Bug#1110430: systemd-cryptsetup: missing dependencies
David Härdeman
david at hardeman.nu
Tue Aug 5 11:32:12 BST 2025
Package: systemd-cryptsetup
Version: 257.7-1
Severity: serious
Justification: potentially renders systemd-cryptenroll unusable
Hello,
depending on how systemd-cryptenroll is used, it will end up dlopen():ing
various libraries, but these libraries are not listed as dependencies of
systemd-cryptenroll. From some quick testing on a qemu VM, these libraries
seem to be necessary (but there might be more depending on the exact
hardware that is detected):
TPM2:
libtss2-esys.so
libtss2-sys.so
libtss2-mu.so
libtss2-rc.so
libtss2-tcti-device.so
FIDO2:
libcbor.so
libfido2.so
PKCS11:
libp11-kit.so
libffi.so
I do not see any dependencies (or suggests, recommends, etc) on these
libraries in systemd-cryptsetup. There are weak indirect dependencies
via libsystemd-shared on some libraries. It suggests:
libp11-kit0
libtss2-rc0t64
libfido2-1
But unless I've overlooked something, that's not sufficient for a
working systemd-cryptenroll installation. Some of this is obscured
by the fact that e.g. fwupd (which I assume is pretty common these
days) pulls in e.g. libtss2-esys, but it's not all the libraries
needed by systemd-cryptenroll.
I assume this is a bug, but I'm not a packaging expert, so please
excuse me if I got something wrong.
Cheers,
David
PS
The description of systemd-cryptsetup should probably be amended to
note that it includes systemd-cryptenroll?
More information about the Pkg-systemd-maintainers
mailing list