Version 251.19

... (rhbz#2242219)

.editorconfig

@@ -1,11 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-indent_size = 4
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.{yml,yaml}]
-indent_size = 2

.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -7,7 +7,3 @@
 /systemd-*.tar.xz
 /systemd-*.tar.gz
 /*.rpm
-/mkosi.output/
-/mkosi.cache/
-/mkosi.builddir/
-/mkosi.local.conf

.zuul.yaml

@@ -1,7 +1,5 @@
 - project:
     vars:
       install_repo_exclude:
-        - systemd-standalone-repart
-        - systemd-standalone-shutdown
-        - systemd-standalone-sysusers
         - systemd-standalone-tmpfiles
+        - systemd-standalone-sysuser

0001-Revert-units-drop-runlevel-0-6-.target.patch

@@ -1,88 +0,0 @@
-From 61750e265ce3f7783a8dba831e91140f84ad89f2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 5 Nov 2025 17:52:16 +0100
-Subject: [PATCH 1/3] Revert "units: drop runlevel[0-6].target"
-
-This partially reverts commit e58ba80a40fb6e96543d56774a5bc5aa9cdadbf3.
-The unit are still needed for compat.
----
- units/meson.build | 27 ++++++++++++++++++++++-----
- 1 file changed, 22 insertions(+), 5 deletions(-)
-
-diff --git a/units/meson.build b/units/meson.build
-index 2e04c4aa2b..46eaac4073 100644
---- a/units/meson.build
-+++ b/units/meson.build
-@@ -1,5 +1,7 @@
- # SPDX-License-Identifier: LGPL-2.1-or-later
- 
-+with_runlevels = conf.get('HAVE_SYSV_COMPAT') == 1
-+
- units = [
-         { 'file' : 'basic.target' },
-         { 'file' : 'blockdev@.target' },
-@@ -49,7 +51,7 @@ units = [
-         },
-         {
-           'file' : 'graphical.target',
--          'symlinks' : ['default.target'],
-+          'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []),
-         },
-         { 'file' : 'halt.target' },
-         {
-@@ -142,7 +144,10 @@ units = [
-           'conditions' : ['ENABLE_MACHINED'],
-         },
-         { 'file' : 'modprobe@.service' },
--        { 'file' : 'multi-user.target' },
-+        {
-+          'file' : 'multi-user.target',
-+          'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [],
-+        },
-         {
-           'file' : 'systemd-mute-console.socket',
-           'symlinks' : ['sockets.target.wants/']
-@@ -155,7 +160,10 @@ units = [
-         { 'file' : 'nss-lookup.target' },
-         { 'file' : 'nss-user-lookup.target' },
-         { 'file' : 'paths.target' },
--        { 'file' : 'poweroff.target' },
-+        {
-+          'file' : 'poweroff.target',
-+          'symlinks' : with_runlevels ? ['runlevel0.target'] : [],
-+        },
-         { 'file' : 'printer.target' },
-         {
-           'file' : 'proc-sys-fs-binfmt_misc.automount',
-@@ -180,7 +188,7 @@ units = [
-         },
-         {
-           'file' : 'reboot.target',
--          'symlinks' : ['ctrl-alt-del.target'],
-+          'symlinks' : ['ctrl-alt-del.target'] + (with_runlevels ? ['runlevel6.target'] : []),
-         },
-         {
-           'file' : 'remote-cryptsetup.target',
-@@ -200,7 +208,10 @@ units = [
-           'symlinks' : ['initrd-root-device.target.wants/'],
-         },
-         { 'file' : 'rescue.service.in' },
--        { 'file' : 'rescue.target' },
-+        {
-+          'file' : 'rescue.target',
-+          'symlinks' : with_runlevels ? ['runlevel1.target'] : [],
-+        },
-         { 'file' : 'rpcbind.target' },
-         { 'file' : 'serial-getty@.service.in' },
-         { 'file' : 'shutdown.target' },
-@@ -1001,4 +1012,10 @@ else
-                             dbussessionservicedir / 'org.freedesktop.systemd1.service'))
- endif
- 
-+if conf.get('HAVE_SYSV_COMPAT') == 1
-+        foreach i : [1, 2, 3, 4, 5]
-+                install_emptydir(systemunitdir / 'runlevel@0@.target.wants'.format(i))
-+        endforeach
-+endif
-+
- subdir('user')

0002-machined-continue-without-resolve.hook-socket.patch

@@ -1,32 +0,0 @@
-From 8d6d86d1d7e45eeae921e88adde55d6524027c96 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 26 Nov 2025 22:29:53 +0100
-Subject: [PATCH 3/3] machined: continue without resolve.hook socket
-
----
- src/machine/machined-varlink.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c
-index f83cbb8562..0b30cd0531 100644
---- a/src/machine/machined-varlink.c
-+++ b/src/machine/machined-varlink.c
-@@ -894,9 +894,15 @@ static int manager_varlink_init_resolve_hook(Manager *m) {
- 
-         r = sd_varlink_server_listen_address(s, VARLINK_PATH_MACHINED_RESOLVE_HOOK,
-                                              0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755);
--        if (r < 0)
--                return log_error_errno(r, "Failed to bind to varlink socket %s: %m",
--                                       VARLINK_PATH_MACHINED_RESOLVE_HOOK);
-+        if (r < 0) {
-+                bool ignore = ERRNO_IS_NEG_PRIVILEGE(r);
-+                log_full_errno(ignore ? LOG_WARNING : LOG_ERR,
-+                               r,
-+                               "Failed to bind to varlink socket %s%s: %m",
-+                               VARLINK_PATH_MACHINED_RESOLVE_HOOK,
-+                               ignore ? ", ignoring" : "");
-+                return ignore ? 0 : r;
-+        }
- 
-         r = sd_varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
-         if (r < 0)

0003-ukify-omit-.osrel-section-when-os-release-is-empty.patch

@@ -1,112 +0,0 @@
-From 75890d949f92c412c0936b8536b2e0dc8f7dfb40 Mon Sep 17 00:00:00 2001
-From: Nick Rosbrook <enr0n@ubuntu.com>
-Date: Fri, 19 Dec 2025 11:01:49 -0500
-Subject: [PATCH] ukify: omit .osrel section when --os-release= is empty
-
-The primary motivation for this is to allow users of ukify to build
-UKI-like objects, without having them later be detected as a UKI by
-tools like kernel-install and bootctl.
-
-The common code used by these tools to determine if a PE binary is a UKI
-checks that both .osrel and .linux sections are present. Hence, adding
-a mechansim to skip .osrel provides a way to avoid being labeled a UKI.
----
- man/ukify.xml                |  5 ++++-
- src/ukify/test/test_ukify.py | 15 +++++++++++----
- src/ukify/ukify.py           | 10 +++++++++-
- 3 files changed, 24 insertions(+), 6 deletions(-)
-
-diff --git a/man/ukify.xml b/man/ukify.xml
-index 829761642d..7462c5c92f 100644
---- a/man/ukify.xml
-+++ b/man/ukify.xml
-@@ -365,7 +365,10 @@
-           <listitem><para>The os-release description (the <literal>.osrel</literal> section). The argument
-           may be a literal string, or <literal>@</literal> followed by a path name. If not specified, the
-           <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file
--          will be picked up from the host system.</para>
-+          will be picked up from the host system. If explicitly set to an empty string, the ".osrel" section
-+          is omitted from the UKI (this is not recommended in most cases, and causes the resulting artifact
-+          to not be recognized as a UKI by other tools like <command>kernel-install</command>
-+          and <command>bootctl</command>).</para>
- 
-           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
-         </varlistentry>
-diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py
-index f75ef0c891..224a38569f 100755
---- a/src/ukify/test/test_ukify.py
-+++ b/src/ukify/test/test_ukify.py
-@@ -641,7 +641,7 @@ def test_efi_signing_pesign(kernel_initrd, tmp_path):
- 
-     shutil.rmtree(tmp_path)
- 
--def test_inspect(kernel_initrd, tmp_path, capsys):
-+def test_inspect(kernel_initrd, tmp_path, capsys, osrel=True):
-     if kernel_initrd is None:
-         pytest.skip('linux+initrd not found')
-     if not shutil.which('sbsign'):
-@@ -653,7 +653,7 @@ def test_inspect(kernel_initrd, tmp_path, capsys):
- 
-     output = f'{tmp_path}/signed2.efi'
-     uname_arg='1.2.3'
--    osrel_arg='Linux'
-+    osrel_arg='Linux' if osrel else ''
-     cmdline_arg='ARG1 ARG2 ARG3'
- 
-     args = [
-@@ -680,8 +680,12 @@ def test_inspect(kernel_initrd, tmp_path, capsys):
- 
-     text = capsys.readouterr().out
- 
--    expected_osrel = f'.osrel:\n  size: {len(osrel_arg)}'
--    assert expected_osrel in text
-+    if osrel:
-+        expected_osrel = f'.osrel:\n  size: {len(osrel_arg)}'
-+        assert expected_osrel in text
-+    else:
-+        assert '.osrel:' not in text
-+
-     expected_cmdline = f'.cmdline:\n  size: {len(cmdline_arg)}'
-     assert expected_cmdline in text
-     expected_uname = f'.uname:\n  size: {len(uname_arg)}'
-@@ -694,6 +698,9 @@ def test_inspect(kernel_initrd, tmp_path, capsys):
- 
-     shutil.rmtree(tmp_path)
- 
-+def test_inspect_no_osrel(kernel_initrd, tmp_path, capsys):
-+    test_inspect(kernel_initrd, tmp_path, capsys, osrel=False)
-+
- @pytest.mark.skipif(not slow_tests, reason='slow')
- def test_pcr_signing(kernel_initrd, tmp_path):
-     if kernel_initrd is None:
-diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
-index c98f8e2a5d..b7542c7eca 100755
---- a/src/ukify/ukify.py
-+++ b/src/ukify/ukify.py
-@@ -1477,6 +1477,9 @@ def make_uki(opts: UkifyConfig) -> None:
-         '.profile',
-     }
- 
-+    if not opts.os_release:
-+        to_import.remove('.osrel')
-+
-     for profile in opts.join_profiles:
-         pe = pefile.PE(profile, fast_load=True)
-         prev_len = len(uki.sections)
-@@ -2412,7 +2415,12 @@ def finalize_options(opts: argparse.Namespace) -> None:
- 
-     opts.os_release = resolve_at_path(opts.os_release)
- 
--    if not opts.os_release and opts.linux:
-+    if opts.os_release == '':
-+        # If --os-release= with an empty string was passed, treat that as
-+        # explicitly disabling the .osrel section, and do not fallback to the
-+        # system's os-release files.
-+        pass
-+    elif opts.os_release is None and opts.linux:
-         p = Path('/etc/os-release')
-         if not p.exists():
-             p = Path('/usr/lib/os-release')
--- 
-2.52.0
-

