diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f414847
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/systemd-250.tar.gz
diff --git a/.systemd.metadata b/.systemd.metadata
new file mode 100644
index 0000000..7e5b661
--- /dev/null
+++ b/.systemd.metadata
@@ -0,0 +1 @@
+3b9db821b29a577d004c8823f4ff7a054c81a39c SOURCES/systemd-250.tar.gz
diff --git a/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch b/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch
new file mode 100644
index 0000000..b533028
--- /dev/null
+++ b/SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch
@@ -0,0 +1,52 @@
+From 5a66d993a5be88524d9952193b053eac607a5c17 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 1 Aug 2018 10:58:28 +0200
+Subject: [PATCH] logind: set RemoveIPC to false by default
+
+RHEL-only
+
+Resolves: #1959836
+---
+ man/logind.conf.xml | 2 +-
+ src/login/logind-core.c | 2 +-
+ src/login/logind.conf.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/logind.conf.xml b/man/logind.conf.xml
+index 3045c1b9ba..96fa076239 100644
+--- a/man/logind.conf.xml
++++ b/man/logind.conf.xml
+@@ -354,7 +354,7 @@
+ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
+ last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
+ well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
+- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
++ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
+ </varlistentry>
+
+ </variablelist>
+diff --git a/src/login/logind-core.c b/src/login/logind-core.c
+index 254a1a69fb..616c08132a 100644
+--- a/src/login/logind-core.c
++++ b/src/login/logind-core.c
+@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
+
+ m->n_autovts = 6;
+ m->reserve_vt = 6;
+- m->remove_ipc = true;
++ m->remove_ipc = false;
+ m->inhibit_delay_max = 5 * USEC_PER_SEC;
+ m->user_stop_delay = 10 * USEC_PER_SEC;
+
+diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
+index 2d084e134d..79d685b3de 100644
+--- a/src/login/logind.conf.in
++++ b/src/login/logind.conf.in
+@@ -40,6 +40,6 @@
+ #IdleActionSec=30min
+ #RuntimeDirectorySize=10%
+ #RuntimeDirectoryInodes=400k
+-#RemoveIPC=yes
++#RemoveIPC=no
+ #InhibitorsMax=8192
+ #SessionsMax=8192
diff --git a/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
new file mode 100644
index 0000000..929a63b
--- /dev/null
+++ b/SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
@@ -0,0 +1,43 @@
+From 92b6ae2097ae90355775217529d2fd55f7b84e31 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 5 Aug 2021 17:11:47 +0200
+Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
+ symlink
+
+RHEL-only
+
+Resolves: #1989472
+---
+ tmpfiles.d/meson.build | 1 -
+ tmpfiles.d/systemd-resolve.conf | 10 ----------
+ 2 files changed, 11 deletions(-)
+ delete mode 100644 tmpfiles.d/systemd-resolve.conf
+
+diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
+index b8d3919025..6ae9e3e0b8 100644
+--- a/tmpfiles.d/meson.build
++++ b/tmpfiles.d/meson.build
+@@ -7,7 +7,6 @@ files = [['README', ''],
+ ['journal-nocow.conf', ''],
+ ['systemd-nologin.conf', 'HAVE_PAM'],
+ ['systemd-nspawn.conf', 'ENABLE_MACHINED'],
+- ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
+ ['systemd-tmp.conf', ''],
+ ['portables.conf', 'ENABLE_PORTABLED'],
+ ['systemd-pstore.conf', 'ENABLE_PSTORE'],
+diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
+deleted file mode 100644
+index cb1c56d6a6..0000000000
+--- a/tmpfiles.d/systemd-resolve.conf
++++ /dev/null
+@@ -1,10 +0,0 @@
+-# This file is part of systemd.
+-#
+-# systemd is free software; you can redistribute it and/or modify it
+-# under the terms of the GNU Lesser General Public License as published by
+-# the Free Software Foundation; either version 2.1 of the License, or
+-# (at your option) any later version.
+-
+-# See tmpfiles.d(5) for details
+-
+-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
diff --git a/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch b/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch
new file mode 100644
index 0000000..9f6bf2c
--- /dev/null
+++ b/SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch
@@ -0,0 +1,78 @@
+From 24f033a2a5c03848ae518278c8025e13130146af Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Fri, 2 Jul 2021 13:25:51 +0200
+Subject: [PATCH] Copy 40-redhat.rules from RHEL-8
+
+RHEL-only
+
+Resolves: #1978639
+---
+ rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++
+ rules.d/meson.build | 1 +
+ 2 files changed, 47 insertions(+)
+ create mode 100644 rules.d/40-redhat.rules
+
+diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
+new file mode 100644
+index 0000000000..3c95cd2df0
+--- /dev/null
++++ b/rules.d/40-redhat.rules
+@@ -0,0 +1,46 @@
++# do not edit this file, it will be overwritten on update
++
++# CPU hotadd request
++SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
++
++# Memory hotadd request
++SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
++ACTION!="add", GOTO="memory_hotplug_end"
++CONST{arch}=="s390*", GOTO="memory_hotplug_end"
++CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
++
++ENV{.state}="online"
++CONST{virt}=="none", ENV{.state}="online_movable"
++ATTR{state}=="offline", ATTR{state}="$env{.state}"
++
++LABEL="memory_hotplug_end"
++
++# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
++ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
++
++# load SCSI generic (sg) driver
++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
++
++# Rule for prandom character device node permissions
++KERNEL=="prandom", MODE="0644"
++
++# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
++# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
++#
++ACTION=="remove", GOTO="zfcp_scsi_device_end"
++
++#
++# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
++# (both disk and partition) are SCSI devices based on FCP devices
++#
++KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
++
++# For SCSI disks
++KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
++
++
++# For partitions on a SCSI disk
++KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
++
++LABEL="zfcp_scsi_device_end"
+diff --git a/rules.d/meson.build b/rules.d/meson.build
+index 5cecddb34f..c5c3590b29 100644
+--- a/rules.d/meson.build
++++ b/rules.d/meson.build
+@@ -5,6 +5,7 @@ install_data(
+ install_dir : udevrulesdir)
+
+ rules = files('''
++ 40-redhat.rules
+ 60-autosuspend.rules
+ 60-block.rules
+ 60-cdrom_id.rules
diff --git a/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
new file mode 100644
index 0000000..504f7d3
--- /dev/null
+++ b/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
@@ -0,0 +1,45 @@
+From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 15 May 2018 09:24:20 +0200
+Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
+
+Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
+adds an After relationship.
+
+RHEL-only
+
+Resolves: #1959826
+---
+ src/core/unit.c | 7 +------
+ units/basic.target | 3 ++-
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index b1f1f5c82c..3a8251e2b8 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
+ }
+
+ if (c->private_tmp) {
+-
+- /* FIXME: for now we make a special case for /tmp and add a weak dependency on
+- * tmp.mount so /tmp being masked is supported. However there's no reason to treat
+- * /tmp specifically and masking other mount units should be handled more
+- * gracefully too, see PR#16894. */
+- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
++ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
+ if (r < 0)
+ return r;
+
+diff --git a/units/basic.target b/units/basic.target
+index d8cdd5ac14..9eae0782a2 100644
+--- a/units/basic.target
++++ b/units/basic.target
+@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
+ # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
+ # we support that unit being masked, and this should not be considered an error.
+ RequiresMountsFor=/var /var/tmp
+-Wants=tmp.mount
++# RHEL-only: Disable /tmp on tmpfs.
++#Wants=tmp.mount
diff --git a/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch b/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch
new file mode 100644
index 0000000..5f61739
--- /dev/null
+++ b/SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch
@@ -0,0 +1,38 @@
+From ba6b7f1b4409b337b5b4ffc47259ad5c43c436c4 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 5 Sep 2016 12:47:09 +0200
+Subject: [PATCH] unit: don't add Requires for tmp.mount
+
+rhel-only
+Resolves: #1619292
+---
+ src/core/mount.c | 2 +-
+ src/core/unit.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 0170406351..4d407ca4e5 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -335,7 +335,7 @@ static int mount_add_mount_dependencies(Mount *m) {
+ if (r < 0)
+ return r;
+
+- if (UNIT(m)->fragment_path) {
++ if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
+ /* If we have fragment configuration, then make this dependency required */
+ r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH);
+ if (r < 0)
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 3a8251e2b8..d2adb447b6 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1520,7 +1520,7 @@ static int unit_add_mount_dependencies(Unit *u) {
+ if (r < 0)
+ return r;
+
+- if (m->fragment_path) {
++ if (m->fragment_path && !streq(m->id, "tmp.mount")) {
+ r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
+ if (r < 0)
+ return r;
diff --git a/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch b/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch
new file mode 100644
index 0000000..1eb4e7e
--- /dev/null
+++ b/SOURCES/0006-units-add-Install-section-to-tmp.mount.patch
@@ -0,0 +1,24 @@
+From 0e4d18011e394d83c5e6ce045c05b03619fe7145 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 22 Jan 2019 10:28:42 +0100
+Subject: [PATCH] units: add [Install] section to tmp.mount
+
+RHEL-only
+
+Related: #1959826
+---
+ units/tmp.mount | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/units/tmp.mount b/units/tmp.mount
+index 4e1bb8de24..4874e8daff 100644
+--- a/units/tmp.mount
++++ b/units/tmp.mount
+@@ -23,3 +23,7 @@ What=tmpfs
+ Where=/tmp
+ Type=tmpfs
+ Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m
++
++# Make 'systemctl enable tmp.mount' work:
++[Install]
++WantedBy=local-fs.target
diff --git a/SOURCES/0007-rc-local-order-after-network-online.target.patch b/SOURCES/0007-rc-local-order-after-network-online.target.patch
new file mode 100644
index 0000000..d7c6ae9
--- /dev/null
+++ b/SOURCES/0007-rc-local-order-after-network-online.target.patch
@@ -0,0 +1,29 @@
+From 6dc2d5628fded20609561ca3c63517b3dc381042 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 11 Mar 2021 15:48:23 +0100
+Subject: [PATCH] rc-local: order after network-online.target
+
+I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
+just network-online.target didn't exist back then.
+
+RHEL-only
+
+Resolves: #1954429
+---
+ units/rc-local.service.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/units/rc-local.service.in b/units/rc-local.service.in
+index 55e83dfe00..0eee722154 100644
+--- a/units/rc-local.service.in
++++ b/units/rc-local.service.in
+@@ -13,7 +13,8 @@
+ Description={{RC_LOCAL_PATH}} Compatibility
+ Documentation=man:systemd-rc-local-generator(8)
+ ConditionFileIsExecutable={{RC_LOCAL_PATH}}
+-After=network.target
++After=network-online.target
++Wants=network-online.target
+
+ [Service]
+ Type=forking
diff --git a/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch b/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch
new file mode 100644
index 0000000..7d41fd8
--- /dev/null
+++ b/SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch
@@ -0,0 +1,298 @@
+From b9c7cd794733257a17b2eb9eadc716007e509ca9 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Sun, 18 Apr 2021 20:46:06 +0200
+Subject: [PATCH] ci: drop CIs irrelevant for downstream
+
+ * CIFuzz would need a separate project in oss-fuzz
+ * Coverity would also need a separate project
+ * the Labeler action is superfluous, since we already have a bot for
+ that
+ * mkosi testing on other distros is irrelevant for downstream RHEL
+ repo
+
+Resolves: #1960703
+rhel-only
+---
+ .github/labeler.yml | 40 -----------------
+ .github/workflows/cifuzz.yml | 55 -----------------------
+ .github/workflows/coverity.yml | 43 ------------------
+ .github/workflows/labeler.yml | 23 ----------
+ .github/workflows/mkosi.yml | 80 ----------------------------------
+ 5 files changed, 241 deletions(-)
+ delete mode 100644 .github/labeler.yml
+ delete mode 100644 .github/workflows/cifuzz.yml
+ delete mode 100644 .github/workflows/coverity.yml
+ delete mode 100644 .github/workflows/labeler.yml
+ delete mode 100644 .github/workflows/mkosi.yml
+
+diff --git a/.github/labeler.yml b/.github/labeler.yml
+deleted file mode 100644
+index 7d128f42d6..0000000000
+--- a/.github/labeler.yml
++++ /dev/null
+@@ -1,40 +0,0 @@
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-
+-hwdb:
+- - hwdb.d/**/*
+-units:
+- - units/**/*
+-documentation:
+- - NEWS
+- - docs/*
+-network:
+- - src/libsystemd-network/**/*
+- - src/network/**/*
+-udev:
+- - src/udev/**/*
+- - src/libudev/*
+-selinux:
+- - '**/*selinux*'
+-apparmor:
+- - '**/*apparmor*'
+-meson:
+- - meson_option.txt
+-mkosi:
+- - .mkosi/*
+- - mkosi.build
+-busctl:
+- - src/busctl/*
+-systemctl:
+- - src/systemctl/*
+-journal:
+- - src/journal/*
+-journal-remote:
+- - src/journal-remote/*
+-portable:
+- - src/portable/**/*
+-resolve:
+- - src/resolve/*
+-timedate:
+- - src/timedate/*
+-timesync:
+- - src/timesync/*
+diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
+deleted file mode 100644
+index 11ea788a47..0000000000
+--- a/.github/workflows/cifuzz.yml
++++ /dev/null
+@@ -1,55 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+-
+-name: CIFuzz
+-
+-permissions:
+- contents: read
+-
+-on:
+- pull_request:
+- paths:
+- - '**/meson.build'
+- - '.github/workflows/**'
+- - 'meson_options.txt'
+- - 'src/**'
+- - 'test/fuzz/**'
+- - 'tools/oss-fuzz.sh'
+- push:
+- branches:
+- - main
+-jobs:
+- Fuzzing:
+- runs-on: ubuntu-latest
+- if: github.repository == 'systemd/systemd'
+- concurrency:
+- group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+- cancel-in-progress: true
+- strategy:
+- fail-fast: false
+- matrix:
+- sanitizer: [address, undefined, memory]
+- steps:
+- - name: Build Fuzzers (${{ matrix.sanitizer }})
+- id: build
+- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+- with:
+- oss-fuzz-project-name: 'systemd'
+- dry-run: false
+- allowed-broken-targets-percentage: 0
+- sanitizer: ${{ matrix.sanitizer }}
+- - name: Run Fuzzers (${{ matrix.sanitizer }})
+- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+- with:
+- oss-fuzz-project-name: 'systemd'
+- fuzz-seconds: 600
+- dry-run: false
+- sanitizer: ${{ matrix.sanitizer }}
+- - name: Upload Crash
+- uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2
+- if: failure() && steps.build.outcome == 'success'
+- with:
+- name: ${{ matrix.sanitizer }}-artifacts
+- path: ./out/artifacts
+diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
+deleted file mode 100644
+index a164d16fbf..0000000000
+--- a/.github/workflows/coverity.yml
++++ /dev/null
+@@ -1,43 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-#
+-name: Coverity
+-
+-on:
+- schedule:
+- # Run Coverity daily at midnight
+- - cron: '0 0 * * *'
+-
+-permissions:
+- contents: read
+-
+-jobs:
+- build:
+- runs-on: ubuntu-20.04
+- if: github.repository == 'systemd/systemd'
+- env:
+- COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}"
+- COVERITY_SCAN_NOTIFICATION_EMAIL: ""
+- COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}"
+- # Set in repo settings -> secrets -> repository secrets
+- COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
+- CURRENT_REF: "${{ github.ref }}"
+- steps:
+- - name: Repository checkout
+- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+- # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+- - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
+- run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
+- - name: Install Coverity tools
+- run: tools/get-coverity.sh
+- # Reuse the setup phase of the unit test script to avoid code duplication
+- - name: Install build dependencies
+- run: sudo -E .github/workflows/unit_tests.sh SETUP
+- # Preconfigure with meson to prevent Coverity from capturing meson metadata
+- - name: Preconfigure the build directory
+- run: meson cov-build -Dman=false
+- - name: Build
+- run: tools/coverity.sh build
+- - name: Upload the results
+- run: tools/coverity.sh upload
+diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
+deleted file mode 100644
+index 34d9d63d42..0000000000
+--- a/.github/workflows/labeler.yml
++++ /dev/null
+@@ -1,23 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-#
+-name: "Pull Request Labeler"
+-
+-on:
+-- pull_request_target
+-
+-permissions:
+- contents: read
+-
+-jobs:
+- triage:
+- runs-on: ubuntu-latest
+- permissions:
+- pull-requests: write
+- steps:
+- - uses: actions/labeler@69da01b8e0929f147b8943611bee75ee4175a49e
+- with:
+- repo-token: "${{ secrets.GITHUB_TOKEN }}"
+- configuration-path: .github/labeler.yml
+- sync-labels: "" # This is a workaround for issue 18671
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+deleted file mode 100644
+index 8fd6c72e26..0000000000
+--- a/.github/workflows/mkosi.yml
++++ /dev/null
+@@ -1,80 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/.
+-name: mkosi
+-
+-on:
+- push:
+- branches:
+- - main
+- - v[0-9]+-stable
+- pull_request:
+- branches:
+- - main
+- - v[0-9]+-stable
+-
+-permissions:
+- contents: read
+-
+-env:
+- # Enable debug logging in systemd, but keep udev's log level to info,
+- # since it's _very_ verbose in the QEMU task
+- KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console"
+-
+-jobs:
+- ci:
+- runs-on: ubuntu-20.04
+- concurrency:
+- group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }}
+- cancel-in-progress: true
+- strategy:
+- fail-fast: false
+- matrix:
+- distro:
+- - arch
+- - debian
+- - ubuntu
+- - fedora
+- - opensuse
+-
+- steps:
+- - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+- - uses: systemd/mkosi@4d64fc8134f93d87ac584183e7762ac1d0efa0e5
+-
+- - name: Install
+- run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
+-
+- - name: Configure
+- run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default
+-
+- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
+- # required, since current Arch's glibc implements faccessat() via faccessat2().
