From 87f52a01acd3389a8c0bba28c4ca214de97140532e33cb00c490a660706b58e1 Mon Sep 17 00:00:00 2001
From: Alberto Planas Dominguez <aplanas@suse.com>
Date: Fri, 4 Mar 2022 17:16:17 +0000
Subject: [PATCH] Accepting request 959504 from home:aplanas:branches:security

- Add work_dir directory in /var/lib/keylime
- Add subpackage rust-keylime-python to execute revocation payload in Python

OBS-URL: https://build.opensuse.org/request/show/959504
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=11
---
 rust-keylime.changes |  6 ++++++
 rust-keylime.spec    | 23 ++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/rust-keylime.changes b/rust-keylime.changes
index 35719d8..b797d1b 100644
--- a/rust-keylime.changes
+++ b/rust-keylime.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Mar  4 16:02:57 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Add work_dir directory in /var/lib/keylime
+- Add subpackage rust-keylime-python to execute revocation payload in Python
+
 -------------------------------------------------------------------
 Tue Mar 01 14:21:35 UTC 2022 - aplanas@suse.com
 
diff --git a/rust-keylime.spec b/rust-keylime.spec
index 8e7a180..c7d8bab 100644
--- a/rust-keylime.spec
+++ b/rust-keylime.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package rust-keylime
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,6 +36,7 @@ BuildRequires:  libarchive-devel
 BuildRequires:  rust
 BuildRequires:  tpm2-0-tss-devel
 BuildRequires:  zeromq-devel
+Recommends:     %{name}-python = %{version}
 Conflicts:      keylime-agent
 Conflicts:      keylime-config
 Conflicts:      keylime-firewalld
@@ -46,6 +47,14 @@ ExcludeArch:    %{ix86} s390x ppc64 ppc64le armhfp armv7hl
 Rust implementation of keylime agent. Keylime is system integrity
 monitoring system.
 
+%package -n %{name}-python
+Summary:        Shim loader for Python compatibility
+Requires:       %{name} = %{version}
+Requires:       python3-base
+
+%description -n %{name}-python
+Subpackage of %{name} for executing Python based revocation scripts.
+
 %prep
 %autosetup -a1 -p1
 mkdir .cargo
@@ -62,6 +71,13 @@ install -Dpm 644 %{SOURCE3} %{buildroot}%{_unitdir}/keylime_agent.service
 
 install -D -m 644 %{SOURCE4} %{buildroot}%{_prefix}/lib/firewalld/services/keylime.xml
 
+# Create work directory
+mkdir -p %{buildroot}%{_sharedstatedir}/keylime
+
+# Create work directory for revocation actions
+mkdir -p %{buildroot}%{_libexecdir}/keylime
+cp tests/actions/shim.py %{buildroot}%{_libexecdir}/keylime
+
 rm %{buildroot}%{_prefix}/.crates.toml
 rm %{buildroot}%{_prefix}/.crates2.json
 
@@ -84,9 +100,14 @@ rm %{buildroot}%{_prefix}/.crates2.json
 %{_bindir}/keylime_agent
 %{_bindir}/keylime_ima_emulator
 %config(noreplace) %{_sysconfdir}/keylime.conf
+%dir %attr(0700, root, root) %{_sharedstatedir}/keylime
 %dir %{_prefix}/lib/firewalld
 %dir %{_prefix}/lib/firewalld/services
 %{_prefix}/lib/firewalld/services/keylime.xml
 %{_unitdir}/keylime_agent.service
 
+%files -n %{name}-python
+%dir %{_libexecdir}/keylime
+%{_libexecdir}/keylime/shim.py
+
 %changelog