pkg/rpm: look up current owner in %posttrans shell, not via a broken %global

pkg/rpm/salt.spec

@@ -624,8 +624,14 @@ if [ ! -e "/var/log/salt/cloud" ]; then
   chmod 640 /var/log/salt/cloud
 fi
 if [ $1 -gt 1 ] ; then
-    # Reset permissions to match previous installs - performing upgrade
-    chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /etc/salt/cloud.deploy.d /var/log/salt/cloud /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
+    # Preserve the existing owner across upgrades. %pre tries to capture
+    # the owner into %{_MS_CUR_USER} via
+    # `%global _MS_CUR_USER %{_MS_LCUR_USER}`, but RPM macros do not
+    # interpolate shell variables: the rewrite produces the literal
+    # string "%{_MS_LCUR_USER}" and chown fails with "invalid user"
+    # (salt#68646). Use chown --reference so the reset matches whatever
+    # the dir already shows, without shell-parsing ls.
+    chown --reference=/etc/salt/cloud.deploy.d -R /etc/salt/cloud.deploy.d /var/log/salt/cloud /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
 else
     chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/cloud.deploy.d /var/log/salt/cloud /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
 fi
@@ -641,8 +647,10 @@ if [ ! -e "/var/log/salt/key" ]; then
   chmod 640 /var/log/salt/key
 fi
 if [ $1 -gt 1 ] ; then
-    # Reset permissions to match previous installs - performing upgrade
-    chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
+    # See the %posttrans cloud comment above for why the current user
+    # and group are pulled via chown --reference rather than from the
+    # %{_MS_CUR_USER} macro.
+    chown --reference=/run/salt/master -R /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
 else
     chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
 fi
@@ -654,8 +662,7 @@ if [ ! -e "/var/log/salt/syndic" ]; then
   chmod 640 /var/log/salt/syndic
 fi
 if [ $1 -gt 1 ] ; then
-    # Reset permissions to match previous installs - performing upgrade
-    chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /var/log/salt/syndic
+    chown --reference=/run/salt/master -R /var/log/salt/syndic
 else
     chown -R %{_SALT_USER}:%{_SALT_GROUP} /var/log/salt/syndic
 fi
@@ -667,8 +674,7 @@ if [ ! -e "/var/log/salt/api" ]; then
   chmod 640 /var/log/salt/api
 fi
 if [ $1 -gt 1 ] ; then
-    # Reset permissions to match previous installs - performing upgrade
-    chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /var/log/salt/api
+    chown --reference=/run/salt/master -R /var/log/salt/api
 else
     chown -R %{_SALT_USER}:%{_SALT_GROUP} /var/log/salt/api
 fi
@@ -683,8 +689,7 @@ if [ ! -e "/var/log/salt/key" ]; then
   chmod 640 /var/log/salt/key
 fi
 if [ $1 -gt 1 ] ; then
-    # Reset permissions to match previous installs - performing upgrade
-    chown -R %{_MN_CUR_USER}:%{_MN_CUR_GROUP} /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
+    chown --reference=/run/salt/minion -R /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
 fi