From 7eb05308e7752ca8430b1e75986302a6bc8ea39c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 16 Nov 2015 17:57:42 +0000
Subject: [PATCH] Adjust the bkernel playbook for new pesign

---
 roles/bkernel/files/pesign-users |  1 +
 roles/bkernel/tasks/main.yml     | 27 +++++++++++++++++++++------
 2 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 roles/bkernel/files/pesign-users

diff --git a/roles/bkernel/files/pesign-users b/roles/bkernel/files/pesign-users
new file mode 100644
index 0000000000..574eac1e62
--- /dev/null
+++ b/roles/bkernel/files/pesign-users
@@ -0,0 +1 @@
+kojibuilder
diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml
index 199764d555..12bfed2070 100644
--- a/roles/bkernel/tasks/main.yml
+++ b/roles/bkernel/tasks/main.yml
@@ -8,32 +8,47 @@
     - pcsc-lite-libs
     - opensc
     - nss-tools
+  tags:
+  - bkernel
 
 - name: enable pcscd
   service: name=pcscd state=started enabled=true
+  tags:
+  - bkernel
 
 - name: setup opensc in pcscd
   shell: modutil -dbdir /etc/pki/pesign -list | grep -q Fedora ||  modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so
   always_run: yes
   changed_when: "1 != 1"
+  tags:
+  - bkernel
+
+- name: setup pesign users config
+  copy: src=pesign-users dest=/etc/pesign/users mode=0600 owner=root group=root
+  tags:
+  - bkernel
 
 - name: enable pesign
   service: name=pesign state=started enabled=true
+  tags:
+  - bkernel
 
 - name: /var/run/pesign perms
   file: state=directory path=/var/run/pesign owner=pesign group=pesign mode=0770
+  tags:
+  - bkernel
 
 - name: when you awake you will remember nothing
   copy: src=history_off.sh dest=/etc/profile.d/history_off.sh mode=0644
+  tags:
+  - bkernel
 
 - name: mock site-defaults.cfg
   copy: src=bkernel-site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
+  tags:
+  - bkernel
 
 - name: make sure our bkernel boxes have static ip
   template: src=bkernel-eth0-network dest=/etc/sysconfig/network-scripts/ifcfg-eth0 
-
-- name: set pesign facls to allow mockbuild user to use the socket directory 
-  acl: name=/var/run/pesign entity=kojibuilder etype=user permissions='rx' state=present
-
-- name: set pesign facls to allow mockbuild user to use the socket. 
-  acl: name=/var/run/pesign/socket entity=kojibuilder etype=user permissions='rw' state=present
+  tags:
+  - bkernel