+- - name: Update systemd-nspawn
+- if: ${{ matrix.distro == 'arch' }}
+- run: |
+- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
+- sudo apt update
+- sudo apt build-dep systemd
+- meson build
+- ninja -C build
+- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
+- systemd-nspawn --version
+-
+- - name: Build ${{ matrix.distro }}
+- run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build
+-
+- - name: Show ${{ matrix.distro }} image summary
+- run: ./.github/workflows/run_mkosi.sh summary
+-
+- - name: Boot ${{ matrix.distro }} systemd-nspawn
+- run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }}
+-
+- - name: Check ${{ matrix.distro }} systemd-nspawn
+- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
+-
+- - name: Boot ${{ matrix.distro }} QEMU
+- run: ./.github/workflows/run_mkosi.sh qemu
+-
+- - name: Check ${{ matrix.distro }} QEMU
+- run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
diff --git a/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch b/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch
new file mode 100644
index 0000000..fbe6ca9
--- /dev/null
+++ b/SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch
@@ -0,0 +1,61 @@
+From d931821a263e34805f825cf12a0a0fcde9beda99 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 9 Jun 2021 15:23:59 +0200
+Subject: [PATCH] ci: reconfigure Packit for RHEL 9
+
+Resolves: #1960703
+rhel-only
+---
+ .packit.yml | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 962c77913e..3461bccbc5 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}"
+
+ actions:
+ post-upstream-clone:
+- # Use the Fedora Rawhide specfile
+- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
++ # Use the CentOS Stream specfile
++ - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
+ # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
+ - "rm -fv .packit_rpm/sources"
+- # Drop backported patches from the specfile, but keep the downstream-only ones
+- # - Patch0000-0499: backported patches from upstream
+- # - Patch0500-9999: downstream-only patches
+- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
++ # Drop all patches, since they're already included in the tarball
++ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
+ # Build the RPM with --werror. Even though --werror doesn't work in all
+ # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
+ # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
+@@ -32,12 +30,22 @@ actions:
+ # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
+ - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+
++# Available targets can be listed via `copr-cli list-chroots`
+ jobs:
++# Build test
+ - job: copr_build
+ trigger: pull_request
+ metadata:
+ targets:
+- - fedora-rawhide-aarch64
+- - fedora-rawhide-i386
+- - fedora-rawhide-ppc64le
+- - fedora-rawhide-x86_64
++ # FIXME: change to CentOS 9 once it's available
++ - fedora-34-x86_64
++ - fedora-34-aarch64
++
++# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
++# Run tests (via testing farm)
++#- job: tests
++# trigger: pull_request
++# metadata:
++# targets:
++# # FIXME: change to CentOS 9 once it's available
++# - fedora-34-x86_64
diff --git a/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch b/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch
new file mode 100644
index 0000000..65ae57c
--- /dev/null
+++ b/SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch
@@ -0,0 +1,28 @@
+From 785b53d7b16c6c56638029e8b4f59c436f1394b8 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Thu, 15 Jul 2021 12:23:27 +0200
+Subject: [PATCH] ci: run unit tests on z-stream branches as well
+
+Resolves: #1960703
+rhel-only
+---
+ .github/workflows/unit_tests.yml | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
+index d4a4f3c723..2afde5d59d 100644
+--- a/.github/workflows/unit_tests.yml
++++ b/.github/workflows/unit_tests.yml
+@@ -3,11 +3,7 @@
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+ #
+ name: Unit tests
+-on:
+- pull_request:
+- branches:
+- - main
+- - v[0-9]+-stable
++on: [pull_request]
+
+ permissions:
+ contents: read
diff --git a/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch b/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch
new file mode 100644
index 0000000..f026b4b
--- /dev/null
+++ b/SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch
@@ -0,0 +1,25 @@
+From c1555a7d38235cca32492c4606e30028dc008b35 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 15 Jul 2021 11:15:17 +0200
+Subject: [PATCH] random-util: increase random seed size to 1024
+
+RHEL-only
+
+Resolves: #1982603
+---
+ src/basic/random-util.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.h b/src/basic/random-util.h
+index e6528ddc7f..fda78552f6 100644
+--- a/src/basic/random-util.h
++++ b/src/basic/random-util.h
+@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) {
+ int rdrand(unsigned long *ret);
+
+ /* Some limits on the pool sizes when we deal with the kernel random pool */
+-#define RANDOM_POOL_SIZE_MIN 512U
++#define RANDOM_POOL_SIZE_MIN 1024U
+ #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
+
+ size_t random_pool_size(void);
diff --git a/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch
new file mode 100644
index 0000000..944281a
--- /dev/null
+++ b/SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch
@@ -0,0 +1,41 @@
+From f1d66259bcff8333d7dd495bbeef274206f7300d Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Thu, 2 May 2019 14:11:54 +0200
+Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
+ default
+
+RHEL-only
+
+Resolves: #1973856
+---
+ units/meson.build | 3 +--
+ units/systemd-journald.service.in | 2 +-
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/units/meson.build b/units/meson.build
+index a9bf28f6d9..69d53f4259 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -124,8 +124,7 @@ units = [
+ 'sysinit.target.wants/'],
+ ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
+ ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
+- ['systemd-journald-audit.socket', '',
+- 'sockets.target.wants/'],
++ ['systemd-journald-audit.socket', ''],
+ ['systemd-journald-dev-log.socket', '',
+ 'sockets.target.wants/'],
+ ['systemd-journald.socket', '',
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index cd17b6b4e7..d981273b07 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -12,7 +12,7 @@ Description=Journal Service
+ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+ DefaultDependencies=no
+ Requires=systemd-journald.socket
+-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
++After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
+ Before=sysinit.target
+
+ [Service]
diff --git a/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch b/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch
new file mode 100644
index 0000000..6a49362
--- /dev/null
+++ b/SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch
@@ -0,0 +1,22 @@
+From 56d9b62ce456e8c0e520bda3447db38864983173 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 5 Aug 2021 15:26:13 +0200
+Subject: [PATCH] journald.conf: don't touch current audit settings
+
+RHEL-only
+
+Related: #1973856
+---
+ src/journal/journald.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/journal/journald.conf b/src/journal/journald.conf
+index 5a60a9d39c..3544da2112 100644
+--- a/src/journal/journald.conf
++++ b/src/journal/journald.conf
+@@ -44,4 +44,4 @@
+ #MaxLevelWall=emerg
+ #LineMax=48K
+ #ReadKMsg=yes
+-#Audit=yes
++Audit=
diff --git a/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch b/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch
new file mode 100644
index 0000000..a5acad5
--- /dev/null
+++ b/SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch
@@ -0,0 +1,137 @@
+From 2843766767452a69dade1ef8ab2d1d3e5e68a1d3 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 10 Aug 2021 14:46:16 +0200
+Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
+
+This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
+
+RHEL-only
+
+Resolves: #1982666
+---
+ man/udev.xml | 9 +++++++
+ src/udev/udev-rules.c | 56 +++++++++++++++++++++++++++++++++++++++
+ test/rule-syntax-check.py | 2 +-
+ 3 files changed, 66 insertions(+), 1 deletion(-)
+
+diff --git a/man/udev.xml b/man/udev.xml
+index f6ea2abc12..ce96e201e4 100644
+--- a/man/udev.xml
++++ b/man/udev.xml
+@@ -592,6 +592,15 @@
+ </listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term><varname>WAIT_FOR</varname></term>
++ <listitem>
++ <para>Wait for a file to become available or until a timeout of
++ 10 seconds expires. The path is relative to the sysfs device;
++ if no path is specified, this waits for an attribute to appear.</para>
++ </listitem>
++ </varlistentry>
++
+ <varlistentry>
+ <term><varname>OPTIONS</varname></term>
+ <listitem>
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 1a384d6b38..243a792662 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -79,6 +79,7 @@ typedef enum {
+ TK_M_TAG, /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */
+ TK_M_SUBSYSTEM, /* string, sd_device_get_subsystem() */
+ TK_M_DRIVER, /* string, sd_device_get_driver() */
++ TK_M_WAITFOR,
+ TK_M_ATTR, /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */
+ TK_M_SYSCTL, /* string, takes kernel parameter through attribute */
+
+@@ -416,6 +417,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token
+ rule_line->current_token = token;
+ }
+
++#define WAIT_LOOP_PER_SECOND 50
++static int wait_for_file(sd_device *dev, const char *file, int timeout) {
++ char filepath[UDEV_PATH_SIZE];
++ char devicepath[UDEV_PATH_SIZE];
++ struct stat stats;
++ int loop = timeout * WAIT_LOOP_PER_SECOND;
++
++ /* a relative path is a device attribute */
++ devicepath[0] = '\0';
++ if (file[0] != '/') {
++ const char *val;
++ int r;
++
++ r = sd_device_get_syspath(dev, &val);
++ if (r < 0)
++ return r;
++ strscpyl(devicepath, sizeof(devicepath), val, NULL);
++ strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
++ file = filepath;
++ }
++
++ while (--loop) {
++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
++
++ /* lookup file */
++ if (stat(file, &stats) == 0) {
++ log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
++ return 0;
++ }
++ /* make sure, the device did not disappear in the meantime */
++ if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
++ log_debug("device disappeared while waiting for '%s'", file);
++ return -2;
++ }
++ log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
++ nanosleep(&duration, NULL);
++ }
++ log_debug("waiting for '%s' failed", file);
++ return -1;
++}
++
+ static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) {
+ UdevRuleToken *token;
+ UdevRuleMatchType match_type = _MATCH_TYPE_INVALID;
+@@ -958,6 +1000,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
+ r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd));
+ } else
+ return log_token_invalid_attr(rules, key);
++ } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
++ if (op == OP_REMOVE)
++ return log_token_invalid_op(rules, key);
++
++ rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL);
++ return 1;
+ } else if (streq(key, "GOTO")) {
+ if (attr)
+ return log_token_invalid_attr(rules, key);
+@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event(
+
+ return token_match_string(token, val);
+ }
++ case TK_M_WAITFOR: {
++ char filename[UDEV_PATH_SIZE];
++ int found;
++
++ udev_event_apply_format(event, token->value, filename, sizeof(filename), false);
++ found = (wait_for_file(event->dev, filename, 10) == 0);
++ return found || (token->op == OP_NOMATCH);
++ }
+ case TK_M_ATTR:
+ case TK_M_PARENTS_ATTR:
+ return token_match_attr(token, dev, event);
+diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
+index 9a9e4d1658..0649bcf58e 100755
+--- a/test/rule-syntax-check.py
++++ b/test/rule-syntax-check.py
+@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D
+ # PROGRAM can also be specified as an assignment.
+ program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$')
+ args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
+-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
++no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
+ args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
+ # Find comma-separated groups, but allow commas that are inside quoted strings.
+ # Using quoted_string_re + '?' so that strings missing the last double quote
diff --git a/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch b/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch
new file mode 100644
index 0000000..30d9a20
--- /dev/null
+++ b/SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch
@@ -0,0 +1,25 @@
+From 9a0acc0b292d283b4507c6b749396c019af7e4ab Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 25 Aug 2021 16:03:04 +0200
+Subject: [PATCH] Really don't enable systemd-journald-audit.socket
+
+RHEL-only
+
+Resolves: #1973856
+---
+ units/systemd-journald.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index d981273b07..f190dff5fb 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -33,7 +33,7 @@ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
+ RuntimeDirectory=systemd/journal
+ RuntimeDirectoryPreserve=yes
+-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
++Sockets=systemd-journald.socket systemd-journald-dev-log.socket
+ StandardOutput=null
+ SystemCallArchitectures=native
+ SystemCallErrorNumber=EPERM
diff --git a/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch b/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch
new file mode 100644
index 0000000..8338727
--- /dev/null
+++ b/SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch
@@ -0,0 +1,56 @@
+From 1e423276a24d7c895d196f9f10bf8c0b9155c633 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 12 Feb 2019 16:58:16 +0100
+Subject: [PATCH] rules: add elevator= kernel command line parameter
+
+Kernel removed the elevator= option, so let's reintroduce
+it for rhel8 via udev rule.
+
+RHEL-only
+
+Resolves: #2003002
+---
+ rules.d/40-elevator.rules | 20 ++++++++++++++++++++
+ rules.d/meson.build | 1 +
+ 2 files changed, 21 insertions(+)
+ create mode 100644 rules.d/40-elevator.rules
+
+diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
+new file mode 100644
+index 0000000000..dbe8fc81a4
+--- /dev/null
++++ b/rules.d/40-elevator.rules
+@@ -0,0 +1,20 @@
++# We aren't adding devices skip the elevator check
++ACTION!="add", GOTO="sched_out"
++
++SUBSYSTEM!="block", GOTO="sched_out"
++ENV{DEVTYPE}!="disk", GOTO="sched_out"
++
++# Technically, dm-multipath can be configured to use an I/O scheduler.
++# However, there are races between the 'add' uevent and the linking in
++# of the queue/scheduler sysfs file. For now, just skip dm- devices.
++KERNEL=="dm-*|md*", GOTO="sched_out"
++
++# Skip bio-based devices, which don't support an I/O scheduler.
++ATTR{queue/scheduler}=="none", GOTO="sched_out"
++
++# If elevator= is specified on the kernel command line, change the
++# scheduler to the one specified.
++IMPORT{cmdline}="elevator"
++ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
++
++LABEL="sched_out"
+\ No newline at end of file
+diff --git a/rules.d/meson.build b/rules.d/meson.build
+index c5c3590b29..7e0bd89200 100644
+--- a/rules.d/meson.build
++++ b/rules.d/meson.build
+@@ -5,6 +5,7 @@ install_data(
+ install_dir : udevrulesdir)
+
+ rules = files('''
++ 40-elevator.rules
+ 40-redhat.rules
+ 60-autosuspend.rules
+ 60-block.rules
diff --git a/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
new file mode 100644
index 0000000..53151bd
--- /dev/null
+++ b/SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
@@ -0,0 +1,26 @@
+From 41ccc595538752f04f88c80fe7a9e283d4ef12c4 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 22 Sep 2021 14:38:00 +0200
+Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
+
+RHEL-only
+
+Related: #2000927
+---
+ units/meson.build | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/units/meson.build b/units/meson.build
+index 69d53f4259..9eb535858a 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -159,8 +159,7 @@ units = [
+ ['time-set.target', ''],
+ ['time-sync.target', ''],
+ ['timers.target', ''],
+- ['tmp.mount', '',
+- 'local-fs.target.wants/'],
++ ['tmp.mount', ''],
+ ['umount.target', ''],
+ ['usb-gadget.target', ''],
+ ['user.slice', ''],
diff --git a/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
new file mode 100644
index 0000000..ffec2d6
--- /dev/null
+++ b/SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
@@ -0,0 +1,59 @@
+From 4ec48c87803916e90a8f30afae6c8bdee5bb9ba5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 1 Aug 2018 13:19:39 +0200
+Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
+
+This should be hopefully high enough even for the very big deployments.
+
+RHEL-only
+
+Resolves: #2003031
+---
+ man/systemd-system.conf.xml | 4 ++--
+ src/core/main.c | 2 +-
+ src/core/system.conf.in | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
+index 3805a010e2..b8e2b65625 100644
+--- a/man/systemd-system.conf.xml
++++ b/man/systemd-system.conf.xml
+@@ -404,10 +404,10 @@
+ <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. This setting applies to all unit types that support resource control settings, with the exception
+- of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
++ of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+ and root cgroup <varname>pids.max</varname>.
+ Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
+- For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
++ For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
+ but might be greater in other systems or smaller in OS containers.</para></listitem>
+ </varlistentry>
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 57aedb9b93..7ea848ebeb 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -98,7 +98,7 @@
+ #include <sanitizer/lsan_interface.h>
+ #endif
+
+-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
++#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
+
+ static enum {
+ ACTION_RUN,
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index 96fb64d2c1..c0dc6a7e17 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -54,7 +54,7 @@
+ #DefaultBlockIOAccounting=no
+ #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
+ #DefaultTasksAccounting=yes
+-#DefaultTasksMax=15%
++#DefaultTasksMax=80%
+ #DefaultLimitCPU=
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
diff --git a/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch b/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch
new file mode 100644
index 0000000..4fff5b0
--- /dev/null
+++ b/SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch
@@ -0,0 +1,25 @@
+From 7344cdfb2792f67e50848f87eced21cded226d4a Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Mon, 25 Jan 2021 16:19:56 +0100
+Subject: [PATCH] set core ulimit to 0 like on RHEL-7
+
+RHEL-only
+
+Resolves: #1998509
+---
+ src/core/system.conf.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index c0dc6a7e17..5913b5b0e4 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -59,7 +59,7 @@
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
+ #DefaultLimitSTACK=
+-#DefaultLimitCORE=
++DefaultLimitCORE=0:infinity
+ #DefaultLimitRSS=
+ #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}}
+ #DefaultLimitAS=
diff --git a/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch b/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch
new file mode 100644
index 0000000..4651c6e
--- /dev/null
+++ b/SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch
@@ -0,0 +1,27 @@
+From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Thu, 4 Nov 2021 12:31:32 +0100
+Subject: [PATCH] ci: use C9S chroots in Packit
+
+rhel-only
+Related: #2017035
+---
+ .packit.yml | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 3461bccbc5..ce8782aae2 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -37,9 +37,8 @@ jobs:
+ trigger: pull_request
+ metadata:
+ targets:
+- # FIXME: change to CentOS 9 once it's available
+- - fedora-34-x86_64
+- - fedora-34-aarch64
++ - centos-stream-9-x86_64
++ - centos-stream-9-aarch64
+
+ # TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
+ # Run tests (via testing farm)
diff --git a/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch b/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
new file mode 100644
index 0000000..1e2a147
--- /dev/null
+++ b/SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
@@ -0,0 +1,136 @@
+From 68199fe69a2c46e498bc7e9528d54922deecc553 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 17:58:03 +0200
+Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1803070
+
+I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
+than the one we get from /proc/self/fdinfo/. This only matters when both statx and
+name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
+
+(gdb) !uname -r
+5.6.19-200.fc31.ppc64le
+
+(gdb) !cat /proc/self/mountinfo
+697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
+701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
+702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
+703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
+704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
+705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
+706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
+722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
+725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
+614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
+615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+
+The test process does
+name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
+openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
+read(open("/proc/self/fdinfo/4", ...)) which gives
+"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
+
+and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
+
+We could either drop the fallback path (and fail name_to_handle_at() is not
+avaliable) or ignore the error in the test. Not sure what is better. I think
+this issue only occurs sometimes and with older kernels, so probably continuing
+with the current flaky implementation is better than ripping out the fallback.
+
+Another strace:
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
+) = 28
+name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
+) = 20
+name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
+) = 30
+name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
+) = 23
+name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
+openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
+openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
+read(5</proc/20/fdinfo/4>, "", 1024) = 0
+close(5</proc/20/fdinfo/4>) = 0
+close(4</proc/filesystems>) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
+) = 42
+writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
+) = 39
+writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
+) = 109
+rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
+rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
+getpid() = 20
+gettid() = 20
+tgkill(20, 20, SIGABRT) = 0
+rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
+
+RHEL notes: af918c4 should mitigate this issue, but in some build
+systems (Copr, brew, etc.) we don't have enough privileges to create a
+new mount namespace
+
+Cherry-picked manually from https://github.com/systemd/systemd/pull/17050.
+
+rhel-only
+Related: #2017035
+---
+ src/test/test-mountpoint-util.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index d11edf502a..9515d8cf7b 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -101,8 +101,12 @@ TEST(mnt_id) {
+ /* The ids don't match? If so, then there are two mounts on the same path, let's check if
+ * that's really the case */
+ char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
+- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
+- assert_se(path_equal(p, t));
++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
++
++ if (!path_equal(p, t))
++ /* Apparent kernel bug in /proc/self/fdinfo */
++ log_warning("Bad mount id given for %s: %d, should be %d",
++ p, mnt_id2, mnt_id);
+ }
+ }
+
diff --git a/SOURCES/0022-Treat-EPERM-as-not-available-too.patch b/SOURCES/0022-Treat-EPERM-as-not-available-too.patch
new file mode 100644
index 0000000..4d356d0
--- /dev/null
+++ b/SOURCES/0022-Treat-EPERM-as-not-available-too.patch
@@ -0,0 +1,30 @@
+From 3c54c67a7fc65dc5b49b2452739c19b94eeb98a9 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 21 Dec 2021 10:46:17 +0100
+Subject: [PATCH] Treat EPERM as "not available" too
+
+We need to do this because idmapped mounts habe been disabled in RHEL-9
+kernel: https://bugzilla.redhat.com/show_bug.cgi?id=2018141 .
+
+RHEL-only
+
+Fixes #55
+
+Related: #2017035
+---
+ src/nspawn/nspawn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 8f17ab8810..9225c8f162 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -3780,7 +3780,7 @@ static int outer_child(
+ arg_uid_shift != 0) {
+
+ r = remount_idmap(directory, arg_uid_shift, arg_uid_range);
+- if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
++ if (IN_SET(r, -EINVAL, -EPERM) || ERRNO_IS_NOT_SUPPORTED(r)) {
+ /* This might fail because the kernel or file system doesn't support idmapping. We
+ * can't really distinguish this nicely, nor do we have any guarantees about the
+ * error codes we see, could be EOPNOTSUPP or EINVAL. */
diff --git a/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch b/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch
new file mode 100644
index 0000000..ea3e2fd
--- /dev/null
+++ b/SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch
@@ -0,0 +1,39 @@
+From 324d99159e1e64d78a580073626f5b645f1c3639 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Mon, 31 Jan 2022 14:19:09 +0100
+Subject: [PATCH] test: copy portable profiles into the image if they don't
+ exist there
+
+If we're built with `-Dportable=false`, the portable profiles won't get
+installed into the image. Since we need only the profile files and
+nothing else, let's copy them into the image explicitly in such case.
+
+(cherry picked from commit 6f73ef8b30803ac1be1b2607aec1a89d778caa9a)
+
+Related: #2017035
+---
+ test/test-functions | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/test/test-functions b/test/test-functions
+index 218d0e6888..35d8f074a9 100644
+--- a/test/test-functions
++++ b/test/test-functions
+@@ -1151,6 +1151,17 @@ install_systemd() {
+ mkdir -p "$initdir/etc/systemd/system/service.d/"
+ echo -e "[Service]\nProtectSystem=no\nProtectHome=no\n" >"$initdir/etc/systemd/system/service.d/gcov-override.conf"
+ fi
++
++ # If we're built with -Dportabled=false, tests with systemd-analyze
++ # --profile will fail. Since we need just the profile (text) files, let's
++ # copy them into the image if they don't exist there.
++ local portable_dir="${initdir:?}${ROOTLIBDIR:?}/portable"
++ if [[ ! -d "$portable_dir/profile/strict" ]]; then
++ dinfo "Couldn't find portable profiles in the test image"
++ dinfo "Copying them directly from the source tree"
++ mkdir -p "$portable_dir"
++ cp -frv "${SOURCE_DIR:?}/src/portable/profile" "$portable_dir"
++ fi
+ }
+
+ get_ldpath() {
diff --git a/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch b/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch
new file mode 100644
index 0000000..b9734d3
--- /dev/null
+++ b/SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch
@@ -0,0 +1,43 @@
+From 16908e1ec833d857cb418712c382c6f604426b36 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Tue, 1 Feb 2022 20:18:29 +0100
+Subject: [PATCH] test: introduce `get_cgroup_hierarchy() helper
+
+which returns the host's cgroup hierarchy (unified, hybrid, or legacy).
+
+(cherry picked from commit f723740871bd3eb89d16a526a1ff77c04bb3787a)
+
+Related: #2047768
+---
+ test/test-functions | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/test/test-functions b/test/test-functions
+index 35d8f074a9..4827b6bedf 100644
+--- a/test/test-functions
++++ b/test/test-functions
+@@ -1996,6 +1996,24 @@ import_initdir() {
+ export initdir
+ }
+
++get_cgroup_hierarchy() {
++ case "$(stat -c '%T' -f /sys/fs/cgroup)" in
++ cgroup2fs)
++ echo "unified"
++ ;;
++ tmpfs)
++ if [[ -d /sys/fs/cgroup/unified && "$(stat -c '%T' -f /sys/fs/cgroup/unified)" == cgroup2fs ]]; then
++ echo "hybrid"
++ else
++ echo "legacy"
++ fi
++ ;;
++ *)
++ dfatal "Failed to determine host's cgroup hierarchy"
++ exit 1
++ esac
++}
++
+ ## @brief Converts numeric logging level to the first letter of level name.
+ #
+ # @param lvl Numeric logging level in range from 1 to 6.
diff --git a/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch b/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch
new file mode 100644
index 0000000..1bf03cd
--- /dev/null
+++ b/SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch
@@ -0,0 +1,30 @@
+From 523e72e97d7c945114b54b726eaab0d379fb35fb Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Tue, 1 Feb 2022 20:25:00 +0100
+Subject: [PATCH] test: require unified cgroup hierarchy for TEST-56
+
+since cgroup empty notifications are unreliable in legacy cgroups.
+
+See: systemd/systemd#22320
+Complements: systemd/systemd#22344
+(cherry picked from commit e2620820188428de7086f5e8ac41305177f70954)
+
+Related: #2047768
+---
+ test/TEST-56-EXIT-TYPE/test.sh | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/test/TEST-56-EXIT-TYPE/test.sh b/test/TEST-56-EXIT-TYPE/test.sh
+index 0f84dca1ba..37475e817e 100755
+--- a/test/TEST-56-EXIT-TYPE/test.sh
++++ b/test/TEST-56-EXIT-TYPE/test.sh
+@@ -6,4 +6,9 @@ TEST_DESCRIPTION="test ExitType=cgroup"
+ # shellcheck source=test/test-functions
+ . "${TEST_BASE_DIR:?}/test-functions"
+
++if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
++ echo "This test requires unified cgroup hierarchy, skipping..."
++ exit 0
++fi
++
+ do_test "$@"
diff --git a/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch b/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch
new file mode 100644
index 0000000..b04e74a
--- /dev/null
+++ b/SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch
@@ -0,0 +1,671 @@
+From 845417e653b42b8f3928c68955bd6416f2fa4509 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 1 Feb 2022 12:06:59 +0100
+Subject: [PATCH] tests: rework test macros to not take code as parameters
+
+C macros are nasty. We use them, but we try to be conservative with
+them. In particular passing literal, complex code blocks as argument is
+icky, because of "," handling of C, and also because it's quite a
+challange for most code highlighters and similar. Hence, let's avoid
+that. Using macros for genreating functions is OK but if so, the
+parameters should be simple words, not full code blocks.
+
+hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead
+of code block as argument.
+
+As side-effect this also fixes a bunch of cases where we might end up
+returning a negative value from main().
+
+Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the
+main() functions, these are replaced by static variables, and their
+destructors by the static destructor logic.
+
+This doesn't fix any bugs or so, it's just supposed to make the code
+easier to work with and improve it easthetically.
+
+Or in other words: let's use macros where it really makes sense, but
+let's not go overboard with it.
+
+(And yes, FOREACH_DIRENT() is another one of those macros that take
+code, and I dislike that too and regret I ever added that.)
