Version 249.13

This reverts commit 4b8edcc3e2.

0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch

@@ -1,7 +1,7 @@
-From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001
+From aa56d0bbcef9c2f32845203b50df92492717fea6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 7 Jul 2021 14:02:36 +0200
-Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other
+Subject: [PATCH 1/6] rpm: don't specify the full path for systemctl and other
  commands
 
 We can make things a bit simpler and more readable by not specifying the path.
@@ -10,8 +10,6 @@ recursively by anythign we invoke), this didn't really privide any security or
 robustness benefits. I guess that full paths were used because this style of
 rpm packagnig was popular in the past, with macros used for everything
 possible, with special macros for common commands like %{__ln} and %{__mkdir}.
-
-(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef)
 ---
  src/rpm/macros.systemd.in      | 24 ++++++++++++------------
  src/rpm/triggers.systemd.in    | 18 +++++++++---------
@@ -96,7 +94,7 @@ index 3a0169a85f..3129ab2d61 100644
  SYSTEMD_INLINE_EOF\
  %{nil}
 diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in
-index b33d2212e8..247358008a 100644
+index c10112fe54..483207e58c 100644
 --- a/src/rpm/triggers.systemd.in
 +++ b/src/rpm/triggers.systemd.in
 @@ -16,14 +16,14 @@
@@ -134,34 +132,34 @@ index b33d2212e8..247358008a 100644
      elseif pid > 0 then
          posix.wait(pid)
      end
-@@ -62,7 +62,7 @@ end
- if posix.access("/run/systemd/system") then
-     pid = posix.fork()
-     if pid == 0 then
--        assert(posix.exec("%{_bindir}/systemd-sysusers"))
-+        assert(posix.execp("systemd-sysusers"))
-     elseif pid > 0 then
-         posix.wait(pid)
-     end
-@@ -74,7 +74,7 @@ end
- if posix.access("/run/systemd/system") then
-     pid = posix.fork()
-     if pid == 0 then
--        assert(posix.exec("%{_bindir}/systemd-hwdb", "update"))
-+        assert(posix.execp("systemd-hwdb", "update"))
-     elseif pid > 0 then
-         posix.wait(pid)
-     end
-@@ -86,7 +86,7 @@ end
- if posix.access("/run/systemd/system") then
-     pid = posix.fork()
-     if pid == 0 then
--        assert(posix.exec("%{_bindir}/journalctl", "--update-catalog"))
-+        assert(posix.execp("journalctl", "--update-catalog"))
-     elseif pid > 0 then
-         posix.wait(pid)
-     end
-@@ -111,7 +111,7 @@ end
+@@ -61,7 +61,7 @@ end
+ -- will run before the tmpfiles file trigger.
+ pid = posix.fork()
+ if pid == 0 then
+-    assert(posix.exec("%{_bindir}/systemd-sysusers"))
++    assert(posix.execp("systemd-sysusers"))
+ elseif pid > 0 then
+     posix.wait(pid)
+ end
+@@ -71,7 +71,7 @@ end
+ -- installed or updated in {{UDEV_HWDB_DIR}}.
+ pid = posix.fork()
+ if pid == 0 then
+-    assert(posix.exec("%{_bindir}/systemd-hwdb", "update"))
++    assert(posix.execp("systemd-hwdb", "update"))
+ elseif pid > 0 then
+     posix.wait(pid)
+ end
+@@ -81,7 +81,7 @@ end
+ -- have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
+ pid = posix.fork()
+ if pid == 0 then
+-    assert(posix.exec("%{_bindir}/journalctl", "--update-catalog"))
++    assert(posix.execp("journalctl", "--update-catalog"))
+ elseif pid > 0 then
+     posix.wait(pid)
+ end
+@@ -105,7 +105,7 @@ end
  if posix.access("/run/systemd/system") then
      pid = posix.fork()
      if pid == 0 then
@@ -170,7 +168,7 @@ index b33d2212e8..247358008a 100644
      elseif pid > 0 then
          posix.wait(pid)
      end
-@@ -123,7 +123,7 @@ end
+@@ -117,7 +117,7 @@ end
  if posix.access("/run/systemd/system") then
      pid = posix.fork()
      if pid == 0 then
@@ -180,7 +178,7 @@ index b33d2212e8..247358008a 100644
          posix.wait(pid)
      end
 diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in
-index 22abad9812..1631be18c9 100644
+index e746c316d3..f8c4514313 100644
 --- a/src/rpm/triggers.systemd.sh.in
 +++ b/src/rpm/triggers.systemd.sh.in
 @@ -15,8 +15,8 @@
@@ -194,7 +192,7 @@ index 22abad9812..1631be18c9 100644
  fi
  
  %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
-@@ -26,13 +26,13 @@ fi
+@@ -26,30 +26,30 @@ fi
  # have been installed, but before %postun scripts in packages get
  # executed.
  if test -d "/run/systemd/system"; then
@@ -210,32 +208,27 @@ index 22abad9812..1631be18c9 100644
  fi
  
  %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
-@@ -40,21 +40,21 @@ fi
+ # This script will process files installed in {{SYSUSERS_DIR}} to create
  # specified users automatically. The priority is set such that it
  # will run before the tmpfiles file trigger.
- if test -d "/run/systemd/system"; then
--  %{_bindir}/systemd-sysusers || :
-+  systemd-sysusers || :
- fi
+-%{_bindir}/systemd-sysusers || :
++systemd-sysusers || :
  
