Version 245.9

I forgot to rebase the systemd-stable branch.

.gitignore

@@ -1,3 +1,4 @@
+*~
 /systemd-*/
 /.build-*.log
 /x86_64/

0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch

@@ -1,144 +0,0 @@
-From 6f202edb2c2e340523c6c0f2c0a93690eaab7a68 Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam@redhat.com>
-Date: Tue, 18 Feb 2020 08:44:34 -0800
-Subject: [PATCH] Revert "job: Don't mark as redundant if deps are relevant"
-
-This reverts commit 097537f07a2fab3cb73aef7bc59f2a66aa93f533. It
-causes https://bugzilla.redhat.com/show_bug.cgi?id=1803293 .
----
- src/core/job.c         | 51 ++++++------------------------------------
- src/core/job.h         |  3 +--
- src/core/transaction.c |  8 +++----
- 3 files changed, 12 insertions(+), 50 deletions(-)
-
-diff --git a/src/core/job.c b/src/core/job.c
-index 5982404cf0..5048a5093e 100644
---- a/src/core/job.c
-+++ b/src/core/job.c
-@@ -383,62 +383,25 @@ JobType job_type_lookup_merge(JobType a, JobType b) {
-         return job_merging_table[(a - 1) * a / 2 + b];
- }
- 
--bool job_later_link_matters(Job *j, JobType type, unsigned generation) {
--        JobDependency *l;
--
--        assert(j);
--
--        j->generation = generation;
--
--        LIST_FOREACH(subject, l, j->subject_list) {
--                UnitActiveState state = _UNIT_ACTIVE_STATE_INVALID;
--
--                /* Have we seen this before? */
--                if (l->object->generation == generation)
--                        continue;
--
--                state = unit_active_state(l->object->unit);
--                switch (type) {
--
--                case JOB_START:
--                        return IN_SET(state, UNIT_INACTIVE, UNIT_FAILED) ||
--                               job_later_link_matters(l->object, type, generation);
--
--                case JOB_STOP:
--                        return IN_SET(state, UNIT_ACTIVE, UNIT_RELOADING) ||
--                               job_later_link_matters(l->object, type, generation);
--
--                default:
--                        assert_not_reached("Invalid job type");
--                }
--        }
--
--        return false;
--}
--
--bool job_is_redundant(Job *j, unsigned generation) {
--
--        assert(j);
--
--        UnitActiveState state = unit_active_state(j->unit);
--        switch (j->type) {
-+bool job_type_is_redundant(JobType a, UnitActiveState b) {
-+        switch (a) {
- 
-         case JOB_START:
--                return IN_SET(state, UNIT_ACTIVE, UNIT_RELOADING) && !job_later_link_matters(j, JOB_START, generation);
-+                return IN_SET(b, UNIT_ACTIVE, UNIT_RELOADING);
- 
-         case JOB_STOP:
--                return IN_SET(state, UNIT_INACTIVE, UNIT_FAILED) && !job_later_link_matters(j, JOB_STOP, generation);
-+                return IN_SET(b, UNIT_INACTIVE, UNIT_FAILED);
- 
-         case JOB_VERIFY_ACTIVE:
--                return IN_SET(state, UNIT_ACTIVE, UNIT_RELOADING);
-+                return IN_SET(b, UNIT_ACTIVE, UNIT_RELOADING);
- 
-         case JOB_RELOAD:
-                 return
--                        state == UNIT_RELOADING;
-+                        b == UNIT_RELOADING;
- 
-         case JOB_RESTART:
-                 return
--                        state == UNIT_ACTIVATING;
-+                        b == UNIT_ACTIVATING;
- 
-         case JOB_NOP:
-                 return true;
-diff --git a/src/core/job.h b/src/core/job.h
-index 02b057ee06..03ad640618 100644
---- a/src/core/job.h
-+++ b/src/core/job.h
-@@ -196,8 +196,7 @@ _pure_ static inline bool job_type_is_superset(JobType a, JobType b) {
-         return a == job_type_lookup_merge(a, b);
- }
- 
--bool job_later_link_matters(Job *j, JobType type, unsigned generation);
--bool job_is_redundant(Job *j, unsigned generation);
-+bool job_type_is_redundant(JobType a, UnitActiveState b) _pure_;
- 
- /* Collapses a state-dependent job type into a simpler type by observing
-  * the state of the unit which it is going to be applied to. */
-diff --git a/src/core/transaction.c b/src/core/transaction.c
-index 8d67f9ce1a..a0ea0f0489 100644
---- a/src/core/transaction.c
-+++ b/src/core/transaction.c
-@@ -279,7 +279,7 @@ static int transaction_merge_jobs(Transaction *tr, sd_bus_error *e) {
-         return 0;
- }
- 
--static void transaction_drop_redundant(Transaction *tr, unsigned generation) {
-+static void transaction_drop_redundant(Transaction *tr) {
-         bool again;
- 
-         /* Goes through the transaction and removes all jobs of the units whose jobs are all noops. If not
-@@ -299,7 +299,7 @@ static void transaction_drop_redundant(Transaction *tr, unsigned generation) {
- 
-                         LIST_FOREACH(transaction, k, j)
-                                 if (tr->anchor_job == k ||
--                                    !job_is_redundant(k, generation) ||
-+                                    !job_type_is_redundant(k->type, unit_active_state(k->unit)) ||
-                                     (k->unit->job && job_type_is_conflicting(k->type, k->unit->job->type))) {
-                                         keep = true;
-                                         break;
-@@ -730,7 +730,7 @@ int transaction_activate(
-                 transaction_minimize_impact(tr);
- 
-         /* Third step: Drop redundant jobs */
--        transaction_drop_redundant(tr, generation++);
-+        transaction_drop_redundant(tr);
- 
-         for (;;) {
-                 /* Fourth step: Let's remove unneeded jobs that might
-@@ -772,7 +772,7 @@ int transaction_activate(
-         }
- 
-         /* Eights step: Drop redundant jobs again, if the merging now allows us to drop more. */
--        transaction_drop_redundant(tr, generation++);
-+        transaction_drop_redundant(tr);
- 
-         /* Ninth step: check whether we can actually apply this */
-         r = transaction_is_destructive(tr, mode, e);
--- 
-2.25.0
-

