initramfs always tries to bring up the network even when unnecessary
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
clevis (Ubuntu) |
Fix Released
|
Undecided
|
dann frazier | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
dann frazier | ||
Groovy |
Fix Released
|
Undecided
|
dann frazier |
Bug Description
[Impact]
Currently if you install clevis-initramfs, it will always try to bring up networking even in cases where it is unnecessary. It's not necessary if, say, the volume is to be unlocked via TPM, or perhaps no pin at all and clevis just happens to be installed. In those cases, the user is stuck waiting for configure_
[Test Case]
- Regression test a system that is online and uses a tang pin.
- Test a system using a tang pin that is offline, and confirm the user is prompted with a passphrase prompt without delay.
- Test a system that does not use a tang pin and verify that network config is not attempted.
[Fix]
Backport of this upstream patch series:
https:/
https:/
https:/
[Regression Potential]
If the tang pin detection is buggy, it's possible that systems will fail to auto-unlock using a tang server. It's also possible (but seemingly unlikely) that users have been relying on network access in the initramfs as a side-effect of having clevis installed, and that could no longer be the case if clevis determines it is not necessary for its own purposes.
Changed in clevis (Ubuntu Groovy): | |
status: | New → In Progress |
Changed in clevis (Ubuntu Focal): | |
status: | New → Confirmed |
Changed in clevis (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in clevis (Ubuntu Groovy): | |
assignee: | nobody → dann frazier (dannf) |
Changed in clevis (Ubuntu Focal): | |
status: | Confirmed → Triaged |
Changed in clevis (Ubuntu Bionic): | |
status: | Confirmed → Triaged |
Changed in clevis (Ubuntu Groovy): | |
status: | In Progress → Fix Released |
description: | updated |
Changed in clevis (Ubuntu Focal): | |
status: | Triaged → In Progress |
assignee: | nobody → dann frazier (dannf) |
Hello dann, or anyone else affected,
Accepted clevis into focal-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ clevis/ 12-1ubuntu2. 2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification- needed- focal to verification- done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- focal. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.