  %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}}
  # This script will automatically invoke hwdb update if files have been
  # installed or updated in {{UDEV_HWDB_DIR}}.
- if test -d "/run/systemd/system"; then
--  %{_bindir}/systemd-hwdb update || :
-+  systemd-hwdb update || :
- fi
+-%{_bindir}/systemd-hwdb update || :
++systemd-hwdb update || :
  
  %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}}
  # This script will automatically invoke journal catalog update if files
  # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
- if test -d "/run/systemd/system"; then
--  %{_bindir}/journalctl --update-catalog || :
-+  journalctl --update-catalog || :
- fi
+-%{_bindir}/journalctl --update-catalog || :
++journalctl --update-catalog || :
  
  %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}}
-@@ -71,14 +71,14 @@ fi
+ # This script will automatically apply binfmt rules if files have been
+@@ -65,14 +65,14 @@ fi
  # tmpfiles automatically. The priority is set such that it will run
  # after the sysusers file trigger, but before any other triggers.
  if test -d "/run/systemd/system"; then
@@ -252,6 +245,3 @@ index 22abad9812..1631be18c9 100644
  fi
  
  %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}}
--- 
-2.31.1
-

0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch

@@ -1,7 +1,7 @@
-From 09e8c6aa71ee4b5ff3ee85fc4855e2c1a246a079 Mon Sep 17 00:00:00 2001
+From bbfbe1c31046d53640ebb4ef4e4820614fd0864e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Thu, 22 Jul 2021 11:22:33 +0200
-Subject: [PATCH 2/5] rpm: use a helper script to actually invoke systemctl
+Subject: [PATCH 2/6] rpm: use a helper script to actually invoke systemctl
  commands
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
@@ -27,8 +27,6 @@ implementation in bash to do the more complex stuff.
 
 The meson version is raised to 0.47 because that's needed for install_mode.
 We were planning to raise the required version anyway…
-
-(cherry picked from commit 6d825ab2d42d3219e49a192bf99f9c09134a0df4)
 ---
  README                           |  2 +-
  meson.build                      |  3 +-
@@ -41,10 +39,10 @@ We were planning to raise the required version anyway…
  create mode 100755 src/rpm/systemd-update-helper.in
 
 diff --git a/README b/README
-index 0e5c326deb..a8f23a0d5b 100644
+index 9e5bcab830..2b759e7f5a 100644
 --- a/README
 +++ b/README
-@@ -193,7 +193,7 @@ REQUIREMENTS:
+@@ -195,7 +195,7 @@ REQUIREMENTS:
          python-jinja2
          python-lxml (optional, required to build the indices)
          python >= 3.5
@@ -54,7 +52,7 @@ index 0e5c326deb..a8f23a0d5b 100644
          gcc, awk, sed, grep, and similar tools
          clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs
 diff --git a/meson.build b/meson.build
-index 738879eb21..fb986e84f7 100644
+index ece21fbd10..5962371e49 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -10,7 +10,7 @@ project('systemd', 'c',
@@ -234,7 +232,7 @@ index 0000000000..9fa49fa131
 +        ;;
 +esac
 diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in
-index 247358008a..d29cc33dfd 100644
+index 483207e58c..f56c80c7ca 100644
 --- a/src/rpm/triggers.systemd.in
 +++ b/src/rpm/triggers.systemd.in
 @@ -13,20 +13,11 @@
@@ -299,7 +297,7 @@ index 247358008a..d29cc33dfd 100644
  
  %transfiletriggerin -P 100700 -p <lua> -- {{SYSUSERS_DIR}}
 diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in
-index 1631be18c9..83cd7617f8 100644
+index f8c4514313..3b35a4b5c6 100644
 --- a/src/rpm/triggers.systemd.sh.in
 +++ b/src/rpm/triggers.systemd.sh.in
 @@ -14,10 +14,7 @@
@@ -332,6 +330,3 @@ index 1631be18c9..83cd7617f8 100644
  
  %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
  # This script will process files installed in {{SYSUSERS_DIR}} to create
--- 
-2.31.1
-

0003-rpm-call-needs-restart-in-parallel.patch

@@ -1,7 +1,7 @@
-From 0a2e691b6b1fdceb4b7504870c4b792a66b5080f Mon Sep 17 00:00:00 2001
+From bc587d08416e3517b82b764798866154caa11085 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Thu, 22 Jul 2021 11:28:36 +0200
-Subject: [PATCH 3/5] rpm: call +needs-restart in parallel
+Subject: [PATCH 3/6] rpm: call +needs-restart in parallel
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -9,8 +9,6 @@ Content-Transfer-Encoding: 8bit
 Some rpms install a bunch of units… It seems nicer to invoke them all in
 parallel. In particular, timeouts in systemctl also run in parallel, so if
 there's some communication mishap, we will wait less.
-
-(cherry picked from commit 3598aff4d963b2e51ac74d206161da47bfde785c)
 ---
  src/rpm/systemd-update-helper.in | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
@@ -30,6 +28,3 @@ index 9fa49fa131..f3c75b75fa 100755
          ;;
  
      system-reload-restart|system-reload|system-restart)
--- 
-2.31.1
-

0004-rpm-restart-user-services-at-the-end-of-the-transact.patch

@@ -1,7 +1,7 @@
-From a63d5d320f81c1cbae07897a401ed5cc5374e0bf Mon Sep 17 00:00:00 2001
+From eb458aa5f37496059540e1db47f8b4f1c69ef206 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 7 Jul 2021 14:37:57 +0200
-Subject: [PATCH 4/5] rpm: restart user services at the end of the transaction
+Subject: [PATCH 4/6] rpm: restart user services at the end of the transaction
 
 This closes an important gap: so far we would reexecute the system manager and
 restart system services that were configured to do so, but we wouldn't do the
@@ -41,8 +41,6 @@ service manually.
 
 A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and
 fa97d2fcf64e0558054bee673f734f523373b146.
-
-(cherry picked from commit 36d55958ccc75fa3c91bdd7354d74c910f2f6cc7)
 ---
  meson.build                      |  1 +
  meson_options.txt                |  2 ++
@@ -53,7 +51,7 @@ fa97d2fcf64e0558054bee673f734f523373b146.
  6 files changed, 94 insertions(+), 3 deletions(-)
 
 diff --git a/meson.build b/meson.build
-index fb986e84f7..d898d9ccd0 100644
+index 5962371e49..e185c27750 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR',                               tmpfilesdir)
@@ -65,7 +63,7 @@ index fb986e84f7..d898d9ccd0 100644
  conf.set_quoted('USER_DATA_UNIT_DIR',                         userunitdir)
  conf.set_quoted('USER_ENV_GENERATOR_DIR',                     userenvgeneratordir)
 diff --git a/meson_options.txt b/meson_options.txt
-index 163c8df87d..9383c7da6a 100644
+index 2f0f4e7b8f..43b815e433 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
 @@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '',
@@ -167,7 +165,7 @@ index f3c75b75fa..f3466ab3c0 100755
          echo "Unknown verb '$command'"
          exit 3
 diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in
-index d29cc33dfd..8aeb2049c1 100644
+index f56c80c7ca..4755cdafe8 100644
 --- a/src/rpm/triggers.systemd.in
 +++ b/src/rpm/triggers.systemd.in
 @@ -20,6 +20,14 @@ elseif pid > 0 then
@@ -221,7 +219,7 @@ index d29cc33dfd..8aeb2049c1 100644
  -- This script will process files installed in {{SYSUSERS_DIR}} to create
  -- specified users automatically. The priority is set such that it
 diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in
-index 83cd7617f8..694cd94e8d 100644
+index 3b35a4b5c6..8c301f5ed9 100644
 --- a/src/rpm/triggers.systemd.sh.in
 +++ b/src/rpm/triggers.systemd.sh.in
 @@ -16,6 +16,9 @@
@@ -254,6 +252,3 @@ index 83cd7617f8..694cd94e8d 100644
  %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
  # This script will process files installed in {{SYSUSERS_DIR}} to create
  # specified users automatically. The priority is set such that it
--- 
-2.31.1
-

0005-update-helper-also-add-user-reexec-verb.patch

@@ -1,15 +1,13 @@
-From 37cd6c0fad847e5fffd9d107358a36e767c7ca42 Mon Sep 17 00:00:00 2001
+From 50336a7d0c584c1731c656e991a317029ed45f84 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Fri, 23 Jul 2021 15:35:23 +0200
-Subject: [PATCH 5/5] update-helper: also add "user-reexec" verb
+Subject: [PATCH 5/6] update-helper: also add "user-reexec" verb
 
 This is not called from the systemd.triggers or systemd.macros files. Instead,
 it would be called from the scriptlets in systemd rpm package itself, at the
 place where we call systemctl daemon-reexec.
 
 See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 .
-
-(cherry picked from commit 1262e824a4d638e347ae0d39c973f1f750962533)
 ---
  src/rpm/systemd-update-helper.in | 10 +++++++++-
  1 file changed, 9 insertions(+), 1 deletion(-)
@@ -42,6 +40,3 @@ index f3466ab3c0..0c6675a9db 100755
          if [[ "$command" =~ reload ]]; then
              for user in $users; do
                  SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
--- 
-2.31.1
-

0006-update-helper-add-missing-loop-over-user-units.patch

@@ -0,0 +1,30 @@
+From 107f3e397937eb6a45054e22bd79c142fae19cd4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 4 Nov 2021 09:49:18 +0100
+Subject: [PATCH 6/6] update-helper: add missing loop over user units
+
+Noticed by Luca.
+
+shellcheck doens't catch this, and somehow it was missed in review
+and testing ;(
+---
+ src/rpm/systemd-update-helper.in | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
+index 0c6675a9db..47d6663e07 100755
+--- a/src/rpm/systemd-update-helper.in
++++ b/src/rpm/systemd-update-helper.in
+@@ -51,8 +51,10 @@ case "$command" in
+ 
+         users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
+         for user in $users; do
+-            SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
+-                    systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart &
++            for unit in "$@"; do
++                SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                        systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart &
++            done
+         done
+         wait
+         ;;

README.build-in-place

@@ -1,7 +1,7 @@
 == Building systemd rpms for local development using rpmbuild --build-in-place ==
 
