diff --git a/0001-pam-align-second-and-third-columns.patch b/0001-pam-align-second-and-third-columns.patch
deleted file mode 100644
index 8ab341b..0000000
--- a/0001-pam-align-second-and-third-columns.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 9efb224443d819b7d64ec76cb94c8aa625a8abf2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 23 Nov 2022 16:05:48 +0100
-Subject: [PATCH 1/2] pam: align second and third columns
-
-In our template file, we have jinja2 template markers, so the file
-looks fairly messy. But once it's rendered, it looks pretty clean, except
-that the columns are unaligned becuase of "-" in some lines in the first
-column. Let's make them aligned.
----
- src/login/systemd-user.in | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
-index 39bcbd71fe..d5597d28cb 100644
---- a/src/login/systemd-user.in
-+++ b/src/login/systemd-user.in
-@@ -4,18 +4,18 @@
- # Used by systemd --user instances.
-
- {% if ENABLE_HOMED %}
---account sufficient pam_systemd_home.so
-+-account sufficient pam_systemd_home.so
- {% endif %}
--account sufficient pam_unix.so no_pass_expiry
--account required pam_permit.so
-+account sufficient pam_unix.so no_pass_expiry
-+account required pam_permit.so
-
- {% if HAVE_SELINUX %}
--session required pam_selinux.so close
--session required pam_selinux.so nottys open
-+session required pam_selinux.so close
-+session required pam_selinux.so nottys open
- {% endif %}
--session required pam_loginuid.so
--session optional pam_keyinit.so force revoke
-+session required pam_loginuid.so
-+session optional pam_keyinit.so force revoke
- {% if ENABLE_HOMED %}
---session optional pam_systemd_home.so
-+-session optional pam_systemd_home.so
- {% endif %}
--session optional pam_systemd.so
-+session optional pam_systemd.so
---
-2.38.1
-
diff --git a/0002-pam-add-a-call-to-pam_namespace.patch b/0002-pam-add-a-call-to-pam_namespace.patch
deleted file mode 100644
index 51564d9..0000000
--- a/0002-pam-add-a-call-to-pam_namespace.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 23 Nov 2022 16:09:56 +0100
-Subject: [PATCH 2/2] pam: add a call to pam_namespace
-
-A call to pam_namespace is required so that children of user@.service end up in
-a namespace as expected. pam_namespace gets called as part of the stack that
-creates a session (login, sshd, gdm, etc.) and those processes end up in a
-namespace, but it also needs to be called from our stack which is parallel and
-descends from pid1 itself.
-
-The call to pam_namespace is similar to the call to pam_keyinit that was added
-in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service
-creates a new session which is disconnected from the parent environment. Both
-calls are not suitable for inclusion in the shared part of the stack (e.g.
-@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser
-should not include them.
-
-Fixes #17043 (Allow to execute user service into dedicated namespace
- if pam_namespace enabled)
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1861836
-(Polyinstantiation is ignored/bypassed in GNOME sessions)
----
- src/login/systemd-user.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
-index d5597d28cb..06f7e36458 100644
---- a/src/login/systemd-user.in
-+++ b/src/login/systemd-user.in
-@@ -15,6 +15,7 @@ session required pam_selinux.so nottys open
- {% endif %}
- session required pam_loginuid.so
- session optional pam_keyinit.so force revoke
-+session required pam_namespace.so
- {% if ENABLE_HOMED %}
- -session optional pam_systemd_home.so
- {% endif %}
---
-2.38.1
-
diff --git a/0003-pam-actually-align-the-columns.patch b/0003-pam-actually-align-the-columns.patch
deleted file mode 100644
index da4fcf2..0000000
--- a/0003-pam-actually-align-the-columns.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 369dfbf43a0064b70a774ccdd3dd1c1a09fd95ca Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 14 Dec 2022 22:23:31 +0100
-Subject: [PATCH 3/4] pam: actually align the columns
-
-In 9efb224443d819b7d64ec76cb94c8aa625a8abf2 was supposed to align
-them, but for some reason I just added a second space everywhere.
