On OSTree-enabled systems (such as Fedora CoreOS), every update recreates the passwd and group files, which means that the dynamically-assigned ID and GID of the tang daemon may change, depending on the order of createuser calls. This patch ensures that starting the socket unit will fix any ownership issues in the jwkdir.
This is essentially moving the Fedora %post script out of RPM and into the systemd unit instead.
On OSTree-enabled systems (such as Fedora CoreOS), every update recreates the passwd and group files, which means that the dynamically-assigned ID and GID of the tang daemon may change, depending on the order of createuser calls. This patch ensures that starting the socket unit will fix any ownership issues in the jwkdir.
This is essentially moving the Fedora %post script out of RPM and into the systemd unit instead.