 This approach is based on https://github.com/filbranden/git-rpmbuild
-and filbranden's talk during ASG2019 [https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/].
+and filbranden's talk during ASG2019 [https://www.youtube.com/watch?v=fVM1kJrymRM].
 
 ```
 git clone https://github.com/systemd/systemd

sources

@@ -1 +1 @@
-SHA512 (systemd-249.4.tar.gz) = 5b9ec28102538bc3dcb632ee16389ff20dccf4b723186f6ae2da119a1809d84db0d8bcecf9b75c5e2da8427f5543e1da281bbed1a154e529d8a82ea5128c465c
+SHA512 (systemd-249.13.tar.gz) = eca374a66cc6a3439e83495e11d96f885c68508f340332cd750558f9fde3e6f31775e98caf085be53c7ef1ac8cf01ba7f84641112e5c978c4670e053cca305b0

split-files.py

@@ -85,6 +85,7 @@ for file in files(buildroot):
         o = o_networkd
     elif '.so.' in n:
         o = o_libs
+
     elif re.search(r'''udev(?!\.pc)|
                        hwdb|
                        bootctl|
@@ -98,6 +99,7 @@ for file in files(buildroot):
                        random-seed|
                        modules-load|
                        timesync|
+                       crypttab|
                        cryptsetup|
                        kmod|
                        quota|
@@ -110,25 +112,35 @@ for file in files(buildroot):
                        repart|
                        gpt-auto|
                        volatile-root|
-                       verity-setup|
+                       veritysetup|
+                       integritysetup|
+                       integritytab|
                        remount-fs|
                        /boot$|
                        /boot/efi|
                        /kernel/|
                        /kernel$|
-                       /modprobe.d
-    ''', n, re.X):
+                       /modprobe.d|
+                       binfmt|
+                       sysctl|
+                       coredump|
+                       homed|home1|
+                       portabled|portable1
+    ''', n, re.X):     # coredumpctl, homectl, portablectl are included in the main package because
+                       # they can be used to interact with remote daemons. Also, the user could be
+                       # confused if those user-facing binaries are not available.
         o = o_udev
-    elif re.search(r'''resolvectl|
-                       resolved|
+
+    elif re.search(r'''resolved|resolve1|
                        systemd-resolve|
                        resolvconf|
-                       resolve1\.
-    ''', n, re.X):
-        # keep only nss-resolve in systemd
+                       systemd\.(positive|negative)
+    ''', n, re.X):     # resolvectl and nss-resolve are in the main package.
         o = o_resolve
+
     elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
         o = o_oomd_defaults
+
     elif n.endswith('.standalone'):
         if 'tmpfiles' in n:
             o = o_standalone_tmpfiles
@@ -136,6 +148,7 @@ for file in files(buildroot):
             o = o_standalone_sysusers
         else:
             assert False, 'Found .standalone not belonging to known packages'
+
     else:
         o = o_rest
 

systemd.spec

@@ -17,8 +17,8 @@
 %global elf_suffix ()%{elf_bits}
 %endif
 
-# Bootstrap may be needed to break intercircular dependencies with
-# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump.
+# Bootstrap may be needed to break circular dependencies with cryptsetup,
+# e.g. when re-building cryptsetup on a json-c SONAME-bump.
 %bcond_with    bootstrap
 %bcond_without tests
 %bcond_without lto
@@ -30,8 +30,8 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 %if %{without inplace}
-Version:        249.4
-Release:        1%{?dist}
+Version:        249.13
+Release:        6%{?dist}
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@@ -83,7 +83,7 @@ Source24:       sysusers.generate-pre.sh
 %if 0
 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
 i=1; for j in 00*patch; do printf "Patch%04d:      %s\n" $i $j; i=$((i+1));done|xclip
-GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
+GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch
 %endif
 
 # Backports of patches from upstream (0000–0499)
@@ -96,7 +96,7 @@ Patch0002:      0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch
 Patch0003:      0003-rpm-call-needs-restart-in-parallel.patch
 Patch0004:      0004-rpm-restart-user-services-at-the-end-of-the-transact.patch
 Patch0005:      0005-update-helper-also-add-user-reexec-verb.patch
-
+Patch0006:      0006-update-helper-add-missing-loop-over-user-units.patch
 
 # Downstream-only patches (5000–9999)
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@@ -183,7 +183,7 @@ Requires(post): openssl-libs
 Requires(pre):  coreutils
 Requires:       dbus >= 1.9.18
 Requires:       %{name}-pam = %{version}-%{release}
-Requires:       (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
+Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
 Requires:       %{name}-libs = %{version}-%{release}
 %{?fedora:Recommends:     %{name}-networkd = %{version}-%{release}}
 %{?fedora:Recommends:     %{name}-resolved = %{version}-%{release}}
@@ -219,21 +219,25 @@ Recommends:     libpcre2-8.so.0%{?elf_suffix}
 Recommends:     libpwquality.so.1%{?elf_suffix}
 Recommends:     libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
 Recommends:     libqrencode.so.4%{?elf_suffix}
+Recommends:     libbpf.so.0%{?elf_suffix}
+Recommends:     libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits}
+
+# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
+Recommends:     libcryptsetup.so.12%{?elf_suffix}
+Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits}
 
 %description
-systemd is a system and service manager that runs as PID 1 and starts
-the rest of the system. It provides aggressive parallelization
-capabilities, uses socket and D-Bus activation for starting services,
-offers on-demand starting of daemons, keeps track of processes using
-Linux control groups, maintains mount and automount points, and
-implements an elaborate transactional dependency-based service control
-logic. systemd supports SysV and LSB init scripts and works as a
