Hello community, here is the log from the commit of package tpm2-0-tss for openSUSE:Factory checked in at 2020-02-09 21:01:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2-0-tss (Old) and /work/SRC/openSUSE:Factory/.tpm2-0-tss.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2-0-tss" Sun Feb 9 21:01:18 2020 rev:22 rq:769069 version:2.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2-0-tss/tpm2-0-tss.changes 2020-01-30 09:33:40.661242121 +0100 +++ /work/SRC/openSUSE:Factory/.tpm2-0-tss.new.26092/tpm2-0-tss.changes 2020-02-09 21:01:20.955317184 +0100 @@ -1,0 +2,5 @@ +Fri Jan 31 11:51:03 UTC 2020 - Michal Suchanek <[email protected]> + +- Use system-users for tss user creation (boo#1162360). + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2-0-tss.spec ++++++ --- /var/tmp/diff_new_pack.SvHj0R/_old 2020-02-09 21:01:21.703317609 +0100 +++ /var/tmp/diff_new_pack.SvHj0R/_new 2020-02-09 21:01:21.707317611 +0100 @@ -31,7 +31,22 @@ BuildRequires: libopenssl-devel BuildRequires: pkg-config BuildRequires: pkgconfig(udev) -Requires(pre): shadow +# The same user is employed by trousers (and was employed by the old +# resourcemgr shipped with the tpm2-0-tss package): +# +# trousers just needs those accounts for dropping privileges to. The service +# starts as root and uses set*id to drop to tss, after the tpm device has been +# opened. +# +# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned +# by the tss user. Therefore we also need to install a udev rule file. +# +# trousers was here first and created the user like this, also giving it a +# home in /var/lib/tpm. I don't think the home directory is used by either of +# the packages ATM. Trousers is keeping state there, but the directory is +# owned by root and files are opened before dropping privileges. The passwd +# entry seems not to be evaluated. +Requires: user(tss) BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -126,29 +141,6 @@ %prep %setup -q -n tpm2-tss-%{version} -%pre -# the same user is employed by trousers (and was employed by the old -# resourcemgr shipped with the tpm2-0-tss package): -# -# trousers just needs those accounts for dropping privileges to. The service -# starts as root and uses set*id to drop to tss, after the tpm device has been -# opened. -# -# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned -# by the tss user. Therefore we also need to install a udev rule file. -# -# trousers was here first and created the user like this, also giving it a -# home in /var/lib/tpm. I don't think the home directory is used by any of -# both packages ATM. Trousers is keeping state there, but the directory is -# owned by root and files are opened before dropping privileges. The passwd -# entry seems not to be evaluated. -# -# so I guess we can share the account between the two packages for now. -%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss -%_bindir/getent passwd tss >/dev/null || \ - %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \ - -d %{_localstatedir}/lib/tpm tss - %build %configure --disable-static --with-udevrulesdir=%{_udevrulesdir} make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread
