- Use tmpfiles to change file ownership for image mode

Related: RHEL-77146
2025-02-05 08:59:34 +01:00 · 2025-02-05 08:59:34 +01:00 · 0326a7fd21
commit 0326a7fd21
parent f542873317
3 changed files with 12 additions and 18 deletions
--- a/opencryptoki-3.24.0-image-mode.patch
+++ b/opencryptoki-3.24.0-image-mode.patch
@ -1,11 +0,0 @@
-diff -up opencryptoki-3.24.0/misc/pkcsslotd.service.in.me opencryptoki-3.24.0/misc/pkcsslotd.service.in
--- opencryptoki-3.24.0/misc/pkcsslotd.service.in.me	2025-02-02 16:38:29.381579155 +0100
-+++ opencryptoki-3.24.0/misc/pkcsslotd.service.in	2025-02-02 17:06:30.048042047 +0100
-@@ -9,6 +9,7 @@ Type=forking
- PIDFile=/run/opencryptoki/pkcsslotd.pid
- ExecStart=@sbindir@/pkcsslotd
- 
-+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h root:pkcs11 /etc/opencryptoki/{strength.conf,p11sak_defined_attrs.conf}"
- # Uncomment the following line to allow pkcsslotd to increase the receive buffer
- # size of the UDEV monitor's netlink socket via udev_monitor_set_receive_buffer_size():
- # AmbientCapabilities=CAP_NET_ADMIN 
--- a/opencryptoki-3.24.0-tmpfiles-image-mode.patch
+++ b/opencryptoki-3.24.0-tmpfiles-image-mode.patch
@ -1,10 +1,12 @@
 diff -up opencryptoki-3.24.0/misc/tmpfiles.conf.in.me opencryptoki-3.24.0/misc/tmpfiles.conf.in
--- opencryptoki-3.24.0/misc/tmpfiles.conf.in.me	2025-02-03 13:46:33.012573050 +0100
-+++ opencryptoki-3.24.0/misc/tmpfiles.conf.in	2025-02-03 13:55:59.344093340 +0100
-@@ -1,5 +1,6 @@
+--- opencryptoki-3.24.0/misc/tmpfiles.conf.in.me	2025-02-04 16:59:16.072468667 +0100
+++ opencryptoki-3.24.0/misc/tmpfiles.conf.in	2025-02-04 17:02:06.151451176 +0100
+@@ -1,5 +1,8 @@
 # path          mode    uid     gid     age
 D /run/opencryptoki 710 @pkcsslotd_user@ @pkcs_group@ -
 d @localstatedir@/lib/opencryptoki 0770 root @pkcs_group@ -
 +D @localstatedir@/lib/opencryptoki/HSM_MK_CHANGE 770 root @pkcs_group@ -
+z /etc/opencryptoki/p11sak_defined_attrs.conf 0640 root pkcs11 -
+z /etc/opencryptoki/strength.conf 0640 root pkcs11 -
 d @logdir@      0770    root    @pkcs_group@  -
 D @lockdir@     0770    root    @pkcs_group@  -
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@ -1,7 +1,7 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.24.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: CPL-1.0
 URL: https://github.com/opencryptoki/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -18,9 +18,8 @@ Source8: opencryptoki-icsftok.conf
 # fix install problem in buildroot
 Patch1: opencryptoki-3.24.0-p11sak.patch

-# change file ownership for image mode
-Patch2: opencryptoki-3.24.0-image-mode.patch
-Patch3: opencryptoki-3.24.0-tmpfiles-image-mode.patch
+# use tmpfiles to change file ownership for image mode
+Patch2: opencryptoki-3.24.0-tmpfiles-image-mode.patch

 # upstream patches
 Patch100: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch
@ -397,6 +396,10 @@ fi


 %changelog
+* Tue Feb 04 2025 Than Ngo <than@redhat.com> - 3.24.0-6
+- Use tmpfiles to change file ownership for image mode
+  Related: RHEL-77146
+
 * Sun Feb 02 2025 Than Ngo <than@redhat.com> - 3.24.0-5
 - Use systemd-sysusers
 - Modifie the unit file to change file ownership