Revert "Removed uidgid pair 27:27 for MySQL/MariaDB"

This reverts commit df5ba729d6.

Reason: The MariaDB and MySQL sysusers.d files has to use soft static allocation in order to correctly handle the MariaDB PAM v2 plugin which utilizes setuid-to-root binary "/usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool".

Related: RHEL-119790 RHEL-119789

.gitignore

@@ -1,80 +1,5 @@
-setup-2.8.23.tar.bz2
-setup-2.8.24.tar.bz2
-setup-2.8.25.tar.bz2
-/setup-2.8.26.tar.bz2
-/setup-2.8.27.tar.bz2
-/setup-2.8.28.tar.bz2
-/setup-2.8.29.tar.bz2
-/setup-2.8.30.tar.bz2
-/setup-2.8.31.tar.bz2
-/setup-2.8.32.tar.bz2
-/setup-2.8.33.tar.bz2
-/setup-2.8.34.tar.bz2
-/setup-2.8.35.tar.bz2
-/setup-2.8.37.tar.bz2
-/setup-2.8.38.tar.bz2
-/setup-2.8.39.tar.bz2
-/setup-2.8.40.tar.bz2
-/setup-2.8.42.tar.bz2
-/setup-2.8.43.tar.bz2
-/setup-2.8.44.tar.bz2
-/setup-2.8.45.tar.bz2
-/setup-2.8.46.tar.bz2
-/setup-2.8.47.tar.bz2
-/setup-2.8.48.tar.bz2
-/setup-2.8.49.tar.bz2
-/setup-2.8.50.tar.bz2
-/setup-2.8.51.tar.bz2
-/setup-2.8.53.tar.bz2
-/setup-2.8.54.tar.bz2
-/setup-2.8.55.tar.bz2
-/setup-2.8.56.tar.bz2
-/setup-2.8.57.tar.bz2
-/setup-2.8.58.tar.bz2
-/setup-2.8.59.tar.bz2
-/setup-2.8.61.tar.bz2
-/setup-2.8.62.tar.bz2
-/setup-2.8.64.tar.bz2
-/setup-2.8.65.tar.bz2
-/setup-2.8.66.tar.bz2
-/setup-2.8.67.tar.bz2
-/setup-2.8.68.tar.bz2
-/setup-2.8.69.tar.bz2
-/setup-2.8.70.tar.bz2
-/setup-2.8.71.tar.bz2
-/setup-2.8.72.tar.bz2
-/setup-2.8.73.tar.bz2
-/setup-2.8.74.tar.bz2
-/setup-2.8.75.tar.bz2
-/setup-2.9.0.tar.bz2
-/setup-2.9.1.tar.bz2
-/setup-2.9.2.tar.bz2
-/setup-2.9.3.tar.bz2
-/setup-2.9.4.tar.bz2
-/setup-2.9.5.tar.bz2
-/setup-2.9.6.tar.bz2
-/setup-2.9.7.tar.bz2
-/setup-2.9.8.tar.bz2
-/setup-2.10.1.tar.bz2
-/setup-2.10.2.tar.bz2
-/setup-2.10.3.tar.bz2
-/setup-2.10.4.tar.bz2
-/setup-2.10.5.tar.bz2
-/setup-2.10.7.tar.bz2
-/setup-2.10.8.tar.bz2
-/setup-2.10.9.tar.bz2
-/setup-2.10.10.tar.bz2
-/setup-2.11.1.tar.bz2
-/setup-2.11.2.tar.bz2
-/setup-2.11.3.tar.bz2
-/setup-2.11.4.tar.bz2
-/setup-2.12.0.tar.bz2
-/setup-2.12.1.tar.bz2
-/setup-2.12.2.tar.bz2
-/setup-2.12.3.tar.bz2
-/setup-2.12.5.tar.bz2
-/setup-2.12.6.tar.bz2
-/setup-2.13.1.tar.bz2
-/setup-2.13.2.tar.bz2
-/setup-2.13.3.tar.bz2
-/setup-2.13.6.tar.bz2
+/setup-*.bz2
+/setup-*.gz
+# Autogenerated files:
+/etc
+/sysusers.d

COPYING

@@ -0,0 +1,4 @@
+Setup package is public domain.
+
+You are free to use, copy, distribute or modify included files
+without restrictions.

aliases

@@ -0,0 +1,97 @@
+#
+#  Aliases in this file will NOT be expanded in the header from
+#  Mail, but WILL be visible over networks or from /bin/mail.
+#
+#	>>>>>>>>>>	The program "newaliases" must be run after
+#	>> NOTE >>	this file is updated for any changes to
+#	>>>>>>>>>>	show through to sendmail.
+#
+
+# Basic system aliases -- these MUST be present.
+mailer-daemon:	postmaster
+postmaster:	root
+
+# General redirections for pseudo accounts.
+bin:		root
+daemon:		root
+adm:		root
+lp:		root
+sync:		root
+shutdown:	root
+halt:		root
+mail:		root
+news:		root
+uucp:		root
+operator:	root
+games:		root
+gopher:		root
+ftp:		root
+nobody:		root
+radiusd:	root
+nut:		root
+dbus:		root
+vcsa:		root
+canna:		root
+wnn:		root
+rpm:		root
+nscd:		root
+pcap:		root
+apache:		root
+webalizer:	root
+dovecot:	root
+fax:		root
+quagga:		root
+radvd:		root
+pvm:		root
+amandabackup:		root
+privoxy:	root
+ident:		root
+named:		root
+xfs:		root
+gdm:		root
+mailnull:	root
+postgres:	root
+sshd:		root
+smmsp:		root
+postfix:	root
+netdump:	root
+ldap:		root
+squid:		root
+ntp:		root
+mysql:		root
+desktop:	root
+rpcuser:	root
+rpc:		root
+nfsnobody:	root
+pcp:		root
+
+ingres:		root
+system:		root
+toor:		root
+manager:	root
+dumper:		root
+abuse:		root
+
+newsadm:	news
+newsadmin:	news
+usenet:		news
+ftpadm:		ftp
+ftpadmin:	ftp
+ftp-adm:	ftp
+ftp-admin:	ftp
+www:		webmaster
+webmaster:	root
+noc:		root
+security:	root
+hostmaster:	root
+info:		postmaster
+marketing:	postmaster
+sales:		postmaster
+support:	postmaster
+
+
+# trap decode to catch security attacks
+decode:		root
+
+# Person who should get root's mail
+#root:		marc

bashrc

@@ -0,0 +1,90 @@
+# /etc/bashrc
+
+# System wide functions and aliases
+# Environment stuff goes in /etc/profile
+
+# It's NOT a good idea to change this file unless you know what you
+# are doing. It's much better to create a custom.sh shell script in
+# /etc/profile.d/ to make custom changes to your environment, as this
+# will prevent the need for merging in future updates.
+
+# Prevent doublesourcing
+if [ -z "$BASHRCSOURCED" ]; then
+  BASHRCSOURCED="Y"
+
+  # are we an interactive shell?
+  if [ "$PS1" ]; then
+    if [ -z "$PROMPT_COMMAND" ]; then
+      declare -a PROMPT_COMMAND
+      case $TERM in
+      xterm*)
+        if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
+            PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
+        else
+            PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
+        fi
+        ;;
+      screen*)
+        if [ -e /etc/sysconfig/bash-prompt-screen ]; then
+            PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
+        else
+            PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
+        fi
+        ;;
+      *)
+        [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
+        ;;
+      esac
+    fi
+    # Turn on parallel history
+    shopt -s histappend
+    # Turn on checkwinsize
+    shopt -s checkwinsize
+    # Change the default prompt string
+    [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
+    # You might want to have e.g. tty in prompt (e.g. more virtual machines)
+    # and console windows
+    # If you want to do so, just add e.g.
+    # if [ "$PS1" ]; then
+    #   PS1="[\u@\h:\l \W]\\$ "
+    # fi
+    # to your custom modification shell script in /etc/profile.d/ directory
+  fi
+
+  if ! shopt -q login_shell ; then # We're not a login shell
+    # Need to redefine pathmunge, it gets undefined at the end of /etc/profile
+    pathmunge () {
+        case ":${PATH}:" in
+            *:"$1":*)
+                ;;
+            *)
+                if [ "$2" = "after" ] ; then
+                    PATH=$PATH:$1
+                else
+                    PATH=$1:$PATH
+                fi
+        esac
+    }
+
+    # Set default umask for non-login shell only if it is set to 0
+    [ `umask` -eq 0 ] && umask 022
+
+    SHELL=/bin/bash
+    # Only display echos from profile.d scripts if we are no login shell
+    # and interactive - otherwise just process them to set envvars
+    for i in /etc/profile.d/*.sh; do
+        if [ -r "$i" ]; then
+            if [ "$PS1" ]; then
+                . "$i"
+            else
+                . "$i" >/dev/null
+            fi
+        fi
+    done
+
+    unset i
+    unset -f pathmunge
+  fi
+
+fi
+# vim:ts=4:sw=4

