From 44c00b4a0866b3a640ee7b6c4841c29c37cad427 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 5 Jul 2022 15:28:22 +0200 Subject: [PATCH] use systemd-sysusers for user creation (#2095399) Resolves: #2095399 --- dovecot.spec | 21 ++++++++++++--------- dovecot.sysusers | 9 +++++++++ 2 files changed, 21 insertions(+), 9 deletions(-) create mode 100644 dovecot.sysusers diff --git a/dovecot.spec b/dovecot.spec index 3dfda59..c9c4bff 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: 3%{?dist} +Release: 4%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -21,6 +21,8 @@ Source10: dovecot.tmpfilesd #our own Source14: dovecot.conf.5 +Source15: prestartscript +Source16: dovecot.sysusers # 3x Fedora/RHEL specific Patch1: dovecot-2.0-defaultconfig.patch @@ -47,7 +49,6 @@ Patch18: dovecot-2.3.15-fixvalcond.patch Patch19: dovecot-2.3.15-valbasherr.patch Patch20: dovecot-2.3.16-ftbfsbigend.patch -Source15: prestartscript BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -70,6 +71,8 @@ BuildRequires: libstemmer-devel BuildRequires: multilib-rpm-config BuildRequires: flex, bison BuildRequires: systemd-devel +# for dovecot.sysusers +BuildRequires: systemd-rpm-macros # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -229,6 +232,8 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5 #install waitonline script install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript +install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers + # generate ghost .pem files mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs mkdir -p $RPM_BUILD_ROOT%{ssldir}/private @@ -266,13 +271,7 @@ popd %pre #dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid -getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot -getent passwd dovecot >/dev/null || \ -useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot - -getent group dovenull >/dev/null || groupadd -r dovenull -getent passwd dovenull >/dev/null || \ -useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull +%sysusers_create_compat %{SOURCE16} # do not let dovecot run during upgrade rhbz#134325 if [ "$1" = "2" ]; then @@ -332,6 +331,7 @@ make check %_tmpfilesdir/dovecot.conf +%{_sysusersdir}/dovecot.sysusers %{_unitdir}/dovecot.service %{_unitdir}/dovecot-init.service %{_unitdir}/dovecot.socket @@ -466,6 +466,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jul 05 2022 Michal Hlavinka - 1:2.3.16-4 +- use systemd-sysusers for user creation (#2095399) + * Wed Nov 03 2021 Michal Hlavinka - 1:2.3.16-3 - re-enable LTO build (#1990080) diff --git a/dovecot.sysusers b/dovecot.sysusers new file mode 100644 index 0000000..890928f --- /dev/null +++ b/dovecot.sysusers @@ -0,0 +1,9 @@ +#Type Name ID GECOS Home directory Shell +g dovecot 97 +u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin +m dovecot dovecot + +g dovenull - +u dovenull - "Dovecot's unauthorized user" /usr/libexec/dovecot /sbin/nologin +m dovenull dovenull +