From 5bc4f8b724384f77c6235f5e3b31adf00bd2f556 Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Thu, 25 May 2023 18:03:03 +0200
Subject: [PATCH] - add verify attributes for opencryptoki.conf to ignore the
 verification - drop unnecessary opencryptoki-3.11.0-group.patch

Related: #2159697
---
 opencryptoki-3.11.0-group.patch | 31 -------------------------------
 opencryptoki.spec               | 10 ++++++----
 2 files changed, 6 insertions(+), 35 deletions(-)
 delete mode 100644 opencryptoki-3.11.0-group.patch

diff --git a/opencryptoki-3.11.0-group.patch b/opencryptoki-3.11.0-group.patch
deleted file mode 100644
index e88b391..0000000
--- a/opencryptoki-3.11.0-group.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff -up opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in
---- opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me	2019-01-31 10:42:23.325797012 +0100
-+++ opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in	2019-01-31 10:52:17.585191667 +0100
-@@ -55,9 +55,11 @@ void *attach_shared_memory()
-     int shmid;
-     char *shmp;
-     struct stat statbuf;
-+#if 0
-     struct group *grp;
-     struct passwd *pw, *epw;
-     uid_t uid, euid;
-+#endif
- 
- #if !(MMAP)
-     // Really should fstat the tok_path, since it will be the actual
-@@ -69,6 +71,7 @@ void *attach_shared_memory()
-         return NULL;
-     }
- 
-+#if 0
-     uid = getuid();
-     euid = geteuid();
-     // only check group membership if not root user
-@@ -102,6 +105,7 @@ void *attach_shared_memory()
-             return NULL;
-         }
-     }
-+#endif
- 
-     Anchor->shm_tok = ftok(TOK_PATH, 'b');
- 
diff --git a/opencryptoki.spec b/opencryptoki.spec
index c4b9dae..70ba494 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -1,13 +1,11 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.21.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: CPL
 Group: System Environment/Base
 URL: https://github.com/opencryptoki/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-# https://bugzilla.redhat.com/show_bug.cgi?id=732756
-Patch0: opencryptoki-3.11.0-group.patch
 # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
 Patch1: opencryptoki-3.11.0-lockdir.patch
 # add missing p11sak_defined_attrs.conf
@@ -276,7 +274,7 @@ fi
 %doc doc/README.token_data
 %doc %{_docdir}/%{name}/*.conf
 %dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf
 %attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf
 %{_tmpfilesdir}/%{name}.conf
@@ -379,6 +377,10 @@ fi
 
 
 %changelog
+* Thu May 25 2023 Than Ngo <than@redhat.com> - 3.21.0-4
+- add verify attributes for opencryptoki.conf to ignore the verification
+Related: #2159697
+
 * Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
 - pkcsstats: Fix handling of user name
 - p11sak: Fix user confirmation prompt behavior when stdin is closed