csh.cshrc

@@ -0,0 +1,66 @@
+# /etc/cshrc
+#
+# csh configuration for all shell invocations.
+
+# Set default umask for non-login shell only if it is set to 0
+if ( `umask` == 0 ) then
+    umask 022
+endif
+
+if ($?prompt) then
+  if ($?tcsh) then
+    set promptchars='$#'
+    set prompt='[%n@%m %c]%# '
+    # make completion work better by default
+    set autolist
+  else
+    set prompt=\[$user@`/usr/bin/hostname`\]\$\ 
+  endif
+endif
+
+if ( $?tcsh ) then
+	bindkey "^[[3~" delete-char
+endif
+
+bindkey "^R" i-search-back
+set echo_style = both
+set histdup = erase
+set savehist = (1024 merge)
+
+if ($?prompt) then
+  if ($?TERM) then
+    switch($TERM)
+      case xterm*:
+        if ($?tcsh) then
+	  set prompt='%{\033]0;%n@%m:%c\007%}[%n@%m %c]%# '
+        endif
+        breaksw
+      case screen:
+        if ($?tcsh) then
+          set prompt='%{\033k%n@%m:%c\033\\%}[%n@%m %c]%# '
+        endif
+        breaksw
+      default:
+        breaksw
+    endsw
+  endif
+endif
+
+setenv MAIL "/var/spool/mail/$USER"
+
+# Check if we aren't a loginshell and do stuff if we aren't
+if (! $?loginsh) then
+    if ( -d /etc/profile.d ) then
+        set nonomatch
+        foreach i ( /etc/profile.d/*.csh )
+            if ( -r "$i" ) then
+                if ($?prompt) then
+                    source "$i"
+                else
+                    source "$i" >&/dev/null
+                endif
+            endif
+        end
+        unset i nonomatch
+    endif
+endif

csh.login

@@ -0,0 +1,61 @@
+# /etc/csh.login
+
+# System wide environment and startup programs, for login setup
+
+if ( ! ${?PATH} ) then
+        if ( $uid == 0 ) then
+		setenv PATH "/usr/local/sbin:/usr/sbin:/usr/local/bin:/usr/bin"
+        else
+		setenv PATH "/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
+        endif
+else
+	#add sbin directories to the path
+	foreach p ( /usr/local/sbin /usr/sbin )
+		switch (":${PATH}:")
+		case "*:${p}:*":
+			breaksw
+		default:
+			if ( $uid == 0 ) then
+	                        set path = ( ${p} ${path:q} )
+			else
+	                        set path = ( ${path:q} ${p} )
+			endif
+			breaksw
+		endsw
+	end
+	unset p
+endif
+
+if ( -ex /usr/bin/hostnamectl ) then
+        setenv HOSTNAME `/usr/bin/hostnamectl --transient`
+        if ( $? != 0 ) then
+                unsetenv HOSTNAME
+        endif
+endif
+if ( ! $?HOSTNAME ) then
+        if ( -ex /usr/bin/hostname ) then
+                setenv HOSTNAME `/usr/bin/hostname`
+                if ( $? != 0 ) then
+                        unsetenv HOSTNAME
+                endif
+        endif
+endif
+if ( ! $?HOSTNAME ) then
+        setenv HOSTNAME `/usr/bin/uname -n`
+endif
+
+set history=1000
+
+if ( -d /etc/profile.d ) then
+        set nonomatch
+        foreach i ( /etc/profile.d/*.csh /etc/profile.d/csh.local )
+                if ( -r "$i" ) then
+	                        if ($?prompt) then
+	                              source "$i"
+	                        else
+	                              source "$i" >& /dev/null
+	                        endif
+                endif
+        end
+        unset i nonomatch
+endif

ethertypes

@@ -0,0 +1,39 @@
+#
+# Ethernet frame types
+#		This file describes some of the various Ethernet
+#		protocol types that are used on Ethernet networks.
+#
+# This list could be found on:
+#         http://www.iana.org/assignments/ethernet-numbers
+#         http://www.iana.org/assignments/ieee-802-numbers
+#
+# <name>    <hexnumber> <alias1>...<alias35> #Comment
+#
+IPv4	 	0800  	ip ip4 		# Internet IP (IPv4)
+X25		0805
+ARP		0806	ether-arp	#
+FR_ARP		0808    		# Frame Relay ARP        [RFC1701]
+BPQ		08FF			# G8BPQ AX.25 Ethernet Packet
+DEC		6000			# DEC Assigned proto
+DNA_DL		6001			# DEC DNA Dump/Load
+DNA_RC		6002			# DEC DNA Remote Console
+DNA_RT		6003			# DEC DNA Routing
+LAT		6004			# DEC LAT
+DIAG		6005			# DEC Diagnostics
+CUST		6006			# DEC Customer use
+SCA		6007			# DEC Systems Comms Arch
+TEB		6558			# Trans Ether Bridging   [RFC1701]
+RAW_FR  	6559			# Raw Frame Relay        [RFC1701]
+RARP		8035			# Reverse ARP            [RFC903]
+AARP		80F3			# Appletalk AARP
+ATALK		809B			# Appletalk
+802_1Q		8100	8021q 1q 802.1q	dot1q # 802.1Q Virtual LAN tagged frame
+IPX		8137			# Novell IPX
+NetBEUI		8191			# NetBEUI
+IPv6		86DD	ip6 		# IP version 6
+PPP		880B			# PPP
+ATMMPOA		884C			# MultiProtocol over ATM
+PPP_DISC	8863			# PPPoE discovery messages
+PPP_SES		8864			# PPPoE session messages
+ATMFATE		8884			# Frame-based ATM Transport over Ethernet
+LOOP		9000	loopback 	# loop proto

filesystems

@@ -0,0 +1,10 @@
+ext4
+ext3
+ext2
+nodev proc
+nodev devpts
+iso9660
+vfat
+hfs
+hfsplus
+*

generate-services.py

@@ -0,0 +1,50 @@
+#!/usr/bin/python3 -Wall
+# -*- coding: utf-8 -*-
+
+# Generate /etc/services from IANA registry
+# Ville Skyttä <ville.skytta@iki.fi> 2016
+
+import re
+from urllib.request import urlopen
+from xml.etree import ElementTree as ET
+
+url = "http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml"
+ns = {"iana": "http://www.iana.org/assignments"}
+
+with urlopen(url) as stream:
+    tree = ET.parse(stream)
+
+print("# service-name  port/protocol  [aliases ...]   [# comment]")
+
+for record in tree.getroot().findall("iana:record", ns):
+
+    name = record.find("iana:name", ns)
+    if name is None or not re.match(r"[A-Za-z0-9-]+$", name.text):
+        continue
+
+    protocol = record.find("iana:protocol", ns)
+    if protocol is None or not protocol.text:
+        continue
+
+    description = record.find("iana:description", ns).text
+    if description and description.lower() == name.text.lower():
+        description = None
+
+    number = record.find("iana:number", ns)
+    if number is None or not number.text:
+        continue
+    if "-" in number.text:
+        start, end = map(int, number.text.split("-"))
+        number_range = range(start, end + 1)
+    else:
+        number_range = [number.text]
+
+    for number in number_range:
+        numproto = "%s/%s" % (number, protocol.text)
+
+        row = "%-16s" % name.text
+        if description:
+            row += "%-32s# %s" % (numproto, " ".join(description.split()))
+        else:
+            row += numproto
+        print(row)

