Use systemd-sysusers for dhcp user and group

Resolves: #2095396

dhcp.spec

@@ -32,6 +32,7 @@ Source5:  56dhclient
 Source6:  dhcpd.service
 Source7:  dhcpd6.service
 Source8:  dhcrelay.service
+Source9:  dhcp.sysusers
 
 Patch1: 0001-change-bug-url.patch
 Patch2: 0002-additional-dhclient-options.patch
@@ -87,6 +88,7 @@ BuildRequires: doxygen
 BuildRequires: systemtap-sdt-devel
 %global tapsetdir    /usr/share/systemtap/tapset
 %endif
+BuildRequires: systemd-rpm-macros
 
 # In _docdir we ship some perl scripts and module from contrib subdirectory.
 # Because nothing under _docdir is allowed to "require" anything,
@@ -100,11 +102,9 @@ DHCP (Dynamic Host Configuration Protocol)
 %package server
 Summary: Provides the ISC DHCP server
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
-Requires(pre): shadow-utils
 Requires(post): coreutils grep sed
-Requires(post): systemd
+%{?sysusers_requires_compat}
-Requires(preun): systemd
+%{?systemd_requires}
-Requires(postun): systemd
 
 %description server
 DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
@@ -119,9 +119,7 @@ This package provides the ISC DHCP server.
 Summary: Provides the ISC DHCP relay agent
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires(post): grep sed
-Requires(post): systemd
+%{?systemd_requires}
-Requires(preun): systemd
-Requires(postun): systemd
 
 %description relay
 DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
@@ -290,6 +288,9 @@ install -m 644 %{SOURCE6} %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE7} %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE8} %{buildroot}%{_unitdir}
 
+# systemd-sysusers
+install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/dhcp.conf
+
 # Start empty lease databases
 mkdir -p %{buildroot}%{_localstatedir}/lib/dhcpd/
 touch %{buildroot}%{_localstatedir}/lib/dhcpd/dhcpd.leases
@@ -366,17 +367,7 @@ install -D -p -m 0644 contrib/ldap/dhcp.schema %{buildroot}%{_sysconfdir}/openld
 find %{buildroot} -type f -name "*.la" -delete -print
 
 %pre server
-# /usr/share/doc/setup/uidgid
+%sysusers_create_compat %{SOURCE9}
-%global gid_uid 177
-getent group dhcpd >/dev/null || groupadd --force --gid %{gid_uid} --system dhcpd
-if ! getent passwd dhcpd >/dev/null ; then
-    if ! getent passwd %{gid_uid} >/dev/null ; then
-      useradd --system --uid %{gid_uid} --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd
-    else
-      useradd --system --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd
-    fi
-fi
-exit 0
 
 %post server
 # Initial installation
@@ -460,6 +451,7 @@ done
 %config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
 %attr(0644,root,root)   %{_unitdir}/dhcpd.service
 %attr(0644,root,root)   %{_unitdir}/dhcpd6.service
+%{_sysusersdir}/dhcp.conf
 %{_sbindir}/dhcpd
 %{_bindir}/omshell
 %attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
@@ -519,6 +511,7 @@ done
 * Mon Oct 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-18.b1
 - Fix for CVE-2022-2928
 - Fix for CVE-2022-2929
+- Use systemd-sysusers for dhcp user and group (#2095396)
 
 * Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-17.b1
 - omshell: add support for hmac-sha512 algorithm (#2083553)

dhcp.sysusers

@@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                 Home directory Shell
+g     dhcpd    177
+u     dhcpd    177            "DHCP server"         /              /sbin/nologin