PR#3: systemd 252.4-1.1 hyperscale release - rpms/systemd

rpms / systemd

#3 systemd 252.4-1.1 hyperscale release

Merged 2 years ago by dcavalca. Opened 2 years ago by daandemeyer.

rpms/ daandemeyer/systemd c8s-sig-hyperscale into c8s-sig-hyperscale

systemd 252.4-598.4 hyperscale release

Daan De Meyer • 2 years ago

09f814

0001-pam-align-second-and-third-columns.patch

file added

+48

		`@@ -0,0 +1,48 @@`
		`+ From 9efb224443d819b7d64ec76cb94c8aa625a8abf2 Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
		`+ Date: Wed, 23 Nov 2022 16:05:48 +0100`
		`+ Subject: [PATCH 1/2] pam: align second and third columns`
		`+`
		`+ In our template file, we have jinja2 template markers, so the file`
		`+ looks fairly messy. But once it's rendered, it looks pretty clean, except`
		`+ that the columns are unaligned becuase of "-" in some lines in the first`
		`+ column. Let's make them aligned.`
		`+ ---`
		`+ src/login/systemd-user.in \| 18 +++++++++---------`
		`+ 1 file changed, 9 insertions(+), 9 deletions(-)`
		`+`
		`+ diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in`
		`+ index 39bcbd71fe..d5597d28cb 100644`
		`+ --- a/src/login/systemd-user.in`
		`+ +++ b/src/login/systemd-user.in`
		`+ @@ -4,18 +4,18 @@`
		`+ # Used by systemd --user instances.`
		`+`
		`+ {% if ENABLE_HOMED %}`
		`+ --account sufficient pam_systemd_home.so`
		`+ +-account sufficient pam_systemd_home.so`
		`+ {% endif %}`
		`+ -account sufficient pam_unix.so no_pass_expiry`
		`+ -account required pam_permit.so`
		`+ +account sufficient pam_unix.so no_pass_expiry`
		`+ +account required pam_permit.so`
		`+`
		`+ {% if HAVE_SELINUX %}`
		`+ -session required pam_selinux.so close`
		`+ -session required pam_selinux.so nottys open`
		`+ +session required pam_selinux.so close`
		`+ +session required pam_selinux.so nottys open`
		`+ {% endif %}`
		`+ -session required pam_loginuid.so`
		`+ -session optional pam_keyinit.so force revoke`
		`+ +session required pam_loginuid.so`
		`+ +session optional pam_keyinit.so force revoke`
		`+ {% if ENABLE_HOMED %}`
		`+ --session optional pam_systemd_home.so`
		`+ +-session optional pam_systemd_home.so`
		`+ {% endif %}`
		`+ -session optional pam_systemd.so`
		`+ +session optional pam_systemd.so`
		`+ --`
		`+ 2.38.1`
		`+`

0002-pam-add-a-call-to-pam_namespace.patch

file added

+41

		`@@ -0,0 +1,41 @@`
		`+ From 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
		`+ Date: Wed, 23 Nov 2022 16:09:56 +0100`
		`+ Subject: [PATCH 2/2] pam: add a call to pam_namespace`
		`+`
		`+ A call to pam_namespace is required so that children of user@.service end up in`
		`+ a namespace as expected. pam_namespace gets called as part of the stack that`
		`+ creates a session (login, sshd, gdm, etc.) and those processes end up in a`
		`+ namespace, but it also needs to be called from our stack which is parallel and`
		`+ descends from pid1 itself.`
		`+`
		`+ The call to pam_namespace is similar to the call to pam_keyinit that was added`
		`+ in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service`
		`+ creates a new session which is disconnected from the parent environment. Both`
		`+ calls are not suitable for inclusion in the shared part of the stack (e.g.`
		`+ @system-auth on Fedora/RHEL systems), because for example su/sudo/runuser`
		`+ should not include them.`
		`+`
		`+ Fixes #17043 (Allow to execute user service into dedicated namespace`
		`+ if pam_namespace enabled)`
		`+ Related to https://bugzilla.redhat.com/show_bug.cgi?id=1861836`
		`+ (Polyinstantiation is ignored/bypassed in GNOME sessions)`
		`+ ---`
		`+ src/login/systemd-user.in \| 1 +`
		`+ 1 file changed, 1 insertion(+)`
		`+`
		`+ diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in`
		`+ index d5597d28cb..06f7e36458 100644`
		`+ --- a/src/login/systemd-user.in`
		`+ +++ b/src/login/systemd-user.in`
		`+ @@ -15,6 +15,7 @@ session required pam_selinux.so nottys open`
		`+ {% endif %}`
		`+ session required pam_loginuid.so`
		`+ session optional pam_keyinit.so force revoke`
		`+ +session required pam_namespace.so`
		`+ {% if ENABLE_HOMED %}`
		`+ -session optional pam_systemd_home.so`
		`+ {% endif %}`
		`+ --`
		`+ 2.38.1`
		`+`

