[PATCH 2/2] systemd: Use sysusers mechanism inside the jail

[Stefan Schantl <stefan.schantl@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3757 bytes --]

Change the old user/group creation mechanism to use systemd's
sysusers mechanism instead.

This is a bit of a tricky part, because before systemd we do not have
this binary. So at first we have to push the sysusers files to the jails
sysusers directory and use the previous compiled and installed systemd-sysusers
binary in order to create the groups/users which are part of systemd
inside the jail.

After that, everything works quite normal when modifying the files or
direcotry owners.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 systemd/systemd.nm | 65 ++++++++++++++++++++++++++++------------------
 1 file changed, 40 insertions(+), 25 deletions(-)

diff --git a/systemd/systemd.nm b/systemd/systemd.nm
index 2c409694c..db57e4142 100644
--- a/systemd/systemd.nm
+++ b/systemd/systemd.nm
@@ -5,7 +5,7 @@
 
 name       = systemd
 version    = 253
-release    = 4
+release    = 5
 
 maintainer = Stefan Schantl <stefan.schantl(a)ipfire.org>
 groups     = System/Base
@@ -77,6 +77,9 @@ build
 	configure_options = \
 		-Dsysvinit-path= \
 		-Dsysvrcnd-path= \
+		-Dnobody-user=nobody \
+		-Dnobody-group=nobody \
+		-Dfallback-hostname="localhost" \
 		-Dzlib=true \
 		-Dman=true \
 		-Dsmack=false \
@@ -93,9 +96,26 @@ build
 		-Dtimedated=false \
 		-Dpolkit=false
 
-	prepare_cmds
-		%{create_groups}
-	end
+	# Assign group ids
+	configure_options += \
+		-Dadm-gid=4 \
+		-Dtty-gid=5 \
+		-Ddisk-gid=6 \
+		-Dlp-gid=7 \
+		-Dkmem-gid=9 \
+		-Dwheel-gid=10 \
+		-Dcdrom-gid=11 \
+		-Ddialout-gid=18 \
+		-Dutmp-gid=22 \
+		-Dtape-gid=33 \
+		-Dkvm-gid=36 \
+		-Dvideo-gid=39 \
+		-Daudio-gid=63 \
+		-Dusers-gid=100 \
+		-Dinput-gid=104 \
+		-Drender-gid=105 \
+		-Dsgx-gid=106 \
+		-Dsystemd-journal-gid=190
 
 	build
 		# Call meson and pass configure options.
@@ -117,6 +137,10 @@ build
 		# Install systemd.
 		%{meson_install}
 
+		# Use the installed files to create all users and groups
+		# in one shot.
+		%{create_groups}
+
 		# Create folder in log to store the journal.
 		mkdir -pv %{BUILDROOT}/var/log/journal
 
@@ -202,22 +226,17 @@ build
 end
 
 create_groups
-	# Create groups for udev.
-	getent group cdrom >/dev/null || groupadd -g 11 cdrom || :
-	getent group tape >/dev/null || groupadd -g 33 tape || :
-	getent group dialout >/dev/null || groupadd -g 18 dialout || :
-	getent group floppy >/dev/null || groupadd -g 19 floppy || :
-	getent group input >/dev/null || groupadd -r input || :
-	getent group utmp >/dev/null || groupadd -r -g 22 utmp || :
-
-	# Create group for journald.
-	getent group systemd-journal >/dev/null || /usr/sbin/groupadd -r systemd-journal
-end
+	# Create the sysusers folder in the jail.
+	mkdir -pv %{sysusersdir}
 
-quality-agent
-	whitelist_rpath
-		%{prefix}/lib/systemd
-	end
+	# Copy all sysusers files from BUILDROOT into the jail's sysusers directory.
+	install -v -m 644 %{BUILDROOT}%{sysusersdir}/*.conf %{sysusersdir}
+
+	# We do not have a libsystemd or systemd-sysusers binary, so
+	# call the installed one inside BUILDROOT to create all users and
+	# groups in one shot.
+	LD_LIBRARY_PATH="%{BUILDROOT}%{libdir}/systemd/" \
+		%{BUILDROOT}%{bindir}/systemd-sysusers
 end
 
 packages
@@ -273,10 +292,6 @@ packages
 			/etc/vconsole.conf
 		end
 
-		script prein
-			%{create_groups}
-		end
-
 		script postin
 			# Reexec systemd daemon.
 			/usr/bin/systemctl daemon-reexec > /dev/null 2>&1 || :
@@ -344,8 +359,8 @@ packages
 
 			# Only ship the sysusers.d folder without
 			# any config files.
-			/usr/lib/sysusers.d
-			!/usr/lib/sysusers.d/*.conf
+			%{sysusersdir}
+			!%{sysusersdir}/*.conf
 		end
 	end
 
-- 
2.30.2