[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/latest] Install and use sysusers.d config files
Andrea Bolognani (@abologna)
gitlab at salsa.debian.org
Mon Dec 8 22:17:49 GMT 2025
Andrea Bolognani pushed to branch debian/latest at Libvirt Packaging Team / libvirt
Commits:
5f62c20b by Luca Boccassi at 2025-12-04T00:23:28+00:00
Install and use sysusers.d config files
sysusers.d config files allows a package to use declarative configuration
instead of manually written maintainer scripts.
Install files for the packages using adduser, and switch over.
Patch the upstream sysusers.d file instead of adding a new one as preferred
by the maintainer.
This also allows image-based systems to be created with /usr/ only, and
also allows for factory resetting a system and recreating /etc/ on boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
Also stop deleting users/groups on remove/purge, as that is considered
bad practice, as any potential leftover file/directory can then become
owned by the next user/group that gets added, with unpredictable
consequences.
- - - - -
11 changed files:
- debian/control
- debian/control.in
- debian/libvirt-daemon-common.install.in
- debian/libvirt-daemon-common.postinst.in
- debian/libvirt-daemon-common.postrm.in
- debian/libvirt-daemon-driver-qemu.install.in
- debian/libvirt-daemon-driver-qemu.postinst.in
- debian/libvirt-daemon-driver-qemu.postrm.in
- debian/not-installed
- + debian/patches/debian/sysusers.patch
- debian/patches/series
Changes:
=====================================
debian/control
=====================================
@@ -8,6 +8,7 @@ Uploaders:
Build-Depends:
debhelper-compat (= 13),
dh-apparmor [linux-any],
+ dh-sequence-installsysusers,
augeas-tools [linux-any],
bash-completion,
libacl1-dev [linux-any],
@@ -181,7 +182,6 @@ Package: libvirt-daemon-common
Section: admin
Architecture: linux-any
Depends:
- adduser,
dmidecode [amd64 arm64 armhf i386 riscv64 loong64 x32],
gettext-base,
iproute2,
@@ -272,7 +272,6 @@ Section: admin
Architecture: amd64 arm64 armel armhf i386 loong64 mips64el mipsel powerpc ppc64 ppc64el riscv64 s390x sparc64 x32
Multi-Arch: no
Depends:
- adduser,
libvirt-common (= ${binary:Version}),
libvirt-daemon-log (= ${binary:Version}),
libvirt0 (= ${binary:Version}),
=====================================
debian/control.in
=====================================
@@ -8,6 +8,7 @@ Uploaders:
Build-Depends:
debhelper-compat (= 13),
dh-apparmor [linux-any],
+ dh-sequence-installsysusers,
augeas-tools [linux-any],
bash-completion,
libacl1-dev [linux-any],
@@ -169,7 +170,6 @@ Package: libvirt-daemon-common
Section: admin
Architecture: linux-any
Depends:
- adduser,
dmidecode [${ARCHES_DMIDECODE}],
gettext-base,
iproute2,
@@ -248,7 +248,6 @@ Section: admin
Architecture: ${ARCHES_QEMU}
Multi-Arch: no
Depends:
- adduser,
libvirt-common (= ${binary:Version}),
libvirt-daemon-log (= ${binary:Version}),
libvirt0 (= ${binary:Version}),
=====================================
debian/libvirt-daemon-common.install.in
=====================================
@@ -7,6 +7,7 @@ usr/lib/libvirt/libvirt-guests.sh
usr/lib/libvirt/libvirt_iohelper
usr/lib/systemd/system/libvirt-guests.service
usr/lib/systemd/system/virt-guest-shutdown.target
+usr/lib/sysusers.d/libvirt.conf
usr/share/bash-completion/completions/virt-admin
usr/share/man/man1/virt-admin.1
usr/share/man/man1/virt-host-validate.1
=====================================
debian/libvirt-daemon-common.postinst.in
=====================================
@@ -16,13 +16,6 @@ set -e
#DELETE_PROTECTIVE_DIVERSION#
-add_users_groups()
-{
- if ! getent group libvirt >/dev/null; then
- addgroup --quiet --system libvirt
- fi
-}
-
add_statoverrides()
{
ROOT_DIRS="
@@ -46,7 +39,6 @@ DAEMON_COMMON_UNITS="
case "$1" in
configure)
- add_users_groups
add_statoverrides
# Obsolete UML stuff included until 9.0.0-1
=====================================
debian/libvirt-daemon-common.postrm.in
=====================================
@@ -25,10 +25,6 @@ DAEMON_COMMON_UNITS="
case "$1" in
purge)
- if getent group libvirt >/dev/null; then
- delgroup libvirt >/dev/null || true
- fi
-
# Clean up logs
rm -rf /var/log/libvirt
;;
=====================================
debian/libvirt-daemon-driver-qemu.install.in
=====================================
@@ -6,6 +6,7 @@ etc/libvirt/qemu.conf
etc/logrotate.d/libvirtd.qemu
usr/bin/virt-qemu-run
usr/lib/${DEB_HOST_MULTIARCH}/libvirt/connection-driver/libvirt_driver_qemu.so
+usr/lib/sysusers.d/libvirt-qemu.conf
usr/share/augeas/lenses/libvirtd_qemu.aug
usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug
usr/share/man/man1/virt-qemu-run.1
=====================================
debian/libvirt-daemon-driver-qemu.postinst.in
=====================================
@@ -16,48 +16,9 @@ set -e
. /usr/share/debconf/confmodule
-# Allocated UID and GID for libvirt-qemu
-LIBVIRT_QEMU_UID=64055
-LIBVIRT_QEMU_GID=64055
+# Run dh addons first so that sysusers.d can create users/groups before statoverride
-add_users_groups()
-{
- if ! getent group kvm >/dev/null; then
- addgroup --quiet --system kvm
- fi
- # user and group libvirt runs qemu/kvm instances with
- if ! getent passwd libvirt-qemu >/dev/null; then
-
- # set uid if available (expected); don't fail otherwise.
