Oldřich Jedlička

Latest Debian 11 (bullseye), 12 (bookworm) and Fedora v39, v40 and v41 packages are available here https://github.com/oldium/clevis/releases/tag/v21_tpm1u2.

@sarroutbi I think it would be good to split first 5 commits into separate Pull Requests. They are rather independent improvements/fixes (including fix for #456), so they can be handled...

Ok, thanks. Please do not hesitate to tell me if you wish to split it or do anything else, it is Git after all, so anything can be done 😊

> Just a quick confirmation this works great also with a Thinkpad X230 and Fedora 40. Haven’t been able to make it work on ublue/bluefin yet but they have an...

@natterangell Which release of Bluefin are you most interested in? GTS (Fedora 39) or stable (Fedora 40)? Edit: I have tested Clevis TPM 1.2 on Fedora 40 actually, not on...

I think I got it. Fedora is using `hostonly=yes` Dracut config, while Ublue-OS has `hostonly=no`. The Fedora's RPM unfortunately does not contain required trouser's file `system.data.auth`, so I will probably...

> I’m building a Bluefin Stable (40) image over here: https://github.com/natterangell/bluefin-dx-thinkpad > > I’m basically force replacing clevis and clevis-luks, then adding clevis-dracut and clevis-systemd (all from your fork). I...

@natterangell Fixed in update 3 at https://github.com/oldium/clevis/releases/tag/v21_tpm1u3. `rpm-ostree` is weird. No more 😅 Basically, you should see something like the following when running `journalctl -t rpm-ostree` after clevis update: ...

Ha! It is possible to reinstall clevis in single run. Install: ``` sudo rpm-ostree install clevis-pin-tpm2 ./clevis-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u3.fc40.x86_64.rpm ``` Update (without clevis-pin-tpm2): ``` sudo rpm-ostree install ./clevis-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u3.fc40.x86_64.rpm...

`X-Forwarded-*` headers are added by proxies, the headers should not be part of the originating request (like the one made by `openidc.lua`). Your description suggests that the `openidc.lua` tries to...