From 8382699c899f5812921e50b0795f9625243cc7eb Mon Sep 17 00:00:00 2001
From: Jonathan <jonathan@knownhost.com>
Date: Tue, 18 Jul 2023 14:20:29 -0500
Subject: [PATCH] use systemd-sysusers

Signed-off-by: Jonathan <jonathan@knownhost.com>
---
 .github/actions/build-sssd-srpm/action.yml |  1 +
 contrib/sssd.spec.in                       | 13 ++++++++++---
 contrib/sssd.sysusers                      |  1 +
 3 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100644 contrib/sssd.sysusers

diff --git a/.github/actions/build-sssd-srpm/action.yml b/.github/actions/build-sssd-srpm/action.yml
index e298b1168e4..ae628150fdd 100644
--- a/.github/actions/build-sssd-srpm/action.yml
+++ b/.github/actions/build-sssd-srpm/action.yml
@@ -38,6 +38,7 @@ runs:
       tar -cvzf "$name.tar.gz" --transform "s,^,$name/," *
 
       cp contrib/sssd.spec.in ./sssd.spec
+      cp contrib/sssd.sysusers ./sssd.sysusers
 
       sed -iE "s/@PACKAGE_NAME@/sssd/g" ./sssd.spec
       sed -iE "s/@PACKAGE_VERSION@/${{ steps.sanitize.outputs.version }}/g" ./sssd.spec
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index c0486d2525c..a754dde74e0 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -54,6 +54,7 @@ Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://github.com/SSSD/sssd/
 Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+Source1: sssd.sysusers
 
 ### Patches ###
 # Place your patches here:
@@ -188,7 +189,8 @@ Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
 Requires: libsss_idmap = %{version}-%{release}
 Requires: libsss_certmap = %{version}-%{release}
 %if 0%{?rhel}
-Requires(pre): shadow-utils
+BuildRequires:  systemd-rpm-macros
+%{?sysusers_requires_compat}
 %endif
 %{?systemd_requires}
 
@@ -701,6 +703,8 @@ do
     cat $subpackage.lang
 done
 
+install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
+
 %files
 %license COPYING
 
@@ -804,6 +808,10 @@ done
 %{_datadir}/systemtap/tapset/sssd.stp
 %{_datadir}/systemtap/tapset/sssd_functions.stp
 %{_mandir}/man5/sssd-systemtap.5*
+%if 0%{?rhel} >= 9 || 0%{?fedora}
+%{_sysusersdir}/sssd.conf
+%endif
+
 
 %if 0%{?rhel}
 %files polkit-rules
@@ -1003,8 +1011,7 @@ done
 
 %if 0%{?rhel}
 %pre common
-getent group sssd >/dev/null || groupadd -r sssd
-getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
+%sysusers_create_compat %{SOURCE1}
 %endif
 
 %post common
diff --git a/contrib/sssd.sysusers b/contrib/sssd.sysusers
new file mode 100644
index 00000000000..cbc453d7aac
--- /dev/null
+++ b/contrib/sssd.sysusers
@@ -0,0 +1 @@
+u     sssd   -   "User for sssd"     /               /sbin/nologin