----
- src/login/systemd-user.in | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
-index 06f7e36458..9a665bd959 100644
---- a/src/login/systemd-user.in
-+++ b/src/login/systemd-user.in
-@@ -4,19 +4,19 @@
- # Used by systemd --user instances.
-
- {% if ENABLE_HOMED %}
---account sufficient pam_systemd_home.so
-+-account sufficient pam_systemd_home.so
- {% endif %}
- account sufficient pam_unix.so no_pass_expiry
--account required pam_permit.so
-+account required pam_permit.so
-
- {% if HAVE_SELINUX %}
--session required pam_selinux.so close
--session required pam_selinux.so nottys open
-+session required pam_selinux.so close
-+session required pam_selinux.so nottys open
- {% endif %}
--session required pam_loginuid.so
--session optional pam_keyinit.so force revoke
--session required pam_namespace.so
-+session required pam_loginuid.so
-+session optional pam_keyinit.so force revoke
-+session required pam_namespace.so
- {% if ENABLE_HOMED %}
---session optional pam_systemd_home.so
-+-session optional pam_systemd_home.so
- {% endif %}
--session optional pam_systemd.so
-+session optional pam_systemd.so
---
-2.38.1
-
diff --git a/10-map-count.conf b/10-map-count.conf
new file mode 100644
index 0000000..5cf5677
--- /dev/null
+++ b/10-map-count.conf
@@ -0,0 +1,3 @@
+# Increase the number of virtual memory areas that one process may request
+# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
+vm.max_map_count=1048576
diff --git a/10-oomd-per-slice-defaults.conf b/10-oomd-per-slice-defaults.conf
index fbf6f00..63d8162 100644
--- a/10-oomd-per-slice-defaults.conf
+++ b/10-oomd-per-slice-defaults.conf
@@ -1,3 +1,3 @@
[Slice]
ManagedOOMMemoryPressure=kill
-ManagedOOMMemoryPressureLimit=50%
+ManagedOOMMemoryPressureLimit=80%
diff --git a/10-timeout-abort.conf b/10-timeout-abort.conf
new file mode 100644
index 0000000..4852648
--- /dev/null
+++ b/10-timeout-abort.conf
@@ -0,0 +1,14 @@
+# This file is part of the systemd package.
+# See https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer.
+#
+# To facilitate debugging when a service fails to stop cleanly,
+# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
+# the time allotted. This will cause the service to be terminated with SIGABRT
+# and a coredump to be generated.
+#
+# To undo this configuration change, create a mask file:
+# sudo mkdir -p /etc/systemd/system/service.d
+# sudo ln -sv /dev/null /etc/systemd/system/service.d/10-timeout-abort.conf
+
+[Service]
+TimeoutStopFailureMode=abort
diff --git a/26494.patch b/26494.patch
new file mode 100644
index 0000000..19bc67b
--- /dev/null
+++ b/26494.patch
@@ -0,0 +1,30 @@
+From 6b25470ee28843a49c50442e9d8a98edc842ceca Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 20 Feb 2023 12:00:30 +0900
+Subject: [PATCH] core/manager: run generators directly when we are in initrd
+
+Some initrd system write files at ourside of /run, /etc, or other
+allowed places. This is a kind of workaround, but in most cases, such
+sandboxing is not necessary as the filesystem is on ramfs when we are in
+initrd.
+
+Fixes #26488.
+---
+ src/core/manager.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 7b394794b0d4..306477c6e6c2 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3822,8 +3822,8 @@ static int manager_run_generators(Manager *m) {
+ /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
+ * we are the user manager, let's just execute the generators directly. We might not have the
+ * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
+- */
+- if (MANAGER_IS_USER(m)) {
++ * If we are in initrd, let's also execute the generators directly, as we are in ramfs. */
++ if (MANAGER_IS_USER(m) || in_initrd()) {
+ r = manager_execute_generators(m, paths, /* remount_ro= */ false);
+ goto finish;
+ }
diff --git a/98-default-mac-none.link b/98-default-mac-none.link
new file mode 100644
index 0000000..8440f98
--- /dev/null
+++ b/98-default-mac-none.link
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: MIT-0
+#
+# This config file is installed as part of systemd.
