Hmm, that was not enough yet - but it feels close ...
It seems that this is due to changes in:
swtpm (0.6.1-0ubuntu4) jammy; urgency=medium
* debian/patches/openssl-not-certtool.patch: Use openssl at runtime,
not certtool.
-- Steve Langasek <email address hidden> Fri, 05 Nov 2021 13:16:42 -0700
In there the .rnd is added
It refers to
"RANDFILE = $ENV::HOME/.rnd\n"
And maybe in this mode not only is it user swtpm, but also stripped of HOME?
Might want to access even /.rnd in root?
With the analysis so far I'd mark all but swtpm as invalid and hope to resolve it either in that patch and/or in the way the users home dir is created.
The swtpm user is created as:
swtpm:x: 113:121: virtual TPM software stack,, ,:/var/ lib/swtpm: /bin/false
But
$ ls -laF /var/lib/swtpm
ls: cannot access '/var/lib/swtpm': No such file or directory
I guess we need to give him a better home dir?
For example drop `--no-create-home` from the postinst in /var/lib/ dpkg/info/ swtpm-tools. postinst?
Testing with
$ sudo mkdir /var/lib/swtpm
$ sudo chown swtpm:swtpm /var/lib/swtpm
Hmm, that was not enough yet - but it feels close ...
It seems that this is due to changes in:
swtpm (0.6.1-0ubuntu4) jammy; urgency=medium
* debian/ patches/ openssl- not-certtool. patch: Use openssl at runtime,
not certtool.
-- Steve Langasek <email address hidden> Fri, 05 Nov 2021 13:16:42 -0700
In there the .rnd is added
It refers to
"RANDFILE = $ENV::HOME/.rnd\n"
And maybe in this mode not only is it user swtpm, but also stripped of HOME?
Might want to access even /.rnd in root?
With the analysis so far I'd mark all but swtpm as invalid and hope to resolve it either in that patch and/or in the way the users home dir is created.