0003-pam-actually-align-the-columns.patch

file added

+47

		`@@ -0,0 +1,47 @@`
		`+ From 369dfbf43a0064b70a774ccdd3dd1c1a09fd95ca Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
		`+ Date: Wed, 14 Dec 2022 22:23:31 +0100`
		`+ Subject: [PATCH 3/4] pam: actually align the columns`
		`+`
		`+ In 9efb224443d819b7d64ec76cb94c8aa625a8abf2 was supposed to align`
		`+ them, but for some reason I just added a second space everywhere.`
		`+ ---`
		`+ src/login/systemd-user.in \| 18 +++++++++---------`
		`+ 1 file changed, 9 insertions(+), 9 deletions(-)`
		`+`
		`+ diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in`
		`+ index 06f7e36458..9a665bd959 100644`
		`+ --- a/src/login/systemd-user.in`
		`+ +++ b/src/login/systemd-user.in`
		`+ @@ -4,19 +4,19 @@`
		`+ # Used by systemd --user instances.`
		`+`
		`+ {% if ENABLE_HOMED %}`
		`+ --account sufficient pam_systemd_home.so`
		`+ +-account sufficient pam_systemd_home.so`
		`+ {% endif %}`
		`+ account sufficient pam_unix.so no_pass_expiry`
		`+ -account required pam_permit.so`
		`+ +account required pam_permit.so`
		`+`
		`+ {% if HAVE_SELINUX %}`
		`+ -session required pam_selinux.so close`
		`+ -session required pam_selinux.so nottys open`
		`+ +session required pam_selinux.so close`
		`+ +session required pam_selinux.so nottys open`
		`+ {% endif %}`
		`+ -session required pam_loginuid.so`
		`+ -session optional pam_keyinit.so force revoke`
		`+ -session required pam_namespace.so`
		`+ +session required pam_loginuid.so`
		`+ +session optional pam_keyinit.so force revoke`
		`+ +session required pam_namespace.so`
		`+ {% if ENABLE_HOMED %}`
		`+ --session optional pam_systemd_home.so`
		`+ +-session optional pam_systemd_home.so`
		`+ {% endif %}`
		`+ -session optional pam_systemd.so`
		`+ +session optional pam_systemd.so`
		`+ --`
		`+ 2.38.1`
		`+`

10-oomd-per-slice-defaults.conf ~~10-oomd-user-service-defaults.conf~~

file renamed

+1 -1

		`@@ -1,3 +1,3 @@`
		`- [Service]`
		`+ [Slice]`
		`ManagedOOMMemoryPressure=kill`
		`ManagedOOMMemoryPressureLimit=50%`

10-oomd-root-slice-defaults.conf

file removed

-2

		`@@ -1,2 +0,0 @@`
		`- [Slice]`
		`- ManagedOOMSwap=kill`

changelog

file added

+2464

The added file is too large to be shown here, see it at: changelog

f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch

file removed

-129

		`@@ -1,129 +0,0 @@`
		`- From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
		`- Date: Mon, 14 Sep 2020 17:58:03 +0200`
		`- Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()`
		`-`
		`- https://bugzilla.redhat.com/show_bug.cgi?id=1803070`
		`-`
		`- I think this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different`
		`- than the one we get from /proc/self/fdinfo/. This only matters when both statx and`
		`- name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:`
		`-`
		`- (gdb) !uname -r`
		`- 5.6.19-200.fc31.ppc64le`
		`-`
		`- (gdb) !cat /proc/self/mountinfo`
		`- 697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota`
		`- 698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota`
		`- 699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota`
		`- 700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================`
		`- 701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel`
		`- 702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw`
		`- 703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel`
		`- 705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666`
		`- 706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755`
		`- 720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel`
		`- 725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw`
		`- 603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw`
		`- 604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw`
		`- 610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw`
		`- 611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw`
		`- 612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw`
		`- 613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel`
		`- 614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate`
		`- 615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`- 617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755`
		`-`
		`- The test process does`
		`- name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then`
		`- openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then`
		`- read(open("/proc/self/fdinfo/4", ...)) which gives`
		`- "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"`
		`-`
		`- and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.`
		`-`
		`- We could either drop the fallback path (and fail name_to_handle_at() is not`
		`- avaliable) or ignore the error in the test. Not sure what is better. I think`
		`- this issue only occurs sometimes and with older kernels, so probably continuing`
		`- with the current flaky implementation is better than ripping out the fallback.`
		`-`
		`- Another strace:`
		`- writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603`
		`- ) = 28`
		`- name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0`
		`- writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697`
		`- ) = 20`
		`- name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0`
		`- writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605`
		`- ) = 30`
		`- name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0`
		`- writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703`
		`- ) = 23`
		`- name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)`
		`- openat(AT_FDCWD, "/proc/filesystems", O_RDONLY\|O_NOFOLLOW\|O_CLOEXEC\|O_PATH) = 4</proc/filesystems>`
		`- openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY\|O_CLOEXEC) = 5</proc/20/fdinfo/4>`
		`- fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG\|0400, st_size=0, ...}) = 0`
		`- fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG\|0400, st_size=0, ...}) = 0`
		`- read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36`
		`- read(5</proc/20/fdinfo/4>, "", 1024) = 0`
		`- close(5</proc/20/fdinfo/4>) = 0`
		`- close(4</proc/filesystems>) = 0`
		`- writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725`
		`- ) = 42`
		`- writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc`
		`- ) = 39`
		`- writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.`
		`- ) = 109`
		`- rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0`
		`- rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0`
		`- getpid() = 20`
		`- gettid() = 20`
		`- tgkill(20, 20, SIGABRT) = 0`
		`- rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0`
		`- --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---`
		`- +++ killed by SIGABRT (core dumped) +++`
		`- ---`
		`- src/test/test-mountpoint-util.c \| 8 ++++++--`
		`- 1 file changed, 6 insertions(+), 2 deletions(-)`
		`-`
		`- diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c`
		`- index 30b00ae4d8b..ffe5144b04a 100644`
		`- --- a/src/test/test-mountpoint-util.c`
		`- +++ b/src/test/test-mountpoint-util.c`
		`- @@ -89,8 +89,12 @@ static void test_mnt_id(void) {`
		`- /* The ids don't match? If so, then there are two mounts on the same path, let's check if`
		`- * that's really the case */`
		`- char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));`
		`- - log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);`
		`- - assert_se(path_equal(p, t));`
		`- + log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);`
		`- +`
		`- + if (!path_equal(p, t))`
		`- + /* Apparent kernel bug in /proc/self/fdinfo */`
		`- + log_warning("Bad mount id given for %s: %d, should be %d",`
		`- + p, mnt_id2, mnt_id);`
		`- }`
		`- }`
		`-`

