From dfb58385dd30146bfa6e5eb84ca78e51b5afe8ab1ef0683615a96b08f46fd795 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sun, 21 Nov 2021 10:53:14 +0000 Subject: [PATCH] Accepting request 930475 from home:gmbr3:Active - Change to systemd-sysusers OBS-URL: https://build.opensuse.org/request/show/930475 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=64 --- pesign.changes | 5 +++++ pesign.spec | 12 ++++++++---- pesign.sysusers | 2 ++ 3 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 pesign.sysusers diff --git a/pesign.changes b/pesign.changes index 6dc2fae..3f2c09d 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 9 15:01:59 UTC 2021 - Callum Farmer + +- Change to systemd-sysusers + ------------------------------------------------------------------- Tue Oct 19 05:58:37 UTC 2021 - Johannes Segitz diff --git a/pesign.spec b/pesign.spec index 169e159..9d1d5d0 100644 --- a/pesign.spec +++ b/pesign.spec @@ -24,6 +24,7 @@ License: GPL-3.0-or-later Group: Productivity/Security URL: https://github.com/rhinstaller/pesign Source: https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2 +Source1: pesign.sysusers # PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature @@ -47,7 +48,8 @@ BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel BuildRequires: pkgconfig(systemd) -Requires(pre): shadow +BuildRequires: sysuser-tools +%sysusers_requires %{?systemd_requires} ExclusiveArch: ia64 %ix86 x86_64 aarch64 %arm @@ -68,6 +70,7 @@ with the PE and Authenticode specifications. %patch9 -p1 %build +%sysusers_generate_pre %{SOURCE1} %{name} %{name}.conf make %{?_smp_mflags} CFLAGS="%{optflags}" LDFLAGS="${LDFLAGS} -pie" %install @@ -86,9 +89,9 @@ ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} rm -rf %{buildroot}/boot %{buildroot}%{_prefix}/include rm -rf %{buildroot}%{_libdir}/libdpe* -%pre -getent group pesign >/dev/null || groupadd -r pesign -getent passwd pesign >/dev/null || useradd -r -g pesign -d %{_localstatedir}/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign +install -Dm0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.conf + +%pre -f %{name}.pre %service_add_pre pesign.service %preun @@ -120,6 +123,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || : %{_mandir}/man?/* %{_localstatedir}/lib/pesign %{_unitdir}/pesign.service +%{_sysusersdir}/pesign.conf %{_tmpfilesdir}/pesign.conf %dir %{_libexecdir}/pesign %{_libexecdir}/pesign/pesign-authorize diff --git a/pesign.sysusers b/pesign.sysusers new file mode 100644 index 0000000..b163912 --- /dev/null +++ b/pesign.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u pesign - "PE-COFF signing daemon" /var/lib/pesign -