f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch

@@ -0,0 +1,129 @@
+From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 17:58:03 +0200
+Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1803070
+
+I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
+than the one we get from /proc/self/fdinfo/. This only matters when both statx and
+name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
+
+(gdb) !uname -r
+5.6.19-200.fc31.ppc64le
+
+(gdb) !cat /proc/self/mountinfo
+697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
+701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
+702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
+703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
+704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
+705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
+706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
+722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
+725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
+614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
+615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+
+The test process does
+name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
+openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
+read(open("/proc/self/fdinfo/4", ...)) which gives
+"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
+
+and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
+
+We could either drop the fallback path (and fail name_to_handle_at() is not
+avaliable) or ignore the error in the test. Not sure what is better. I think
+this issue only occurs sometimes and with older kernels, so probably continuing
+with the current flaky implementation is better than ripping out the fallback.
+
+Another strace:
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
+) = 28
+name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
+) = 20
+name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
+) = 30
+name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
+) = 23
+name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
+openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
+openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
+read(5</proc/20/fdinfo/4>, "", 1024)    = 0
+close(5</proc/20/fdinfo/4>)             = 0
+close(4</proc/filesystems>)             = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
+) = 42
+writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
+) = 39
+writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
+) = 109
+rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
+rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
+getpid()                                = 20
+gettid()                                = 20
+tgkill(20, 20, SIGABRT)                 = 0
+rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
+--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
++++ killed by SIGABRT (core dumped) +++
+---
+ src/test/test-mountpoint-util.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 30b00ae4d8b..ffe5144b04a 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
+                 /* The ids don't match? If so, then there are two mounts on the same path, let's check if
+                  * that's really the case */
+                 char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
+-                log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
+-                assert_se(path_equal(p, t));
++                log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
++
++                if (!path_equal(p, t))
++                        /* Apparent kernel bug in /proc/self/fdinfo */
++                        log_warning("Bad mount id given for %s: %d, should be %d",
++                                    p, mnt_id2, mnt_id);
+         }
+ }
+ 