fedora-use-system-auth-in-pam-systemd-user.patch

file added

+31

		`@@ -0,0 +1,31 @@`
		`+ From 4e6479054ae2090b99a50d6ae954d22efc8340a0 Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
		`+ Date: Wed, 14 Dec 2022 22:24:53 +0100`
		`+ Subject: [PATCH 4/4] fedora: use system-auth in pam systemd-user`
		`+`
		`+ ---`
		`+ src/login/systemd-user.in \| 4 ++--`
		`+ 1 file changed, 2 insertions(+), 2 deletions(-)`
		`+`
		`+ diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in`
		`+ index 9a665bd959..703a4b3174 100644`
		`+ --- a/src/login/systemd-user.in`
		`+ +++ b/src/login/systemd-user.in`
		`+ @@ -7,7 +7,7 @@`
		`+ -account sufficient pam_systemd_home.so`
		`+ {% endif %}`
		`+ account sufficient pam_unix.so no_pass_expiry`
		`+ -account required pam_permit.so`
		`+ +account include system-auth`
		`+`
		`+ {% if HAVE_SELINUX %}`
		`+ session required pam_selinux.so close`
		`+ @@ -19,4 +19,4 @@ session required pam_namespace.so`
		`+ {% if ENABLE_HOMED %}`
		`+ -session optional pam_systemd_home.so`
		`+ {% endif %}`
		`+ -session optional pam_systemd.so`
		`+ +session include system-auth`
		`+ --`
		`+ 2.38.1`
		`+`

sources

file modified

+2 -2

		`@@ -1,2 +1,2 @@`
		`- SHA512 (systemd-hs-251.4.tar.gz) = b67db5fcf6e83500dc69095641344bcc450b102a59e727cc98e3db37c43c6005a886e8081c42ec0b980a7892549a815dff0db454a1b5000e2f844587014a2194`
		`- SHA512 (systemd-hs+fb-251.4.tar.gz) = b79274c6e7293fd43a1a90c3fa154b19f921e93341be6664977b7d0dc31dbb3552fd624432aff6cc33234ecf9ff6e6ed41a764b832ac2652fa66c3a98aa70f25`
		`+ SHA512 (systemd-hs-252.4.tar.gz) = 81d249262de886492582ee0c2c5ea68e0b5a7ce9c047ccbdd0bb0b028090c9ba9d31e0297d4f550192ffdde88e8f0664752f8e149c86d323a7aa0b3a5ac97c83`
		`+ SHA512 (systemd-hs+fb-252.4.tar.gz) = 658eedf146dbcf5e0866145c4524252ff49eb89e98c2f93ad4c5181f10f7ebb8e65f7d4e9a238267f878c3d59baa45c733e965babbcd614a29e6f6818a1343cb`

split-files.py

file modified

+7 -1

		`@@ -18,6 +18,7 @@`

		`o_libs = open('.file-list-libs', 'w')`
		`o_udev = open('.file-list-udev', 'w')`
		`+ o_boot = open('.file-list-boot', 'w')`
		`o_pam = open('.file-list-pam', 'w')`
		`o_rpm_macros = open('.file-list-rpm-macros', 'w')`
		`o_devel = open('.file-list-devel', 'w')`
		`@@ -133,8 +134,10 @@`
		`integritysetup\|`
		`integritytab\|`
		`remount-fs\|`
		`+ /initrd\|`
		`+ systemd-pcrphase\|`
		`+ systemd-measure\|`
		`/boot$\|`
		`- /boot/efi\|`
		`/kernel/\|`
		`/kernel$\|`
		`/modprobe.d\|`
		`@@ -148,6 +151,9 @@`
		`# confused if those user-facing binaries are not available.`
		`o = o_udev`

		`+ elif re.search(r'''/boot/efi''', n, re.X):`
		`+ o = o_boot`
		`+`
		`elif re.search(r'''resolved\|resolve1\|`
		`systemd-resolve\|`
		`resolvconf\|`

systemd-user

file removed

-14

		`@@ -1,14 +0,0 @@`
		`- # This file is part of systemd.`
		`- #`
		`- # Used by systemd --user instances.`
		`-`
		`- -account sufficient pam_systemd_home.so`
		`- account sufficient pam_unix.so no_pass_expiry`
		`- account include system-auth`
		`-`
		`- session required pam_selinux.so close`
		`- session required pam_selinux.so nottys open`
		`- session required pam_loginuid.so`
		`- session required pam_namespace.so`
		`- -session optional pam_systemd_home.so`
		`- session include system-auth`

systemd.spec

file modified

+140 -61

		`@@ -4,9 +4,9 @@`
		`%global stable 1`

		`%if 0%{?facebook}`
		`- %global hs_commit dba72c9e632a7dd5033c231f643dc5813440cf3f`
		`+ %global hs_commit 6f34e02bc885d5bf248eac0914e4605380ef82c9`
		`%else`
		`- %global hs_commit c5440c321fb3a19bef85c2d905e86aafe94afcf6`
		`+ %global hs_commit ab2623c42b43d997d5ccd1d3f1f7a224b09245d8`
		`%endif`