+
+(cherry picked from commit 99839c7ebd4b83a5b0d5982d669cfe10d1252e1f)
+
+Related: #2017035
+---
+ src/shared/tests.h | 25 +++++++++++++-----
+ src/test/test-barrier.c | 46 +++++++++++++++++----------------
+ src/test/test-cgroup-setup.c | 15 ++++++-----
+ src/test/test-chown-rec.c | 15 ++++++-----
+ src/test/test-format-table.c | 14 +++++-----
+ src/test/test-fs-util.c | 7 ++++-
+ src/test/test-hashmap.c | 16 +++++++++---
+ src/test/test-install-root.c | 14 +++++++---
+ src/test/test-load-fragment.c | 21 ++++++++-------
+ src/test/test-mountpoint-util.c | 30 +++++++++++----------
+ src/test/test-namespace.c | 15 ++++++-----
+ src/test/test-proc-cmdline.c | 15 ++++++-----
+ src/test/test-process-util.c | 7 ++++-
+ src/test/test-sd-hwdb.c | 21 ++++++++-------
+ src/test/test-serialize.c | 16 ++++++------
+ src/test/test-sleep.c | 15 ++++++-----
+ src/test/test-stat-util.c | 7 ++++-
+ src/test/test-time-util.c | 6 +++--
+ src/test/test-unit-file.c | 7 ++++-
+ src/test/test-unit-name.c | 21 ++++++++-------
+ src/test/test-unit-serialize.c | 21 ++++++++-------
+ src/test/test-utf8.c | 7 ++++-
+ 22 files changed, 215 insertions(+), 146 deletions(-)
+
+diff --git a/src/shared/tests.h b/src/shared/tests.h
+index 3b93aab498..59448f38f6 100644
+--- a/src/shared/tests.h
++++ b/src/shared/tests.h
+@@ -6,6 +6,7 @@
+ #include "sd-daemon.h"
+
+ #include "macro.h"
++#include "static-destruct.h"
+ #include "util.h"
+
+ static inline bool manager_errno_skip_test(int r) {
+@@ -109,15 +110,27 @@ static inline int run_test_table(void) {
+ return r;
+ }
+
++static inline int test_nop(void) {
++ return EXIT_SUCCESS;
++}
++
+ #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
+ int main(int argc, char *argv[]) { \
+- int _r = EXIT_SUCCESS; \
++ int _r, _q; \
+ test_setup_logging(log_level); \
+ save_argc_argv(argc, argv); \
+- intro; \
+- _r = run_test_table(); \
+- outro; \
+- return _r; \
++ _r = intro(); \
++ if (_r == EXIT_SUCCESS) \
++ _r = run_test_table(); \
++ _q = outro(); \
++ static_destruct(); \
++ if (_r < 0) \
++ return EXIT_FAILURE; \
++ if (_r != EXIT_SUCCESS) \
++ return _r; \
++ if (_q < 0) \
++ return EXIT_FAILURE; \
++ return _q; \
+ }
+
+-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , )
++#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
+diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
+index 8998282afb..b87538806a 100644
+--- a/src/test/test-barrier.c
++++ b/src/test/test-barrier.c
+@@ -421,25 +421,27 @@ TEST_BARRIER(barrier_pending_exit,
+ }),
+ TEST_BARRIER_WAIT_SUCCESS(pid2));
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
+- ({
+- if (!slow_tests_enabled())
+- return log_tests_skipped("slow tests are disabled");
+-
+- /*
+- * This test uses real-time alarms and sleeps to test for CPU races
+- * explicitly. This is highly fragile if your system is under load. We
+- * already increased the BASE_TIME value to make the tests more robust,
+- * but that just makes the test take significantly longer. Given the recent
+- * issues when running the test in a virtualized environments, limit it
+- * to bare metal machines only, to minimize false-positives in CIs.
+- */
+- int v = detect_virtualization();
+- if (IN_SET(v, -EPERM, -EACCES))
+- return log_tests_skipped("Cannot detect virtualization");
+-
+- if (v != VIRTUALIZATION_NONE)
+- return log_tests_skipped("This test requires a baremetal machine");
+- }),
+- /* no outro */);
++
++static int intro(void) {
++ if (!slow_tests_enabled())
++ return log_tests_skipped("slow tests are disabled");
++
++ /*
++ * This test uses real-time alarms and sleeps to test for CPU races explicitly. This is highly
++ * fragile if your system is under load. We already increased the BASE_TIME value to make the tests
++ * more robust, but that just makes the test take significantly longer. Given the recent issues when
++ * running the test in a virtualized environments, limit it to bare metal machines only, to minimize
++ * false-positives in CIs.
++ */
++
++ int v = detect_virtualization();
++ if (IN_SET(v, -EPERM, -EACCES))
++ return log_tests_skipped("Cannot detect virtualization");
++
++ if (v != VIRTUALIZATION_NONE)
++ return log_tests_skipped("This test requires a baremetal machine");
++
++ return EXIT_SUCCESS;
++ }
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
+index 018992f96d..6f93647685 100644
+--- a/src/test/test-cgroup-setup.c
++++ b/src/test/test-cgroup-setup.c
+@@ -64,10 +64,11 @@ TEST(is_wanted) {
+ test_is_wanted_print_one(false);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_DEBUG,
+- ({
+- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
+- return log_tests_skipped("can't read /proc/cmdline");
+- }),
+- /* no outro */);
++static int intro(void) {
++ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
++ return log_tests_skipped("can't read /proc/cmdline");
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
+index 53d44566d5..691cfe767f 100644
+--- a/src/test/test-chown-rec.c
++++ b/src/test/test-chown-rec.c
+@@ -149,10 +149,11 @@ TEST(chown_recursive) {
+ assert_se(!has_xattr(p));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_DEBUG,
+- ({
+- if (geteuid() != 0)
+- return log_tests_skipped("not running as root");
+- }),
+- /* no outro */);
++static int intro(void) {
++ if (geteuid() != 0)
++ return log_tests_skipped("not running as root");
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
+index a3b29ca337..7515a74c12 100644
+--- a/src/test/test-format-table.c
++++ b/src/test/test-format-table.c
+@@ -529,10 +529,10 @@ TEST(table) {
+ "5min 5min \n"));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
+- ({
+- assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
+- assert_se(setenv("COLUMNS", "40", 1) >= 0);
+- }),
+- /* no outro */);
++static int intro(void) {
++ assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
++ assert_se(setenv("COLUMNS", "40", 1) >= 0);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index 0e0d91d04e..da5a16b4bc 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -968,4 +968,9 @@ TEST(open_mkdir_at) {
+ assert_se(subsubdir_fd >= 0);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, arg_test_dir = argv[1], /* no outro */);
++static int intro(void) {
++ arg_test_dir = saved_argv[1];
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
+index cba0c33a8a..4dc155d818 100644
+--- a/src/test/test-hashmap.c
++++ b/src/test/test-hashmap.c
+@@ -158,7 +158,15 @@ TEST(hashmap_put_strdup_null) {
+ /* This variable allows us to assert that the tests from different compilation units were actually run. */
+ int n_extern_tests_run = 0;
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
+- assert_se(n_extern_tests_run == 0),
+- assert_se(n_extern_tests_run == 2)); /* Ensure hashmap and ordered_hashmap were tested. */
++static int intro(void) {
++ assert_se(n_extern_tests_run == 0);
++ return EXIT_SUCCESS;
++}
++
++static int outro(void) {
++ /* Ensure hashmap and ordered_hashmap were tested. */
++ assert_se(n_extern_tests_run == 2);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
+diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
+index ba715e6d7e..f540a832bd 100644
+--- a/src/test/test-install-root.c
++++ b/src/test/test-install-root.c
+@@ -11,8 +11,11 @@
+ #include "special.h"
+ #include "string-util.h"
+ #include "tests.h"
++#include "tmpfile-util.h"
+
+-static char root[] = "/tmp/rootXXXXXX";
++static char *root = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(root, rm_rf_physical_and_freep);
+
+ TEST(basic_mask_and_enable) {
+ const char *p;
+@@ -1239,10 +1242,10 @@ TEST(verify_alias) {
+ verify_one(&di_inst_template, "goo.target.conf/plain.service", -EXDEV, NULL);
+ }
+
+-static void setup_root(void) {
++static int intro(void) {
+ const char *p;
+
+- assert_se(mkdtemp(root));
++ assert_se(mkdtemp_malloc("/tmp/rootXXXXXX", &root) >= 0);
+
+ p = strjoina(root, "/usr/lib/systemd/system/");
+ assert_se(mkdir_p(p, 0755) >= 0);
+@@ -1264,6 +1267,9 @@ static void setup_root(void) {
+
+ p = strjoina(root, "/usr/lib/systemd/system/graphical.target");
+ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
++
++ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_root(), assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0));
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
+index e878979a89..2e105df56a 100644
+--- a/src/test/test-load-fragment.c
++++ b/src/test/test-load-fragment.c
+@@ -30,6 +30,10 @@
+ /* Nontrivial value serves as a placeholder to check that parsing function (didn't) change it */
+ #define CGROUP_LIMIT_DUMMY 3
+
++static char *runtime_dir = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
++
+ TEST_RET(unit_file_get_set) {
+ int r;
+ Hashmap *h;
+@@ -894,15 +898,12 @@ TEST(unit_is_recursive_template_dependency) {
+ assert_se(unit_is_likely_recursive_template_dependency(u, "foobar@foobar@123.mount", "foobar@%n.mount") == 0);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
++static int intro(void) {
++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
++ return log_tests_skipped("cgroupfs not available");
+
+- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
+- ({
+- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+- return log_tests_skipped("cgroupfs not available");
+-
+- assert_se(runtime_dir = setup_fake_runtime_dir());
+- }),
++ assert_se(runtime_dir = setup_fake_runtime_dir());
++ return EXIT_SUCCESS;
++}
+
+- /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 9515d8cf7b..102d2850bf 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -298,17 +298,19 @@ TEST(fd_is_mount_point) {
+ assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_DEBUG,
+- ({
+- /* let's move into our own mount namespace with all propagation from the host turned off, so
+- * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
+- if (unshare(CLONE_NEWNS) < 0) {
+- if (!ERRNO_IS_PRIVILEGE(errno))
+- return log_error_errno(errno, "Failed to detach mount namespace: %m");
+-
+- log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
+- } else
+- assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
+- }),
+- /* no outro */);
++static int intro(void) {
++ /* let's move into our own mount namespace with all propagation from the host turned off, so
++ * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
++
++ if (unshare(CLONE_NEWNS) < 0) {
++ if (!ERRNO_IS_PRIVILEGE(errno))
++ return log_error_errno(errno, "Failed to detach mount namespace: %m");
++
++ log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
++ } else
++ assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index 8df5533d6e..f9e34f3bfa 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -220,10 +220,11 @@ TEST(protect_kernel_logs) {
+ assert_se(wait_for_terminate_and_check("ns-kernellogs", pid, WAIT_LOG) == EXIT_SUCCESS);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
+- ({
+- if (!have_namespaces())
+- return log_tests_skipped("Don't have namespace support");
+- }),
+- /* no outro */);
++static int intro(void) {
++ if (!have_namespaces())
++ return log_tests_skipped("Don't have namespace support");
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
+index 1c8c9b80b7..064b4d838f 100644
+--- a/src/test/test-proc-cmdline.c
++++ b/src/test/test-proc-cmdline.c
+@@ -247,10 +247,11 @@ TEST(proc_cmdline_key_startswith) {
+ assert_se(!proc_cmdline_key_startswith("foo-bar", "foo_xx"));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
+- ({
+- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
+- return log_tests_skipped("can't read /proc/cmdline");
+- }),
+- /* no outro */);
++static int intro(void) {
++ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
++ return log_tests_skipped("can't read /proc/cmdline");
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index 06a640b1cc..8661934929 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -895,4 +895,9 @@ TEST(set_oom_score_adjust) {
+ assert_se(b == a);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
++static int intro(void) {
++ log_show_color(true);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
+index 7961c17c4a..88992a6c2b 100644
+--- a/src/test/test-sd-hwdb.c
++++ b/src/test/test-sd-hwdb.c
+@@ -52,12 +52,15 @@ TEST(basic_enumerate) {
+ assert_se(len1 == len2);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_DEBUG,
+- ({
+- _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+- int r = sd_hwdb_new(&hwdb);
+- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
+- return log_tests_skipped_errno(r, "cannot open hwdb");
+- }),
+- /* no outro */);
++static int intro(void) {
++ _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
++ int r;
++
++ r = sd_hwdb_new(&hwdb);
++ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
++ return log_tests_skipped_errno(r, "cannot open hwdb");
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
+index fb04b3e7fa..9aeb6c5920 100644
+--- a/src/test/test-serialize.c
++++ b/src/test/test-serialize.c
+@@ -10,7 +10,7 @@
+ #include "tests.h"
+ #include "tmpfile-util.h"
+
+-char long_string[LONG_LINE_MAX+1];
++static char long_string[LONG_LINE_MAX+1];
+
+ TEST(serialize_item) {
+ _cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-serialize.XXXXXX";
+@@ -189,10 +189,10 @@ TEST(serialize_environment) {
+ assert_se(strv_equal(env, env2));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
+- ({
+- memset(long_string, 'x', sizeof(long_string)-1);
+- char_array_0(long_string);
+- }),
+- /* no outro */);
++static int intro(void) {
++ memset(long_string, 'x', sizeof(long_string)-1);
++ char_array_0(long_string);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
+index 183ad4f7b7..f56e7e0167 100644
+--- a/src/test/test-sleep.c
++++ b/src/test/test-sleep.c
+@@ -118,10 +118,11 @@ TEST(sleep) {
+ log_info("Suspend-then-Hibernate configured and possible: %s", r >= 0 ? yes_no(r) : strerror_safe(r));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_DEBUG,
+- ({
+- if (getuid() != 0)
+- log_warning("This program is unlikely to work for unprivileged users");
+- }),
+- /* no outro */);
++static int intro(void) {
++ if (getuid() != 0)
++ log_warning("This program is unlikely to work for unprivileged users");
++
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
+index 0f7b3ca3ce..2965ee679f 100644
+--- a/src/test/test-stat-util.c
++++ b/src/test/test-stat-util.c
+@@ -236,4 +236,9 @@ TEST(dir_is_empty) {
+ assert_se(dir_is_empty_at(AT_FDCWD, empty_dir) > 0);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
++static int intro(void) {
++ log_show_color(true);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index 4d0131827e..f21d8b7794 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -588,7 +588,7 @@ TEST(map_clock_usec) {
+ }
+ }
+
+-static void setup_test(void) {
++static int intro(void) {
+ log_info("realtime=" USEC_FMT "\n"
+ "monotonic=" USEC_FMT "\n"
+ "boottime=" USEC_FMT "\n",
+@@ -603,6 +603,8 @@ static void setup_test(void) {
+ uintmax_t x = TIME_T_MAX;
+ x++;
+ assert_se((time_t) x < 0);
++
++ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_test(), /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
+index 0f8c25c218..6c9f245c7e 100644
+--- a/src/test/test-unit-file.c
++++ b/src/test/test-unit-file.c
+@@ -102,4 +102,9 @@ TEST(runlevel_to_target) {
+ assert_se(streq_ptr(runlevel_to_target("rd.rescue"), SPECIAL_RESCUE_TARGET));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, log_show_color(true), /* no outro */);
++static int intro(void) {
++ log_show_color(true);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
+index 6bde9e090d..1f65407e5f 100644
+--- a/src/test/test-unit-name.c
++++ b/src/test/test-unit-name.c
+@@ -23,6 +23,10 @@
+ #include "user-util.h"
+ #include "util.h"
+
++static char *runtime_dir = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
++
+ static void test_unit_name_is_valid_one(const char *name, UnitNameFlags flags, bool expected) {
+ log_info("%s ( %s%s%s ): %s",
+ name,
+@@ -844,15 +848,12 @@ TEST(unit_name_prefix_equal) {
+ assert_se(!unit_name_prefix_equal("a", "a"));
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_INFO,
++static int intro(void) {
++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
++ return log_tests_skipped("cgroupfs not available");
+
+- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
+- ({
+- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+- return log_tests_skipped("cgroupfs not available");
+-
+- assert_se(runtime_dir = setup_fake_runtime_dir());
+- }),
++ assert_se(runtime_dir = setup_fake_runtime_dir());
++ return EXIT_SUCCESS;
++}
+
+- /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
+index 899fdc000c..5d39176db2 100644
+--- a/src/test/test-unit-serialize.c
++++ b/src/test/test-unit-serialize.c
+@@ -4,6 +4,10 @@
+ #include "service.h"
+ #include "tests.h"
+
++static char *runtime_dir = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
++
+ #define EXEC_START_ABSOLUTE \
+ "ExecStart 0 /bin/sh \"sh\" \"-e\" \"-x\" \"-c\" \"systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok\""
+ #define EXEC_START_RELATIVE \
+@@ -48,15 +52,12 @@ TEST(deserialize_exec_command) {
+ test_deserialize_exec_command_one(m, "control-command", "ExecWhat 11 /a/b c d e", -EINVAL);
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(
+- LOG_DEBUG,
++static int intro(void) {
++ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
++ return log_tests_skipped("cgroupfs not available");
+
+- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
+- ({
+- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+- return log_tests_skipped("cgroupfs not available");
+-
+- assert_se(runtime_dir = setup_fake_runtime_dir());
+- }),
++ assert_se(runtime_dir = setup_fake_runtime_dir());
++ return EXIT_SUCCESS;
++}
+
+- /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
+index a21fcd6fd2..1b31d1f852 100644
+--- a/src/test/test-utf8.c
++++ b/src/test/test-utf8.c
+@@ -231,4 +231,9 @@ TEST(utf8_to_utf16) {
+ }
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
++static int intro(void) {
++ log_show_color(true);
++ return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch b/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch
new file mode 100644
index 0000000..d57eb07
--- /dev/null
+++ b/SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch
@@ -0,0 +1,300 @@
+From 0be677fb6663ab6bfd02eae6ad32e7f031cfde0f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 2 Feb 2022 11:06:41 +0900
+Subject: [PATCH] test: allow to set NULL to intro or outro
+
+Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033.
+
+(cherry picked from commit e85fdacc8ad7d91f140a135aaa3fd5372d3fa47c)
+
+Related: #2017035
+---
+ src/shared/tests.h | 45 +++++++++++++++++----------------
+ src/test/test-barrier.c | 2 +-
+ src/test/test-cgroup-setup.c | 2 +-
+ src/test/test-chown-rec.c | 2 +-
+ src/test/test-format-table.c | 2 +-
+ src/test/test-fs-util.c | 2 +-
+ src/test/test-hashmap.c | 2 +-
+ src/test/test-install-root.c | 2 +-
+ src/test/test-load-fragment.c | 2 +-
+ src/test/test-mountpoint-util.c | 2 +-
+ src/test/test-namespace.c | 2 +-
+ src/test/test-proc-cmdline.c | 2 +-
+ src/test/test-process-util.c | 2 +-
+ src/test/test-sd-hwdb.c | 2 +-
+ src/test/test-serialize.c | 2 +-
+ src/test/test-sleep.c | 2 +-
+ src/test/test-stat-util.c | 2 +-
+ src/test/test-time-util.c | 2 +-
+ src/test/test-unit-file.c | 2 +-
+ src/test/test-unit-name.c | 2 +-
+ src/test/test-unit-serialize.c | 2 +-
+ src/test/test-utf8.c | 2 +-
+ 22 files changed, 44 insertions(+), 43 deletions(-)
+
+diff --git a/src/shared/tests.h b/src/shared/tests.h
+index 59448f38f6..ef6acd368e 100644
+--- a/src/shared/tests.h
++++ b/src/shared/tests.h
+@@ -110,27 +110,28 @@ static inline int run_test_table(void) {
+ return r;
+ }
+
+-static inline int test_nop(void) {
+- return EXIT_SUCCESS;
+-}
+-
+-#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
+- int main(int argc, char *argv[]) { \
+- int _r, _q; \
+- test_setup_logging(log_level); \
+- save_argc_argv(argc, argv); \
+- _r = intro(); \
+- if (_r == EXIT_SUCCESS) \
+- _r = run_test_table(); \
+- _q = outro(); \
+- static_destruct(); \
+- if (_r < 0) \
+- return EXIT_FAILURE; \
+- if (_r != EXIT_SUCCESS) \
+- return _r; \
+- if (_q < 0) \
+- return EXIT_FAILURE; \
+- return _q; \
++#define DEFINE_TEST_MAIN_FULL(log_level, intro, outro) \
++ int main(int argc, char *argv[]) { \
++ int (*_intro)(void) = intro; \
++ int (*_outro)(void) = outro; \
++ int _r, _q; \
++ test_setup_logging(log_level); \
++ save_argc_argv(argc, argv); \
++ _r = _intro ? _intro() : EXIT_SUCCESS; \
++ if (_r == EXIT_SUCCESS) \
++ _r = run_test_table(); \
++ _q = _outro ? _outro() : EXIT_SUCCESS; \
++ static_destruct(); \
++ if (_r < 0) \
++ return EXIT_FAILURE; \
++ if (_r != EXIT_SUCCESS) \
++ return _r; \
++ if (_q < 0) \
++ return EXIT_FAILURE; \
++ return _q; \
+ }
+
+-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
++#define DEFINE_TEST_MAIN_WITH_INTRO(log_level, intro) \
++ DEFINE_TEST_MAIN_FULL(log_level, intro, NULL)
++#define DEFINE_TEST_MAIN(log_level) \
++ DEFINE_TEST_MAIN_FULL(log_level, NULL, NULL)
+diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
+index b87538806a..bbd7e2bddb 100644
+--- a/src/test/test-barrier.c
++++ b/src/test/test-barrier.c
+@@ -444,4 +444,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
+index 6f93647685..c377ff0a00 100644
+--- a/src/test/test-cgroup-setup.c
++++ b/src/test/test-cgroup-setup.c
+@@ -71,4 +71,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
+index 691cfe767f..97711f58b0 100644
+--- a/src/test/test-chown-rec.c
++++ b/src/test/test-chown-rec.c
+@@ -156,4 +156,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
+index 7515a74c12..1b4963d928 100644
+--- a/src/test/test-format-table.c
++++ b/src/test/test-format-table.c
+@@ -535,4 +535,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index da5a16b4bc..602ce75f98 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -973,4 +973,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
+index 4dc155d818..dbf762cc0b 100644
+--- a/src/test/test-hashmap.c
++++ b/src/test/test-hashmap.c
+@@ -169,4 +169,4 @@ static int outro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
++DEFINE_TEST_MAIN_FULL(LOG_INFO, intro, outro);
+diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
+index f540a832bd..f718689c3a 100644
+--- a/src/test/test-install-root.c
++++ b/src/test/test-install-root.c
+@@ -1272,4 +1272,4 @@ static int intro(void) {
+ }
+
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
+index 2e105df56a..1bd68c7e0a 100644
+--- a/src/test/test-load-fragment.c
++++ b/src/test/test-load-fragment.c
+@@ -906,4 +906,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 102d2850bf..4d140c42b6 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -313,4 +313,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index f9e34f3bfa..7a634adca9 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -227,4 +227,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
+index 064b4d838f..1f43bb3eb0 100644
+--- a/src/test/test-proc-cmdline.c
++++ b/src/test/test-proc-cmdline.c
+@@ -254,4 +254,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index 8661934929..7a8adad50c 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -900,4 +900,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
+index 88992a6c2b..4251e2a809 100644
+--- a/src/test/test-sd-hwdb.c
++++ b/src/test/test-sd-hwdb.c
+@@ -63,4 +63,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
+index 9aeb6c5920..bcf2e843b0 100644
+--- a/src/test/test-serialize.c
++++ b/src/test/test-serialize.c
+@@ -195,4 +195,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
+index f56e7e0167..5aebcdd935 100644
+--- a/src/test/test-sleep.c
++++ b/src/test/test-sleep.c
+@@ -125,4 +125,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
+index 2965ee679f..7f633ab259 100644
+--- a/src/test/test-stat-util.c
++++ b/src/test/test-stat-util.c
+@@ -241,4 +241,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index f21d8b7794..554693834b 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -607,4 +607,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
+index 6c9f245c7e..cc08a4ae4b 100644
+--- a/src/test/test-unit-file.c
++++ b/src/test/test-unit-file.c
+@@ -107,4 +107,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
+index 1f65407e5f..8cd0e0b4a1 100644
+--- a/src/test/test-unit-name.c
++++ b/src/test/test-unit-name.c
+@@ -856,4 +856,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
+index 5d39176db2..3ef15f3b1e 100644
+--- a/src/test/test-unit-serialize.c
++++ b/src/test/test-unit-serialize.c
+@@ -60,4 +60,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
+index 1b31d1f852..7337b81227 100644
+--- a/src/test/test-utf8.c
++++ b/src/test/test-utf8.c
+@@ -236,4 +236,4 @@ static int intro(void) {
+ return EXIT_SUCCESS;
+ }
+
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch b/SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch
new file mode 100644
index 0000000..e7f152a
--- /dev/null
+++ b/SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch
@@ -0,0 +1,53 @@
+From f00cbfd1cf67f28a92863c74ef64a1aedfacabc6 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 21 Sep 2021 15:01:19 +0200
+Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
+ "none"
+
+While stable MAC address for interface types that don't have the
+address provided by HW could be useful it also breaks LACP based bonds.
