Add sysusers support needed to propagate user to initramfs

Resolves: RHEL-77789
2025-02-09 17:16:20 +01:00 · 2025-02-09 17:16:20 +01:00 · 3091864e16
commit 3091864e16
parent dc2b8c0dc8
2 changed files with 11 additions and 6 deletions
--- a/unbound.spec
+++ b/unbound.spec
@ -30,7 +30,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.16.2
-Release: 14%{?extra_version:.%{extra_version}}%{?dist}
+Release: 15%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://nlnetlabs.nl/projects/unbound/
 Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@ -56,6 +56,7 @@ Source21: remote-control.conf
 Source22: unbound-local-root.conf
 Source23: module-setup.sh
 Source24: unbound-initrd.conf
+Source25: unbound.sysusers

 # https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554
 Patch1: unbound-1.16-CVE-2022-3204.patch
@ -132,7 +133,7 @@ The devel package contains the unbound library and the include files

 %package libs
 Summary: Libraries used by the unbound server and client applications
-Requires(pre): shadow-utils
+%{?sysusers_requires_compat}
 %if ! 0%{with_python2}
 # Make explicit conflict with no longer provided python package
 Obsoletes: python2-unbound < 1.9.3
@ -285,6 +286,7 @@ install -p -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/unbound-anchor.service
 install -p -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
 install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/unbound
 install -p -m 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/sysconfig/unbound
+install -p -D -m 0644 %{SOURCE25} %{buildroot}%{_sysusersdir}/%{name}.conf
 %if %{with_munin}
 # Install munin plugin and its softlinks
 install -d -m 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
@ -347,10 +349,7 @@ install -p -m 0755 %{SOURCE23} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unb
 install -p -m 0644 %{SOURCE24} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound

 %pre libs
-getent group unbound >/dev/null || groupadd -r unbound
-getent passwd unbound >/dev/null || \
-useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
-c "Unbound DNS resolver" unbound
+%sysusers_create_compat %{SOURCE25}

 %post
 %systemd_post unbound.service
@ -464,6 +463,7 @@ popd
 %doc doc/README
 %license doc/LICENSE
 %attr(0755,root,root) %dir %{_sysconfdir}/%{name}
+%{_sysusersdir}/%{name}.conf
 %{_sbindir}/unbound-anchor
 %{_libdir}/libunbound.so.*
 %{_mandir}/man8/unbound-anchor*
@ -481,6 +481,10 @@ popd
 %{_prefix}/lib/dracut/modules.d/99unbound

 %changelog
+* Sun Feb 09 2025 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-15
+- Add sysusers support needed to propagate user to initramfs
+- Resolves: RHEL-77789
+
 * Sun Feb 09 2025 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-14
 - Change service type to notify
 - Resolves: RHEL-77790
--- a/unbound.sysusers
+++ b/unbound.sysusers
@ -0,0 +1 @@
+u unbound - "Unbound DNS resolver" /var/lib/unbound /sbin/nologin
				`@ -0,0 +1 @@`
				`u unbound - "Unbound DNS resolver" /var/lib/unbound /sbin/nologin`