0004-stub-Fix-NULL-pointer-deref-when-there-are-no-initrd.patch

@@ -1,51 +0,0 @@
-From e57e599e6b11039ab6484e5622b3deae20bfd678 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <johannes.goede@oss.qualcomm.com>
-Date: Mon, 12 Jan 2026 14:56:36 +0100
-Subject: [PATCH] stub: Fix NULL pointer deref when there are no initrds
-
-When n_all_initrds == 0, then all_initrds is unmodified from its initial
-value of:
-
-	_cleanup_free_ struct iovec *all_initrds = NULL;
-
-and in the else block of the "if (n_all_initrds > 1)" the NULL is
-dereferenced:
-
-		final_initrd = all_initrds[0];
-
-Leading to the stub crashing due to a NULL pointer deref.
-
-Fix this by initializing final_initrd to all 0s and only
-running the else block if (n_all_initrds == 1).
----
- src/boot/stub.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/boot/stub.c b/src/boot/stub.c
-index 06ecbc7d18..65950262c6 100644
---- a/src/boot/stub.c
-+++ b/src/boot/stub.c
-@@ -1302,9 +1302,9 @@ static EFI_STATUS run(EFI_HANDLE image) {
- 
-         /* Combine the initrds into one */
-         _cleanup_pages_ Pages initrd_pages = {};
--        struct iovec final_initrd;
-+        struct iovec final_initrd = {};
-         if (n_all_initrds > 1) {
--                /* There will always be a base initrd, if this counter is higher, we need to combine them */
-+                /* If there is more then 1 initrd we need to combine them */
-                 err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len);
-                 if (err != EFI_SUCCESS)
-                         return err;
-@@ -1313,7 +1313,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
- 
-                 /* Given these might be large let's free them explicitly before we pass control to Linux */
-                 initrds_free(&initrds);
--        } else
-+        } else if (n_all_initrds == 1)
-                 final_initrd = all_initrds[0];
- 
-         struct iovec kernel = IOVEC_MAKE(
--- 
-2.52.0
-

10-map-count.conf

@@ -1,3 +0,0 @@
-# Increase the number of virtual memory areas that one process may request
-# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
-vm.max_map_count=1048576

10-oomd-per-slice-defaults.conf

@@ -1,3 +1,3 @@
 [Slice]
 ManagedOOMMemoryPressure=kill
-ManagedOOMMemoryPressureLimit=80%
+ManagedOOMMemoryPressureLimit=50%

10-timeout-abort.conf

@@ -1,14 +0,0 @@
-# This file is part of the systemd package.
-# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
-#
-# To facilitate debugging when a service fails to stop cleanly,
-# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
-# the time allotted. This will cause the service to be terminated with SIGABRT
-# and a coredump to be generated.
-#
-# To undo this configuration change, create a mask file:
-#   sudo mkdir -p /etc/systemd/system/service.d
-#   sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf
-
-[Service]
-TimeoutStopFailureMode=abort

26494.patch

@@ -1,30 +0,0 @@
-From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Mon, 20 Feb 2023 12:00:30 +0900
-Subject: [PATCH] core/manager: run generators directly when we are in initrd
-
-Some initrd system write files at ourside of /run, /etc, or other
-allowed places. This is a kind of workaround, but in most cases, such
-sandboxing is not necessary as the filesystem is on ramfs when we are in
-initrd.
-
-Fixes #26488.
----
- src/core/manager.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index 7b394794b0d4..306477c6e6c2 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
-         /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
-          * we are the user manager, let's just execute the generators directly. We might not have the
-          * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
--         */
--        if (MANAGER_IS_USER(m)) {
-+         * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
-+        if (MANAGER_IS_USER(m) || in_initrd()) {
-                 r = manager_execute_generators(m, paths, /* remount_ro= */ false);
-                 goto finish;
-         }

30846.patch

@@ -1,56 +0,0 @@
-From 07bedc8f93277f705622625f440a1f56ccff1cd0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 9 Jan 2024 11:28:04 +0100
-Subject: [PATCH] journal: again create user journals for users with high uids
-
-This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
-'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
-in an additional check of uid_is_container(uid). The problem is that that change
-is not backwards-compatible at all and very hard for users to handle.
-There is no common agreement on mappings of high-range uids. Systemd declares
-ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
-but this is only a recent change and various sites allocated those ranges
-in a different way, in particular FreeIPA uses (used?) uids from this range
-for human users. On big sites with lots of users changing uids is obviously a
-hard problem. We generally assume that uids cannot be "freed" and/or changed
-and/or reused safely, so we shouldn't demand the same from others.
-
-This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
-SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
-huge problems for existing systems with were created with a different
-definition and couldn't be easily updated. For that case, we added a
-configuration time switch and we now parse /etc/login.defs to actually use the
-value that is appropriate for the local system.
-
-Unfortunately, login.defs doesn't have a concept of container allocation ranges
-(and we don't have code to parse and use those nonexistent names either), so we
-can't tell users to adjust logind.defs to work around the changed definition.
-
-login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
-because they are used to define where the add allocations for subuids, which is
-generally a much smaller range. Maybe we should talk with other folks about
-the appropriate allocation ranges and define some new settings in login.defs.
-But this would require discussion and coordination with other projects first.
-
-Actualy, it seems that this change was needed at all. The code in the container
-does not log to the outside journal. It talks to its own journald, which does
-journal splitting using its internal logic based on shifted uids. So let's
-revert the change to fix user systems.
-
-Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
----
- src/basic/uid-classification.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c
-index 203ce2c68a..2eb384395d 100644
---- a/src/basic/uid-classification.c
-+++ b/src/basic/uid-classification.c
-@@ -129,5 +129,6 @@ bool uid_for_system_journal(uid_t uid) {
- 
-         /* Returns true if the specified UID shall get its data stored in the system journal. */
- 
--        return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_container(uid) || uid_is_foreign(uid);
-+        return uid_is_system(uid) || uid_is_dynamic(uid) || uid_is_greeter(uid) || uid == UID_NOBODY || uid_is_foreign(uid);
-+
- }

38769.patch

@@ -1,42 +0,0 @@
-From 00d70f36a0866660693347009446b7f872a05bf4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Sat, 30 Aug 2025 13:55:56 +0200
-Subject: [PATCH] core: create userdb root directory with correct label
-
-Set up the /run/systemd/userdb directory with the default SELinux context
-on creation.
-
-With version 257.7-1 on Debian the directory was automatically created with the
-correct label. Starting with version 258 (only tested with 258~rc3-1) it no
-longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a.
-
-[zjs: edited the patch to apply comments from review and update the description.]
----
- src/core/varlink.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/core/varlink.c b/src/core/varlink.c
-index 99f12c59e5..71a8ffd0e5 100644
---- a/src/core/varlink.c
-+++ b/src/core/varlink.c
-@@ -5,6 +5,7 @@
- #include "constants.h"
- #include "errno-util.h"
- #include "manager.h"
-+#include "mkdir-label.h"
- #include "path-util.h"
- #include "pidref.h"
- #include "string-util.h"
-@@ -441,7 +442,11 @@ static int manager_varlink_init_system(Manager *m) {
-                         if (!fresh && varlink_server_contains_socket(m->varlink_server, address))
-                                 continue;
- 
--                        r = sd_varlink_server_listen_address(m->varlink_server, address, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755);
-+                        r = mkdir_parents_label(address, 0755);
-+                        if (r < 0)
-+                                log_warning_errno(r, "Failed to create parent directory of '%s', ignoring: %m", address);
-+
-+                        r = sd_varlink_server_listen_address(m->varlink_server, address, 0666);
-                         if (r < 0)
-                                 return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address);
-                 }

60-block-scheduler.rules

@@ -1,5 +0,0 @@
-# do not edit this file, it will be overwritten on update
-
-ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \
-  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
-  ATTR{queue/scheduler}="bfq"

98-default-mac-none.link

@@ -1,20 +0,0 @@
-# SPDX-License-Identifier: MIT-0
-#
-# This config file is installed as part of systemd.
-# It may be freely copied and edited (following the MIT No Attribution license).
-#
-# To make local modifications, one of the following methods may be used:
-# 1. add a drop-in file that extends this file by creating the
-#    /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a
-#    new .conf file there.
-# 2. copy this file into /etc/systemd/network or one of the other paths checked
-#    by systemd-udevd and edit it there.
-# This file should not be edited in place, because it'll be overwritten on upgrades.
-
-[Match]
-Kind=bridge bond team
-
-[Link]
-NamePolicy=keep kernel database onboard slot path
-AlternativeNamesPolicy=database onboard slot path
-MACAddressPolicy=none

