On Fri, Feb 02, 2024 at 18:59:44 -0000, tim@xxxxxxxx wrote: > Install a systemd sysusers config file for the qemu & kvm user/groups. > > We can not use the sysusers_create_compat macro in the RPM specfile to > create those users as we want to keep the specfile standalone and not > relying on additionnal files. > > Update the specfile to make the commands closer to what is generated by > the current macro. > > See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22 > See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319 > See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ IMO we should also mention: https://bugzilla.redhat.com/show_bug.cgi?id=2095429 > > Based on previous work by: Peter Krempa <pkrempa@xxxxxxxxxx> > Signed-off-by: Timothée Ravier <tim@xxxxxxxx> > --- > libvirt.spec.in | 21 +++++++++++++-------- > src/qemu/libvirt-qemu.sysusers.conf | 4 ++++ > src/qemu/meson.build | 7 +++++++ > 3 files changed, 24 insertions(+), 8 deletions(-) > create mode 100644 src/qemu/libvirt-qemu.sysusers.conf I've tested that 'rpmbuild -tb libvirt*.tar.xz' works properly after this patch. Note that in the way you've posted this patch the authorship looks like: commit 746e7b69bf57631ceb2be93e8a0b9db4b4b50e5f Author: tim@xxxxxxxx <tim@xxxxxxxx> Date: Fri Feb 2 18:59:44 2024 +0000 qemu: Add sysusers config file for qemu & kvm user/groups Is this what you've wanted? Or should I update it using the spelling from the sign off? > diff --git a/libvirt.spec.in b/libvirt.spec.in > index 8413e3c19a..a411ac6515 100644 > --- a/libvirt.spec.in > +++ b/libvirt.spec.in [...] > @@ -1834,16 +1835,19 @@ exit 0 > %pre daemon-driver-qemu > %libvirt_sysconfig_pre virtqemud > %libvirt_systemd_unix_pre virtqemud > + > # We want soft static allocation of well-known ids, as disk images > -# are commonly shared across NFS mounts by id rather than name; see > -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups > -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm > -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu > -if ! getent passwd qemu >/dev/null; then > - if ! getent passwd 107 >/dev/null; then > - useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu > +# are commonly shared across NFS mounts by id rather than name. > +# See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ > +# We can not use the sysusers_create_compat macro here as we want to keep the > +# specfile standalone and not relying on additionnal files. > +getent group 'kvm' >/dev/null || groupadd -f -g '36' -r 'kvm' || : > +getent group 'qemu' >/dev/null || groupadd -f -g '107' -r 'qemu' || : > +if ! getent passwd 'qemu' >/dev/null; then > + if ! getent passwd '107' >/dev/null; then > + useradd -r -u '107' -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || : > else > - useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu > + useradd -r -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || : > fi > fi > exit 0 The quoting changes are okay and result in identical commands, but I'm not that much sold on the discarding of errors (' || : ') which we didn't do before. Why would we want to ignore errors here? Other than that: Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> You don't need to re-send but I want to know the reason for dropping the errors first. I can update the patch before pushing. _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
