From 5ae840b1fd7950a14e4bb4b7cb6b19e97ccc67d5 Mon Sep 17 00:00:00 2001
From: xujing <xujing125@huawei.com>
Date: Sat, 2 Aug 2025 14:31:15 +0800
Subject: [PATCH] systemd: Use systemd-sysusers to create users

---
 systemd.spec | 58 +++++++++++++++++++++++-----------------------------
 1 file changed, 26 insertions(+), 32 deletions(-)

diff --git a/systemd.spec b/systemd.spec
index 5f51755..ca792ed 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        255
-Release:        46
+Release:        47
 License:        LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
 Summary:        System and Service Manager
 
@@ -203,8 +203,6 @@ Requires(post): acl
 Requires(post): grep
 Requires(post): openssl-libs
 Requires(pre):  coreutils
-Requires(pre):  /usr/bin/getent
-Requires(pre):  /usr/sbin/groupadd
 Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
 Recommends:     diffutils
 Recommends:     libxkbcommon%{?_isa}
@@ -307,7 +305,6 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 Requires(post): systemd
 Requires(preun):systemd
 Requires(postun):systemd
-Requires(pre):  /usr/bin/getent
 
 %description resolved
 systemd-resolve is a system service that provides network name resolution to
@@ -329,7 +326,6 @@ various IPC subsystems and the host and domain name.
 Summary:        System daemon that manages network configurations
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 License:        LGPL-2.1-or-later
-Requires(pre):  /usr/bin/getent
 Requires(post): systemd
 Requires(preun):systemd
 Requires(postun):systemd
@@ -346,7 +342,6 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 Requires(post): systemd
 Requires(preun):systemd
 Requires(postun):systemd
-Requires(pre):  /usr/bin/getent
 
 %description timesyncd
 systemd-timesyncd is a system service that may be used to synchronize
@@ -469,6 +464,27 @@ CONFIGURE_OPTS=(
         -Dstoragetm=false
         -Dvmspawn=disabled
         -Dlink-portabled-shared=false
+        -Dadm-gid=4
+        -Dtty-gid=5
+        -Ddisk-gid=6
+        -Dlp-gid=7
+        -Dkmem-gid=9
+        -Dwheel-gid=10
+        -Dcdrom-gid=11
+        -Ddialout-gid=18
+        -Dutmp-gid=22
+        -Dtape-gid=33
+        -Dkvm-gid=36
+        -Dvideo-gid=39
+        -Daudio-gid=63
+        -Dusers-gid=100
+        -Dinput-gid=104
+        -Drender-gid=105
+        -Dsgx-gid=106
+        -Dsystemd-journal-gid=190
+        -Dsystemd-network-uid=192
+        -Dsystemd-resolve-uid=193
+        # -Dsystemd-timesync-uid=, not set yet
 )
 
 %meson "${CONFIGURE_OPTS[@]}"
@@ -702,35 +718,14 @@ if test -d /run/systemd/system; then
   %{_systemddir}/systemd-binfmt || :
 fi
 
-%pre
-getent group cdrom &>/dev/null || groupadd -r -g 11 cdrom &>/dev/null || :
-getent group utmp &>/dev/null || groupadd -r -g 22 utmp &>/dev/null || :
-getent group tape &>/dev/null || groupadd -r -g 33 tape &>/dev/null || :
-getent group dialout &>/dev/null || groupadd -r -g 18 dialout &>/dev/null || :
-getent group input &>/dev/null || groupadd -r input &>/dev/null || :
-getent group kvm &>/dev/null || groupadd -r -g 36 kvm &>/dev/null || :
-getent group render &>/dev/null || groupadd -r render &>/dev/null || :
-getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2>&1 || :
-
-getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || :
-getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || :
-
-%pre networkd
-getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
-getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
-
-%pre resolved
-getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || :
-getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || :
-
 %post
 /sbin/ldconfig
 systemd-machine-id-setup &>/dev/null || :
 systemctl daemon-reexec &>/dev/null || :
 journalctl --update-catalog &>/dev/null || :
+systemd-sysusers || :
 systemd-tmpfiles --create &>/dev/null || :
 
-
 # Make sure new journal files will be owned by the "systemd-journal" group
 machine_id=$(cat /etc/machine-id 2>/dev/null)
 chgrp systemd-journal /{run,var}/log/journal/{,${machine_id}} &>/dev/null || :
@@ -830,10 +825,6 @@ if [ $1 -eq 0 ] ; then
                 >/dev/null || :
 fi
 
-%pre timesyncd
-getent group systemd-timesync &>/dev/null || groupadd -r systemd-timesync 2>&1 || :
-getent passwd systemd-timesync &>/dev/null || useradd -r -l -g systemd-timesync -d / -s /sbin/nologin -c "systemd Time Synchronization" systemd-timesync &>/dev/null || :
-
 %post timesyncd
 # Move old stuff around in /var/lib
 mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null
@@ -1720,6 +1711,9 @@ fi
 %{_unitdir}/veritysetup.target
 
 %changelog
+* Sat Aug 02 2025 xujing <xujing125@huawei.com> - 255-47
+- Use systemd-sysusers to create users
+
 * Mon Jun 23 2025 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-46
 - Fix CVE-2025-4598
 
-- 
Gitee