From ea01ad0c954ac478e72881504d8b7b0486431526 Mon Sep 17 00:00:00 2001 From: Sergio Arroutbi Date: Thu, 17 Oct 2024 17:41:01 +0200 Subject: [PATCH] Fix to start pcscd appropriately (#491) Signed-off-by: Sergio Arroutbi --- .../clevis-pin-pkcs11/clevis-pkcs11-hook.sh | 8 +++++--- src/luks/systemd/clevis-luks-pkcs11-askpin.in | 17 +---------------- src/pins/pkcs11/clevis-pkcs11-common | 18 ++++++++++++++++++ src/pins/pkcs11/tests/pin-pkcs11 | 12 ++++++++++++ 4 files changed, 36 insertions(+), 19 deletions(-) diff --git a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh index 01a3062a..9922bbc2 100755 --- a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh +++ b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh @@ -16,9 +16,11 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +. /usr/bin/clevis-pkcs11-common + if [ ! -f /run/systemd/clevis-pkcs11.run ] && [ -d /run/systemd ]; then - pcscd --disable-polkit - echo "" > /run/systemd/clevis-pkcs11.run - /usr/libexec/clevis-luks-pkcs11-askpin -d -r + clevis_start_pcscd_server + echo "" > /run/systemd/clevis-pkcs11.run + /usr/libexec/clevis-luks-pkcs11-askpin -d -r fi diff --git a/src/luks/systemd/clevis-luks-pkcs11-askpin.in b/src/luks/systemd/clevis-luks-pkcs11-askpin.in index b860efaa..468ca3c3 100755 --- a/src/luks/systemd/clevis-luks-pkcs11-askpin.in +++ b/src/luks/systemd/clevis-luks-pkcs11-askpin.in @@ -52,22 +52,7 @@ get_pkcs11_error() { return 0 } - -if command -v pcscd; then - echo "clevis-pkcs11: starting pcscd if not available ..." - PCSCD_PID=$(ps auxf | grep "[p]cscd") - echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n" - if ! ps auxf | grep "[p]cscd"; - then - if pcscd pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then - echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..." - pcscd --disable-polkit - else - echo "clevis-pkcs11: starting pcscd ..." - pcscd - fi - fi -fi +clevis_start_pcscd_server if [ "${dracut_mode}" != true ]; then pkcs11-tool -L diff --git a/src/pins/pkcs11/clevis-pkcs11-common b/src/pins/pkcs11/clevis-pkcs11-common index 571a2bed..c7f2a58f 100755 --- a/src/pins/pkcs11/clevis-pkcs11-common +++ b/src/pins/pkcs11/clevis-pkcs11-common @@ -77,6 +77,24 @@ clevis_detect_pkcs11_device() { done } +clevis_start_pcscd_server() { + if command -v pcscd; then + echo "clevis-pkcs11: starting pcscd if not available ..." + PCSCD_PID=$(ps auxf | grep "[p]cscd") + echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n" + if ! ps auxf | grep "[p]cscd"; + then + if pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then + echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..." + pcscd --disable-polkit + else + echo "clevis-pkcs11: starting pcscd ..." + pcscd + fi + fi + fi +} + clevis_parse_devices_array() { INPUT_ARRAY=$(pkcs11-tool -L | grep Slot) counter=0 diff --git a/src/pins/pkcs11/tests/pin-pkcs11 b/src/pins/pkcs11/tests/pin-pkcs11 index 94e15484..c876ca4f 100755 --- a/src/pins/pkcs11/tests/pin-pkcs11 +++ b/src/pins/pkcs11/tests/pin-pkcs11 @@ -20,6 +20,7 @@ . pkcs11-common-tests . tests-common-functions . clevis-luks-common-functions +. clevis-pkcs11-common on_exit() { exit_status=$? @@ -150,5 +151,16 @@ then (${WRONGCFG})" fi +if command -v ps && command -v killall; then + if ! clevis_start_pcscd_server; + then + error "${TEST}: Could not start pcscd server" + fi + if ! killall -9 pcscd; + then + error "${TEST}: Could not kill pcscd server" + fi +fi + softhsm_lib_cleanup test "$?" == 0