Related: RHEL-77147, opencryptoki doesn't work in image mode

2025-04-11 14:42:50 +02:00 · 2025-04-11 14:42:50 +02:00 · 50dff60271
commit 50dff60271
parent 6563f73fbf
3 changed files with 13 additions and 35 deletions
--- a/opencryptoki-3.24.0-sysusers-config.patch
+++ b/opencryptoki-3.24.0-sysusers-config.patch
@ -1,7 +0,0 @@
 diff -Nur opencryptoki-3.24.0.me/opencryptoki.sysusers.conf opencryptoki-3.24.0/opencryptoki.sysusers.conf
 --- opencryptoki-3.24.0.me/opencryptoki.sysusers.conf	1970-01-01 01:00:00.000000000 +0100
 +++ opencryptoki-3.24.0/opencryptoki.sysusers.conf	2025-03-12 15:56:16.270318728 +0100
@@ -0,0 +1,3 @@
 +u pkcsslotd - "Opencryptoki pkcsslotd user"  /run/opencryptoki /sbin/nologin
 +g pkcs11 - -
 +m pkcsslotd pkcs11
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@ -1,12 +1,12 @@
 %global use_sysusers 1
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.24.0
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: CPL-1.0
 URL: https://github.com/opencryptoki/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 # sysusers.d config file to allow rpm to create users/groups automatically
 Source1: opencryptoki.sysusers.conf
 # fix install problem in buildroot
 Patch1: opencryptoki-3.24.0-p11sak.patch
@ -14,9 +14,6 @@ Patch1: opencryptoki-3.24.0-p11sak.patch
 # tmpfiles.d config files for image mode
 Patch2: opencryptoki-3.24.0-tmpfiles-image-mode.patch
 # sysuser config file for image mode
 Patch3: opencryptoki-3.24.0-sysusers-config.patch
 # upstream patches
 Patch100: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch
 Patch101: opencryptoki-3.24.0-resource-leaks.patch
@ -34,7 +31,9 @@ BuildRequires: bison flex
 BuildRequires: libcap-devel
 BuildRequires: expect
 BuildRequires: make
 # sysusers_create_compat macro
 BuildRequires: systemd-rpm-macros
 %{?sysusers_requires_compat}
 %ifarch s390 s390x
 BuildRequires: libica-devel >= 3.3
 # for /usr/include/libudev.h
@ -212,9 +211,8 @@ configured with Enterprise PKCS#11 (EP11) firmware.
 %install
 %make_install CHGRP=/bin/true
 %if %{use_sysusers}
 # Install sysusers.d config file
-install -p -D -m 0644 %{name}.sysusers.conf %{buildroot}%{_sysusersdir}/%{name}.sysusers.conf
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers.conf
 # Install tmpfiles.d config files
 %ifarch s390 s390x
@ -232,7 +230,6 @@ install -p -D -m 0644 %{name}-tpmtok.conf %{buildroot}%{_tmpfilesdir}/
 install -p -D -m 0644 %{name}-swtok.conf %{buildroot}%{_tmpfilesdir}/
 install -p -D -m 0644 %{name}-icsftok.conf %{buildroot}%{_tmpfilesdir}/
 %endif
 %pre
@ -245,11 +242,7 @@ if test $1 -gt 1 && test -f %{cfile} ; then
 fi
 %pre libs
-%if ! %{use_sysusers}
+%sysusers_create_compat %{SOURCE1}
 getent group pkcs11 >/dev/null || groupadd -r pkcs11
 getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd
 %endif
 exit 0
 %post
 # restore the config file from %pre
@ -325,9 +318,7 @@ fi
 %{_libdir}/pkcs11/PKCS11_API.so
 %{_libdir}/pkcs11/stdll
 %dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki
 %if %{use_sysusers}
 %{_sysusersdir}/%{name}.sysusers.conf
 %endif
 %files devel
 %{_includedir}/%{name}/
@ -338,9 +329,7 @@ fi
 %{_libdir}/opencryptoki/stdll/PKCS11_SW.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/
 %if %{use_sysusers}
 %{_tmpfilesdir}/%{name}-swtok.conf
 %endif
 %if 0%{?tmptok}
 %files tpmtok
@ -348,10 +337,8 @@ fi
 %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
 %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/tpm/
 %if %{use_sysusers}
 %{_tmpfilesdir}/%{name}-tpmtok.conf
 %endif
 %endif
 %files icsftok
 %doc doc/README.icsf_stdll
@ -360,9 +347,7 @@ fi
 %{_libdir}/opencryptoki/stdll/libpkcs11_icsf.*
 %{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/icsf/
 %if %{use_sysusers}
 %{_tmpfilesdir}/%{name}-icsftok.conf
 %endif
 %ifarch s390 s390x
 %files icatok
@ -370,10 +355,8 @@ fi
 %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/
 %if %{use_sysusers}
 %{_tmpfilesdir}/%{name}-icatok.conf
 %endif
 %endif
 %ifarch s390 s390x x86_64 ppc64le
 %files ccatok
@ -385,10 +368,8 @@ fi
 %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/
 %if %{use_sysusers}
 %{_tmpfilesdir}/%{name}-ccatok.conf
 %endif
 %endif
 %ifarch s390 s390x
 %files ep11tok
@ -403,13 +384,14 @@ fi
 %{_libdir}/opencryptoki/stdll/PKCS11_EP11.so
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ep11tok/TOK_OBJ/
 %if %{use_sysusers}
 %{_tmpfilesdir}/%{name}-ep11tok.conf
 %endif
 %endif
 %changelog
 * Wed Apr 09 2025 Than Ngo <than@redhat.com> - 3.24.0-5
 - Related: RHEL-77147, opencryptoki doesn't work in image mode
 * Wed Mar 19 2025 Than Ngo <than@redhat.com> - 3.24.0-4
 - Resolves: RHEL-77147, opencryptoki doesn't work in image mode
--- a/opencryptoki.sysusers.conf
+++ b/opencryptoki.sysusers.conf
@ -0,0 +1,3 @@
 u pkcsslotd - "Opencryptoki pkcsslotd user"  /run/opencryptoki /sbin/nologin
 g pkcs11 - -
 m pkcsslotd pkcs11