libsystemd-shared.abignore

@@ -0,0 +1,3 @@
+[suppress_file]
+# This shared object is private to systemd
+file_name_regexp=libsystemd-shared-.*.so

sources

@@ -1 +1 @@
-SHA512 (systemd-245.2.tar.gz) = 05e40d0b93ebd7b709d16b5f6d75f3da84417e9a401d7726fe7876328e1408c9c29818b5bcc3f5889f17f8e6af889f87dc2f78f348f2aa023e0d6bfed41b0554
+SHA512 (systemd-245.9.tar.gz) = a2685c9cfb9d0f7db8eb55e082bf1a175d7ec9203e493e3a5e1990db150240e1274c2013e0c972efef504f09306e95739d0dad544615400294b33e1fbedf2151

split-files.py

@@ -43,10 +43,11 @@ for file in files(buildroot):
                     /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
                     /etc/(dnf|dnf/protected.d)$|
                     /usr/(src|lib/debug)|                         # no $
+                    /run$|
                     /var(/cache|/log|/lib|/run|)$
     ''', n, re.X):
         continue
-    if '/security/pam_' in n:
+    if '/security/pam_' in n or '/man8/pam_' in n:
         o = o_pam
     elif '/rpm/' in n:
         o = o_rpm_macros

systemd.rpmlintrc

@@ -0,0 +1,50 @@
+# Just kill all warnings about README being wrong in every possible way
+addFilter(r'README')
+
+addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
+
+addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
+
+addFilter(r'non-readable /etc/crypttab')
+
+addFilter(r'non-conffile-in-etc /etc/inittab')
+
+addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
+
+addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
+
+addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
+
+addFilter(r'non-standard-dir-perm /var/cache/private 700')
+
+addFilter(r'non-root-group-log-file /var/log/btmp utmp')
+
+addFilter(r'non-standard-dir-perm /var/log/private 700')
+
+addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
+
+addFilter(r'dangerous-command-in-')
+
+addFilter(r'summary-not-capitalized C systemd')
+
+addFilter(r'obsolete-not-provided')
+
+addFilter(r'postin-without-ldconfig')
+
+addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
+
+addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
+
+addFilter(r'systemd-tests\..*: W: no-documentation')
+
+addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
+
+addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
+
+# everybody does it this way: systemd, syslog-ng, rsyslog
+addFilter(r'unversioned-explicit-provides syslog')
+
+# systemd-machine-id-setup requires libssl
+addFilter(r'explicit-lib-dependency openssl-libs')
+
+addFilter(r'systemd.src:.*strange-permission')

systemd.spec

@@ -12,11 +12,14 @@
 %global system_unit_dir %{pkgdir}/system
 %global user_unit_dir %{pkgdir}/user
 
+# Bootstrap may be needed to break intercircular dependencies with
+# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump.
+%bcond_with    bootstrap
 %bcond_without tests
 
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
-Version:        245.2
+Version:        245.9
 Release:        1%{?commit:.git%{shortcommit}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
@@ -51,6 +54,7 @@ Source9:        20-yama-ptrace.conf
 Source10:       systemd-udev-trigger-no-reload.conf
 Source11:       20-grubby.install
 Source12:       systemd-user
+Source13:       libsystemd-shared.abignore
 
 Source21:       macros.sysusers
 Source22:       sysusers.attr
@@ -68,8 +72,7 @@ Patch0001:      use-bfq-scheduler.patch
 
 Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1803293
-Patch1000:      0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch
+Patch0009:      https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
 
