From 8547c44c9d92291b2a7e7a9e46d827cf7711f556121d2a83506c1acfc31d494a Mon Sep 17 00:00:00 2001
From: Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
Date: Mon, 4 Dec 2023 13:12:20 +0000
Subject: [PATCH] Accepting request 1130765 from
 home:ngueorguiev:branches:security

Amended the .spec file (bsc#1217703)

OBS-URL: https://build.opensuse.org/request/show/1130765
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=138
---
 ...tch => ocki-3.22-remove-make-install-chgrp.patch |  0
 openCryptoki.changes                                |  5 +++++
 openCryptoki.spec                                   | 13 +++++++++----
 3 files changed, 14 insertions(+), 4 deletions(-)
 rename ocki-3.21-remove-make-install-chgrp.patch => ocki-3.22-remove-make-install-chgrp.patch (100%)

diff --git a/ocki-3.21-remove-make-install-chgrp.patch b/ocki-3.22-remove-make-install-chgrp.patch
similarity index 100%
rename from ocki-3.21-remove-make-install-chgrp.patch
rename to ocki-3.22-remove-make-install-chgrp.patch
diff --git a/openCryptoki.changes b/openCryptoki.changes
index 7c90088..09af408 100644
--- a/openCryptoki.changes
+++ b/openCryptoki.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Dec  4 12:54:28 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Amended the .spec file  for pkcsslotd (jsc#1217703)
+
 -------------------------------------------------------------------
 Thu Sep 21 10:55:56 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
 
diff --git a/openCryptoki.spec b/openCryptoki.spec
index 78baf14..f089233 100644
--- a/openCryptoki.spec
+++ b/openCryptoki.spec
@@ -23,6 +23,7 @@
 # autobuild:/work/cd/lib/misc/group
 #   openCryptoki    pkcs11:x:64:
 %define pkcs11_group_id 64
+%define pkcs_group pkcs11
 %define oc_cvs_tag opencryptoki
 
 Name:           openCryptoki
@@ -38,13 +39,14 @@ Source2:        openCryptoki-TFAQ.html
 Source3:        openCryptoki-rpmlintrc
 # Patch 0 is needed because group pkcs11 doesn't exist in the build environment
 # and because we don't want(?) various file and directory permissions to be 0700.
-Patch000:       ocki-3.21-remove-make-install-chgrp.patch
+Patch000:       ocki-3.22-remove-make-install-chgrp.patch
 #
 #
 BuildRequires:  bison
 BuildRequires:  dos2unix
 BuildRequires:  flex
 BuildRequires:  gcc-c++
+BuildRequires:  libcap-devel
 BuildRequires:  libitm1
 BuildRequires:  libtool
 BuildRequires:  libudev-devel
@@ -53,10 +55,11 @@ BuildRequires:  openssl-devel >= 1.0
 BuildRequires:  pkgconfig
 BuildRequires:  trousers-devel
 BuildRequires:  pkgconfig(systemd)
+###
 Requires(pre):  %{_sbindir}/groupadd
+Requires(pre):  %{_sbindir}/useradd
 Requires(pre):  %{_sbindir}/usermod
 ###
-BuildRequires:  libcap-devel
 
 # IBM maintains openCryptoki on these architectures:
 ExclusiveArch:  %{openCryptoki_32bit_arch} %{openCryptoki_64bit_arch}
@@ -171,8 +174,10 @@ rm -f %{buildroot}%{_libdir}/opencryptoki/methods
 %{service_add_pre pkcsslotd.service}
 # autobuild:/work/cd/lib/misc/group
 # openCryptoki    pkcs11:x:64:
-%{_sbindir}/groupadd -g %{pkcs11_group_id} -r pkcs11 2>/dev/null || true
-%{_sbindir}/usermod -a -G pkcs11 root
+# openCryptoki    pkcsslotd:x:64:
+%{_sbindir}/groupadd -g %{pkcs11_group_id} -r %{pkcs_group} 2>/dev/null || true
+%{_sbindir}/useradd -g %{pkcs11_group_id} -r pkcsslotd -s /sbin/nologin -d /run/opencryptoki   2>/dev/null || true
+%{_sbindir}/usermod -a -G %{pkcs_group} root
 
 %preun
 %{service_del_preun pkcsslotd.service}