From f8082cf34dd39d69a66b621b18e2617dcbfe1761 Mon Sep 17 00:00:00 2001
From: Sergio Arroutbi <sarroutb@redhat.com>
Date: Mon, 7 Oct 2024 12:55:11 +0200
Subject: [PATCH] Fix to start pcscd appropriately

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
---
 .../clevis-pin-pkcs11/clevis-pkcs11-hook.sh   |  8 +++++---
 src/luks/systemd/clevis-luks-pkcs11-askpin.in | 16 +--------------
 src/pins/pkcs11/clevis-pkcs11-common          | 20 +++++++++++++++++--
 src/pins/pkcs11/tests/pin-pkcs11              | 12 +++++++++++
 4 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
index 01a3062a..9922bbc2 100755
--- a/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
+++ b/src/luks/dracut/clevis-pin-pkcs11/clevis-pkcs11-hook.sh
@@ -16,9 +16,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
+. /usr/bin/clevis-pkcs11-common
+
 if [ ! -f /run/systemd/clevis-pkcs11.run ] && [ -d /run/systemd ];
 then
-  pcscd --disable-polkit
-  echo "" > /run/systemd/clevis-pkcs11.run
-  /usr/libexec/clevis-luks-pkcs11-askpin -d -r
+    clevis_start_pcscd_server
+    echo "" > /run/systemd/clevis-pkcs11.run
+    /usr/libexec/clevis-luks-pkcs11-askpin -d -r
 fi
diff --git a/src/luks/systemd/clevis-luks-pkcs11-askpin.in b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
index 8f4092f7..8c032fee 100755
--- a/src/luks/systemd/clevis-luks-pkcs11-askpin.in
+++ b/src/luks/systemd/clevis-luks-pkcs11-askpin.in
@@ -52,21 +52,7 @@ get_pkcs11_error() {
     return 0
 }
 
-if command -v pcscd; then
-    echo "clevis-pkcs11: starting pcscd if not available ..."
-    PCSCD_PID=$(ps auxf | grep "[p]cscd")
-    echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
-    if ! ps auxf | grep "[p]cscd";
-    then
-        if pcscd pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
-            echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
-            pcscd --disable-polkit
-        else
-            echo "clevis-pkcs11: starting pcscd ..."
-            pcscd
-        fi
-    fi
-fi
+clevis_start_pcscd_server
 
 if [ "${dracut_mode}" != true ]; then
     pkcs11-tool -L
diff --git a/src/pins/pkcs11/clevis-pkcs11-common b/src/pins/pkcs11/clevis-pkcs11-common
index 4c0629c4..959f793f 100755
--- a/src/pins/pkcs11/clevis-pkcs11-common
+++ b/src/pins/pkcs11/clevis-pkcs11-common
@@ -27,6 +27,24 @@ serial_devices_array=""
 URI_EXPECTED_FORMAT="pkcs11:"
 DEFAULT_CRYPTTAB_FILE="/etc/crypttab"
 
+clevis_start_pcscd_server() {
+    if command -v pcscd; then
+        echo "clevis-pkcs11: starting pcscd if not available ..."
+        PCSCD_PID=$(ps auxf | grep "[p]cscd")
+        echo -e "clevis-pkcs11: pcscd running?:[${PCSCD_PID}]\n"
+        if ! ps auxf | grep "[p]cscd";
+        then
+            if pcscd --help | grep disable-polkit 1>/dev/null 2>/dev/null; then
+                echo "clevis-pkcs11: starting pcscd with --disable-polkit option ..."
+                pcscd --disable-polkit
+            else
+                echo "clevis-pkcs11: starting pcscd ..."
+                pcscd
+            fi
+        fi
+    fi
+}
+
 clevis_parse_devices_array() {
     INPUT_ARRAY=$(pkcs11-tool -L | grep Slot)
     counter=0
@@ -64,12 +82,10 @@ clevis_get_module_path_from_pkcs11_config() {
     while read -r line; do
         uuid=$(echo "${line}" | awk '{print $2}')
         if ! mapped_device=$(clevis_map_device "${uuid}"); then
-            echo "Could not check mapped device for UID:${uuid}"
             continue
         fi
         # If no PKCS#11 configuration, advance to next device
         if ! clevis luks list -d "${mapped_device}" | grep pkcs11 >/dev/null 2>&1; then
-            echo "Device:${mapped_device} does not contain PKCS#11 configuration"
             continue
         fi
         # Get configuration PKCS#11 URI
diff --git a/src/pins/pkcs11/tests/pin-pkcs11 b/src/pins/pkcs11/tests/pin-pkcs11
index 94e15484..c876ca4f 100755
--- a/src/pins/pkcs11/tests/pin-pkcs11
+++ b/src/pins/pkcs11/tests/pin-pkcs11
@@ -20,6 +20,7 @@
 . pkcs11-common-tests
 . tests-common-functions
 . clevis-luks-common-functions
+. clevis-pkcs11-common
 
 on_exit() {
     exit_status=$?
@@ -150,5 +151,16 @@ then
 (${WRONGCFG})"
 fi
 
+if command -v ps && command -v killall; then
+    if ! clevis_start_pcscd_server;
+    then
+        error "${TEST}: Could not start pcscd server"
+    fi
+    if ! killall -9 pcscd;
+    then
+        error "${TEST}: Could not kill pcscd server"
+    fi
+fi
+
 softhsm_lib_cleanup
 test "$?" == 0