+# It may be freely copied and edited (following the MIT No Attribution license).
+#
+# To make local modifications, one of the following methods may be used:
+# 1. add a drop-in file that extends this file by creating the
+# /etc/systemd/network/98-default-mac-none.link.d/ directory and creating a
+# new .conf file there.
+# 2. copy this file into /etc/systemd/network or one of the other paths checked
+# by systemd-udevd and edit it there.
+# This file should not be edited in place, because it'll be overwritten on upgrades.
+
+[Match]
+Kind=bridge bond team
+
+[Link]
+NamePolicy=keep kernel database onboard slot path
+AlternativeNamesPolicy=database onboard slot path
+MACAddressPolicy=none
diff --git a/sources b/sources
index 43bb180..f514a18 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (systemd-hs-252.4.tar.gz) = 89ec58da01429b83d6a2d80797ca140c2c40ab750198b2a8e395a9e94169882739b07aff21dfbb013b52241d9632b10354d2e9cbfed2fa05355440ff10c251a7
-SHA512 (systemd-hs+fb-252.4.tar.gz) = e6d971184ec03708e679355d0bda13d9315e0b9861ffd8e5d45905714eb27d738f006b92d68e7f05cbd73a6d9cbc49fa969b1ac0a572f668141fc8942ddd7e66
+SHA512 (systemd-hs-253.5.tar.gz) = 6acedc4b5d09dd5be9a20b229769b2c7a33319ef1cd6343d6a8b7d9847aaee8d4b7271786f76e2ae7eea6a4a1d4b4b810ebfeb63c08ed2cbaca3b9a482d569b0
+SHA512 (systemd-hs+fb-253.5.tar.gz) = 1bcd0141daf19bec54cb8052ae789030a8eb861155a13e946d73bf6ec957084ef17231f88f1113c4abd851352952c919ed4cc62b2b8d513dc9fb304cf43eba75
diff --git a/split-files.py b/split-files.py
index ebd0835..11fda6a 100644
--- a/split-files.py
+++ b/split-files.py
@@ -18,6 +18,7 @@ def files(root):
o_libs = open('.file-list-libs', 'w')
o_udev = open('.file-list-udev', 'w')
+o_ukify = open('.file-list-ukify', 'w')
o_boot = open('.file-list-boot', 'w')
o_pam = open('.file-list-pam', 'w')
o_rpm_macros = open('.file-list-rpm-macros', 'w')
@@ -28,8 +29,10 @@ o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
o_remote = open('.file-list-remote', 'w')
o_resolve = open('.file-list-resolve', 'w')
o_tests = open('.file-list-tests', 'w')
+o_standalone_repart = open('.file-list-standalone-repart', 'w')
o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
+o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w')
o_main = open('.file-list-main', 'w')
for file in files(buildroot):
n = file.path[1:]
@@ -54,12 +57,27 @@ for file in files(buildroot):
/var(/cache|/log|/lib|/run|)$
''', n, re.X):
continue
- if '/security/pam_' in n or '/man8/pam_' in n:
+
+ if n.endswith('.standalone'):
+ if 'repart' in n:
+ o = o_standalone_repart
+ elif 'tmpfiles' in n:
+ o = o_standalone_tmpfiles
+ elif 'sysusers' in n:
+ o = o_standalone_sysusers
+ elif 'shutdown' in n:
+ o = o_standalone_shutdown
+ else:
+ assert False, 'Found .standalone not belonging to known packages'
+
+ elif '/security/pam_' in n or '/man8/pam_' in n:
o = o_pam
elif '/rpm/' in n:
o = o_rpm_macros
elif '/usr/lib/systemd/tests' in n:
o = o_tests
+ elif 'ukify' in n:
+ o = o_ukify
elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
o = o_main
elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
@@ -106,7 +124,6 @@ for file in files(buildroot):
hwdb|
bootctl|
boot-update|
- sd-boot|systemd-boot\.|loader.conf|
bless-boot|
boot-system-token|
kernel-install|
@@ -124,6 +141,7 @@ for file in files(buildroot):
pstore|
sleep|suspend|hibernate|
systemd-tmpfiles-setup-dev|
+ network/98-default-mac-none.link|
network/99-default.link|
growfs|makefs|makeswap|mkswap|
fsck|
@@ -151,7 +169,10 @@ for file in files(buildroot):
