Bug 2095479

Summary: [RFE] tpm2-tss use systemd-sysusers
Product: Red Hat Enterprise Linux 9 Reporter: Pat Riehecky <riehecky>
Component: tpm2-tssAssignee: Štěpán Horáček <shoracek>
Status: CLOSED ERRATA QA Contact: Vilém Maršík <vmarsik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bhu, bstinson, jsnitsel, jwboyer, rvr
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tpm2-tss-3.2.2-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-07 08:55:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2022-06-09 18:37:12 UTC 
Description of problem:
tpm2-tss has static useradd scripts

Version-Release number of selected component (if applicable):
tpm2-tss-3.0.3-7.el9

How reproducible:
100%

Steps to Reproduce:
1.review %pre
2.
3.

Actual results:
%pre
getent group tss >/dev/null || groupadd -f -g 59 -r tss
if ! getent passwd tss >/dev/null ; then
    if ! getent passwd 59 >/dev/null ; then
      useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
    else
      useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
    fi
fi

Expected results:
use of system-sysusers 

Additional info:
https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html
https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
Comment 2 Jerry Snitselaar 2022-06-09 22:28:22 UTC 
Example of a change to a package in Fedora to make use of this:

https://src.fedoraproject.org/fork/zbyszek/rpms/munge/c/dd0498ebb79605ee6a18100db30b07fddfaf31e4
Comment 4 Vilém Maršík 2023-07-26 07:18:14 UTC 
Looks fixed in tpm2-tss.spec of tpm2-tss-3.2.2-1.el9.src.rpm:
Source1:       tpm2-tss-systemd-sysusers.conf
%sysusers_create_compat %{SOURCE1}

As it looks already merged to master, the bug should probably already be in ON_QA.
Comment 8 Vilém Maršík 2023-07-26 14:07:39 UTC 
Package tpm2-tss-3.2.2-2.el9.src.rpm with version from erratum shows the same results as in Comment #4, setting verified.
Comment 10 errata-xmlrpc 2023-11-07 08:55:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: tpm2-tss security and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6685