+Let's err on the side of caution and don't change the MAC address from
+udev.
+
+RHEL-only
+
+Resolves: #2009237
+---
+ man/systemd.link.xml | 2 +-
+ network/99-default.link | 2 +-
+ test/fuzz/fuzz-link-parser/99-default.link | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/systemd.link.xml b/man/systemd.link.xml
+index 45cabbccf7..0033e4c28f 100644
+--- a/man/systemd.link.xml
++++ b/man/systemd.link.xml
+@@ -961,7 +961,7 @@
+
+ <programlisting>[Link]
+ NamePolicy=kernel database onboard slot path
+-MACAddressPolicy=persistent</programlisting>
++MACAddressPolicy=none</programlisting>
+ </example>
+
+ <example>
+diff --git a/network/99-default.link b/network/99-default.link
+index bca660ac28..31aee37e75 100644
+--- a/network/99-default.link
++++ b/network/99-default.link
+@@ -13,4 +13,4 @@ OriginalName=*
+ [Link]
+ NamePolicy=keep kernel database onboard slot path
+ AlternativeNamesPolicy=database onboard slot path
+-MACAddressPolicy=persistent
++MACAddressPolicy=none
+diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
+index feb5b1fbb0..3d755898b4 100644
+--- a/test/fuzz/fuzz-link-parser/99-default.link
++++ b/test/fuzz/fuzz-link-parser/99-default.link
+@@ -9,4 +9,4 @@
+
+ [Link]
+ NamePolicy=keep kernel database onboard slot path
+-MACAddressPolicy=persistent
++MACAddressPolicy=none
diff --git a/SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch b/SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch
new file mode 100644
index 0000000..df32d47
--- /dev/null
+++ b/SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch
@@ -0,0 +1,35 @@
+From 17a3bad51a7efefd6dc63249c49ddaabda6cbd19 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 28 Aug 2014 15:12:10 +0200
+Subject: [PATCH] man: mention System Administrator's Guide in systemctl
+ manpage
+
+RHEL-only
+
+Resolves: #1982596
+---
+ man/systemctl.xml | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index 1c14909523..3b3d709ab3 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -2455,6 +2455,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
+ <xi:include href="common-variables.xml" xpointer="urlify"/>
+ </refsect1>
+
++ <refsect1>
++ <title>Examples</title>
++ <para>
++ For examples how to use systemctl in comparsion
++ with old service and chkconfig command please see:
++ <ulink url="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/managing-system-services-with-systemctl_configuring-basic-system-settings">
++ Managing System Services
++ </ulink>
++ </para>
++ </refsect1>
++
+ <refsect1>
+ <title>See Also</title>
+ <para>
diff --git a/SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch b/SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch
new file mode 100644
index 0000000..793a4ee
--- /dev/null
+++ b/SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch
@@ -0,0 +1,56 @@
+From 464a8fc4e0b218793105431cc71bf98b0dc97fb5 Mon Sep 17 00:00:00 2001
+From: Jacek Migacz <jmigacz@redhat.com>
+Date: Thu, 3 Feb 2022 23:46:09 +0100
+Subject: [PATCH] Net naming scheme for RHEL-9.0
+
+RHEL-only
+
+Resolves: #2052106
+---
+ man/systemd.net-naming-scheme.xml | 7 +++++++
+ src/shared/netif-naming-scheme.c | 1 +
+ src/shared/netif-naming-scheme.h | 1 +
+ 3 files changed, 9 insertions(+)
+
+diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
+index 41408411fc..942ef572ff 100644
+--- a/man/systemd.net-naming-scheme.xml
++++ b/man/systemd.net-naming-scheme.xml
+@@ -403,6 +403,13 @@
+ </listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term><constant>rhel-9.0</constant></term>
++
++ <listitem><para>Same as naming scheme <constant>v250</constant>.</para>
++ </listitem>
++ </varlistentry>
++
+ </variablelist>
+
+ <para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
+diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
+index 245466c4cb..44d011a9b7 100644
+--- a/src/shared/netif-naming-scheme.c
++++ b/src/shared/netif-naming-scheme.c
+@@ -23,6 +23,7 @@ static const NamingScheme naming_schemes[] = {
+ { "v247", NAMING_V247 },
+ { "v249", NAMING_V249 },
+ { "v250", NAMING_V250 },
++ { "rhel-9.0", NAMING_RHEL_9_0 },
+ /* … add more schemes here, as the logic to name devices is updated … */
+
+ EXTRA_NET_NAMING_MAP
+diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
+index 16b304ce10..f765db6ef2 100644
+--- a/src/shared/netif-naming-scheme.h
++++ b/src/shared/netif-naming-scheme.h
+@@ -47,6 +47,7 @@ typedef enum NamingSchemeFlags {
+ NAMING_V247 = NAMING_V245 | NAMING_BRIDGE_NO_SLOT,
+ NAMING_V249 = NAMING_V247 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX | NAMING_REPLACE_STRICTLY,
+ NAMING_V250 = NAMING_V249 | NAMING_XEN_VIF,
++ NAMING_RHEL_9_0 = NAMING_V250,
+
+ EXTRA_NET_NAMING_SCHEMES
+
diff --git a/SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch
new file mode 100644
index 0000000..d536c44
--- /dev/null
+++ b/SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch
@@ -0,0 +1,40 @@
+From 16c4a3c3a826d03f60db83c8d6d809d59e6f38ad Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 22 Feb 2022 13:24:11 +0100
+Subject: [PATCH] core: decrease log level of messages about use of
+ KillMode=none
+
+RHEL-only
+
+Resolves: #2013213
+---
+ src/core/load-fragment.c | 2 +-
+ src/core/unit.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index 92a52819e2..ad5a0912fc 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -816,7 +816,7 @@ int config_parse_kill_mode(
+ }
+
+ if (m == KILL_NONE)
+- log_syntax(unit, LOG_WARNING, filename, line, 0,
++ log_syntax(unit, LOG_DEBUG, filename, line, 0,
+ "Unit configured to use KillMode=none. "
+ "This is unsafe, as it disables systemd's process lifecycle management for the service. "
+ "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
+diff --git a/src/core/unit.c b/src/core/unit.c
+index d2adb447b6..9cbed08987 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -5458,7 +5458,7 @@ int unit_log_leftover_process_start(pid_t pid, int sig, void *userdata) {
+
+ /* During start we print a warning */
+
+- log_unit_warning(userdata,
++ log_unit_debug(userdata,
+ "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
+ "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
+ pid, strna(comm));
diff --git a/SOURCES/0032-ci-replace-apt-key-with-signed-by.patch b/SOURCES/0032-ci-replace-apt-key-with-signed-by.patch
new file mode 100644
index 0000000..8fc33a8
--- /dev/null
+++ b/SOURCES/0032-ci-replace-apt-key-with-signed-by.patch
@@ -0,0 +1,34 @@
+From be021c2328550a9d5b987cb206eda5df90b45acd Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Sun, 26 Dec 2021 01:11:00 +0000
+Subject: [PATCH] ci: replace apt-key with signed-by
+
+to limit the scope of the key to apt.llvm.org only.
+
+This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/
+
+(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da)
+
+Related: #2013213
+---
+ .github/workflows/build_test.sh | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
+index 5b18784461..549e59b2c9 100755
+--- a/.github/workflows/build_test.sh
++++ b/.github/workflows/build_test.sh
+@@ -80,9 +80,10 @@ if [[ "$COMPILER" == clang ]]; then
+ # llvm package if available in such cases to avoid that.
+ if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
+ # Latest LLVM stack deb packages provided by https://apt.llvm.org/
+- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
+- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main"
++ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
++ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
++ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
++ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
+ PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
+ fi
+ elif [[ "$COMPILER" == gcc ]]; then
diff --git a/SOURCES/0033-ci-fix-clang-13-installation.patch b/SOURCES/0033-ci-fix-clang-13-installation.patch
new file mode 100644
index 0000000..6540c05
--- /dev/null
+++ b/SOURCES/0033-ci-fix-clang-13-installation.patch
@@ -0,0 +1,54 @@
+From b9b1f92cdc74beb8487c87aa2b5c2806e100d1aa Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Tue, 22 Feb 2022 14:43:40 +0100
+Subject: [PATCH] ci: fix clang-13 installation
+
+For some reason Ubuntu Focal repositories now have `llvm-13` virtual
+package which can't be installed, but successfully fools our check,
+resulting in no clang/llvm being installed...
+
+```
+$ apt show llvm-13
+Package: llvm-13
+State: not a real package (virtual)
+N: Can't select candidate version from package llvm-13 as it has no candidate
+N: Can't select versions from package 'llvm-13' as it is purely virtual
+N: No packages found
+
+$ apt install --dry-run llvm-13
+Reading package lists... Done
+Building dependency tree
+Reading state information... Done
+Package llvm-13 is not available, but is referred to by another package.
+This may mean that the package is missing, has been obsoleted, or
+is only available from another source
+
+E: Package 'llvm-13' has no installation candidate
+```
+
+(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077)
+
+Related: #2013213
+---
+ .github/workflows/build_test.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
+index 549e59b2c9..5a173a18d5 100755
+--- a/.github/workflows/build_test.sh
++++ b/.github/workflows/build_test.sh
+@@ -78,12 +78,12 @@ if [[ "$COMPILER" == clang ]]; then
+ # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
+ # provided by the apt.llvm.org repositories. Let's use the system
+ # llvm package if available in such cases to avoid that.
+- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
++ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
+ # Latest LLVM stack deb packages provided by https://apt.llvm.org/
+ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
+ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
+- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
++ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
+ PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
+ fi
+ elif [[ "$COMPILER" == gcc ]]; then
diff --git a/SOURCES/0034-Revert-kernel-install-also-remove-modules.builtin.al.patch b/SOURCES/0034-Revert-kernel-install-also-remove-modules.builtin.al.patch
new file mode 100644
index 0000000..3d79797
--- /dev/null
+++ b/SOURCES/0034-Revert-kernel-install-also-remove-modules.builtin.al.patch
@@ -0,0 +1,29 @@
+From c8e786f039efec9e509b839ab8b82237d9344398 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 17 Mar 2022 12:35:35 +0100
+Subject: [PATCH] Revert "kernel-install: also remove
+ modules.builtin.alias.bin"
+
+This reverts commit fdcb1bf67371615f12c4b11283f2bd6a25bda019.
+
+Related: #2065061
+
+[msekleta: this revert is done in order to make backporting easier,
+patch will be reapplied later.]
+---
+ src/kernel-install/50-depmod.install | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install
+index fd00c43632..2fd959865f 100644
+--- a/src/kernel-install/50-depmod.install
++++ b/src/kernel-install/50-depmod.install
+@@ -36,7 +36,7 @@ case "$COMMAND" in
+ remove)
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+ echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files"
+- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}}
++ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}}
+ ;;
+ *)
+ exit 0
diff --git a/SOURCES/0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch b/SOURCES/0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch
new file mode 100644
index 0000000..8290d92
--- /dev/null
+++ b/SOURCES/0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch
@@ -0,0 +1,29 @@
+From 5c9bf430dfa9ad75fedf342a4a2be88fa31cd309 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 17 Mar 2022 12:37:57 +0100
+Subject: [PATCH] Revert "kernel-install: prefer /boot over /boot/efi for
+ $BOOT_ROOT"
+
+This reverts commit d0e98b7a1211412dccfcf4dcd2cc0772ac70b304.
+
+Related: #2065061
+
+[msekleta: this revert is done in order to make backporting easier,
+patch will be reapplied later.]
+---
+ src/kernel-install/kernel-install | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index d85852532b..b358b03b2f 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -108,7 +108,7 @@ fi
+ [ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
+
+ [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
+- for pref in "/efi" "/boot" "/boot/efi" ; do
++ for pref in "/efi" "/boot/efi" "/boot"; do
+ if [ -d "$pref/$suff" ]; then
+ BOOT_ROOT="$pref"
+ break 2
diff --git a/SOURCES/0036-kernel-install-50-depmod-port-to-bin-sh.patch b/SOURCES/0036-kernel-install-50-depmod-port-to-bin-sh.patch
new file mode 100644
index 0000000..abee01e
--- /dev/null
+++ b/SOURCES/0036-kernel-install-50-depmod-port-to-bin-sh.patch
@@ -0,0 +1,60 @@
+From 323059e195652d602142dd9930983b438cd1c4d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Thu, 16 Dec 2021 14:35:17 +0100
+Subject: [PATCH] kernel-install: 50-depmod: port to /bin/sh
+
+(cherry picked from commit b3ceb3d9fff69b33b8665a0137f5177f72c45cc0)
+
+Related: #2065061
+---
+ src/kernel-install/50-depmod.install | 28 +++++++++++++++-------------
+ 1 file changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install
+index 2fd959865f..aa1f6b8e0e 100644
+--- a/src/kernel-install/50-depmod.install
++++ b/src/kernel-install/50-depmod.install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+@@ -20,23 +20,25 @@
+
+ COMMAND="$1"
+ KERNEL_VERSION="$2"
+-ENTRY_DIR_ABS="$3"
+-KERNEL_IMAGE="$4"
+-INITRD_OPTIONS_START="5"
+-
+-[[ $KERNEL_VERSION ]] || exit 1
+
+ case "$COMMAND" in
+ add)
+- [[ -d "/lib/modules/${KERNEL_VERSION}/kernel" ]] || exit 0
+- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "Running depmod -a ${KERNEL_VERSION}"
+- exec depmod -a "${KERNEL_VERSION}"
++ [ -d "/lib/modules/$KERNEL_VERSION/kernel" ] || exit 0
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+depmod -a $KERNEL_VERSION"
++ exec depmod -a "$KERNEL_VERSION"
+ ;;
+ remove)
+- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files"
+- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}}
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Removing /lib/modules/$KERNEL_VERSION/modules.dep and associated files"
++ exec rm -f \
++ "/lib/modules/$KERNEL_VERSION/modules.alias" \
++ "/lib/modules/$KERNEL_VERSION/modules.alias.bin" \
++ "/lib/modules/$KERNEL_VERSION/modules.builtin.bin" \
++ "/lib/modules/$KERNEL_VERSION/modules.dep" \
++ "/lib/modules/$KERNEL_VERSION/modules.dep.bin" \
++ "/lib/modules/$KERNEL_VERSION/modules.devname" \
++ "/lib/modules/$KERNEL_VERSION/modules.softdep" \
++ "/lib/modules/$KERNEL_VERSION/modules.symbols" \
++ "/lib/modules/$KERNEL_VERSION/modules.symbols.bin"
+ ;;
+ *)
+ exit 0
diff --git a/SOURCES/0037-kernel-install-90-loaderentry-port-to-bin-sh.patch b/SOURCES/0037-kernel-install-90-loaderentry-port-to-bin-sh.patch
new file mode 100644
index 0000000..25a4f98
--- /dev/null
+++ b/SOURCES/0037-kernel-install-90-loaderentry-port-to-bin-sh.patch
@@ -0,0 +1,181 @@
+From 96310f2157e896a82de6df260926ac1ec66f65ea Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Thu, 16 Dec 2021 14:35:33 +0100
+Subject: [PATCH] kernel-install: 90-loaderentry: port to /bin/sh
+
+Also, forward the rm -f exit code on removal instead of swallowing it
+
+(cherry picked from commit 662f45e3ea9f6e933234b81bec532d584bda6ead)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 110 +++++++++-------------
+ 1 file changed, 45 insertions(+), 65 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 044eced3f0..35324e69a9 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+@@ -22,68 +22,53 @@ COMMAND="$1"
+ KERNEL_VERSION="$2"
+ ENTRY_DIR_ABS="$3"
+ KERNEL_IMAGE="$4"
+-INITRD_OPTIONS_START="5"
++INITRD_OPTIONS_SHIFT=4
+
+-if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then
+- exit 0
+-fi
+-
+-if [ "$KERNEL_INSTALL_LAYOUT" != "bls" ]; then
+- exit 0
+-fi
++[ "$KERNEL_INSTALL_LAYOUT" = "bls" ] || exit 0
+
+ MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
+ BOOT_ROOT="$KERNEL_INSTALL_BOOT_ROOT"
+
+ BOOT_MNT="$(stat -c %m "$BOOT_ROOT")"
+-if [[ "$BOOT_MNT" == '/' ]]; then
++if [ "$BOOT_MNT" = '/' ]; then
+ ENTRY_DIR="$ENTRY_DIR_ABS"
+ else
+ ENTRY_DIR="${ENTRY_DIR_ABS#$BOOT_MNT}"
+ fi
+
+-if [[ $COMMAND == remove ]]; then
+- rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"
+- rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf"
+- exit 0
+-fi
+-
+-if ! [[ $COMMAND == add ]]; then
+- exit 1
+-fi
+-
+-if ! [[ $KERNEL_IMAGE ]]; then
+- exit 1
+-fi
++case "$COMMAND" in
++ remove)
++ exec rm -f \
++ "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" \
++ "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf"
++ ;;
++ add)
++ ;;
++ *)
++ exit 1
++ ;;
++esac
+
+-if [[ -f /etc/os-release ]]; then
++if [ -r /etc/os-release ]; then
+ . /etc/os-release
+-elif [[ -f /usr/lib/os-release ]]; then
++elif [ -r /usr/lib/os-release ]; then
+ . /usr/lib/os-release
+ fi
+
+-if ! [[ $PRETTY_NAME ]]; then
+- PRETTY_NAME="Linux $KERNEL_VERSION"
+-fi
++[ -n "$PRETTY_NAME" ] || PRETTY_NAME="Linux $KERNEL_VERSION"
+
+-if [[ -f /etc/kernel/cmdline ]]; then
+- read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
+-elif [[ -f /usr/lib/kernel/cmdline ]]; then
+- read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
++if [ -r /etc/kernel/cmdline ]; then
++ BOOT_OPTIONS="$(tr -s "$IFS" ' ' </etc/kernel/cmdline)"
++elif [ -r /usr/lib/kernel/cmdline ]; then
++ BOOT_OPTIONS="$(tr -s "$IFS" ' ' </usr/lib/kernel/cmdline)"
+ else
+- declare -a BOOT_OPTIONS
+-
+- read -r -d '' -a line < /proc/cmdline
+- for i in "${line[@]}"; do
+- [[ "${i#initrd=*}" != "$i" ]] && continue
+- [[ "${i#BOOT_IMAGE=*}" != "$i" ]] && continue
+- BOOT_OPTIONS+=("$i")
+- done
++ BOOT_OPTIONS="$(tr -s "$IFS" '\n' </proc/cmdline | grep -ve '^BOOT_IMAGE=' -e '^initrd=' | tr '\n' ' ')"
+ fi
++BOOT_OPTIONS="${BOOT_OPTIONS% }"
+
+-if [[ -f /etc/kernel/tries ]]; then
++if [ -r /etc/kernel/tries ]; then
+ read -r TRIES </etc/kernel/tries
+- if ! [[ "$TRIES" =~ ^[0-9]+$ ]] ; then
++ if ! echo "$TRIES" | grep -q '^[0-9][0-9]*$'; then
+ echo "/etc/kernel/tries does not contain an integer." >&2
+ exit 1
+ fi
+@@ -106,43 +91,38 @@ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || {
+ exit 1
+ }
+
+-INITRD_OPTIONS=( "${@:${INITRD_OPTIONS_START}}" )
+-
+-for initrd in "${INITRD_OPTIONS[@]}"; do
+- if [[ -f "${initrd}" ]]; then
+- initrd_basename="$(basename ${initrd})"
+- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "Installing $ENTRY_DIR_ABS/${initrd_basename}"
+- install -g root -o root -m 0644 "${initrd}" "$ENTRY_DIR_ABS/${initrd_basename}" || {
+- echo "Could not copy '${initrd}' to '$ENTRY_DIR_ABS/${initrd_basename}'." >&2
+- exit 1
+- }
+- fi
+-done
++shift "$INITRD_OPTIONS_SHIFT"
++for initrd; do
++ [ -f "$initrd" ] || continue
+
+-# If no initrd option is supplied, fall back to "initrd" which is
+-# the name used by dracut when generating it in its kernel-install hook
+-[[ ${#INITRD_OPTIONS[@]} == 0 ]] && INITRD_OPTIONS=( initrd )
++ initrd_basename="${initrd##*/}"
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing $ENTRY_DIR_ABS/$initrd_basename"
++ install -g root -o root -m 0644 "$initrd" "$ENTRY_DIR_ABS/$initrd_basename" || {
++ echo "Could not copy '$initrd' to '$ENTRY_DIR_ABS/$initrd_basename'." >&2
++ exit 1
++ }
++done
+
+ mkdir -p "${LOADER_ENTRY%/*}" || {
+ echo "Could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2
+ exit 1
+ }
+
+-[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "Creating $LOADER_ENTRY"
++# Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied
++[ $# -eq 0 ] && set -- "initrd"
++
++[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Creating $LOADER_ENTRY"
+ {
+ echo "title $PRETTY_NAME"
+ echo "version $KERNEL_VERSION"
+ echo "machine-id $MACHINE_ID"
+- echo "options ${BOOT_OPTIONS[*]}"
++ echo "options $BOOT_OPTIONS"
+ echo "linux $ENTRY_DIR/linux"
+- for initrd in "${INITRD_OPTIONS[@]}"; do
+- [[ -f $ENTRY_DIR_ABS/$(basename ${initrd}) ]] && \
+- echo "initrd $ENTRY_DIR/$(basename ${initrd})"
++ for initrd; do
++ [ -f "$ENTRY_DIR_ABS/${initrd##*/}" ] && echo "initrd $ENTRY_DIR/${initrd##*/}"
+ done
+ :
+-} > "$LOADER_ENTRY" || {
++} >"$LOADER_ENTRY" || {
+ echo "Could not create loader entry '$LOADER_ENTRY'." >&2
+ exit 1
+ }
diff --git a/SOURCES/0038-kernel-install-fix-shellcheck.patch b/SOURCES/0038-kernel-install-fix-shellcheck.patch
new file mode 100644
index 0000000..792d464
--- /dev/null
+++ b/SOURCES/0038-kernel-install-fix-shellcheck.patch
@@ -0,0 +1,82 @@
+From d778dd4a03f7bd45108fdebcc75dff5e886c30b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Thu, 16 Dec 2021 14:37:53 +0100
+Subject: [PATCH] kernel-install: fix shellcheck
+
+(cherry picked from commit 0bb1cb1fce5ebf307501dec1679e37f0c0157be9)
+
+Related: #2065061
+---
+ src/kernel-install/kernel-install | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index b358b03b2f..f6da0cf7a8 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -26,8 +26,8 @@ usage()
+ echo " $0 [OPTIONS...] add KERNEL-VERSION KERNEL-IMAGE [INITRD-FILE ...]"
