From de28e491c7e9d5c9999e84b7b1a811146700c4ab Mon Sep 17 00:00:00 2001
From: Rudi Heitbaum <rudi@heitbaum.com>
Date: Sat, 20 Sep 2025 14:05:19 +0000
Subject: [PATCH] systemd: fix static drop-ins as reported by systemctl
 --failed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

systemd 258 enhances the systemd-creds userdb mechanism and now fails when the /etc/userdb directory is missing.

1. Remove the systemd-userdb-load-credentials.service script as no service (addon) require the creation of static users

    # systemctl --failed
    ● systemd-userdb-load-credentials.service loaded failed failed Load JSON user/group Records from Credentials

2. Create the symbolic link to allow the /storage/.cache/userdb to be utilised (but no default directory to be created)

    # userdbctl services
    SERVICE                      LISTENING
    io.systemd.DropIn            yes
    io.systemd.DynamicUser       yes
    io.systemd.Multiplexer       yes
    io.systemd.NameServiceSwitch yes
    4 services listed.

    # ls -l /storage/.cache/userdb
    lrwxrwxrwx    1 root     root             6 Sep 21 09:48 473.user -> testuser.user
    -rw-r--r--    1 root     root           250 Sep 21 09:27 testuser.user

    # id u
    uid=473(testuser) gid=473 groups=473

    # userdbctl
       NAME                            DISPOSITION        UID   GID REALNAME                     HOME                  SHELL
       ...
    ┌─ ↓ begin system users ↓          system               1     - First system user            -                     -
       ...
       testuser                        regular            473   473 -                            /                     /bin/false
    └─ ↑ end system users ↑            system             999     - Last system user             -                     -

- https://systemd.io/USER_RECORD/
- https://man7.org/linux/man-pages/man8/nss-systemd.8.html
- https://man7.org/linux/man-pages/man7/systemd.system-credentials.7.html
---
 packages/sysutils/systemd/package.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/sysutils/systemd/package.mk b/packages/sysutils/systemd/package.mk
index f6227a3e40..78a967e862 100644
--- a/packages/sysutils/systemd/package.mk
+++ b/packages/sysutils/systemd/package.mk
@@ -199,6 +199,9 @@ post_makeinstall_target() {
   safe_remove ${INSTALL}/usr/lib/systemd/system/systemd-time-wait-sync.service
   safe_remove ${INSTALL}/usr/lib/systemd/systemd-time-wait-sync
 
+  # remove the userdbctl load-credentials script - no service (addon) require the creation of static users
+  safe_remove ${INSTALL}/usr/lib/systemd/system/systemd-userdb-load-credentials.service
+
   # tune journald.conf
   sed -e "s,^.*Compress=.*$,Compress=no,g" -i ${INSTALL}/etc/systemd/journald.conf
   sed -e "s,^.*MaxFileSec=.*$,MaxFileSec=0,g" -i ${INSTALL}/etc/systemd/journald.conf
@@ -271,6 +274,8 @@ post_makeinstall_target() {
   safe_remove ${INSTALL}/etc/udev/rules.d
   ln -sf /storage/.config/udev.rules.d ${INSTALL}/etc/udev/rules.d
 
+  ln -sf /storage/.cache/userdb ${INSTALL}/etc/userdb
+
   # journald
   ln -sf /storage/.cache/journald.conf.d ${INSTALL}/usr/lib/systemd/journald.conf.d
 }