+systemd is a system and service manager that runs as PID 1 and starts the rest
+of the system. It provides aggressive parallelization capabilities, uses socket
+and D-Bus activation for starting services, offers on-demand starting of
+daemons, keeps track of processes using Linux control groups, maintains mount
+and automount points, and implements an elaborate transactional dependency-based
+service control logic. systemd supports SysV and LSB init scripts and works as a
 replacement for sysvinit. Other parts of this package are a logging daemon,
-utilities to control basic system configuration like the hostname,
-date, locale, maintain a list of logged-in users, system accounts,
-runtime directories and settings, and daemons to manage simple network
-configuration, network time synchronization, log forwarding, and name
-resolution.
+utilities to control basic system configuration like the hostname, date, locale,
+maintain a list of logged-in users, system accounts, runtime directories and
+settings, and daemons to manage simple network configuration, network time
+synchronization, log forwarding, and name resolution.
 %if 0%{?stable}
 This package was built from the %{version}-stable branch of systemd.
 %endif
@@ -251,7 +255,6 @@ Provides:       nss-myhostname%{_isa} = 0.4
 Requires(post): coreutils
 Requires(post): sed
 Requires(post): grep
-Requires(post): /usr/bin/getent
 
 %description libs
 Libraries for systemd and udev.
@@ -304,6 +307,17 @@ Provides:       udev = %{version}
 Provides:       udev%{_isa} = %{version}
 Obsoletes:      udev < 183
 
+# Recommends to replace normal Requires deps for stuff that is dlopen()ed
+# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
+Recommends:     libcryptsetup.so.12%{?elf_suffix}
+Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits}
+
+# used by home, cryptsetup, cryptenroll
+Recommends:     libfido2.so.1%{?elf_suffix}
+Recommends:     libtss2-esys.so.0%{?elf_suffix}
+Recommends:     libtss2-mu.so.0%{?elf_suffix}
+Recommends:     libtss2-rc.so.0%{?elf_suffix}
+
 # https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9
 Suggests:       systemd-bootchart
 # https://bugzilla.redhat.com/show_bug.cgi?id=1408878
@@ -314,9 +328,12 @@ Provides:       u2f-hidraw-policy = 1.0.2-40
 Obsoletes:      u2f-hidraw-policy < 1.0.2-40
 
 %description udev
-This package contains systemd-udev and the rules and hardware database
-needed to manage device nodes. This package is necessary on physical
-machines and in virtual machines, but not in containers.
+This package contains systemd-udev and the rules and hardware database needed to
+manage device nodes. This package is necessary on physical machines and in
+virtual machines, but not in containers.
+
+It also contains tools to manage encrypted home areas and secrets bound to the
+machine.
 
 %package container
 # Name is the same as in Debian
@@ -332,29 +349,25 @@ License:        LGPLv2+
 %description container
 Systemd tools to spawn and manage containers and virtual machines.
 
-This package contains systemd-nspawn, machinectl, systemd-machined,
-and systemd-importd.
+This package contains systemd-nspawn, machinectl, systemd-machined, and
+systemd-importd.
 
 %package journal-remote
 # Name is the same as in Debian
 Summary:        Tools to send journal events over the network
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 License:        LGPLv2+
-Requires(pre):    /usr/bin/getent
-Requires(post):   systemd
-Requires(preun):  systemd
-Requires(postun): systemd
 Requires:       firewalld-filesystem
 Provides:       %{name}-journal-gateway = %{version}-%{release}
 Provides:       %{name}-journal-gateway%{_isa} = %{version}-%{release}
 Obsoletes:      %{name}-journal-gateway < 227-7
 
 %description journal-remote
-Programs to forward journal entries over the network, using encrypted HTTP,
-and to write journal files from serialized journal contents.
+Programs to forward journal entries over the network, using encrypted HTTP, and
+to write journal files from serialized journal contents.
 
-This package contains systemd-journal-gatewayd,
-systemd-journal-remote, and systemd-journal-upload.
+This package contains systemd-journal-gatewayd, systemd-journal-remote, and
+systemd-journal-upload.
 
 %package networkd
 Summary:        System daemon that manages network configurations
@@ -364,19 +377,22 @@ License:        LGPLv2+
 Obsoletes:      systemd < 246.6-2
 
 %description networkd
-systemd-networkd is a system service that manages networks. It detects
-and configures network devices as they appear, as well as creating virtual
-network devices.
+systemd-networkd is a system service that manages networks. It detects and
+configures network devices as they appear, as well as creating virtual network
+devices.
 
 %package resolved
 Summary:        Network Name Resolution manager
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 Obsoletes:      %{name} < 249~~
+Requires:       libidn2.so.0%{?elf_suffix}
+Requires:       libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
+Requires(posttrans): grep
 
 %description resolved
-systemd-resolved is a system service that provides network name resolution
-to local applications. It implements a caching and validating DNS/DNSSEC
-stub resolver, as well as an LLMNR and MulticastDNS resolver and responder.
+systemd-resolved is a system service that provides network name resolution to
+local applications. It implements a caching and validating DNS/DNSSEC stub
+resolver, as well as an LLMNR and MulticastDNS resolver and responder.
 
 %package oomd-defaults
 Summary:        Configuration files for systemd-oomd
@@ -394,32 +410,37 @@ Requires:      %{name}%{?_isa} = %{version}-%{release}
 License:       LGPLv2+
 
 %description tests
-"Installed tests" that are usually run as part of the build system.
-They can be useful to test systemd internals.
+"Installed tests" that are usually run as part of the build system. They can be
+useful to test systemd internals.
 
 %package standalone-tmpfiles
 Summary:       Standalone tmpfiles binary for use in non-systemd systems
