Review: clevis 22-1
New Package Report
.changes
| Source | clevis |
|---|---|
| Version | 22-1 |
| Changed-By | Christoph Biedl |
| Architecture | source armhf |
| Distribution | unstable |
| Date | Sat, 25 Apr 2026 08:16:59 +0200 |
Changelog
clevis (22-1) unstable; urgency=medium
.
* New upstream version 22
This introduces support for PKCS#11
* Relax install dependencies on dracut and initramfstools.
Closes: #1086553, #1086554
* Cherry-pick "Dracut: fix running with v110 Dracut".
Closes: #1132900.dsc
| Package-List | clevis deb net optional arch=linux-any clevis-dracut deb net optional arch=linux-any clevis-dracut-pkcs11 deb net optional arch=linux-any clevis-initramfs deb net optional arch=linux-any clevis-luks deb net optional arch=linux-any clevis-pkcs11 deb net optional arch=linux-any clevis-systemd deb net optional arch=linux-any clevis-systemd-pkcs11 deb net optional arch=linux-any clevis-tpm2 deb net optional arch=linux-any clevis-udisks2 deb net optional arch=linux-any |
|---|---|
| Section | net |
| Priority | optional |
| Component | main |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: clevis Source: https://github.com/latchset/clevis Files: * Copyright: Copyright (c) 2015-2017 Red Hat, Inc. License: GPL-3.0+ with OpenSSL exception License: GPL-3.0+ with OpenSSL exception This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. . On Debian systems, the complete text of the GNU General Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. . You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here.
Review Information
rejected — allocated to mechtilde 11 days ago, started 11 days ago, completed 11 days ago.
Final Comment
Hi,
Please list all autors of the package including your own authorship.
Also please list more detailled which files are licensed under GPL-3+
and which files are licensed under GPL-3.0+ with OpenSSL exception.
On this occasion you can also look at the lintian warnings to fix them.
Thanks
Public Notes
11 days ago
● public
Missed Author Check
Command: dnq author-check
Exit code: 0
Using active review (from current.json): clevis
Author check: clevis 22-1
Scanned 173 files.
Authors declared in debian/copyright: 1
NOT IN debian/copyright (3):
Christoph Biedl Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
src/pins/file/clevis-decrypt-file:5
src/pins/file/clevis-encrypt-file:5
src/pins/file/dracut.module-setup.sh.in:3
src/pins/file/initramfs.in:3
src/pins/file/pin-file:5
Guilhem Moulin
src/initramfs-tools/scripts/local-top/clevis.in:5
Shawn Rose
src/initramfs-tools/hooks/clevis.in:3
src/initramfs-tools/scripts/local-bottom/clevis.in:3
src/initramfs-tools/scripts/local-top/clevis.in:4
Result: ATTENTION REQUIRED — 3 authors not in debian/copyright
11 days ago
● public
Lintian
Command: lintian -c -E -I -i -L '>=warning' --show-overrides --color=never ../$(basename $PWD)_*.changes
Exit code: 2
N:
E: clevis-initramfs: repeated-trigger-name update-initramfs (lines 1 3) [triggers]
N:
N: The package repeats the same trigger. There should be no reason to do this
N: and it may lead to confusing results or errors.
N:
N: For the same "base" type of trigger (e.g. two interest-type triggers) the
N: last declaration will be the effective one.
N:
N: This tag is also triggered if the package has an activate trigger for
N: something on which it also declares an interest. The only (but rather
N: unlikely) reason to do this is if another package *also* declares an
N: interest and this package needs to activate that other package. If the
N: package is using it for this exact purpose, then please use a Lintian
N: override to state this.
N:
N: Please remove any duplicate definitions.
N:
N: Please refer to the deb-triggers(5) manual page and Bug#698723 for
N: details.
N:
N: Visibility: error
N: Show-Always: no
N: Check: triggers
N:
N:
W: clevis: no-manual-page [usr/bin/clevis-decrypt-file]
N:
N: Each binary in /usr/bin, /usr/sbin, /bin, /sbin or /usr/games should have
N: a manual page
N:
N: Note that though the man program has the capability to check for several
N: program names in the NAMES section, each of these programs should have its
N: own manual page (a symbolic link to the appropriate manual page is
N: sufficient) because other manual page viewers such as xman or tkman don't
N: support this.
N:
N: If the name of the manual page differs from the binary by case, man may be
N: able to find it anyway; however, it is still best practice to match the
N: exact capitalization of the executable in the manual page.
N:
N: If the manual pages are provided by another package on which this package
N: depends, Lintian may not be able to determine that manual pages are
N: available. In this case, after confirming that all binaries do have manual
N: pages after this package and its dependencies are installed, please add a
N: Lintian override.
N:
N: Please refer to Manual pages (Section 12.1) in the Debian Policy Manual
N: for details.
