Silence swtpm SHA1 signature deprecation warning

diff --git a/mkosi/config.py b/mkosi/config.py
index a9fcd612f242033c2014cc70090ee487f330f248..cf4fd1613828df89bf7f80f88e916ad78c0db5e5 100644 (file)
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -6040,6 +6040,21 @@ def want_selinux_relabel(
     return setfiles, policy, fc, binpolicy
 
 
+def swtpm_setup_version(sandbox: SandboxProtocol = nosandbox) -> GenericVersion:
+    version = GenericVersion(
+        run(
+            ["swtpm_setup", "--version"],
+            stdout=subprocess.PIPE,
+            sandbox=sandbox(),
+            success_exit_status=(0, 1),
+        ).stdout.split()[-1]
+    )
+
+    logging.debug(f"Version reported by swtpm_setup is {version}")
+
+    return version
+
+
 def systemd_tool_version(*tool: PathString, sandbox: SandboxProtocol = nosandbox) -> GenericVersion:
     version = GenericVersion(
         run(

diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index 7f3877bdb93529ddd48d7403a924dff746ecb3dc..1bcaf60122ab42d986d8296cec197e0dc484fa50 100644 (file)
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -43,6 +43,7 @@ from mkosi.config import (
     VsockCID,
     finalize_term,
     format_bytes,
+    swtpm_setup_version,
     systemd_pty_forward,
     systemd_tool_version,
     want_selinux_relabel,
@@ -271,6 +272,11 @@ def start_swtpm(config: Config) -> Iterator[Path]:
                 "--pcr-banks",
                 "sha256",
                 "--config", "/dev/null",
+                *(
+                    ["--profile-name=custom", "--profile-remove-disabled=check"]
+                    if swtpm_setup_version() >= "0.10.0" 
+                    else []
+                 ),
             ],
             sandbox=config.sandbox(options=["--bind", state, workdir(Path(state))]),
             stdout=None if ARG_DEBUG.get() else subprocess.DEVNULL,