diff --git a/.github/actions/build-sssd-srpm/action.yml b/.github/actions/build-sssd-srpm/action.yml index e298b1168e4..7ef952c2a73 100644 --- a/.github/actions/build-sssd-srpm/action.yml +++ b/.github/actions/build-sssd-srpm/action.yml @@ -49,3 +49,4 @@ runs: with: tarball: ${{ inputs.working-directory }}/sssd-${{ steps.sanitize.outputs.version }}.tar.gz specfile: ${{ inputs.working-directory }}/sssd.spec + sourcefiles: ${{ inputs.working-directory }}/contrib/sssd.sysusers diff --git a/Makefile.am b/Makefile.am index f53aaa11618..7cf0e4b7375 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5666,6 +5666,7 @@ RPMBUILD ?= $(PWD)/rpmbuild dist_noinst_DATA += \ m4 \ contrib/sssd.spec.in \ + contrib/sssd.sysusers.in \ BUILD.txt \ COPYING \ src/tests/multihost/README.md \ @@ -5705,6 +5706,7 @@ if GIT_CHECKOUT endif cp $(builddir)/contrib/sssd.spec $(RPMBUILD)/SPECS cp $(distdir).tar.gz $(RPMBUILD)/SOURCES + cp $(builddir)/contrib/sssd.sysusers $(RPMBUILD)/SOURCES rpms: rpmbrprep cd $(RPMBUILD); \ diff --git a/configure.ac b/configure.ac index d41f7c85158..e5855185f06 100644 --- a/configure.ac +++ b/configure.ac @@ -542,7 +542,7 @@ AC_SUBST([abs_builddir], $abs_build_dir) my_srcdir=`readlink -f $srcdir` AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source directory]) -AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config +AC_CONFIG_FILES([Makefile contrib/sssd.spec contrib/sssd.sysusers src/examples/rwtab src/doxy.config contrib/sssd-pcsc.rules src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index af5320f2bd9..6336a74f13d 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -7,6 +7,13 @@ %global sssd_user root %endif +# sysusers depends on presence of sssd user +%if 0%{?rhel} >= 10 +%global use_sysusers 1 +%else +%global use_sysusers 0 +%endif + # Set setuid bit on child helpers if we support non-root user. %if "%{sssd_user}" == "root" %global child_attrs 0750 @@ -54,6 +61,9 @@ Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +%if %{use_sysusers} +Source1: sssd.sysusers +%endif ### Patches ### # Place your patches here: @@ -162,6 +172,10 @@ BuildRequires: shadow-utils-subid-devel %if %{build_kcm_renewals} BuildRequires: krb5-libs >= %{krb5_version} %endif +%if %{use_sysusers} +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} +%endif %description Provides a set of daemons to manage access to remote directories and @@ -702,6 +716,10 @@ do cat $subpackage.lang done +%if %{use_sysusers} +install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf +%endif + %files %license COPYING @@ -805,6 +823,10 @@ done %{_datadir}/systemtap/tapset/sssd.stp %{_datadir}/systemtap/tapset/sssd_functions.stp %{_mandir}/man5/sssd-systemtap.5* +%if %{use_sysusers} +%{_sysusersdir}/sssd.conf +%endif + %if 0%{?rhel} %files polkit-rules @@ -1004,9 +1026,13 @@ done %if 0%{?rhel} %pre common +%if %{use_sysusers} +%sysusers_create_compat %{SOURCE1} +%else getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd %endif +%endif %post common %systemd_post sssd.service diff --git a/contrib/sssd.sysusers.in b/contrib/sssd.sysusers.in new file mode 100644 index 00000000000..cbc453d7aac --- /dev/null +++ b/contrib/sssd.sysusers.in @@ -0,0 +1 @@ +u sssd - "User for sssd" / /sbin/nologin