From cb5a76eb5f5f5fb5fe48501993344d6caee53e54 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Fri, 10 Apr 2026 19:23:01 +0200
Subject: [PATCH] Replace manual user/group creation with sysusers.d and
 tmpfiles.d

---
 .github/workflows/publish-aur.yml    |  2 ++
 pkg/aur/PKGBUILD                     | 10 ++++++++++
 pkg/aur/remoteterm-meshcore.install  | 11 -----------
 pkg/aur/remoteterm-meshcore.sysusers |  1 +
 pkg/aur/remoteterm-meshcore.tmpfiles |  1 +
 scripts/quality/test_aur_package.sh  | 12 +++++++-----
 6 files changed, 21 insertions(+), 16 deletions(-)
 create mode 100644 pkg/aur/remoteterm-meshcore.sysusers
 create mode 100644 pkg/aur/remoteterm-meshcore.tmpfiles

diff --git a/.github/workflows/publish-aur.yml b/.github/workflows/publish-aur.yml
index 55e2117..979859b 100644
--- a/.github/workflows/publish-aur.yml
+++ b/.github/workflows/publish-aur.yml
@@ -56,6 +56,8 @@ jobs:
           assets: |
             pkg/aur/remoteterm-meshcore.install
             pkg/aur/remoteterm-meshcore.service
+            pkg/aur/remoteterm-meshcore.sysusers
+            pkg/aur/remoteterm-meshcore.tmpfiles
             pkg/aur/remoteterm.env
           commit_username: jackkingsman
           commit_email: ${{ secrets.AUR_COMMIT_EMAIL }}
diff --git a/pkg/aur/PKGBUILD b/pkg/aur/PKGBUILD
index 2dd3eb6..1b5fc8d 100644
--- a/pkg/aur/PKGBUILD
+++ b/pkg/aur/PKGBUILD
@@ -23,11 +23,15 @@ source=(
   "$pkgname-$pkgver.tar.gz::https://github.com/jkingsman/Remote-Terminal-for-MeshCore/archive/refs/tags/$pkgver.tar.gz"
   "remoteterm-meshcore.service"
   "remoteterm.env"
+  "remoteterm-meshcore.sysusers"
+  "remoteterm-meshcore.tmpfiles"
 )
 # sha256sums are recomputed by `updpkgsums` in the publish workflow before
 # the PKGBUILD is pushed to AUR. The committed values are intentionally SKIP
 # so the file is honest about not tracking real hashes in this repo.
 sha256sums=('SKIP'
+            'SKIP'
+            'SKIP'
             'SKIP'
             'SKIP')
 
@@ -111,6 +115,12 @@ package() {
   install -Dm640 "$srcdir/remoteterm.env" \
     "$pkgdir/etc/remoteterm-meshcore/remoteterm.env"
 
+  # System user and data directory
+  install -Dm644 "$srcdir/remoteterm-meshcore.sysusers" \
+    "$pkgdir/usr/lib/sysusers.d/remoteterm-meshcore.conf"
+  install -Dm644 "$srcdir/remoteterm-meshcore.tmpfiles" \
+    "$pkgdir/usr/lib/tmpfiles.d/remoteterm-meshcore.conf"
+
   # License
   install -Dm644 LICENSE.md \
     "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
diff --git a/pkg/aur/remoteterm-meshcore.install b/pkg/aur/remoteterm-meshcore.install
index 7161a0b..2560b69 100644
--- a/pkg/aur/remoteterm-meshcore.install
+++ b/pkg/aur/remoteterm-meshcore.install
@@ -1,14 +1,3 @@
-pre_install() {
-  getent group  remoteterm > /dev/null || groupadd -r remoteterm
-  getent passwd remoteterm > /dev/null || \
-    useradd -r -g remoteterm -d /var/lib/remoteterm-meshcore -s /sbin/nologin \
-      -c "RemoteTerm for MeshCore" remoteterm
-}
-
-pre_upgrade() {
-  pre_install
-}
-
 post_install() {
   echo "==> Set your radio connection (serial, TCP, or BLE) in"
   echo "==>   /etc/remoteterm-meshcore/remoteterm.env"
diff --git a/pkg/aur/remoteterm-meshcore.sysusers b/pkg/aur/remoteterm-meshcore.sysusers
new file mode 100644
index 0000000..ccd8b62
--- /dev/null
+++ b/pkg/aur/remoteterm-meshcore.sysusers
@@ -0,0 +1 @@
+u remoteterm - "RemoteTerm for MeshCore" /var/lib/remoteterm-meshcore
diff --git a/pkg/aur/remoteterm-meshcore.tmpfiles b/pkg/aur/remoteterm-meshcore.tmpfiles
new file mode 100644
index 0000000..5255da6
--- /dev/null
+++ b/pkg/aur/remoteterm-meshcore.tmpfiles
@@ -0,0 +1 @@
+d /var/lib/remoteterm-meshcore 0750 remoteterm remoteterm
diff --git a/scripts/quality/test_aur_package.sh b/scripts/quality/test_aur_package.sh
index 8ae6da6..64421fe 100644
--- a/scripts/quality/test_aur_package.sh
+++ b/scripts/quality/test_aur_package.sh
@@ -53,7 +53,8 @@ echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 BUILD_DIR=/home/builder/build
 mkdir -p "$BUILD_DIR"
 cp /pkg/PKGBUILD /pkg/remoteterm-meshcore.install \
-   /pkg/remoteterm-meshcore.service /pkg/remoteterm.env "$BUILD_DIR/"
+   /pkg/remoteterm-meshcore.service /pkg/remoteterm-meshcore.sysusers \
+   /pkg/remoteterm-meshcore.tmpfiles /pkg/remoteterm.env "$BUILD_DIR/"
 chown -R builder:builder "$BUILD_DIR"
 
 echo "Building package..."
@@ -84,13 +85,14 @@ docker run -d \
     archlinux:latest bash -c '
 set -euo pipefail
 
-# Install the package (triggers pre_install which creates the remoteterm user)
+# Install the package (sysusers.d creates the remoteterm user, tmpfiles.d creates the data dir)
 pacman -Syu --noconfirm >/dev/null 2>&1
 pacman -U --noconfirm /pkg/*.pkg.tar.zst
 
-# Create the state directory (systemd StateDirectory= would do this on a real host)
-mkdir -p /var/lib/remoteterm-meshcore
-chown remoteterm:remoteterm /var/lib/remoteterm-meshcore
+# In a container there is no systemd to trigger sysusers/tmpfiles automatically,
+# so run them manually.
+systemd-sysusers
+systemd-tmpfiles --create
 
 echo "============================================"
 echo " RemoteTerm installed — starting server"