+ echo " $0 [OPTIONS...] remove KERNEL-VERSION"
+ echo "Options:"
+- echo " -h,--help Print this help"
+- echo " -v,--verbose Increase verbosity"
++ echo " -h, --help Print this help"
++ echo " -v, --verbose Increase verbosity"
+ }
+
+ dropindirs_sort()
+@@ -58,15 +58,15 @@ dropindirs_sort()
+
+ export LC_COLLATE=C
+
+-for i in "$@"; do
+- if [ "$i" == "--help" -o "$i" == "-h" ]; then
++for i; do
++ if [ "$i" = "--help" ] || [ "$i" = "-h" ]; then
+ usage
+ exit 0
+ fi
+ done
+
+ KERNEL_INSTALL_VERBOSE=0
+-if [ "$1" == "--verbose" -o "$1" == "-v" ]; then
++if [ "$1" = "--verbose" ] || [ "$1" = "-v" ]; then
+ shift
+ KERNEL_INSTALL_VERBOSE=1
+ fi
+@@ -185,13 +185,13 @@ case $COMMAND in
+ for f in "${PLUGINS[@]}"; do
+ if [[ -x $f ]]; then
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[@]}"
++ echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[*]}"
+ "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS[@]}"
+ x=$?
+- if [[ $x == $SKIP_REMAINING ]]; then
++ if [ $x -eq "$SKIP_REMAINING" ]; then
+ break
+ fi
+- ((ret+=$x))
++ ((ret+=x))
+ fi
+ done
+ ;;
+@@ -203,10 +203,10 @@ case $COMMAND in
+ echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS"
+ "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS"
+ x=$?
+- if [[ $x == $SKIP_REMAINING ]]; then
++ if [ $x -eq "$SKIP_REMAINING" ]; then
+ break
+ fi
+- ((ret+=$x))
++ ((ret+=x))
+ fi
+ done
+
+@@ -222,4 +222,4 @@ case $COMMAND in
+ ;;
+ esac
+
+-exit $ret
++exit "$ret"
diff --git a/SOURCES/0039-kernel-install-port-to-bin-sh.patch b/SOURCES/0039-kernel-install-port-to-bin-sh.patch
new file mode 100644
index 0000000..f2e4a9c
--- /dev/null
+++ b/SOURCES/0039-kernel-install-port-to-bin-sh.patch
@@ -0,0 +1,205 @@
+From b60234140cbceaa579b889d03b863953ca53b3e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Thu, 16 Dec 2021 15:06:06 +0100
+Subject: [PATCH] kernel-install: port to /bin/sh
+
+(cherry picked from commit 76b1274a5cb54acaa4a0f0c2e570d751f9067c06)
+
+Related: #2065061
+---
+ src/kernel-install/kernel-install | 109 ++++++++++++------------------
+ 1 file changed, 43 insertions(+), 66 deletions(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index f6da0cf7a8..2e8f382d5f 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+@@ -18,7 +18,7 @@
+ # You should have received a copy of the GNU Lesser General Public License
+ # along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+-SKIP_REMAINING=77
++skip_remaining=77
+
+ usage()
+ {
+@@ -32,24 +32,17 @@ usage()
+
+ dropindirs_sort()
+ {
+- local suffix=$1; shift
+- local -a files
+- local f d i
+-
+- readarray -t files <<<"$(
+- for d in "$@"; do
+- for i in "$d/"*"$suffix"; do
+- if [[ -e "$i" ]]; then
+- echo "${i##*/}"
+- fi
+- done
+- done | sort -Vu
+- )"
+-
+- for f in "${files[@]}"; do
+- for d in "$@"; do
+- if [[ -e "$d/$f" ]]; then
+- echo "$d/$f"
++ suffix="$1"
++ shift
++
++ for d; do
++ for i in "$d/"*"$suffix"; do
++ [ -e "$i" ] && echo "${i##*/}"
++ done
++ done | sort -Vu | while read -r f; do
++ for d; do
++ if [ -e "$d/$f" ]; then
++ [ -x "$d/$f" ] && echo "$d/$f"
+ continue 2
+ fi
+ done
+@@ -65,27 +58,25 @@ for i; do
+ fi
+ done
+
+-KERNEL_INSTALL_VERBOSE=0
++export KERNEL_INSTALL_VERBOSE=0
+ if [ "$1" = "--verbose" ] || [ "$1" = "-v" ]; then
+ shift
+ KERNEL_INSTALL_VERBOSE=1
+ fi
+-export KERNEL_INSTALL_VERBOSE
+
+-if [[ "${0##*/}" == 'installkernel' ]]; then
+- COMMAND='add'
+- # make install doesn't pass any parameter wrt initrd handling
+- INITRD_OPTIONS=()
++if [ "${0##*/}" = "installkernel" ]; then
++ COMMAND=add
++ # make install doesn't pass any initrds
+ else
+ COMMAND="$1"
+- shift
+- INITRD_OPTIONS=( "${@:3}" )
++ [ $# -ge 1 ] && shift
+ fi
+
+ KERNEL_VERSION="$1"
+ KERNEL_IMAGE="$2"
++[ $# -ge 2 ] && shift 2
+
+-if [[ ! $COMMAND ]] || [[ ! $KERNEL_VERSION ]]; then
++if [ -z "$COMMAND" ] || [ -z "$KERNEL_VERSION" ]; then
+ echo "Not enough arguments" >&2
+ exit 1
+ fi
+@@ -99,12 +90,11 @@ fi
+ # Prefer to use an existing machine ID from /etc/machine-info or /etc/machine-id. If we're using the machine
+ # ID /etc/machine-id, try to persist it in /etc/machine-info. If no machine ID is found, try to generate
+ # a new machine ID in /etc/machine-info. If that fails, use "Default".
+-
+-[ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ] && source /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
+-[ -z "$MACHINE_ID" ] && [ -f /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
+-[ -n "$MACHINE_ID" ] && [ -z "$KERNEL_INSTALL_MACHINE_ID" ] && echo "KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID" >>/etc/machine-info
++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
++[ -n "$MACHINE_ID" ] && [ -z "$KERNEL_INSTALL_MACHINE_ID" ] && echo "KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID" >>/etc/machine-info
+ [ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info
+-[ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ] && source /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
+ [ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
+
+ [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
+@@ -125,11 +115,6 @@ done
+ [ -z "$BOOT_ROOT" ] && BOOT_ROOT="/boot"
+
+
+-ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION"
+-
+-export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID"
+-export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT"
+-
+ if [ -z "$layout" ]; then
+ # Administrative decision: if not present, some scripts generate into /boot.
+ if [ -d "$BOOT_ROOT/$MACHINE_ID" ]; then
+@@ -152,21 +137,23 @@ MAKE_ENTRY_DIR_ABS=$?
+
+ ret=0
+
+-readarray -t PLUGINS <<<"$(
++PLUGINS="$(
+ dropindirs_sort ".install" \
+ "/etc/kernel/install.d" \
+ "/usr/lib/kernel/install.d"
+ )"
++IFS="
++"
+
+-case $COMMAND in
++case "$COMMAND" in
+ add)
+- if [[ ! "$KERNEL_IMAGE" ]]; then
++ if [ -z "$KERNEL_IMAGE" ]; then
+ echo "Command 'add' requires an argument" >&2
+ exit 1
+ fi
+
+- if [[ ! -f "$KERNEL_IMAGE" ]]; then
+- echo "Kernel image argument ${KERNEL_IMAGE} not a file" >&2
++ if ! [ -f "$KERNEL_IMAGE" ]; then
++ echo "Kernel image argument $KERNEL_IMAGE not a file" >&2
+ exit 1
+ fi
+
+@@ -182,32 +169,22 @@ case $COMMAND in
+ fi
+ fi
+
+- for f in "${PLUGINS[@]}"; do
+- if [[ -x $f ]]; then
+- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[*]}"
+- "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS[@]}"
+- x=$?
+- if [ $x -eq "$SKIP_REMAINING" ]; then
+- break
+- fi
+- ((ret+=x))
+- fi
++ for f in $PLUGINS; do
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE $*"
++ "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "$@"
++ err=$?
++ [ $err -eq $skip_remaining ] && break
++ ret=$(( ret + err ))
+ done
+ ;;
+
+ remove)
+- for f in "${PLUGINS[@]}"; do
+- if [[ -x $f ]]; then
+- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS"
+- "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS"
+- x=$?
+- if [ $x -eq "$SKIP_REMAINING" ]; then
+- break
+- fi
+- ((ret+=x))
+- fi
++ for f in $PLUGINS; do
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS"
++ "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS"
++ err=$?
++ [ $err -eq $skip_remaining ] && break
++ ret=$(( ret + err ))
+ done
+
+ if [ "$MAKE_ENTRY_DIR_ABS" -eq 0 ]; then
diff --git a/SOURCES/0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch b/SOURCES/0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch
new file mode 100644
index 0000000..fcc8805
--- /dev/null
+++ b/SOURCES/0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch
@@ -0,0 +1,51 @@
+From 6b47726b54a3bf71e0f7ba35bbfe915c7a64a7d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Fri, 17 Dec 2021 19:51:12 +0100
+Subject: [PATCH] kernel-install: 90-loaderentry: error out on nonexistent
+ initrds instead of swallowing them quietly
+
+(cherry picked from commit 742561efbe938c45936f2e4f5d81b3ff6b352882)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 35324e69a9..e588e72bf9 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -93,7 +93,10 @@ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || {
+
+ shift "$INITRD_OPTIONS_SHIFT"
+ for initrd; do
+- [ -f "$initrd" ] || continue
++ [ -f "$initrd" ] || {
++ echo "Initrd '$initrd' not a file." >&2
++ exit 1
++ }
+
+ initrd_basename="${initrd##*/}"
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing $ENTRY_DIR_ABS/$initrd_basename"
+@@ -108,9 +111,6 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+ exit 1
+ }
+
+-# Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied
+-[ $# -eq 0 ] && set -- "initrd"
+-
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Creating $LOADER_ENTRY"
+ {
+ echo "title $PRETTY_NAME"
+@@ -119,8 +119,10 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+ echo "options $BOOT_OPTIONS"
+ echo "linux $ENTRY_DIR/linux"
+ for initrd; do
+- [ -f "$ENTRY_DIR_ABS/${initrd##*/}" ] && echo "initrd $ENTRY_DIR/${initrd##*/}"
++ echo "initrd $ENTRY_DIR/${initrd##*/}"
+ done
++ # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied
++ [ $# -eq 0 ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd"
+ :
+ } >"$LOADER_ENTRY" || {
+ echo "Could not create loader entry '$LOADER_ENTRY'." >&2
diff --git a/SOURCES/0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch b/SOURCES/0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch
new file mode 100644
index 0000000..6407adb
--- /dev/null
+++ b/SOURCES/0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch
@@ -0,0 +1,68 @@
+From 92a81ce8d96ea924310262663d86d4ed9c727490 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Mon, 20 Dec 2021 14:57:39 +0100
+Subject: [PATCH] kernel-install: don't pull out KERNEL_IMAGE
+
+It's part of the pack directly passed to scripts on add and ignored on
+remove
+
+(cherry picked from commit af319a4b14bd05cd4c8460487f2c6d7a31b35640)
+
+Related: #2065061
+---
+ src/kernel-install/kernel-install | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index 2e8f382d5f..097d6557f2 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -72,15 +72,14 @@ else
+ [ $# -ge 1 ] && shift
+ fi
+
+-KERNEL_VERSION="$1"
+-KERNEL_IMAGE="$2"
+-[ $# -ge 2 ] && shift 2
+-
+-if [ -z "$COMMAND" ] || [ -z "$KERNEL_VERSION" ]; then
++if [ $# -lt 1 ]; then
+ echo "Not enough arguments" >&2
+ exit 1
+ fi
+
++KERNEL_VERSION="$1"
++shift
++
+ if [ -r "/etc/kernel/install.conf" ]; then
+ . /etc/kernel/install.conf
+ elif [ -r "/usr/lib/kernel/install.conf" ]; then
+@@ -147,13 +146,13 @@ IFS="
+
+ case "$COMMAND" in
+ add)
+- if [ -z "$KERNEL_IMAGE" ]; then
+- echo "Command 'add' requires an argument" >&2
++ if [ $# -lt 1 ]; then
++ echo "Command 'add' requires a kernel image" >&2
+ exit 1
+ fi
+
+- if ! [ -f "$KERNEL_IMAGE" ]; then
+- echo "Kernel image argument $KERNEL_IMAGE not a file" >&2
++ if ! [ -f "$1" ]; then
++ echo "Kernel image argument $1 not a file" >&2
+ exit 1
+ fi
+
+@@ -170,8 +169,8 @@ case "$COMMAND" in
+ fi
+
+ for f in $PLUGINS; do
+- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE $*"
+- "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "$@"
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $*"
++ "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$@"
+ err=$?
+ [ $err -eq $skip_remaining ] && break
+ ret=$(( ret + err ))
diff --git a/SOURCES/0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch b/SOURCES/0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch
new file mode 100644
index 0000000..8948786
--- /dev/null
+++ b/SOURCES/0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch
@@ -0,0 +1,32 @@
+From 9e3e7a50f92ee2f315a22f412f33f60d1f100e5a Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Wed, 5 Jan 2022 14:07:14 -0800
+Subject: [PATCH] kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT
+
+This restores the preference order from before 9e82a74. The code
+previous to that change 'preferred' /boot over /boot/efi; that
+commit changed it to check /boot/efi before checking /boot.
+Changing this precedence could (and did, for me) have unexpected
+effects - it seems safer to leave it how it was.
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+(cherry picked from commit a5307e173bf86d695fe85b8e15e91126e8618a14)
+
+Related: #2065061
+---
+ src/kernel-install/kernel-install | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index 097d6557f2..e56483ef96 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -97,7 +97,7 @@ fi
+ [ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
+
+ [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
+- for pref in "/efi" "/boot/efi" "/boot"; do
++ for pref in "/efi" "/boot" "/boot/efi" ; do
+ if [ -d "$pref/$suff" ]; then
+ BOOT_ROOT="$pref"
+ break 2
diff --git a/SOURCES/0043-kernel-install-also-remove-modules.builtin.alias.bin.patch b/SOURCES/0043-kernel-install-also-remove-modules.builtin.alias.bin.patch
new file mode 100644
index 0000000..eda48c4
--- /dev/null
+++ b/SOURCES/0043-kernel-install-also-remove-modules.builtin.alias.bin.patch
@@ -0,0 +1,26 @@
+From e84e60f9fac9d6bae3dd91698c556faf4dec2ca9 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 15 Jan 2022 03:37:40 +0900
+Subject: [PATCH] kernel-install: also remove modules.builtin.alias.bin
+
+Fixes RHBZ#2016630.
+
+(cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca)
+
+Related: #2065061
+---
+ src/kernel-install/50-depmod.install | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install
+index aa1f6b8e0e..be414f39d1 100644
+--- a/src/kernel-install/50-depmod.install
++++ b/src/kernel-install/50-depmod.install
+@@ -33,6 +33,7 @@ case "$COMMAND" in
+ "/lib/modules/$KERNEL_VERSION/modules.alias" \
+ "/lib/modules/$KERNEL_VERSION/modules.alias.bin" \
+ "/lib/modules/$KERNEL_VERSION/modules.builtin.bin" \
++ "/lib/modules/$KERNEL_VERSION/modules.builtin.alias.bin" \
+ "/lib/modules/$KERNEL_VERSION/modules.dep" \
+ "/lib/modules/$KERNEL_VERSION/modules.dep.bin" \
+ "/lib/modules/$KERNEL_VERSION/modules.devname" \
diff --git a/SOURCES/0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch b/SOURCES/0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch
new file mode 100644
index 0000000..ff22ad8
--- /dev/null
+++ b/SOURCES/0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch
@@ -0,0 +1,77 @@
+From 57ff5d23530c509773d183dfbfe06e2cad2acb42 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 18 Jan 2022 17:40:13 +0100
+Subject: [PATCH] kernel-install: add new variable
+ $KERNEL_INSTALL_INITRD_GENERATOR
+
+The idea is that when not set, we do whatever we did in the past. But
+with a new setting of initrd_generator=mkosi-initrd, mkosi-initrd will
+generate an initrd.
+
+(cherry picked from commit 5c1b257faf87cb4f93aee8866f45a8cb98230af9)
+
+Related: #2065061
+---
+ man/kernel-install.xml | 6 +++++-
+ src/kernel-install/install.conf | 1 +
+ src/kernel-install/kernel-install | 5 ++++-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/man/kernel-install.xml b/man/kernel-install.xml
+index 83255bb932..bb76074d2e 100644
+--- a/man/kernel-install.xml
++++ b/man/kernel-install.xml
+@@ -171,11 +171,15 @@
+ <para><varname>KERNEL_INSTALL_BOOT_ROOT=</varname> is set for the plugins to the root directory (mount point, usually) of the hierarchy
+ where boot-loader entries, kernel images, and associated resources should be placed. Can be overridden by setting <varname>BOOT_ROOT=</varname>.</para>
+
+- <para><varname>KERNEL_INSTALL_LAYOUT=bls|other|...</varname> specifies the installation layout.
++ <para><varname>KERNEL_INSTALL_LAYOUT=bls|other|...</varname> is set for the plugins to specify the installation layout.
+ Defaults to <option>bls</option> if <filename>$BOOT/<replaceable>MACHINE-ID</replaceable></filename> exists, or <option>other</option> otherwise.
+ Additional layout names may be defined by convention. If a plugin uses a special layout,
+ it's encouraged to declare its own layout name and configure <varname>layout=</varname> in <filename>install.conf</filename> upon initial installation.</para>
+
++ <para><varname>KERNEL_INSTALL_INITRD_GENERATOR=...</varname> is set for plugins to select the initrd generator.
++ This should be configured as <varname>initrd_generator=</varname> in <filename>install.conf</filename>.
++ </para>
++
+ <variablelist>
+ <varlistentry>
+ <term>bls</term>
+diff --git a/src/kernel-install/install.conf b/src/kernel-install/install.conf
+index e4802e6fae..43b6e7d792 100644
+--- a/src/kernel-install/install.conf
++++ b/src/kernel-install/install.conf
+@@ -8,3 +8,4 @@
+ # See kernel-install(8) for details.
+
+ #layout=bls|other|...
++#initrd_generator=dracut|...
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index e56483ef96..fe457c1070 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -80,6 +80,9 @@ fi
+ KERNEL_VERSION="$1"
+ shift
+
++layout=
++initrd_generator=
++
+ if [ -r "/etc/kernel/install.conf" ]; then
+ . /etc/kernel/install.conf
+ elif [ -r "/usr/lib/kernel/install.conf" ]; then
+@@ -123,12 +126,12 @@ if [ -z "$layout" ]; then
+ fi
+ fi
+
+-
+ ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION"
+
+ export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID"
+ export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT"
+ export KERNEL_INSTALL_LAYOUT="$layout"
++export KERNEL_INSTALL_INITRD_GENERATOR="$initrd_generator"
+
+ [ "$layout" = "bls" ]
+ MAKE_ENTRY_DIR_ABS=$?
diff --git a/SOURCES/0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch b/SOURCES/0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch
new file mode 100644
index 0000000..c0d6a41
--- /dev/null
+++ b/SOURCES/0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch
@@ -0,0 +1,32 @@
+From a9dadfb00f799b15af9e1f994b22d0b8165f78a5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 19 Jan 2022 12:10:37 +0100
+Subject: [PATCH] kernel-install: k-i already creates $ENTRY_DIR_ABS, no need
+ to do it again
+
+(cherry picked from commit a520d5dddb991cd713392d4de0e342e312547a2e)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index e588e72bf9..7b768457c1 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -78,12 +78,8 @@ else
+ fi
+
+ if ! [ -d "$ENTRY_DIR_ABS" ]; then
+- if [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ]; then
+- echo "+mkdir -v -p $ENTRY_DIR_ABS"
+- mkdir -v -p "$ENTRY_DIR_ABS"
+- else
+- mkdir -p "$ENTRY_DIR_ABS"
+- fi
++ echo "Error: entry directory '$ENTRY_DIR_ABS' does not exist" >&2
++ exit 1
+ fi
+
+ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || {
diff --git a/SOURCES/0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch b/SOURCES/0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch
new file mode 100644
index 0000000..554b3dd
--- /dev/null
+++ b/SOURCES/0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch
@@ -0,0 +1,118 @@
+From 007b832500a0a7438999a5dade3e3c49ba07099c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 19 Jan 2022 12:15:16 +0100
+Subject: [PATCH] kernel-install: prefix errors with "Error:", exit immediately
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+kernel-install would continue after errors… We don't want this, as it
+makes the results totally unpredicatable. If we didn't install the kernel
+or didn't do some important part of the setup, let's just return an error
+and let the user deal with it.
+
+When looking at output, the error was often hard to distinguish, esp.
+with -v. Add "Error:" everywhere to make the output easier to parse.
+
+(cherry picked from commit 680cec6b4ddb356d7dd087b197718712cb5c1662)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 10 +++++-----
+ src/kernel-install/kernel-install | 12 ++++++------
+ 2 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 7b768457c1..6a396910cb 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -83,27 +83,27 @@ if ! [ -d "$ENTRY_DIR_ABS" ]; then
+ fi
+
+ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || {
+- echo "Could not copy '$KERNEL_IMAGE' to '$ENTRY_DIR_ABS/linux'." >&2
++ echo "Error: could not copy '$KERNEL_IMAGE' to '$ENTRY_DIR_ABS/linux'." >&2
+ exit 1
+ }
+
+ shift "$INITRD_OPTIONS_SHIFT"
+ for initrd; do
+ [ -f "$initrd" ] || {
+- echo "Initrd '$initrd' not a file." >&2
++ echo "Error: initrd '$initrd' not a file." >&2
+ exit 1
+ }
+
+ initrd_basename="${initrd##*/}"
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing $ENTRY_DIR_ABS/$initrd_basename"
+ install -g root -o root -m 0644 "$initrd" "$ENTRY_DIR_ABS/$initrd_basename" || {
+- echo "Could not copy '$initrd' to '$ENTRY_DIR_ABS/$initrd_basename'." >&2
++ echo "Error: could not copy '$initrd' to '$ENTRY_DIR_ABS/$initrd_basename'." >&2
+ exit 1
+ }
+ done
+
+ mkdir -p "${LOADER_ENTRY%/*}" || {
+- echo "Could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2
++ echo "Error: could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2
+ exit 1
+ }
+
+@@ -121,7 +121,7 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+ [ $# -eq 0 ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd"
+ :
+ } >"$LOADER_ENTRY" || {
+- echo "Could not create loader entry '$LOADER_ENTRY'." >&2
++ echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2
+ exit 1
+ }
+ exit 0
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index fe457c1070..a73a205d79 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -73,7 +73,7 @@ else
+ fi
+
+ if [ $# -lt 1 ]; then
+- echo "Not enough arguments" >&2
++ echo "Error: not enough arguments" >&2
+ exit 1
+ fi
+
+@@ -150,12 +150,12 @@ IFS="
+ case "$COMMAND" in
+ add)
+ if [ $# -lt 1 ]; then
+- echo "Command 'add' requires a kernel image" >&2
++ echo "Error: command 'add' requires a kernel image" >&2
+ exit 1
+ fi
+
+ if ! [ -f "$1" ]; then
+- echo "Kernel image argument $1 not a file" >&2
++ echo "Error: kernel image argument $1 not a file" >&2
+ exit 1
+ fi
+
+@@ -165,9 +165,9 @@ case "$COMMAND" in
+ # to serve as the indication to use or to not use the BLS
+ if [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ]; then
+ echo "+mkdir -v -p $ENTRY_DIR_ABS"
+- mkdir -v -p "$ENTRY_DIR_ABS"
++ mkdir -v -p "$ENTRY_DIR_ABS" || exit 1
+ else
+- mkdir -p "$ENTRY_DIR_ABS"
++ mkdir -p "$ENTRY_DIR_ABS" || exit 1
+ fi
+ fi
+
+@@ -196,7 +196,7 @@ case "$COMMAND" in
+ ;;
+
+ *)
+- echo "Unknown command '$COMMAND'" >&2
++ echo "Error: unknown command '$COMMAND'" >&2
+ exit 1
+ ;;
+ esac
diff --git a/SOURCES/0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch b/SOURCES/0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch
new file mode 100644
index 0000000..60544f3
--- /dev/null
+++ b/SOURCES/0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch
@@ -0,0 +1,108 @@
+From f91f3437fcf193f2c13657a20f93e91a2f9663cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 19 Jan 2022 12:20:22 +0100
+Subject: [PATCH] kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory
+
+The general approach of kernel-install was that each plugin would drop in some
+files into the entry directory. But this doesn't scale well, because if we have
+multiple initrd generators, or multiple initrds, each generator would need to
+recreate the logic to put the generated files in the right place.
+
+Also, effective cleanup is impossible if anything goes wrong on the way, so we
+could end up with unused files in $BOOT.
+
+So let's invert the process: plugins drop files into $KERNEL_INSTALL_STAGING_AREA,
+and at the end 90-loaderentry.install DTRT with those files.
+
+This allow new plugins like 50-mkosi-initrd.install to be significantly simpler.
+
+(cherry picked from commit 367165a4069ac0c04882a05a8a80f6afb1e42760)
+
+Related: #2065061
+---
+ man/kernel-install.xml | 4 ++++
+ src/kernel-install/90-loaderentry.install | 13 ++++++++++---
+ src/kernel-install/kernel-install | 10 ++++++++++
+ 3 files changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/man/kernel-install.xml b/man/kernel-install.xml
+index bb76074d2e..685617863e 100644
+--- a/man/kernel-install.xml
++++ b/man/kernel-install.xml
+@@ -180,6 +180,10 @@
+ This should be configured as <varname>initrd_generator=</varname> in <filename>install.conf</filename>.
+ </para>
+
++ <para><varname>KERNEL_INSTALL_STAGING_AREA=...</varname> is set for plugins to a path to a directory.
++ Plugins may drop files in that directory, and they will be installed as part of the loader entry, based
++ on the file name and extension.</para>
++
+ <variablelist>
+ <varlistentry>
+ <term>bls</term>
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 6a396910cb..0888c260e2 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -18,6 +18,8 @@
+ # You should have received a copy of the GNU Lesser General Public License
+ # along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
++shopt -s nullglob
++
+ COMMAND="$1"
+ KERNEL_VERSION="$2"
+ ENTRY_DIR_ABS="$3"
+@@ -88,7 +90,8 @@ install -g root -o root -m 0644 "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" || {
+ }
+
+ shift "$INITRD_OPTIONS_SHIFT"
+-for initrd; do
++# All files listed as arguments, and staged files called "initrd*" are installed as initrds.
++for initrd in "$@" "${KERNEL_INSTALL_STAGING_AREA}"/initrd*; do
+ [ -f "$initrd" ] || {
+ echo "Error: initrd '$initrd' not a file." >&2
+ exit 1
+@@ -114,11 +117,15 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+ echo "machine-id $MACHINE_ID"
+ echo "options $BOOT_OPTIONS"
+ echo "linux $ENTRY_DIR/linux"
+- for initrd; do
++
++ have_initrd=
++ for initrd in "${@}" "${KERNEL_INSTALL_STAGING_AREA}"/initrd*; do
+ echo "initrd $ENTRY_DIR/${initrd##*/}"
++ have_initrd=yes
+ done
++
+ # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied
+- [ $# -eq 0 ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd"
++ [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd"
+ :
+ } >"$LOADER_ENTRY" || {
+ echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index a73a205d79..8cfef3208d 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -128,10 +128,20 @@ fi
+
+ ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION"
+
++# Provide a directory where to store generated initrds
++cleanup() {
++ [ -n "$KERNEL_INSTALL_STAGING_AREA" ] && rm -rf "$KERNEL_INSTALL_STAGING_AREA"
++}
++
++trap cleanup EXIT
++
++KERNEL_INSTALL_STAGING_AREA="$(mktemp -d -t -p /tmp kernel-install.staging.XXXXXXX)"
++
+ export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID"
+ export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT"
+ export KERNEL_INSTALL_LAYOUT="$layout"
+ export KERNEL_INSTALL_INITRD_GENERATOR="$initrd_generator"
++export KERNEL_INSTALL_STAGING_AREA
+
+ [ "$layout" = "bls" ]
+ MAKE_ENTRY_DIR_ABS=$?
diff --git a/SOURCES/0048-kernel-install-add-missing-log-line.patch b/SOURCES/0048-kernel-install-add-missing-log-line.patch
new file mode 100644
index 0000000..75f1253
--- /dev/null
+++ b/SOURCES/0048-kernel-install-add-missing-log-line.patch
@@ -0,0 +1,25 @@
+From 356f770adca34191fd5d49b89c526b7375314a2c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 19 Jan 2022 14:03:24 +0100
+Subject: [PATCH] kernel-install: add missing log line
+
+(cherry picked from commit 29f604131b2c0b82dca7d6ffaa5e6bc6a253620d)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 0888c260e2..3edefdefb4 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -40,6 +40,8 @@ fi
+
+ case "$COMMAND" in
+ remove)
++ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
++ echo "Removing $BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION*.conf"
+ exec rm -f \
+ "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" \
+ "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf"
diff --git a/SOURCES/0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch b/SOURCES/0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch
new file mode 100644
index 0000000..7af37bc
--- /dev/null
+++ b/SOURCES/0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch
@@ -0,0 +1,83 @@
+From c5ec0be7b693e3ac05ea8438ca4ca2e9591db171 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 9 Feb 2022 13:59:36 +0100
+Subject: [PATCH] kernel-install: don't try to persist used machine ID locally
+
+This reworks the how machine ID used by the boot loader spec snippet
+generation logic. Instead of persisting it automatically to /etc/ we'll
+append it via systemd.machined_id= to the kernel command line, and thus
+persist it in the generated boot loader spec snippets instead. This has
+nice benefits:
+
+ 1. We do not collide with read-only root
+ 2. The machine ID remains stable across factory reset, so that we can
+ safely recognize the path in $BOOT we drop our kernel images in
+ again, i.e. kernel updates will work correctly and safely across
+ kernel factory resets.
+ 3. Previously regular systems had different machine IDs while in
+ initrd and after booting into the host system. With this change
+ they will now have the same.
+
+This then drops implicit persisting of KERNEL_INSTALL_MACHINE_ID, as its
+unnecessary then. The field is still honoured though, for compat
+reasons.
+
+This also drops the "Default" fallback previously used, as it actually
+is without effect, the randomized ID generation already took precedence
+in all cases. This means $MACHNE_ID/KERNEL_INSTALL_MACHINE_ID are now
+guaranteed to look like a proper machine ID, which is useful for us,
+given you need it that way to be able to pass it to the
+systemd.machine_id= kernel command line option.
+
+(cherry picked from commit 11ce3ea2f2219ab9c0700bcf7f8ed4312d80e937)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 6 +++++-
+ src/kernel-install/kernel-install | 16 +++++++---------
+ 2 files changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 3edefdefb4..046771169c 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -68,7 +68,11 @@ elif [ -r /usr/lib/kernel/cmdline ]; then
+ else
+ BOOT_OPTIONS="$(tr -s "$IFS" '\n' </proc/cmdline | grep -ve '^BOOT_IMAGE=' -e '^initrd=' | tr '\n' ' ')"
+ fi
+-BOOT_OPTIONS="${BOOT_OPTIONS% }"
++
++# Suffix with the machine ID we use, so that the machine ID remains stable,
++# even during factory reset, in the initrd (where the system's machine ID is
++# not directly accessible yet), and if the root file system is volatile.
++BOOT_OPTIONS="${BOOT_OPTIONS% } systemd.machine_id=$MACHINE_ID"
+
+ if [ -r /etc/kernel/tries ]; then
+ read -r TRIES </etc/kernel/tries
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index 8cfef3208d..e94aa79bc6 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -89,15 +89,13 @@ elif [ -r "/usr/lib/kernel/install.conf" ]; then
+ . /usr/lib/kernel/install.conf
+ fi
+
+-# Prefer to use an existing machine ID from /etc/machine-info or /etc/machine-id. If we're using the machine
+-# ID /etc/machine-id, try to persist it in /etc/machine-info. If no machine ID is found, try to generate
+-# a new machine ID in /etc/machine-info. If that fails, use "Default".
+-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
+-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
+-[ -n "$MACHINE_ID" ] && [ -z "$KERNEL_INSTALL_MACHINE_ID" ] && echo "KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID" >>/etc/machine-info
+-[ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info
+-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
+-[ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
++# If /etc/machine-id is initialized we'll use it, otherwise we'll use a freshly
++# generated one. If the user configured an explicit machine ID to use in
++# /etc/machine-info to use for our purpose, we'll use that instead (for
++# compatibility).
++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
++[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
++[ -z "$MACHINE_ID" ] && MACHINE_ID="$(systemd-id128 new)"
+
+ [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
+ for pref in "/efi" "/boot" "/boot/efi" ; do
diff --git a/SOURCES/0050-kernel-install-add-a-new-ENTRY_TOKEN-variable-for-na.patch b/SOURCES/0050-kernel-install-add-a-new-ENTRY_TOKEN-variable-for-na.patch
new file mode 100644
index 0000000..f80e799
--- /dev/null
+++ b/SOURCES/0050-kernel-install-add-a-new-ENTRY_TOKEN-variable-for-na.patch
@@ -0,0 +1,136 @@
+From c68126eeb93cac03b3a674ab47604e8381a4e5e2 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 9 Feb 2022 14:29:19 +0100
+Subject: [PATCH] kernel-install: add a new $ENTRY_TOKEN variable for naming
+ boot entries
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This cleans up naming of boot loader spec boot entries a bit (i.e. the
+naming of the .conf snippet files, and the directory in $BOOT where the
+kernel images and initrds are placed), and isolates it from the actual machine
+ID concept.
+
+Previously there was a sinlge concept for both things, because typically
+the entries are just named after the machine ID. However one could also
+use a different identifier, i.e. not a 128bit ID in which cases issues
+pop up everywhere. For example, the "machine-id" field in the generated
+snippets would not be a machine ID anymore, and the newly added
+systemd.machine_id= kernel parameter would possibly get passed invalid
+data.
+
+Hence clean this up:
+
+$MACHINE_ID → always a valid 128bit ID.
+
+$ENTRY_TOKEN → usually the $MACHINE_ID but can be any other string too.
+This is used to name the directory to put kernels/initrds in. It's also
+used for naming the *.conf snippets that implement the Boot Loader Type
+1 spec.
+
+(cherry picked from commit 3907044ffa568aedf076d0f9807489ec78f87502)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 11 ++++++-----
+ src/kernel-install/kernel-install | 21 +++++++++++++++++----
+ 2 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 046771169c..46261a2c11 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -29,6 +29,7 @@ INITRD_OPTIONS_SHIFT=4
+ [ "$KERNEL_INSTALL_LAYOUT" = "bls" ] || exit 0
+
+ MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
++ENTRY_TOKEN="$KERNEL_INSTALL_ENTRY_TOKEN"
+ BOOT_ROOT="$KERNEL_INSTALL_BOOT_ROOT"
+
+ BOOT_MNT="$(stat -c %m "$BOOT_ROOT")"
+@@ -41,10 +42,10 @@ fi
+ case "$COMMAND" in
+ remove)
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "Removing $BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION*.conf"
++ echo "Removing $BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION*.conf"
+ exec rm -f \
+- "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf" \
+- "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf"
++ "$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION.conf" \
++ "$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION+"*".conf"
+ ;;
+ add)
+ ;;
+@@ -80,9 +81,9 @@ if [ -r /etc/kernel/tries ]; then
+ echo "/etc/kernel/tries does not contain an integer." >&2
+ exit 1
+ fi
+- LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+$TRIES.conf"
++ LOADER_ENTRY="$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION+$TRIES.conf"
+ else
+- LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"
++ LOADER_ENTRY="$BOOT_ROOT/loader/entries/$ENTRY_TOKEN-$KERNEL_VERSION.conf"
+ fi
+
+ if ! [ -d "$ENTRY_DIR_ABS" ]; then
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index e94aa79bc6..75a31c62d4 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -97,7 +97,19 @@ fi
+ [ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
+ [ -z "$MACHINE_ID" ] && MACHINE_ID="$(systemd-id128 new)"
+
+-[ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
++# Now that we determined the machine ID to use, let's determine the "token" for
++# the boot loader entry to generate. We use that for naming the directory below
++# $BOOT where we want to place the kernel/initrd and related resources, as well
++# for naming the .conf boot loader spec entry. Typically this is just the
++# machine ID, but it can be anything else, too, if we are told so.
++[ -z "$ENTRY_TOKEN" ] && [ -r /etc/kernel/entry-token ] && read -r ENTRY_TOKEN </etc/kernel/entry-token
++[ -z "$ENTRY_TOKEN" ] && ENTRY_TOKEN="$MACHINE_ID"
++
++# NB: The $MACHINE_ID is guaranteed to be a valid machine ID, but
++# $ENTRY_TOKEN can be any string that fits into a VFAT filename, though
++# typically is just the machine ID.
++
++[ -z "$BOOT_ROOT" ] && for suff in "$ENTRY_TOKEN" "loader/entries"; do
+ for pref in "/efi" "/boot" "/boot/efi" ; do
+ if [ -d "$pref/$suff" ]; then
+ BOOT_ROOT="$pref"
+@@ -117,14 +129,14 @@ done
+
+ if [ -z "$layout" ]; then
+ # Administrative decision: if not present, some scripts generate into /boot.
+- if [ -d "$BOOT_ROOT/$MACHINE_ID" ]; then
++ if [ -d "$BOOT_ROOT/$ENTRY_TOKEN" ]; then
+ layout="bls"
+ else
+ layout="other"
+ fi
+ fi
+
+-ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION"
++ENTRY_DIR_ABS="$BOOT_ROOT/$ENTRY_TOKEN/$KERNEL_VERSION"
+
+ # Provide a directory where to store generated initrds
+ cleanup() {
+@@ -136,6 +148,7 @@ trap cleanup EXIT
+ KERNEL_INSTALL_STAGING_AREA="$(mktemp -d -t -p /tmp kernel-install.staging.XXXXXXX)"
+
+ export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID"
++export KERNEL_INSTALL_ENTRY_TOKEN="$ENTRY_TOKEN"
+ export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT"
+ export KERNEL_INSTALL_LAYOUT="$layout"
+ export KERNEL_INSTALL_INITRD_GENERATOR="$initrd_generator"
+@@ -168,7 +181,7 @@ case "$COMMAND" in
+ fi
+
+ if [ "$MAKE_ENTRY_DIR_ABS" -eq 0 ]; then
+- # Compatibility with earlier versions that used the presence of $BOOT_ROOT/$MACHINE_ID
++ # Compatibility with earlier versions that used the presence of $BOOT_ROOT/$ENTRY_TOKEN
+ # to signal to 00-entry-directory to create $ENTRY_DIR_ABS
+ # to serve as the indication to use or to not use the BLS
+ if [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ]; then
diff --git a/SOURCES/0051-kernel-install-only-generate-systemd.boot_id-in-kern.patch b/SOURCES/0051-kernel-install-only-generate-systemd.boot_id-in-kern.patch
new file mode 100644
index 0000000..0880c64
--- /dev/null
+++ b/SOURCES/0051-kernel-install-only-generate-systemd.boot_id-in-kern.patch
@@ -0,0 +1,59 @@
+From 9ef3458dd6356d19a58b3a909a5976295a62a4d0 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 9 Feb 2022 14:44:48 +0100
+Subject: [PATCH] kernel-install: only generate systemd.boot_id= in kernel
+ command line if used for naming the boot loader spec files/dirs
+
+Now that we can distinguish the naming of the boot loader spec
+dirs/files and the machine ID let's tweak the logic for suffixing the
+kernel cmdline with systemd.boot_id=: let's only do that when we
+actually need the boot ID for naming these dirs/files. If we don't,
+let's not bother.
+
+This should be beneficial for "golden" images that shall not carry any
+machine IDs at all, i.e acquire their identity only once the final
+userspace is actually reached.
+
+(cherry picked from commit 953b61004c37948dcd897265b56c1613bc73b9f9)
+
+Related: #2065061
+---
+ src/kernel-install/90-loaderentry.install | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 46261a2c11..c1d69aa824 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -70,10 +70,15 @@ else
+ BOOT_OPTIONS="$(tr -s "$IFS" '\n' </proc/cmdline | grep -ve '^BOOT_IMAGE=' -e '^initrd=' | tr '\n' ' ')"
+ fi
+
+-# Suffix with the machine ID we use, so that the machine ID remains stable,
+-# even during factory reset, in the initrd (where the system's machine ID is
+-# not directly accessible yet), and if the root file system is volatile.
+-BOOT_OPTIONS="${BOOT_OPTIONS% } systemd.machine_id=$MACHINE_ID"
++BOOT_OPTIONS="${BOOT_OPTIONS% }"
++
++# If the boot entries are named after the machine ID, then suffix the kernel
++# command line with the machine ID we use, so that the machine ID remains
++# stable, even during factory reset, in the initrd (where the system's machine
++# ID is not directly accessible yet), and if the root file system is volatile.
++if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ]; then
++ BOOT_OPTIONS="$BOOT_OPTIONS systemd.machine_id=$MACHINE_ID"
++fi
+
+ if [ -r /etc/kernel/tries ]; then
+ read -r TRIES </etc/kernel/tries
+@@ -121,7 +126,10 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+ {
+ echo "title $PRETTY_NAME"
+ echo "version $KERNEL_VERSION"
+- echo "machine-id $MACHINE_ID"
++ if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ]; then
++ # See similar logic above for the systemd.machine_id= kernel command line option
++ echo "machine-id $MACHINE_ID"
++ fi
+ echo "options $BOOT_OPTIONS"
+ echo "linux $ENTRY_DIR/linux"
+
diff --git a/SOURCES/0052-kernel-install-search-harder-for-kernel-image-initrd.patch b/SOURCES/0052-kernel-install-search-harder-for-kernel-image-initrd.patch
new file mode 100644
index 0000000..e5685e7
--- /dev/null
+++ b/SOURCES/0052-kernel-install-search-harder-for-kernel-image-initrd.patch
@@ -0,0 +1,75 @@
+From d044a59e1098c3497e76c3ebdef88036378e6c26 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 10 Feb 2022 14:27:22 +0100
+Subject: [PATCH] kernel-install: search harder for kernel image/initrd drop-in
+ dir
+
+If not explicitly configured, let's search a bit harder for the
+ENTRY_TOKEN, and let's try the machine ID, the IMAGE_ID and ID fields of
+/etc/os-release and finally "Default", all below potential $XBOOTLDR.
+
+(cherry picked from commit 6637cf9db67237857279262d93ee0e39023c5b85)
+
+Related: #2065061
+---
+ src/kernel-install/kernel-install | 27 ++++++++++++++++++++++++---
+ 1 file changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index 75a31c62d4..c42c40592a 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -103,29 +103,50 @@ fi
+ # for naming the .conf boot loader spec entry. Typically this is just the
+ # machine ID, but it can be anything else, too, if we are told so.
+ [ -z "$ENTRY_TOKEN" ] && [ -r /etc/kernel/entry-token ] && read -r ENTRY_TOKEN </etc/kernel/entry-token
+-[ -z "$ENTRY_TOKEN" ] && ENTRY_TOKEN="$MACHINE_ID"
++if [ -z "$ENTRY_TOKEN" ]; then
++ # If not configured explicitly, then use a few candidates: the machine ID,
++ # the IMAGE_ID= and ID= fields from /etc/os-release and finally the fixed
++ # string "Default"
++ ENTRY_TOKEN_SEARCH="$MACHINE_ID"
++ [ -r /etc/os-release ] && . /etc/os-release
++ [ -n "$IMAGE_ID" ] && ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH $IMAGE_ID"
++ [ -n "$ID" ] && ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH $ID"
++ ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH Default"
++else
++ ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN"
++fi
+
+ # NB: The $MACHINE_ID is guaranteed to be a valid machine ID, but
+ # $ENTRY_TOKEN can be any string that fits into a VFAT filename, though
+ # typically is just the machine ID.
