diff -Nru opencryptoki-3.21.0+dfsg/debian/changelog opencryptoki-3.21.0+dfsg/debian/changelog --- opencryptoki-3.21.0+dfsg/debian/changelog 2023-07-07 12:15:35.000000000 +0200 +++ opencryptoki-3.21.0+dfsg/debian/changelog 2023-10-19 18:21:02.000000000 +0200 @@ -1,3 +1,19 @@ +opencryptoki (3.21.0+dfsg-0ubuntu1.1) mantic; urgency=medium + + * Fix an opencryptoki package install failure (LP: 2039783) + - Add /run/opencryptoki to d/opencryptoki.dirs to hand over folder + management to dh. + - Remove d/opencryptoki.tmpfile since the upstream version should be used. + - Modify d/opencryptoki.postinst + - ensure that pkcs11 is only a supplementary group for root + - remove uneeded/duplicate chown + - reorder cmds to reduce (warn) messages + - Modify d/opencryptoki.postrm + - remove pkcsslotd user before removing pkcs11 group + (otherwise it'll be never empty) + + -- Frank Heimes Thu, 19 Oct 2023 18:21:02 +0200 + opencryptoki (3.21.0+dfsg-0ubuntu1) mantic; urgency=medium * New upstream release (LP: #2026732), incl. support for: diff -Nru opencryptoki-3.21.0+dfsg/debian/opencryptoki.dirs opencryptoki-3.21.0+dfsg/debian/opencryptoki.dirs --- opencryptoki-3.21.0+dfsg/debian/opencryptoki.dirs 2023-07-07 12:15:35.000000000 +0200 +++ opencryptoki-3.21.0+dfsg/debian/opencryptoki.dirs 2023-10-19 14:01:51.000000000 +0200 @@ -12,3 +12,4 @@ /var/lib/opencryptoki/tpm /var/lock/opencryptoki /var/log/opencryptoki +/run/opencryptoki diff -Nru opencryptoki-3.21.0+dfsg/debian/opencryptoki.postinst opencryptoki-3.21.0+dfsg/debian/opencryptoki.postinst --- opencryptoki-3.21.0+dfsg/debian/opencryptoki.postinst 2023-07-07 12:15:35.000000000 +0200 +++ opencryptoki-3.21.0+dfsg/debian/opencryptoki.postinst 2023-10-19 18:21:02.000000000 +0200 @@ -5,17 +5,16 @@ case "${1}" in configure) addgroup --system pkcs11 + chgrp pkcs11 /run/opencryptoki adduser --system --ingroup pkcs11 --home /run/opencryptoki --shell /usr/sbin/nologin --comment "Opencryptoki pkcsslotd user" pkcsslotd - adduser root pkcs11 - chown root:pkcs11 /var/lib/opencryptoki + usermod -a -G pkcs11 root chown root:pkcs11 /etc/opencryptoki/p11sak_defined_attrs.conf chown root:pkcs11 /etc/opencryptoki/strength.conf chmod 640 /etc/opencryptoki/strength.conf chown pkcsslotd:pkcs11 /run/opencryptoki - chgrp pkcs11 /run/opencryptoki chmod 0710 /run/opencryptoki chgrp pkcs11 /var/lock/opencryptoki chmod 0770 /var/lock/opencryptoki diff -Nru opencryptoki-3.21.0+dfsg/debian/opencryptoki.postrm opencryptoki-3.21.0+dfsg/debian/opencryptoki.postrm --- opencryptoki-3.21.0+dfsg/debian/opencryptoki.postrm 2023-07-07 12:15:35.000000000 +0200 +++ opencryptoki-3.21.0+dfsg/debian/opencryptoki.postrm 2023-10-19 18:21:02.000000000 +0200 @@ -4,7 +4,8 @@ if [ "remove" = "${1}" ]; then deluser root pkcs11 || true - deluser --group --only-if-empty pkcs11 || true + deluser pkcsslotd || true + delgroup --group --only-if-empty pkcs11 || true fi #DEBHELPER# diff -Nru opencryptoki-3.21.0+dfsg/debian/opencryptoki.tmpfile opencryptoki-3.21.0+dfsg/debian/opencryptoki.tmpfile --- opencryptoki-3.21.0+dfsg/debian/opencryptoki.tmpfile 2023-07-07 12:15:35.000000000 +0200 +++ opencryptoki-3.21.0+dfsg/debian/opencryptoki.tmpfile 1970-01-01 01:00:00.000000000 +0100 @@ -1,21 +0,0 @@ -d /var/lock/opencryptoki 0770 root pkcs11 - -d /var/lock/opencryptoki/icsf 0770 root pkcs11 - -d /var/lock/opencryptoki/swtok 0770 root pkcs11 - -d /var/lock/opencryptoki/tpm 0770 root pkcs11 - -d /var/lock/opencryptoki/lite 0770 root pkcs11 - -d /var/lock/opencryptoki/ccatok 0770 root pkcs11 - -d /var/lock/opencryptoki/ep11tok 0770 root pkcs11 - - -d /var/lib/opencryptoki 0770 root pkcs11 - -d /var/lib/opencryptoki/icsf 0770 root pkcs11 - -d /var/lib/opencryptoki/swtok 0770 root pkcs11 - -d /var/lib/opencryptoki/tpm 0770 root pkcs11 - -d /var/lib/opencryptoki/lite 0770 root pkcs11 - -d /var/lib/opencryptoki/ccatok 0770 root pkcs11 - -d /var/lib/opencryptoki/ep11tok 0770 root pkcs11 - - -d /var/lib/opencryptoki/icsf/TOK_OBJ 0770 root pkcs11 - -d /var/lib/opencryptoki/swtok/TOK_OBJ 0770 root pkcs11 - -d /var/lib/opencryptoki/lite/TOK_OBJ 0770 root pkcs11 - -d /var/lib/opencryptoki/ccatok/TOK_OBJ 0770 root pkcs11 - -d /var/lib/opencryptoki/ep11tok/TOK_OBJ 0770 root pkcs11 -