Accepting request 1130787 from security

Amended the .spec file for pkcsslotd (jsc#1217703)

OBS-URL: https://build.opensuse.org/request/show/1130787
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=70
This commit is contained in:
Ana Guerrero 2023-12-04 22:02:10 +00:00 committed by Git OBS Bridge
commit 6e0c8bdcc5
3 changed files with 15 additions and 4 deletions

View File

@ -1,4 +1,10 @@
-------------------------------------------------------------------
Mon Dec 4 13:40:57 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Amended the .spec file for pkcsslotd (jsc#1217703)
* Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to
ocki-3.22-remove-make-install-chgrp.patch
-------------------------------------------------------------------
Thu Sep 21 10:55:56 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
- Upgrade to version 3.22 (jsc#PED-3361)

View File

@ -23,6 +23,7 @@
# autobuild:/work/cd/lib/misc/group
# openCryptoki pkcs11:x:64:
%define pkcs11_group_id 64
%define pkcs_group pkcs11
%define oc_cvs_tag opencryptoki
Name: openCryptoki
@ -38,13 +39,14 @@ Source2: openCryptoki-TFAQ.html
Source3: openCryptoki-rpmlintrc
# Patch 0 is needed because group pkcs11 doesn't exist in the build environment
# and because we don't want(?) various file and directory permissions to be 0700.
Patch000: ocki-3.21-remove-make-install-chgrp.patch
Patch000: ocki-3.22-remove-make-install-chgrp.patch
#
#
BuildRequires: bison
BuildRequires: dos2unix
BuildRequires: flex
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libitm1
BuildRequires: libtool
BuildRequires: libudev-devel
@ -53,10 +55,11 @@ BuildRequires: openssl-devel >= 1.0
BuildRequires: pkgconfig
BuildRequires: trousers-devel
BuildRequires: pkgconfig(systemd)
###
Requires(pre): %{_sbindir}/groupadd
Requires(pre): %{_sbindir}/useradd
Requires(pre): %{_sbindir}/usermod
###
BuildRequires: libcap-devel
# IBM maintains openCryptoki on these architectures:
ExclusiveArch: %{openCryptoki_32bit_arch} %{openCryptoki_64bit_arch}
@ -171,8 +174,10 @@ rm -f %{buildroot}%{_libdir}/opencryptoki/methods
%{service_add_pre pkcsslotd.service}
# autobuild:/work/cd/lib/misc/group
# openCryptoki pkcs11:x:64:
%{_sbindir}/groupadd -g %{pkcs11_group_id} -r pkcs11 2>/dev/null || true
%{_sbindir}/usermod -a -G pkcs11 root
# openCryptoki pkcsslotd:x:64:
%{_sbindir}/groupadd -g %{pkcs11_group_id} -r %{pkcs_group} 2>/dev/null || true
%{_sbindir}/useradd -g %{pkcs11_group_id} -r pkcsslotd -s /sbin/nologin -d /run/opencryptoki 2>/dev/null || true
%{_sbindir}/usermod -a -G %{pkcs_group} root
%preun
%{service_del_preun pkcsslotd.service}