README.build-in-place.md

@@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM).
 git clone https://github.com/systemd/systemd
 fedpkg clone systemd fedora-systemd
 cd systemd
-rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with upstream ../fedora-systemd/systemd.spec
+rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec
 sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
 ```
 

changelog

@@ -1,760 +1,3 @@
-* Sun Jan 12 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257.2-6
-- Rebuilt for the bin-sbin merge (2nd attempt)
-
-* Fri Jan 10 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257.2-4
-- Revert use of PrivateTmp=disconnected (rhbz#2334015,
-  https://github.com/coreos/fedora-coreos-tracker/issues/1857)
-
-* Wed Jan 08 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257.2-1
-- Version 257.2
-- Fixes for assertion crashes and memory access issues in pid1 and systemd-
-  machined, and other fixes for systemd-repart, systemd-resolved, systemd-
-  stdio-bridge, systemctl, journalctl, sd-device, hibernation, and the
-  hardware database.
-
-* Tue Jan 07 2025 Yu Watanabe <watanabe.yu+github@gmail.com> - 257.1-7
-- Replace 'udevadm hwdb' with systemd-hwdb
-
-* Tue Jan 07 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257.1-6
-- Rename source .abignore file
-
-* Fri Dec 20 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 257.1-2
-- Re-enable upstream behaviour of systemd-tmpfiles --purge
-
-* Fri Dec 20 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257.1-1
-- Version 257.1
-- A bunch of post-release fixes, incl. for systemd-resolved, tpm2 support,
-  systemd-networkd, systemd-logind, journalct.
-- Should fix rhbz#2325780.
-
-* Sun Dec 15 2024 Yu Watanabe <watanabe.yu+github@gmail.com> - 257-3
-- Add patch for test-time-util
-
-* Sun Dec 15 2024 Yu Watanabe <watanabe.yu+github@gmail.com> - 257-2
-- sysusers: support new ! line flag for creating fully locked accounts
-
-* Tue Dec 10 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257-1
-- Version 257
-- A bunch of small fixes in various components: systemd itself, systemd-
-  cryptenroll, sd-varlink, sd-boot, documentation, tests
-- Includes an update of the hardware database
-
-* Thu Dec 05 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc3-5
-- Enable slow tests during build
-
-* Tue Dec 03 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc3-3
-- Recommend qemu-kvm-core instead of qemu-kvm (rhbz#2329979)
-
-* Fri Nov 29 2024 Yu Watanabe <watanabe.yu+github@gmail.com> - 257~rc3-2
-- Update tmpfiles --destroy-data patch
-
-* Wed Nov 27 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc3-1
-- Version 257~rc3
-- A bunch of small fixes here and there: virtualization detection, udev,
-  systemd-networked, pid1.
-- Includes a hardware database update.
-
-* Tue Nov 26 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc2-4
-- Make systemd-network-generator co-owned by -udev and -networkd
-  (rhbz#2328723)
-
-* Tue Nov 19 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc2-3
-- Pull in qemu from systemd-container
-
-* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc2-2
-- Change sysusers u! lines to u because we don't have support in rpm
-
-* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc2-1
-- Version 257~rc2
-- Changes in systemd-measure, systemd-networkd, documentation, systemd-
-  sysupdated, systemd-sbsign, systemd-boot, systemd-stub, systemd-nspawn,
-  run0, ukify
-- Hardware database update
-
-* Fri Nov 15 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc1-3
-- Disable freezing of user sessions (rhbz#2321268)
-
-* Thu Nov 07 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 257~rc1-1
-- Version 257~rc1
-
-* Thu Nov 07 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.7-7
-- Use %%posttrans instead of %%postun to restart services
-
-* Thu Nov 07 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 256.7-6
-- Disable OpenSSL v3 ENGINE on RHEL
-
-* Tue Nov 05 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.7-4
-- Backport user manager reexec changes
-
-* Tue Nov 05 2024 David Tardon <dtardon@redhat.com> - 256.7-3
-- Use %%systemd_preun in systemd-resolved
-
-* Thu Oct 24 2024 Yu Watanabe <watanabe.yu+github@gmail.com> - 256.7-2
-- test_sysusers_defined: support new ! line flag for creating fully locked
-  accounts
-
-* Fri Oct 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.7-1
-- Version 256.7
-- Various small fixes in many components
-- Documentation updates
-
-* Tue Sep 24 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.6-3
-- Move yum/dnf protection removal config file under /usr
-
-* Thu Sep 12 2024 Matteo Croce <teknoraver@meta.com> - 256.6-1
-- Version 256.6
-
-* Thu Aug 29 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.5-6
-- Always build ukify package
-
-* Wed Aug 28 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.5-5
-- Do not use patch to modify systemd-user pam config file
-
-* Tue Aug 27 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.5-3
-- Only make python3-pillow Recommends on Fedora
-
-* Sat Aug 24 2024 Davide Cavalca <dcavalca@fedoraproject.org> - 256.5-2
-- Do not require grubby on CentOS Stream 9
-
-* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.5-1
-- Version 256.5
-- Includes the patches for the kernel change with kernel threads in leaf
-  cgroups (https://github.com/systemd/systemd/pull/33885)
-- Various smaller fixes
-
-* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.4-4
-- Disable integration of userdb in sshd
-
-* Mon Jul 29 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.4-3
-- Backport patch to only read /proc/cmdline when not in container
-
-* Mon Jul 29 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.4-2
-- Backport upstream patch to try more initrd variants in
-  90-loaderentry.install
-
-* Thu Jul 25 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.4-1
-- Version 256.4
-- Hardware db update
-- Minor fixes for systemd-udevd and varlink protocol
-
-* Tue Jul 23 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.3-3
-- Update tmpfiles --destroy-data patch
-
-* Tue Jul 23 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.3-1
-- Version 256.3
-- A bunch of fixes for systemd (pid1)
-- Various upgrades related to running tests in mkosi
-
-* Sat Jul 20 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.2-17
-- Simplify BFQ scheduler enablement
-
-* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 256.2-16
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.2-9
-- Backport udma buffer access patch (rhbz#2298422)
-
-* Tue Jul 16 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.2-8
-- Add support for building from a specific branch
-
-* Tue Jul 16 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.2-7
-- Update PR patch metadata
-
-* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.2-6
-- In standalone subpackages, suggest coreutils-single
-
-* Mon Jul 15 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.2-5
-- Drop versions from Conflicts for standalone packages
-
-* Sun Jul 14 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.2-4
-- Use a more precise Recommends for libkxbcommon
-
-* Thu Jul 11 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.2-3
-- Drop machined revert
-
-* Tue Jul 09 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.2-2
-- Rebuilt for the bin-sbin merge
-
-* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.2-1
-- Version 256.2
-- A bunch of various small fixes
-
-* Mon Jul 08 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.1-13
-- Link systemd-executor statically
-
-* Fri Jul 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 256.1-12
-- Update dracut workaround
-
-* Fri Jul 05 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 256.1-11
-- Fix ELN build
-
-* Fri Jul 05 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.1-10
-- Only exclude dracut conflicts on non-fedora on upstream builds
-
-* Fri Jul 05 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.1-9
-- Conditionalize dracut Conflicts more
-
-* Tue Jul 02 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.1-8
-- Use vmlinux.h from kernel-devel
-
-* Tue Jul 02 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.1-7
-- Pull in openssl-devel-engine
-
-* Mon Jul 01 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.1-6
-- Only add Requires on python3-zstd on Fedora
-
-* Mon Jul 01 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 256.1-5
-- Drop BuildRequires on python3-zstd
-
-* Tue Jun 25 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.1-4
-- Revert "Remove tmpfiles snippet for /home and /srv"
-
-* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.1-3
-- Remove tmpfiles snippet for /home and /srv
-
-* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.1-2
-- Soft-disable tmpfiles --purge until a good use case comes up
-
-* Tue Jun 18 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256.1-1
-- Version 256.1
-
-* Sun Jun 16 2024 U2FsdGVkX1 <U2FsdGVkX1@gmail.com> - 256-2
-- disable auto-features when bootstrapping
-
-* Tue Jun 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256-1
-- Version 256
-- Only minor changes since -rc4.
-- Hardward db is updated.
-
-* Fri Jun 07 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc4-2
-- Restore patch to drop varlink method call
-
-* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc4-1
-- Version 256~rc4
-
-* Thu Jun 06 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc3-6
-- Drop sysusers.d/basic.conf
-- We rely on setup to provide all necessary groups.
-
-* Sun Jun 02 2024 Adam Williamson <awilliam@redhat.com> - 256~rc3-4
-- Partially backport PR #33016 to fix crashes in KDE 6.3.0
-
-* Wed May 29 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc3-2
-- Add patch to work-around libbpf bug (rhbz#2280935)
-
-* Thu May 23 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc3-1
-- Version 256~rc3
-
-* Wed May 15 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc2-6
-- Version 256~rc2
-- Various small changes all over
-- A fix for rhbz#2273069
-
-* Mon May 13 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1^20240509git1781de1-4
-- Make %%release_override overridable from outside
-
-* Sat May 11 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1^20240509git1781de1-2
-- Temporarily drop call to varlink method to avoid SELinux denial
-
-* Thu May 09 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1^20240509git1781de1-1
-- Version 256-rc1^20240509git
-- There were some fixes merged upstream, so let's try again before v256-rc2