+
+-[ -z "$BOOT_ROOT" ] && for suff in "$ENTRY_TOKEN" "loader/entries"; do
+- for pref in "/efi" "/boot" "/boot/efi" ; do
++[ -z "$BOOT_ROOT" ] && for suff in $ENTRY_TOKEN_SEARCH; do
++ for pref in "/efi" "/boot" "/boot/efi"; do
+ if [ -d "$pref/$suff" ]; then
+ BOOT_ROOT="$pref"
++ ENTRY_TOKEN="$suff"
+ break 2
+ fi
+ done
+ done
+
++[ -z "$BOOT_ROOT" ] && for pref in "/efi" "/boot" "/boot/efi"; do
++ if [ -d "$pref/loader/entries" ]; then
++ BOOT_ROOT="$pref"
++ break
++ fi
++done
++
+ [ -z "$BOOT_ROOT" ] && for pref in "/efi" "/boot/efi"; do
+ if mountpoint -q "$pref"; then
+ BOOT_ROOT="$pref"
+ break
+ fi
+ done
++
+ [ -z "$BOOT_ROOT" ] && BOOT_ROOT="/boot"
+
++[ -z "$ENTRY_TOKEN" ] && ENTRY_TOKEN="$MACHINE_ID"
+
+ if [ -z "$layout" ]; then
+ # Administrative decision: if not present, some scripts generate into /boot.
diff --git a/SOURCES/0053-kernel-install-add-new-inspect-verb-showing-paths-an.patch b/SOURCES/0053-kernel-install-add-new-inspect-verb-showing-paths-an.patch
new file mode 100644
index 0000000..e312060
--- /dev/null
+++ b/SOURCES/0053-kernel-install-add-new-inspect-verb-showing-paths-an.patch
@@ -0,0 +1,68 @@
+From ac730b1b14b29b4c9cfa4fb904da7ef508170327 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 10 Feb 2022 14:37:37 +0100
+Subject: [PATCH] kernel-install: add new "inspect" verb, showing paths and
+ parameters we discovered
+
+(cherry picked from commit c73cf4184441d3cc37a5e2195938f07420ec38b7)
+
+Related: #2065061
+---
+ src/kernel-install/kernel-install | 29 +++++++++++++++++++++++------
+ 1 file changed, 23 insertions(+), 6 deletions(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index c42c40592a..b8099bd12c 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -25,6 +25,7 @@ usage()
+ echo "Usage:"
+ echo " $0 [OPTIONS...] add KERNEL-VERSION KERNEL-IMAGE [INITRD-FILE ...]"
+ echo " $0 [OPTIONS...] remove KERNEL-VERSION"
++ echo " $0 [OPTIONS...] inspect"
+ echo "Options:"
+ echo " -h, --help Print this help"
+ echo " -v, --verbose Increase verbosity"
+@@ -72,13 +73,17 @@ else
+ [ $# -ge 1 ] && shift
+ fi
+
+-if [ $# -lt 1 ]; then
+- echo "Error: not enough arguments" >&2
+- exit 1
+-fi
++if [ "$COMMAND" = "inspect" ]; then
++ KERNEL_VERSION=""
++else
++ if [ $# -lt 1 ]; then
++ echo "Error: not enough arguments" >&2
++ exit 1
++ fi
+
+-KERNEL_VERSION="$1"
+-shift
++ KERNEL_VERSION="$1"
++ shift
++fi
+
+ layout=
+ initrd_generator=
+@@ -237,6 +242,18 @@ case "$COMMAND" in
+ fi
+ ;;
+
++ inspect)
++ echo "KERNEL_INSTALL_MACHINE_ID: $KERNEL_INSTALL_MACHINE_ID"
++ echo "KERNEL_INSTALL_ENTRY_TOKEN: $KERNEL_INSTALL_ENTRY_TOKEN"
++ echo "KERNEL_INSTALL_BOOT_ROOT: $KERNEL_INSTALL_BOOT_ROOT"
++ echo "KERNEL_INSTALL_LAYOUT: $KERNEL_INSTALL_LAYOUT"
++ echo "KERNEL_INSTALL_INITRD_GENERATOR: $KERNEL_INSTALL_INITRD_GENERATOR"
++ echo "ENTRY_DIR_ABS: $KERNEL_INSTALL_BOOT_ROOT/$ENTRY_TOKEN/\$KERNEL_VERSION"
++
++ # Assert that ENTRY_DIR_ABS actually matches what we are printing here
++ [ "${ENTRY_DIR_ABS%/*}" = "$KERNEL_INSTALL_BOOT_ROOT/$ENTRY_TOKEN" ] || { echo "Assertion didn't pass." >&2; exit 1; }
++
++ ;;
+ *)
+ echo "Error: unknown command '$COMMAND'" >&2
+ exit 1
diff --git a/SOURCES/0054-bus-Use-OrderedSet-for-introspection.patch b/SOURCES/0054-bus-Use-OrderedSet-for-introspection.patch
new file mode 100644
index 0000000..682478f
--- /dev/null
+++ b/SOURCES/0054-bus-Use-OrderedSet-for-introspection.patch
@@ -0,0 +1,276 @@
+From a62fe26e02c9852a59d84d3834fdbb39d7568f28 Mon Sep 17 00:00:00 2001
+From: Jan Janssen <medhefgo@web.de>
+Date: Wed, 19 Jan 2022 10:15:36 +0100
+Subject: [PATCH] bus: Use OrderedSet for introspection
+
+Otherwise, the generated xml files are not reproducible.
+
+(cherry picked from commit acac88340ace3cd631126eebb6d0390cd54e8231)
+
+Resolves: #2066325
+---
+ src/libsystemd/sd-bus/bus-introspect.c | 4 +--
+ src/libsystemd/sd-bus/bus-introspect.h | 4 +--
+ src/libsystemd/sd-bus/bus-objects.c | 45 +++++++++++++-------------
+ src/shared/bus-object.c | 4 +--
+ 4 files changed, 28 insertions(+), 29 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-introspect.c b/src/libsystemd/sd-bus/bus-introspect.c
+index b9ef6af631..eed0dae82f 100644
+--- a/src/libsystemd/sd-bus/bus-introspect.c
++++ b/src/libsystemd/sd-bus/bus-introspect.c
+@@ -110,7 +110,7 @@ static int set_interface_name(struct introspect *intro, const char *interface_na
+ return free_and_strdup(&intro->interface_name, interface_name);
+ }
+
+-int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix) {
++int introspect_write_child_nodes(struct introspect *i, OrderedSet *s, const char *prefix) {
+ char *node;
+
+ assert(i);
+@@ -118,7 +118,7 @@ int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefi
+
+ assert_se(set_interface_name(i, NULL) >= 0);
+
+- while ((node = set_steal_first(s))) {
++ while ((node = ordered_set_steal_first(s))) {
+ const char *e;
+
+ e = object_path_startswith(node, prefix);
+diff --git a/src/libsystemd/sd-bus/bus-introspect.h b/src/libsystemd/sd-bus/bus-introspect.h
+index 34f32a4cf9..19e3ef09e2 100644
+--- a/src/libsystemd/sd-bus/bus-introspect.h
++++ b/src/libsystemd/sd-bus/bus-introspect.h
+@@ -5,7 +5,7 @@
+
+ #include "sd-bus.h"
+
+-#include "set.h"
++#include "ordered-set.h"
+
+ struct introspect {
+ FILE *f;
+@@ -17,7 +17,7 @@ struct introspect {
+
+ int introspect_begin(struct introspect *i, bool trusted);
+ int introspect_write_default_interfaces(struct introspect *i, bool object_manager);
+-int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix);
++int introspect_write_child_nodes(struct introspect *i, OrderedSet *s, const char *prefix);
+ int introspect_write_interface(
+ struct introspect *i,
+ const char *interface_name,
+diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
+index bf69539062..40158a7326 100644
+--- a/src/libsystemd/sd-bus/bus-objects.c
++++ b/src/libsystemd/sd-bus/bus-objects.c
+@@ -9,7 +9,6 @@
+ #include "bus-slot.h"
+ #include "bus-type.h"
+ #include "missing_capability.h"
+-#include "set.h"
+ #include "string-util.h"
+ #include "strv.h"
+
+@@ -99,7 +98,7 @@ static int add_enumerated_to_set(
+ sd_bus *bus,
+ const char *prefix,
+ struct node_enumerator *first,
+- Set *s,
++ OrderedSet *s,
+ sd_bus_error *error) {
+
+ struct node_enumerator *c;
+@@ -146,7 +145,7 @@ static int add_enumerated_to_set(
+ continue;
+ }
+
+- r = set_consume(s, *k);
++ r = ordered_set_consume(s, *k);
+ if (r == -EEXIST)
+ r = 0;
+ }
+@@ -171,7 +170,7 @@ static int add_subtree_to_set(
+ const char *prefix,
+ struct node *n,
+ unsigned flags,
+- Set *s,
++ OrderedSet *s,
+ sd_bus_error *error) {
+
+ struct node *i;
+@@ -198,7 +197,7 @@ static int add_subtree_to_set(
+ if (!t)
+ return -ENOMEM;
+
+- r = set_consume(s, t);
++ r = ordered_set_consume(s, t);
+ if (r < 0 && r != -EEXIST)
+ return r;
+
+@@ -220,10 +219,10 @@ static int get_child_nodes(
+ const char *prefix,
+ struct node *n,
+ unsigned flags,
+- Set **_s,
++ OrderedSet **_s,
+ sd_bus_error *error) {
+
+- Set *s = NULL;
++ OrderedSet *s = NULL;
+ int r;
+
+ assert(bus);
+@@ -231,13 +230,13 @@ static int get_child_nodes(
+ assert(n);
+ assert(_s);
+
+- s = set_new(&string_hash_ops);
++ s = ordered_set_new(&string_hash_ops);
+ if (!s)
+ return -ENOMEM;
+
+ r = add_subtree_to_set(bus, prefix, n, flags, s, error);
+ if (r < 0) {
+- set_free_free(s);
++ ordered_set_free_free(s);
+ return r;
+ }
+
+@@ -937,7 +936,7 @@ int introspect_path(
+ char **ret,
+ sd_bus_error *error) {
+
+- _cleanup_set_free_free_ Set *s = NULL;
++ _cleanup_ordered_set_free_ OrderedSet *s = NULL;
+ _cleanup_(introspect_free) struct introspect intro = {};
+ struct node_vtable *c;
+ bool empty;
+@@ -963,7 +962,7 @@ int introspect_path(
+ if (r < 0)
+ return r;
+
+- empty = set_isempty(s);
++ empty = ordered_set_isempty(s);
+
+ LIST_FOREACH(vtables, c, n->vtables) {
+ if (require_fallback && !c->is_fallback)
+@@ -1233,7 +1232,7 @@ static int process_get_managed_objects(
+
+ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+- _cleanup_set_free_free_ Set *s = NULL;
++ _cleanup_ordered_set_free_free_ OrderedSet *s = NULL;
+ char *path;
+ int r;
+
+@@ -1263,7 +1262,7 @@ static int process_get_managed_objects(
+ if (r < 0)
+ return r;
+
+- SET_FOREACH(path, s) {
++ ORDERED_SET_FOREACH(path, s) {
+ r = object_manager_serialize_path_and_fallbacks(bus, reply, path, &error);
+ if (r < 0)
+ return bus_maybe_reply_error(m, r, &error);
+@@ -2352,7 +2351,7 @@ _public_ int sd_bus_emit_properties_changed(
+ static int object_added_append_all_prefix(
+ sd_bus *bus,
+ sd_bus_message *m,
+- Set *s,
++ OrderedSet *s,
+ const char *prefix,
+ const char *path,
+ bool require_fallback) {
+@@ -2392,10 +2391,10 @@ static int object_added_append_all_prefix(
+ * skip it on any of its parents. The child vtables
+ * always fully override any conflicting vtables of
+ * any parent node. */
+- if (set_get(s, c->interface))
++ if (ordered_set_get(s, c->interface))
+ continue;
+
+- r = set_put(s, c->interface);
++ r = ordered_set_put(s, c->interface);
+ if (r < 0)
+ return r;
+
+@@ -2441,7 +2440,7 @@ static int object_added_append_all_prefix(
+ }
+
+ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+- _cleanup_set_free_ Set *s = NULL;
++ _cleanup_ordered_set_free_ OrderedSet *s = NULL;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
+ int r;
+@@ -2465,7 +2464,7 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p
+ * a parent that were overwritten by a child.
+ */
+
+- s = set_new(&string_hash_ops);
++ s = ordered_set_new(&string_hash_ops);
+ if (!s)
+ return -ENOMEM;
+
+@@ -2572,7 +2571,7 @@ _public_ int sd_bus_emit_object_added(sd_bus *bus, const char *path) {
+ static int object_removed_append_all_prefix(
+ sd_bus *bus,
+ sd_bus_message *m,
+- Set *s,
++ OrderedSet *s,
+ const char *prefix,
+ const char *path,
+ bool require_fallback) {
+@@ -2605,7 +2604,7 @@ static int object_removed_append_all_prefix(
+ * skip it on any of its parents. The child vtables
+ * always fully override any conflicting vtables of
+ * any parent node. */
+- if (set_get(s, c->interface))
++ if (ordered_set_get(s, c->interface))
+ continue;
+
+ r = node_vtable_get_userdata(bus, path, c, &u, &error);
+@@ -2616,7 +2615,7 @@ static int object_removed_append_all_prefix(
+ if (r == 0)
+ continue;
+
+- r = set_put(s, c->interface);
++ r = ordered_set_put(s, c->interface);
+ if (r < 0)
+ return r;
+
+@@ -2631,7 +2630,7 @@ static int object_removed_append_all_prefix(
+ }
+
+ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
+- _cleanup_set_free_ Set *s = NULL;
++ _cleanup_ordered_set_free_ OrderedSet *s = NULL;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
+ int r;
+@@ -2642,7 +2641,7 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char
+
+ /* see sd_bus_emit_object_added() for details */
+
+- s = set_new(&string_hash_ops);
++ s = ordered_set_new(&string_hash_ops);
+ if (!s)
+ return -ENOMEM;
+
+diff --git a/src/shared/bus-object.c b/src/shared/bus-object.c
+index f2e53913fb..4ed5215e3d 100644
+--- a/src/shared/bus-object.c
++++ b/src/shared/bus-object.c
+@@ -156,10 +156,10 @@ int bus_introspect_implementations(
+ if (impl != main_impl)
+ bus_introspect_implementation(&intro, impl);
+
+- _cleanup_set_free_ Set *nodes = NULL;
++ _cleanup_ordered_set_free_ OrderedSet *nodes = NULL;
+
+ for (size_t i = 0; impl->children && impl->children[i]; i++) {
+- r = set_put_strdup(&nodes, impl->children[i]->path);
++ r = ordered_set_put_strdup(&nodes, impl->children[i]->path);
+ if (r < 0)
+ return log_oom();
+ }
diff --git a/SOURCES/0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch b/SOURCES/0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch
new file mode 100644
index 0000000..0dcfda4
--- /dev/null
+++ b/SOURCES/0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch
@@ -0,0 +1,109 @@
+From aacd9b79ecd97007bad3706234ccc1b2ae84ca11 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 23 Mar 2022 17:34:12 +0100
+Subject: [PATCH] udev/net_id: avoid slot based names only for single function
+ devices
+
+If we have two or more devices that share the same slot but they are
+also multifunction then it is OK to use the slot information even if it
+is the same for all of them. Name conflict will be avoided because we
+will append function number and form names like, ens1f1, ens1f2...
+
+(cherry picked from commit 66425daf2c68793adf24a48a26d58add8662e83f)
+
+Resolves: #2070097
+---
+ man/systemd.net-naming-scheme.xml | 7 ++++++-
+ src/shared/netif-naming-scheme.h | 31 ++++++++++++++++---------------
+ src/udev/udev-builtin-net_id.c | 11 +++++++++--
+ 3 files changed, 31 insertions(+), 18 deletions(-)
+
+diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
+index 942ef572ff..73d08b681d 100644
+--- a/man/systemd.net-naming-scheme.xml
++++ b/man/systemd.net-naming-scheme.xml
+@@ -406,7 +406,12 @@
+ <varlistentry>
+ <term><constant>rhel-9.0</constant></term>
+
+- <listitem><para>Same as naming scheme <constant>v250</constant>.</para>
++ <listitem><para>Since version <constant>v247</constant> we no longer set
++ <varname>ID_NET_NAME_SLOT</varname> if we detect that a PCI device associated with a slot is a PCI
++ bridge as that would create naming conflict when there are more child devices on that bridge. Now,
++ this is relaxed and we will use slot information to generate the name based on it but only if
++ the PCI device has multiple functions. This is safe because distinct function number is a part of
++ the device name for multifunction devices.</para>
+ </listitem>
+ </varlistentry>
+
+diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
+index f765db6ef2..5c86cb4545 100644
+--- a/src/shared/netif-naming-scheme.h
++++ b/src/shared/netif-naming-scheme.h
+@@ -22,20 +22,21 @@
+ * OS versions, but not fully stabilize them. */
+ typedef enum NamingSchemeFlags {
+ /* First, the individual features */
+- NAMING_SR_IOV_V = 1 << 0, /* Use "v" suffix for SR-IOV, see 609948c7043a */
+- NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6ea */
+- NAMING_INFINIBAND = 1 << 2, /* Use "ib" prefix for infiniband, see 938d30aa98df */
+- NAMING_ZERO_ACPI_INDEX = 1 << 3, /* Use zero acpi_index field, see d81186ef4f6a */
+- NAMING_ALLOW_RERENAMES = 1 << 4, /* Allow re-renaming of devices, see #9006 */
+- NAMING_STABLE_VIRTUAL_MACS = 1 << 5, /* Use device name to generate MAC, see 6d3646406560 */
+- NAMING_NETDEVSIM = 1 << 6, /* Generate names for netdevsim devices, see eaa9d507d855 */
+- NAMING_LABEL_NOPREFIX = 1 << 7, /* Don't prepend ID_NET_LABEL_ONBOARD with interface type prefix */
+- NAMING_NSPAWN_LONG_HASH = 1 << 8, /* Shorten nspawn interfaces by including 24bit hash, instead of simple truncation */
+- NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */
+- NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */
+- NAMING_16BIT_INDEX = 1 << 11, /* Allow full 16-bit for the onboard index */
+- NAMING_REPLACE_STRICTLY = 1 << 12, /* Use udev_replace_ifname() for NAME= rule */
+- NAMING_XEN_VIF = 1 << 13, /* GEnerate names for Xen netfront devices */
++ NAMING_SR_IOV_V = 1 << 0, /* Use "v" suffix for SR-IOV, see 609948c7043a */
++ NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6ea */
++ NAMING_INFINIBAND = 1 << 2, /* Use "ib" prefix for infiniband, see 938d30aa98df */
++ NAMING_ZERO_ACPI_INDEX = 1 << 3, /* Use zero acpi_index field, see d81186ef4f6a */
++ NAMING_ALLOW_RERENAMES = 1 << 4, /* Allow re-renaming of devices, see #9006 */
++ NAMING_STABLE_VIRTUAL_MACS = 1 << 5, /* Use device name to generate MAC, see 6d3646406560 */
++ NAMING_NETDEVSIM = 1 << 6, /* Generate names for netdevsim devices, see eaa9d507d855 */
++ NAMING_LABEL_NOPREFIX = 1 << 7, /* Don't prepend ID_NET_LABEL_ONBOARD with interface type prefix */
++ NAMING_NSPAWN_LONG_HASH = 1 << 8, /* Shorten nspawn interfaces by including 24bit hash, instead of simple truncation */
++ NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */
++ NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */
++ NAMING_16BIT_INDEX = 1 << 11, /* Allow full 16-bit for the onboard index */
++ NAMING_REPLACE_STRICTLY = 1 << 12, /* Use udev_replace_ifname() for NAME= rule */
++ NAMING_XEN_VIF = 1 << 13, /* Generate names for Xen netfront devices */
++ NAMING_BRIDGE_MULTIFUNCTION_SLOT = 1 << 14, /* Use PCI hotplug slot information associated with bridge, but only if PCI device is multifunction */
+
+ /* And now the masks that combine the features above */
+ NAMING_V238 = 0,
+@@ -47,7 +48,7 @@ typedef enum NamingSchemeFlags {
+ NAMING_V247 = NAMING_V245 | NAMING_BRIDGE_NO_SLOT,
+ NAMING_V249 = NAMING_V247 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX | NAMING_REPLACE_STRICTLY,
+ NAMING_V250 = NAMING_V249 | NAMING_XEN_VIF,
+- NAMING_RHEL_9_0 = NAMING_V250,
++ NAMING_RHEL_9_0 = NAMING_V250 | NAMING_BRIDGE_MULTIFUNCTION_SLOT,
+
+ EXTRA_NET_NAMING_SCHEMES
+
+diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
+index 65e003eb15..673ed7a7ca 100644
+--- a/src/udev/udev-builtin-net_id.c
++++ b/src/udev/udev-builtin-net_id.c
+@@ -451,8 +451,15 @@ static int dev_pci_slot(sd_device *dev, const LinkInfo *info, NetNames *names) {
+ * devices that will try to claim the same index and that would create name
+ * collision. */
+ if (naming_scheme_has(NAMING_BRIDGE_NO_SLOT) && is_pci_bridge(hotplug_slot_dev)) {
+- log_device_debug(dev, "Not using slot information because the PCI device is a bridge.");
+- return 0;
++ if (naming_scheme_has(NAMING_BRIDGE_MULTIFUNCTION_SLOT) && !is_pci_multifunction(names->pcidev)) {
++ log_device_debug(dev, "Not using slot information because the PCI device associated with the hotplug slot is a bridge and the PCI device has single function.");
++ return 0;
++ }
++
++ if (!naming_scheme_has(NAMING_BRIDGE_MULTIFUNCTION_SLOT)) {
++ log_device_debug(dev, "Not using slot information because the PCI device is a bridge.");
++ return 0;
++ }
+ }
+
+ break;
diff --git a/SOURCES/10-oomd-defaults.conf b/SOURCES/10-oomd-defaults.conf
new file mode 100644
index 0000000..0254657
--- /dev/null
+++ b/SOURCES/10-oomd-defaults.conf
@@ -0,0 +1,2 @@
+[OOM]
+DefaultMemoryPressureDurationSec=20s
diff --git a/SOURCES/10-oomd-root-slice-defaults.conf b/SOURCES/10-oomd-root-slice-defaults.conf
new file mode 100644
index 0000000..49958e8
--- /dev/null
+++ b/SOURCES/10-oomd-root-slice-defaults.conf
@@ -0,0 +1,2 @@
+[Slice]
+ManagedOOMSwap=kill
diff --git a/SOURCES/10-oomd-user-service-defaults.conf b/SOURCES/10-oomd-user-service-defaults.conf
new file mode 100644
index 0000000..94d5c87
--- /dev/null
+++ b/SOURCES/10-oomd-user-service-defaults.conf
@@ -0,0 +1,3 @@
+[Service]
+ManagedOOMMemoryPressure=kill
+ManagedOOMMemoryPressureLimit=50%
diff --git a/SOURCES/20-grubby.install b/SOURCES/20-grubby.install
new file mode 100755
index 0000000..e059125
--- /dev/null
+++ b/SOURCES/20-grubby.install
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+if [[ ! -x /sbin/new-kernel-pkg ]]; then
+ exit 0
+fi
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+BOOT_DIR_ABS="$3"
+KERNEL_IMAGE="$4"
+
+KERNEL_DIR="${KERNEL_IMAGE%/*}"
+[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
+case "$COMMAND" in
+ add)
+ if [[ "${KERNEL_DIR}" != "/boot" ]]; then
+ for i in \
+ "$KERNEL_IMAGE" \
+ "$KERNEL_DIR"/System.map \
+ "$KERNEL_DIR"/config \
+ "$KERNEL_DIR"/zImage.stub \
+ "$KERNEL_DIR"/dtb \
+ ; do
+ [[ -e "$i" ]] || continue
+ cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
+ command -v restorecon &>/dev/null && \
+ restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
+ done
+ # hmac is .vmlinuz-<version>.hmac so needs a special treatment
+ i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
+ if [[ -e "$i" ]]; then
+ cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+ command -v restorecon &>/dev/null && \
+ restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+ fi
+ fi
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
+ /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
+ ;;
+ remove)
+ /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
+ ;;
+ *)
+ ;;
+esac
+
+# skip other installation plugins, if we can't find a boot loader spec conforming setup
+if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
+ exit 77
+fi
diff --git a/SOURCES/20-yama-ptrace.conf b/SOURCES/20-yama-ptrace.conf
new file mode 100644
index 0000000..4fbaf97
--- /dev/null
+++ b/SOURCES/20-yama-ptrace.conf
@@ -0,0 +1,42 @@
+# The ptrace system call is used for interprocess services,
+# communication and introspection (like synchronisation, signaling,
+# debugging, tracing and profiling) of processes.
