From da15385b06ac718b6046fe9801d18a44f050c628 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 3 Nov 2016 19:49:05 -0400
Subject: [PATCH] Update sed-foo to enable nss-systemd and add UNAVAIL fallback
 for resolve

Only fall back to "dns" if nss-resolve is not installed (for the
architecture of the calling program). Once it is, we never want to
fall back to "dns" as that breaks enforcing DNSSEC verification and
also pointlessly retries NXDOMAIN failures.

C.f. https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5e00954
---
 systemd.spec | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/systemd.spec b/systemd.spec
index 56b5d2b..648094f 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -445,24 +445,36 @@ fi
 %post libs
 /sbin/ldconfig
 
-# sed-fu to add myhostanme to hosts line and remove mymachines
-# from passwd and group lines of /etc/nsswitch.conf
-# https://bugzilla.redhat.com/show_bug.cgi?id=1284325
-# https://meetbot.fedoraproject.org/fedora-meeting/2015-11-25/fesco.2015-11-25-18.00.html
-# To avoid the removal, e.g. add a space at the end of the line.
 if [ -f /etc/nsswitch.conf ] ; then
+        # sed-fu to add myhostanme to hosts line
         grep -v -E -q '^hosts:.* myhostname' /etc/nsswitch.conf &&
         sed -i.bak -e '
                 /^hosts:/ !b
                 /\<myhostname\>/ b
                 s/[[:blank:]]*$/ myhostname/
-                ' /etc/nsswitch.conf >/dev/null 2>&1 || :
+                ' /etc/nsswitch.conf &>/dev/null
 
+        # remove mymachines from passwd and group lines of /etc/nsswitch.conf
+        # https://bugzilla.redhat.com/show_bug.cgi?id=1284325
+        # https://meetbot.fedoraproject.org/fedora-meeting/2015-11-25/fesco.2015-11-25-18.00.html
+        # To avoid the removal, e.g. add a space at the end of the line.
         grep -E -q '^(passwd|group):.* mymachines$' /etc/nsswitch.conf &&
         sed -i.bak -r -e '
                 s/^(passwd:.*) mymachines$/\1/;
                 s/^(group:.*) mymachines$/\1/;
-                ' /etc/nsswitch.conf >/dev/null 2>&1 || :
+                ' /etc/nsswitch.conf &>/dev/null
+
+        # Add [!UNAVAIL=return] after resolve
+        grep -E -q '^hosts:.*resolve[[:space:]]*($|[[:alpha:]])' /etc/nsswitch.conf &&
+        sed -i.bak -e '
+                /^hosts:/ { s/resolve/& [!UNAVAIL=return]/}
+                ' /etc/nsswitch.conf &>/dev/null
+
+        # Add nss-systemd to passwd and group
+        grep -E -q '^(passwd|group):.* systemd' /etc/nsswitch.conf ||
+        sed -i.bak -r -e '
+                s/^(passwd|group):(.*)/\1: \2 systemd/
+                ' /etc/nsswitch.conf &>/dev/null
 fi
 
 %postun libs -p /sbin/ldconfig
@@ -776,6 +788,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 %files libs
 %{_libdir}/libnss_myhostname.so.2
 %{_libdir}/libnss_resolve.so.2
+%{_libdir}/libnss_systemd.so.2
 %{_libdir}/libudev.so.*
 %{_libdir}/libsystemd.so.*
 %license LICENSE.LGPL2.1
@@ -937,10 +950,12 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 
 %changelog
 * Thu Nov  3 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-1
-- Update to latest version
+- Update to latest version (#998615, #1181922)
 - Add %%{_isa} to Provides on arch-full packages (#1387912)
 - Create systemd-coredump user in %%pre (#1348891)
 - Replace grubby patch with a short-circuiting install.d "plugin"
+- Enable nss-systemd in the passwd, group lines in nsswith.conf
+- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf
 
 * Tue Oct 18 2016 Jan Synáček <jsynacek@redhat.com> - 231-11
 - SPC - Cannot restart host operating from container (#1384523)