Package: systemd-cryptsetup Version: 257.7-1 Severity: serious Justification: potentially renders systemd-cryptenroll unusable
Hello, depending on how systemd-cryptenroll is used, it will end up dlopen():ing various libraries, but these libraries are not listed as dependencies of systemd-cryptenroll. From some quick testing on a qemu VM, these libraries seem to be necessary (but there might be more depending on the exact hardware that is detected): TPM2: libtss2-esys.so libtss2-sys.so libtss2-mu.so libtss2-rc.so libtss2-tcti-device.so FIDO2: libcbor.so libfido2.so PKCS11: libp11-kit.so libffi.so I do not see any dependencies (or suggests, recommends, etc) on these libraries in systemd-cryptsetup. There are weak indirect dependencies via libsystemd-shared on some libraries. It suggests: libp11-kit0 libtss2-rc0t64 libfido2-1 But unless I've overlooked something, that's not sufficient for a working systemd-cryptenroll installation. Some of this is obscured by the fact that e.g. fwupd (which I assume is pretty common these days) pulls in e.g. libtss2-esys, but it's not all the libraries needed by systemd-cryptenroll. I assume this is a bug, but I'm not a packaging expert, so please excuse me if I got something wrong. Cheers, David PS The description of systemd-cryptsetup should probably be amended to note that it includes systemd-cryptenroll?