		`# We ship a .pc file but don't want to have a dep on pkg-config. We`
		`@@ -42,8 +42,8 @@`
		`Name: systemd`
		`Url: https://pagure.io/centos-sig-hyperscale/systemd`
		`%if %{without inplace}`
		`- Version: 251.4`
		`- Release: 1.3%{?dist}`
		`+ Version: 252.4`
		`+ Release: 598.6%{?dist}`
		`%else`
		`# determine the build information from local checkout`
		`Version: %(tools/meson-vcs-tag.sh . error \| sed -r 's/-([0-9])/.^\1/; s/-g/_g/')`
		`@@ -65,14 +65,16 @@`
		`# Prevent accidental removal of the systemd package`
		`Source4: yum-protect-systemd.conf`

		`+ Source5: inittab`
		`+ Source6: sysctl.conf.README`
		`+ Source7: systemd-journal-remote.xml`
		`+ Source8: systemd-journal-gatewayd.xml`
		`Source9: 20-yama-ptrace.conf`
		`Source10: systemd-udev-trigger-no-reload.conf`
		`- Source12: systemd-user`
		`Source13: libsystemd-shared.abignore`

		`Source14: 10-oomd-defaults.conf`
		`- Source15: 10-oomd-root-slice-defaults.conf`
		`- Source16: 10-oomd-user-service-defaults.conf`
		`+ Source15: 10-oomd-per-slice-defaults.conf`

		`Source21: macros.sysusers`
		`Source22: sysusers.attr`
		`@@ -96,13 +98,15 @@`
		`# than in the next section. Packit CI will drop any patches in this range before`
		`# applying upstream pull requests.`

		`+ Patch0001: 0001-pam-align-second-and-third-columns.patch`
		`+ Patch0002: 0002-pam-add-a-call-to-pam_namespace.patch`
		`+ Patch0003: 0003-pam-actually-align-the-columns.patch`

		`# Those are downstream-only patches, but we don't want them in packit builds:`
		`# https://bugzilla.redhat.com/show_bug.cgi?id=1738828`

		`- # Other downstream-only patches (5000–9999)`
		`- # https://github.com/systemd/systemd/pull/17050`
		`- Patch0501: https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch`
		`+ # Adjust upstream config to use our shared stack`
		`+ Patch0491: fedora-use-system-auth-in-pam-systemd-user.patch`

		`%ifarch %{ix86} x86_64 aarch64`
		`%global have_gnu_efi 1`
		`@@ -141,9 +145,11 @@`
		`BuildRequires: elfutils-devel`
		`BuildRequires: openssl-devel`
		`BuildRequires: gnutls-devel`
		`+ BuildRequires: qrencode-devel`
		`BuildRequires: libmicrohttpd-devel`
		`BuildRequires: libxkbcommon-devel`
		`BuildRequires: iptables-devel`
		`+ BuildRequires: pkgconfig(libfido2)`
		`BuildRequires: pkgconfig(tss2-esys)`
		`BuildRequires: pkgconfig(tss2-rc)`
		`BuildRequires: pkgconfig(tss2-mu)`
		`@@ -156,9 +162,10 @@`
		`BuildRequires: gawk`
		`BuildRequires: tree`
		`BuildRequires: hostname`
		`- BuildRequires: python3-devel`
		`- BuildRequires: python3-lxml`
		`- BuildRequires: python3-jinja2`
		`+ BuildRequires: python3`
		`+ BuildRequires: python3dist(lxml)`
		`+ BuildRequires: python3dist(jinja2)`
		`+ BuildRequires: firewalld-filesystem`
		`%if 0%{?have_gnu_efi}`
		`BuildRequires: gnu-efi gnu-efi-devel`
		`%endif`
		`@@ -178,7 +185,6 @@`
		`%ifnarch %ix86`
		`# bpftool is not built for i368`
		`BuildRequires: bpftool`
		`- BuildRequires: llvm-toolset`
		`%global have_bpf 1`
		`%endif`

		`@@ -194,7 +200,7 @@`
		`%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}}`
		`Recommends: diffutils`
		`Requires: (util-linux-core or util-linux)`
		`- Recommends: libxkbcommon%{?_isa}`
		`+ Recommends: libxkbcommon%{_isa}`
		`Provides: /bin/systemctl`
		`Provides: /sbin/shutdown`
		`Provides: syslog`
		`@@ -300,12 +306,11 @@`
		`%package devel`
		`Summary: Development headers for systemd`
		`License: LGPLv2+ and MIT`
		`- Requires: %{name}-libs%{?_isa} = %{version}-%{release}`
		`+ Requires: %{name}-libs%{_isa} = %{version}-%{release}`
		`+ Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build)`
		`Provides: libudev-devel = %{version}`
		`Provides: libudev-devel%{_isa} = %{version}`
		`Obsoletes: libudev-devel < 183`
		`- # Fake dependency to make sure systemd-pam is pulled into multilib (#1414153)`
		`- Requires: %{name}-pam = %{version}-%{release}`

		`%description devel`
		`Development headers and auxiliary files for developing applications linking`
		`@@ -315,7 +320,7 @@`
		`Summary: Rule-based device node and kernel event manager`
		`License: LGPLv2+`

		`- Requires: systemd%{?_isa} = %{version}-%{release}`
		`+ Requires: systemd%{_isa} = %{version}-%{release}`
		`Requires(post): systemd`
		`Requires(preun): systemd`
		`Requires(postun): systemd`
		`@@ -328,14 +333,9 @@`
		`Provides: udev = %{version}`
		`Provides: udev%{_isa} = %{version}`
		`Obsoletes: udev < 183`
		`- %if 0%{?facebook} == 0`
		`- Conflicts: systemd-boot < %{version}-%{release}`
		`- Obsoletes: systemd-boot < %{version}-%{release}`
		`- Provides: systemd-boot = %{version}-%{release}`
		`Conflicts: systemd-timesyncd < %{version}-%{release}`
		`Obsoletes: systemd-timesyncd < %{version}-%{release}`
		`Provides: systemd-timesyncd = %{version}-%{release}`
		`- %endif`

