 29 commits June 8, 2022 11:29
@jvanbruegge
audible-cli: 0.1.3 -> 0.2.0
2d92bf2
@dotlambda
python310Packages.safety: 1.10.3 -> 2.0.0
92bde87 
https://github.com/pyupio/safety/blob/2.0.0/CHANGELOG.md
@SuperSandro2000
gosca: drop
37b1b4e
@SuperSandro2000
go-langserver: drop
f6fb862
@dotlambda
python310Packages.zope-cachedescriptors: init at 4.3.1
9fcfdda
@dotlambda
python310Packages.zope-testbrowser: init at 5.6.1
eb92ef3
@dotlambda
python310Packages.splinter: 0.17.0 -> 0.18.0
9a578a2 
https://github.com/cobrateam/splinter/releases/tag/0.18.0
@r-ryantm
python310Packages.tempest: 31.0.0 -> 31.1.0
283d975
@prusnak
bitcoin: fix broken build on aarch64-darwin
2838597 
by disabling stackprotector which kills the tests
@prusnak
Merge pull request NixOS#179795 from prusnak/bitcoin-fix
6f1178e 
bitcoin: fix broken build on aarch64-darwin
@r-ryantm @jtojnar
gnome.gnome-control-center: 42.2 -> 42.3
2439ddb
@r-ryantm @jtojnar
gnome.gnome-software: 42.2 -> 42.3
991aa3f
@r-ryantm @jtojnar
glib-networking: 2.72.0 -> 2.72.1
4c35729
@cpcloud
duckdb: add patch to fix list type inference (NixOS#178886)
a034fd5
@SuperSandro2000
Merge pull request NixOS#179783 from r-ryantm/auto-update/tempest
3a058ea 
python310Packages.tempest: 31.0.0 -> 31.1.0
@SuperSandro2000
Merge pull request NixOS#179509 from dotlambda/safety-2.0.0
2a57f38 
python310Packages.safety: 1.10.3 -> 2.0.0
@SuperSandro2000
Merge pull request NixOS#177238 from dotlambda/splinter-0.18.0
bc061be 
python310Packages.splinter: 0.17.0 -> 0.18.0
@avdv @SuperSandro2000
lesspipe: 1.85 -> 2.05 (NixOS#178581)
e94f1b4 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
@SuperSandro2000
Merge pull request NixOS#179709 from SuperSandro2000/go-cleanup
455268a 
gosca: drop, go-langserver: drop
@dotlambda
python310Packages.ua-parser: 0.10.0 -> 0.15.0
2f37856
@dotlambda
ytfzf: 2.3 -> 2.4.0
e03a833 
https://github.com/pystardust/ytfzf/releases/tag/v2.4.0
@dotlambda
python310Packages.jarowinkler: 1.0.4 -> 1.0.5
638a2fb 
https://github.com/maxbachmann/JaroWinkler/releases/tag/v1.0.5
@dotlambda
rapidfuzz-cpp: 1.0.3 -> 1.0.4
78958dd 
https://github.com/maxbachmann/rapidfuzz-cpp/releases/tag/v1.0.4
@dotlambda
python310Packages.rapidfuzz: 2.0.15 -> 2.1.0
b6b5216 
https://github.com/maxbachmann/RapidFuzz/releases/tag/v2.1.0
@dotlambda
libdeltachat: 1.86.0 -> 1.87.0
fc8b57d 
https://github.com/deltachat/deltachat-core-rust/blob/1.87.0/CHANGELOG.md
@r-ryantm @jtojnar
amtk: 5.4.1 -> 5.5.1
415492e
@SuperSandro2000
Merge pull request NixOS#176868 from jvanbruegge/audible-cli-v0.2
59000d3 
audible-cli: 0.1.3 -> 0.2.0
@Kranzes
cryptsetup:Allow reading tokens from relative path
14d65d5
@Kranzes
systemd: Wrap in LUKS2 tokens
0e3b35a
@Kranzes Kranzes requested a review from a team as a code owner July 1, 2022 16:55
@Kranzes Kranzes requested a review from dasJ July 1, 2022 16:56
@github-actions github-actions bot added the 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. label Jul 1, 2022
@Kranzes Kranzes changed the base branch from master to staging July 1, 2022 16:56
@github-actions github-actions bot added 6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: python Python is a high-level, general-purpose programming language. labels Jul 1, 2022
@Kranzes Kranzes closed this Jul 1, 2022
@ofborg ofborg bot added 8.has: clean-up This PR removes packages or removes other cruft 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jul 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dasJ dasJ Awaiting requested review from dasJ

@jtojnar jtojnar Awaiting requested review from jtojnar

@mmahut mmahut Awaiting requested review from mmahut

@RaghavSood RaghavSood Awaiting requested review from RaghavSood

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

Assignees

No one assigned

Labels

6.topic: GNOME GNOME desktop environment and its underlying platform 6.topic: python Python is a high-level, general-purpose programming language. 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: clean-up This PR removes packages or removes other cruft 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@Kranzes @jvanbruegge @dotlambda @SuperSandro2000 @r-ryantm @prusnak @cpcloud @avdv