- switch to sysuser for user/group setup

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=87
2024-02-05 10:39:53 +00:00 · 2024-02-05 10:39:53 +00:00 · c9e98b2046
commit c9e98b2046
parent 78251e0f3a
2 changed files with 15 additions and 5 deletions
--- a/dehydrated.changes
+++ b/dehydrated.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Feb  5 10:38:26 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- switch to sysuser for user/group setup
+
 -------------------------------------------------------------------
 Fri Feb  2 17:34:54 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>

--- a/dehydrated.spec
+++ b/dehydrated.spec
@ -77,6 +77,7 @@ Source17:       dehydrated.target
 Source18:       dehydrated-postrun-hooks.service
 Source19:       dehydrated-postrun-hooks@.service
 Source20:       README.postrun-hooks
+Source21:       dehydrated.sysusers
 BuildRequires:  %{_apache}
 Requires:       coreutils
 Requires:       curl
@ -103,7 +104,10 @@ BuildRequires:  shadow
 %endif
 %if %{with systemd}
 BuildRequires:  pkgconfig(systemd)
-%{?systemd_requires}
+BuildRequires:  sysuser-shadow
+BuildRequires:  sysuser-tools
+%{?systemd_ordering}
+%sysusers_requires
 %else #with_systemd
 %if 0%{?suse_version}
 Requires:       cron
@ -151,10 +155,7 @@ Provides:       letsencrypt.sh-nginx = %{version}
 This adds a configuration file for dehydrated's acme-challenge to nginx.
 %endif #with nginx

-%pre
-getent group %{_user} >/dev/null || %{_sbindir}/groupadd -r %{_user}
-getent passwd %{_user} >/dev/null || %{_sbindir}/useradd -g %{_user} \
-	-s /bin/false -r -c "%{_user}" -d %{_home} %{_user}
+%pre -f %{name}.pre
 if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated/config.sh %{_sysconfdir}/dehydrated/config; fi

 %if %{with systemd}
@ -178,6 +179,7 @@ cp %{SOURCE10} .
 cp %{SOURCE20} .

 %build
+%sysusers_generate_pre %{SOURCE21} %{name} %{name}.conf

 %install
 # sensitive keys
@ -259,6 +261,8 @@ perl -p -i -e 's|#DEHYDRATED_GROUP=|DEHYDRATED_GROUP="%{_user}"|' %{buildroot}%{

 diff -urN docs/examples/config %{buildroot}%{_home}/config ||:

+install -Dpm0644 %{SOURCE21} %{buildroot}%{_sysusersdir}/%{name}.conf
+
 # Rename existing config file config files fror nginx
 %if %{with nginx}
 %pre nginx
@ -294,6 +298,7 @@ diff -urN docs/examples/config %{buildroot}%{_home}/config ||:
 %{_unitdir}/dehydrated*.timer
 %if %{with instantiated_service}
 %{_unitdir}/dehydrated.target
+%{_sysusersdir}/%{name}.conf
 %endif
 %if 0%{?suse_version}
 %{_sbindir}/rcdehydrated