app-crypt/tpm2-tss: Fix sandbox violation for systemd users

Closes: https://bugs.gentoo.org/722864
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Salah Coronya <salah.coronya@gmail.com>
Signed-off-by: Jason A. Donenfeld <zx2c4@gentoo.org>

2 files changed, 18 insertions, 2 deletions

diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch
new file mode 100644
index 000000000000..c916bbf0133c
--- /dev/null
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch
@@ -0,0 +1,15 @@
+diff --git a/Makefile.am b/Makefile.am
+index c543a287..58187f7e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -558,10 +558,6 @@ uninstall-local:
+ 	-rm $(DESTDIR)$(udevrulesdir)/$(udevrulesprefix)tpm-udev.rules
+ endif
+ 
+-# Create tss user and FAPI directories directly after installation (vs. after a reboot)
+-install-exec-hook:
+-	systemd-sysusers && systemd-tmpfiles --create || true
+-
+ uninstall-hook:
+ 	cd $(DESTDIR)$(man3dir) && \
+ 		[ -L Tss2_TctiLdr_Initialize_Ex.3 ] && \
diff --git a/app-crypt/tpm2-tss/tpm2-tss-2.4.0.ebuild b/app-crypt/tpm2-tss/tpm2-tss-2.4.0.ebuild
index f8986d88dc98..76c8cc9bf6d0 100644
--- a/app-crypt/tpm2-tss/tpm2-tss-2.4.0.ebuild
+++ b/app-crypt/tpm2-tss/tpm2-tss-2.4.0.ebuild
@@ -34,7 +34,8 @@ BDEPEND="virtual/pkgconfig
 
 PATCHES=(
 	"${FILESDIR}/${PN}-2.4.0-fix-tmpfiles-path.patch"
-)
+	"${FILESDIR}/${PN}-2.4.0-Dont-run-systemd-sysusers-in-Makefile.patch"
+	)
 
 pkg_setup() {
 	local CONFIG_CHECK=" \
@@ -57,7 +58,7 @@ src_configure() {
 		--with-runstatedir=/run \
 		--with-udevrulesdir="$(get_udevdir)/rules.d" \
 		--with-udevrulesprefix=60- \
-		--with-sysusersdir="/usr/lib/sysusers.d"
+		--with-sysusersdir="/usr/lib/sysusers.d" \
 		--with-tmpfilesdir="/usr/lib/tmpfiles.d"
 }