From 6f15b05daf706fce030dd816e14d788d88af0ce3 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstephen@redhat.com>
Date: Tue, 18 Jul 2023 14:20:29 -0500
Subject: [PATCH] use systemd-sysusers

Signed-off-by: Jonathan <jonathan@knownhost.com>
---
 .github/actions/build-sssd-srpm/action.yml |  1 +
 contrib/sssd.spec.in                       | 26 ++++++++++++++++++++++
 contrib/sssd.sysusers                      |  1 +
 3 files changed, 28 insertions(+)
 create mode 100644 contrib/sssd.sysusers

diff --git a/.github/actions/build-sssd-srpm/action.yml b/.github/actions/build-sssd-srpm/action.yml
index e298b1168e4..ae628150fdd 100644
--- a/.github/actions/build-sssd-srpm/action.yml
+++ b/.github/actions/build-sssd-srpm/action.yml
@@ -38,6 +38,7 @@ runs:
       tar -cvzf "$name.tar.gz" --transform "s,^,$name/," *
 
       cp contrib/sssd.spec.in ./sssd.spec
+      cp contrib/sssd.sysusers ./sssd.sysusers
 
       sed -iE "s/@PACKAGE_NAME@/sssd/g" ./sssd.spec
       sed -iE "s/@PACKAGE_VERSION@/${{ steps.sanitize.outputs.version }}/g" ./sssd.spec
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 6431fc9d79b..23d6ef21711 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -36,6 +36,12 @@
 %global build_passkey 0
 %endif
 
+%if 0%{?rhel} >= 10
+%global use_sysusers 1
+%else
+%global use_sysusers 0
+%endif
+
 # we don't want to provide private python extension libs
 %define __provides_exclude_from %{python3_sitearch}/.*\.so$
 
@@ -54,6 +60,9 @@ Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://github.com/SSSD/sssd/
 Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+%if %{use_sysusers}
+Source1: sssd.sysusers
+%endif
 
 ### Patches ###
 # Place your patches here:
@@ -189,8 +198,13 @@ Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
 Requires: libsss_idmap = %{version}-%{release}
 Requires: libsss_certmap = %{version}-%{release}
 %if 0%{?rhel}
+%if %{use_sysusers}
+BuildRequires:  systemd-rpm-macros
+%{?sysusers_requires_compat}
+%else
 Requires(pre): shadow-utils
 %endif
+%endif
 %{?systemd_requires}
 
 ### Provides ###
@@ -702,6 +716,10 @@ do
     cat $subpackage.lang
 done
 
+%if %{use_sysusers}
+install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
+%endif
+
 %files
 %license COPYING
 
@@ -805,6 +823,10 @@ done
 %{_datadir}/systemtap/tapset/sssd.stp
 %{_datadir}/systemtap/tapset/sssd_functions.stp
 %{_mandir}/man5/sssd-systemtap.5*
+%if %{use_sysusers}
+%{_sysusersdir}/sssd.conf
+%endif
+
 
 %if 0%{?rhel}
 %files polkit-rules
@@ -1004,9 +1026,13 @@ done
 
 %if 0%{?rhel}
 %pre common
+%if %{use_sysusers}
+%sysusers_create_compat %{SOURCE1}
+%else
 getent group sssd >/dev/null || groupadd -r sssd
 getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
 %endif
+%endif
 
 %post common
 %systemd_post sssd.service
diff --git a/contrib/sssd.sysusers b/contrib/sssd.sysusers
new file mode 100644
index 00000000000..cbc453d7aac
--- /dev/null
+++ b/contrib/sssd.sysusers
@@ -0,0 +1 @@
+u     sssd   -   "User for sssd"     /               /sbin/nologin