This breaks restarts: https://bugzilla.redhat.com/show_bug.cgi?id=2325556

This breaks restarts: https://bugzilla.redhat.com/show_bug.cgi?id=2325556

The Cockpit tests found a regression with this update: Unlocking an encrypted root partition with clevis does not work any more. With 20-2, boot looked like this:

[  OK  ] Found device dev-disk-by\x2duuid-6…34326d22e.device - QEMU_HARDDISK 2.
         Starting systemd-cryptsetup@luks\x…e492-182e-480e-8b2e-36634326d22e...
Please enter passphrase for disk QEMU_HARDDISK (luks-6233e492-182e-480e-8b2e-36634326d22e): (press TAB for no echo) 

it sat there for a bit (30 to 60s? I didn't measure it), then clevis kicks in, gets the key from the tang server, and boot continues. With 21-1, it gets to that point, but then gets stuck in a loop of

Detected no PKCS#11 device, retry PKCS#11 detection? [yY/nN] 
[  244.314441] dracut-initqueue[2805]: No slots.

I can interactively press 'N' and then booting continues. But this interactive question ruins unattended boot, which is the very point of clevis.

cockpit-machine's nightly run against updates-testing https://github.com/cockpit-project/cockpit-machines/issues/1739 picked up this update and causes a regression with migration. Apparently libvirt cannot run ssh any more:

audit: SELINUX_ERR op=security_compute_sid invalid_context="system_u:system_r:ssh_t:s0" scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=process virtqemud[1036]: Cannot recv data: libvirt: error : cannot execute binary ssh: Permission denied: Connection reset by peer

Is there any way to retract this update quickly? This breaks so much, it's rather unbearable..

By the timing and symptoms, I'm also quite sure this is what breaks the stratis tests (like https://github.com/stratis-storage/stratisd/pull/3642 and a handful of others):

+ systemctl start firewalld
+ firewall-cmd --add-service=cockpit --permanent
Error: [Errno 13] Permission denied: '/etc/firewalld/zones/public.xml'