From 18a84f13b2749921b62eb45ee3320038fc873f76 Mon Sep 17 00:00:00 2001
From: Sergio Arroutbi <sarroutb@redhat.com>
Date: Fri, 11 Oct 2024 13:10:46 +0200
Subject: [PATCH] Split PKCS#11 files into clevis-pin-pkcs11 package

Resolves: #RHEL-62072

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
---
 clevis.spec | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/clevis.spec b/clevis.spec
index 58fbca9..3ba6515 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -48,8 +48,6 @@ Requires:       jq
 Requires(pre):  shadow-utils
 Requires(post): systemd
 Requires:       clevis-pin-tpm2
-Requires:       pcsc-lite
-Requires:       opensc
 
 %description
 Clevis is a framework for automated decryption. It allows you to encrypt
@@ -109,6 +107,17 @@ Requires:       %{name}-luks%{?_isa} = %{version}-%{release}
 Automatically unlocks LUKS block devices in desktop environments that
 use UDisks2 or storaged (like GNOME).
 
+%package pin-pkcs11
+Summary:        PKCS#11 for clevis
+Requires:       %{name}-systemd%{?_isa} = %{version}-%{release}
+Requires:       %{name}-luks%{?_isa} = %{version}-%{release}
+Requires:       %{name}-dracut%{?_isa} = %{version}-%{release}
+Requires:       pcsc-lite
+Requires:       opensc
+
+%description pin-pkcs11
+Automatically unlocks LUKS block devices through a PKCS#11 device.
+
 %prep
 %autosetup -S git
 
@@ -140,20 +149,15 @@ exit 0
 %{_bindir}/%{name}-decrypt-tpm2
 %{_bindir}/%{name}-decrypt-sss
 %{_bindir}/%{name}-decrypt-null
-%{_bindir}/%{name}-decrypt-pkcs11
 %{_bindir}/%{name}-decrypt
 %{_bindir}/%{name}-encrypt-tang
 %{_bindir}/%{name}-encrypt-tpm2
 %{_bindir}/%{name}-encrypt-sss
 %{_bindir}/%{name}-encrypt-null
-%{_bindir}/%{name}-encrypt-pkcs11
-%{_bindir}/%{name}-pkcs11-afunix-socket-unlock
-%{_bindir}/%{name}-pkcs11-common
 %{_bindir}/%{name}
 %{_mandir}/man1/%{name}-encrypt-tang.1*
 %{_mandir}/man1/%{name}-encrypt-tpm2.1*
 %{_mandir}/man1/%{name}-encrypt-sss.1*
-%{_mandir}/man1/%{name}-encrypt-pkcs11.1*
 %{_mandir}/man1/%{name}-decrypt.1*
 %{_mandir}/man1/%{name}.1*
 %{_sysusersdir}/clevis.conf
@@ -181,12 +185,8 @@ exit 0
 %files systemd
 %{_libexecdir}/%{name}-luks-askpass
 %{_libexecdir}/%{name}-luks-unlocker
-%{_libexecdir}/%{name}-luks-pkcs11-askpass
-%{_libexecdir}/%{name}-luks-pkcs11-askpin
 %{_unitdir}/%{name}-luks-askpass.path
 %{_unitdir}/%{name}-luks-askpass.service
-%{_unitdir}/%{name}-luks-pkcs11-askpass.service
-%{_unitdir}/%{name}-luks-pkcs11-askpass.socket
 
 %files dracut
 %{_prefix}/lib/dracut/modules.d/60%{name}
@@ -194,6 +194,17 @@ exit 0
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-sss/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-tang/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-tpm2/module-setup.sh
+
+%files pin-pkcs11
+%{_libexecdir}/%{name}-luks-pkcs11-askpass
+%{_libexecdir}/%{name}-luks-pkcs11-askpin
+%{_bindir}/%{name}-decrypt-pkcs11
+%{_bindir}/%{name}-encrypt-pkcs11
+%{_bindir}/%{name}-pkcs11-afunix-socket-unlock
+%{_bindir}/%{name}-pkcs11-common
+%{_unitdir}/%{name}-luks-pkcs11-askpass.service
+%{_unitdir}/%{name}-luks-pkcs11-askpass.socket
+%{_mandir}/man1/%{name}-encrypt-pkcs11.1*
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/%{name}-pkcs11-prehook.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/%{name}-pkcs11-hook.sh