use systemd-sysusers for user creation (#2095399)

Resolves: #2095399

dovecot.spec

@@ -6,7 +6,7 @@ Name: dovecot
 Epoch: 1
 Version: 2.3.16
 %global prever %{nil}
-Release: 3%{?dist}
+Release: 4%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
 
@@ -21,6 +21,8 @@ Source10: dovecot.tmpfilesd
 
 #our own
 Source14: dovecot.conf.5
+Source15: prestartscript
+Source16: dovecot.sysusers
 
 # 3x Fedora/RHEL specific
 Patch1: dovecot-2.0-defaultconfig.patch
@@ -47,7 +49,6 @@ Patch18: dovecot-2.3.15-fixvalcond.patch
 Patch19: dovecot-2.3.15-valbasherr.patch
 Patch20: dovecot-2.3.16-ftbfsbigend.patch
 
-Source15: prestartscript
 
 BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
 BuildRequires: libtool, autoconf, automake, pkgconfig
@@ -70,6 +71,8 @@ BuildRequires: libstemmer-devel
 BuildRequires: multilib-rpm-config
 BuildRequires: flex, bison
 BuildRequires: systemd-devel
+# for dovecot.sysusers
+BuildRequires: systemd-rpm-macros 
 
 # gettext-devel is needed for running autoconf because of the
 # presence of AM_ICONV
@@ -229,6 +232,8 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5
 #install waitonline script
 install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript
 
+install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers
+
 # generate ghost .pem files
 mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
 mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
@@ -266,13 +271,7 @@ popd
 
 %pre
 #dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid 
-getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot
+%sysusers_create_compat %{SOURCE16}
-getent passwd dovecot >/dev/null || \
-useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot
-
-getent group dovenull >/dev/null || groupadd -r dovenull
-getent passwd dovenull >/dev/null || \
-useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull
 
 # do not let dovecot run during upgrade rhbz#134325
 if [ "$1" = "2" ]; then
@@ -332,6 +331,7 @@ make check
 
 
 %_tmpfilesdir/dovecot.conf
+%{_sysusersdir}/dovecot.sysusers
 %{_unitdir}/dovecot.service
 %{_unitdir}/dovecot-init.service
 %{_unitdir}/dovecot.socket
@@ -466,6 +466,9 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
+- use systemd-sysusers for user creation (#2095399)
+
 * Wed Nov 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
 - re-enable LTO build (#1990080)
 

dovecot.sysusers

@@ -0,0 +1,9 @@
+#Type Name    ID    GECOS                       Home directory       Shell
+g     dovecot 97
+u     dovecot 97   "Dovecot IMAP server"        /usr/libexec/dovecot /sbin/nologin
+m     dovecot dovecot
+
+g     dovenull -
+u     dovenull -   "Dovecot's unauthorized user" /usr/libexec/dovecot /sbin/nologin
+m     dovenull dovenull
+