# confused if those user-facing binaries are not available.
o = o_udev
- elif re.search(r'''/boot/efi''', n, re.X):
+ elif re.search(r'''/boot/efi|
+ /usr/lib/systemd/boot|
+ sd-boot|systemd-boot\.|loader.conf
+ ''', n, re.X):
o = o_boot
elif re.search(r'''resolved|resolve1|
@@ -164,14 +185,6 @@ for file in files(buildroot):
elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
o = o_oomd_defaults
- elif n.endswith('.standalone'):
- if 'tmpfiles' in n:
- o = o_standalone_tmpfiles
- elif 'sysusers' in n:
- o = o_standalone_sysusers
- else:
- assert False, 'Found .standalone not belonging to known packages'
-
else:
o = o_main
diff --git a/systemd.spec b/systemd.spec
index b3a5450..71fb3d3 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -1,12 +1,10 @@
#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
-%global stable 1
-
%if 0%{?facebook}
-%global hs_commit 1d360fe852a59e3fd4253b234f72cc9bf28a1214
+%global hs_commit 29312dc9281668410f092c6f43234cb31a37e9bb
%else
-%global hs_commit 41a7f97e13ba7bb986d97f6873fa3c3fe0808517
+%global hs_commit f98cd058e4e973ca9db22551f1332ce0855fe3cf
%endif
# We ship a .pc file but don't want to have a dep on pkg-config. We
@@ -36,16 +34,17 @@
Name: systemd
Url: https://pagure.io/centos-sig-hyperscale/systemd
%if %{without inplace}
-Version: 252.4
-Release: 598.13%{?dist}
+Version: 253.5
%else
# determine the build information from local checkout
Version: %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
-Release: 2
%endif
+Release: 1.1%{?dist}
+
+%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
# For a breakdown of the licensing, see README
-License: LGPLv2+ and MIT and GPLv2+
+License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
Summary: System and Service Manager
# download tarballs with "spectool -g systemd.spec"
@@ -69,12 +68,16 @@ Source13: libsystemd-shared.abignore
Source14: 10-oomd-defaults.conf
Source15: 10-oomd-per-slice-defaults.conf
+Source16: 10-timeout-abort.conf
+Source17: 10-map-count.conf
Source21: macros.sysusers
Source22: sysusers.attr
Source23: sysusers.prov
Source24: sysusers.generate-pre.sh
+Source25: 98-default-mac-none.link
+
# Needed for selinux subpackage
Source100: Makefile.selinux
Source101: systemd_hs.te
@@ -93,9 +96,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# than in the next section. Packit CI will drop any patches in this range before
