diff mbox series

[isar-cip-core,RFC,v2,2/7] use bullseye backports for systemd-cryptenroll

Message ID 20230217130540.509910-3-Quirin.Gylstorff@siemens.com (mailing list archive)
State Superseded
Headers show
Series Encrypt Partition in initramfs | expand

Commit Message

Quirin Gylstorff Feb. 17, 2023, 1:05 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Systemd >= 251 is required for systemd-cryptenroll. This version
is part of backports.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 conf/distro/debian-bullseye-backports.list    |  1 +
 .../preferences.bullseye-backports.tpm.conf   |  3 +++
 kas/opt/tpm.yml                               | 20 +++++++++++++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 conf/distro/debian-bullseye-backports.list
 create mode 100644 conf/distro/preferences.bullseye-backports.tpm.conf
 create mode 100644 kas/opt/tpm.yml

Comments

Felix Moessbauer Feb. 18, 2023, 8:04 a.m. UTC | #1 
On Fri, 2023-02-17 at 14:05 +0100, Quirin Gylstorff via lists.cip-
project.org wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> Systemd >= 251 is required for systemd-cryptenroll. This version
> is part of backports.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  conf/distro/debian-bullseye-backports.list    |  1 +
>  .../preferences.bullseye-backports.tpm.conf   |  3 +++
>  kas/opt/tpm.yml                               | 20
> +++++++++++++++++++
>  3 files changed, 24 insertions(+)
>  create mode 100644 conf/distro/debian-bullseye-backports.list
>  create mode 100644 conf/distro/preferences.bullseye-
> backports.tpm.conf
>  create mode 100644 kas/opt/tpm.yml
> 
> diff --git a/conf/distro/debian-bullseye-backports.list
> b/conf/distro/debian-bullseye-backports.list
> new file mode 100644
> index 0000000..3a55e4c
> --- /dev/null
> +++ b/conf/distro/debian-bullseye-backports.list
> @@ -0,0 +1 @@
> +deb http://ftp.us.debian.org/debian bullseye-backports main contrib
> non-free
> diff --git a/conf/distro/preferences.bullseye-backports.tpm.conf
> b/conf/distro/preferences.bullseye-backports.tpm.conf
> new file mode 100644
> index 0000000..0905fbf
> --- /dev/null
> +++ b/conf/distro/preferences.bullseye-backports.tpm.conf
> @@ -0,0 +1,3 @@
> +Package: *
> +Pin: release n=bullseye-backports
> +Pin-Priority: 801

This does not look right. By that, we take ANY available package from
bpo. For systemd backports, we usually use:

Package: libnss-myhostname libnss-mymachines libnss-resolve libnss-
systemd libpam-systemd libudev1 libsystemd0 systemd systemd-* udev

Felix

> diff --git a/kas/opt/tpm.yml b/kas/opt/tpm.yml
> new file mode 100644
> index 0000000..0e4dc95
> --- /dev/null
> +++ b/kas/opt/tpm.yml
> @@ -0,0 +1,20 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2022
> +#
> +# Authors:
> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +header:
> +  version: 12
> +
> +local_conf_header:
> +  systemd-cryptenroll: |
> +    DISTRO_APT_SOURCES:append:bullseye = " conf/distro/debian-
> bullseye-backports.list"
> +    DISTRO_APT_PREFERENCES:append:bullseye = "
> conf/distro/preferences.bullseye-backports.tpm.conf"
> +  image-option-tpm: |
> +    INITRAMFS_INSTALL += " initramfs-crypt-hook"
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#10715): 
> https://lists.cip-project.org/g/cip-dev/message/10715
> Mute This Topic: https://lists.cip-project.org/mt/97027310/6879696
> Group Owner: cip-dev+owner@lists.cip-project.org
> Unsubscribe: 
> https://lists.cip-project.org/g/cip-dev/leave/12054225/6879696/632350479/xyzzy
>  [felix.moessbauer@siemens.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/conf/distro/debian-bullseye-backports.list b/conf/distro/debian-bullseye-backports.list
new file mode 100644
index 0000000..3a55e4c
--- /dev/null
+++ b/conf/distro/debian-bullseye-backports.list
@@ -0,0 +1 @@ 
+deb http://ftp.us.debian.org/debian bullseye-backports main contrib non-free
diff --git a/conf/distro/preferences.bullseye-backports.tpm.conf b/conf/distro/preferences.bullseye-backports.tpm.conf
new file mode 100644
index 0000000..0905fbf
--- /dev/null
+++ b/conf/distro/preferences.bullseye-backports.tpm.conf
@@ -0,0 +1,3 @@ 
+Package: *
+Pin: release n=bullseye-backports
+Pin-Priority: 801
diff --git a/kas/opt/tpm.yml b/kas/opt/tpm.yml
new file mode 100644
index 0000000..0e4dc95
--- /dev/null
+++ b/kas/opt/tpm.yml
@@ -0,0 +1,20 @@ 
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+  version: 12
+
+local_conf_header:
+  systemd-cryptenroll: |
+    DISTRO_APT_SOURCES:append:bullseye = " conf/distro/debian-bullseye-backports.list"
+    DISTRO_APT_PREFERENCES:append:bullseye = " conf/distro/preferences.bullseye-backports.tpm.conf"
+  image-option-tpm: |
+    INITRAMFS_INSTALL += " initramfs-crypt-hook"