-  is released.
-
-* Thu May 02 2024 Jan Macku <jamacku@redhat.com> - 256~rc1-6
-- spec: `systemd-ukify` should depend on `systemd-boot`
-
-* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1-4
-- Add additional daemon-reexec for upgrades from old systemd versions
-
-* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1-3
-- Drop trigger scriptlets for upgrades from systemd < 247
-
-* Sat Apr 27 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1-2
-- Add Recommends for dlopen libraries
-
-* Fri Apr 26 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 256~rc1-1
-- Version 256~rc1
-- See https://raw.githubusercontent.com/systemd/systemd/v256-rc1/NEWS. Too
-  many changes to list or discuss here.
-
-* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.5-3
-- Reexec systemd in %%postun
-  (https://github.com/systemd/systemd/issues/5096)
-- The workaround dbus issues in upgrades from systemd-239 is dropped
-
-* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.5-2
-- Drop workaround to run generators without sandboxing (requirement on
-  dracut >= 60 is added)
-
-* Wed Apr 24 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.5-1
-- Version 255.5
-- Many different small fixes: systemd itself, systemd-networkd, systemd-
-  journal-remote, compilation fixes for newer kernels and clang, systemd-
-  homed, systemd-resolved, ukify, systemd-tmpfiles, various other.
-
-* Wed Apr 10 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.4-16
-- Prepare for bin-sbin merge
-
-* Wed Mar 27 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.4-13
-- spec: add %%bcond to build without documentation
-
-* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.4-11
-- Revert "Adjust release tag for riscv64"
-
-* Fri Mar 22 2024 David Abdurachmanov <davidlt@rivosinc.com> - 255.4-10
-- Enable bootloader stack for riscv64
-
-* Fri Mar 22 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.4-9
-- Adjust release tag for riscv64
-
-* Wed Mar 20 2024 David Tardon <dtardon@redhat.com> - 255.4-5
-- Make Requires(*) on systemd versioned
-
-* Wed Mar 20 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.4-4
-- Add R:systemd-udev to systemd-networkd subpackage (rhbz#2173425)
-
-* Mon Mar 18 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.4-3
-- Add psutil dependency to systemd-tests
-
-* Thu Mar 07 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.4-2
-- Build in developer mode when building for upstream
-
-* Fri Mar 01 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.4-1
-- Version 255.4
-
-* Wed Feb 21 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-13
-- Allow setting extra configure options using
-  %%meson_extra_configure_options
-
-* Wed Feb 21 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-12
-- Apply pam patch when building for upstream
-
-* Wed Feb 21 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-11
-- Use %%version_override/%%release_override to specify version/release by
-  users
-
-* Tue Feb 20 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.3-10
-- Let libkmod be a dlopen'ed dependency
-
-* Sat Feb 17 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-9
-- Allow overriding the version and release using macros
-
-* Sat Feb 17 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-8
-- Stop passing %%{release} to meson when building in upstream mode
-
-* Sat Feb 17 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-7
-- Don't pass b_lto to meson
-
-* Thu Feb 15 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-6
-- Update usage of meson-vcs-tag.sh to account for upstream changes
-
-* Sun Feb 11 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-5
-- Replace inplace macro with upstream macro
-
-* Sun Feb 11 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-4
-- Remove reconfiguration logic
-
-* Sun Feb 11 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 255.3-3
-- Stop depending on filelists
-
-* Mon Jan 29 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.3-2
-- Conflicts/Provides with systemd-standalone-repart are moved udev
-  subpackage
-
-* Thu Jan 25 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.3-1
-- Version 255.3
-- A bunch of various fixes for memory and behaviour, in many different
-  components (bootctl, systemd, udev, systemd-networkd, systemd-homed,
-  systemd-logind, systemd-resolve, systemd-repart, systemd-analyze,
-  systemd-dissect, systemd-boot, pam modules, systemd-storagetm, systemd-
-  journal-remote, kernel-install)
-- Improved detection of virtualization (Google Compute Engine, Apple Virt)
-- Updates for shell completions and docs
-- An update for hardware database
-
-* Tue Jan 23 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.2-3
-- Add temporary patch to adjust uid range classification (rhbz#2251843)
-
-* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.2-1
-- Version 255.2
-- Fixes missing DNSSEC validity check in SOA DNS packets (CVE-2023-7008)
-- systemd-resolved and systemd-networkd are restarted after an upgrade.
-
-* Tue Jan 09 2024 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.1-2
-- Add missing %%postun scriptlets for systemd-{resolved,networkd}
-  (rhbz#2255718)
-
-* Sat Dec 16 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255.1-1
-- Version 255.1
-
-* Wed Dec 13 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255-7
-- Do not remove modified config files
-
-* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255-4
-- Add /etc/ssh/sshd_config.d to the file list
-
-* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255-3
-- Move config files to /usr/lib/systemd (e.g. /etc/systemd/system.conf →
-  /usr/lib/systemd/systemd.conf). Both config file locations were already
-  supported, and the files installed in /etc/ were "empty" (i.e. they had
-  only comments and section headers). The move does not change the
-  configuration, but just makes /etc more empty by default. See
-  https://github.com/systemd/systemd/commit/6495361c7d for more discussion
-  and details.
-
-* Fri Dec 08 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255-2
-- Move systemd-bsod is to udev subpackage
-
-* Wed Dec 06 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255-1
-- Version 255
-- Just a few bugfixes since 255-rc4: seccomp filters, logging,
-  documentation, systemd-repart
-- Includes a hardware database update.
-
-* Sat Dec 02 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc4-1
-- Version 255~rc4
-
-* Fri Dec 01 2023 Adam Williamson <awilliam@redhat.com> - 255~rc3-4
-- Backport PRs #30170 and #30266 to fix BPF denials (RHBZ #2250930)
-
-* Wed Nov 29 2023 Adam Williamson <awilliam@redhat.com> - 255~rc3-3
-- Backport #30197 to fix vconsole startup (RHBZ #2251394)
-
-* Thu Nov 23 2023 Peter Robinson <pbrobinson@gmail.com> - 255~rc3-2
-- de-dupe LICENSE.LGPL2.1 in licenses
-
-* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc3-1
-- Version 255~rc3
-
-* Wed Nov 22 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc2-2
-- Add systemd-networkd-defaults subpackage
-
-* Wed Nov 15 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc2-1
-- Version 255~rc2
-- See See https://raw.githubusercontent.com/systemd/systemd/v255-rc2/NEWS
-
-* Wed Nov 08 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
-- Add Conflicts with older dracut which doesn't have required patches
-
-* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc1-3
-- Also build systemd-vmspawn
-
-* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc1-2
-- Move oomd to systemd-udev
-
-* Tue Nov 07 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 255~rc1-1
-- Version 255~rc1
-- See https://raw.githubusercontent.com/systemd/systemd/v255-rc1/NEWS
-- All the files and services related to pcrs are moved to -udev subpackage.
-  This includes the new systemd-pcrlock binary.
-
-* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.5-2
-- Pull in more patches for keyboard layout matching
-
-* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.5-1
-- Version 254.5
-- Resolves rhbz#29216.
-
-* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.2-14
-- Pull in patches to add PollLimit setting
-
-* Wed Sep 27 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.2-13
-- Change versioned Conflicts to rich Requires (rhbz#2240828)
-
-* Tue Sep 19 2023 Adam Williamson <awilliam@redhat.com> - 254.2-12
-- Backport PR #29215 to improve keyboard layout matching
-
-* Mon Sep 18 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.2-7
-- Fix creation of installkernel symlink
-
-* Fri Sep 15 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.2-6
-- Provide /usr/sbin/installkernel (rhbz#2239008).
-
-* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.2-2
-- Make inter-subpackage dependencies archful
-
-* Thu Sep 07 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.2-1
-- Version 254.2
-- A bunch of fixes in various areas: manager, coredump, sysupdate,
-  hibernation, journal.
-- Should fix rhbz#2234653.
-
-* Wed Sep 06 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.1-8
-- Actually reload user managers and backport unit reload macros
-
-* Sat Sep 02 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 254.1-7
-- ukify: Drop obsolete dependency on objcopy
-
-* Sat Sep 02 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 254.1-6
-- Add missing ukify dependency on python-cryptography
-
-* Sun Aug 20 2023 Yu Watanabe <watanabe.yu+github@gmail.com> - 254.1-5
-- spec: also explicitly enable/disable ukify support
-
-* Sun Aug 13 2023 Yu Watanabe <watanabe.yu+github@gmail.com> - 254.1-4
-- spec: explicitly enable/disable xen support
-
-* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254.1-1
-- Version 254.1 (rhbz#2228089, possibly partial fix for rhbz#2229524)
-
-* Wed Aug 09 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254-5
-- Do daemon-reexec of user managers after package upgrade
-
-* Mon Aug 07 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 254-4
-- Revert "Supress errors on selinux systems"
-
-* Thu Aug 03 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 254-3
-- Add a custom %%clean implementation
-
-* Thu Aug 03 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 254-2
-- Update libbpf soname
-
-* Fri Jul 28 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254-1
-- Version 254 (just a bunch of bugfixes, mostly for unusual architectures,
-  since rc3)
-- rhbz#2226908
-- See https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS for
-  the full changeset.
-
