diff --git a/clevis.spec b/clevis.spec index cc2dc48..e761cb4 100644 --- a/clevis.spec +++ b/clevis.spec @@ -6,6 +6,7 @@ Summary: Automated decryption framework License: GPLv3+ URL: https://github.com/latchset/%{name} Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz +Source1: clevis.sysusers Patch0: clevis-tpm2-tools-5.patch BuildRequires: git-core @@ -25,6 +26,7 @@ BuildRequires: tpm2-tools >= 4.0.0 BuildRequires: desktop-file-utils BuildRequires: pkgconfig BuildRequires: systemd +BuildRequires: systemd-rpm-macros BuildRequires: dracut BuildRequires: tang >= 6 BuildRequires: curl @@ -111,6 +113,7 @@ use UDisks2 or storaged (like GNOME). %install %meson_install +install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/clevis.conf %check desktop-file-validate \ @@ -118,10 +121,7 @@ desktop-file-validate \ %meson_test %pre -getent group %{name} >/dev/null || groupadd -r %{name} &>/dev/null -getent passwd %{name} >/dev/null || \ - useradd -r -g %{name} -d %{_localstatedir}/cache/%{name} -s /sbin/nologin \ - -c "Clevis Decryption Framework unprivileged user" %{name} &>/dev/null +%sysusers_create_compat %{SOURCE1} # Add clevis user to tss group. if getent group tss >/dev/null && ! groups %{name} | grep -q "\btss\b"; then usermod -a -G tss %{name} &>/dev/null @@ -155,6 +155,7 @@ exit 0 %{_mandir}/man1/%{name}-encrypt-sss.1* %{_mandir}/man1/%{name}-decrypt.1* %{_mandir}/man1/%{name}.1* +%{_sysusersdir}/clevis.conf %files luks %{_mandir}/man7/%{name}-luks-unlockers.7* diff --git a/clevis.sysusers b/clevis.sysusers new file mode 100644 index 0000000..492bdeb --- /dev/null +++ b/clevis.sysusers @@ -0,0 +1 @@ +u clevis - "Clevis Decryption Framework unprivileged user" /var/cache/clevis /usr/sbin/nologin