Use systemd-sysusers to create user & group

This duplicates the sysusers config from upstream but only installs the
upstream one. The configs should be kept in sync.

We can not use the upstream one as it requires pre-processing that will
only happen at a later time in the build process.

See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation

https://src.fedoraproject.org/rpms/flatpak/pull-request/8
This commit is contained in:
Timothée Ravier 2021-09-06 16:43:00 +02:00 committed by Debarshi Ray
parent b6e9962fa4
commit 6c2b44a54a
2 changed files with 12 additions and 7 deletions

View File

@ -4,7 +4,7 @@
Name: flatpak
Version: 1.13.2
Release: 2%{?dist}
Release: 3%{?dist}
Summary: Application deployment framework for desktop apps
License: LGPLv2+
@ -16,6 +16,10 @@ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/
Source1: flatpak-add-fedora-repos.service
%endif
# systemd-sysusers config. Only used for the %%pre macro. Must be kept in sync
# with the config from upstream sources.
Source2: flatpak.sysusers.conf
Patch0: flatpak-selinux-permissions.patch
BuildRequires: pkgconfig(appstream) >= %{appstream_version}
@ -44,6 +48,7 @@ BuildRequires: gpgme-devel
BuildRequires: libcap-devel
BuildRequires: python3-pyparsing
BuildRequires: systemd
BuildRequires: systemd-rpm-macros
BuildRequires: /usr/bin/xdg-dbus-proxy
BuildRequires: /usr/bin/xmlto
BuildRequires: /usr/bin/xsltproc
@ -158,11 +163,7 @@ install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
%find_lang %{name}
%pre
getent group flatpak >/dev/null || groupadd -r flatpak
getent passwd flatpak >/dev/null || \
useradd -r -g flatpak -d / -s /sbin/nologin \
-c "User for flatpak system helper" flatpak
exit 0
%sysusers_create_compat %{SOURCE2}
%if 0%{?fedora}
@ -227,7 +228,7 @@ fi
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
%{_sysconfdir}/flatpak/remotes.d
%{_sysconfdir}/profile.d/flatpak.sh
%{_sysusersdir}/flatpak.conf
%{_sysusersdir}/%{name}.conf
%{_unitdir}/flatpak-system-helper.service
%{_userunitdir}/flatpak-oci-authenticator.service
%{_userunitdir}/flatpak-portal.service
@ -267,6 +268,9 @@ fi
%changelog
* Tue May 17 2022 Timothée Ravier <tim@siosm.fr> - 1.13.2-3
- Use sysusers_create_compat macro to create user & group.
* Tue Apr 12 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.13.2-2
- Avoid SELinux denials caused by read access to /etc/passwd, watching files
inside /usr/libexec and read access to /var/lib/flatpak

1
flatpak.sysusers.conf Normal file
View File

@ -0,0 +1 @@
u flatpak - "Flatpak system helper" -