diff --git a/opencryptoki-3.24.0-image-mode.patch b/opencryptoki-3.24.0-image-mode.patch deleted file mode 100644 index 4308399..0000000 --- a/opencryptoki-3.24.0-image-mode.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up opencryptoki-3.24.0/misc/pkcsslotd.service.in.me opencryptoki-3.24.0/misc/pkcsslotd.service.in ---- opencryptoki-3.24.0/misc/pkcsslotd.service.in.me 2025-02-02 16:38:29.381579155 +0100 -+++ opencryptoki-3.24.0/misc/pkcsslotd.service.in 2025-02-02 17:06:30.048042047 +0100 -@@ -9,6 +9,7 @@ Type=forking - PIDFile=/run/opencryptoki/pkcsslotd.pid - ExecStart=@sbindir@/pkcsslotd - -+ExecStartPre=+-/bin/sh -c "/bin/chown -f -h root:pkcs11 /etc/opencryptoki/{strength.conf,p11sak_defined_attrs.conf}" - # Uncomment the following line to allow pkcsslotd to increase the receive buffer - # size of the UDEV monitor's netlink socket via udev_monitor_set_receive_buffer_size(): - # AmbientCapabilities=CAP_NET_ADMIN diff --git a/opencryptoki-3.24.0-tmpfiles-image-mode.patch b/opencryptoki-3.24.0-tmpfiles-image-mode.patch index d824b93..11b3a26 100644 --- a/opencryptoki-3.24.0-tmpfiles-image-mode.patch +++ b/opencryptoki-3.24.0-tmpfiles-image-mode.patch @@ -1,10 +1,12 @@ diff -up opencryptoki-3.24.0/misc/tmpfiles.conf.in.me opencryptoki-3.24.0/misc/tmpfiles.conf.in ---- opencryptoki-3.24.0/misc/tmpfiles.conf.in.me 2025-02-03 13:46:33.012573050 +0100 -+++ opencryptoki-3.24.0/misc/tmpfiles.conf.in 2025-02-03 13:55:59.344093340 +0100 -@@ -1,5 +1,6 @@ +--- opencryptoki-3.24.0/misc/tmpfiles.conf.in.me 2025-02-04 16:59:16.072468667 +0100 ++++ opencryptoki-3.24.0/misc/tmpfiles.conf.in 2025-02-04 17:02:06.151451176 +0100 +@@ -1,5 +1,8 @@ # path mode uid gid age D /run/opencryptoki 710 @pkcsslotd_user@ @pkcs_group@ - d @localstatedir@/lib/opencryptoki 0770 root @pkcs_group@ - +D @localstatedir@/lib/opencryptoki/HSM_MK_CHANGE 770 root @pkcs_group@ - ++z /etc/opencryptoki/p11sak_defined_attrs.conf 0640 root pkcs11 - ++z /etc/opencryptoki/strength.conf 0640 root pkcs11 - d @logdir@ 0770 root @pkcs_group@ - D @lockdir@ 0770 root @pkcs_group@ - diff --git a/opencryptoki.spec b/opencryptoki.spec index 7679f8b..8c29194 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,7 +1,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Version: 3.24.0 -Release: 5%{?dist} +Release: 6%{?dist} License: CPL-1.0 URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -18,9 +18,8 @@ Source8: opencryptoki-icsftok.conf # fix install problem in buildroot Patch1: opencryptoki-3.24.0-p11sak.patch -# change file ownership for image mode -Patch2: opencryptoki-3.24.0-image-mode.patch -Patch3: opencryptoki-3.24.0-tmpfiles-image-mode.patch +# use tmpfiles to change file ownership for image mode +Patch2: opencryptoki-3.24.0-tmpfiles-image-mode.patch # upstream patches Patch100: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch @@ -397,6 +396,10 @@ fi %changelog +* Tue Feb 04 2025 Than Ngo - 3.24.0-6 +- Use tmpfiles to change file ownership for image mode + Related: RHEL-77146 + * Sun Feb 02 2025 Than Ngo - 3.24.0-5 - Use systemd-sysusers - Modifie the unit file to change file ownership