|
@@ -0,0 +1,39 @@
|
|
|
+Subject: Don't attempt to create temporary files in the user's home directory
|
|
|
+Origin: v9-2-gdc292ff
|
|
|
+Upstream-Author: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
+Date: Tue Feb 20 16:51:10 2018 +0100
|
|
|
+
|
|
|
+ To use the tpm2 pin, some temporary files need to be created due how the
|
|
|
+ tpm2-tools work. Currently they are created in the user's home directory
|
|
|
+ but the commands can be executed by a user that doesn't have a home dir.
|
|
|
+
|
|
|
+ So it's better to just create the temporary directory in /tmp, which is
|
|
|
+ mktemp default. The mktemp default permissions are u+rwx anyways, so it
|
|
|
+ isn't less secure to have the temp dir at /tmp instead of the home dir.
|
|
|
+
|
|
|
+ Fixes: #30
|
|
|
+
|
|
|
+ Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
+
|
|
|
+--- a/src/clevis-decrypt-tpm2
|
|
|
++++ b/src/clevis-decrypt-tpm2
|
|
|
+@@ -82,7 +82,7 @@
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+
|
|
|
+-if ! TMP=`mktemp -d -p ~`; then
|
|
|
++if ! TMP=`mktemp -d`; then
|
|
|
+ echo "Creating a temporary dir for TPM files failed!" >&2
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+--- a/src/clevis-encrypt-tpm2
|
|
|
++++ b/src/clevis-encrypt-tpm2
|
|
|
+@@ -92,7 +92,7 @@
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+
|
|
|
+-if ! TMP=`mktemp -d -p ~`; then
|
|
|
++if ! TMP=`mktemp -d`; then
|
|
|
+ echo "Creating a temporary dir for TPM files failed!" >&2
|
|
|
+ exit 1
|
|
|
+ fi
|