Skip to content

clevis: update to 23#61296

Merged
Duncaen merged 1 commit into
void-linux:masterfrom
louiszn:clevis-23
Jul 2, 2026
Merged

clevis: update to 23#61296
Duncaen merged 1 commit into
void-linux:masterfrom
louiszn:clevis-23

Conversation

@louiszn

@louiszn louiszn commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Testing the changes

  • I tested the changes in this PR: YES

Local build testing

  • I built this PR locally for my native architecture, x86_64-glibc

Additional testing:

  • Updated clevis to 23.
  • Applied upstream dracut fixes from dracut: fix some portability issues in non-systemd environments latchset/clevis#561:
    • avoid requiring systemd-reply-password at build time on non-systemd systems
    • include chmod in the dracut module for the password unlocker scripts
  • Set b_ndebug=false because Clevis 23's test-token-to-jwe uses assert(). With Void's default b_ndebug=true, NDEBUG is defined, the assertions are compiled out, and the test fails to build under -Werror due to unused variables.
  • Added a patch for test-token-to-jwe to avoid using assert(). With Void's default b_ndebug=true, NDEBUG is defined, so assert() is compiled out and the test fails to build under -Werror due to unused variables. The patch uses an explicit CHECK() helper instead.
  • Tested on Void Linux x86_64 with runit, dracut, and a TPM2-bound LUKS root volume.
  • Confirmed Clevis 23 builds successfully.
  • Confirmed TPM2-bound LUKS auto-unlock works after regenerating the initramfs with dracut.
  • Confirmed the previous early-boot chmod: command not found warning is gone.

@Duncaen Duncaen left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Set b_ndebug=false because Clevis 23's test-token-to-jwe uses assert(). With Void's default b_ndebug=true, NDEBUG is defined, the assertions are compiled out, and the test fails to build under -Werror due to unused variables.

Wouldn't it be better to fix the patch instead or disable -Werror?

Comment thread srcpkgs/clevis/template Outdated
Comment thread srcpkgs/clevis/template Outdated
@louiszn

louiszn commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author
  • Set b_ndebug=false because Clevis 23's test-token-to-jwe uses assert(). With Void's default b_ndebug=true, NDEBUG is defined, the assertions are compiled out, and the test fails to build under -Werror due to unused variables.

Wouldn't it be better to fix the patch instead or disable -Werror?

Thanks, fixed in a follow-up commit. I dropped b_ndebug=false and added a patch for test-token-to-jwe instead.

The test relied on assert(), so with NDEBUG enabled the assertions were compiled out and the variables became unused under -Werror. The patch replaces assert() with an explicit CHECK() helper so the test still works with the default build flags.

@louiszn

louiszn commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Hi @Duncaen, I think the previous review comments should be addressed now. Could you take another look when you have time?

@Duncaen

Duncaen commented Jul 2, 2026

Copy link
Copy Markdown
Member

Looks ok, commits need to be squashed and it would probably be good if @mmdbalkhi and some others tired it.

@mmdbalkhi

mmdbalkhi commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

LGTM

@louiszn

louiszn commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Squashed the commits into one. Thanks for the review and testing.

@louiszn louiszn requested a review from mmdbalkhi July 2, 2026 16:41
@Duncaen Duncaen merged commit d4d3d31 into void-linux:master Jul 2, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants