feat: manage docker group with systemd-sysusers

Switches away from the groupadd postinstall commands to managing
the docker group with sysusers.

This is a declarative way to create and manage users, better suited
for the atomic distros such as Silverblue.

Signed-off-by: Robert Sturla <[email protected]>
Signed-off-by: Sebastiaan van Stijn <[email protected]>

Author: p5

deb/common/docker-ce.postinst

@@ -133,6 +133,9 @@ override_dh_auto_install:
 	install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh
 	# TODO: how can we install vpnkit?
 
+	# install systemd sysusers config
+	install -D -p -m 0644 engine/contrib/systemd-sysusers/docker.conf debian/docker-ce/usr/lib/sysusers.d/docker.conf
+
 override_dh_installinit:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installinit --name=docker

deb/common/rules

@@ -84,6 +84,9 @@ install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${R
 install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/docker-proxy) ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy
 install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}/docker/docker-init
 
+# install systemd sysusers config
+install -D -p -m 0644 engine/contrib/systemd-sysusers/docker.conf ${RPM_BUILD_ROOT}%{_sysusersdir}/docker.conf
+
 # install systemd scripts
 install -D -p -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service
 install -D -p -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket
@@ -100,14 +103,12 @@ mkdir -p ${RPM_BUILD_ROOT}/etc/docker
 %{_libexecdir}/docker/docker-init
 %{_unitdir}/docker.service
 %{_unitdir}/docker.socket
+%{_sysusersdir}/docker.conf
 %{_mandir}/man*/*
 %dir /etc/docker
 
 %post
 %systemd_post docker.service
-if ! getent group docker > /dev/null; then
-    groupadd --system docker
-fi
 
 %preun
 %systemd_preun docker.service docker.socket