[Bug 2142534] Re: [FFE] Please merge 0.8 into resolute
Skia
2142534 at bugs.launchpad.net
Fri Feb 27 15:24:03 UTC 2026
Awesome, you're good to proceed and sync them both. Let me know if you
need sponsoring or if Mario is handling that.
** Changed in: tpm-udev (Ubuntu Resolute)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tpm-udev in Ubuntu.
https://bugs.launchpad.net/bugs/2142534
Title:
[FFE] Please merge 0.8 into resolute
Status in tpm-udev package in Ubuntu:
Triaged
Status in tpm-udev source package in Resolute:
Triaged
Bug description:
## FFE ##
Packaging changes that simplify the package and make it more streamlined. Crucially, it removes duplication of user/group creation via manual scripts, and relies on tpm2-tss to do it instead. This needs to go in tandem with a similar packaging update in tpm2-tss.
Given code is being removed, rather than added, and it's duplicated functionality, risk of regressions is very low.
This will incidentally fix https://bugs.launchpad.net/ubuntu/+source/tpm-udev/+bug/1900087
The Ubuntu delta has been merged (with some bugfixes too), so it's a
simple sync to update it. Diff from 0.6 to 0.8 in Debian:
diff --git a/debian/changelog b/debian/changelog
index 6c4818d..d1a61f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
+tpm-udev (0.8) unstable; urgency=medium
+
+ [ Luca Boccassi ]
+ * Import fix for changing permissions in containers from Ubuntu (LP: #1900087)
+
+ -- Mario Limonciello <superm1 at gmail.com> Tue, 24 Feb 2026 23:49:55 -0600
+
+tpm-udev (0.7) unstable; urgency=medium
+
+ [ Debian Janitor ]
+ * Bump debhelper from old 11 to 13.
+ * Set debhelper-compat version in Build-Depends.
+ * Update standards version to 4.6.1, no changes needed.
+
+ [ Luca Boccassi ]
+ * Do not depend on udev (Closes: #1086906)
+ * Depend on libtss2-fapi1t64 instead of shelling out in postinst
+ (Closes: #1056665)
+ * Drop priority from d/control, now defaults to optional
+ * Bump Standards-version to 4.7.3
+
+ -- Mario Limonciello <superm1 at debian.org> Mon, 16 Feb 2026 14:37:24 -0600
+
tpm-udev (0.6) unstable; urgency=low
* debian/tpm-udev.udev: Allow tpm devices to be used as systemd dependencies
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index b4de394..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-11
diff --git a/debian/control b/debian/control
index 9e2f31f..a4d3df1 100644
--- a/debian/control
+++ b/debian/control
@@ -1,17 +1,17 @@
Source: tpm-udev
Section: admin
-Priority: optional
Maintainer: Ying-Chun Liu (PaulLiu) <paulliu at debian.org>
Uploaders: Mario Limonciello <superm1 at gmail.com>
-Build-Depends: debhelper (>= 11)
-Standards-Version: 4.5.0
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.7.3
Vcs-Browser: https://salsa.debian.org/debian/tpm-udev
Vcs-Git: https://salsa.debian.org/debian/tpm-udev.git
Package: tpm-udev
Architecture: all
Multi-Arch: foreign
-Depends: adduser, udev, ${misc:Depends}
+Depends: libtss2-fapi1t64 (>= 4.1.3-2~), ${misc:Depends}
+Enhances: udev
Description: udev rules for TPM modules
This package provides udev rules for the TPM modules. Both TPM1 or TPM2 need
this package to be installed to provide proper permissions of the TPM.
diff --git a/debian/rules b/debian/rules
index 82fa06f..d39a078 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,3 +15,7 @@
%:
dh $@
+
+override_dh_installsystemd:
+ dh_installsystemd -X tpm-udev.path --no-start --no-stop-on-upgrade
+ dh_installsystemd -X tpm-udev.service
diff --git a/debian/tpm-udev.dirs b/debian/tpm-udev.dirs
deleted file mode 100644
index 18cf560..0000000
--- a/debian/tpm-udev.dirs
+++ /dev/null
@@ -1 +0,0 @@
-var/lib/tpm
diff --git a/debian/tpm-udev.path b/debian/tpm-udev.path
new file mode 100644
index 0000000..8bcbb73
--- /dev/null
+++ b/debian/tpm-udev.path
@@ -0,0 +1,9 @@
+[Unit]
+ConditionVirtualization=container
+Description=Handle dynamically added tpm devices
+
+[Path]
+PathChanged=/dev
+
+[Install]
+WantedBy=paths.target
diff --git a/debian/tpm-udev.postinst b/debian/tpm-udev.postinst
index 4017f15..0a42aad 100644
--- a/debian/tpm-udev.postinst
+++ b/debian/tpm-udev.postinst
@@ -4,24 +4,6 @@ set -e
case "$1" in
configure)
- # creating tss group if he isn't already there
- if ! getent group tss >/dev/null; then
- addgroup --system tss
- fi
-
- # creating tss user if he isn't already there
- if ! getent passwd tss >/dev/null; then
- adduser --system --ingroup tss --shell /bin/false \
- --home /var/lib/tpm --no-create-home \
- --gecos "TPM software stack" \
- tss
- fi
-
- # Setting owner
- if [ -d /var/lib/tpm ] && getent passwd tss >/dev/null; then
- chown tss:tss /var/lib/tpm
- fi
-
# ask udev to check for new udev rules (and fix device permissions)
if udevadm --version > /dev/null; then
udevadm control --reload-rules ||:
diff --git a/debian/tpm-udev.service b/debian/tpm-udev.service
new file mode 100644
index 0000000..7474c9d
--- /dev/null
+++ b/debian/tpm-udev.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=Handle dynamically added tpm devices
+
+[Service]
+ExecStart=systemd-tmpfiles --create tpm-udev.conf
diff --git a/debian/tpm-udev.tmpfiles b/debian/tpm-udev.tmpfiles
new file mode 100644
index 0000000..3199526
--- /dev/null
+++ b/debian/tpm-udev.tmpfiles
@@ -0,0 +1,4 @@
+# Handle tpm mode and owers in containers
+z /dev/tpm[0-9]* 0660 tss root
+z /dev/tpmrm[0-9]* 0660 tss tss
+d /var/lib/tpm 0755 tss tss
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm-udev/+bug/2142534/+subscriptions
More information about the foundations-bugs
mailing list