From 9baecec3eb3ad2ce36f72250d7f9840451de5f73 Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Sat, 17 Jun 2023 17:35:22 -0400
Subject: [PATCH] drop hardcoded openvswitch user/group definitions

The RPM is now using systemd-sysusers fragments [1] so we can drop the
hardcoded definitions. One problem here, though, is that the hugetlbfs
group never gets added to the openswitch user [2] so let's add a
workaround for that for now.

One side effect of this is that it does change the previously defined
UID/GIDs from 800/801 to different values (dynamically generated at build
time). I assume this is OK because of some of the discussion in [1].

[1] https://github.com/openshift/os/issues/1274#issuecomment-1593690794
[2] https://github.com/openshift/os/issues/1274#issuecomment-1595860275
---
 group                  |  2 --
 manifest-rhel-9.2.yaml | 11 +++++++++++
 passwd                 |  1 -
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/group b/group
index e86d91b24..1fb1db8dc 100644
--- a/group
+++ b/group
@@ -42,5 +42,3 @@ nfsnobody:x:65534:
 kube:x:994:
 sshd:x:74:
 chrony:x:992:
-openvswitch:x:800:
-hugetlbfs:x:801:
diff --git a/manifest-rhel-9.2.yaml b/manifest-rhel-9.2.yaml
index 3c7e6ac3d..3340c6255 100644
--- a/manifest-rhel-9.2.yaml
+++ b/manifest-rhel-9.2.yaml
@@ -108,6 +108,17 @@ postprocess:
      ---
      EOF
 
+  # Add the hugetlbfs group to the openvswitch user if the openvswitch-hugetlbfs.conf
+  # sysusers fragment exists. This is a workaround for a bug somewhere in the stack
+  # that we need to investigate further.
+  # https://github.com/openshift/os/issues/1274#issuecomment-1595860275
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+     if [ -f /usr/lib/sysusers.d/openvswitch-hugetlbfs.conf ]; then
+         usermod -a -G hugetlbfs openvswitch
+     fi
+
 # Packages that are only in RHCOS and not in SCOS or that have special
 # constraints that do not apply to SCOS
 packages:
diff --git a/passwd b/passwd
index 673a3d56c..893fd8a74 100644
--- a/passwd
+++ b/passwd
@@ -24,4 +24,3 @@ nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
 kube:x:996:994:Kubernetes user:/:/sbin/nologin
 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
 chrony:x:994:992::/var/lib/chrony:/sbin/nologin
-openvswitch:x:800:800::/:/sbin/nologin