Fix clevis v21 tang functionality at boot time
Resolves: #RHEL-61661 Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
This commit is contained in:
parent
9ceb9926a0
commit
8a9b4eb00d
110
0003-Fix-to-start-pcscd-appropriately.patch
Normal file
110
0003-Fix-to-start-pcscd-appropriately.patch
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
From c987b0a95d9ebcb310cc3b95609172a8fe31e81e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sergio Arroutbi <sarroutb@redhat.com>
|
||||||
|
Date: Wed, 9 Oct 2024 12:15:18 +0200
|
||||||
|
Subject: [PATCH] Fix to start pcscd appropriately
|
||||||
|
|
||||||
|
diff --git a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
|
||||||
|
index 01a3062..9922bbc 100755
|
||||||
|
--- a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
|
||||||
|
+++ b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
|
||||||
|
@@ -16,9 +16,11 @@
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
+. /usr/bin/clevis-pkcs11-common
|
||||||
|
+
|
||||||
|
if [ ! -f /run/systemd/clevis-pkcs11.run ] && [ -d /run/systemd ];
|
||||||
|
then
|
||||||
|
- pcscd --disable-polkit
|
||||||
|
- echo "" > /run/systemd/clevis-pkcs11.run
|
||||||
|
- /usr/libexec/clevis-luks-pkcs11-askpin -d -r
|
||||||
|
+ clevis_start_pcscd_server
|
||||||
|
+ echo "" > /run/systemd/clevis-pkcs11.run
|
||||||
|
+ /usr/libexec/clevis-luks-pkcs11-askpin -d -r
|
||||||
|
fi
|
||||||
|
diff --git a/src/luks/systemd/clevis-luks-pkcs11-askpin.in b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
|
||||||
|
index b860efa..468ca3c 100755
|
||||||
|
--- a/src/luks/systemd/clevis-luks-pkcs11-askpin.in
|
||||||
|
+++ b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
|
||||||
|
@@ -52,22 +52,7 @@ get_pkcs11_error() {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
-
|
||||||
|
-if command -v pcscd; then
|
||||||
|
- echo "clevis-pkcs11: starting pcscd if not available ..."
|
||||||
|
- PCSCD_PID=$(ps auxf | grep "[p]cscd")
|
||||||
|
- echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
|
||||||
|
- if ! ps auxf | grep "[p]cscd";
|
||||||
|
- then
|
||||||
|
- if pcscd pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
|
||||||
|
- echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
|
||||||
|
- pcscd --disable-polkit
|
||||||
|
- else
|
||||||
|
- echo "clevis-pkcs11: starting pcscd ..."
|
||||||
|
- pcscd
|
||||||
|
- fi
|
||||||
|
- fi
|
||||||
|
-fi
|
||||||
|
+clevis_start_pcscd_server
|
||||||
|
|
||||||
|
if [ "${dracut_mode}" != true ]; then
|
||||||
|
pkcs11-tool -L
|
||||||
|
diff --git a/src/pins/pkcs11/clevis-pkcs11-common b/src/pins/pkcs11/clevis-pkcs11-common
|
||||||
|
index 571a2be..c7f2a58 100755
|
||||||
|
--- a/src/pins/pkcs11/clevis-pkcs11-common
|
||||||
|
+++ b/src/pins/pkcs11/clevis-pkcs11-common
|
||||||
|
@@ -77,6 +77,24 @@ clevis_detect_pkcs11_device() {
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
+clevis_start_pcscd_server() {
|
||||||
|
+ if command -v pcscd; then
|
||||||
|
+ echo "clevis-pkcs11: starting pcscd if not available ..."
|
||||||
|
+ PCSCD_PID=$(ps auxf | grep "[p]cscd")
|
||||||
|
+ echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
|
||||||
|
+ if ! ps auxf | grep "[p]cscd";
|
||||||
|
+ then
|
||||||
|
+ if pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
|
||||||
|
+ echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
|
||||||
|
+ pcscd --disable-polkit
|
||||||
|
+ else
|
||||||
|
+ echo "clevis-pkcs11: starting pcscd ..."
|
||||||
|
+ pcscd
|
||||||
|
+ fi
|
||||||
|
+ fi
|
||||||
|
+ fi
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
clevis_parse_devices_array() {
|
||||||
|
INPUT_ARRAY=$(pkcs11-tool -L | grep Slot)
|
||||||
|
counter=0
|
||||||
|
diff --git a/src/pins/pkcs11/tests/pin-pkcs11 b/src/pins/pkcs11/tests/pin-pkcs11
|
||||||
|
index 94e1548..c876ca4 100755
|
||||||
|
--- a/src/pins/pkcs11/tests/pin-pkcs11
|
||||||
|
+++ b/src/pins/pkcs11/tests/pin-pkcs11
|
||||||
|
@@ -20,6 +20,7 @@
|
||||||
|
. pkcs11-common-tests
|
||||||
|
. tests-common-functions
|
||||||
|
. clevis-luks-common-functions
|
||||||
|
+. clevis-pkcs11-common
|
||||||
|
|
||||||
|
on_exit() {
|
||||||
|
exit_status=$?
|
||||||
|
@@ -150,5 +151,16 @@ then
|
||||||
|
(${WRONGCFG})"
|
||||||
|
fi
|
||||||
|
|
||||||
|
+if command -v ps && command -v killall; then
|
||||||
|
+ if ! clevis_start_pcscd_server;
|
||||||
|
+ then
|
||||||
|
+ error "${TEST}: Could not start pcscd server"
|
||||||
|
+ fi
|
||||||
|
+ if ! killall -9 pcscd;
|
||||||
|
+ then
|
||||||
|
+ error "${TEST}: Could not kill pcscd server"
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
softhsm_lib_cleanup
|
||||||
|
test "$?" == 0
|
@ -205,5 +205,4 @@ exit 0
|
|||||||
%post systemd
|
%post systemd
|
||||||
systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
|
systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
|
||||||
%autochangelog
|
%autochangelog
|
||||||
|
Loading…
Reference in New Issue
Block a user