-* Mon Jul 24 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254~rc3-1
-- Version 254~rc3
-- A bunch of fixes, e.g. rhbz#2223795. Also a bunch of reverts of commits
-  which were found to cause problems.
-
-* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 254~rc2-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Mon Jul 17 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254~rc2-4
-- Fix scriptlets for various services and remote-cryptsetup.target
-  (rhbz#2217997)
-
-* Sun Jul 16 2023 Stewart Smith <stewart@flamingspork.com> - 254~rc2-3
-- Convert existing bcond_with[out] to plain bcond
-
-* Sun Jul 16 2023 Stewart Smith <trawets@amazon.com> - 254~rc2-2
-- Move gnutls, zlib, bzip2, lz4, xz, and zstd to bconds
-
-* Sat Jul 15 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254~rc2-1
-- Version 254~rc2
-- Various bug fixes, in particular kernel-install should again work without
-  /proc.
-
-* Thu Jul 13 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 254~rc1-1
-- Version 254~rc1
-- Way too many changes to list. See
-  https://raw.githubusercontent.com/systemd/systemd/v254-rc1/NEWS
-- Fix regression in socket activation of services (rhbz#2213660).
-
-* Mon Jun 26 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 253.5-7
-- Use rpm sysuser provide generation on RHEL >= 10
-
-* Thu Jun 22 2023 Panu Matilainen <pmatilai@redhat.com> - 253.5-6
-- Use rpm's sysuser provide generation on Fedora >= 39
-
-* Wed Jun 21 2023 Anita Zhang <the.anitazha@gmail.com> - 253.5-5
-- fix typos in standalone package provides
-
-* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 253.5-4
-- Avoid pillow and pyflakes in RHEL builds
-
-* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 253.5-3
-- Avoid qrencode dependency in RHEL builds
-
-* Fri Jun 02 2023 Alessandro Astone <ales.astone@gmail.com> - 253.5-2
-- Increase vm.max_map_count
-
-* Thu Jun 01 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.5-1
-- Version 253.5
-
-* Thu May 11 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.4-1
-- Version 253.4
-
-* Thu May 11 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 253.2-6
-- Raise ManagedOOMMemoryPressureLimit from 50%% to 80%%
-
-* Tue May 09 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.2-5
-- Add forgotten Provides and Conflicts for standalones
-
-* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.2-4
-- sysusers.generate-pre.sh: properly escape quotes in description strings
-  (rhbz#2104141)
-
-* Wed Apr 26 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.2-3
-- sysusers.generate-pre.sh: fix indentation in generated scripts
-
-* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.2-1
-- Version 253.2
-
-* Wed Mar 29 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.1-7
-- oomd: stop monitoring user-*.slice slices (rhbz#2177722)
-
-* Thu Mar 09 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.1-6
-- Move /usr/lib/systemd/boot/ to systemd-boot-unsigned subpackage
-
-* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.1-2
-- Fix build with gnu-efi-3.0.11-13
-
-* Fri Mar 03 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253.1-1
-- Version 253.1
-- Fixes rhbz#2148464
-
-* Wed Mar 01 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253-7
-- Move man pages for sd-boot into systemd-boot-unsigned
-
-* Wed Feb 22 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253-6
-- Set TimeoutStopFailureMode=abort for services (see
-  https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer)
-
-* Tue Feb 21 2023 Dusty Mabe <dusty@dustymabe.com> - 253-5
-- remove group write permission from 98-default-mac-none.link
-
-* Tue Feb 21 2023 Dusty Mabe <dusty@dustymabe.com> - 253-4
-- fix comment instructions for 98-default-mac-none.link
-
-* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253-3
-- Backport patch for container compatibility (rhbz#2165004)
-
-* Tue Feb 21 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253-2
-- Add workaround patch for dracut generator issue (rhbz#2164404)
-
-* Mon Feb 20 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253-1
-- Version 253 (mostly some documentation fixes since -rc3).
-
-* Fri Feb 10 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc3-1
-- Version 253-rc3
-- A bunch of bugfixes for regressions, some documentation and bug fixes
-  too.
-- Really fix rhbz#2165692 (previous build carried an unapplied patch).
-
-* Thu Feb 09 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc2-7
-- Revert patch switch causes problems for 'systemctl isolate'
-  (rhbz#2165692)
-
-* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc2-6
-- Disable systemd-boot-update.service in presets
-
-* Wed Feb 08 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc2-4
-- Update License to SPDX
-
-* Mon Feb 06 2023 Thomas Haller <thaller@redhat.com> - 253~rc2-3
-- add "98-default-mac-none.link" to keep default MAC address of
-  bridge/bond/team
-
-* Thu Feb 02 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 253~rc2-2
-- Shorten shutdown timeout to 45 s
-
-* Thu Feb 02 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc2-1
-- Version 253~rc2
-- Sysusers fixup (rhbz#2156900) + other small changes
-
-* Thu Feb 02 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 253~rc1-5
-- Build with xen only on Fedora
-
-* Thu Jan 26 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc1-3
-- Reenable systemd-journald-audit.socket after upgrades (rhbz#2164594)
-
-* Wed Jan 25 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc1-2
-- Add Requires on Python modules to systemd-ukify and Recommends for
-  libp11-kit
-
-* Tue Jan 24 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 253~rc1-1
-- Version 253~rc1
-- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS
-- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone,
-  and systemd-ukify.
-
-* Sun Jan 22 2023 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.4-4
-- Backport patches to fix issues gcc-13 and -D_FORTIFY_SOURCE=3
-
-* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 252.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Thu Jan 05 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-2
-- Add python3 to BuildRequires
-
-* Tue Dec 20 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.4-1
-- Version 252.4
-- Fixes a few different issues (systemd-timesyncd connectivity problems,
-  broken emoji output on the console, crashes in pid1 unit dependency
-  logic)
-- CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel
-  setting
-
-* Sat Dec 17 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.3-4
-- boot: add Provides:systemd-boot(isa)
-
-* Wed Dec 14 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.3-2
-- Use upstream pam systemd-auth file with a patch, add pam_keyinit
-
-* Thu Dec 08 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.3-1
-- Version 252.3 (rhbz#2136916, rhbz#2083900)
-
-* Fri Dec 02 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.2-2
-- Split out systemd-boot-unsigned package
-
-* Thu Nov 24 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.2-1
-- Version 252.2
-- Latest batch of bugfixes (rhbz#2137631)
-
-* Thu Nov 24 2022 Martin Osvald <mosvald@redhat.com> - 252.1-3
-- Support user:group notation by sysusers.generate-pre.sh script
-
-* Tue Nov 08 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252.1-1
-- Version 252.1 (just some small fixes).
-
-* Mon Oct 31 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252-1
-- Version 252
-
-* Tue Oct 25 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252~rc3-1
-- Version 252-rc3 (#2135778)
-
-* Tue Oct 18 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252~rc2-28
-- Version 252-rc2 (#2134741, #2133792)
-
-* Fri Oct 14 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252~rc1-31
-- Fix upgrade detection in %%posttrans scriptlet (rhbz#2115094)
-
-* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252~rc1-30
-- Fix indentation in %%sysusers_create_compat macro (rhbz#2132835)
-
-* Sun Oct 09 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252~rc1-29
-- Correctly move systemd-measure to systemd-udev subpackage
-
-* Fri Oct 07 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 252~rc1-28
-- Version 252-rc1 (for details see
-  https://raw.githubusercontent.com/systemd/systemd/v252-rc1/NEWS)
-
-* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 251.5-29
-- Fix permissions on %%ghost files (rhbz#2122889)
-
-* Sat Oct 01 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 251.5-28
-- Version 251.5 (rhbz#2129343, rhbz#2121106, rhbz#2130188)
-
-* Fri Sep 30 2022 Yu Watanabe <watanabe.yu+github@gmail.com> - 251.4-41
-- Replace patch for test-mountpoint-util
-
-* Fri Sep 30 2022 Yu Watanabe <watanabe.yu+github@gmail.com> - 251.4-40
-- patch: fix regression in bfq patch
-
-* Fri Sep 30 2022 Luca BRUNO <lucab@lucabruno.net> - 251.4-39
-- sysusers/generate: bridge 'm' entries to usermod
-
-* Fri Sep 30 2022 Anita Zhang <the.anitazha@gmail.com> - 251.4-38
-- Update systemd-oomd defaults to friendlier values
-- Remove swap policy. Default amount of swap (8GB?) is a lot lower than
-  what we use internally with the swap policy. Which frequently leads to
-  GNOME getting killed (e.g.
-  https://bugzilla.redhat.com/show_bug.cgi?id=1941170, and other BZs not
-  linked here). Internally we use 0.5x-1x size of physical memory for swap
-  via swapfiles (this will be documented in systemd upstream). In simple
-  cases of using more memory than is available (but without memory
-  pressure), the Kernel OOM killer can handle killing the offending
-  process.
-
-* Thu Sep 29 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 251.4-37
-- Make systemd-devel conditionally pull in systemd-rpm-macros
-
 * Fri Aug 19 2022 Neal Gompa <ngompa@fedoraproject.org> - 251.4-53
 - Set compile-time fallback hostname to "localhost"
   https://fedoraproject.org/wiki/Changes/FallbackHostname

macros.sysusers

@@ -2,9 +2,9 @@
 #
 # Turn a sysusers.d file into macros specified by
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
-#
-# After https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers,
-# those macros are not needed anymore.
 
-%sysusers_requires_compat %nil
-%sysusers_create_compat() %nil
+%sysusers_requires_compat Requires(pre): shadow-utils
+
+%sysusers_create_compat() \
+%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
+%{nil}

macros.sysusers.compat

@@ -1,10 +0,0 @@
-# RPM macros for packages creating system accounts
-#
-# Turn a sysusers.d file into macros specified by
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
