rpm/tpm2-0-tss
SHA256
1
0
Fork 0
forked from pool/tpm2-0-tss
Code Pull Requests Activity

Accepting request 769062 from home:michals

Browse Source 
- Use system-users for tss user creation (boo#1162360).

OBS-URL: https://build.opensuse.org/request/show/769062
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=92
This commit is contained in:
Matthias Gerstner 2020-01-31 14:16:21 +00:00 committed by Git OBS Bridge
parent 065455a1d1
commit 00388c2150
2 changed files with 21 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tpm2-0-tss.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Jan 31 11:51:03 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
- Use system-users for tss user creation (boo#1162360).
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 24 14:13:01 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org> Fri Jan 24 14:13:01 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

40
tpm2-0-tss.spec
View File

@ -31,7 +31,22 @@ BuildRequires: libgcrypt-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: pkgconfig(udev) BuildRequires: pkgconfig(udev)
Requires(pre): shadow # The same user is employed by trousers (and was employed by the old
# resourcemgr shipped with the tpm2-0-tss package):
#
# trousers just needs those accounts for dropping privileges to. The service
# starts as root and uses set*id to drop to tss, after the tpm device has been
# opened.
#
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
# by the tss user. Therefore we also need to install a udev rule file.
#
# trousers was here first and created the user like this, also giving it a
# home in /var/lib/tpm. I don't think the home directory is used by either of
# the packages ATM. Trousers is keeping state there, but the directory is
# owned by root and files are opened before dropping privileges. The passwd
# entry seems not to be evaluated.
Requires: user(tss)
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -126,29 +141,6 @@ protocol exposed by the Microsoft software TPM2 simulator.
%prep %prep
%setup -q -n tpm2-tss-%{version} %setup -q -n tpm2-tss-%{version}
%pre
# the same user is employed by trousers (and was employed by the old
# resourcemgr shipped with the tpm2-0-tss package):
#
# trousers just needs those accounts for dropping privileges to. The service
# starts as root and uses set*id to drop to tss, after the tpm device has been
# opened.
#
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
# by the tss user. Therefore we also need to install a udev rule file.
#
# trousers was here first and created the user like this, also giving it a
# home in /var/lib/tpm. I don't think the home directory is used by any of
# both packages ATM. Trousers is keeping state there, but the directory is
# owned by root and files are opened before dropping privileges. The passwd
# entry seems not to be evaluated.
#
# so I guess we can share the account between the two packages for now.
%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss
%_bindir/getent passwd tss >/dev/null || \
%{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \
-d %{_localstatedir}/lib/tpm tss
%build %build
%configure --disable-static --with-udevrulesdir=%{_udevrulesdir} %configure --disable-static --with-udevrulesdir=%{_udevrulesdir}
make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread