From eb0c127ba6e8fbb5f4f62cf7772c8a9cc7e4d4c9 Mon Sep 17 00:00:00 2001
From: Santiago Torres <santiago@archlinux.org>
Date: Thu, 10 Dec 2020 19:07:59 -0500
Subject: [PATCH] Makefile: use sysusers directly

Instead of using the libalpm systemd-syusers hook, use sysusers
directly. The --root parameter allows us to avoid using the host's
namespace and populate using the conf files in the target's build
directory.
---
 Dockerfile.template | 1 -
 Makefile            | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile.template b/Dockerfile.template
index 904004d..0320331 100644
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -22,7 +22,6 @@ FROM scratch AS root
 COPY --from=verify /rootfs/ /
 
 RUN ldconfig
-RUN /usr/share/libalpm/scripts/systemd-hook sysusers
 
 ENV LANG=en_US.UTF-8
 CMD ["/usr/bin/bash"]
diff --git a/Makefile b/Makefile
index 939c24a..9bbf83a 100644
--- a/Makefile
+++ b/Makefile
@@ -23,6 +23,9 @@ fakechroot -- fakeroot -- chroot $(BUILDDIR) update-ca-trust
 
 	ln -fs /usr/lib/os-release $(BUILDDIR)/etc/os-release
 
+	# add system users
+	fakechroot -- fakeroot -- chroot $(BUILDDIR) /usr/bin/systemd-sysusers --root "/"
+
 	# remove passwordless login for root (see CVE-2019-5021 for reference)
 	sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"