-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pkcs11 and pcsc don't seem to have ever worked. In the case of pkcs11, the following install line is incorrect (note the dot before *): {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so.*" And it should be: {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so*" I opened a PR and it was merged a while ago: dracutdevs/dracut#2540 In the case of pcsc there are two problems. One, the installation file is missing /usr/share/p11-kit/modules/opensc.module and without that, you can't really do anything. Two, dracut doesn't include polkit and pcsc is compiled with it enabled by default. The option --disable-polkit was added to pcscd in 2.0, precisely to address this issue. It needs to be added to pcscd.service in the module for it to work on initramfs. I opened another PR which has been approved by 2 reviewers and merged into openSUSE: dracutdevs/dracut#2547 Signed-off-by: Manuel Fombuena <[email protected]>
- Loading branch information
Showing
3 changed files
with
88 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
From 1c762c0da6ed2bb6fa44d5e0968605cc4d45361c Mon Sep 17 00:00:00 2001 | ||
From: innovara <[email protected]> | ||
Date: Fri, 27 Oct 2023 11:53:49 +0100 | ||
Subject: [PATCH] fix(pkcs11): delete trailing dot on | ||
libcryptsetup-token-systemd-pkcs11.so | ||
|
||
libcryptsetup-token-systemd-pkcs11.so.* doesn't match the file libcryptsetup-token-systemd-pkcs11.so | ||
--- | ||
modules.d/91pkcs11/module-setup.sh | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/modules.d/91pkcs11/module-setup.sh b/modules.d/91pkcs11/module-setup.sh | ||
index 547631db66..5675efb580 100755 | ||
--- a/modules.d/91pkcs11/module-setup.sh | ||
+++ b/modules.d/91pkcs11/module-setup.sh | ||
@@ -30,6 +30,6 @@ install() { | ||
{"tls/$_arch/",tls/,"$_arch/",}"libffi.so.*" \ | ||
{"tls/$_arch/",tls/,"$_arch/",}"libp11-kit.so.*" \ | ||
{"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \ | ||
- {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so.*" | ||
+ {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so*" | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
From 6da61a2c0e38da4e6e880e1bb7f47d55d2c54c65 Mon Sep 17 00:00:00 2001 | ||
From: Manuel Fombuena <[email protected]> | ||
Date: Fri, 3 Nov 2023 09:04:53 +0000 | ||
Subject: [PATCH 1/2] fix(pcsc): add opensc load module file | ||
|
||
On Fedora, and possibly others, this file loads opensc-pkcs11.so which you need to interact with the smart card to unlock a LUKS encrypted volume. | ||
--- | ||
modules.d/91pcsc/module-setup.sh | 3 ++- | ||
1 file changed, 2 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/modules.d/91pcsc/module-setup.sh b/modules.d/91pcsc/module-setup.sh | ||
index 6f8b2c88e1..26b463d436 100755 | ||
--- a/modules.d/91pcsc/module-setup.sh | ||
+++ b/modules.d/91pcsc/module-setup.sh | ||
@@ -29,7 +29,8 @@ install() { | ||
inst_simple "$moddir/pcscd.socket" "${systemdsystemunitdir}"/pcscd.socket | ||
|
||
inst_multiple -o \ | ||
- pcscd | ||
+ pcscd \ | ||
+ /usr/share/p11-kit/modules/opensc.module | ||
|
||
# Enable systemd type unit(s) | ||
for i in \ | ||
|
||
From 842be0c89fe0cc8cac9efa88e68b07ae1c2d2464 Mon Sep 17 00:00:00 2001 | ||
From: Manuel Fombuena <[email protected]> | ||
Date: Fri, 3 Nov 2023 11:53:38 +0000 | ||
Subject: [PATCH 2/2] fix(pcsc): add --disable-polkit to pcscd.service | ||
|
||
Needs pcsc >= 2.0.0 | ||
|
||
polkit is not included in dracut and without this option, pcscd simply fails | ||
--- | ||
modules.d/91pcsc/pcscd.service | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/modules.d/91pcsc/pcscd.service b/modules.d/91pcsc/pcscd.service | ||
index 639decd275..7d4e0a2b30 100644 | ||
--- a/modules.d/91pcsc/pcscd.service | ||
+++ b/modules.d/91pcsc/pcscd.service | ||
@@ -5,7 +5,7 @@ Documentation=man:pcscd(8) | ||
Requires=pcscd.socket | ||
|
||
[Service] | ||
-ExecStart=/usr/sbin/pcscd --foreground --auto-exit | ||
+ExecStart=/usr/sbin/pcscd --foreground --auto-exit --disable-polkit | ||
ExecReload=/usr/sbin/pcscd --hotplug | ||
|
||
[Install] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,7 @@ | |
%global __requires_exclude pkg-config | ||
|
||
# rpmdev-bumpspec and releng automation compatible variable | ||
%global baserelease 20 | ||
%global baserelease 21 | ||
|
||
Name: dracut | ||
Version: 059 | ||
|
@@ -98,6 +98,15 @@ Patch17: 2481-remove-microcode-check-based-on-CONFIG_MICROCODE_.patch | |
# https://github.com/dracutdevs/dracut/pull/2531 | ||
Patch: 2531.patch | ||
|
||
# https://github.com/dracutdevs/dracut/pull/2540 | ||
# fix(pkcs11): delete trailing dot on libcryptsetup-token-systemd-pkcs11.so | ||
Patch19: https://github.com/dracutdevs/dracut/commit/1c762c0da6ed2bb6fa44d5e0968605cc4d45361c.patch | ||
|
||
# https://github.com/dracutdevs/dracut/pull/2547 | ||
# fix(pcsc): add opensc load module file | ||
# fix(pcsc): add --disable-polkit to pcscd.service | ||
Patch20: https://github.com/dracutdevs/dracut/pull/2547.patch | ||
|
||
BuildRequires: bash | ||
BuildRequires: git-core | ||
BuildRequires: pkgconfig(libkmod) >= 23 | ||
|
@@ -498,6 +507,11 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ | |
%{_prefix}/lib/kernel/install.d/51-dracut-rescue.install | ||
|
||
%changelog | ||
* Sat Jan 27 2024 Manuel Fombuena <[email protected]> - 059-21 | ||
- fix(pkcs11): delete trailing dot on libcryptsetup-token-systemd-pkcs11.so | ||
- fix(pcsc): add opensc load module file | ||
- fix(pcsc): add --disable-polkit to pcscd.service | ||
|
||
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> - 059-20 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild | ||
|
||
|