[This is a copy of https://bugzilla.redhat.com/show_bug.cgi?id=2090397 for Fedora] The dbus specfile creates a `dbus` user and group with `81` as static IDs: https://src.osci.redhat.com/rpms/dbus/blob/rhel-8.6.0/f/dbus.spec#_295 However the `dbus-common` package ships a sysusers.d fragment under `/usr/lib/sysusers.d/dbus` which creates a user/group with dynamic ID allocation: ``` # sysusers.d snippet for creating the D-Bus system user automatically # at boot on systemd-based systems that ship with an unpopulated # /etc. See sysusers.d(5) for details. u dbus - "System Message Bus" ``` To fix misalignment, it would be good to update the sysusers fragment to use `81` as the UID/GID too.
I changed dbus in rawhide to use the upstream sysusers.d configuration, which prefers dynamic IDs.
> I changed dbus in rawhide to use the upstream sysusers.d configuration, which prefers dynamic IDs. Thanks for the quick reaction. However I don't think that *in this specific case* it is the good way to go. In particular, I see that the `dbus-daemon` package is shipping a setGID binary at `/usr/libexec/dbus-1/dbus-daemon-launch-helper` owned by the `dbus` group: ``` %files daemon [...] %attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper ``` After the "dynamic GID" change you just pushed, this binary will now get a different GID on each system where the package gets installed/composed. This is troublesome for the push towards deterministic/reproducible composes, and it introduces additional issues for transactional systems doing sandboxed/out-of-band composes (where the GID may change across runs). I pretty much welcome the specfile switch toward a sysusers.d fragment, but I'd recommend sticking to the Fedora allocated UID/GID `81` for that (overriding/patching the upstream content). (I didn't manage to trace down this ID allocation through history, but I do feel that it may have been requested to cover this exact setGID binary too).
I'm re-opening this one as this impacts all rpm-ostree based variants of Fedora and as Luca mentioned we need to use a static ID as we have SetGID binaries in the package.
I eventually found some time to do the packaging changes myself, PR at https://src.fedoraproject.org/rpms/dbus/pull-request/16.
FEDORA-2022-23b7130499 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-23b7130499
FEDORA-2022-58c18a7300 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2022-58c18a7300
FEDORA-2022-58c18a7300 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-23b7130499 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.