Bug 2337007

Summary: RPM Support For Systemd Sysusers.d
Product: [Fedora] Fedora Reporter: Aoife Moloney <amoloney>
Component: Changes TrackingAssignee: Michal Sekletar <msekleta>
Status: ON_QA --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: awilliam, msekleta, pmatilai, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2344333, 2338295, 2338304, 2344322, 2372213    
Bug Blocks: 2302545    

Description Aoife Moloney 2025-01-10 18:36:13 UTC 
This is a tracking bug for Change: RPM Support For Systemd Sysusers.d
For more details, see: https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers

RPM supports creating users and groups according to configuration provided in sysusers.d snippets shipped in package payload.

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
Comment 1 Panu Matilainen 2025-01-13 13:12:04 UTC 
As of rpm >= 4.20.0-5 built earlier today, user and group dependencies are now being generated as hard dependencies:
https://src.fedoraproject.org/rpms/rpm/pull-request/61
Comment 2 Panu Matilainen 2025-01-22 11:29:32 UTC 
The hard user/group dependencies part was reverted last week because there are just way too many packages still using old user/group management methods.
This will then proceed with just the weak dependencies for user/group. Then again the packages are already working without that data, so the dependencies have to be in place in some form already, only the user/group specific requires would've made it more explicit.

Rpm's sysusers.d integration enabled in rawhide now as of rpm 4.20.0-8: https://bodhi.fedoraproject.org/updates/FEDORA-2025-9c37bb22bb
Comment 3 Adam Williamson 2025-03-11 23:28:49 UTC 
I think I've stumbled across a major issue with this: rpm-ostree has no equivalent of the new rpm `%sysusers` script. Since, as part of this Change, systemd has neutered the %sysusers_create_compat macro - https://src.fedoraproject.org/rpms/systemd/c/1bdfa29ce262bd10b0096538f32d275e8016cc4d?branch=rawhide - that means no package that creates users/groups with sysusers 'works' in ostree any more. Those users/groups just don't get created.

Obviously, the fact that we're now merging a bunch of PRs to convert just about *everything* to sysusers means the impact of this is worse, but it's already broken several ostree builds entirely.

See https://gitlab.com/fedora/ostree/sig/-/issues/70 and https://github.com/fedora-silverblue/issue-tracker/issues/636 for more.
Comment 4 Panu Matilainen 2025-03-13 07:04:18 UTC 
rpm-ostree is a knowingly incompatible, partial reimplementation of some rpm parts. It's up to them to keep up. sysusers support in rpm is two years old now, so it's not like we're jumping to a feature that landed just yesterday.

Note that this should actually be *good news* to rpm-ostree. Traditional scriptlets are problematic in that world and only partially supported, whereas sysusers is a declarative thing they can implement in whatever means that works best in that world.