# applying upstream pull requests.
-Patch0001: 0001-pam-align-second-and-third-columns.patch
-Patch0002: 0002-pam-add-a-call-to-pam_namespace.patch
-Patch0003: 0003-pam-actually-align-the-columns.patch
+# https://github.com/systemd/systemd/issues/26488
+# https://bugzilla.redhat.com/show_bug.cgi?id=2164404
+Patch0001: https://github.com/systemd/systemd/pull/26494.patch
# Those are downstream-only patches, but we don't want them in packit builds:
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@@ -140,7 +143,9 @@ BuildRequires: kmod-devel
BuildRequires: elfutils-devel
BuildRequires: openssl-devel
BuildRequires: gnutls-devel
+%if %{undefined rhel}
BuildRequires: qrencode-devel
+%endif
BuildRequires: libmicrohttpd-devel
BuildRequires: libxkbcommon-devel
BuildRequires: iptables-devel
@@ -158,12 +163,18 @@ BuildRequires: gawk
BuildRequires: tree
BuildRequires: hostname
BuildRequires: python3
-BuildRequires: python3dist(lxml)
+BuildRequires: python3-devel
BuildRequires: python3dist(jinja2)
-BuildRequires: firewalld-filesystem
-%if 0%{?have_gnu_efi}
-BuildRequires: gnu-efi gnu-efi-devel
+BuildRequires: python3dist(lxml)
+BuildRequires: python3dist(pefile)
+%if %{undefined rhel}
+BuildRequires: python3dist(pillow)
+BuildRequires: python3dist(pytest-flakes)
%endif
+BuildRequires: python3dist(pytest)
+BuildRequires: python3dist(zstd)
+# gzip and lzma are provided by the stdlib
+BuildRequires: firewalld-filesystem
BuildRequires: libseccomp-devel
%if 0%{?el8}
BuildRequires: meson >= 0.57
@@ -183,6 +194,13 @@ BuildRequires: bpftool
%global have_bpf 1
%endif
+%if 0%{?fedora}
+%ifarch x86_64 aarch64
+# That package is only built for those two architectures
+BuildRequires: xen-devel
+%endif
+%endif
+
Requires(post): coreutils
Requires(post): grep
# systemd-machine-id-setup requires libssl
@@ -215,10 +233,14 @@ Conflicts: fedora-release < 23-0.12
%endif
Obsoletes: timedatex < 0.6-3
Provides: timedatex = 0.6-3
+Conflicts: %{name}-standalone-repart < %{version}-%{release}^
+Provides: %{name}-repart = %{version}-%{release}
Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^
Provides: %{name}-tmpfiles = %{version}-%{release}
Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^
Provides: %{name}-sysusers = %{version}-%{release}
+Conflicts: %{name}-standalone-shutdown < %{version}-%{release}^
+Provides: %{name}-shutdown = %{version}-%{release}
# Recommends to replace normal Requires deps for stuff that is dlopen()ed
Recommends: libidn2.so.0%{?elf_suffix}
@@ -226,7 +248,11 @@ Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
Recommends: libpcre2-8.so.0%{?elf_suffix}
Recommends: libpwquality.so.1%{?elf_suffix}
Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
+%if %{undefined rhel}
Recommends: libqrencode.so.4%{?elf_suffix}
+%endif
+Recommends: libbpf.so.0%{?elf_suffix}
+Recommends: libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits}
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy)
@@ -255,12 +281,12 @@ utilities to control basic system configuration like the hostname, date, locale,
maintain a list of logged-in users, system accounts, runtime directories and
settings, and a logging daemons.
%if 0%{?stable}
-This package was built from the %{version}-stable branch of systemd.
+This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd.
%endif
%package libs
Summary: systemd libraries
-License: LGPLv2+ and MIT
+License: LGPL-2.1-or-later AND MIT
Obsoletes: libudev < 183
Obsoletes: systemd < 185-4
Conflicts: systemd < 185-4
@@ -297,7 +323,7 @@ for information how to use those macros.
%package devel
Summary: Development headers for systemd
-License: LGPLv2+ and MIT
+License: LGPL-2.1-or-later AND MIT
Requires: %{name}-libs%{_isa} = %{version}-%{release}
Requires: (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
Provides: libudev-devel = %{version}
@@ -310,7 +336,7 @@ to libudev or libsystemd.