 RemovePathPostfixes: .standalone
 
 %description standalone-tmpfiles
-Standalone tmpfiles binary with no dependencies on the systemd-shared library
-or other libraries from systemd-libs. This package conflicts with the main
-systemd package and is meant for use in non-systemd systems.
+Standalone tmpfiles binary with no dependencies on the systemd-shared library or
+other libraries from systemd-libs. This package conflicts with the main systemd
+package and is meant for use in non-systemd systems.
 
 %package standalone-sysusers
 Summary:       Standalone sysusers binary for use in non-systemd systems
 RemovePathPostfixes: .standalone
 
 %description standalone-sysusers
-Standalone sysusers binary with no dependencies on the systemd-shared library
-or other libraries from systemd-libs. This package conflicts with the main
-systemd package and is meant for use in non-systemd systems.
+Standalone sysusers binary with no dependencies on the systemd-shared library or
+other libraries from systemd-libs. This package conflicts with the main systemd
+package and is meant for use in non-systemd systems.
 
 %prep
 %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
 
+test -f src/login/systemd-user.in
+# Restore systemd-user pam config from before "removal of Fedora-specific bits".
+# We'll systemd process it and install in the right place.
+cp %{SOURCE12} src/login/systemd-user.in
+
 %build
-%define ntpvendor %(source /etc/os-release; echo ${ID})
+%global ntpvendor %(source /etc/os-release; echo ${ID})
 %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
 
 CONFIGURE_OPTS=(
@@ -486,7 +507,6 @@ CONFIGURE_OPTS=(
         -Dversion-tag=v%{version}-%{release}
         -Dfallback-hostname=%[0%{?fedora}?"fedora":"localhost"]
         -Ddefault-dnssec=no
-        -Ddefault-dns-over-tls=opportunistic
         # https://bugzilla.redhat.com/show_bug.cgi?id=1867830
         -Ddefault-mdns=no
         -Ddefault-llmnr=resolve
@@ -496,12 +516,12 @@ CONFIGURE_OPTS=(
         -Dcdrom-gid=11
         -Ddialout-gid=18
         -Ddisk-gid=6
-        -Dinput-gid=104   # https://pagure.io/setup/pull-request/27
+        -Dinput-gid=104
         -Dkmem-gid=9
         -Dkvm-gid=36
         -Dlp-gid=7
-        -Drender-gid=105  # https://pagure.io/setup/pull-request/27
-        -Dsgx-gid=106     # https://pagure.io/setup/pull-request/27
+        -Drender-gid=105
+        -Dsgx-gid=106
         -Dtape-gid=33
         -Dtty-gid=5
         -Dusers-gid=100
@@ -607,9 +627,6 @@ install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf
 
 install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8}
 
-# Restore systemd-user pam config from before "removal of Fedora-specific bits"
-install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12}
-
 # Install additional docs
 # https://bugzilla.redhat.com/show_bug.cgi?id=1234951
 install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}
@@ -785,8 +802,6 @@ fi
 systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
 
 %post libs
-%{?ldconfig}
-
 function mod_nss() {
     if [ -f "$1" ] ; then
         # Add nss-systemd to passwd and group
@@ -820,24 +835,6 @@ else
         mod_nss "/etc/authselect/user-nsswitch.conf"
 fi
 
-# check if nobody or nfsnobody is defined
-export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
-if getent passwd nfsnobody &>/dev/null; then
-   test -f /etc/systemd/dont-synthesize-nobody || {
-       echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody'
-       mkdir -p /etc/systemd || :
-       : >/etc/systemd/dont-synthesize-nobody || :
-   }
-elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then
-   test -f /etc/systemd/dont-synthesize-nobody || {
-       echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody'
-       mkdir -p /etc/systemd || :
-       : >/etc/systemd/dont-synthesize-nobody || :
-   }
-fi
-
-%{?ldconfig:%postun libs -p %ldconfig}
-
 %global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service
 
 %post udev
@@ -916,41 +913,79 @@ fi
 
 %preun resolved
 if [ $1 -eq 0 ] ; then
-        systemctl disable --quiet \
-                systemd-resolved.service \
-                >/dev/null || :
+    systemctl disable --quiet \
+            systemd-resolved.service \
+            >/dev/null || :
+    if [ -L /etc/resolv.conf ] && \
+        realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then
+            rm -f /etc/resolv.conf || :      # no longer useful
+            # if network manager is enabled, move to it instead
+            [ -f /run/NetworkManager/resolv.conf ] && \
+            systemctl -q is-enabled NetworkManager.service &>/dev/null && \
+                ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf || :
+    fi
 fi
 
 %post resolved
-[ $1 -gt 1 ] && exit 0
+[ $1 -eq 1 ] || exit 0
+# Initial installation
 
 # Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
-if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
+if [ "$(echo /usr/lib/systemd/libsystemd-shared-24[0-8].so)" != "/usr/lib/systemd/libsystemd-shared-24[0-8].so" ]; then
     echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
     exit 0
 fi
 
 %systemd_post systemd-resolved.service
 
+: >%{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || :
+
+%posttrans resolved
+test -e %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || exit 0
+# Initial installation
+rm %{_localstatedir}/lib/rpm-state/systemd-resolved-initial-installation || :
+
 # Create /etc/resolv.conf symlink.
 # We would also create it using tmpfiles, but let's do this here
 # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
 # does not do this, because it's marked with ! and we don't specify --boot.)
 # https://bugzilla.redhat.com/show_bug.cgi?id=1873856
 #
-# If systemd is not running, don't overwrite the symlink because that
-# will immediately break DNS resolution, since systemd-resolved is
-# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847).
+# *Create* the symlink if nothing is present yet.
+# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)
+#
+# *Override* the symlink if systemd is running. Don't do it if systemd
