Name:           ublknonroot
Version:        1.0
Release:        1%{?dist}
Summary:        ublknonroot group, runtime dir, ublk helpers

License:        BSD
URL:            https://example.com/ublknonroot

BuildRequires:  systemd-rpm-macros
Requires:       systemd
Requires:       udev
Requires:       ublk_user_id

Source0:        ublknonroot.sysusers
Source1:        ublknonroot.tmpfiles
Source2:        ublknonroot.modules-load
Source3:        99-ublk.rules
Source4:        ublk_chown.sh

BuildArch:      noarch

%description
This package provides:
- the system group: ublknonroot
- the runtime directory: /run/ublknonroot (root:ublknonroot, mode 0775)
- a modules-load.d config to load the ublk_drv kernel module at boot
- udev rules to manage permissions and ownership of ublk devices
- a helper script /usr/sbin/ublk_chown.sh which requires the ublk_user_id binary
  which is installed with the run-time requirement ublk_user_id package

These are intended for use by ublk-related services that should not run
entirely as root.

%install
# sysusers.d: create group ublknonroot
mkdir -p %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE0} %{buildroot}%{_sysusersdir}/ublknonroot.conf

# tmpfiles.d: create /run/ublknonroot (0775 root:ublknonroot)
mkdir -p %{buildroot}%{_tmpfilesdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/ublknonroot.conf

# modules-load.d: load ublk_drv at boot
mkdir -p %{buildroot}%{_modulesloaddir}
install -m 0644 %{SOURCE2} %{buildroot}%{_modulesloaddir}/ublknonroot.conf

# udev rules: apply ublk permissions and helper hooks
mkdir -p %{buildroot}%{_udevrulesdir}
install -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/99-ublk.rules

# helper script: /usr/sbin/ublk_chown.sh
mkdir -p %{buildroot}%{_sbindir}
install -m 0755 %{SOURCE4} %{buildroot}%{_sbindir}/ublk_chown.sh

%post
# Ensure group exists
%sysusers_create %{_sysusersdir}/ublknonroot.conf

# Ensure /run/ublknonroot exists now
%tmpfiles_create %{_tmpfilesdir}/ublknonroot.conf

# Try to load the ublk_drv module immediately (ignore failure)
if command -v /usr/sbin/modprobe >/dev/null 2>&1 ; then
    /usr/sbin/modprobe ublk_drv >/dev/null 2>&1 || :
elif command -v /sbin/modprobe >/dev/null 2>&1 ; then
    /sbin/modprobe ublk_drv >/dev/null 2>&1 || :
fi

# Reload udev rules so new rules take effect
udevadm control --reload >/dev/null 2>&1 || :

%files
%{_sysusersdir}/ublknonroot.conf
%{_tmpfilesdir}/ublknonroot.conf
%{_modulesloaddir}/ublknonroot.conf
%{_udevrulesdir}/99-ublk.rules
%{_sbindir}/ublk_chown.sh

%changelog
* Wed Nov 19 2025 Tony Asleson <tasleson@redhat.com> - 1.0-1
- Initial ublknonroot package for allowing non-root users to create
  block devices