host.conf

@@ -0,0 +1 @@
+multi on

hosts

@@ -0,0 +1,7 @@
+# Loopback entries; do not change.
+# For historical reasons, localhost precedes localhost.localdomain:
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+# See hosts(5) for proper format and other examples:
+# 192.168.1.10 foo.example.org foo
+# 192.168.1.13 bar.example.org bar

inputrc

@@ -0,0 +1,42 @@
+# do not bell on tab-completion
+#set bell-style none
+
+set meta-flag on
+set input-meta on
+set convert-meta off
+set output-meta on
+
+# Completed names which are symbolic links to
+# directories have a slash appended.
+set mark-symlinked-directories on
+
+$if mode=emacs
+
+# for linux console and RH/Debian xterm
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+# commented out keymappings for pgup/pgdown to reach begin/end of history
+#"\e[5~": beginning-of-history
+#"\e[6~": end-of-history
+"\e[5~": history-search-backward
+"\e[6~": history-search-forward
+"\e[3~": delete-char
+"\e[2~": overwrite-mode
+"\e[5C": forward-word
+"\e[5D": backward-word
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+
+# for rxvt
+"\e[8~": end-of-line
+"\eOc": forward-word
+"\eOd": backward-word
+
+# for non RH/Debian xterm, can't hurt for RH/DEbian xterm
+"\eOH": beginning-of-line
+"\eOF": end-of-line
+
+# for freebsd console
+"\e[H": beginning-of-line
+"\e[F": end-of-line
+$endif

lang.csh

@@ -0,0 +1,109 @@
+# /etc/profile.d/lang.csh - exports environment variables, and provides fallback
+#                          for CJK languages that can't be displayed in console.
+#                          Resets the locale if unavailable.
+
+unset LANG_backup
+
+# If unavailable, reset to the default. Do this before reading in any
+# explicit user configuration. We simply check if locale emits any
+# warnings, and assume that the settings are invalid if it does.
+set locale_error=`(/usr/bin/locale >/dev/null) |& cat`
+if ("${locale_error}" != "") then
+    if (${?LANG}) then
+        setenv LANG C.UTF-8
+    endif
+    unsetenv LC_ALL
+    setenv LC_CTYPE C.UTF-8
+    setenv LC_NUMERIC C.UTF-8
+    setenv LC_TIME C.UTF-8
+    setenv LC_COLLATE C.UTF-8
+    setenv LC_MONETARY C.UTF-8
+    setenv LC_MESSAGES C.UTF-8
+    setenv LC_PAPER C.UTF-8
+    setenv LC_NAME C.UTF-8
+    setenv LC_ADDRESS C.UTF-8
+    setenv LC_TELEPHONE C.UTF-8
+    setenv LC_MEASUREMENT C.UTF-8
+    setenv LC_IDENTIFICATION C.UTF-8
+else
+    if (${?LANG}) then
+        set LANG_backup=${LANG}
+    endif
+endif
+
+foreach config (/etc/locale.conf "${HOME}/.i18n")
+    if (-f "${config}") then
+        # NOTE: We are using eval & sed here to avoid invoking of any commands & functions from those files.
+        eval `/usr/bin/sed -r -e 's/^[[:blank:]]*([[:upper:]_]+)=([[:print:][:digit:]\._-]+|"[[:print:][:digit:]\._-]+")/setenv \1 \2;/;t;d' ${config}`
+    endif
+end
+
+if (${?LANG_backup}) then
+    setenv LANG "${LANG_backup}"
+endif
+
+unset LANG_backup config locale_error
+
+# ----------------------------------------------
+
+# The LC_ALL is not supposed to be set in /etc/locale.conf according to 'man 5 locale.conf'.
+# If it is set, then we expect it is user's explicit override (most likely from ~/.i18n file).
+# See 'man 7 locale' for more info about LC_ALL.
+if (${?LC_ALL}) then
+    if (${?LANG}) then
+        if (${LC_ALL} != ${LANG}) then
+            setenv LC_ALL
+        else
+            unsetenv LC_ALL
+        endif
+    else
+        unsetenv LC_ALL
+    endif
+endif
+
+# The ${LANG} manipulation is necessary only in virtual terminal (a.k.a. console - /dev/tty*):
+set in_console=`/usr/bin/tty | /usr/bin/grep -vc -e '/dev/tty'`
+
+if (${?LANG} && ${?TERM}) then
+    if (${TERM} == 'linux' && $in_console == 0) then
+        set utf8_used=`echo ${LANG} | /usr/bin/grep -vc -E -i -e '^.+\.utf-?8$'`
+
+        if (${utf8_used} == 0) then
+            switch (${LANG})
+                case en_IN*:
+                    breaksw
+                case ja*:
+                case ko*:
+                case si*:
+                case zh*:
+                case ar*:
+                case fa*:
+                case he*:
+                case *_IN*:
+                    setenv LANG en_US.UTF-8
+                    breaksw
+            endsw
+        else
+            switch (${LANG})
+                case en_IN*:
+                    breaksw
+                case ja*:
+                case ko*:
+                case si*:
+                case zh*:
+                case ar*:
+                case fa*:
+                case he*:
+                case *_IN*:
+                    setenv LANG en_US
+                    breaksw
+            endsw
+        endif
+
+        # NOTE: We are not exporting the ${LANG} here again on purpose.
+        #       If user starts GUI session from console manually, then
+        #       the previously set LANG should be okay to use.
+    endif
+endif
+
+unset in_console utf8_used

lang.sh

@@ -0,0 +1,91 @@
+# /etc/profile.d/lang.sh - exports environment variables, and provides fallback
+#                          for CJK languages that can't be displayed in console.
+#                          Resets the locale if unavailable.
+
+unset LANG_backup
+
+# If unavailable, reset to the default. Do this before reading in any
+# explicit user configuration. We simply check if locale emits any
+# warnings, and assume that the settings are invalid if it does.
+if [ -n "$(/usr/bin/locale 2>&1 1>/dev/null)" ]; then
+    [ -z "$LANG" ] || LANG=C.UTF-8
+    unset LC_ALL
+    LC_CTYPE="C.UTF-8"
+    LC_NUMERIC="C.UTF-8"
+    LC_TIME="C.UTF-8"
+    LC_COLLATE="C.UTF-8"
+    LC_MONETARY="C.UTF-8"
+    LC_MESSAGES="C.UTF-8"
+    LC_PAPER="C.UTF-8"
+    LC_NAME="C.UTF-8"
+    LC_ADDRESS="C.UTF-8"
+    LC_TELEPHONE="C.UTF-8"
+    LC_MEASUREMENT="C.UTF-8"
+    LC_IDENTIFICATION="C.UTF-8"
+else
+    LANG_backup="${LANG}"
+fi
+
+for config in /etc/locale.conf "${HOME}/.i18n"; do
+    if [ -f "${config}" ]; then
+        # NOTE: We are using eval & sed here to avoid invoking of any commands & functions from those files.
+        if [ -x /usr/bin/sed ]; then
+            eval $(/usr/bin/sed -r -e 's/^[[:blank:]]*([[:upper:]_]+)=([[:print:][:digit:]\._-]+|"[[:print:][:digit:]\._-]+")/export \1=\2/;t;d' ${config})
+        else
+            #but if we don't have sed, let's go old way and source it
+            [ -f "${config}" ] && . "${config}"
+        fi
+    fi
+done
+
+if [ -n "${LANG_backup}" ]; then
+    LANG="${LANG_backup}"
+fi
+
+unset LANG_backup config
+
+# ----------------------------------------------
+
+# The LC_ALL is not supposed to be set in /etc/locale.conf according to 'man 5 locale.conf'.
+# If it is set, then we we expect it is user's explicit override (most likely from ~/.i18n file).
+# See 'man 7 locale' for more info about LC_ALL.
+if [ -n "${LC_ALL}" ]; then
+    if [ "${LC_ALL}" != "${LANG}" -a -n "${LANG}" ]; then
+        export LC_ALL
+    else
+        unset LC_ALL
+    fi
+fi
+
+# The ${LANG} manipulation is necessary only in virtual terminal (a.k.a. console - /dev/tty*):
+if [ -n "${LANG}" ] && [ "${TERM}" = 'linux' ] && /usr/bin/tty | /usr/bin/grep --quiet -e '/dev/tty'; then
+    if /usr/bin/grep --quiet -E -i -e '^.+\.utf-?8$' <<< "${LANG}"; then
+        case ${LANG} in
+            ja*)    LANG=en_US.UTF-8 ;;
+            ko*)    LANG=en_US.UTF-8 ;;
+            si*)    LANG=en_US.UTF-8 ;;
+            zh*)    LANG=en_US.UTF-8 ;;
+            ar*)    LANG=en_US.UTF-8 ;;
+            fa*)    LANG=en_US.UTF-8 ;;
+            he*)    LANG=en_US.UTF-8 ;;
+            en_IN*) true             ;;
+            *_IN*)  LANG=en_US.UTF-8 ;;
+        esac
+    else
+        case ${LANG} in
+            ja*)    LANG=en_US ;;
+            ko*)    LANG=en_US ;;
+            si*)    LANG=en_US ;;
+            zh*)    LANG=en_US ;;
+            ar*)    LANG=en_US ;;
+            fa*)    LANG=en_US ;;
+            he*)    LANG=en_US ;;
+            en_IN*) true       ;;
+            *_IN*)  LANG=en_US ;;
+        esac
+    fi
+
+    # NOTE: We are not exporting the ${LANG} here again on purpose.
+    #       If user starts GUI session from console manually, then
+    #       the previously set LANG should be okay to use.
+fi

networks

@@ -0,0 +1,3 @@
+default 0.0.0.0
+loopback 127.0.0.0
+link-local 169.254.0.0

printcap

@@ -0,0 +1,7 @@
+# /etc/printcap
+#
+# Please don't edit this file directly unless you know what you are doing!
+# This file will be automatically generated by cupsd(8) from the
+# /etc/cups/printers.conf file.  All changes to this file
+# will be lost.
+

profile

@@ -0,0 +1,87 @@
+# /etc/profile
+
+# System wide environment and startup programs, for login setup
+# Functions and aliases go in /etc/bashrc
+
+# It's NOT a good idea to change this file unless you know what you
+# are doing. It's much better to create a custom.sh shell script in
+# /etc/profile.d/ to make custom changes to your environment, as this
+# will prevent the need for merging in future updates.
+
+pathmunge () {
+    # If the path is a compat symlink, do nothing.
+    [ -h "$1" ] && return
+
+    case ":${PATH}:" in
+        *:"$1":*)
+            ;;
+        *)
+            if [ "$2" = "after" ] ; then
+                PATH=$PATH:$1
+            else
+                PATH=$1:$PATH
+            fi
+    esac
+}
+
+
+if [ -x /usr/bin/id ]; then
+    if [ -z "$EUID" ]; then
+        # ksh workaround
+        EUID=`/usr/bin/id -u`
+        UID=`/usr/bin/id -ru`
+    fi
+    USER="`/usr/bin/id -un`"
+    LOGNAME=$USER
+    MAIL="/var/spool/mail/$USER"
+fi
+
+# Path manipulation
+if [ "$EUID" = "0" ]; then
+    pathmunge /usr/sbin
+    pathmunge /usr/local/sbin
+else
+    pathmunge /usr/local/sbin after
+    pathmunge /usr/sbin after
+fi
+
+HOSTNAME=$(/usr/bin/hostnamectl --transient 2>/dev/null) || \
+HOSTNAME=$(/usr/bin/hostname 2>/dev/null) || \
+HOSTNAME=$(/usr/bin/uname -n)
+
+if [ -z "$HISTSIZE" ] ; then
+    HISTSIZE=1000
+fi
+
+if [ "$HISTCONTROL" = "ignorespace" ] ; then
+    export HISTCONTROL=ignoreboth
+else
+    export HISTCONTROL=ignoredups
+fi
+
+export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
+
+for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do
+    if [ -r "$i" ]; then
+        if [ "${-#*i}" != "$-" ]; then
+            . "$i"
+        else
+            . "$i" >/dev/null
+        fi
+    fi
+done
+
+unset i
+unset -f pathmunge
+
+# Source global bash config, when interactive but not posix or sh mode
+if test "$BASH" &&\
+   test -z "$POSIXLY_CORRECT" &&\
+   test "${0#-}" != sh &&\
+   test -r /etc/bashrc
+then
+   # Bash login shells run only /etc/profile
+   # Bash non-login shells run only /etc/bashrc
+   # Check for double sourcing is done in /etc/bashrc.
+   . /etc/bashrc
+fi

protocols

@@ -0,0 +1,170 @@
+# /etc/protocols:
+# $Id: protocols,v 1.13 2025/05/14 15:30 mosvald Exp $
+#
+# Internet (IP) protocols
+#
+#	from: @(#)protocols	5.1 (Berkeley) 4/17/89
+#
+# Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992).
+# Last IANA update included dated 2025-01-08
+#
+# See also http://www.iana.org/assignments/protocol-numbers
+
+ip	0	IP		# internet protocol, pseudo protocol number
+hopopt	0	HOPOPT		# hop-by-hop options for ipv6
+icmp	1	ICMP		# internet control message protocol
+igmp	2	IGMP		# internet group management protocol
+ggp	3	GGP		# gateway-gateway protocol
+ipv4	4	IPv4		# IPv4 encapsulation
+st	5	ST		# ST datagram mode
+tcp	6	TCP		# transmission control protocol
+cbt	7	CBT		# CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk>
+egp	8	EGP		# exterior gateway protocol
+igp	9	IGP		# any private interior gateway (Cisco: for IGRP)
+bbn-rcc	10	BBN-RCC-MON		# BBN RCC Monitoring
+nvp	11	NVP-II		# Network Voice Protocol
+pup	12	PUP		# PARC universal packet protocol
+argus	13	ARGUS		# ARGUS (deprecated)
+emcon	14	EMCON		# EMCON
+xnet	15	XNET		# Cross Net Debugger
+chaos	16	CHAOS		# Chaos
+udp	17	UDP		# user datagram protocol
+mux	18	MUX		# Multiplexing protocol
+dcn	19	DCN-MEAS		# DCN Measurement Subsystems
+hmp	20	HMP		# host monitoring protocol
+prm	21	PRM		# packet radio measurement protocol
+xns-idp	22	XNS-IDP		# Xerox NS IDP
+trunk-1	23	TRUNK-1		# Trunk-1
+trunk-2	24	TRUNK-2		# Trunk-2
+leaf-1	25	LEAF-1		# Leaf-1
+leaf-2	26	LEAF-2		# Leaf-2
+rdp	27	RDP		# "reliable datagram" protocol
+irtp	28	IRTP		# Internet Reliable Transaction Protocol
+iso-tp4	29	ISO-TP4		# ISO Transport Protocol Class 4
+netblt	30	NETBLT		# Bulk Data Transfer Protocol
+mfe-nsp	31	MFE-NSP		# MFE Network Services Protocol
+merit-inp	32	MERIT-INP		# MERIT Internodal Protocol
+dccp	33	DCCP		# Datagram Congestion Control Protocol
+3pc	34	3PC		# Third Party Connect Protocol
+idpr	35	IDPR		# Inter-Domain Policy Routing Protocol
+xtp	36	XTP		# Xpress Tranfer Protocol
+ddp	37	DDP		# Datagram Delivery Protocol
+idpr-cmtp	38	IDPR-CMTP		# IDPR Control Message Transport Proto
+tp++	39	TP++		# TP++ Transport Protocol
+il	40	IL		# IL Transport Protocol
+ipv6	41	IPv6		# IPv6 encapsulation
+sdrp	42	SDRP		# Source Demand Routing Protocol
+ipv6-route	43	IPv6-Route		# Routing Header for IPv6
+ipv6-frag	44	IPv6-Frag		# Fragment Header for IPv6
+idrp	45	IDRP		# Inter-Domain Routing Protocol
+rsvp	46	RSVP		# Resource ReSerVation Protocol
+gre	47	GRE		# Generic Routing Encapsulation
+dsr	48	DSR		# Dynamic Source Routing Protocol
+bna	49	BNA		# BNA
+esp	50	ESP		# Encap Security Payload
+ipv6-crypt	50	IPv6-Crypt		# Encryption Header for IPv6 (not in official list)
+ah	51	AH		# Authentication Header
+ipv6-auth	51	IPv6-Auth		# Authentication Header for IPv6 (not in official list)
+i-nlsp	52	I-NLSP		# Integrated Net Layer Security TUBA
+swipe	53	SWIPE		# IP with Encryption (deprecated)
+narp	54	NARP		# NBMA Address Resolution Protocol
+mobile	55	MOBILE		# IP Mobility
+tlsp	56	TLSP		# Transport Layer Security Protocol
+skip	57	SKIP		# SKIP
+ipv6-icmp	58	IPv6-ICMP		# ICMP for IPv6
+ipv6-nonxt	59	IPv6-NoNxt		# No Next Header for IPv6
+ipv6-opts	60	IPv6-Opts		# Destination Options for IPv6
+#	61			# any host internal protocol
+cftp	62	CFTP		# CFTP
+#	63			# any local network
+sat-expak	64	SAT-EXPAK		# SATNET and Backroom EXPAK
+kryptolan	65	KRYPTOLAN		# Kryptolan
+rvd	66	RVD		# MIT Remote Virtual Disk Protocol
+ippc	67	IPPC		# Internet Pluribus Packet Core
+#	68			# any distributed file system
+sat-mon	69	SAT-MON		# SATNET Monitoring
+visa	70	VISA		# VISA Protocol
+ipcv	71	IPCV		# Internet Packet Core Utility
+cpnx	72	CPNX		# Computer Protocol Network Executive
+cphb	73	CPHB		# Computer Protocol Heart Beat
+wsn	74	WSN		# Wang Span Network
+pvp	75	PVP		# Packet Video Protocol
+br-sat-mon	76	BR-SAT-MON		# Backroom SATNET Monitoring
+sun-nd	77	SUN-ND		# SUN ND PROTOCOL-Temporary
+wb-mon	78	WB-MON		# WIDEBAND Monitoring
+wb-expak	79	WB-EXPAK		# WIDEBAND EXPAK
+iso-ip	80	ISO-IP		# ISO Internet Protocol
+vmtp	81	VMTP		# Versatile Message Transport
+secure-vmtp	82	SECURE-VMTP		# SECURE-VMTP
+vines	83	VINES		# VINES
+ttp	84	TTP		# TTP
+nsfnet-igp	85	NSFNET-IGP		# NSFNET-IGP
+dgp	86	DGP		# Dissimilar Gateway Protocol
+tcf	87	TCF		# TCF
+eigrp	88	EIGRP		# Enhanced Interior Routing Protocol (Cisco)
+ospf	89	OSPFIGP		# Open Shortest Path First IGP
+sprite-rpc	90	Sprite-RPC		# Sprite RPC Protocol
+larp	91	LARP		# Locus Address Resolution Protocol
+mtp	92	MTP		# Multicast Transport Protocol
+ax.25	93	AX.25		# AX.25 Frames
+ipip	94	IPIP		# Yet Another IP encapsulation
+micp	95	MICP		# Mobile Internetworking Control Pro. (deprecated)
+scc-sp	96	SCC-SP		# Semaphore Communications Sec. Pro.
+etherip	97	ETHERIP		# Ethernet-within-IP Encapsulation
+encap	98	ENCAP		# Yet Another IP encapsulation
+#	99			# any private encryption scheme
+gmtp	100	GMTP		# GMTP
+ifmp	101	IFMP		# Ipsilon Flow Management Protocol
+pnni	102	PNNI		# PNNI over IP
+pim	103	PIM		# Protocol Independent Multicast
+aris	104	ARIS		# ARIS
+scps	105	SCPS		# SCPS
+qnx	106	QNX		# QNX
+a/n	107	A/N		# Active Networks
+ipcomp	108	IPComp		# IP Payload Compression Protocol
+snp	109	SNP		# Sitara Networks Protocol
+compaq-peer	110	Compaq-Peer		# Compaq Peer Protocol
+ipx-in-ip	111	IPX-in-IP		# IPX in IP
+vrrp	112	VRRP		# Virtual Router Redundancy Protocol
+pgm	113	PGM		# PGM Reliable Transport Protocol
+#	114			# any 0-hop protocol
+l2tp	115	L2TP		# Layer Two Tunneling Protocol
+ddx	116	DDX		# D-II Data Exchange
+iatp	117	IATP		# Interactive Agent Transfer Protocol
+stp	118	STP		# Schedule Transfer
+srp	119	SRP		# SpectraLink Radio Protocol
+uti	120	UTI		# UTI
+smp	121	SMP		# Simple Message Protocol
+sm	122	SM		# SM (deprecated)
+ptp	123	PTP		# Performance Transparency Protocol
+isis	124	ISIS		# ISIS over IPv4
+fire	125	FIRE
+crtp	126	CRTP		# Combat Radio Transport Protocol
+crudp	127	CRUDP		# Combat Radio User Datagram
+sscopmce	128	SSCOPMCE
+iplt	129	IPLT
+sps	130	SPS		# Secure Packet Shield
+pipe	131	PIPE		# Private IP Encapsulation within IP
+sctp	132	SCTP		# Stream Control Transmission Protocol
+fc	133	FC		# Fibre Channel
+rsvp-e2e-ignore	134	RSVP-E2E-IGNORE
+mobility-header	135	Mobility-Header		# Mobility Header
+udplite	136	UDPLite
+mpls-in-ip	137	MPLS-in-IP
+manet	138	manet		# MANET Protocols
+hip	139	HIP		# Host Identity Protocol
+shim6	140	Shim6		# Shim6 Protocol
+wesp	141	WESP		# Wrapped Encapsulating Security Payload
+rohc	142	ROHC		# Robust Header Compression
+ethernet	143	Ethernet		# Ethernet encapsulation for SRv6
+aggfrag	144	AGGFRAG		# AGGFRAG encapsulation payload for ESP
+nsh	145	NSH		# Network Service Header
+homa	146	Homa		# Homa
+bit-emu	147	BIT-EMU		# Bit-stream Emulation
+#   148-252 Unassigned                                       [IANA]
+#   253     Use for experimentation and testing           [RFC3692]
+#   254     Use for experimentation and testing           [RFC3692]
+#   255                 Reserved                             [IANA]
+# The following entries have not been assigned by IANA but are used
+# internally by the Linux kernel.
+mptcp	262	MPTCP		# Multipath TCP connection

serviceslint

@@ -0,0 +1,119 @@
+#!/usr/bin/perl
+#
+# Perform sanity checks on the services file, supplied as argument.
+# Based on an earlier shell script of the same name, but much faster,
+# and it also detects actual errors in the current services file :)
+#
+# This program includes a manual, run "perldoc serviceslint" to see it.
+#
+
+use strict;
+use warnings;
+
+die "Usage: $0 /etc/services\n" unless $#ARGV == 0;
+
+# Build a hash of known protocols
+my %protocol;
+open FH, "protocols" or die "cannot open protocols: $!\n";
+while (<FH>) {
+	chomp;
+	s/#.*$//;
+	my ($name, $port) = m/([\S]+)\s+(\d+)/ or next;
+	$protocol{$name} = $port;
+}
+close FH;
+
+# Parse the supplied services file
+my $retval = 0;
+my $line = 0;
+my %service;
+open FH, $ARGV[0] or die "cannot open $ARGV[0]: $!\n";
+while (<FH>) {
+	$line++;				    # Keep a line count
+	chomp;					    # Remove CR/LF chars
+	if (m/^\s+/) {
+		print "Malformed line $line\n";     # No leading whitespace
+		$retval = 1;
+		next;
+	}
+	s/\s*#.*$//;                                # Strip out comments
+	next if m/^$/;				    # Skip empty lines
+	my ($name, $port, $proto, $aliases) =	    # Primary pattern match
+		m/^([\S]+)\s+(\d+)\/(\w+)\s*(.*)/
+		or die "Malformed line: $line\n";
+	if (not exists $protocol{$proto}) {
+		print "Bad protocol at line $line: $proto\n";
+		$retval = 1;
+	}
+	if (exists $service{$proto}{$port}) {
+		print "Duplicate port at line $line: $port/$proto\n";
+		$retval = 1;
+	}
+	$service{$proto}{$port} = $name;
+	foreach ($name, split /\s+/, $aliases) {
+		if (exists $service{$proto}{$_}) {
+			print "Duplicate name at line $line: $_/$proto\n";
+			$retval = 1;
+		}
+		$service{$proto}{$_} = $port;
+	};
+
+}
+close FH;
+exit $retval;
+
+__END__
+
+=head1 NAME
+
+serviceslint - perform verification on the /etc/services file
+
+=head1 SYNOPSIS
+
+B<serviceslint> I<filename>
+
+=head1 DESCRIPTION
+
+The B<serviceslint> command performs syntax and content checks on the
+given filename, normally a copy of the I</etc/services> file.
+
+Syntax checking consists of a regular expression applied to
+non-empty, non-comment lines.  If the syntax check fails, then
+the program prints a message and aborts with non-zero status code.
+
+Content checking detects various kinds of duplicate entries.
+Currently, warnings are printed for duplicate entries, but execution
+continues, and the program I<exits with status code zero> (eg. success).
+
+=over
+
+=item B<Malformed line> I<NNN>
+
+The specified line has invalid syntax.  Note that leading whitespace
+is not permitted.  Non-empty lines must begin with a comment, or with
+a service name followed by a port number / protocol pair.
+
+=item B<Duplicate port at line> I<NNN>
+
+Occurs when a port number / protocol pair is found more than once
+in the services file.  The warning is flagged on the second (and any
+subsequent) occurrences.  These entries will not be found via the
+B<getservbyport()> function.
+
+=item B<Duplicate name at line> I<NNN>
+
+Occurs when a service name, or alias, occurs more than once in the
+services file.  The warning is flagged on the second (and subsequent)
+occurrence.  These entries will not be returned by the B<getservbyname()>
+function.
+
+=back
+
+=head1 SEE ALSO
+
+The services(5) man page describes the file format.
+
+=head1 AUTHOR
+
+Ralph Siemsen & Phil Knirsch
+

setup.sysusers.conf

@@ -0,0 +1,41 @@
+u root         0:0     "Super User"            /root            /bin/bash
+u bin          1       "bin"                   /bin             -
+u daemon       2       "daemon"                /sbin            -
+u adm          3:4     "adm"                   /var/adm         -
+u lp           4:7     "lp"                    /var/spool/lpd   -
+u sync         5:0     "sync"                  /sbin            /bin/sync
+u shutdown     6:0     "shutdown"              /sbin            /sbin/shutdown
+u halt         7:0     "halt"                  /sbin            /sbin/halt
+u mail         8:12    "mail"                  /var/spool/mail  -
+u operator    11:0     "operator"              /root            -
+u games       12:100   "games"                 /usr/games       -
+u ftp         14:50    "FTP User"              /var/ftp         -
+u nobody   65534:65534 "Kernel Overflow User"  -                -
+g root           0
+g sys            3
+g adm            4
+g tty            5
+g disk           6
+g lp             7
+g mem            8
+g kmem           9
+g wheel          10
+g cdrom          11
+g mail           12
+g man            15
+g dialout        18
+g floppy         19
+g games          20
+g utmp           22
+g tape           33
+g kvm            36
+g video          39
+g ftp            50
+g lock           54
+g audio          63
+g users          100
+g clock          103
+g input          104
+g render         105
+g sgx            106
+g nobody         65534

shells

@@ -0,0 +1,4 @@
+/bin/sh
+/bin/bash
+/usr/bin/sh
+/usr/bin/bash

sources

@@ -1 +0,0 @@
-SHA512 (setup-2.13.6.tar.bz2) = f330827f2f8f379e63034e009eb988c843d0d7135732e0777b5705d45a0fab2068129c603b24defb2ba0ff7bfc5a1dea0e9a4b30427ad77e880b9df221f3a2c0

uidgid

@@ -0,0 +1,208 @@
+#NAME	UID	GID	HOME		SHELL	PACKAGES
+root	0	0	/root		/bin/bash	setup
+bin	1	1	/bin		/usr/sbin/nologin	setup
+daemon	2	2	/sbin		/usr/sbin/nologin	setup
+sys	-	3	-		-	setup
+adm	3	4	/var/adm		/bin/bash	setup
+tty	-	5	-		-	setup
+disk	-	6	-		-	setup
+lp	4	7	/var/spool/lpd		/usr/sbin/nologin	setup
+mem	-	8	-		-	setup
+kmem	-	9	-		-	setup
+wheel	-	10	-		-	setup
+cdrom	-	11	-		-	setup
+sync	5	(0)	/sbin		/bin/sync	setup
+shutdown	6	(0)	/sbin		/sbin/shutdown	setup
+halt	7	(0)	/sbin		/sbin/halt	setup
+mail	8	12	/var/spool/mail		/usr/sbin/nologin	setup
+news	9	13	/var/spool/news		/usr/sbin/nologin	inn
+uucp	10	14	/var/spool/uucp		/usr/sbin/nologin	uucp
+operator	11	(0)	/root		/usr/sbin/nologin	setup
+games	12	(100)	/usr/games		/usr/sbin/nologin	setup
+# Removed in 2013 (#918206, #1667231), can be reused if necessary later
+# gopher	13	30	/var/gopher		/usr/sbin/nologin	-
+ftp	14	50	/var/ftp		/usr/sbin/nologin	setup
+man	-	15	-		-	setup
+# Retired in 2018 (https://src.fedoraproject.org/rpms/oprofile/c/80fe828c879b1f67a109998cdd42a1bd8513bc3c)
+# oprofile	16	16	/var/lib/oprofile		/usr/sbin/nologin	oprofile
+# Retired sometime between 2011 and 2014 (https://src.fedoraproject.org/rpms/pki-ca/c/4ca1ce11a6e090099b36493653808cfe380911e1)
+# pkiuser	17	17	/usr/share/pki		/usr/sbin/nologin	pki-ca,rhpki-ca
+dialout	-	18	-		-	setup
+floppy	-	19	-		-	setup
+games	-	20	-		-	setup
+# mlocate retired in 2024 (https://src.fedoraproject.org/rpms/mlocate/c/7277dd5f59db126d1046a6aa5c4077a597dddddc)
+# slocate	-	21	-		-	slocate
+utmp	-	22	-		-	initscripts,libutempter
+squid	23	23	/var/spool/squid		/dev/null	squid
+# Retired in 2015 (https://src.fedoraproject.org/rpms/pvm/c/eb6972917befbed00aff622c2c428d18439efe27)
+# pvm	24	24	/usr/share/pvm3		/bin/bash	pvm
+named	25	25	/var/named		/bin/false	bind
+postgres	26	26	/var/lib/pgsql		/bin/bash	postgresql-server
+mysql	27	27	/var/lib/mysql		/usr/sbin/nologin	mysql
+nscd	28	28	/		/bin/false	nscd
+rpcuser	29	29	/var/lib/nfs		/bin/false	nfs-utils
+# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008
+# console	-	31	-		-	dev
+rpc	32	32	/var/lib/rpcbind		/usr/sbin/nologin	portmap
+amandabackup	33	(6)	/var/lib/amanda		/bin/false	amanda
+tape	-	33	-		-	setup
+# Retired in 2021 (https://src.fedoraproject.org/rpms/netdump-server/c/9bbe604e20c113eaa7c897b9b12a705a36afb109)
+# netdump	34	34	/var/crash		/bin/bash	netdump-client, netdump-server
+utempter	-	35	-		-	libutempter
+kvm	-	36	-		-	kvm, vdsm, libvirt
+vdsm	36	(36)	/		/bin/bash	kvm, vdsm
+rpm	37	37	/var/lib/rpm		/bin/bash	rpm
+ntp	38	38	/etc/ntp		/usr/sbin/nologin	ntp
+video	-	39	-		-	setup
+dip	-	40	-		-	ppp
+mailman	41	41	/usr/lib/mailman		/usr/sbin/nologin	mailman
+gdm	42	42	/var/lib/gdm		/usr/sbin/nologin	gdm
+# Retired in 2022 (https://src.fedoraproject.org/rpms/xorg-x11-xfs/c/3e273d8a939cf5f08bd4eea4f594fedd508dabcf)
+# xfs	43	43	/etc/X11/fs		/bin/false	XFree86-xfs
+pppusers	-	44	-		-	linuxconf
+popusers	-	45	-		-	linuxconf
+slipusers	-	46	-		-	linuxconf
+mailnull	47	47	/var/spool/mqueue		/dev/null	sendmail
+apache	48	48	/usr/share/httpd		/bin/false	httpd
+# Retired sometime before 2008 (https://src.fedoraproject.org/rpms/FreeWnn/c/8f9ac4e26531c704a26057be48261fb3d1ebea8e)
+# wnn	49	49	/var/lib/wnn		/usr/sbin/nologin	FreeWnn
+smmsp	51	51	/var/spool/mqueue		/dev/null	sendmail
+puppet	52	52	/var/lib/puppet		/usr/sbin/nologin	puppet
+tomcat	53	53	/var/lib/tomcat		/usr/sbin/nologin	tomcat
+lock	-	54	-		-	setup
+ldap	55	55	/var/lib/ldap		/bin/false	openldap-servers
+# Last references on the web appear around 2007…
+# frontpage	56	56	/var/www		/bin/false	mod_frontpage
+nut	57	57	/var/lib/ups		/bin/false	nut
+# Retired in 2011 (https://src.fedoraproject.org/rpms/beagle/c/5721c9577eebdc7a0f6566f3efd955b3f4427a0e)
+# beagleindex	58	58	/var/cache/beagle		/bin/false	beagle
+tss	59	59	-		/usr/sbin/nologin	trousers
+# Retired in 2012 (https://src.fedoraproject.org/rpms/piranha/c/15262075b63d48e2ee236ffb87d2db0a4aef1c42)
+# piranha	60	60	/etc/sysconfig/ha		/dev/null	piranha
+# Retired in 2025 (https://src.fedoraproject.org/rpms/prelude-manager/c/68cce28aa0e1788d857791155812e1f20d35036e)
+# prelude-manager	61	61	-		/usr/sbin/nologin	prelude-manager
+# Retired in 2011 (https://src.fedoraproject.org/rpms/snort/c/e2e149974cb3b56b70ed158339a3cb931497dfa2)
+# snortd	62	62	-		/usr/sbin/nologin	snortd
+audio	-	63	-		-	setup
+condor	64	64	/var/lib/condor		/usr/sbin/nologin	condord
+nslcd	65	(55)	/		/usr/sbin/nologin	nslcd
+wine	-	66	-		-	wine
+pegasus	66	65	/var/lib/Pegasus		/usr/sbin/nologin	tog-pegasus
+webalizer	67	67	/var/www/usage		/usr/sbin/nologin	webalizer
+# Retired in 2011 (https://src.fedoraproject.org/rpms/hal/c/e6690cd150b5e1c13e7779de1ce32ded0bc22bc1)
+# haldaemon	68	68	/		/usr/sbin/nologin	hal
+# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008
+# vcsa	69	69	-		/usr/sbin/nologin	dev,MAKEDEV
+avahi	70	70	/var/run/avahi-daemon		/usr/sbin/nologin	avahi
+# Present in https://pagure.io/setup/c/08258e0f748c4f372fcbf1dd7947c132ee0b8a12, probably already unused in 2008
+# realtime	-	71	-		-	-
+tcpdump	72	72	/		/usr/sbin/nologin	tcpdump
+privoxy	73	73	/etc/privoxy		/bin/bash	privoxy
+sshd	74	74	/var/empty/sshd		/usr/sbin/nologin	openssh-server
+radvd	75	75	/		/bin/false	radvd
+cyrus	76	(12)	/var/imap		/bin/bash	cyrus-imapd
+saslauth	-	76	-		-	cyrus-sasl, cyrus-imap
+# Dynamic on new systems, removed Dec2023, can be reused if necessary later
+#arpwatch       77      77      /var/lib/arpwatch               /usr/sbin/nologin       arpwatch
+fax	78	78	/var/spool/fax		/usr/sbin/nologin	mgetty
+# Retired in 2014 (https://src.fedoraproject.org/rpms/nocpulse-common/c/2ee190601831472ca3ae9857311cfbd31c129c0e)
+# nocpulse	79	79	/etc/sysconfig/nocpulse		/bin/bash	nocpulse
+desktop	80	80	-		/usr/sbin/nologin	desktop-file-utils
+dbus	81	81	/		/usr/sbin/nologin	dbus
+# References to JOnAS in FC3 around 2005…
+# jonas	82	82	/var/lib/jonas		/usr/sbin/nologin	jonas
+clamav	83	83	/tmp		/usr/sbin/nologin	clamav
+screen	-	84	-		-	screen
+# Retired in 2021 (https://src.fedoraproject.org/rpms/quagga/c/42d57331ac98fcc4c7103854cb1ce0ddfc4bbbc2)
