use systemd-sysusers

Signed-off-by: Jonathan <[email protected]>
SSSD · Oct 4, 2023 · 226223b · 226223b
1 parent 66c0a2d
commit 226223b
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 1 deletion.
diff --git a/.github/actions/build-sssd-srpm/action.yml b/.github/actions/build-sssd-srpm/action.yml
@@ -49,3 +49,4 @@ runs:
     with:
       tarball: ${{ inputs.working-directory }}/sssd-${{ steps.sanitize.outputs.version }}.tar.gz
       specfile: ${{ inputs.working-directory }}/sssd.spec
+      sourcefiles: ${{ inputs.working-directory }}/contrib/sssd.sysusers.in
diff --git a/Makefile.am b/Makefile.am
@@ -5666,6 +5666,7 @@ RPMBUILD ?= $(PWD)/rpmbuild
 dist_noinst_DATA += \
     m4 \
     contrib/sssd.spec.in \
+    contrib/sssd.sysusers.in \
     BUILD.txt \
     COPYING \
     src/tests/multihost/README.md \
@@ -5705,6 +5706,7 @@ if GIT_CHECKOUT
 endif
 	cp $(builddir)/contrib/sssd.spec $(RPMBUILD)/SPECS
 	cp $(distdir).tar.gz $(RPMBUILD)/SOURCES
+	cp $(builddir)/contrib/sssd.sysusers $(RPMBUILD)/SOURCES
 
 rpms: rpmbrprep
 	cd $(RPMBUILD); \

diff --git a/configure.ac b/configure.ac
@@ -542,7 +542,7 @@ AC_SUBST([abs_builddir], $abs_build_dir)
 my_srcdir=`readlink -f $srcdir`
 AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source directory])
 
-AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
+AC_CONFIG_FILES([Makefile contrib/sssd.spec contrib/sssd.sysusers src/examples/rwtab src/doxy.config
                  contrib/sssd-pcsc.rules
                  src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm
                  po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
@@ -7,6 +7,13 @@
 %global sssd_user root
 %endif
 
+# sysusers depends on presence of sssd user
+%if 0%{?rhel} >= 10
+%global use_sysusers 1
+%else
+%global use_sysusers 0
+%endif
+
 # Set setuid bit on child helpers if we support non-root user.
 %if "%{sssd_user}" == "root"
 %global child_attrs 0750
@@ -54,6 +61,9 @@ Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://github.com/SSSD/sssd/
 Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+%if %{use_sysusers}
+Source1: sssd.sysusers
+%endif
 
 ### Patches ###
 # Place your patches here:
@@ -162,6 +172,10 @@ BuildRequires: shadow-utils-subid-devel
 %if %{build_kcm_renewals}
 BuildRequires: krb5-libs >= %{krb5_version}
 %endif
+%if %{use_sysusers}
+BuildRequires: systemd-rpm-macros
+%{?sysusers_requires_compat}
+%endif
 
 %description
 Provides a set of daemons to manage access to remote directories and
@@ -702,6 +716,10 @@ do
     cat $subpackage.lang
 done
 
+%if %{use_sysusers}
+install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
+%endif
+
 %files
 %license COPYING
 
@@ -805,6 +823,10 @@ done
 %{_datadir}/systemtap/tapset/sssd.stp
 %{_datadir}/systemtap/tapset/sssd_functions.stp
 %{_mandir}/man5/sssd-systemtap.5*
+%if %{use_sysusers}
+%{_sysusersdir}/sssd.conf
+%endif
+
 
 %if 0%{?rhel}
 %files polkit-rules
@@ -1004,9 +1026,13 @@ done
 
 %if 0%{?rhel}
 %pre common
+%if %{use_sysusers}
+%sysusers_create_compat %{SOURCE1}
+%else
 getent group sssd >/dev/null || groupadd -r sssd
 getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
 %endif
+%endif
 
 %post common
 %systemd_post sssd.service

diff --git a/contrib/sssd.sysusers.in b/contrib/sssd.sysusers.in
@@ -0,0 +1 @@
+u     sssd   -   "User for sssd"     /               /sbin/nologin