Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at

Bug 1868602

Summary: Review Request: clevis-pin-tpm2 - Clevis PIN for unlocking with TPM2 supporting Authorized Policies
Product: [Fedora] Fedora Reporter: Peter Robinson <pbrobinson>
Component: Package ReviewAssignee: Zbigniew Jędrzejewski-Szmek <zbyszek>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: high    
Version: rawhideCC: bcotton, package-review, zbyszek
Target Milestone: ---Flags: zbyszek: fedora-review+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-25 10:36:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1847906, 1862554, 1862965, 2030272    
Bug Blocks: 1269538    

Description Peter Robinson 2020-08-13 09:00:28 UTC

Clevis PIN for unlocking with TPM2 supporting Authorized Policies

FAS: pbrobinson

Comment 1 Zbigniew Jędrzejewski-Szmek 2020-08-19 08:49:12 UTC
The license needs to be approved. There's a thread of fedora-legal from June about it. I sent a reminder.

Then, the license will need to be added to rust2rpm so it is translated properly from the SPDX tag. That
isn't blocking, it can be adjusted manually until rust2rpm is updated.

Comment 2 Zbigniew Jędrzejewski-Szmek 2020-08-19 14:59:31 UTC
The license has been approved.

+ package name is OK
+ license is acceptable for Fedora (EUPL-1.2)
- license is specified correctly: needs to be "EUPL 1.2"
+ builds and installs OK
+ spec file is generated by rust2rpm, so it should be OK

clevis-pin-tpm2-debuginfo.x86_64: W: invalid-license EUPL-1.2
See above.

clevis-pin-tpm2-debuginfo.x86_64: W: invalid-url URL: <urlopen error [Errno -3] Temporary failure in name resolution>
False positive.

clevis-pin-tpm2.x86_64: W: incoherent-version-in-changelog 0.0.1-1 ['0.1.1-1.fc34', '0.1.1-1']
Please fix.

clevis-pin-tpm2.x86_64: W: ldd-failed /usr/bin/clevis-pin-tpm2
I guess it's related to rust and static linking. Probably not an issue.

clevis-pin-tpm2.x86_64: W: no-documentation
clevis-pin-tpm2.x86_64: E: non-standard-executable-perm /usr/bin/clevis-pin-tpm2 555
Yeah, 0755 is expected.

clevis-pin-tpm2.x86_64: W: no-manual-page-for-binary clevis-pin-tpm2
3 packages and 0 specfiles checked; 1 errors, 10 warnings.

Comment 3 Zbigniew Jędrzejewski-Szmek 2020-08-19 15:18:14 UTC
> clevis-pin-tpm2.x86_64: W: ldd-failed /usr/bin/clevis-pin-tpm2
> I guess it's related to rust and static linking. Probably not an issue.
Actually it's the mock/systemd-nspawn/glibc-2.32 issue. The binary is OK.

Comment 4 Peter Robinson 2020-08-20 09:33:55 UTC
Seeing a build fail on 32 bit arches, filed bug for upstream:

Comment 6 Zbigniew Jędrzejewski-Szmek 2020-08-21 12:15:11 UTC
License is still wrong, should be "EUPL 1.2", please fix before uploading.

$ rpmlint clevis-pin-tpm2-0.1.2-1.fc34.x86_64.rpm
clevis-pin-tpm2.x86_64: W: invalid-license EUPL-1.2
clevis-pin-tpm2.x86_64: W: no-documentation
clevis-pin-tpm2.x86_64: W: no-manual-page-for-binary clevis-pin-tpm2
1 packages and 0 specfiles checked; 0 errors, 3 warnings.

Package is APPROVED.

Comment 7 Gwyn Ciesla 2020-08-21 13:37:14 UTC
(fedscm-admin):  The Pagure repository was created at