-
-%sysusers_requires_compat Requires(pre): shadow-utils
-
-%sysusers_create_compat() \
-%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
-%{nil}

plans/run-integration-tests.sh

@@ -1,127 +0,0 @@
-#!/bin/bash
-
-set -eux
-set -o pipefail
-
-# Switch SELinux to permissive if possible, since the tests don't set proper contexts
-setenforce 0 || true
-
-echo "CPU and Memory information:"
-lscpu
-lsmem
-
-echo "Clock source: $(cat /sys/devices/system/clocksource/clocksource0/current_clocksource)"
-
-# Bump inotify limits if we can so nspawn containers don't run out of inotify file descriptors.
-sysctl fs.inotify.max_user_watches=65536 || true
-sysctl fs.inotify.max_user_instances=1024 || true
-
-if [[ -n "${KOJI_TASK_ID:-}" ]]; then
-    koji download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$KOJI_TASK_ID"
-elif [[ -n "${CBS_TASK_ID:-}" ]]; then
-    cbs download-task --noprogress --arch="noarch,$(rpm --eval '%{_arch}')" "$CBS_TASK_ID"
-elif [[ -n "${PACKIT_SRPM_URL:-}" ]]; then
-    COPR_BUILD_ID="$(basename "$(dirname "$PACKIT_SRPM_URL")")"
-    COPR_CHROOT="$(basename "$(dirname "$(dirname "$PACKIT_BUILD_LOG_URL")")")"
-    copr download-build --rpms --chroot "$COPR_CHROOT" "$COPR_BUILD_ID"
-    mv "$COPR_CHROOT"/* .
-else
-    echo "Not running within packit and no CBS/koji task ID provided"
-    exit 1
-fi
-
-PACKAGEDIR="$PWD"
-
-# This will match both the regular and the debuginfo rpm so make sure we select only the
-# non-debuginfo rpm.
-RPMS=(systemd-tests-*.rpm)
-rpm2cpio "${RPMS[0]}" | cpio --make-directories --extract
-pushd usr/lib/systemd/tests
-mkosi_hash="$(grep "MinimumVersion=commit:" mkosi/mkosi.conf | sed "s|MinimumVersion=commit:||g")"
-
-# Now prepare mkosi at the same version required by the systemd repo.
-git clone https://github.com/systemd/mkosi /var/tmp/systemd-integration-tests-mkosi
-git -C /var/tmp/systemd-integration-tests-mkosi checkout "$mkosi_hash"
-
-export PATH="/var/tmp/systemd-integration-tests-mkosi/bin:$PATH"
-
-# shellcheck source=/dev/null
-. /etc/os-release || . /usr/lib/os-release
-
-tee mkosi/mkosi.local.conf <<EOF
-[Distribution]
-Distribution=${MKOSI_DISTRIBUTION:-$ID}
-Release=${MKOSI_RELEASE:-${VERSION_ID:-rawhide}}
-
-[Content]
-PackageDirectories=$PACKAGEDIR
-SELinuxRelabel=yes
-
-[Build]
-ToolsTreeDistribution=${MKOSI_DISTRIBUTION:-$ID}
-ToolsTreeRelease=${MKOSI_RELEASE:-${VERSION_ID:-rawhide}}
-ToolsTreePackageDirectories=$PACKAGEDIR
-Environment=NO_BUILD=1
-WithTests=yes
-EOF
-
-if [[ -n "${MKOSI_REPOSITORIES:-}" ]]; then
-    tee --append mkosi/mkosi.local.conf <<EOF
-[Distribution]
-Repositories=$MKOSI_REPOSITORIES
-
-[Build]
-ToolsTreeRepositories=$MKOSI_REPOSITORIES
-EOF
-fi
-
-if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then
-    tee --append mkosi/mkosi.local.conf <<EOF
-[Runtime]
-KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=$TEST_SELINUX_CHECK_AVCS
-EOF
-fi
-
-# If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first.
-modprobe kvm || true
-if [[ ! -e /dev/kvm ]]; then
-    export TEST_NO_QEMU=1
-fi
-
-NPROC="$(nproc)"
-if [[ "$NPROC" -ge 10 ]]; then
-    export TEST_JOURNAL_USE_TMP=1
-    NPROC="$((NPROC / 3))"
-else
-    NPROC="$((NPROC - 1))"
-fi
-
-# This test is only really useful if we're building with sanitizers and takes a long time, so let's skip it
-# for now.
-export TEST_SKIP="TEST-21-DFUZZER ${TEST_SKIP:-}"
-
-mkosi genkey
-mkosi summary
-mkosi -f box -- true
-mkosi box -- meson setup build integration-tests/standalone
-mkosi -f
-if [[ "$(mkosi box -- meson test --help)" == *"--max-lines"* ]]; then
-    MAX_LINES=(--max-lines 300)
-else
-    MAX_LINES=()
-fi
-mkosi box -- \
-    meson test \
-        -C build \
-        --setup=integration \
-        --print-errorlogs \
-        --no-stdsplit \
-        --num-processes "$NPROC" \
-        "${MAX_LINES[@]}" && EC=0 || EC=$?
-
-[[ -d build/meson-logs ]] && find build/meson-logs -type f -exec mv {} "$TMT_TEST_DATA" \;
-[[ -d build/test/journal ]] && find build/test/journal -type f -exec mv {} "$TMT_TEST_DATA" \;
-
-popd
-
-exit "$EC"

plans/upstream.fmf

@@ -1,22 +0,0 @@
-summary: systemd upstream test suite
-provision:
-  hardware:
-    virtualization:
-      is-supported: true
-prepare:
-  - name: install-dependencies
-    how: install
-    package:
-      - coreutils
-      - distribution-gpg-keys
-      - dnf
-      - git-core
-      - koji
-      - centos-packager
-      - copr-cli
-    exclude:
-      - systemd-standalone-.*
-execute:
-    how: tmt
-    script: exec plans/run-integration-tests.sh
-    duration: 2h

purge-nobody-user

@@ -0,0 +1,101 @@
+#!/bin/bash -eu
+
+if [ $UID -ne 0 ]; then
+    echo "WARNING: This script needs to run as root to be effective"
+    exit 1
+fi
+
+export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
+
+if [ "${1:-}" = "--ignore-journal" ]; then
+    shift
+    ignore_journal=1
+else
+    ignore_journal=0
+fi
+
+echo "Checking processes..."
+if ps h -u 99 | grep .; then
+    echo "ERROR: ps reports processes with UID 99!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking UTMP..."
+if w -h 199 | grep . ; then
+    echo "ERROR: w reports UID 99 as active!"
+    exit 2
+fi
+if w -h nobody | grep . ; then
+    echo "ERROR: w reports user nobody as active!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking the journal..."
+if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
+    echo "ERROR: journalctl reports messages from UID 99 in current boot!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Looking for files in /etc, /run, /tmp, and /var..."
+if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
+    echo "ERROR: found files belonging to UID 99"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking if nobody is defined correctly..."
+if getent passwd nobody |
+	grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
+then
+    echo "OK, nothing to do."
+    exit 0
+else
+    echo "NOTICE: User nobody is not defined correctly"
+fi
+
+echo "Checking if nfsnobody or something else is using the uid..."
+if getent passwd 65534 | grep . ; then
+    echo "NOTICE: will have to remove this user"
+else
+    echo "... not found"
+fi
+
+if [ "${1:-}" = "-x" ]; then
+    if getent passwd nobody >/dev/null; then
+	# this will remove both the user and the group.
+	( set -x
+   	  userdel nobody
+	)
+    fi
+
+    if getent passwd 65534 >/dev/null; then
+	# Make sure the uid is unused. This should free gid too.
+	name="$(getent passwd 65534 | cut -d: -f1)"
+	( set -x
+	  userdel "$name"
+	)
+    fi
+
+    if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
+	echo "Sleeping, so sss can catch up"
+	sleep 3
+    fi
+
+    if getent group 65534; then
+	# Make sure the gid is unused, even if uid wasn't.
+	name="$(getent group 65534 | cut -d: -f1)"
+	( set -x
+	  groupdel "$name"
+	)
+    fi
+
+    # systemd-sysusers uses the same gid and uid
+    ( set -x
+      systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
+    )
+else
+    echo "Pass '-x' to perform changes"
+fi

rpminspect.yaml

@@ -1,24 +1,13 @@
  # Disable badfuncs check that has tons of false positives.
 badfuncs:
-  allowed:
-    /usr/lib/systemd/tests/unit-tests/*:
-       - inet_addr
-       - inet_aton
-    /usr/bin/networkctl:
-       - inet_addr
-       - inet_aton
+  exclude_path: .*
 
 # don't report changed content of compiled files
 # that is expected with every update
 changedfiles:
   exclude_path: .*
 
-# completely disable inspections:
+# completely disabled inspections:
 inspections:
   # we know about our patches, no need to report anything
   patches: off
-
-  # this inspection uses `udevadm` which comes from this package
-  # disable so we do not check udev rules with a possibly outdated version
-  # of the command
-  udevrules: off

sources

@@ -1 +1 @@
-SHA512 (systemd-259.tar.gz) = ef46b13661df43e3cfbeee1bc22f0b1eb902e8ebe39c19868c465efd08b35a199c2a2cd9d8021a6bc4d692fa0c6e0eab3f13eecd6ce24dde81d3945464a25b50
+SHA512 (systemd-251.19.tar.gz) = a1bd8f449e2ec92e823eae81a002b2da7e008bdcaeeac2c9c381eee42d58990d277994062541c4ba7721bb581b5f2147c9b9af2af611edc2a0d578dc2d08eb4c

split-files.py

@@ -1,47 +1,8 @@
 import re, sys, os, collections
 
 buildroot = sys.argv[1]
-no_bootloader = '--no-bootloader' in sys.argv
-
-known_files = '''
-%ghost %config(noreplace) /etc/crypttab
-%ghost %attr(0444,root,root) /etc/udev/hwdb.bin
-/etc/inittab
-# This directory is owned by openssh-server, but we don't want to introduce
-# a dependency. So let's copy the config and co-own the directory.
-%dir %attr(0700,root,root) /etc/ssh/sshd_config.d
-%ghost %config(noreplace) /etc/vconsole.conf
-%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf
-%ghost %attr(0664,root,root) %verify(not group) /run/utmp
-%ghost %attr(0664,root,root) %verify(not group) /var/log/wtmp
-%ghost %attr(0660,root,root) %verify(not group) /var/log/btmp
-%ghost %attr(0664,root,root) %verify(not md5 size mtime group) /var/log/lastlog
-%ghost %config(noreplace) /etc/hostname
-%ghost %config(noreplace) /etc/localtime
-%ghost %config(noreplace) /etc/locale.conf
-%ghost %attr(0444,root,root) %config(noreplace) /etc/machine-id
-%ghost %config(noreplace) /etc/machine-info
-%ghost %attr(0700,root,root) %dir /var/cache/private
-%ghost %attr(0700,root,root) %dir /var/lib/private
-%ghost %dir /var/lib/private/systemd
-%ghost %dir /var/lib/private/systemd/journal-upload
-%ghost /var/lib/private/systemd/journal-upload/state
-%ghost %dir /var/lib/systemd/timesync
-%ghost /var/lib/systemd/timesync/clock
-%ghost %dir /var/lib/systemd/backlight
-%ghost /var/lib/systemd/catalog/database
-%ghost %dir /var/lib/systemd/coredump
-%ghost /var/lib/systemd/journal-upload
-%ghost %dir /var/lib/systemd/linger
-%ghost %attr(0600,root,root) /var/lib/systemd/random-seed
-%ghost %dir /var/lib/systemd/rfkill
-%ghost %dir %verify(not mode group) /var/log/journal
-%ghost %dir /var/log/journal/remote
-%ghost %attr(0700,root,root) %dir /var/log/private
-'''
-
-known_files = {line.split()[-1]:line for line in known_files.splitlines()
-               if line and not line.startswith('#')}
+known_files = sys.stdin.read().splitlines()
+known_files = {line.split()[-1]:line for line in known_files}
 
 def files(root):
     os.chdir(root)
@@ -54,31 +15,21 @@ def files(root):
             if file.is_dir() and not file.is_symlink():
                 todo.append(file)
 
-outputs = {suffix: open(f'.file-list-{suffix}', 'w')
-           for suffix in (
-                   'shared',
-                   'libs',
-                   'udev',
-                   'ukify',