%package udev
Summary: Rule-based device node and kernel event manager
-License: LGPLv2+
+License: LGPL-2.1-or-later
Requires: systemd%{_isa} = %{version}-%{release}
Requires(post): systemd
@@ -340,8 +366,9 @@ Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits}
Recommends: libelf.so.1%{?elf_suffix}
Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits}
-# used by home, cryptsetup, cryptenroll
+# used by home, cryptsetup, cryptenroll, logind
Recommends: libfido2.so.1%{?elf_suffix}
+Recommends: libp11-kit.so.0%{?elf_suffix}
Recommends: libtss2-esys.so.0%{?elf_suffix}
Recommends: libtss2-mu.so.0%{?elf_suffix}
Recommends: libtss2-rc.so.0%{?elf_suffix}
@@ -366,14 +393,34 @@ It also contains tools to manage encrypted home areas and secrets bound to the
machine, and to create or grow partitions and make file systems automatically.
%if 0%{?have_gnu_efi}
+%package ukify
+Summary: Tool to build Unified Kernel Images
+Requires: %{name} = %{version}-%{release}
+
+# We prefer llvm-objcopy over objcopy.
+Requires: (llvm or binutils)
+Recommends: llvm
+
+Requires: python3dist(pefile)
+Requires: python3dist(zstd)
+Recommends: python3dist(pillow)
+
+BuildArch: noarch
+
+%description ukify
+This package provides ukify, a script that combines a kernel image, an initrd,
+with a command line, and possibly PCR measurements and other metadata, into a
+Unified Kernel Image (UKI).
+
%package boot-unsigned
Summary: UEFI boot manager (unsigned version)
Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release
Provides: systemd-boot = %version-%release
Provides: systemd-boot%{_isa} = %version-%release
-Conflicts: systemd-boot < %{version}-%{release}
-Obsoletes: systemd-boot < %{version}-%{release}
+# A provides with just the version, no release or dist, used to build systemd-boot
+Provides: version(systemd-boot-unsigned) = %version
+Provides: version(systemd-boot-unsigned)%{_isa} = %version
# self-obsoletes to install both packages after split of systemd-boot
Obsoletes: systemd-udev < 252.2^
@@ -398,7 +445,7 @@ Requires(postun): systemd
Obsoletes: %{name} < 229-5
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
Suggests: libcurl-minimal
-License: LGPLv2+
+License: LGPL-2.1-or-later
%description container
Systemd tools to spawn and manage containers and virtual machines.
@@ -410,7 +457,7 @@ systemd-importd.
# Name is the same as in Debian
Summary: Tools to send journal events over the network
Requires: %{name}%{_isa} = %{version}-%{release}
-License: LGPLv2+
+License: LGPL-2.1-or-later
Requires: firewalld-filesystem
Provides: %{name}-journal-gateway = %{version}-%{release}
Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release}
@@ -428,7 +475,7 @@ systemd-journal-upload.
%package networkd
Summary: System daemon that manages network configurations
Requires: %{name}%{_isa} = %{version}-%{release}
-License: LGPLv2+
+License: LGPL-2.1-or-later
%if 0%{?facebook} == 0
# https://src.fedoraproject.org/rpms/systemd/pull-request/34
Obsoletes: systemd < 246.6-2
@@ -457,7 +504,7 @@ resolver, as well as an LLMNR and MulticastDNS resolver and responder.
%package oomd-defaults
Summary: Configuration files for systemd-oomd
Requires: %{name} = %{version}-%{release}
-License: LGPLv2+
+License: LGPL-2.1-or-later
BuildArch: noarch
%description oomd-defaults
@@ -467,31 +514,51 @@ a userspace out-of-memory (OOM) killer.
%package tests
Summary: Internal unit tests for systemd
Requires: %{name}%{_isa} = %{version}-%{release}
-License: LGPLv2+
+License: LGPL-2.1-or-later
%description tests
"Installed tests" that are usually run as part of the build system. They can be
useful to test systemd internals.
