From nobody Thu May  9 22:03:20 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1706900494514548.703650469518;
 Fri, 2 Feb 2024 11:01:34 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 3DD501C4E; Fri,  2 Feb 2024 14:01:33 -0500 (EST)
Received: from lists.libvirt.org.85.43.8.in-addr.arpa (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id C677C1AD7;
	Fri,  2 Feb 2024 13:59:48 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 4F0841AD2; Fri,  2 Feb 2024 13:59:45 -0500 (EST)
Received: from lists.libvirt.org.85.43.8.in-addr.arpa (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 5C3E01ABB
	for <devel@lists.libvirt.org>; Fri,  2 Feb 2024 13:59:44 -0500 (EST)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=ALL_TRUSTED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Subject: [PATCH] qemu: Add sysusers config file for qemu & kvm user/groups
From: tim@siosm.fr
To: devel@lists.libvirt.org
Date: Fri, 02 Feb 2024 18:59:44 -0000
Message-ID: 
 <20240202185944.11826.41061@lists.libvirt.org.85.43.8.in-addr.arpa>
User-Agent: HyperKitty on https://lists.libvirt.org/
Message-ID-Hash: XK5B2LLQ3Z46UXIONZLCPMIH3ATWULFJ
X-Message-ID-Hash: XK5B2LLQ3Z46UXIONZLCPMIH3ATWULFJ
X-MailFrom: tim@siosm.fr
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/XK5B2LLQ3Z46UXIONZLCPMIH3ATWULFJ/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1706900496323100001

Install a systemd sysusers config file for the qemu & kvm user/groups.

We can not use the sysusers_create_compat macro in the RPM specfile to
create those users as we want to keep the specfile standalone and not
relying on additionnal files.

Update the specfile to make the commands closer to what is generated by
the current macro.

See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22
See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGrou=
ps/

Based on previous work by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Timoth=C3=A9e Ravier <tim@siosm.fr>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 libvirt.spec.in                     | 21 +++++++++++++--------
 src/qemu/libvirt-qemu.sysusers.conf |  4 ++++
 src/qemu/meson.build                |  7 +++++++
 3 files changed, 24 insertions(+), 8 deletions(-)
 create mode 100644 src/qemu/libvirt-qemu.sysusers.conf

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8413e3c19a..a411ac6515 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1473,6 +1473,7 @@ chmod 600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfil=
ter/*.xml
     %if ! %{with_qemu}
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
+rm -f $RPM_BUILD_ROOT%{_sysusersdir}/libvirt-qemu.conf
     %endif
 %find_lang %{name}
=20
@@ -1834,16 +1835,19 @@ exit 0
 %pre daemon-driver-qemu
 %libvirt_sysconfig_pre virtqemud
 %libvirt_systemd_unix_pre virtqemud
+
 # We want soft static allocation of well-known ids, as disk images
-# are commonly shared across NFS mounts by id rather than name; see
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
-getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
-getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
-if ! getent passwd qemu >/dev/null; then
-  if ! getent passwd 107 >/dev/null; then
-    useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" =
qemu
+# are commonly shared across NFS mounts by id rather than name.
+# See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGr=
oups/
+# We can not use the sysusers_create_compat macro here as we want to keep =
the
+# specfile standalone and not relying on additionnal files.
+getent group 'kvm' >/dev/null || groupadd -f -g '36' -r 'kvm' || :
+getent group 'qemu' >/dev/null || groupadd -f -g '107' -r 'qemu' || :
+if ! getent passwd 'qemu' >/dev/null; then
+  if ! getent passwd '107' >/dev/null; then
+    useradd -r -u '107' -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'q=
emu user' 'qemu' || :
   else
-    useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+    useradd -r -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user'=
 'qemu' || :
   fi
 fi
 exit 0
@@ -2246,6 +2250,7 @@ exit 0
 %{_bindir}/virt-qemu-run
 %{_mandir}/man1/virt-qemu-run.1*
 %{_mandir}/man8/virtqemud.8*
+%{_sysusersdir}/libvirt-qemu.conf
     %endif
=20
     %if %{with_lxc}
diff --git a/src/qemu/libvirt-qemu.sysusers.conf b/src/qemu/libvirt-qemu.sy=
susers.conf
new file mode 100644
index 0000000000..3189191e73
--- /dev/null
+++ b/src/qemu/libvirt-qemu.sysusers.conf
@@ -0,0 +1,4 @@
+g kvm 36
+g qemu 107
+u qemu 107:qemu "qemu user" - -
+m qemu kvm
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index 4c3e1dee78..7a0e908a66 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -160,6 +160,13 @@ if conf.has('WITH_QEMU')
     configuration: qemu_user_group_hack_conf,
   )
=20
+  # Install the sysuser config for the qemu driver
+  install_data(
+    'libvirt-qemu.sysusers.conf',
+    install_dir: prefix / 'lib' / 'sysusers.d',
+    rename: [ 'libvirt-qemu.conf' ],
+  )
+
   virt_conf_files +=3D qemu_conf
   virt_aug_files +=3D files('libvirtd_qemu.aug')
   virt_test_aug_files +=3D {
--=20
2.43.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org