-                   'boot',
-                   'pam',
-                   'rpm-macros',
-                   'sysusers',
-                   'devel',
-                   'container',
-                   'networkd',
-                   'networkd-defaults',
-                   'oomd-defaults',
-                   'remote',
-                   'resolve',
-                   'tests',
-                   'standalone-repart',
-                   'standalone-tmpfiles',
-                   'standalone-sysusers',
-                   'standalone-shutdown',
-                   'main',
-           )}
-
+o_libs = open('.file-list-libs', 'w')
+o_udev = open('.file-list-udev', 'w')
+o_boot = open('.file-list-boot', 'w')
+o_pam = open('.file-list-pam', 'w')
+o_rpm_macros = open('.file-list-rpm-macros', 'w')
+o_devel = open('.file-list-devel', 'w')
+o_container = open('.file-list-container', 'w')
+o_networkd = open('.file-list-networkd', 'w')
+o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
+o_remote = open('.file-list-remote', 'w')
+o_resolve = open('.file-list-resolve', 'w')
+o_tests = open('.file-list-tests', 'w')
+o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
+o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
+o_main = open('.file-list-main', 'w')
 for file in files(buildroot):
     n = file.path[1:]
     if re.match(r'''/usr/(share|include)$|
@@ -102,84 +53,38 @@ for file in files(buildroot):
                     /var(/cache|/log|/lib|/run|)$
     ''', n, re.X):
         continue
-
-    if n.endswith('.standalone'):
-        if 'repart' in n:
-            o = outputs['standalone-repart']
-        elif 'tmpfiles' in n:
-            o = outputs['standalone-tmpfiles']
-        elif 'sysusers' in n:
-            o = outputs['standalone-sysusers']
-        elif 'shutdown' in n:
-            o = outputs['standalone-shutdown']
-        else:
-            assert False, 'Found .standalone not belonging to known packages'
-
-    elif '/security/pam_' in n or '/man8/pam_' in n:
-        o = outputs['pam']
+    if '/security/pam_' in n or '/man8/pam_' in n:
+        o = o_pam
     elif '/rpm/' in n:
-        o = outputs['rpm-macros']
+        o = o_rpm_macros
     elif '/usr/lib/systemd/tests' in n:
-        o = outputs['tests']
-    elif 'ukify' in n and '/man/' not in n:
-        o = outputs['ukify']
-    elif re.search(r'/libsystemd-core-.*\.so$', n):
-        o = outputs['main']
-    elif re.search(r'/libsystemd-shared-.*\.so$', n):
-        o = outputs['shared']
+        o = o_tests
+    elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
+        o = o_main
     elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
-        o = outputs['udev']
-    elif re.search(r'/lib.*\.pc$|/man3/|/usr/include|\.so$', n):
-        o = outputs['devel']
+        o = o_udev
+    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|\.so$', n):
+        o = o_devel
     elif re.search(r'''journal-(remote|gateway|upload)|
                        systemd-remote\.conf|
                        /usr/share/systemd/gatewayd|
                        /var/log/journal/remote
     ''', n, re.X):
-        o = outputs['remote']
-
-    # Just the binary, the dir, and the man page.
-    elif re.search(r'''systemd-sysusers$|
-                       sysusers\.d$|
-                       man/.*sysusers\.d\.5|
-                       man/.*systemd-sysusers\.8
-    ''', n, re.X):
-        o = outputs['sysusers']
+        o = o_remote
 
     elif re.search(r'''mymachines|
                        machinectl|
-                       mount.ddi|
-                       importctl|
-                       portablectl|
                        systemd-nspawn|
-                       systemd\.nspawn|
-                       systemd-vmspawn|
-                       systemd-dissect|
-                       import-pubring|
-                       systemd-machined|
-                       systemd-import|
-                       systemd-export|
-                       systemd-pull|
-                       systemd-mountfsd|
-                       systemd-mountwork|
-                       systemd-nsresource|
+                       import-pubring.gpg|
+                       systemd-(machined|import|pull)|
                        /machine.slice|
                        /machines.target|
                        var-lib-machines.mount|
                        org.freedesktop.(import|machine)1
     ''', n, re.X):
-        o = outputs['container']
+        o = o_container
 
-    # .network.example files go into systemd-networkd, and the matching files
-    # without .example go into systemd-networkd-defaults
-    elif (re.search(r'''/usr/lib/systemd/network/.*\.network$''', n)
-          and os.path.exists(f'./{n}.example')):
-        o = outputs['networkd-defaults']
-
-    # Files that are "consumed" by systemd-networkd go into the -networkd
-    # subpackage. As a special case, network-generator is co-owned also by
-    # the -udev subpackage because systemd-udevd reads .link files.
-    elif re.search(r'''/usr/lib/systemd/network/.*\.network|
+    elif re.search(r'''/usr/lib/systemd/network/80-|
                        networkd|
                        networkctl|
                        org.freedesktop.network1|
@@ -188,26 +93,18 @@ for file in files(buildroot):
                        systemd\.network|
                        systemd\.netdev
     ''', n, re.X):
-        o = outputs['networkd']
-    elif 'network-generator' in n:
-        o = (outputs['networkd'], outputs['udev'])
+        o = o_networkd
 
     elif '.so.' in n:
-        o = outputs['libs']
-
-    elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
-        o = outputs['oomd-defaults']
+        o = o_libs
 
     elif re.search(r'''udev(?!\.pc)|
                        hwdb|
-                       ac-power|
                        bootctl|
                        boot-update|
                        bless-boot|
                        boot-system-token|
-                       bsod|
                        kernel-install|
-                       installkernel|
                        vconsole|
                        backlight|
                        rfkill|
@@ -222,7 +119,6 @@ for file in files(buildroot):
                        pstore|
                        sleep|suspend|hibernate|
                        systemd-tmpfiles-setup-dev|
-                       network/98-default-mac-none.link|
                        network/99-default.link|
                        growfs|makefs|makeswap|mkswap|
                        fsck|
@@ -233,10 +129,6 @@ for file in files(buildroot):
                        integritysetup|
                        integritytab|
                        remount-fs|
-                       /initrd|
-                       systemd[.-]pcr|
-                       /pcrlock\.d|
-                       systemd-measure|
                        /boot$|
                        /kernel/|
                        /kernel$|
@@ -245,54 +137,51 @@ for file in files(buildroot):
                        sysctl|
                        coredump|
                        homed|home1|
-                       sysupdate|updatctl|
-                       oomd|
                        portabled|portable1
     ''', n, re.X):     # coredumpctl, homectl, portablectl are included in the main package because
                        # they can be used to interact with remote daemons. Also, the user could be
                        # confused if those user-facing binaries are not available.
-        o = outputs['udev']
+        o = o_udev
 
     elif re.search(r'''/boot/efi|
-                       /usr/lib/systemd/boot|
                        sd-boot|systemd-boot\.|loader.conf
     ''', n, re.X):
-        o = outputs['boot']
+        o = o_boot
 
     elif re.search(r'''resolved|resolve1|
                        systemd-resolve|
                        resolvconf|
                        systemd\.(positive|negative)
     ''', n, re.X):     # resolvectl and nss-resolve are in the main package.
-        o = outputs['resolve']
+        o = o_resolve
+
+    elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
+        o = o_oomd_defaults
+
+    elif n.endswith('.standalone'):
+        if 'tmpfiles' in n:
+            o = o_standalone_tmpfiles
+        elif 'sysusers' in n:
+            o = o_standalone_sysusers
+        else:
+            assert False, 'Found .standalone not belonging to known packages'
 
     else:
-        o = outputs['main']
+        o = o_main
 
     if n in known_files:
-        prefix = known_files[n].split()[:-1]
-    elif file.is_dir(follow_symlinks=False):
-        prefix = ['%dir']
+        prefix = ' '.join(known_files[n].split()[:-1])
+        if prefix:
+            prefix += ' '
+    elif file.is_dir() and not file.is_symlink():
+        prefix = '%dir '
     elif 'README' in n:
-        prefix = ['%doc']
+        prefix = '%doc '
     elif n.startswith('/etc'):
-        prefix = ['%config(noreplace)']
-        if not file.is_symlink() and file.stat().st_size == 0:
-            prefix += ['%ghost']
+        prefix = '%config(noreplace) '
     else:
-        prefix = []
-    prefix = ' '.join(prefix + ['']) if prefix else ''
+        prefix = ''
 
     suffix = '*' if '/man/' in n else ''
 
-    if not isinstance(o, tuple):
-        o = (o,)
-    for file in o:
-        print(f'{prefix}{n}{suffix}', file=file)
-
-if [print(f'ERROR: no file names were written to {o.name}')
-    for name, o in outputs.items()
-    if (o.tell() == 0 and
-        not (no_bootloader and name == 'boot'))
-    ]:
-    sys.exit(1)
+    print(f'{prefix}{n}{suffix}', file=o)

systemd-user

@@ -1,14 +1,14 @@
+# This file is part of systemd.
+#
 # Used by systemd --user instances.
 
 -account sufficient pam_systemd_home.so
 account  sufficient pam_unix.so no_pass_expiry
-account  include    system-auth
+account  include system-auth
 
-session  required   pam_selinux.so close
-session  required   pam_selinux.so nottys open
-session  required   pam_loginuid.so
-session  optional   pam_keyinit.so force revoke
-session  required   pam_namespace.so
--session optional   pam_systemd_home.so
-session  optional   pam_umask.so silent
-session  include    system-auth
+session  required pam_selinux.so close
+session  required pam_selinux.so nottys open
+session  required pam_loginuid.so
+session  required pam_namespace.so
+-session optional pam_systemd_home.so
+session  include system-auth

sysusers.generate-pre.sh

@@ -20,16 +20,16 @@ user() {
