- add verify attributes for opencryptoki.conf to ignore the verification

- drop unnecessary opencryptoki-3.11.0-group.patch Related: #2159697
2023-05-25 18:03:03 +02:00 · 2023-05-25 18:03:03 +02:00 · 5bc4f8b724
commit 5bc4f8b724
parent 4c8aef5468
2 changed files with 6 additions and 35 deletions
--- a/opencryptoki-3.11.0-group.patch
+++ b/opencryptoki-3.11.0-group.patch
@ -1,31 +0,0 @@
-diff -up opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in
--- opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me	2019-01-31 10:42:23.325797012 +0100
-+++ opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in	2019-01-31 10:52:17.585191667 +0100
-@@ -55,9 +55,11 @@ void *attach_shared_memory()
-     int shmid;
-     char *shmp;
-     struct stat statbuf;
-+#if 0
-     struct group *grp;
-     struct passwd *pw, *epw;
-     uid_t uid, euid;
-+#endif
- 
- #if !(MMAP)
-     // Really should fstat the tok_path, since it will be the actual
-@@ -69,6 +71,7 @@ void *attach_shared_memory()
-         return NULL;
-     }
- 
-+#if 0
-     uid = getuid();
-     euid = geteuid();
-     // only check group membership if not root user
-@@ -102,6 +105,7 @@ void *attach_shared_memory()
-             return NULL;
-         }
-     }
-+#endif
- 
-     Anchor->shm_tok = ftok(TOK_PATH, 'b');
- 
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@ -1,13 +1,11 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.21.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: CPL
 Group: System Environment/Base
 URL: https://github.com/opencryptoki/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-# https://bugzilla.redhat.com/show_bug.cgi?id=732756
-Patch0: opencryptoki-3.11.0-group.patch
 # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
 Patch1: opencryptoki-3.11.0-lockdir.patch
 # add missing p11sak_defined_attrs.conf
@ -276,7 +274,7 @@ fi
 %doc doc/README.token_data
 %doc %{_docdir}/%{name}/*.conf
 %dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf
 %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf
 %{_tmpfilesdir}/%{name}.conf
@ -379,6 +377,10 @@ fi


 %changelog
+* Thu May 25 2023 Than Ngo <than@redhat.com> - 3.21.0-4
+- add verify attributes for opencryptoki.conf to ignore the verification
+Related: #2159697
+
 * Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
 - pkcsstats: Fix handling of user name
 - p11sak: Fix user confirmation prompt behavior when stdin is closed