- PARAMETER_UID=''
- if ! getent passwd $LIBVIRT_QEMU_UID >/dev/null; then
- PARAMETER_UID="--uid $LIBVIRT_QEMU_UID"
- fi
-
- adduser --quiet \
- --system \
- --ingroup kvm \
- --quiet \
- --disabled-login \
- --disabled-password \
- --home /var/lib/libvirt \
- --no-create-home \
- --gecos "Libvirt Qemu" \
- $PARAMETER_UID \
- libvirt-qemu
- fi
- if ! getent group libvirt-qemu >/dev/null; then
-
- # set gid if available (expected); don't fail otherwise.
- PARAMETER_GID=''
- if ! getent group $LIBVIRT_QEMU_GID >/dev/null; then
- PARAMETER_GID="--gid $LIBVIRT_QEMU_GID"
- fi
-
- addgroup --quiet --system $PARAMETER_GID libvirt-qemu
- adduser --quiet libvirt-qemu libvirt-qemu
- fi
-}
+#DEBHELPER#
add_statoverrides()
{
@@ -93,7 +54,6 @@ add_statoverrides()
case "$1" in
configure)
- add_users_groups
add_statoverrides
# Make sure the log directory doesn't get removed on package removal
@@ -147,6 +107,4 @@ esac
db_stop
-#DEBHELPER#
-
exit 0
=====================================
debian/libvirt-daemon-driver-qemu.postrm.in
=====================================
@@ -23,14 +23,6 @@ case "$1" in
;;
purge)
- if getent passwd libvirt-qemu >/dev/null; then
- deluser libvirt-qemu >/dev/null || true
- fi
-
- if getent group libvirt-qemu >/dev/null; then
- delgroup libvirt-qemu >/dev/null || true
- fi
-
# Clean up cached capabilities
rm -rf /var/cache/libvirt/qemu/capabilities
=====================================
debian/not-installed
=====================================
@@ -58,8 +58,6 @@ usr/lib/systemd/system/virtxend-ro.socket
usr/lib/systemd/system/virtxend.service
usr/lib/systemd/system/virtxend.socket
usr/lib/sysusers.d/libvirt-login-shell.conf
-usr/lib/sysusers.d/libvirt-qemu.conf
-usr/lib/sysusers.d/libvirt.conf
usr/sbin/virtinterfaced
usr/sbin/virtlxcd
usr/sbin/virtnetworkd
=====================================
debian/patches/debian/sysusers.patch
=====================================
@@ -0,0 +1,12 @@
+Description: customize sysusers.d file
+Forwarded: not-needed
+--- a/src/qemu/libvirt-qemu.sysusers.conf
++++ b/src/qemu/libvirt-qemu.sysusers.conf
+@@ -1,3 +1,4 @@
+-g qemu 107
+-u qemu 107:qemu "qemu user" - -
+-m qemu kvm
++g kvm
++g libvirt-qemu 64055
++u! libvirt-qemu 64055 "Libvirt Qemu" /var/lib/libvirt
++m libvirt-qemu kvm
=====================================
debian/patches/series
=====================================
@@ -2,3 +2,4 @@ debian/Debianize-libvirt-guests.patch
debian/apparmor_profiles_local_include.patch
debian/Use-sensible-editor-by-default.patch
debian/Drop-inter-package-Also-lines-from-libvirtd.service.patch
+debian/sysusers.patch
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/commit/5f62c20b2ac004fbab3759b8d6024cd82a96ba37
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/commit/5f62c20b2ac004fbab3759b8d6024cd82a96ba37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20251208/2fbeda30/attachment-0001.htm>
More information about the Pkg-libvirt-commits
mailing list