spec: add clevis sysusers.d entry

This adds a sysusers.d entry for the package, and moves user creation
to the relevant compat macro.

Refs:
 * https://www.freedesktop.org/software/systemd/man/sysusers.d.html
 * https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
 * https://pagure.io/packaging-committee/pull-request/981

clevis.spec

@@ -6,6 +6,7 @@ Summary:        Automated decryption framework
 License:        GPLv3+
 URL:            https://github.com/latchset/%{name}
 Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
+Source1:        clevis.sysusers
 Patch0:         clevis-tpm2-tools-5.patch
 
 BuildRequires:  git-core
@@ -25,6 +26,7 @@ BuildRequires:  tpm2-tools >= 4.0.0
 BuildRequires:  desktop-file-utils
 BuildRequires:  pkgconfig
 BuildRequires:  systemd
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  dracut
 BuildRequires:  tang >= 6
 BuildRequires:  curl
@@ -111,6 +113,7 @@ use UDisks2 or storaged (like GNOME).
 
 %install
 %meson_install
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/clevis.conf
 
 %check
 desktop-file-validate \
@@ -118,10 +121,7 @@ desktop-file-validate \
 %meson_test
 
 %pre
-getent group %{name} >/dev/null || groupadd -r %{name} &>/dev/null
+%sysusers_create_compat %{SOURCE1}
-getent passwd %{name} >/dev/null || \
-    useradd -r -g %{name} -d %{_localstatedir}/cache/%{name} -s /sbin/nologin \
-    -c "Clevis Decryption Framework unprivileged user" %{name} &>/dev/null
 # Add clevis user to tss group.
 if getent group tss >/dev/null && ! groups %{name} | grep -q "\btss\b"; then
     usermod -a -G tss %{name} &>/dev/null
@@ -155,6 +155,7 @@ exit 0
 %{_mandir}/man1/%{name}-encrypt-sss.1*
 %{_mandir}/man1/%{name}-decrypt.1*
 %{_mandir}/man1/%{name}.1*
+%{_sysusersdir}/clevis.conf
 
 %files luks
 %{_mandir}/man7/%{name}-luks-unlockers.7*

clevis.sysusers

@@ -0,0 +1 @@
+u clevis - "Clevis Decryption Framework unprivileged user" /var/cache/clevis /usr/sbin/nologin