Request 498707 (accepted)

This request supersedes: request 495590 (Show diff)

Overview

Request 498707 accepted

No description set

Created by Alexander_Naumov over 7 years ago
In state accepted
Supersedes 495590

Submit tpm2-0-tss

Comments for request 498707 1

Dominique Leuenberger (dimstar) - over 7 years ago

reviewer

+# the same user is employed by trousers:
+#
+# trousers just needs those accounts for dropping privileges to. The service
+# starts as root and uses set*id to drop to tss, after the tpm device has been
+# opened.
+#
+# resourcemgr has no set*id handling and thus requires /dev/tpm to be owned
+# by the tss user. Therefore we also need to install a udev rule file.
+#
+# trousers was here first and created the user like this, also giving it a
+# home in /var/lib/tpm. I don't think the home directory is used by any of
+# both packages ATM. Trousers is keeping state there, but the directory is
+# owned by root and files are opened before dropping privileges. The passwd
+# entry seems not to be evaluated.
+#
+# so I guess we can share the account between the two packages for now.
+%_bindir/getent group tss >/dev/null || %{_sbindir}/groupadd -g 98 tss
+%_bindir/getent passwd tss >/dev/null || \
+   %{_sbindir}/useradd -u 98 -o -g tss -s /bin/false -c "TSS daemon" \
+   -d %{_localstatedir}/lib/tpm tss

In tnis case I recommend to split the user generation according to https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups

then only one package has to 'care' for the correct settins and the other one does: Requires: user(tss)