+%package standalone-repart
+Summary: Standalone systemd-repart binary for use on systems without systemd
+Provides: %{name}-repart = %{version}-%{release}
+RemovePathPostfixes: .standalone
+
+%description standalone-repart
+Standalone systemd-repart binary with no dependencies on the systemd-shared library or
+other libraries from systemd-libs. This package conflicts with the main systemd
+package and is meant for use on systems without systemd.
+
%package standalone-tmpfiles
-Summary: Standalone tmpfiles binary for use in non-systemd systems
+Summary: Standalone systemd-tmpfiles binary for use on systems without systemd
Provides: %{name}-tmpfiles = %{version}-%{release}
RemovePathPostfixes: .standalone
%description standalone-tmpfiles
-Standalone tmpfiles binary with no dependencies on the systemd-shared library or
+Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or
other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
%package standalone-sysusers
-Summary: Standalone sysusers binary for use in non-systemd systems
+Summary: Standalone systemd-sysusers binary for use on systems without systemd
Provides: %{name}-sysusers = %{version}-%{release}
RemovePathPostfixes: .standalone
%description standalone-sysusers
-Standalone sysusers binary with no dependencies on the systemd-shared library or
+Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or
other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
+
+%package standalone-shutdown
+Summary: Standalone systemd-shutdown binary for use on systems without systemd
+Provides: %{name}-shutdown = %{version}-%{release}
+RemovePathPostfixes: .standalone
+
+%description standalone-shutdown
+Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or
+other libraries from systemd-libs. This package conflicts with the main systemd
+package and is meant for use in exitrds.
%package selinux
Summary: SELinux module for systemd
@@ -514,6 +581,22 @@ runs properly under an environment with SELinux enabled.
# the top directory is hsfb-250.3 instead of hs+fb-250.3.
%autosetup -n %{name}-hs%{?facebook:fb}-%{version} -p1
+# We want to update sd-boot from packaging scriptlets after package update.
+# Let's disable the service.
+sed -r -i '/^enable systemd-boot-update.service/d' presets/90-systemd.preset
+
+sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user
+
+%generate_buildrequires
+%if 0%{?have_gnu_efi}
+if grep -q gnu-efi meson_options.txt; then
+ echo 'gnu-efi'
+ echo 'gnu-efi-devel'
+else
+ echo 'python3dist(pyelftools)'
+fi
+%endif
+
mkdir selinux
cp %SOURCE100 %SOURCE101 %SOURCE102 %SOURCE103 selinux
@@ -565,7 +648,7 @@ CONFIGURE_OPTS=(
%endif
-Delfutils=true
-Dpwquality=true
- -Dqrencode=true
+ -Dqrencode=%[%{defined rhel}?"false":"true"]
-Dgnutls=true
-Dmicrohttpd=true
-Dlibidn2=true
@@ -573,7 +656,6 @@ CONFIGURE_OPTS=(
-Dlibcurl=true
-Dlibfido2=true
-Defi=true
- -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false}
-Dtpm=true
-Dtpm2=true
-Dhwdb=true
@@ -609,6 +691,9 @@ CONFIGURE_OPTS=(
-Ddefault-llmnr=resolve
# https://bugzilla.redhat.com/show_bug.cgi?id=2028169
-Dstatus-unit-format-default=combined
+ # https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
+ -Ddefault-timeout-sec=45
+ -Ddefault-user-timeout-sec=45
-Doomd=true
-Dadm-gid=4
-Daudio-gid=63
@@ -644,6 +729,15 @@ CONFIGURE_OPTS+=(
)
%endif
+if grep gnu-efi meson_options.txt; then
+ CONFIGURE_OPTS+=( -Dgnu-efi=%[%{?have_gnu_efi}?"true":"false"] )
+else
+ # For now, let's build the bootloader in the same places where we
+ # built with gnu-efi. Later on, we might want to extend coverage, but
+ # considering that that support is untested, let's not do this now.
