Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
How can I find out how this package ended up in the default package set? When I try to remove it, it takes nothing else with it, so I don't know why it's on the install media.
The confusion begins with Fedora-Workstation-Live-x86_64-31-1.9.iso, which includes tpm2-abrmd-selinux-2.1.0-3.fc31.noarch tpm2-tools-3.2.0-3.fc31.x86_64 tpm2-abrmd-2.2.0-2.fc31.x86_64 tpm2-tss-2.3.1-1.fc31.x86_64
On Tue, Dec 3, 2019 at 6:28 AM Chris Murphy lists@colorremedies.com wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
How can I find out how this package ended up in the default package set? When I try to remove it, it takes nothing else with it, so I don't know why it's on the install media.
It's very likely it doesn't need to be there, clevis which does automatic disk unlock using the TPM2 uses the kernel access broker as do most other things these days so a user space abrmd really isn't needed.
The confusion begins with Fedora-Workstation-Live-x86_64-31-1.9.iso, which includes tpm2-abrmd-selinux-2.1.0-3.fc31.noarch tpm2-tools-3.2.0-3.fc31.x86_64 tpm2-abrmd-2.2.0-2.fc31.x86_64 tpm2-tss-2.3.1-1.fc31.x86_64
-- Chris Murphy _______________________________________________ desktop mailing list -- desktop@lists.fedoraproject.org To unsubscribe send an email to desktop-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.or...
Hi Chris,
On Tue, Dec 3, 2019 at 7:28 AM Chris Murphy lists@colorremedies.com wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
How can I find out how this package ended up in the default package set?
0 $ dnf repoquery --whatrecommends tpm2-abrmd fwupd-0:1.2.11-2.fc31.i686 fwupd-0:1.2.11-2.fc31.x86_64
Bye, Tom
On Tue, Dec 3, 2019 at 9:07 AM Tomáš Popela tpopela@redhat.com wrote:
Hi Chris,
On Tue, Dec 3, 2019 at 7:28 AM Chris Murphy lists@colorremedies.com wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
How can I find out how this package ended up in the default package set?
0 $ dnf repoquery --whatrecommends tpm2-abrmd fwupd-0:1.2.11-2.fc31.i686 fwupd-0:1.2.11-2.fc31.x86_64
I believe that is a weak dependency as I don't have it installed (I have weak deps turned off) and I have fwupd.
On Tue, Dec 3, 2019 at 2:07 AM Tomáš Popela tpopela@redhat.com wrote:
Hi Chris,
On Tue, Dec 3, 2019 at 7:28 AM Chris Murphy lists@colorremedies.com wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
How can I find out how this package ended up in the default package set?
0 $ dnf repoquery --whatrecommends tpm2-abrmd fwupd-0:1.2.11-2.fc31.i686 fwupd-0:1.2.11-2.fc31.x86_64
Interesting. Because starting with fwup:1.3.4 I started to run into this bug, which does have a reference to tpm2-abrmd's confusion. https://bugzilla.redhat.com/show_bug.cgi?id=1776030
On the 2nd laptop, fwupd doesn't ever start, and also doesn't exhibit either issue.
I wonder if I remove tpm2-abrmd on the 1st laptop, does the fwupd problem go away.
On Mon, Dec 02, 2019 at 11:27:44PM -0700, Chris Murphy wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
Yeah, I had the same issue and ended up disabling it.
Note: it is against the policy for a service to be enabled by default if it cannot handle the default case gracefully: https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_...
It must either be fixed or kicked out from presets.
How can I find out how this package ended up in the default package set? When I try to remove it, it takes nothing else with it, so I don't know why it's on the install media.
The confusion begins with Fedora-Workstation-Live-x86_64-31-1.9.iso, which includes tpm2-abrmd-selinux-2.1.0-3.fc31.noarch tpm2-tools-3.2.0-3.fc31.x86_64 tpm2-abrmd-2.2.0-2.fc31.x86_64 tpm2-tss-2.3.1-1.fc31.x86_64
Zbyszek
On Tue, Dec 3, 2019 at 2:46 AM Zbigniew Jędrzejewski-Szmek zbyszek@in.waw.pl wrote:
On Mon, Dec 02, 2019 at 11:27:44PM -0700, Chris Murphy wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
Yeah, I had the same issue and ended up disabling it.
Note: it is against the policy for a service to be enabled by default if it cannot handle the default case gracefully: https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_...
Tricky question, is it really enabled by default? Or is it being poked by fwupd? Of course from my simple user perspective, that doesn't matter, but per the policy...I'm not certain.
$ sudo systemctl status tpm2-abrmd ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon Loaded: loaded (/usr/lib/systemd/system/tpm2-abrmd.service; disabled; vendor preset: disabled) Active: activating (auto-restart) (Result: exit-code) since Tue 2019-12-03 11:53:19 MST; 4s ago Process: 7993 ExecStart=/usr/sbin/tpm2-abrmd (code=exited, status=1/FAILURE) Main PID: 7993 (code=exited, status=1/FAILURE) CPU: 32ms [chris@flap ~]$
Hello Chris,
On Tue, Dec 3, 2019 at 7:28 AM Chris Murphy lists@colorremedies.com wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
This seems to be fixed in upstream:
https://github.com/tpm2-software/tpm2-abrmd/pull/669
I've cherry-picked the upstream patches and shared a tpm2-abrmd scratch build in the bugzilla for you to test.
I'm not sure if I agree with the upstream solution though, since they added a RestartPreventExitStatus= option to prevent restarting the daemon in case of errors that they consider not recoverable. But I don't understand why they have the Restart=always in the first place, since the service is D-Bus activated anyways. So I think that all the restart options should just be removed.
And I also think that the unit file should have a condition to check if a TPM chardev exists (i.e: ConditionPathExistsGlob=/dev/tpm*) and don't even attempt to start the service if that's not the case.
I've proposed both changes upstream, let's see what they say.
Best regards, Javier
On Tue, Dec 3, 2019 at 5:04 AM Javier Martinez Canillas javier@dowhile0.org wrote:
Hello Chris,
On Tue, Dec 3, 2019 at 7:28 AM Chris Murphy lists@colorremedies.com wrote:
Gist is tpm2-abrmd expects to find a TPM2, since it doesn't, it fails ungracefully and restarts every 5s, thus spamming the journal. https://bugzilla.redhat.com/show_bug.cgi?id=1769215
This seems to be fixed in upstream:
https://github.com/tpm2-software/tpm2-abrmd/pull/669
I've cherry-picked the upstream patches and shared a tpm2-abrmd scratch build in the bugzilla for you to test.
I tested that, it does stop the journal spam, but the unit still fails and fwupd/software still complain with a shell notification that an update failed (bug 1776030).
If I downgrade to fwupd-1.2.11-2.fc31.x86_64, I see neither problem (bug 1776030 or bug 1769215)
If I keep fwupd-1.3.5-1.fc31.x86_64, but remove tpm2-abrmd, I also see neither problem.
So that explains why these only showed up after release.
desktop@lists.fedoraproject.org
-
Chris Murphy -
Javier Martinez Canillas -
Peter Robinson -
Tomáš Popela -
Zbigniew Jędrzejewski-Szmek