app-crypt/clevis: Apply Flatcar modifications

sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild

@@ -3,7 +3,8 @@
 
 EAPI=8
 
-inherit meson
+# Flatcar: inherit from systemd because we need to use systemd_enable_service below
+inherit meson systemd
 
 DESCRIPTION="Automated Encryption Framework"
 HOMEPAGE="https://github.com/latchset/clevis"
@@ -14,9 +15,22 @@ SLOT="0"
 KEYWORDS="~amd64"
 IUSE="+luks +tpm"
 
+# Flatcar: add dependency for Dracut module
 DEPEND="
 	dev-libs/jose
 	sys-fs/cryptsetup
+	sys-kernel/dracut
+	luks? (
+		app-misc/jq
+		dev-libs/libpwquality
+		dev-libs/luksmeta
+	)
+	tpm? ( app-crypt/tpm2-tools )
+"
+# Flatcar: The Clevis meson build will not build certain features if certain executables are not found at build time, such as `tpm2_createprimary`.
+# The meson function `find_program` that checks for the existence of the executables does not seem to search paths under ${ROOT}, but rather 
+# under `/`. A fix to make meson find all binaries and include all desired features is to install such runtime dependencies into the SDK.
+BDEPEND="
 	luks? (
 		app-misc/jq
 		dev-libs/libpwquality
@@ -32,4 +46,22 @@ PATCHES=(
 	"${FILESDIR}/clevis-dracut.patch"
 	# Fix for systemd on Gentoo
 	"${FILESDIR}/clevis-meson.patch"
+	# Flatcar: 
+	# * install `clevis-pin-tang` dracut module in the absence of dracut `network` 
+	#   module; Flatcar uses a custom network module
+	# * skip copying `/etc/services` into initramfs when installing `clevis` dracut 
+	# 	module, which would fail
+	"${FILESDIR}/clevis-dracut-flatcar.patch"
 )
+
+post_src_install() {
+	# Flatcar: the meson build for app-crypt/clevis installs some files to ${D}${ROOT}. After that, Portage
+	# copies from ${D} to ${ROOT}, leading to files ending up in, e.g., /build/amd64-usr/build/amd64-usr/.
+	# As a workaround, we move everything from ${D}${ROOT} to ${D} after the src_install phase.
+ 	rsync -av ${D}${ROOT}/ ${D}
+ 	rm -rfv ${D}${ROOT}
+
+	# Flatcar: enable the systemd unit that triggers Clevis's automatic response to LUKS
+	# disk decryption password prompts.
+ 	systemd_enable_service cryptsetup.target clevis-luks-askpass.path
+}

sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut-flatcar.patch

@@ -0,0 +1,25 @@
+diff --git a/src/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in
+index 929b878..c48e282 100755
+--- a/src/dracut/clevis-pin-tang/module-setup.sh.in
++++ b/src/dracut/clevis-pin-tang/module-setup.sh.in
+@@ -19,7 +19,7 @@
+ #
+ 
+ depends() {
+-    echo clevis network
++    echo clevis
+     return 0
+ }
+ 
+diff --git a/src/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in
+index dbce790..c9581db 100755
+--- a/src/dracut/clevis/module-setup.sh.in
++++ b/src/dracut/clevis/module-setup.sh.in
+@@ -48,7 +48,6 @@ install() {
+     fi
+ 
+     inst_multiple \
+-        /etc/services \
+         clevis-luks-common-functions \
+         grep sed cut \
+         clevis-decrypt \

sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml

@@ -2,8 +2,8 @@
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
-		<email>julien@jroy.ca</email>
-		<name>Julien Roy</name>
+		<email>kjain7@u.rochester.edu</email>
+		<name>Krish Jain (based off Julien Roy's work) </name>
 	</maintainer>
 	<upstream>
 		<remote-id type="github">latchset/clevis</remote-id>