		`# Recommends to replace normal Requires deps for stuff that is dlopen()ed`
		`# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home`
		`@@ -373,10 +373,32 @@`
		`It also contains tools to manage encrypted home areas and secrets bound to the`
		`machine, and to create or grow partitions and make file systems automatically.`

		`+ %if 0%{?have_gnu_efi}`
		`+ %package boot-unsigned`
		`+ Summary: UEFI boot manager (unsigned version)`
		`+`
		`+ Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release`
		`+ Provides: systemd-boot = %version-%release`
		`+ Provides: systemd-boot%{_isa} = %version-%release`
		`+ Conflicts: systemd-boot < %{version}-%{release}`
		`+ Obsoletes: systemd-boot < %{version}-%{release}`
		`+`
		`+ # self-obsoletes to install both packages after split of systemd-boot`
		`+ Obsoletes: systemd-udev < 252.2^`
		`+`
		`+ %description boot-unsigned`
		`+ systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a`
		`+ graphical menu to select the entry to boot and an editor for the kernel command`
		`+ line. systemd-boot supports systems with UEFI firmware only.`
		`+`
		`+ This package contains the unsigned version. Install systemd-boot instead to get`
		`+ the version that works with Secure Boot.`
		`+ %endif`
		`+`
		`%package container`
		`# Name is the same as in Debian`
		`Summary: Tools for containers and VMs`
		`- Requires: %{name}%{?_isa} = %{version}-%{release}`
		`+ Requires: %{name}%{_isa} = %{version}-%{release}`
		`Requires(post): systemd`
		`Requires(preun): systemd`
		`Requires(postun): systemd`
		`@@ -395,8 +417,9 @@`
		`%package journal-remote`
		`# Name is the same as in Debian`
		`Summary: Tools to send journal events over the network`
		`- Requires: %{name}%{?_isa} = %{version}-%{release}`
		`+ Requires: %{name}%{_isa} = %{version}-%{release}`
		`License: LGPLv2+`
		`+ Requires: firewalld-filesystem`
		`Provides: %{name}-journal-gateway = %{version}-%{release}`
		`Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release}`
		`Obsoletes: %{name}-journal-gateway < 227-7`
		`@@ -412,7 +435,7 @@`

		`%package networkd`
		`Summary: System daemon that manages network configurations`
		`- Requires: %{name}%{?_isa} = %{version}-%{release}`
		`+ Requires: %{name}%{_isa} = %{version}-%{release}`
		`License: LGPLv2+`
		`%if 0%{?facebook} == 0`
		`# https://src.fedoraproject.org/rpms/systemd/pull-request/34`
		`@@ -426,7 +449,7 @@`

		`%package resolved`
		`Summary: Network Name Resolution manager`
		`- Requires: %{name}%{?_isa} = %{version}-%{release}`
		`+ Requires: %{name}%{_isa} = %{version}-%{release}`
		`%if 0%{?facebook} == 0`
		`Obsoletes: %{name} < 249~~`
		`%endif`
		`@@ -451,7 +474,7 @@`

		`%package tests`
		`Summary: Internal unit tests for systemd`
		`- Requires: %{name}%{?_isa} = %{version}-%{release}`
		`+ Requires: %{name}%{_isa} = %{version}-%{release}`
		`License: LGPLv2+`

		`%description tests`
		`@@ -507,11 +530,6 @@`
		`cp %SOURCE100 %SOURCE101 %SOURCE102 selinux`
		`%endif`

		`- test -f src/login/systemd-user.in`
		`- # Restore systemd-user pam config from before "removal of Fedora-specific bits".`
		`- # We'll systemd process it and install in the right place.`
		`- cp %{SOURCE12} src/login/systemd-user.in`
		`-`
		`%build`
		`%global ntpvendor %(source /etc/os-release; echo ${ID})`
		`%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}`
		`@@ -560,24 +578,22 @@`
		`%endif`
		`-Delfutils=true`
		`-Dpwquality=true`
		`- # C8S only ships v3.4.4 whereas v4 is required`
		`- -Dqrencode=false`
		`+ -Dqrencode=true`
		`-Dgnutls=true`
		`-Dmicrohttpd=true`
		`-Dlibidn2=true`
		`-Dlibiptc=false`
		`-Dlibcurl=true`
		`- # Not available in EPEL 8 yet (https://bugzilla.redhat.com/show_bug.cgi?id=2059387)`
		`- -Dlibfido2=false`
		`+ -Dlibfido2=true`
		`-Defi=true`
		`-Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false}`
		`-Dtpm=true`
		`-Dtpm2=true`
		`-Dhwdb=true`
		`-Dsysusers=true`
		`- # Standalone binaries are only relevant on non-systemd systems`
		`- -Dstandalone-binaries=false`
		`+ -Dstandalone-binaries=true`
		`-Ddefault-kill-user-processes=false`
		`+ -Dfirst-boot-full-preset=true`
		`-Dtests=unsafe`
		`-Dinstall-tests=true`
		`-Dtty-gid=5`
		`@@ -598,11 +614,7 @@`
		`-Dversion-tag=v%{version}-%{release}`
		`# https://bugzilla.redhat.com/show_bug.cgi?id=1906010`
		`-Dshared-lib-tag=%{version}-%{release}`
		`- %if 0%{?fedora}`
		`- -Dfallback-hostname=fedora`
		`- %else`
		`- -Dfallback-hostname=localhost`
		`- %endif`
		`+ -Dfallback-hostname="localhost"`
		`-Ddefault-dnssec=no`
		`-Ddefault-dns-over-tls=no`
		`# https://bugzilla.redhat.com/show_bug.cgi?id=1867830`
		`@@ -634,13 +646,6 @@`
		`# -Dsystemd-timesync-uid=, not set yet`
		`# Need to set this for CentOS build`
		`-Ddocdir=%{_pkgdocdir}`
		`- # These aren't as relevant for the hyperscale use case`
		`- -Duserdb=false`
		`- -Dhomed=false`
		`- # Old version of PAM might not support files in /usr/lib/pam.d/ so`
		`- # stick with the old /etc/pam.d`
		`- -Dpamconfdir=/etc/pam.d`
		`- -Dpcre2=true`
		`)`

