From 40afa33a12d70f8fa573ca238570076b25cce07b Mon Sep 17 00:00:00 2001 From: renner Date: Sat, 16 May 2026 16:42:21 +0200 Subject: [PATCH] chore: remove swtpm workaround This was originally added in https://github.com/ublue-os/bluefin/pull/1231. It seems to not be needed anymore, I tested this with bootc install and upgrading an existing system with the workaround and the /usr/bin/swtpm has the right selinux label `system_u:object_r:swtpm_exec_t:s0`. You can verify this with `ls -lZ /usr/bin/swtpm`. I am not sure what change caused this to be not needed anymore. Maybe it was the way rpm-ostree handles selinux things nowadays, rechunking related? Fixes: https://github.com/ublue-os/aurora/issues/2152 --- .../systemd/system/incus-workaround.service | 2 +- .../systemd/system/swtpm-workaround.service | 20 ------------------- .../usr/lib/tmpfiles.d/swtpm-workaround.conf | 2 -- 3 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 system_files/dx/usr/lib/systemd/system/swtpm-workaround.service delete mode 100644 system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf diff --git a/system_files/dx/usr/lib/systemd/system/incus-workaround.service b/system_files/dx/usr/lib/systemd/system/incus-workaround.service index 7866300..2b4ba31 100644 --- a/system_files/dx/usr/lib/systemd/system/incus-workaround.service +++ b/system_files/dx/usr/lib/systemd/system/incus-workaround.service @@ -1,5 +1,5 @@ [Unit] -Description=Workaround swtpm not having the correct label +Description=Workaround incus not having the correct label ConditionFileIsExecutable=/usr/bin/incus ConditionFileIsExecutable=/usr/bin/incus-agent ConditionPathExists=/usr/lib/incus diff --git a/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service b/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service deleted file mode 100644 index b4cd40d..0000000 --- a/system_files/dx/usr/lib/systemd/system/swtpm-workaround.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Workaround swtpm not having the correct label -ConditionFileIsExecutable=/usr/bin/swtpm -After=local-fs.target - -[Service] -Type=oneshot -# Copy if it doesn't exist -ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/overrides/swtpm ] || /usr/bin/cp /usr/bin/swtpm /usr/local/bin/overrides/swtpm" -# This is faster than using .mount unit. Also allows for the previous line/cleanup -ExecStartPre=/usr/bin/mount --bind /usr/local/bin/overrides/swtpm /usr/bin/swtpm -# Fix SELinux label -ExecStart=/usr/sbin/restorecon /usr/bin/swtpm -# Clean-up after ourselves -ExecStop=/usr/bin/umount /usr/bin/swtpm -ExecStop=/usr/bin/rm /usr/local/bin/overrides/swtpm -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf b/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf deleted file mode 100644 index 62147f4..0000000 --- a/system_files/dx/usr/lib/tmpfiles.d/swtpm-workaround.conf +++ /dev/null @@ -1,2 +0,0 @@ -C /usr/local/bin/overrides/swtpm - - - - /usr/bin/swtpm -d /var/lib/swtpm-localca 0750 tss tss - -