N:
N: Visibility: warning
N: Show-Always: no
N: Check: documentation/manual
N: Renamed from: binary-without-manpage
N:
N:
W: clevis: no-manual-page [usr/bin/clevis-decrypt-null]
N:
W: clevis: no-manual-page [usr/bin/clevis-decrypt-sss]
N:
W: clevis: no-manual-page [usr/bin/clevis-decrypt-tang]
N:
W: clevis: no-manual-page [usr/bin/clevis-encrypt-null]
N:
W: clevis-luks: no-manual-page [usr/bin/clevis-luks-common-functions]
N:
W: clevis-pkcs11: no-manual-page [usr/bin/clevis-decrypt-pkcs11]
N:
W: clevis-pkcs11: no-manual-page [usr/bin/clevis-pkcs11-afunix-socket-unlock]
N:
W: clevis-pkcs11: no-manual-page [usr/bin/clevis-pkcs11-common]
N:
W: clevis-tpm2: no-manual-page [usr/bin/clevis-decrypt-tpm2]
N:
N: This program requires root, see
N: https://github.com/martinezjavier/clevis/commit/68427763f47132a21e3fee066f20500a187c3662
N: If there's a way to do this using POSIX capabilities, let me know.
11 days ago
● public
Licenserecon
Command: lrc | grep -v 'Superfluous file pattern'
Exit code: 0
de: Versions: licenserecon '14.0' licensecheck '3.3.9-1'
Quellbaum analysieren ....
Lesen d/copyright ....
Fehlende Dateien Absatz für debian/
Wird ausgeführt licensecheck ....
d/copyright | licensecheck
GPL-3.0+ with OpenSSL exception| GPL-3 meson.build
GPL-3.0+ with OpenSSL exception| GPL-3+ src/clevis
GPL-3.0+ with OpenSSL exception| GPL-3+ src/clevis-decrypt
GPL-3.0+ with OpenSSL exception| GPL-3+ src/initramfs-tools/hooks/clevis.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/initramfs-tools/scripts/local-bottom/clevis.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/initramfs-tools/scripts/local-top/clevis.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-bind
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-common-functions.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-edit
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-list
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-pass
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-regen
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-report
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-unbind.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/clevis-luks-unlock
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis/clevis-hook.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis/clevis-luks-unlocker
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis/module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-null/module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-prehook.sh
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-pkcs11/module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-sss/module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-tang/module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/dracut/clevis-pin-tpm2/module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/systemd/clevis-luks-askpass.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/systemd/clevis-luks-pkcs11-askpass.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/systemd/clevis-luks-pkcs11-askpin.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/assume-yes
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/assume-yes-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/backup-restore-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/backup-restore-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bad-sss
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-already-used-luksmeta-slot
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-binary-keyfile-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-hash-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-hash-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-key-file-non-interactive-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-luks1-avoid-luksmeta-corruption
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-luks2-ext-token
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-pass-with-newline-keyfile-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-pass-with-newline-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-wrong-pass-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/bind-wrong-pass-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/edit-hash-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/edit-hash-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/edit-tang-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/edit-tang-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/get-hash-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/get-hash-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/get-hash-validation
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/list-recursive-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/list-recursive-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/list-sss-tang-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/list-sss-tang-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/list-tang-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/list-tang-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/pass-tang-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/pass-tang-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/regen-hash-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/regen-hash-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/regen-inplace-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/regen-inplace-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/regen-not-inplace-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/regen-not-inplace-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/report-sss-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/report-sss-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/report-tang-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/report-tang-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/tests-common-functions.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unbind-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unbind-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unbind-unbound-slot-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unbind-unbound-slot-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unlock-arbitrary-parameter
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unlock-tang-luks1
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/tests/unlock-tang-luks2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/luks/udisks2/clevis-luks-udisks2.c
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/file/clevis-decrypt-file
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/file/clevis-encrypt-file
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/file/dracut.module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/file/initramfs.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/file/pin-file
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/pkcs11/clevis-decrypt-pkcs11
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/pkcs11/clevis-encrypt-pkcs11
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/pkcs11/clevis-pkcs11-afunix-socket-unlock.c
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/pkcs11/clevis-pkcs11-common
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/pkcs11/tests/pin-pkcs11
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/pkcs11/tests/pkcs11-common-tests
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/sss/clevis-decrypt-null
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/sss/clevis-decrypt-sss.c
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/sss/clevis-encrypt-null
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/sss/clevis-encrypt-sss.c
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/sss/sss.c
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/sss/sss.h
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tang/clevis-decrypt-tang
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tang/clevis-encrypt-tang
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tang/tests/default-thp-alg
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tang/tests/pin-tang
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tang/tests/tang-common-test-functions.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tang/tests/tang-validate-adv
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/template/clevis-decrypt-@pin@
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/template/clevis-encrypt-@pin@
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/template/dracut.module-setup.sh.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/template/initramfs.in
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/template/pin-@pin@
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tpm2/clevis-decrypt-tpm2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tpm2/clevis-encrypt-tpm2
GPL-3.0+ with OpenSSL exception| GPL-3+ src/pins/tpm2/pin-tpm2