From ca6f781d021175b48a20bd352b8298c10a75e5d8 Mon Sep 17 00:00:00 2001
From: Martin Cermak <mcermak@redhat.com>
Date: Fri, 28 Nov 2025 14:46:11 +0100
Subject: [PATCH] Fix creation of the stapunpriv user

stapunpriv is a system user not needing a homedir.  Previously, specfile did
set a homedir, but didn't create it.  Fresh installations now set "/" as the
homedir via _systemtap_runtime_preinstall, as SYSUSERS.D(5) recommends.  Fix
existing broken installations, keep upgrade path clean.

Resolves: RHEL-132057
---
 systemtap.spec | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/systemtap.spec b/systemtap.spec
index e9e07a6..06157b5 100644
--- a/systemtap.spec
+++ b/systemtap.spec
@@ -98,23 +98,23 @@ g     stapusr  156\
 g     stapsys  157\
 g     stapdev  158\
 g     stapunpriv 159\
-u     stapunpriv 159      "systemtap unprivileged user"   /var/lib/stapunpriv   /sbin/nologin\
+u     stapunpriv 159      "systemtap unprivileged user"\
 m     stapunpriv stapunpriv
 
 %define _systemtap_server_preinstall \
 # See systemd-sysusers(8) sysusers.d(5)\
 \
 g     stap-server  -\
-u     stap-server  -      "systemtap compiler server"   /var/lib/stap-server   /sbin/nologin\
+u     stap-server  -      "systemtap compiler server"   /var/lib/stap-server\
 m     stap-server stap-server
 
 
 %define _systemtap_testsuite_preinstall \
 # See systemd-sysusers(8) sysusers.d(5)\
 \
-u     stapusr  -          "systemtap testsuite user"    /   /sbin/nologin\
-u     stapsys  -          "systemtap testsuite user"    /   /sbin/nologin\
-u     stapdev  -          "systemtap testsuite user"    /   /sbin/nologin\
+u     stapusr  -          "systemtap testsuite user"\
+u     stapsys  -          "systemtap testsuite user"\
+u     stapdev  -          "systemtap testsuite user"\
 m     stapusr  stapusr\
 m     stapsys  stapusr\
 m     stapsys  stapsys\
@@ -131,7 +131,7 @@ f /var/log/stap-server/log 0644 stap-server stap-server -
 Name: systemtap
 # PRERELEASE
 Version: 5.4
-Release: 1%{?release_override}%{?dist}
+Release: 2%{?release_override}%{?dist}
 # for version, see also configure.ac
 
 
@@ -884,11 +884,18 @@ getent group stapusr >/dev/null || groupadd -f -g 156 -r stapusr
 getent group stapsys >/dev/null || groupadd -f -g 157 -r stapsys
 getent group stapdev >/dev/null || groupadd -f -g 158 -r stapdev
 getent passwd stapunpriv >/dev/null || \
-  useradd -c "Systemtap Unprivileged User" -u 159 -g stapunpriv -d %{_localstatedir}/lib/stapunpriv -r -s /sbin/nologin stapunpriv 2>/dev/null || \
-  useradd -c "Systemtap Unprivileged User" -g stapunpriv -d %{_localstatedir}/lib/stapunpriv -r -s /sbin/nologin stapunpriv
+  useradd -c "Systemtap Unprivileged User" -u 159 -g stapunpriv -d / -r -s /sbin/nologin stapunpriv 2>/dev/null || \
+  useradd -c "Systemtap Unprivileged User" -g stapunpriv -d / -r -s /sbin/nologin stapunpriv
 exit 0
 %endif
 
+%post runtime
+# stapunpriv is a system user not needing a homedir.  Previously, specfile did
+# set a homedir, but didn't create it.  Fresh installations now set "/" as the
+# homedir via _systemtap_runtime_preinstall, as SYSUSERS.D(5) recommends.  Fix
+# existing broken installations, keep upgrade path clean.  Related: RHEL-130244.
+getent passwd stapunpriv | cut -d: -f6 | grep -q '^/var/lib/stapunpriv$' && usermod -d / stapunpriv
+
 %pre server
 %if %{with_sysusers}
 %if (0%{?fedora} && 0%{?fedora} < 42) || (0%{?rhel} && 0%{?rhel} < 11)
@@ -1363,6 +1370,9 @@ exit 0
 
 # PRERELEASE
 %changelog
+* Fri Nov 28 2025 Martin Cermak <mcermak@redhat.com> - 5.4-2
+- Fix RHEL-132057
+
 * Fri Oct 31 2025 Frank Ch. Eigler <fche@redhat.com> - 5.4-1
 - Upstream release, see wiki page below for detailed notes.
   https://sourceware.org/systemtap/wiki/SystemTapReleases