From 6c2b44a54a5e6c75a99328fb7a32ebb0ef73a0d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Mon, 6 Sep 2021 16:43:00 +0200
Subject: [PATCH] Use systemd-sysusers to create user & group

This duplicates the sysusers config from upstream but only installs the
upstream one. The configs should be kept in sync.

We can not use the upstream one as it requires pre-processing that will
only happen at a later time in the build process.

See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation

https://src.fedoraproject.org/rpms/flatpak/pull-request/8
---
 flatpak.spec          | 18 +++++++++++-------
 flatpak.sysusers.conf |  1 +
 2 files changed, 12 insertions(+), 7 deletions(-)
 create mode 100644 flatpak.sysusers.conf

diff --git a/flatpak.spec b/flatpak.spec
index b3eefd1..c01fc6b 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -4,7 +4,7 @@
 
 Name:           flatpak
 Version:        1.13.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
@@ -16,6 +16,10 @@ Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/
 Source1:        flatpak-add-fedora-repos.service
 %endif
 
+# systemd-sysusers config. Only used for the %%pre macro. Must be kept in sync
+# with the config from upstream sources.
+Source2:        flatpak.sysusers.conf
+
 Patch0:         flatpak-selinux-permissions.patch
 
 BuildRequires:  pkgconfig(appstream) >= %{appstream_version}
@@ -44,6 +48,7 @@ BuildRequires:  gpgme-devel
 BuildRequires:  libcap-devel
 BuildRequires:  python3-pyparsing
 BuildRequires:  systemd
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  /usr/bin/xdg-dbus-proxy
 BuildRequires:  /usr/bin/xmlto
 BuildRequires:  /usr/bin/xsltproc
@@ -158,11 +163,7 @@ install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
 %find_lang %{name}
 
 %pre
-getent group flatpak >/dev/null || groupadd -r flatpak
-getent passwd flatpak >/dev/null || \
-    useradd -r -g flatpak -d / -s /sbin/nologin \
-     -c "User for flatpak system helper" flatpak
-exit 0
+%sysusers_create_compat %{SOURCE2}
 
 
 %if 0%{?fedora}
@@ -227,7 +228,7 @@ fi
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
 %{_sysconfdir}/flatpak/remotes.d
 %{_sysconfdir}/profile.d/flatpak.sh
-%{_sysusersdir}/flatpak.conf
+%{_sysusersdir}/%{name}.conf
 %{_unitdir}/flatpak-system-helper.service
 %{_userunitdir}/flatpak-oci-authenticator.service
 %{_userunitdir}/flatpak-portal.service
@@ -267,6 +268,9 @@ fi
 
 
 %changelog
+* Tue May 17 2022 Timothée Ravier <tim@siosm.fr> - 1.13.2-3
+- Use sysusers_create_compat macro to create user & group.
+
 * Tue Apr 12 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.13.2-2
 - Avoid SELinux denials caused by read access to /etc/passwd, watching files
   inside /usr/libexec and read access to /var/lib/flatpak
diff --git a/flatpak.sysusers.conf b/flatpak.sysusers.conf
new file mode 100644
index 0000000..8203ed5
--- /dev/null
+++ b/flatpak.sysusers.conf
@@ -0,0 +1 @@
+u flatpak - "Flatpak system helper" -