From 0b27904541007db697e9fe99c1476f356863f682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 17 Jan 2025 14:51:23 +0100
Subject: [PATCH] Add sysusers named user creation (rhbz#2105415)

Drop original user creating in favor of sysusers file definition.

(cherry picked from commit 071ec07d27989a8d548834292fa46ca2312b4862)
(cherry picked from commit efb20ad8e740aafb410c0609fe94551135f2054b)

Resolves: RHEL-132054
(cherry picked from commit 4f18fb958fc3108bdca4c8192f7872db02c49673)
---
 bind9.18.spec  | 18 ++++++++++++------
 named.sysusers |  3 +++
 2 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 named.sysusers

diff --git a/bind9.18.spec b/bind9.18.spec
index a3d97a3..e44f2a6 100644
--- a/bind9.18.spec
+++ b/bind9.18.spec
@@ -27,8 +27,6 @@
 %endif
 %bcond_with    TSAN
 
-%{?!bind_uid:  %global bind_uid  25}
-%{?!bind_gid:  %global bind_gid  25}
 %{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 %global        bind_dir          /var/named
 %global        chroot_prefix     %{bind_dir}/chroot
@@ -77,7 +75,7 @@ License:  MPL-2.0 AND ISC AND MIT AND BSD-3-Clause AND BSD-2-Clause
 # ./lib/isc/tm.c BSD-2-clause and/or MPL-2.0
 # ./lib/isccfg/parser.c BSD-2-clause and/or MPL-2.0
 Version:  9.18.29
-Release:  10%{?dist}
+Release:  11%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -107,6 +105,7 @@ Source44: named-chroot-setup.service
 Source46: named-setup-rndc.service
 Source48: setup-named-softhsm.sh
 Source49: named-chroot.files
+Source50: named.sysusers
 Source51: bind-chroot.tmpfiles.d
 
 # Common patches
@@ -146,8 +145,9 @@ Patch226: bind-9.20-CVE-2025-8677-dual-signing.patch
 Patch227: bind-9.20-CVE-2025-8677-dual-signing-test.patch
 
 %{?systemd_ordering}
+# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers
+%{?sysusers_requires_compat}
 Requires:       coreutils
-Requires(pre):  shadow-utils
 Requires(post): shadow-utils
 Requires(post): glibc-common
 Requires(post): grep
@@ -588,6 +588,9 @@ install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}
 
+mkdir -p ${RPM_BUILD_ROOT}%{_sysusersdir}
+install -m 644 %{SOURCE50} ${RPM_BUILD_ROOT}%{_sysusersdir}/%{name}.conf
+
 mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
 install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
 install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
@@ -708,8 +711,7 @@ install -p -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
 
 %pre
 if [ "$1" -eq 1 ]; then
-  /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
-  /usr/sbin/useradd  -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
+  %sysusers_create_compat %{SOURCE50}
 fi;
 :;
 
@@ -814,6 +816,7 @@ fi;
 %{_unitdir}/named-setup-rndc.service
 %{_bindir}/named-journalprint
 %{_bindir}/named-checkconf
+%{_sysusersdir}/%{name}.conf
 %{_bindir}/named-rrchecker
 %{_bindir}/mdig
 %{_sbindir}/named
@@ -1003,6 +1006,9 @@ fi;
 %endif
 
 %changelog
+* Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-11
+- Add sysusers named user creation (RHEL-132053)
+
 * Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-10
 - Add missing bind-chroot subdirectories
 
diff --git a/named.sysusers b/named.sysusers
new file mode 100644
index 0000000..f173c78
--- /dev/null
+++ b/named.sysusers
@@ -0,0 +1,3 @@
+#Type Name       ID                  GECOS              Home directory Shell
+u     named      25                 "Named"             /var/named     /sbin/nologin
+g     named      25