Having any 'sedutil-cli' makes normal "rear mkrescue" fail

[jsmeix]

On openSUSE Leap 15.5 I installed the sedutil RPM which provides /usr/sbin/sedutil-cli

Having this program makes normal "rear mkrescue" with

OUTPUT=ISO
BACKUP=NETFS

fail:

# usr/sbin/rear -D mkrescue
...
ERROR: '/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.

From the debug log:

+ source /root/rear.github.master/usr/share/rear/prep/default/380_include_opal_tools.sh
++ has_binary sedutil-cli
++ for bin in "$@"
++ type sedutil-cli
++ return 0
++ PROGS+=(sedutil-cli lsblk)
++ KERNEL_CMDLINE+=' libata.allow_tpm=1'
++ COPY_AS_IS_EXCLUDE+=(/lib/udev/rules.d/*-snap*.rules)
++ [[ mkrescue == \m\k\r\e\s\c\u\e ]]
+++ opal_local_pba_image_file
+++ local image_file_path=
+++ [[ -z '' ]]
+++ [[ -n file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA ]]
++++ url_scheme file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local url=file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local scheme=file
++++ echo file
++++ grep -q :
++++ echo file
+++ local image_base_scheme=file
++++ url_path file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local url=file:///root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ local url_without_scheme=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA
++++ echo /root/rear.github.master/var/lib/rear/TCG-Opal-PBA
+++ local image_base=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA
+++ [[ file == \f\i\l\e ]]
+++ image_file_path=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw
+++ [[ -n /root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw ]]
+++ opal_check_pba_image /root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw
+++ local pba_image_file=/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw
+++ [[ -f /root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw ]]
+++ Error ''\''/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw'\'' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.'
+++ test -s /root/rear.github.master/var/log/rear/rear-localhost.log
+++ PrintError 'ERROR: '\''/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw'\'' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.'

The reason is that the OpalPBA code in ReaR gets activated by the existence of any program called 'sedutil-cli':

# mv /usr/sbin/sedutil-cli /usr/sbin/sedutil-cli.away

# ls -l /usr/bin/false /usr/sbin/sedutil-cli

# usr/sbin/rear -D mkrescue
...
ERROR: '/root/rear.github.master/var/lib/rear/TCG-Opal-PBA/localhost/TCG-Opal-PBA-localhost.raw' is not a regular file, thus cannot be used as TCG Opal 2 PBA image.

see usr/share/rear/prep/default/380_include_opal_tools.sh Sigh :-(

Workaround to run ReaR normally:

# mv /usr/sbin/sedutil-cli /usr/sbin/sedutil-cli.away

[jsmeix]

As it seems in practice no ReaR user was hit by it (because noone reported it up to now here) I think we can safely fix this issue later as time permits after the ReaR 3.0 release.

[jsmeix]

See starting at https://github.com/rear/rear/issues/3194#issuecomment-2175841475 about what we think what the intended use case of the OpalPBA code in ReaR likely is.

Nevertheless plain installing 'sedutil' on a system without a TCG Opal 2-compliant Self-Encrypting Disk should not make a normal "rear mkrescue" fail so the current OpalPBA code in ReaR needs some cleanup and enhancement.

[schlomo]

@jsmeix good catch and I totally agree with you that just having the sedutil-cli shouldn't have any impact on ReaR. I'd also say that the error message is more than just confusing, it seems rather misleading.