[ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root

[Ansis Atteka]

Otherwise, Open vSwitch will fail to start with the following
error "libcap-ng is not configured at compile time" when it
attempts to downgrade to Open vSwitch user.

Also, if packages were built in a way where processes are
supposed to be running only as root, then there is no point
in creating "openvswitch" user in the first place.

Signed-off-by: Ansis Atteka <aatteka at ovn.org>
---
 rhel/openvswitch-fedora.spec.in | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index c1cd3f4c6..ce728b4f0 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -350,6 +350,7 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %pre
+%if %{with libcapng}
 getent group openvswitch >/dev/null || groupadd -r openvswitch
 getent passwd openvswitch >/dev/null || \
     useradd -r -g openvswitch -d / -s /sbin/nologin \
@@ -359,9 +360,11 @@ getent passwd openvswitch >/dev/null || \
     getent group hugetlbfs >/dev/null || groupadd -r hugetlbfs
     usermod -a -G hugetlbfs openvswitch
 %endif
+%endif
 exit 0
 
 %post
+%if %{with libcapng}
 if [ $1 -eq 1 ]; then
     sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch
     sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/openvswitch
@@ -376,6 +379,7 @@ if [ $1 -eq 1 ]; then
     chown -R openvswitch:openvswitch /etc/openvswitch
     chown -R openvswitch:openvswitch /var/log/openvswitch
 fi
+%endif
 
 %if 0%{?systemd_post:1}
     %systemd_post %{name}.service
@@ -445,7 +449,11 @@ fi
 %endif
 
 %files
+%if %{with libcapng}
 %defattr(-,openvswitch,openvswitch)
+%else
+%defattr(-,root,root)
+%endif
 %dir %{_sysconfdir}/openvswitch
 %{_sysconfdir}/openvswitch/default.conf
 %config %ghost %{_sysconfdir}/openvswitch/conf.db
-- 
2.14.1