Fix to start pcscd appropriately (latchset#491)

Signed-off-by: Sergio Arroutbi <[email protected]>
oldium · Oct 17, 2024 · ea01ad0 · ea01ad0
1 parent 8490a70
commit ea01ad0
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 19 deletions.
diff --git a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
@@ -16,9 +16,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
+. /usr/bin/clevis-pkcs11-common
+
 if [ ! -f /run/systemd/clevis-pkcs11.run ] && [ -d /run/systemd ];
 then
-  pcscd --disable-polkit
-  echo "" > /run/systemd/clevis-pkcs11.run
-  /usr/libexec/clevis-luks-pkcs11-askpin -d -r
+    clevis_start_pcscd_server
+    echo "" > /run/systemd/clevis-pkcs11.run
+    /usr/libexec/clevis-luks-pkcs11-askpin -d -r
 fi
diff --git a/src/luks/systemd/clevis-luks-pkcs11-askpin.in b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
@@ -52,22 +52,7 @@ get_pkcs11_error() {
     return 0
 }
 
-
-if command -v pcscd; then
-    echo "clevis-pkcs11: starting pcscd if not available ..."
-    PCSCD_PID=$(ps auxf | grep "[p]cscd")
-    echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
-    if ! ps auxf | grep "[p]cscd";
-    then
-        if pcscd pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
-            echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
-            pcscd --disable-polkit
-        else
-            echo "clevis-pkcs11: starting pcscd ..."
-            pcscd
-        fi
-    fi
-fi
+clevis_start_pcscd_server
 
 if [ "${dracut_mode}" != true ]; then
     pkcs11-tool -L

diff --git a/src/pins/pkcs11/clevis-pkcs11-common b/src/pins/pkcs11/clevis-pkcs11-common
@@ -77,6 +77,24 @@ clevis_detect_pkcs11_device() {
     done
 }
 
+clevis_start_pcscd_server() {
+    if command -v pcscd; then
+        echo "clevis-pkcs11: starting pcscd if not available ..."
+        PCSCD_PID=$(ps auxf | grep "[p]cscd")
+        echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
+        if ! ps auxf | grep "[p]cscd";
+        then
+            if pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
+                echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
+                pcscd --disable-polkit
+            else
+                echo "clevis-pkcs11: starting pcscd ..."
+                pcscd
+            fi
+        fi
+    fi
+}
+
 clevis_parse_devices_array() {
     INPUT_ARRAY=$(pkcs11-tool -L | grep Slot)
     counter=0

diff --git a/src/pins/pkcs11/tests/pin-pkcs11 b/src/pins/pkcs11/tests/pin-pkcs11
@@ -20,6 +20,7 @@
 . pkcs11-common-tests
 . tests-common-functions
 . clevis-luks-common-functions
+. clevis-pkcs11-common
 
 on_exit() {
     exit_status=$?
@@ -150,5 +151,16 @@ then
 (${WRONGCFG})"
 fi
 
+if command -v ps && command -v killall; then
+    if ! clevis_start_pcscd_server;
+    then
+        error "${TEST}: Could not start pcscd server"
+    fi
+    if ! killall -9 pcscd;
+    then
+        error "${TEST}: Could not kill pcscd server"
+    fi
+fi
+
 softhsm_lib_cleanup
 test "$?" == 0