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
@@ -84,8 +87,12 @@ BuildRequires:  libpwquality-devel
 BuildRequires:  pam-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  audit-libs-devel
+%if %{without bootstrap}
 BuildRequires:  cryptsetup-devel
+%endif
 BuildRequires:  dbus-devel
+# /usr/bin/getfacl is needed by test-acl-util
+BuildRequires:  acl
 BuildRequires:  libacl-devel
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  libblkid-devel
@@ -161,10 +168,6 @@ Conflicts:      fedora-release < 23-0.12
 Obsoletes:      timedatex < 0.6-3
 Provides:       timedatex = 0.6-3
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1753381
-Provides:       u2f-hidraw-policy = 1.0.2-40
-Obsoletes:      u2f-hidraw-policy < 1.0.2-40
-
 %description
 systemd is a system and service manager that runs as PID 1 and starts
 the rest of the system. It provides aggressive parallelization
@@ -180,8 +183,7 @@ runtime directories and settings, and daemons to manage simple network
 configuration, network time synchronization, log forwarding, and name
 resolution.
 %if 0%{?stable}
-This package was built from the %{version}-stable branch of systemd,
-commit https://github.com/systemd/systemd-stable/commit/%{shortcommit}.
+This package was built from the %{version}-stable branch of systemd.
 %endif
 
 %package libs
@@ -236,22 +238,28 @@ to libudev or libsystemd.
 
 %package udev
 Summary: Rule-based device node and kernel event manager
-Requires:       %{name}%{?_isa} = %{version}-%{release}
+License:        LGPLv2+
+
+Requires:       systemd%{?_isa} = %{version}-%{release}
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
 Requires(post): grep
 Requires:       kmod >= 18-4
-# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394)
-Obsoletes:      %{name} < 229-5
+# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1
+Obsoletes:      systemd < 245.6-1
 Provides:       udev = %{version}
 Provides:       udev%{_isa} = %{version}
 Obsoletes:      udev < 183
+
 # https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9
 Suggests:       systemd-bootchart
 # https://bugzilla.redhat.com/show_bug.cgi?id=1408878
 Requires:       kbd
-License:        LGPLv2+
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1753381
+Provides:       u2f-hidraw-policy = 1.0.2-40
+Obsoletes:      u2f-hidraw-policy < 1.0.2-40
 
 %description udev
 This package contains systemd-udev and the rules and hardware database
@@ -340,7 +348,11 @@ CONFIGURE_OPTS=(
         -Dgcrypt=true
         -Daudit=true
         -Delfutils=true
+%if %{without bootstrap}
         -Dlibcryptsetup=true
+%else
+        -Dlibcryptsetup=false
+%endif
         -Delfutils=true
         -Dpwquality=true
         -Dqrencode=true
@@ -395,9 +407,9 @@ mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants
 mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants
 mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants
 mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants
-mkdir -p %{buildroot}%{_localstatedir}/run
+mkdir -p %{buildroot}/run
 mkdir -p %{buildroot}%{_localstatedir}/log
-touch %{buildroot}%{_localstatedir}/run/utmp
+touch %{buildroot}/run/utmp
 touch %{buildroot}%{_localstatedir}/log/{w,b}tmp
 
 # Make sure the user generators dir exists too
@@ -461,6 +473,8 @@ EOF
 
 install -Dm0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE11}
 
+install -Dm0755 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
+
 install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
 
 sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py
@@ -482,7 +496,7 @@ python3 %{SOURCE2} %buildroot <<EOF
 /usr/lib/systemd/purge-nobody-user
 %ghost %config(noreplace) /etc/vconsole.conf
 %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf
-%ghost %attr(0664,root,utmp) /var/run/utmp
+%ghost %attr(0664,root,utmp) /run/utmp
 %ghost %attr(0664,root,utmp) /var/log/wtmp
 %ghost %attr(0600,root,utmp) /var/log/btmp
 %ghost %config(noreplace) /etc/hostname
@@ -758,13 +772,58 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Thu Dec 10 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.9-1
+- Latest stable release (various smaller fixes to documentation, shell
+  completions, support for newer kernels, compilation with newer meson and
+  glibc)
+- 'systemctl import-environment' will ignore variables deemed invalid, so
+  import-environment still works even if bash functions are exported (#1754395)
+- The pager will be executed in secure mode when systemctl and other tools
+  are executed under changed euid
+
+* Mon Sep 21 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.8-2
+- Fix setting of secure bits (#1880882)
+
+* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.8-1
+- Update to latest stable version (smaller fixes to the manager,
+  homed, networkd, resolved, nspawn, sd-boot, bootctl, bless-boot,
+  kernel-install, documentation, systemd-tty-ask-password-agent,
+  udevd, coredump, systemd-analyze, tests) (#1856273, #1876905,
+  #1731557, #1878530)
+- Do not fail in test because of kernel bug (#1803070)
+
+* Mon Jul 27 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.7-1
+- A bunch of backported patches (#1853736, #1857783, #1830896,
+  #1846079, #1849238, #1843566, #1856122)
+- Handling of user names that resemble numerical uids is tightened (CVE-2020-13776,
+  #1845535)
+- The hardware database is updated to the upstream version (#1849797)
+
+* Tue Jun  2 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.6-2
+- Add self-obsoletes to fix upgrades from F31
+
+* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.6-1
+- Update to latest stable version (some documentation updates, minor
+  memory correctness issues) (#1815605, #1827467, #1842067)
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 245.5-2
+- Add explicit BuildRequires: acl
+
+* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.5-1
+- Update to latest stable version (#1819313, #1815412, #1800875)
+
+* Thu Apr 16 2020 Björn Esser <besser82@fedoraproject.org> - 245.4-2
+- Add bootstrap option to break circular deps on cryptsetup
+
+* Wed Apr  1 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.4-1
+- Update to latest stable version (#1814454)
+
+* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.3-1
+- Update to latest stable version (no issue that got reported in bugzilla)
+
 * Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.2-1
-- Update to latest stable version (a few bug fixes for random things) (#1798776)
-
-* Fri Mar  6 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245-1
-- Update to latest version (#1807485)
-
-* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245~rc2-1
+- Update to latest stable version (a few bug fixes for random things)
+  (#1798776, #1807485)
 - Modify the downstream udev rule to use bfq to only apply to disks (#1803500)
 - "Upgrade" dependency on kbd package from Recommends to Requires (#1408878)
 - Move systemd-bless-boot.service and systemd-boot-system-token.service to
@@ -773,18 +832,17 @@ fi
   systemd-pstore.service, all fsck-related functionality,
   systemd-volatile-root.service, systemd-verity-setup.service, and a few
   other related files.
-- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240)
 - Fix namespace-related failure when starting systemd-homed (#1807465) and
   group lookup failure in nss_systemd (#1809147)
 - Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines
   (#1716164)
-- Don't require /proc to be mounted for systemd-sysusers to work (#1807768)
-
-* Fri Feb 21 2020 Filipe Brandenburger <filbranden@gmail.com> - 245~rc1-4
 - Update daemon-reexec fallback to check whether the system is booted with
   systemd as PID 1 and check whether we're upgrading before using kill -TERM
   on PID 1 (#1803240)
 
+* Tue Mar  3 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245~rc1-4
+- Don't require /proc to be mounted for systemd-sysusers to work (#1807768)
+
 * Tue Feb 18 2020 Adam Williamson <awilliam@redhat.com> - 245~rc1-3
 - Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293)
 
@@ -995,7 +1053,7 @@ fi
 - Remove link creation for rsyslog.service
 
 * Thu Nov  8 2018 Adam Williamson <awilliam@redhat.com> - 239-9.git9f3aed1
-- Go back to using systemctl preset-all in %post (#1647172, #1118740)
+- Go back to using systemctl preset-all in %%post (#1647172, #1118740)
 
 * Mon Nov  5 2018 Adam Williamson <awilliam@redhat.com> - 239-8.git9f3aed1
 - Requires(post) openssl-libs to fix live image build machine-id issue

sysusers.generate-pre.sh

@@ -50,7 +50,7 @@ fi
 }
 
 parse() {
-    while read line; do
+    while read line || [ "$line" ]; do
         [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
         line="${line## *}"
         [ -z "$line" ] && continue