The officially official Devuan Forum!

You are not logged in.

#1 2022-09-05 17:53:03

rbit
Member
Registered: 2018-06-12
Posts: 22  

[SOLVED] Couple questions regarding Chimaera

This weekend I dist-upgraded from Beowulf to Chimaera.
The upgrade itself went well, with one package problem I am stuck at (I've uninstalled for now)
The package that fails is: "tpm2-abrmd" :

Setting up tpm2-abrmd (2.3.3-1+b2) ...
Starting TPM2 Access Broker and Resource Management Daemon: tpm2-abrmd
** (process:6742): WARNING **: 13:44:06.774: tcti_conf before: "device:/dev/tpm0"

** (tpm2-abrmd:6742): WARNING **: 13:44:06.774: tcti_conf after: "device:/dev/tpm0"
Refusing to run as root. Pass --allow-root if you know what you are doing.
 failed!
invoke-rc.d: initscript tpm2-abrmd, action "start" failed.
dpkg: error processing package tpm2-abrmd (--configure):
 installed tpm2-abrmd package post-installation script subprocess returned error exit status 1

I'm not going to "--allow-root", since I obviously don't know what I'm doing here.  I've uninstalled the package (not sure what it is, or why I had it to begin with).  Is this anything important?  I could note, this is on my desktop computer, not an internet server, if that makes any difference.

The second question has to do with ping. 

$ ping -c 1 127.0.0.1
ping: socket: Address family not supported by protocol
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.025 ms

Any fix for this warning?  I keep getting the warning (Address family not supported by protocol), but the ping itself does succeed.  Passing the "-4" switch will take the warning away; I might just make an alias to do that if there's not another workaround.  Possibly related: https://github.com/iputils/iputils/issues/293.

Offline

#2 2022-09-05 18:31:20

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,528  

Re: [SOLVED] Couple questions regarding Chimaera

For tpm2-abrmd the daemon is supposed to run as the tss user (/dev/tpm0 should be owned by that user). The systemd unit file has User=tss but the sysvinit file doesn't specify a user.

So edit /etc/init.d/tpm2-abrmd and change line 17 to

	start_daemon -p $PIDFILE -u tss /usr/sbin/tpm2-abrmd

Then run

# service tpm2-abrmd restart

I'm not 100% sure it will work because the man page says that -u is a matching option. Worth a go though.

For ping the chimaera iputils-ping package just missed the fix described in your linked bug report. If you're using that switch to the inetutils-ping package instead.

You should probably file bug reports against both these packages using the reportbug package. The Debian wiki has a page about it. Be sure to check there are no extant reports about the same problem.

Offline

#3 2022-09-06 01:31:02

rbit
Member
Registered: 2018-06-12
Posts: 22  

Re: [SOLVED] Couple questions regarding Chimaera

Installing inetutils-ping (which removed iputils-ping) did remove that warning, so that part is solved.  Thanks :-)

The change with tpm2-abrmd (adding the '-u tss' to line 17 of /etc/init.d/tpm2-abrmd) didn't help.

# service tpm2-abrmd start
Starting TPM2 Access Broker and Resource Management Daemon: tpm2-abrmdIllegal option -u
/sbin/start-stop-daemon: unable to stat //tss (No such file or directory)
 failed!

I *do* have a user "tss" listed in /etc/passwd.  I guess I'm wondering, do I need this service?
After a little bit of internet searching, I think I may not even have tpm enabled on my motherboard.  Maybe that's part of the problem.  I'll reboot and check the ol' bios.

OK, under the "Trusted Computing" section of bios setup, my motherboard informed me that no device was found.  Guess it's not built-in and I never added it.  So I'll remove the tpm2-abrmd package, not sure why it got pulled in.  Sorry for the noise

Last edited by rbit (2022-09-06 01:44:24)

Offline

#4 2022-09-06 06:11:39

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,528  

Re: [SOLVED] Couple questions regarding Chimaera

If /dev/tpm0 exists then the kernel has found the TPM2 chip and provided a driver for it.

Looks like start-stop-daemon only provides an option to start under a specific group rather than a particular user, which is a shame.

You could try replacing the line with something like

	su tss -c '/usr/sbin/tpm2-abrmd'

But it's horrible as a hack because it breaks the PID file.

The tpm2-abrmd package is actually fantastically useful for systems with full disk encryption so this really should be fixed for Devuan.

Offline

Board footer