		`%if 0%{?facebook}`
		`@@ -691,7 +696,11 @@`
		`touch %{buildroot}/etc/crypttab`
		`chmod 600 %{buildroot}/etc/crypttab`

		`+ # /etc/initab`
		`+ install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5}`
		`+`
		`# /etc/sysctl.conf compat`
		`+ install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf`
		`ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf`

		`# Make sure these directories are properly owned`
		`@@ -746,6 +755,8 @@`
		`# Install yum protection fragment`
		`install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf`

		`+ install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8}`
		`+`
		`# Install additional docs`
		`# https://bugzilla.redhat.com/show_bug.cgi?id=1234951`
		`install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}`
		`@@ -759,8 +770,9 @@`

		`# systemd-oomd default configuration`
		`install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}`
		`- install -Dm0644 -t %{buildroot}%{system_unit_dir}/-.slice.d/ %{SOURCE15}`
		`- install -Dm0644 -t %{buildroot}%{system_unit_dir}/user@.service.d/ %{SOURCE16}`
		`+ install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15}`
		`+ install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}`
		`+ install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}`

		`sed -i 's\|#!/usr/bin/env python3\|#!%{__python3}\|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py`

		`@@ -776,7 +788,7 @@`
		`# here.`
		`python3 %{SOURCE2} %buildroot "%{rhel}" <<EOF`
		`%ghost %config(noreplace) /etc/crypttab`
		`- %ghost /etc/udev/hwdb.bin`
		`+ %ghost %attr(0444,root,root) /etc/udev/hwdb.bin`
		`/etc/inittab`
		`/usr/lib/systemd/purge-nobody-user`
		`%ghost %config(noreplace) /etc/vconsole.conf`
		`@@ -802,7 +814,7 @@`
		`%ghost %dir /var/lib/systemd/coredump`
		`%ghost /var/lib/systemd/journal-upload`
		`%ghost %dir /var/lib/systemd/linger`
		`- %ghost /var/lib/systemd/random-seed`
		`+ %ghost %attr(0600,root,root) /var/lib/systemd/random-seed`
		`%ghost %dir /var/lib/systemd/rfkill`
		`%ghost %dir %verify(not mode group) /var/log/journal`
		`%ghost %dir /var/log/journal/remote`
		`@@ -897,6 +909,22 @@`
		`# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)`
		`# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec`

		`+ %triggerun resolved -- systemd < 246.1-1`
		`+ # This is for upgrades from previous versions before systemd-resolved became the default.`
		`+ systemctl --no-reload preset systemd-resolved.service &>/dev/null \|\| :`
		`+`
		`+ if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then`
		`+ systemctl -q is-enabled NetworkManager.service 2>/dev/null && \`
		`+ ! test -L /etc/resolv.conf 2>/dev/null && \`
		`+ ! mountpoint /etc/resolv.conf &>/dev/null && \`
		`+ grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \`
		`+ echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \`
		`+ mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \`
		`+ ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null \|\| :`
		`+`
		`+ systemctl start systemd-resolved.service &>/dev/null \|\| :`
		`+ fi`
		`+`
		`%triggerpostun -- systemd < 247.3-2`
		`# This is for upgrades from previous versions before oomd-defaults is available.`
		`# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with`
		`@@ -944,6 +972,7 @@`
		`%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket`
		`%post journal-remote`
		`%systemd_post %journal_remote_units_restart %journal_remote_units_norestart`
		`+ %firewalld_reload`

		`%preun journal-remote`
		`%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart`
		`@@ -957,6 +986,7 @@`

		`%postun journal-remote`
		`%systemd_postun_with_restart %journal_remote_units_restart`
		`+ %firewalld_reload`

		`%post networkd`
		`# systemd-networkd was split out in systemd-246.6-2.`
		`@@ -996,6 +1026,8 @@`
		`[ $1 -eq 1 ] \|\| exit 0`
		`# Initial installation`

		`+ touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation`
		`+`
		`# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263`
		`if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then`
		`echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."`
		`@@ -1005,14 +1037,17 @@`
		`%systemd_post systemd-resolved.service`

		`%posttrans resolved`
		`- [ $1 -eq 1 ] \|\| exit 0`
		`+ [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] \|\| exit 0`
		`+ rm %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation`
		`# Initial installation`

		`# Create /etc/resolv.conf symlink.`
		`- # We would also create it using tmpfiles, but let's do this here`
		`- # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above`
		`- # does not do this, because it's marked with ! and we don't specify --boot.)`
		`- # https://bugzilla.redhat.com/show_bug.cgi?id=1873856`
		`+ # (https://bugzilla.redhat.com/show_bug.cgi?id=1873856)`
		`+ #`
		`+ # We would also create it using tmpfiles, but let's do this here too`
		`+ # before NetworkManager gets a chance. (systemd-tmpfiles invocation`
		`+ # above does not do this, because the line is marked with ! and`
		`+ # tmpfiles is invoked without --boot in the scriptlet.)`
		`#`
		`# Create the symlink if nothing is present yet.`
		`# (https://bugzilla.redhat.com/show_bug.cgi?id=2032085)`
		`@@ -1093,6 +1128,10 @@`

