Bug#1110431: systemd-cryptsetup: please consider providing a .udeb

David Härdeman david at hardeman.nu
Tue Aug 5 11:44:25 BST 2025


Package: systemd-cryptsetup
Version: 257.7-1
Severity: wishlist

Hello,

I'm currently working on adding support to debian-installer for using
various hardware tokens (TPM2, FIDO2, PCKS11) to encrypt disks, which
would make it easy to create a bitlocker-like experience for end users
(this also relies on using dracut in the installed system, but Debian
is currently considering a switch post-trixie [1]).

With that in mind, it would be fantastic if systemd-cryptsetup could
provide an udeb containing, at least, systemd-cryptenroll.

I've hacked a bit on the systemd source, and I have .udebs of
systemd-cryptsetup and libsystemd-shared. The latter pulls in
dependencies on libpam, libseccomp, libaudit and libcap-ng which
do not have udebs (it has other dependencies as well, but those
already seem to have udebs). Currently I hack around that by
manually installing the missing libraries in my local
debian-installer builds.

I'm not sure if it would be preferable to also create udebs for the
missing libraries or if it would be possible to build more limited
versions of systemd-cryptenroll/libsystemd-shared only for the udeb
with a more limited number of dependencies?

Thus this wishlist request, as I hope the systemd maintainers have
a better view of which approach would be preferable (or, if you
have no interest in providing a udeb, then can abandon this project).

Kind regards,
David

PS
For anyone reading this, bug #1110430 might also be relevant

[1] https://salsa.debian.org/kernel-team/meetings/-/wikis/20250730
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110430



More information about the Pkg-systemd-maintainers mailing list