Fix to start pcscd appropriately

Resolves: #RHEL-61612 Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-10-07 15:53:56 +02:00 · 2024-10-07 15:53:56 +02:00 · dd85198f3d
commit dd85198f3d
parent d53150789f
2 changed files with 112 additions and 1 deletions
--- a/0003-Fix-to-start-pcscd-appropriately.patch
+++ b/0003-Fix-to-start-pcscd-appropriately.patch
@ -0,0 +1,106 @@
 diff --git a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
 index 01a3062..9922bbc 100755
 --- a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
 +++ b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
@@ -16,9 +16,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 +. /usr/bin/clevis-pkcs11-common
 +
 if [ ! -f /run/systemd/clevis-pkcs11.run ] && [ -d /run/systemd ];
 then
 -  pcscd --disable-polkit
 -  echo "" > /run/systemd/clevis-pkcs11.run
 -  /usr/libexec/clevis-luks-pkcs11-askpin -d -r
 +    clevis_start_pcscd_server
 +    echo "" > /run/systemd/clevis-pkcs11.run
 +    /usr/libexec/clevis-luks-pkcs11-askpin -d -r
 fi
 diff --git a/src/luks/systemd/clevis-luks-pkcs11-askpin.in b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
 index b860efa..468ca3c 100755
 --- a/src/luks/systemd/clevis-luks-pkcs11-askpin.in
 +++ b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
@@ -52,22 +52,7 @@ get_pkcs11_error() {
     return 0
 }
 -
 -if command -v pcscd; then
 -    echo "clevis-pkcs11: starting pcscd if not available ..."
 -    PCSCD_PID=$(ps auxf | grep "[p]cscd")
 -    echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
 -    if ! ps auxf | grep "[p]cscd";
 -    then
 -        if pcscd pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
 -            echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
 -            pcscd --disable-polkit
 -        else
 -            echo "clevis-pkcs11: starting pcscd ..."
 -            pcscd
 -        fi
 -    fi
 -fi
 +clevis_start_pcscd_server
 if [ "${dracut_mode}" != true ]; then
     pkcs11-tool -L
 diff --git a/src/pins/pkcs11/clevis-pkcs11-common b/src/pins/pkcs11/clevis-pkcs11-common
 index 571a2be..b6328f5 100755
 --- a/src/pins/pkcs11/clevis-pkcs11-common
 +++ b/src/pins/pkcs11/clevis-pkcs11-common
@@ -27,6 +27,25 @@ serial_devices_array=""
 URI_EXPECTED_FORMAT="pkcs11:"
 DEFAULT_CRYPTTAB_FILE="/etc/crypttab"
 +
 +clevis_start_pcscd_server() {
 +    if command -v pcscd; then
 +        echo "clevis-pkcs11: starting pcscd if not available ..."
 +        PCSCD_PID=$(ps auxf | grep "[p]cscd")
 +        echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
 +        if ! ps auxf | grep "[p]cscd";
 +        then
 +            if pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
 +                echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
 +                pcscd --disable-polkit
 +            else
 +                echo "clevis-pkcs11: starting pcscd ..."
 +                pcscd
 +            fi
 +        fi
 +    fi
 +}
 +
 clevis_detect_pkcs11_device() {
     dracut_mode="${1:false}"
     retry_mode="${2:false}"
 diff --git a/src/pins/pkcs11/tests/pin-pkcs11 b/src/pins/pkcs11/tests/pin-pkcs11
 index 94e1548..c876ca4 100755
 --- a/src/pins/pkcs11/tests/pin-pkcs11
 +++ b/src/pins/pkcs11/tests/pin-pkcs11
@@ -20,6 +20,7 @@
 . pkcs11-common-tests
 . tests-common-functions
 . clevis-luks-common-functions
 +. clevis-pkcs11-common
 on_exit() {
     exit_status=$?
@@ -150,5 +151,16 @@ then
 (${WRONGCFG})"
 fi
 +if command -v ps && command -v killall; then
 +    if ! clevis_start_pcscd_server;
 +    then
 +        error "${TEST}: Could not start pcscd server"
 +    fi
 +    if ! killall -9 pcscd;
 +    then
 +        error "${TEST}: Could not kill pcscd server"
 +    fi
 +fi
 +
 softhsm_lib_cleanup
 test "$?" == 0
--- a/clevis.spec
+++ b/clevis.spec
@ -1,6 +1,6 @@
 Name:           clevis
 Version:        21
-Release:        202%{?dist}
+Release:        203%{?dist}
 Summary:        Automated decryption framework
 License:        GPLv3+
@ -10,6 +10,7 @@ Source1:        clevis.sysusers
 Patch0:         0001-PKCS-11-pin-fix-dracut-for-unconfigured-device.patch
 Patch1:         0002-Fix-potential-race-condition.patch
 Patch2:         0003-Fix-to-start-pcscd-appropriately.patch
 BuildRequires:  git-core
 BuildRequires:  gcc
@ -205,6 +206,10 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
 %changelog
 * Mon Oct 7 2024 Sergio Arroutbi <sarroutb@redhat.com> - 20-203
 - Fix to start pcscd appropriately
  Resolves: #RHEL-61612
 * Tue Oct 01 2024 Sergio Arroutbi <sarroutb@redhat.com> - 21-202
 - Fix dracut startup issue
  Resolves: #RHEL-61184