		`%files udev -f .file-list-udev`

		`+ %if 0%{?have_gnu_efi}`
		`+ %files boot-unsigned -f .file-list-boot`
		`+ %endif`
		`+`
		`%files container -f .file-list-container`
		`%ghost %dir %attr(0700,-,-) /var/lib/machines`

		`@@ -1104,6 +1143,10 @@`

		`%files tests -f .file-list-tests`

		`+ %files standalone-tmpfiles -f .file-list-standalone-tmpfiles`
		`+`
		`+ %files standalone-sysusers -f .file-list-standalone-sysusers`
		`+`
		`%if %{with selinux}`
		`%files selinux`
		`%{_datadir}/selinux/devel/include/contrib/systemd_hs.if`
		`@@ -1112,15 +1155,51 @@`

		`%changelog`

		`+ * Wed Jan 04 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-598.6`
		`+ - Bump release for 252.4`
		`+ - Sync from rawhide`
		`+ - Build with libqrencode`
		`+ - Build with libfido2`
		`+ - Build with homed/userdb`
		`+ - Drop pam config directory override`
		`+ - Use python3dist() where applicable`
		`+ - Drop llvm-toolset in favor of having systemd use bpftool gen object`
		`+ - Add back standalone binary packages`
		`+`
		`* Wed Aug 31 2022 Anita Zhang <the.anitazha@gmail.com> - 251.4-1.3`
		`- Fix split-files.py regex for networkd files on non-C8`

		`+ * Fri Aug 19 2022 Neal Gompa <ngompa@fedoraproject.org> - 251.4-53`
		`+ - Set compile-time fallback hostname to "localhost"`
		`+ https://fedoraproject.org/wiki/Changes/FallbackHostname`
		`+`
		`+ * Thu Aug 18 2022 Kalev Lember <klember@redhat.com> - 251.4-52`
		`+ - Avoid requiring systemd-pam from -devel subpackage`
		`+`
		`* Thu Aug 18 2022 Anita Zhang <the.anitazha@gmail.com> - 251.4-1.2`
		`- Revert 32-bit offsets journal commit from hs+fb build`

		`* Tue Aug 16 2022 Anita Zhang <the.anitazha@gmail.com> - 251.4-1.1`
		`- Bump release for 251.4`

		`+ * Tue Aug 09 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 251.4-51`
		`+ - Manually bump release version for rpmautospec`
		`+`
		`+ * Tue Aug 09 2022 Luca BRUNO <lucab@lucabruno.net> - 251.4-26`
		`+ - Align sysusers-generated shell value with upstream systemd default`
		`+`
		`+ * Tue Aug 09 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 251.4-2`
		`+ - Backport patches and do a full preset on first boot (#2114065,`
		`+ https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot)`
		`+`
		`+ * Mon Aug 08 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 251.4-1`
		`+ - Version 251.4 (fixes rhbz#2112551)`
		`+ - A bunch of fixes to documentation, crashes in systemd-resolved,`
		`+ systemd-networkd, systemd itself, and other smaller fixes.`
		`+`
		`+ * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 251.3-2`
		`+ - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild`
		`+`
		`* Thu Jul 21 2022 Anita Zhang <the.anitazha@gmail.com> - 251.3-1.1`
		`- Sync changes from Fedora for new release`

sysusers.generate-pre.sh

file modified

+75 -58

		`@@ -1,79 +1,96 @@`
		`#!/bin/bash`
		`+ # -- mode: shell-script; indent-tabs-mode: true; tab-width: 4; --`

		`# This script turns sysuser.d files into scriptlets mandated by Fedora`
		`# packaging guidelines. The general idea is to define users using the`
		`# declarative syntax but to turn this into traditional scriptlets.`

		`user() {`
		`- user="$1"`
		`- uid="$2"`
		`- desc="$3"`
		`- group="$4"`
		`- home="$5"`
		`- shell="$6"`
		`+ user="$1"`
		`+ uid="$2"`
		`+ desc="$3"`
		`+ group="$4"`
		`+ home="$5"`
		`+ shell="$6"`

		`- [ "$desc" = '-' ] && desc=`
		`- { [ "$home" = '-' ] \|\| [ "$home" = '' ]; } && home=/`
		`- { [ "$shell" = '-' ] \|\| [ "$shell" = '' ]; } && shell=/sbin/nologin`
		`+ [ "$desc" = '-' ] && desc=`
		`+ { [ "$home" = '-' ] \|\| [ "$home" = '' ]; } && home=/`
		`+ { [ "$shell" = '-' ] \|\| [ "$shell" = '' ]; } && shell=/usr/sbin/nologin`

		`- if [ "$uid" = '-' ] \|\| [ "$uid" = '' ]; then`
		`- cat <<EOF`
		`- getent passwd '$user' >/dev/null \|\| \\`
		`- useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' \|\| :`
		`- EOF`
		`- else`
		`- cat <<EOF`
		`- if ! getent passwd '$user' >/dev/null; then`
		`- if ! getent passwd '$uid' >/dev/null; then`
		`- useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' \|\| :`
		`- else`
		`- useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user' \|\| :`
		`- fi`
		`- fi`
		`+ if [ "$uid" = '-' ] \|\| [ "$uid" = '' ]; then`
		`+ cat <<-EOF`
		`+ getent passwd '$user' >/dev/null \|\| \\`
		`+ useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' \|\| :`
		`+ EOF`
		`+ else`
		`+ cat <<-EOF`
		`+ if ! getent passwd '$user' >/dev/null; then`
		`+ if ! getent passwd '$uid' >/dev/null; then`
		`+ useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' \|\| :`
		`+ else`
		`+ useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' \|\| :`
		`+ fi`
		`+ fi`