 	if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
 		cat <<-EOF
 		getent passwd '$user' >/dev/null || \\
-		    useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
+			useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
 		EOF
 	else
 		cat <<-EOF
-		if ! getent passwd ${user@Q} >/dev/null; then
-		    if ! getent passwd ${uid@Q} >/dev/null; then
-		        useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
-		    else
-		        useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
-		    fi
+		if ! getent passwd '$user' >/dev/null; then
+			if ! getent passwd '$uid' >/dev/null; then
+			useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+			else
+			useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+			fi
 		fi
 
 		EOF
@@ -42,11 +42,11 @@ group() {
 
 	if [ "$gid" = '-' ]; then
 		cat <<-EOF
-		getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || :
+		getent group '$group' >/dev/null || groupadd -r '$group' || :
 		EOF
 	else
 		cat <<-EOF
-		getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || :
+		getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
 		EOF
 	fi
 }
@@ -56,8 +56,8 @@ usermod() {
 	group="$2"
 
 	cat <<-EOF
-	if getent group ${group@Q} >/dev/null; then
-	    usermod -a -G ${group@Q} '$user' || :
+	if getent group '$group' >/dev/null; then
+		usermod -a -G '$group' '$user' || :
 	fi
 	EOF
 }
@@ -69,7 +69,7 @@ parse() {
 		[ -z "$line" ] && continue
 		eval "arr=( $line )"
 		case "${arr[0]}" in
-			('u'|'u!')
+			('u')
 				if [[ "${arr[2]}" == *":"* ]]; then
 					user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}"
 				else

sysusers.prov

@@ -42,7 +42,7 @@ parse() {
         [ -z "$line" ] && continue
         set -- $line
         case "$1" in
-            ('u'|'u!')
+            ('u')
                 process_u "$2" "$3"
                 ;;
             ('g')

test_sysusers_defined.py

@@ -1,39 +0,0 @@
-#!/usr/bin/python
-
-import os
-import sys
-
-def parse_sysusers_file(filename):
-    users, groups = set(), set()
-
-    for line in open(filename):
-        line = line.strip()
-        if not line or line.startswith('#'):
-            continue
-        words = line.split()
-        match words[0]:
-            case 'u'|'u!':
-                users.add(words[1])
-            case 'g':
-                groups.add(words[1])
-            case 'm'|'r':
-                continue
-            case _:
-                assert False
-    return users, groups
-
-setup_users, setup_groups = set(), set()
-
-for arg in sys.argv[1:-1]:
-    users, groups = parse_sysusers_file(arg)
-    setup_users |= users
-    setup_groups |= groups
-
-basic_users, basic_groups = parse_sysusers_file(sys.argv[-1])
-
-ignored = set(os.getenv('IGNORED', '').split())
-
-if d := basic_users - setup_users - ignored:
-    exit(f'We have new users: {d}')
-if d := basic_groups - setup_groups - ignored:
-    exit(f'We have new groups: {d}')

tests/tests-reboot.yml

@@ -0,0 +1,50 @@
+---
+- hosts: localhost
+  vars:
+  - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
+  tags:
+  - classic
+  tasks:
+  # switch SELinux to permissive mode
+  - name: Get default kernel
+    command: "grubby --default-kernel"
+    register: default_kernel
+  - debug: msg="{{ default_kernel.stdout }}"
+  - name: Set permissive mode
+    command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
+
+  - name: reboot
+    block:
+      - name: restart host
+        shell: sleep 2 && shutdown -r now "Ansible updates triggered"
+        async: 1
+        poll: 0
+        ignore_errors: true
+
+      - name: wait for host to come back
+        wait_for_connection:
+          delay: 10
+          timeout: 300
+
+      - name: Re-create /tmp/artifacts
+        command: mkdir /tmp/artifacts
+
+      - name: Gather SELinux denials since boot
+        shell: |
+            result=pass
+            dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
+            ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
+            grep -q '<no matches>' /tmp/avc.log || result=fail
+            echo -e "\nresults:\n- test: reboot and collect AVC\n  result: $result\n  logs:\n  - avc.log\n\n" > /tmp/results.yml
+            ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
+
+    always:
+      - name: Pull out the artifacts
+        fetch:
+          dest: "{{ artifacts }}/"
+          src: "{{ item }}"
+          flat: yes
+        with_items:
+          - /tmp/test.log
+          - /tmp/avc.log
+          - /tmp/results.yml

triggers.systemd

@@ -9,17 +9,21 @@
 #
 # Minimum rpm version supported: 4.14.0
 
-%transfiletriggerin -P 900900 -- /usr/lib/systemd/system/ /etc/systemd/system/
+%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
 # This script will run after any package is initially installed or
 # upgraded. We care about the case where a package is initially
 # installed, because other cases are covered by the *un scriptlets,
 # so sometimes we will reload needlessly.
 /usr/lib/systemd/systemd-update-helper system-reload-restart || :
 
-%transfiletriggerin -P 900899 -- /usr/lib/systemd/user/ /etc/systemd/user/
-/usr/lib/systemd/systemd-update-helper user-reload-restart || :
+%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-reload-restart || :
+fi
 
-%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system/ /etc/systemd/system/
+%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
 # On removal, we need to run daemon-reload after any units have been
 # removed.
 # On upgrade, we need to run daemon-reload after any new unit files
@@ -27,35 +31,43 @@
 # executed.
 /usr/lib/systemd/systemd-update-helper system-reload || :
 
-%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user/ /etc/systemd/user/
+%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user
 # Execute daemon-reload in user managers.
-/usr/lib/systemd/systemd-update-helper user-reload || :
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-reload || :
+fi
 
-%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system/ /etc/systemd/system/
+%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
 # We restart remaining system services that should be restarted here.
 /usr/lib/systemd/systemd-update-helper system-restart || :
 
-%transfiletriggerpostun -P  9999 -- /usr/lib/systemd/user/ /etc/systemd/user/
+%transfiletriggerpostun -P  9999 -- /usr/lib/systemd/user /etc/systemd/user
 # We restart remaining user services that should be restarted here.
-/usr/lib/systemd/systemd-update-helper user-restart || :
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-restart || :
+fi
 
-%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d/
+%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
 # This script will process files installed in /usr/lib/sysusers.d to create
 # specified users automatically. The priority is set such that it
 # will run before the tmpfiles file trigger.
 systemd-sysusers || :
 
-%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d/
+%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
 # This script will automatically invoke hwdb update if files have been
 # installed or updated in /usr/lib/udev/hwdb.d.
 systemd-hwdb update || :
 
-%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog/
+%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
 # This script will automatically invoke journal catalog update if files
 # have been installed or updated in /usr/lib/systemd/catalog.
 journalctl --update-catalog || :
 
-%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d/
+%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
 # This script will automatically apply binfmt rules if files have been
 # installed or updated in /usr/lib/binfmt.d.
 if test -d "/run/systemd/system"; then
@@ -64,7 +76,7 @@ if test -d "/run/systemd/system"; then
   /usr/lib/systemd/systemd-binfmt || :
 fi
 
-%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d/
+%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d
 # This script will process files installed in /usr/lib/tmpfiles.d to create
 # tmpfiles automatically. The priority is set such that it will run
 # after the sysusers file trigger, but before any other triggers.
@@ -72,12 +84,14 @@ if test -d "/run/systemd/system"; then
   systemd-tmpfiles --create || :
 fi
 
-%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d/
+%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d
 # This script will automatically update udev with new rules if files
 # have been installed or updated in /usr/lib/udev/rules.d.
-/usr/lib/systemd/systemd-update-helper mark-reload-system-units systemd-udevd.service || :
+if test -e /run/udev/control; then
+  udevadm control --reload || :
+fi
 
-%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d/
+%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d
 # This script will automatically apply sysctl rules if files have been
 # installed or updated in /usr/lib/sysctl.d.
 if test -d "/run/systemd/system"; then

use-bfq-scheduler.patch

@@ -0,0 +1,43 @@
+From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 14 Aug 2019 15:57:42 +0200
+Subject: [PATCH] udev: use bfq as the default scheduler
+
+As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
+Test results are that bfq seems to behave better and more consistently on
+typical hardware. The kernel does not have a configuration option to set
+the default scheduler, and it currently needs to be set by userspace.
+
+See the bug for more discussion and links.
+---
+ rules.d/60-block-scheduler.rules | 5 +++++
+ rules.d/meson.build              | 1 +
+ 2 files changed, 6 insertions(+)
+ create mode 100644 rules.d/60-block-scheduler.rules
+
+diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
+new file mode 100644
+index 0000000000..850b64540e
+--- /dev/null
++++ b/rules.d/60-block-scheduler.rules
+@@ -0,0 +1,5 @@
++# do not edit this file, it will be overwritten on update
++
++ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \
++  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
++  ATTR{queue/scheduler}="bfq"
+diff --git a/rules.d/meson.build b/rules.d/meson.build
+index 8d2878a36d..a3b395c9ce 100644
+--- a/rules.d/meson.build
++++ b/rules.d/meson.build
+@@ -8,6 +8,7 @@ rules = [
+         [files('60-autosuspend.rules',
+                '60-block.rules',
+                '60-cdrom_id.rules',
++               '60-block-scheduler.rules',
+                '60-drm.rules',
+                '60-evdev.rules',
+                '60-fido-id.rules',
+-- 
+2.37.2
+

yum-protect-systemd.conf

@@ -0,0 +1,2 @@
+systemd
+systemd-udev