+ CONFIGURE_OPTS+=( -Dbootloader=%[%{?have_gnu_efi}?"true":"false"] )
+fi
+
%if %{without lto}
%global _lto_cflags %nil
%endif
@@ -755,9 +849,14 @@ install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
# systemd-oomd default configuration
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
-install -Dm0644 -t %{buildroot}%{system_unit_dir}/user-.slice.d/ %{SOURCE15}
install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}
+# https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer
+install -Dm0644 -t %{buildroot}%{system_unit_dir}/service.d/ %{SOURCE16}
+install -Dm0644 10-timeout-abort.conf.user %{buildroot}%{user_unit_dir}/service.d/10-timeout-abort.conf
+
+# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
+install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17}
sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py
@@ -766,6 +865,9 @@ install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
+# https://bugzilla.redhat.com/show_bug.cgi?id=2107754
+install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25}
+
%find_lang %{name}
# Split files in build root into rpms. See split-files.py for the
@@ -908,11 +1010,17 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
systemctl start systemd-resolved.service &>/dev/null || :
fi
-%triggerpostun -- systemd < 247.3-2
+%triggerun -- systemd < 247.3-2
# This is for upgrades from previous versions before oomd-defaults is available.
+systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
+
+%triggerpostun -- systemd < 253~rc1-2
+# This is for upgrades from previous versions where systemd-journald-audit.socket
+# had a static enablement symlink.
# We use %%triggerpostun here because rpm doesn't allow a second %%triggerun with
# a different package version.
-systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
+systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || :
+
%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service}
@@ -1110,6 +1218,7 @@ fi
%files udev -f .file-list-udev
%if 0%{?have_gnu_efi}
+%files ukify -f .file-list-ukify
%files boot-unsigned -f .file-list-boot
%endif
@@ -1124,16 +1233,23 @@ fi
%files tests -f .file-list-tests
+%files standalone-repart -f .file-list-standalone-repart
+
%files standalone-tmpfiles -f .file-list-standalone-tmpfiles
%files standalone-sysusers -f .file-list-standalone-sysusers
+%files standalone-shutdown -f .file-list-standalone-shutdown
+
%files selinux
%{_datadir}/selinux/devel/include/contrib/systemd_hs.if
%{_datadir}/selinux/packages/systemd_hs.pp.bz2
%changelog
+* Fri Jun 23 2023 Anita Zhang <the.anitazha@gmail.com> - 253.5-1.1
+- Sync from Fedora rawhide 5982ae9504c8f2697a839c6ce2a82287a60c1043
+
* Thu May 25 2023 Daan De Meyer <daan.j.demeyer@gmail.com> - 252.4-598.13
- Backport https://github.com/systemd/systemd/pull/25385
diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh
index a077bb7..4a87d53 100755
--- a/sysusers.generate-pre.sh
+++ b/sysusers.generate-pre.sh
@@ -20,16 +20,16 @@ user() {
if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
cat <<-EOF
getent passwd '$user' >/dev/null || \\
- useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+ useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
EOF
else
cat <<-EOF
- if ! getent passwd '$user' >/dev/null; then
- if ! getent passwd '$uid' >/dev/null; then
- useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
- else
- useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
- fi
+ if ! getent passwd ${user@Q} >/dev/null; then
+ if ! getent passwd ${uid@Q} >/dev/null; then
+ useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
+ else
+ useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
+ fi
fi
EOF
@@ -42,11 +42,11 @@ group() {
if [ "$gid" = '-' ]; then
cat <<-EOF
- getent group '$group' >/dev/null || groupadd -r '$group' || :
+ getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || :
EOF
else
cat <<-EOF
- getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
+ getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || :
EOF
fi
}
@@ -56,8 +56,8 @@ usermod() {
group="$2"
cat <<-EOF
- if getent group '$group' >/dev/null; then
- usermod -a -G '$group' '$user' || :
+ if getent group ${group@Q} >/dev/null; then
+ usermod -a -G ${group@Q} '$user' || :
fi
EOF
}