		`- EOF`
		`- fi`
		`+ EOF`
		`+ fi`
		`}`

		`group() {`
		`- group="$1"`
		`- gid="$2"`
		`- if [ "$gid" = '-' ]; then`
		`- cat <<-EOF`
		`- getent group '$group' >/dev/null \|\| groupadd -r '$group' \|\| :`
		`- EOF`
		`- else`
		`- cat <<-EOF`
		`- getent group '$group' >/dev/null \|\| groupadd -f -g '$gid' -r '$group' \|\| :`
		`+ group="$1"`
		`+ gid="$2"`
		`+`
		`+ if [ "$gid" = '-' ]; then`
		`+ cat <<-EOF`
		`+ getent group '$group' >/dev/null \|\| groupadd -r '$group' \|\| :`
		`+ EOF`
		`+ else`
		`+ cat <<-EOF`
		`+ getent group '$group' >/dev/null \|\| groupadd -f -g '$gid' -r '$group' \|\| :`
		`+ EOF`
		`+ fi`
		`+ }`
		`+`
		`+ usermod() {`
		`+ user="$1"`
		`+ group="$2"`
		`+`
		`+ cat <<-EOF`
		`+ if getent group '$group' >/dev/null; then`
		`+ usermod -a -G '$group' '$user' \|\| :`
		`+ fi`
		`EOF`
		`- fi`
		`}`

		`parse() {`
		`- while read -r line \|\| [ -n "$line" ] ; do`
		`- { [ "${line:0:1}" = '#' ] \|\| [ "${line:0:1}" = ';' ]; } && continue`
		`- line="${line## *}"`
		`- [ -z "$line" ] && continue`
		`- eval "arr=( $line )"`
		`- case "${arr[0]}" in`
		`- ('u')`
		`- group "${arr[1]}" "${arr[2]}"`
		`- user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"`
		`- # TODO: user:group support`
		`- ;;`
		`- ('g')`
		`- group "${arr[1]}" "${arr[2]}"`
		`- ;;`
		`- ('m')`
		`- group "${arr[2]}" "-"`
		`- user "${arr[1]}" "-" "" "${arr[2]}"`
		`- ;;`
		`- esac`
		`- done`
		`+ while read -r line \|\| [ -n "$line" ] ; do`
		`+ { [ "${line:0:1}" = '#' ] \|\| [ "${line:0:1}" = ';' ]; } && continue`
		`+ line="${line## *}"`
		`+ [ -z "$line" ] && continue`
		`+ eval "arr=( $line )"`
		`+ case "${arr[0]}" in`
		`+ ('u')`
		`+ if [[ "${arr[2]}" == ":" ]]; then`
		`+ user "${arr[1]}" "${arr[2]%:}" "${arr[3]}" "${arr[2]#:}" "${arr[4]}" "${arr[5]}"`
		`+ else`
		`+ group "${arr[1]}" "${arr[2]}"`
		`+ user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"`
		`+ fi`
		`+ ;;`
		`+ ('g')`
		`+ group "${arr[1]}" "${arr[2]}"`
		`+ ;;`
		`+ ('m')`
		`+ group "${arr[2]}" "-"`
		`+ user "${arr[1]}" "-" "" "${arr[1]}" "" ""`
		`+ usermod "${arr[1]}" "${arr[2]}"`
		`+ ;;`
		`+ esac`
		`+ done`
		`}`

		`for fn in "$@"; do`
		`- [ -e "$fn" ] \|\| continue`
		`- echo "# generated from $(basename "$fn")"`
		`- parse <"$fn"`
		`+ [ -e "$fn" ] \|\| continue`
		`+ echo "# generated from $(basename "$fn")"`
		`+ parse <"$fn"`
		`done`

use-bfq-scheduler.patch

file modified

+7 -4

		`@@ -1,4 +1,4 @@`
		`- From 8a38bc402c8f7c656c7e356c37c432c7b3a8cd6f Mon Sep 17 00:00:00 2001`
		`+ From 1990fb757f6d275d807fcb48ad09f5fc7c947bc6 Mon Sep 17 00:00:00 2001`
		`From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>`
		`Date: Wed, 14 Aug 2019 15:57:42 +0200`
		`Subject: [PATCH] udev: use bfq as the default scheduler`
		`@@ -17,17 +17,17 @@`

		`diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules`
		`new file mode 100644`
		`- index 0000000000..480b941761`
		`+ index 0000000000..850b64540e`
		`--- /dev/null`
		`+++ b/rules.d/60-block-scheduler.rules`
		`@@ -0,0 +1,5 @@`
		`+# do not edit this file, it will be overwritten on update`
		`+`
		`- +ACTION=="add", SUBSYSTEM=="block", \`
		`+ +ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", \`
		`+ KERNEL=="mmcblk[0-9]\|msblk[0-9]\|mspblk[0-9]\|sd[!0-9]\|sr*", \`
		`+ ATTR{queue/scheduler}="bfq"`
		`diff --git a/rules.d/meson.build b/rules.d/meson.build`
		`- index a582e4e922..d300c382fc 100644`
		`+ index 8d2878a36d..a3b395c9ce 100644`
		`--- a/rules.d/meson.build`
		`+++ b/rules.d/meson.build`
		`@@ -8,6 +8,7 @@ rules = [`
		`@@ -38,3 +38,6 @@`
		`'60-drm.rules',`
		`'60-evdev.rules',`
		`'60-fido-id.rules',`
		`+ --`
		`+ 2.37.2`
		`+`