Hello community, here is the log from the commit of package trousers for openSUSE:Factory checked in at 2018-10-29 14:21:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trousers (Old) and /work/SRC/openSUSE:Factory/.trousers.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trousers" Mon Oct 29 14:21:50 2018 rev:39 rq:644837 version:0.3.14 Changes: -------- --- /work/SRC/openSUSE:Factory/trousers/trousers.changes 2018-10-25 09:12:49.850272258 +0200 +++ /work/SRC/openSUSE:Factory/.trousers.new/trousers.changes 2018-10-29 14:29:09.886331322 +0100 @@ -1,0 +2,9 @@ +Fri Oct 26 11:13:37 UTC 2018 - [email protected] + +- fix mode of /var/lib/tpm, was missing the execute bit in the previous + version. +- implement a backup and restore logic for /var/lib/tpm/system.data.* to + prevent removal of validly stored trousers state during update. See previous + comment for the packaging error that leads to this requirement. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trousers.spec ++++++ --- /var/tmp/diff_new_pack.bvBoGv/_old 2018-10-29 14:29:10.554297403 +0100 +++ /var/tmp/diff_new_pack.bvBoGv/_new 2018-10-29 14:29:10.558297200 +0100 @@ -16,6 +16,7 @@ # +%define tpmstatedir %{_localstatedir}/lib/tpm Name: trousers Version: 0.3.14 Release: 0 @@ -31,6 +32,8 @@ BuildRequires: openssl-devel BuildRequires: pkg-config BuildRequires: systemd-rpm-macros +# for 'stat' for the hack in %pretrans +BuildRequires: coreutils Requires(pre): pwdutils BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -89,7 +92,7 @@ %install %define trousers_data %{buildroot}%{_datadir}/%{name} -%define trousers_state %{buildroot}%{_localstatedir}/lib/tpm +%define trousers_state %{buildroot}%{tpmstatedir} make DESTDIR=%{buildroot} install %{?_smp_mflags} mkdir -p %{trousers_state} install -D -m 0644 %{SOURCE1} %{buildroot}/%{_unitdir}/tcsd.service @@ -108,12 +111,49 @@ %_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss || : %_bindir/getent passwd tss >/dev/null || \ %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ - -d %{_localstatedir}/lib/tpm tss || : + -d %{tpmstatedir} tss || : %service_add_pre tcsd.service +%pretrans +# this scriplet and the counterpart in %posttrans work around a packaging bug +# that was present in all trousers packages since around 2008. +# /var/lib/tpm/system.data.* was wrongly packaged as runtime state data +# instead of package resource data in /usr/share. After removal of these files +# from packaging, after updating they will be deleted. Since users could have +# created their own versions of the files already (by taking ownership of a +# TPM) we want to keep those files in place. +# +# to achieve this we use the ownership of /var/lib/tpm as an indicator. +# Versions that still wrongly package those files also had the ownership of +# the directory wrong. Therefore if the directory is not owned by the tss user +# we apply a backup and restore logic. +[ ! -d "%{tpmstatedir}" ] && exit 0 +OWNER=`/usr/bin/stat -c "%U" "%{tpmstatedir}"` +[ "$OWNER" = "tss" ] && exit 0 +for data in system.data.auth system.data.noauth; do + file="%{tpmstatedir}/${data}" + [ ! -e "$file" ] && continue + cp -p $file ${file}.rpmsave + echo "saving backup of $file" +done + %post %service_add_post tcsd.service +%posttrans +# see pretrans for an explanation of this +for data in system.data.auth system.data.noauth; do + file="%{tpmstatedir}/${data}" + # nothing to restore here + [ ! -e "${file}.rpmsave" ] && continue + # for some reason the to-be-restored file already exists? ignore. + [ -e "${file}" ] && continue + # restore the original file + echo "restoring backup of $file" + mv ${file}.rpmsave ${file} + chown tss:tss "${file}" +done + %postun %service_del_postun tcsd.service @@ -130,7 +170,7 @@ %doc README README.selinux AUTHORS ChangeLog LICENSE NICETOHAVES TODO doc/* %{_mandir}/man5/* %{_mandir}/man8/* -%attr(640,tss,tss) %{_localstatedir}/lib/tpm +%attr(750,tss,tss) %{tpmstatedir} %{_datadir}/%{name} %{_sbindir}/tcsd %{_sbindir}/rctcsd
