-
-
Notifications
You must be signed in to change notification settings - Fork 12.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tpm2-tss: 4.0.1 -> 4.1.0 #307100
tpm2-tss: 4.0.1 -> 4.1.0 #307100
Conversation
This breaks tpm2-pytss for some reason |
Includes the fix for CVE-2024-29040 (not yet disclosed?). Would it make sense to first upgrade to 4.0.2 as it only seems to contain fixes and then work on the upgrade to 4.1.0 which does not seem to smooth? |
dbee1c4
to
7ffec5f
Compare
Bad rebase, sorry for the noise everyone. |
Because upstream rewrote the loader for TCTI, the order for loading backend got shuffled. This explains the noise in the patch.
b507099
to
ad15bfe
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
For next time: This PR rebuilds a lot of packages which means we must target staging. Please follow the contributing guide to not potentially ping a lot of people. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, assuming tests pass
@ofborg test systemd-credentials-tpm2 systemd-initrd-luks-tpm2 |
So overall this PR looks like a "breaking change"? Note that the 24.05 schedule doesn't allow to merge such changes currently (in general): #303285 (comment) |
The necessary patch to I'd consider it a |
Confirmed, |
This PR pulls a patch made by maintainers of I've run all the nixos-tests I could find and all dependencies (but I did that in a rebase on master because I did not have the CPU available to run those on staging). |
I'll trust you that it's safe enough. If it's for NixOS 24.05, better now than later. Upstream changelog doesn't sound scary either. |
Description of changes
Because upstream rewrote the loader for TCTI, the order for loading backend got shuffled. This explains the noise in the patch.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.