From: Laurence Kiln <246209442+LaurenceKiln@users.noreply.github.com>
Date: Thu, 27 Nov 2025 12:25:57 +0000 (+0200)
Subject: Silence swtpm SHA1 signature deprecation warning
X-Git-Tag: v26~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=21675c4822b53db357108d1456006231cd889f60;p=thirdparty%2Fmkosi.git

Silence swtpm SHA1 signature deprecation warning
---

diff --git a/mkosi/config.py b/mkosi/config.py
index a9fcd612f..cf4fd1613 100644
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -6040,6 +6040,21 @@ def want_selinux_relabel(
     return setfiles, policy, fc, binpolicy
 
 
+def swtpm_setup_version(sandbox: SandboxProtocol = nosandbox) -> GenericVersion:
+    version = GenericVersion(
+        run(
+            ["swtpm_setup", "--version"],
+            stdout=subprocess.PIPE,
+            sandbox=sandbox(),
+            success_exit_status=(0, 1),
+        ).stdout.split()[-1]
+    )
+
+    logging.debug(f"Version reported by swtpm_setup is {version}")
+
+    return version
+
+
 def systemd_tool_version(*tool: PathString, sandbox: SandboxProtocol = nosandbox) -> GenericVersion:
     version = GenericVersion(
         run(
diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index 7f3877bdb..1bcaf6012 100644
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -43,6 +43,7 @@ from mkosi.config import (
     VsockCID,
     finalize_term,
     format_bytes,
+    swtpm_setup_version,
     systemd_pty_forward,
     systemd_tool_version,
     want_selinux_relabel,
@@ -271,6 +272,11 @@ def start_swtpm(config: Config) -> Iterator[Path]:
                 "--pcr-banks",
                 "sha256",
                 "--config", "/dev/null",
+                *(
+                    ["--profile-name=custom", "--profile-remove-disabled=check"]
+                    if swtpm_setup_version() >= "0.10.0" 
+                    else []
+                 ),
             ],
             sandbox=config.sandbox(options=["--bind", state, workdir(Path(state))]),
             stdout=None if ARG_DEBUG.get() else subprocess.DEVNULL,