+# quaggavt	-	85	-		-	quagga
+# Retired in 2014 (https://src.fedoraproject.org/rpms/sabayon/c/e1c4c886227e8123e55fd3fad93dc966d512b9b9)
+# sabayon	86	86	-		/usr/sbin/nologin	sabayon
+polkituser	87	87	/		/usr/sbin/nologin	PolicyKit
+wbpriv	-	88	-		-	samba-common
+postfix	89	89	/var/spool/postfix		/bin/true	postfix
+postdrop	-	90	-		-	postfix
+# https://en.wikipedia.org/wiki/Majordomo_(software) says final release was 19 January 2000
+# majordomo	91	91	/usr/lib/majordomo		/bin/bash	majordomo
+# Retired in 2021 (https://src.fedoraproject.org/rpms/quagga/c/42d57331ac98fcc4c7103854cb1ce0ddfc4bbbc2)
+# quagga	92	92	/		/usr/sbin/nologin	quagga
+exim	93	93	/var/spool/exim		/usr/sbin/nologin	exim
+distcache	94	94	/		/usr/sbin/nologin	distcache
+radiusd	95	95	/		/bin/false	freeradius
+# Retired in 2021 (https://src.fedoraproject.org/rpms/hsqldb/c/54def1d22548601a91ccf6a92c17645a1c5d7cdf)
+# hsqldb	96	96	/var/lib/hsqldb		/usr/sbin/nologin	hsqldb
+dovecot	97	97	/usr/libexec/dovecot		/usr/sbin/nologin	dovecot
+ident	98	98	/		/usr/sbin/nologin	ident
+# Note: 99 used to be the old uid for nobody, now moved to 65534, do not reuse
+users	-	100	-		-	setup
+ssh_keys	-	101	-		-	openssh
+clock	-	103	-		-	systemd
+input	-	104	-		-	systemd
+render	-	105	-		-	systemd
+sgx	-	106	-		-	systemd
+qemu	107	107	/		/usr/sbin/nologin	libvirt
+ovirt	108	108	/		/usr/sbin/nologin	libvirt
+# Retired in 2019 (https://src.fedoraproject.org/rpms/vdsm/c/6f1df621f648aa3b65edfcf3389649a6d13df5d4)
+# rhevm	109	109	/home/rhevm		/usr/sbin/nologin	vdsm-reg
+jetty	110	110	/usr/share/jetty		/usr/sbin/nologin	jetty
+saned	111	111	/		/usr/sbin/nologin	sane-backends
+vhostmd	112	112	/usr/share/vhostmd		/usr/sbin/nologin	vhostmd
+usbmuxd	113	113	/		/usr/sbin/nologin	usbmuxd
+polkitd	114	114	/		/usr/sbin/nologin	polkit
+bacula	133	133	/var/spool/bacula		/usr/sbin/nologin	bacula
+cimsrvr	134	134	/		/usr/sbin/nologin	tog-pegasus-libs
+mock	-	135	/		-	mock
+# Retired in 2012 (https://src.fedoraproject.org/rpms/ricci/c/02a86812383253577ce309d633a400c9c6353ecd,
+#                  https://fedoraproject.org/wiki/Features/Cluster)
+# ricci	140	140	/var/lib/ricci		/usr/sbin/nologin	ricci
+# luci	141	141	/var/lib/luci		/usr/sbin/nologin	luci
+activemq	142	142	/usr/share/activemq		/usr/sbin/nologin	activemq
+# Retired in 2019 (https://src.fedoraproject.org/rpms/cassandra/c/8fcb780b616a034aa5d787d04d631ac1f815f694)
+# cassandra	143	143	/var/lib/cassandra		/usr/sbin/nologin	cassandra
+stap-server	155	155	/var/lib/stap-server		/usr/sbin/nologin	systemtap
+stapusr	-	156	/		-	systemtap-runtime
+stapsys	-	157	/		-	systemtap-runtime
+stapdev	-	158	/		-	systemtap-runtime
+swift	160	160	/var/lib/swift		/usr/sbin/nologin	openstack-swift
+glance	161	161	/var/lib/glance		/usr/sbin/nologin	openstack-glance
+nova	162	162	/var/lib/nova		/usr/sbin/nologin	openstack-nova
+keystone	163	163	/var/lib/keystone		/usr/sbin/nologin	openstack-keystone
+quantum	164	164	/var/lib/quantum		/usr/sbin/nologin	openstack-quantum
+cinder	165	165	/var/lib/cinder		/usr/sbin/nologin	openstack-cinder
+ceilometer	166	166	/var/lib/ceilometer		/usr/sbin/nologin	openstack-ceilometer
+ceph	167	167	/var/lib/ceph		/usr/sbin/nologin	ceph-common
+avahi-autoipd	170	170	/var/lib/avahi-autoipd		/usr/sbin/nologin	avahi
+pulse	171	171	/var/run/pulse		/usr/sbin/nologin	pulseaudio
+# Dynamic on new systems, removed Mar2025, can be reused if necessary later
+# rtkit	172	172	/proc		/usr/sbin/nologin	rtkit
+abrt	173	173	/etc/abrt		/usr/sbin/nologin	abrt
+retrace	174	174	/usr/share/retrace-server		/usr/sbin/nologin	retrace-server
+ovirtagent	175	175	/		/usr/sbin/nologin	ovirt-guest-agent
+ats	176	176	/		/usr/sbin/nologin	trafficserver
+dhcpd	177	177	/		/usr/sbin/nologin	dhcp
+myproxy	178	178	/var/lib/myproxy		/usr/sbin/nologin	myproxy-server
+sanlock	179	179	/var/run/sanlock		/usr/sbin/nologin	sanlock
+# Retired in 2012 (https://src.fedoraproject.org/rpms/aeolus-all/c/4b303d259fb530130e413be462e032390595714d)
+# aeolus	180	180	/var/aeolus		/usr/sbin/nologin	aeolus-configure
+# Retired in 2015 (https://src.fedoraproject.org/rpms/wallaby/c/93d5de780d22a378db988a8b72d3d30ebf628930)
+# wallaby	181	181	/var/lib/wallaby		/usr/sbin/nologin	wallaby
+# Not used anymore, removed Jun2021, can be reused if necessary later
+#katello	182	182	/usr/share/katello		/usr/sbin/nologin	katello-common
+elasticsearch	183	183	/usr/share/java/elasticsearch		/usr/sbin/nologin	elasticsearch
+mongodb	184	184	/var/lib/mongodb		/usr/sbin/nologin	mongodb
+# Previously provided by the 'jboss-as' package.
+wildfly	185	185	/usr/share/wildfly		/usr/sbin/nologin	wildfly
+jbosson	-	186	-		-	jboss-on-agent
+jbosson-agent	186	(186)	/		/usr/sbin/nologin	jboss-on-agent
+heat	187	187	/var/lib/heat		/usr/sbin/nologin	heat
+haproxy	188	188	/var/lib/haproxy		/usr/sbin/nologin	haproxy
+haclient	-	189	-		-	pacemaker
+hacluster	189	(189)	/		/usr/sbin/nologin	pacemaker
+systemd-journal	-	190	-		-	systemd
+# Dynamic on new systems, removed Dec2014, can be reused if necessary later
+#systemd-journal-gateway	191	191	/		/usr/sbin/nologin	systemd
+systemd-network	192	192	/		/usr/sbin/nologin	systemd
+systemd-resolve	193	193	/		/usr/sbin/nologin	systemd
+xrootd	194	194	/var/spool/xrootd		-	xrootd-server
+#gnats	?	?	?		?	gnats, gnats-db
+#listar	?	?	?		?	listar
+nobody	65534	65534	/		/usr/sbin/nologin	setup

uidgidlint

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -eu
+set -o pipefail
+
+# We need a file to look at.
+if [ -z "$*" ] ; then
+	echo "Usage: $0 uidgid"
+	exit 1
+fi
+error=0
+# The format of the file is (currently)
+for infile in "$@" ; do
+	uidlist=$(grep -v '^#' "$infile" | awk '{print $2}' | grep -v -e - | sort -nu)
+	gidlist=$(grep -v '^#' "$infile" | awk '{print $3}' | grep -v -e - | sort -nu)
+	for uid in $uidlist; do
+		if test "$(grep -v '^#' "$infile" | awk '{print $2}' | grep -c '^'"$uid"'$')" -ne 1 ; then
+			echo "Duplicate UID: $uid"
+			error=1
+		fi
+	done
+	for gid in $gidlist; do
+		if test "$(grep -v '^#' "$infile" | awk '{print $3}' | grep -c '^'"$gid"'$')" -ne 1 ; then
+			echo "Duplicate GID: $gid"
+			error=1
+		fi
+	done
+done
+exit $error