#3253 Issue open: Having any 'sedutil-cli' makes normal "rear mkrescue" fail

Labels: enhancement, cleanup, minor bug

jsmeix opened issue at 2024-06-18 10:51:

On openSUSE Leap 15.5 I installed the sedutil RPM
which provides /usr/sbin/sedutil-cli

Having this program makes normal "rear mkrescue" with

OUTPUT=ISO
BACKUP=NETFS

fail:

# usr/sbin/rear -D mkrescue
...
ERROR: '/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.

From the debug log:

+ source /root/rear.github.master/usr/share/rear/prep/default/380_include_opal_tools.sh
++ has_binary sedutil-cli
++ for bin in "$@"
++ type sedutil-cli
++ return 0
++ PROGS+=(sedutil-cli lsblk)
++ KERNEL_CMDLINE+=' libata.allow_tpm=1'
++ COPY_AS_IS_EXCLUDE+=(/lib/udev/rules.d/*-snap*.rules)
++ [[ mkrescue == \m\k\r\e\s\c\u\e ]]
+++ opal_local_pba_image_file
+++ local image_file_path=
+++ [[ -z '' ]]
+++ [[ -n file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA ]]
++++ url_scheme file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local url=file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local scheme=file
++++ echo file
++++ grep -q :
++++ echo file
+++ local image_base_scheme=file
++++ url_path file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local url=file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local url_without_scheme=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ echo /root/rear.github.master/var/lib/rear/TCG-Opal-PBA
+++ local image_base=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA
+++ [[ file == \f\i\l\e ]]
+++ image_file_path=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw
+++ [[ -n /root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw ]]
+++ opal_check_pba_image /root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw
+++ local pba_image_file=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw
+++ [[ -f /root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw ]]
+++ Error ''\''/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw'\'' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.'
+++ test -s /root/rear.github.master/var/log/rear/rear-localhost.log
+++ PrintError 'ERROR: '\''/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw'\'' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.'

The reason is that the OpalPBA code in ReaR
gets activated by the existence of any program
called 'sedutil-cli':

# mv /usr/sbin/sedutil-cli /usr/sbin/sedutil-cli.away

# ls -l /usr/bin/false /usr/sbin/sedutil-cli

# usr/sbin/rear -D mkrescue
...
ERROR: '/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.

see usr/share/rear/prep/default/380_include_opal_tools.sh
Sigh :-(

Workaround to run ReaR normally:

# mv /usr/sbin/sedutil-cli /usr/sbin/sedutil-cli.away

jsmeix commented at 2024-06-18 10:57:

As it seems in practice no ReaR user was hit by it
(because noone reported it up to now here)
I think we can safely fix this issue later
as time permits after the ReaR 3.0 release.

jsmeix commented at 2024-06-19 13:50:

See starting at
https://github.com/rear/rear/issues/3194#issuecomment-2175841475
about what we think what the intended use case
of the OpalPBA code in ReaR likely is.

Nevertheless plain installing 'sedutil' on a system
without a TCG Opal 2-compliant Self-Encrypting Disk
should not make a normal "rear mkrescue" fail
so the current OpalPBA code in ReaR needs
some cleanup and enhancement.


[Export of Github issue for rear/rear.]