+# is not running, because that will immediately break DNS resolution,
+# since systemd-resolved is also not running
+# (https://bugzilla.redhat.com/show_bug.cgi?id=1891847).
 #
 # Also don't create the symlink to the stub when the stub is disabled (#1891847 again).
-if test -d /run/systemd/system/ &&
-   systemctl -q is-enabled systemd-resolved.service &>/dev/null &&
-   ! mountpoint /etc/resolv.conf &>/dev/null &&
-   ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \
-        grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then
-  ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+#
+# If we're doing the symlink and the stub file does not exist, create
+# it as a symlink to the static stub so anaconda doesn't replace the
+# symlink or crash. It will be replaced with the dynamic stub on next
+# boot
+# https://bugzilla.redhat.com/show_bug.cgi?id=2074083
+if systemctl -q is-enabled systemd-resolved.service &>/dev/null &&
+   ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null |
+        grep -iqE '^DNSStubListener\s*=\s*(no?|false|0|off)\s*$' &&
+   ! mountpoint /etc/resolv.conf &>/dev/null; then
+
+
+  if ! ls -h /etc/resolv.conf &>/dev/null; then
+    mkdir -p /run/systemd/resolve &>/dev/null || :
+    ln -sv resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || :
+    ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf &>/dev/null || :
+  elif test -d /run/systemd/system/ &&
+     ! mountpoint /etc/resolv.conf &>/dev/null; then
+    mkdir -p /run/systemd/resolve &>/dev/null || :
+    ln -sv resolv.conf /run/systemd/resolve/stub-resolv.conf &>/dev/null || :
+    ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf &>/dev/null || :
+  fi
 fi
 
+exit 0
+
 %global _docdir_fmt %{name}
 
 %files -f %{name}.lang -f .file-list-rest
@@ -972,6 +1007,7 @@ fi
 %ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants
 %ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants
 %ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants
+%ghost %dir %attr(0700,-,-) /var/lib/portables
 %ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd
 
 %files libs -f .file-list-libs
@@ -988,6 +1024,7 @@ fi
 %files udev -f .file-list-udev
 
 %files container -f .file-list-container
+%ghost %dir %attr(0700,-,-) /var/lib/machines
 
 %files journal-remote -f .file-list-remote
 
@@ -1002,6 +1039,101 @@ fi
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
 %changelog
+* Fri Nov  4 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.13-6
+- Latest stable release (various small fixes all over: #2085481, #2086166)
+- #2139355, CVE-2022-3821
+
+* Thu Jun 16 2022 Adam Williamson <awilliam@redhat.com> - 249.12-5
+- Change dynamic stub target to make name resolution work in install %post (#2074083)
+
+* Fri Jun 10 2022 Adam Williamson <awilliam@redhat.com> - 249.12-4
+- Link dynamic to static stub for resolv.conf symlink if it doesn't exist (#2074083)
+
+* Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.12-3
+- Link /etc/resolv.conf to /usr/lib/systemd/resolv.conf (#2074083)
+
+* Fri Apr 29 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.12-2
+- Rewrite %%post scriptlet for systemd-resolved to not use coreutils (#2074083)
+
+* Thu Apr 28 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.12-1
+- Make the scriptlet for /etc/resolv.conf more robust
+- Update to latest upstream bugfix release (#2016630, various memory access
+  and correctness fixes)
+- User access via the uaccess attribute is extended to more devices
+  (USB analyzers, rfkill devices, AV production controllers, TL866 EPROM readers)
+- hwdb is updated
+- clone3() returns ENOSYS when RestrictNamespaces=yes
+
+* Tue Apr 12 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.11-2
+- Do not touch /etc/resolv.conf on upgrades (#2074122)
+- Undo the change to "create /etc/resolv.conf symlink if nothing is
+  present yet" (#2074083)
+- Clean up modules.builtin.alias.bin on kernel upgrades (#2016630)
+
+* Wed Apr  6 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.11-1
+- Update to latest bugfix release (#2039854)
+- Create /etc/resolv.conf symlink if nothing is present yet (#2032085)
+- Drop scriptlet for handling nobody user upgrades from Fedora <28
+- Move part of %%post scriptlet for resolved to %%posttrans (#2072574)
+
+* Wed Jan 12 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.9-1
+- Revert the patches for  (#1956022), hopefully fixing (#2039888)
+- Some minor documentation fixes and a fix for journalctl
+- Make systemd-xdg-autostart-service ignore missing condition check binary
+  (related to #2038750, but does not fix it)
+
+* Tue Jan 11 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.8-1
+- Create /etc/resolv.conf symlink if nothing is present yet (#2032085)
+- Add missing requirements for libfido2 and libtss2 (#1975827)
+- Allow mprotect(2), arch_prctl(2) in @default seccomp filter, bpf(2) and /proc
+  for systemd-udev (#2027627)
+- Various documentation fixes (#1926323)
+- Introduce ExitType= service setting (#1956022)
+- Fix sysusers without /proc (#2036217)
+- Various fixes to condition handling (#1919538)
+- Bugfixes for the manager, systemd-networkd, systemd-journald and journalctl,
+  systemd-analyze, systemd-resolved, systemd-homed, shell completions,
+  systemd-detect-virt on MS Hyper-V, nss modules
+- Ordering of various units during early boot and shutdown is adjusted to fix
+  some corner cases
+- Maximum numbers of files are bumped for /dev and /tmp
+- fstab-generator now ignores root-on-nfs/cifs/iscsi and live (#2037233)
+- CVE-2021-3997, #2039383: systemd-tmpfiles would exhaust the stack and crash
+  during excessive recursion on a very deeply nested directory structure.
+
+* Mon Nov 15 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.7-2
+- Supress errors from update-helper when selinux is enabled (see #2023332)
+
+* Sun Nov 14 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.7-1
+- Latest bugfix release (better erofs detection, sd-event memory
+  corruption bugfix, logind, documentation)
+- Really fix helper to restart user units with older systemd (#2020415)
