Add sysusers named user creation (rhbz#2105415)

Drop original user creating in favor of sysusers file definition. (cherry picked from commit 071ec07d27989a8d548834292fa46ca2312b4862) (cherry picked from commit efb20ad8e740aafb410c0609fe94551135f2054b) Resolves: RHEL-132054 (cherry picked from commit 4f18fb958fc3108bdca4c8192f7872db02c49673)
2025-01-17 14:51:23 +01:00 · 2025-01-17 14:51:23 +01:00 · 0b27904541
commit 0b27904541
parent daeb550803
2 changed files with 15 additions and 6 deletions
--- a/bind9.18.spec
+++ b/bind9.18.spec
@ -27,8 +27,6 @@
 %endif
 %bcond_with    TSAN

-%{?!bind_uid:  %global bind_uid  25}
-%{?!bind_gid:  %global bind_gid  25}
 %{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 %global        bind_dir          /var/named
 %global        chroot_prefix     %{bind_dir}/chroot
@ -77,7 +75,7 @@ License:  MPL-2.0 AND ISC AND MIT AND BSD-3-Clause AND BSD-2-Clause
 # ./lib/isc/tm.c BSD-2-clause and/or MPL-2.0
 # ./lib/isccfg/parser.c BSD-2-clause and/or MPL-2.0
 Version:  9.18.29
-Release:  10%{?dist}
+Release:  11%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -107,6 +105,7 @@ Source44: named-chroot-setup.service
 Source46: named-setup-rndc.service
 Source48: setup-named-softhsm.sh
 Source49: named-chroot.files
+Source50: named.sysusers
 Source51: bind-chroot.tmpfiles.d

 # Common patches
@ -146,8 +145,9 @@ Patch226: bind-9.20-CVE-2025-8677-dual-signing.patch
 Patch227: bind-9.20-CVE-2025-8677-dual-signing-test.patch

 %{?systemd_ordering}
+# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers
+%{?sysusers_requires_compat}
 Requires:       coreutils
-Requires(pre):  shadow-utils
 Requires(post): shadow-utils
 Requires(post): glibc-common
 Requires(post): grep
@ -588,6 +588,9 @@ install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}

+mkdir -p ${RPM_BUILD_ROOT}%{_sysusersdir}
+install -m 644 %{SOURCE50} ${RPM_BUILD_ROOT}%{_sysusersdir}/%{name}.conf
+
 mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
 install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
 install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
@ -708,8 +711,7 @@ install -p -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named

 %pre
 if [ "$1" -eq 1 ]; then
-  /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
-  /usr/sbin/useradd  -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
+  %sysusers_create_compat %{SOURCE50}
 fi;
 :;

@ -814,6 +816,7 @@ fi;
 %{_unitdir}/named-setup-rndc.service
 %{_bindir}/named-journalprint
 %{_bindir}/named-checkconf
+%{_sysusersdir}/%{name}.conf
 %{_bindir}/named-rrchecker
 %{_bindir}/mdig
 %{_sbindir}/named
@ -1003,6 +1006,9 @@ fi;
 %endif

 %changelog
+* Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-11
+- Add sysusers named user creation (RHEL-132053)
+
 * Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-10
 - Add missing bind-chroot subdirectories

--- a/named.sysusers
+++ b/named.sysusers
@ -0,0 +1,3 @@
+#Type Name       ID                  GECOS              Home directory Shell
+u     named      25                 "Named"             /var/named     /sbin/nologin
+g     named      25