diff --git a/opencryptoki-3.24.0-sysusers-config.patch b/opencryptoki-3.24.0-sysusers-config.patch deleted file mode 100644 index 63b7317..0000000 --- a/opencryptoki-3.24.0-sysusers-config.patch +++ /dev/null @@ -1,7 +0,0 @@ -diff -Nur opencryptoki-3.24.0.me/opencryptoki.sysusers.conf opencryptoki-3.24.0/opencryptoki.sysusers.conf ---- opencryptoki-3.24.0.me/opencryptoki.sysusers.conf 1970-01-01 01:00:00.000000000 +0100 -+++ opencryptoki-3.24.0/opencryptoki.sysusers.conf 2025-03-12 15:56:16.270318728 +0100 -@@ -0,0 +1,3 @@ -+u pkcsslotd - "Opencryptoki pkcsslotd user" /run/opencryptoki /sbin/nologin -+g pkcs11 - - -+m pkcsslotd pkcs11 diff --git a/opencryptoki.spec b/opencryptoki.spec index ee70ba5..4c7fcc1 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,12 +1,12 @@ -%global use_sysusers 1 - Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Version: 3.24.0 -Release: 4%{?dist} +Release: 5%{?dist} License: CPL-1.0 URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +# sysusers.d config file to allow rpm to create users/groups automatically +Source1: opencryptoki.sysusers.conf # fix install problem in buildroot Patch1: opencryptoki-3.24.0-p11sak.patch @@ -14,9 +14,6 @@ Patch1: opencryptoki-3.24.0-p11sak.patch # tmpfiles.d config files for image mode Patch2: opencryptoki-3.24.0-tmpfiles-image-mode.patch -# sysuser config file for image mode -Patch3: opencryptoki-3.24.0-sysusers-config.patch - # upstream patches Patch100: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch Patch101: opencryptoki-3.24.0-resource-leaks.patch @@ -34,7 +31,9 @@ BuildRequires: bison flex BuildRequires: libcap-devel BuildRequires: expect BuildRequires: make +# sysusers_create_compat macro BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} %ifarch s390 s390x BuildRequires: libica-devel >= 3.3 # for /usr/include/libudev.h @@ -212,9 +211,8 @@ configured with Enterprise PKCS#11 (EP11) firmware. %install %make_install CHGRP=/bin/true -%if %{use_sysusers} # Install sysusers.d config file -install -p -D -m 0644 %{name}.sysusers.conf %{buildroot}%{_sysusersdir}/%{name}.sysusers.conf +install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers.conf # Install tmpfiles.d config files %ifarch s390 s390x @@ -232,7 +230,6 @@ install -p -D -m 0644 %{name}-tpmtok.conf %{buildroot}%{_tmpfilesdir}/ install -p -D -m 0644 %{name}-swtok.conf %{buildroot}%{_tmpfilesdir}/ install -p -D -m 0644 %{name}-icsftok.conf %{buildroot}%{_tmpfilesdir}/ -%endif %pre @@ -245,11 +242,7 @@ if test $1 -gt 1 && test -f %{cfile} ; then fi %pre libs -%if ! %{use_sysusers} -getent group pkcs11 >/dev/null || groupadd -r pkcs11 -getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd -%endif -exit 0 +%sysusers_create_compat %{SOURCE1} %post # restore the config file from %pre @@ -325,9 +318,7 @@ fi %{_libdir}/pkcs11/PKCS11_API.so %{_libdir}/pkcs11/stdll %dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki -%if %{use_sysusers} %{_sysusersdir}/%{name}.sysusers.conf -%endif %files devel %{_includedir}/%{name}/ @@ -338,9 +329,7 @@ fi %{_libdir}/opencryptoki/stdll/PKCS11_SW.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/ -%if %{use_sysusers} %{_tmpfilesdir}/%{name}-swtok.conf -%endif %if 0%{?tmptok} %files tpmtok @@ -348,10 +337,8 @@ fi %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.* %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/ -%if %{use_sysusers} %{_tmpfilesdir}/%{name}-tpmtok.conf %endif -%endif %files icsftok %doc doc/README.icsf_stdll @@ -360,9 +347,7 @@ fi %{_libdir}/opencryptoki/stdll/libpkcs11_icsf.* %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/icsf/ -%if %{use_sysusers} %{_tmpfilesdir}/%{name}-icsftok.conf -%endif %ifarch s390 s390x %files icatok @@ -370,10 +355,8 @@ fi %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/ -%if %{use_sysusers} %{_tmpfilesdir}/%{name}-icatok.conf %endif -%endif %ifarch s390 s390x x86_64 ppc64le %files ccatok @@ -385,10 +368,8 @@ fi %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/ -%if %{use_sysusers} %{_tmpfilesdir}/%{name}-ccatok.conf %endif -%endif %ifarch s390 s390x %files ep11tok @@ -403,13 +384,14 @@ fi %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/ -%if %{use_sysusers} %{_tmpfilesdir}/%{name}-ep11tok.conf %endif -%endif %changelog +* Wed Apr 09 2025 Than Ngo - 3.24.0-5 +- Related: RHEL-77147, opencryptoki doesn't work in image mode + * Wed Mar 19 2025 Than Ngo - 3.24.0-4 - Resolves: RHEL-77147, opencryptoki doesn't work in image mode diff --git a/opencryptoki.sysusers.conf b/opencryptoki.sysusers.conf new file mode 100644 index 0000000..0803919 --- /dev/null +++ b/opencryptoki.sysusers.conf @@ -0,0 +1,3 @@ +u pkcsslotd - "Opencryptoki pkcsslotd user" /run/opencryptoki /sbin/nologin +g pkcs11 - - +m pkcsslotd pkcs11