+
+* Wed Nov 10 2021 Kir Kolyshkin <kolyshkin@gmail.com> - 249.7-1
+- Fix scope activation from a user instance (#2022041)
+
+* Mon Nov  8 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.6-3
+- Fix helper to restart user units with older systemd (#2020415)
+
+* Thu Nov  4 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.6-2
+- Latest bugfix release (networkd, coredumpctl, varlink, udev,
+  systemctl, systemd itself, better detection of Hyper-V and
+  Virtualbox virtualization, documentation updates)
+- Fix helper to restart user units
+
+* Fri Oct 29 2021 Adam Williamson <awilliam@redhat.com> - 249.5-2
+- Backport PR #133 to fix boot
+
+* Tue Oct 12 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.5-1
+- Latest bugfix release (various fixes in systemd-networkd,
+  -timesyncd, -journald, -udev, homed, -resolved, -repart, -oomd,
+  -coredump, systemd itself, seccomp filters, TPM2 handling,
+  -documentation, sd-event, sd-journal, journalctl, and nss-systemd).
+- Fixes #1976445.
+
+* Fri Oct 08 2021 Adam Williamson <awilliam@redhat.com> - 249.4-2
+- Don't build with -Ddefault-dns-over-tls=opportunistic (#2006393)
+
 * Tue Aug 24 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 249.4-1
 - Latest bugfix release: various fixes for systemd-networkd,
   systemd-resolved, systemd, systemd-boot.

sysusers.prov

@@ -1,5 +1,40 @@
 #!/bin/bash
 
+process_u() {
+    if [ ! -z "${2##*[!0-9]*}" ]; then
+        # Single shared static ID.
+        echo "user($1) = $2"
+        echo "group($1) = $2"
+    elif [[ $2 == *:* ]]; then
+        # UID:<group>.
+        uid=$(echo $2 | cut -d':' -f1 -)
+        group=$(echo $2 | cut -d':' -f2 -)
+        if [ ! -z "${group##*[!0-9]*}" ]; then
+            # UID:GID.
+            echo "user($1) = ${uid}"
+            echo "group($1) = ${group}"
+        else
+            # UID:<groupname>.
+            echo "user($1) = ${uid}"
+            echo "group(${group})"
+        fi
+    else
+        # Dynamic (or something else uninteresting).
+        echo "user($1)"
+        echo "group($1)"
+    fi
+}
+
+process_g() {
+    if [ ! -z "${2##*[!0-9]*}" ]; then
+        # Static GID.
+        echo "group($1) = $2"
+    else
+        # Dynamic (or something else uninteresting).
+        echo "group($1)"
+    fi
+}
+
 parse() {
     while read line; do
         [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
@@ -8,12 +43,10 @@ parse() {
         set -- $line
         case "$1" in
             ('u')
-                echo "user($2)"
-                echo "group($2)"
-                # TODO: user:group support
+                process_u "$2" "$3"
                 ;;
             ('g')
-                echo "group($2)"
+                process_g "$2" "$3"
                 ;;
             ('m')
                 echo "user($2)"

triggers.systemd

@@ -14,9 +14,13 @@
 # upgraded. We care about the case where a package is initially
 # installed, because other cases are covered by the *un scriptlets,
 # so sometimes we will reload needlessly.
-if test -d "/run/systemd/system"; then
-  %{_bindir}/systemctl daemon-reload || :
-  %{_bindir}/systemctl reload-or-restart --marked || :
+/usr/lib/systemd/systemd-update-helper system-reload-restart || :
+
+%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-reload-restart || :
 fi
 
 %transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
@@ -25,14 +29,26 @@ fi
 # On upgrade, we need to run daemon-reload after any new unit files
 # have been installed, but before %postun scripts in packages get
 # executed.
-if test -d "/run/systemd/system"; then
-  %{_bindir}/systemctl daemon-reload || :
+/usr/lib/systemd/systemd-update-helper system-reload || :
+
+%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user
+# Execute daemon-reload in user managers.
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-reload || :
 fi
 
 %transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
-# We restart remaining services that should be restarted here.
-if test -d "/run/systemd/system"; then
-  %{_bindir}/systemctl reload-or-restart --marked || :
+# We restart remaining system services that should be restarted here.
+/usr/lib/systemd/systemd-update-helper system-restart || :
+
+%transfiletriggerpostun -P  9999 -- /usr/lib/systemd/user /etc/systemd/user
+# We restart remaining user services that should be restarted here.
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-restart || :
 fi
 
 %transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
@@ -40,21 +56,21 @@ fi
 # specified users automatically. The priority is set such that it
 # will run before the tmpfiles file trigger.
 if test -d "/run/systemd/system"; then
-  %{_bindir}/systemd-sysusers || :
+  systemd-sysusers || :
 fi
 
 %transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
 # This script will automatically invoke hwdb update if files have been
 # installed or updated in /usr/lib/udev/hwdb.d.
 if test -d "/run/systemd/system"; then
-  %{_bindir}/systemd-hwdb update || :
+  systemd-hwdb update || :
 fi
 
 %transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
 # This script will automatically invoke journal catalog update if files
 # have been installed or updated in /usr/lib/systemd/catalog.
 if test -d "/run/systemd/system"; then
-  %{_bindir}/journalctl --update-catalog || :
+  journalctl --update-catalog || :
 fi
 
 %transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
@@ -71,14 +87,14 @@ fi
 # tmpfiles automatically. The priority is set such that it will run
 # after the sysusers file trigger, but before any other triggers.
 if test -d "/run/systemd/system"; then
-  %{_bindir}/systemd-tmpfiles --create || :
+  systemd-tmpfiles --create || :
 fi
 
 %transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d
 # This script will automatically update udev with new rules if files
 # have been installed or updated in /usr/lib/udev/rules.d.
 if test -e /run/udev/control; then
-  %{_bindir}/udevadm control --reload || :
+  udevadm control --reload || :
 fi
 
 %transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d