Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tpm2-pkcs11: 1.0.1 -> 1.1.0 #82241

Merged
merged 1 commit into from Mar 17, 2020
Merged

Conversation

@r-ryantm
Copy link
Contributor

r-ryantm commented Mar 10, 2020

Semi-automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/tpm2-software/tpm2-pkcs11/releases.

meta.description for tpm2-pkcs11 is: "A PKCS#11 interface for TPM2 hardware"

meta.homepage for tpm2-pkcs11 is: "https://github.com/tpm2-software/tpm2-pkcs11"
Updates performed:

  • Version update
  • Quoted meta.homepage for RFC 45

Release on GitHub

Compare changes on GitHub

Checks done (click to expand)
Rebuild report (if merged into master) (click to expand)

2 total rebuild path(s)

1 package rebuild(s)

1 x86_64-linux rebuild(s)
1 i686-linux rebuild(s)
0 x86_64-darwin rebuild(s)
0 aarch64-linux rebuild(s)

First fifty rebuilds by attrpath
tpm2-pkcs11

Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/zkgal0hm9xpz6qslb2v9p8v3h131xl85-tpm2-pkcs11-1.1.0 \
  --option binary-caches 'https://cache.nixos.org/ https://r-ryantm.cachix.org/' \
  --option trusted-public-keys '
  r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(r-ryantm's Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A tpm2-pkcs11 https://github.com/r-ryantm/nixpkgs/archive/fbd175b11f64963b737683a32eaa34e8f430c639.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/zkgal0hm9xpz6qslb2v9p8v3h131xl85-tpm2-pkcs11-1.1.0
ls -la /nix/store/zkgal0hm9xpz6qslb2v9p8v3h131xl85-tpm2-pkcs11-1.1.0/bin

cc @lschuermann for testing.

@ofborg ofborg bot requested a review from lschuermann Mar 10, 2020
@marsam marsam merged commit 788a7c4 into NixOS:master Mar 17, 2020
16 checks passed
16 checks passed
tpm2-pkcs11 on aarch64-linux No attempt
Details
tpm2-pkcs11 on x86_64-darwin No attempt
Details
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
tpm2-pkcs11 on x86_64-linux Success
Details
@lschuermann
Copy link
Member

lschuermann commented Mar 18, 2020

@marsam This was unfortunate. I didn't leave a comment stating that this needs further testing and attention, so you merged it of course.

However, during changes from tpm2-pkcs11 v1.0.1 to v1.1.0 significant database changes happened, with users strictly advised to make backups of their database beforehand. Do you know how that should be handled in future releases? I guess we don't need to revert this, as the tpm2-module just landed in unstable and this software likely isn't used widely.

@r-ryantm r-ryantm deleted the r-ryantm:auto-update/tpm2-pkcs11 branch Mar 18, 2020
@marsam
Copy link
Contributor

marsam commented Mar 22, 2020

Sorry about that, I did test the executable and assumed it was working correctly

Do you know how that should be handled in future releases?

Unfortunately, I don't think there is a right answer for handling db schema changes in nixos modules; however, we could add tests to the tpm2 module to ensure it still works as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.