rpmostree-core: Reload user/groups after each %post script

travier · travier · commit ae2c0d22111b · 2025-03-13T09:39:52.000+01:00
As part of the migration to direct sysusers support in RPMs, packages are no longer creating their users/groups in %pre scripts as they rely on RPM to do the work. In rpm-ostree unified core composes, the users/groups are not created this way as we don't use/call out to those new RPM scriptlets. Thus the "new" users (i.e. those not part of the default `passwd` & `group` files set in the manifests) are created when the systemd %post scriptlet runs the `sysusers` command. As a workaround, we now reload the list of users/groups after each %post to make sure it is up-to-date. See: https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers See: rpm-software-management/rpm@009d139 See: fedora-silverblue/issue-tracker#636 See: https://gitlab.com/fedora/ostree/sig/-/issues/70 See: #5333
diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx
@@ -4518,23 +4518,23 @@ rpmostree_context_assemble (RpmOstreeContext *self, GCancellable *cancellable, G
             return FALSE;
         }
 
-      if (faccessat (tmprootfs_dfd, "etc/passwd", F_OK, 0) == 0)
-        {
-          CXX_TRY (passwd_entries->add_passwd_content (tmprootfs_dfd, "etc/passwd"), error);
-        }
-
-      if (faccessat (tmprootfs_dfd, "etc/group", F_OK, 0) == 0)
-        {
-          CXX_TRY (passwd_entries->add_group_content (tmprootfs_dfd, "etc/group"), error);
-        }
-
       {
         auto task = rpmostreecxx::progress_begin_task ("Running post scripts");
         guint n_post_scripts_run = 0;
 
         /* %post */
         for (guint i = 0; i < n_rpmts_elements; i++)
           {
+            if (faccessat (tmprootfs_dfd, "etc/passwd", F_OK, 0) == 0)
+              {
+                CXX_TRY (passwd_entries->add_passwd_content (tmprootfs_dfd, "etc/passwd"), error);
+              }
+
+            if (faccessat (tmprootfs_dfd, "etc/group", F_OK, 0) == 0)
+              {
+                CXX_TRY (passwd_entries->add_group_content (tmprootfs_dfd, "etc/group"), error);
+              }
+
             rpmte te = rpmtsElement (ordering_ts, i);
             if (rpmteType (te) != TR_ADDED)
               continue;