+#
+# Usage of ptrace is restricted by normal user permissions. Normal
+# unprivileged processes cannot use ptrace on processes that they
+# cannot send signals to or processes that are running set-uid or
+# set-gid. Nevertheless, processes running under the same uid will
+# usually be able to ptrace one another.
+#
+# Fedora enables the Yama security mechanism which restricts ptrace
+# even further. Sysctl setting kernel.yama.ptrace_scope can have one
+# of the following values:
+#
+# 0 - Normal ptrace security permissions.
+# 1 - Restricted ptrace. Only child processes plus normal permissions.
+# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
+# 3 - No attach. No process may call ptrace at all. Irrevocable.
+#
+# For more information see Documentation/security/Yama.txt in the
+# kernel sources.
+#
+# The default is 1., which allows tracing of child processes, but
+# forbids tracing of arbitrary processes. This allows programs like
+# gdb or strace to work when the most common way of having the
+# debugger start the debuggee is used:
+# gdb /path/to/program ...
+# Attaching to already running programs is NOT allowed:
+# gdb -p ...
+# This default setting is suitable for the common case, because it
+# reduces the risk that one hacked process can be used to attack other
+# processes. (For example, a hacked firefox process in a user session
+# will not be able to ptrace the keyring process and extract passwords
+# stored only in memory.)
+#
+# Developers and administrators might want to disable those protections
+# to be able to attach debuggers to existing processes. Use
+# sysctl kernel.yama.ptrace_scope=0
+# for change the setting temporarily, or copy this file to
+# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
+
+kernel.yama.ptrace_scope = 0
diff --git a/SOURCES/inittab b/SOURCES/inittab
new file mode 100644
index 0000000..3f5e83c
--- /dev/null
+++ b/SOURCES/inittab
@@ -0,0 +1,16 @@
+# inittab is no longer used.
+#
+# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
+#
+# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
+#
+# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
+#
+# multi-user.target: analogous to runlevel 3
+# graphical.target: analogous to runlevel 5
+#
+# To view current default target, run:
+# systemctl get-default
+#
+# To set a default target, run:
+# systemctl set-default TARGET.target
diff --git a/SOURCES/libsystemd-shared.abignore b/SOURCES/libsystemd-shared.abignore
new file mode 100644
index 0000000..e412d8b
--- /dev/null
+++ b/SOURCES/libsystemd-shared.abignore
@@ -0,0 +1,3 @@
+[suppress_file]
+# This shared object is private to systemd
+file_name_regexp=libsystemd-shared-.*.so
diff --git a/SOURCES/macros.sysusers b/SOURCES/macros.sysusers
new file mode 100644
index 0000000..d8d8c1d
--- /dev/null
+++ b/SOURCES/macros.sysusers
@@ -0,0 +1,10 @@
+# RPM macros for packages creating system accounts
+#
+# Turn a sysusers.d file into macros specified by
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
+
+%sysusers_requires_compat Requires(pre): shadow-utils
+
+%sysusers_create_compat() \
+%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
+%{nil}
diff --git a/SOURCES/purge-nobody-user b/SOURCES/purge-nobody-user
new file mode 100755
index 0000000..66404fe
--- /dev/null
+++ b/SOURCES/purge-nobody-user
@@ -0,0 +1,101 @@
+#!/bin/bash -eu
+
+if [ $UID -ne 0 ]; then
+ echo "WARNING: This script needs to run as root to be effective"
+ exit 1
+fi
+
+export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
+
+if [ "${1:-}" = "--ignore-journal" ]; then
+ shift
+ ignore_journal=1
+else
+ ignore_journal=0
+fi
+
+echo "Checking processes..."
+if ps h -u 99 | grep .; then
+ echo "ERROR: ps reports processes with UID 99!"
+ exit 2
+fi
+echo "... not found"
+
+echo "Checking UTMP..."
+if w -h 199 | grep . ; then
+ echo "ERROR: w reports UID 99 as active!"
+ exit 2
+fi
+if w -h nobody | grep . ; then
+ echo "ERROR: w reports user nobody as active!"
+ exit 2
+fi
+echo "... not found"
+
+echo "Checking the journal..."
+if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
+ echo "ERROR: journalctl reports messages from UID 99 in current boot!"
+ exit 2
+fi
+echo "... not found"
+
+echo "Looking for files in /etc, /run, /tmp, and /var..."
+if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
+ echo "ERROR: found files belonging to UID 99"
+ exit 2
+fi
+echo "... not found"
+
+echo "Checking if nobody is defined correctly..."
+if getent passwd nobody |
+ grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
+then
+ echo "OK, nothing to do."
+ exit 0
+else
+ echo "NOTICE: User nobody is not defined correctly"
+fi
+
+echo "Checking if nfsnobody or something else is using the uid..."
+if getent passwd 65534 | grep . ; then
+ echo "NOTICE: will have to remove this user"
+else
+ echo "... not found"
+fi
+
+if [ "${1:-}" = "-x" ]; then
+ if getent passwd nobody >/dev/null; then
+ # this will remove both the user and the group.
+ ( set -x
+ userdel nobody
+ )
+ fi
+
+ if getent passwd 65534 >/dev/null; then
+ # Make sure the uid is unused. This should free gid too.
+ name="$(getent passwd 65534 | cut -d: -f1)"
+ ( set -x
+ userdel "$name"
+ )
+ fi
+
+ if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
+ echo "Sleeping, so sss can catch up"
+ sleep 3
+ fi
+
+ if getent group 65534; then
+ # Make sure the gid is unused, even if uid wasn't.
+ name="$(getent group 65534 | cut -d: -f1)"
+ ( set -x
+ groupdel "$name"
+ )
+ fi
+
+ # systemd-sysusers uses the same gid and uid
+ ( set -x
+ systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
+ )
+else
+ echo "Pass '-x' to perform changes"
+fi
diff --git a/SOURCES/rc.local b/SOURCES/rc.local
new file mode 100644
index 0000000..4666070
--- /dev/null
+++ b/SOURCES/rc.local
@@ -0,0 +1,14 @@
+#!/bin/bash
+# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
+#
+# It is highly advisable to create own systemd services or udev rules
+# to run scripts during boot instead of using this file.
+#
+# In contrast to previous versions due to parallel execution during boot
+# this script will NOT be run after all other services.
+#
+# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
+# that this script will be executed during boot.
+
+touch /var/lock/subsys/local
+
diff --git a/SOURCES/split-files.py b/SOURCES/split-files.py
new file mode 100644
index 0000000..7622210
--- /dev/null
+++ b/SOURCES/split-files.py
@@ -0,0 +1,163 @@
+import re, sys, os, collections
+
+buildroot = sys.argv[1]
+known_files = sys.stdin.read().splitlines()
+known_files = {line.split()[-1]:line for line in known_files}
+
+def files(root):
+ os.chdir(root)
+ todo = collections.deque(['.'])
+ while todo:
+ n = todo.pop()
+ files = os.scandir(n)
+ for file in files:
+ yield file
+ if file.is_dir() and not file.is_symlink():
+ todo.append(file)
+
+o_libs = open('.file-list-libs', 'w')
+o_udev = open('.file-list-udev', 'w')
+o_pam = open('.file-list-pam', 'w')
+o_rpm_macros = open('.file-list-rpm-macros', 'w')
+o_devel = open('.file-list-devel', 'w')
+o_container = open('.file-list-container', 'w')
+o_networkd = open('.file-list-networkd', 'w')
+o_resolved = open('.file-list-resolved', 'w')
+o_oomd = open('.file-list-oomd', 'w')
+o_remote = open('.file-list-remote', 'w')
+o_tests = open('.file-list-tests', 'w')
+o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
+o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
+o_rest = open('.file-list-rest', 'w')
+for file in files(buildroot):
+ n = file.path[1:]
+ if re.match(r'''/usr/(share|include)$|
+ /usr/share/man(/man.|)$|
+ /usr/share/zsh(/site-functions|)$|
+ /usr/share/dbus-1$|
+ /usr/share/dbus-1/system.d$|
+ /usr/share/dbus-1/(system-|)services$|
+ /usr/share/polkit-1(/actions|/rules.d|)$|
+ /usr/share/pkgconfig$|
+ /usr/share/bash-completion(/completions|)$|
+ /usr(/lib|/lib64|/bin|/sbin|)$|
+ /usr/lib.*/(security|pkgconfig)$|
+ /usr/lib/rpm(/macros.d|)$|
+ /usr/lib/firewalld(/services|)$|
+ /usr/share/(locale|licenses|doc)| # no $
+ /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
+ /etc/(dnf|dnf/protected.d)$|
+ /usr/(src|lib/debug)| # no $
+ /run$|
+ /var(/cache|/log|/lib|/run|)$
+ ''', n, re.X):
+ continue
+ if '/security/pam_' in n or '/man8/pam_' in n:
+ o = o_pam
+ elif '/rpm/' in n:
+ o = o_rpm_macros
+ elif '/usr/lib/systemd/tests' in n:
+ o = o_tests
+ elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
+ o = o_devel
+ elif re.search(r'''journal-(remote|gateway|upload)|
+ systemd-remote\.conf|
+ /usr/share/systemd/gatewayd|
+ /var/log/journal/remote
+ ''', n, re.X):
+ o = o_remote
+ elif re.search(r'''mymachines|
+ machinectl|
+ systemd-nspawn|
+ import-pubring.gpg|
+ systemd-(machined|import|pull)|
+ /machine.slice|
+ /machines.target|
+ var-lib-machines.mount|
+ org.freedesktop.(import|machine)1
+ ''', n, re.X):
+ o = o_container
+ elif re.search(r'''/usr/lib/systemd/network/80-|
+ networkd|
+ networkctl|
+ org.freedesktop.network1
+ ''', n, re.X):
+ o = o_networkd
+ elif re.search(r'''resolved|
+ resolvectl|
+ resolvconf|
+ org.freedesktop.resolve1|
+ systemd-resolve|
+ nss-resolve
+ ''', n, re.X):
+ o = o_resolved
+ elif '.so.' in n:
+ o = o_libs
+ elif re.search(r'''udev(?!\.pc)|
+ hwdb|
+ bootctl|
+ sd-boot|systemd-boot\.|loader.conf|
+ bless-boot|
+ boot-system-token|
+ kernel-install|
+ vconsole|
+ backlight|
+ rfkill|
+ random-seed|
+ modules-load|
+ timesync|
+ cryptenroll|
+ cryptsetup|
+ kmod|
+ quota|
+ pstore|
+ sleep|suspend|hibernate|
+ systemd-tmpfiles-setup-dev|
+ network/99-default.link|
+ growfs|makefs|makeswap|mkswap|
+ fsck|
+ repart|
+ gpt-auto|
+ volatile-root|
+ verity-setup|
+ remount-fs|
+ /boot$|
+ /boot/efi|
+ /kernel/|
+ /kernel$|
+ /modprobe.d
+ ''', n, re.X):
+ o = o_udev
+ elif re.search(r'''10-oomd-.*defaults\.conf|
+ oomd\.conf|
+ oomctl|
+ org.freedesktop.oom1|
+ systemd-oomd
+ ''', n, re.X):
+ o = o_oomd
+ elif n.endswith('.standalone'):
+ if 'tmpfiles' in n:
+ o = o_standalone_tmpfiles
+ elif 'sysusers' in n:
+ o = o_standalone_sysusers
+ else:
+ assert False, 'Found .standalone not belonging to known packages'
+ else:
+ o = o_rest
+
+ if n in known_files:
+ prefix = ' '.join(known_files[n].split()[:-1])
+ if prefix:
+ prefix += ' '
+ elif file.is_dir() and not file.is_symlink():
+ prefix = '%dir '
+ elif 'README' in n:
+ prefix = '%doc '
+ elif n.startswith('/etc'):
+ prefix = '%config(noreplace) '
+ else:
+ prefix = ''
+
+ suffix = '*' if '/man/' in n else ''
+
+ print(f'{prefix}{n}{suffix}', file=o)
diff --git a/SOURCES/sysctl.conf.README b/SOURCES/sysctl.conf.README
new file mode 100644
index 0000000..41c0c41
--- /dev/null
+++ b/SOURCES/sysctl.conf.README
@@ -0,0 +1,10 @@
+# sysctl settings are defined through files in
+# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
+#
+# Vendors settings live in /usr/lib/sysctl.d/.
+# To override a whole file, create a new file with the same in
+# /etc/sysctl.d/ and put new settings there. To override
+# only specific settings, add a file with a lexically later
+# name in /etc/sysctl.d/ and put new settings there.
+#
+# For more information, see sysctl.conf(5) and sysctl.d(5).
diff --git a/SOURCES/systemd-journal-gatewayd.xml b/SOURCES/systemd-journal-gatewayd.xml
new file mode 100644
index 0000000..a1b400c
--- /dev/null
+++ b/SOURCES/systemd-journal-gatewayd.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>systemd-journal-gatewayd</short>
+ <description>Journal Gateway Service</description>
+ <port protocol="tcp" port="19531"/>
+</service>
diff --git a/SOURCES/systemd-journal-remote.xml b/SOURCES/systemd-journal-remote.xml
new file mode 100644
index 0000000..e115a12
--- /dev/null
+++ b/SOURCES/systemd-journal-remote.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>systemd-journal-remote</short>
+ <description>Journal Remote Sink</description>
+ <port protocol="tcp" port="19532"/>
+</service>
diff --git a/SOURCES/systemd-udev-trigger-no-reload.conf b/SOURCES/systemd-udev-trigger-no-reload.conf
new file mode 100644
index 0000000..c879427
--- /dev/null
+++ b/SOURCES/systemd-udev-trigger-no-reload.conf
@@ -0,0 +1,3 @@
+[Unit]
+# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
+RefuseManualStop=true
diff --git a/SOURCES/systemd-user b/SOURCES/systemd-user
new file mode 100644
index 0000000..2725df9
--- /dev/null
+++ b/SOURCES/systemd-user
@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+account include system-auth
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session include system-auth
diff --git a/SOURCES/sysusers.attr b/SOURCES/sysusers.attr
new file mode 100644
index 0000000..367c137
--- /dev/null
+++ b/SOURCES/sysusers.attr
@@ -0,0 +1,2 @@
+%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
+%__sysusers_path ^%{_sysusersdir}/.*\\.conf$
diff --git a/SOURCES/sysusers.generate-pre.sh b/SOURCES/sysusers.generate-pre.sh
new file mode 100755
index 0000000..6c481c3
--- /dev/null
+++ b/SOURCES/sysusers.generate-pre.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# This script turns sysuser.d files into scriptlets mandated by Fedora
+# packaging guidelines. The general idea is to define users using the
+# declarative syntax but to turn this into traditional scriptlets.
+
+user() {
+ user="$1"
+ uid="$2"
+ desc="$3"
+ group="$4"
+ home="$5"
+ shell="$6"
+
+[ "$desc" = '-' ] && desc=
+[ "$home" = '-' -o "$home" = '' ] && home=/
+[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
+
+if [ "$uid" = '-' -o "$uid" = '' ]; then
+ cat <<EOF
+getent passwd '$user' >/dev/null || \\
+ useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
+EOF
+else
+ cat <<EOF
+if ! getent passwd '$user' >/dev/null ; then
+ if ! getent passwd '$uid' >/dev/null ; then
+ useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+ else
+ useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+ fi
+fi
+
+EOF
+fi
+}
+
+group() {
+ group="$1"
+ gid="$2"
+if [ "$gid" = '-' ]; then
+ cat <<EOF
+getent group '$group' >/dev/null || groupadd -r '$group'
+EOF
+else
+ cat <<EOF
+getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
+EOF
+fi
+}
+
+parse() {
+ while read line || [ "$line" ]; do
+ [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+ line="${line## *}"
+ [ -z "$line" ] && continue
+ eval arr=( $line )
+ case "${arr[0]}" in
+ ('u')
+ group "${arr[1]}" "${arr[2]}"
+ user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
+ # TODO: user:group support
+ ;;
+ ('g')
+ group "${arr[1]}" "${arr[2]}"
+ ;;
+ ('m')
+ group "${arr[2]}" "-"
+ user "${arr[1]}" "-" "" "${arr[2]}"
+ ;;
+ esac
+ done
+}
+
+for fn in "$@"; do
+ [ -e "$fn" ] || continue
+ echo "# generated from $(basename $fn)"
+ parse < "$fn"
+done
diff --git a/SOURCES/sysusers.prov b/SOURCES/sysusers.prov
new file mode 100755
index 0000000..a6eda5d
--- /dev/null
+++ b/SOURCES/sysusers.prov
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+parse() {
+ while read line; do
+ [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+ line="${line## *}"
+ [ -z "$line" ] && continue
+ set -- $line
+ case "$1" in
+ ('u')
+ echo "user($2)"
+ echo "group($2)"
+ # TODO: user:group support
+ ;;
+ ('g')
+ echo "group($2)"
+ ;;
+ ('m')
+ echo "user($2)"
+ echo "group($3)"
+ ;;
+ esac
+ done
+}
+
+while read fn; do
+ parse < "$fn"
+done
diff --git a/SOURCES/triggers.systemd b/SOURCES/triggers.systemd
new file mode 100644
index 0000000..6c57d71
--- /dev/null
+++ b/SOURCES/triggers.systemd
@@ -0,0 +1,89 @@
+# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# Copyright 2018 Neal Gompa
+
+# The contents of this are an example to be copied into systemd.spec.
+#
+# Minimum rpm version supported: 4.14.0
+
+%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
+# This script will run after any package is initially installed or
+# upgraded. We care about the case where a package is initially
+# installed, because other cases are covered by the *un scriptlets,
+# so sometimes we will reload needlessly.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/systemctl daemon-reload || :
+ %{_bindir}/systemctl reload-or-restart --marked || :
+fi
+
+%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
+# On removal, we need to run daemon-reload after any units have been
+# removed.
+# On upgrade, we need to run daemon-reload after any new unit files
+# have been installed, but before %postun scripts in packages get
+# executed.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/systemctl daemon-reload || :
+fi
+
+%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
+# We restart remaining services that should be restarted here.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/systemctl reload-or-restart --marked || :
+fi
+
+%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
+# This script will process files installed in /usr/lib/sysusers.d to create
+# specified users automatically. The priority is set such that it
+# will run before the tmpfiles file trigger.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/systemd-sysusers || :
+fi
+
+%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
+# This script will automatically invoke hwdb update if files have been
+# installed or updated in /usr/lib/udev/hwdb.d.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/systemd-hwdb update || :
+fi
+
+%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
+# This script will automatically invoke journal catalog update if files
+# have been installed or updated in /usr/lib/systemd/catalog.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/journalctl --update-catalog || :
+fi
+
+%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
+# This script will automatically apply binfmt rules if files have been
+# installed or updated in /usr/lib/binfmt.d.
+if test -d "/run/systemd/system"; then
+ # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
+ # during install
+ /usr/lib/systemd/systemd-binfmt || :
+fi
+
+%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d
+# This script will process files installed in /usr/lib/tmpfiles.d to create
+# tmpfiles automatically. The priority is set such that it will run
+# after the sysusers file trigger, but before any other triggers.
+if test -d "/run/systemd/system"; then
+ %{_bindir}/systemd-tmpfiles --create || :
+fi
+
+%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d
+# This script will automatically update udev with new rules if files
+# have been installed or updated in /usr/lib/udev/rules.d.
+if test -e /run/udev/control; then
+ %{_bindir}/udevadm control --reload || :
+fi
+
+%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d
+# This script will automatically apply sysctl rules if files have been
+# installed or updated in /usr/lib/sysctl.d.
+if test -d "/run/systemd/system"; then
+ /usr/lib/systemd/systemd-sysctl || :
+fi
diff --git a/SOURCES/yum-protect-systemd.conf b/SOURCES/yum-protect-systemd.conf
new file mode 100644
index 0000000..39426d7
--- /dev/null
+++ b/SOURCES/yum-protect-systemd.conf
@@ -0,0 +1,2 @@
+systemd
+systemd-udev
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
new file mode 100644
index 0000000..38ab79d
--- /dev/null
+++ b/SPECS/systemd.spec
@@ -0,0 +1,3236 @@
+#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
+%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
+
+#global stable 1
+
+# We ship a .pc file but don't want to have a dep on pkg-config. We
+# strip the automatically generated dep here and instead co-own the
+# directory.
+%global __requires_exclude pkg-config
+
+%global pkgdir %{_prefix}/lib/systemd
+%global system_unit_dir %{pkgdir}/system
+%global user_unit_dir %{pkgdir}/user
+
+# Bootstrap may be needed to break intercircular dependencies with
+# cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump.
+%bcond_with bootstrap
+%bcond_without tests
+%bcond_without lto
+
+Name: systemd
+Url: https://www.freedesktop.org/wiki/Software/systemd
+Version: 250
+Release: 6%{?dist}
+# For a breakdown of the licensing, see README
+License: LGPLv2+ and MIT and GPLv2+
+Summary: System and Service Manager
+
+# download tarballs with "spectool -g systemd.spec"
+%if %{defined commit}
+Source0: https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
+%else
+%if 0%{?stable}
+Source0: https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
+%else
+Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
+%endif
+%endif
+# This file must be available before %%prep.
+# It is generated during systemd build and can be found in build/src/core/.
+Source1: triggers.systemd
+Source2: split-files.py
+Source3: purge-nobody-user
+
+# Prevent accidental removal of the systemd package
+Source4: yum-protect-systemd.conf
+
+Source5: inittab
+Source6: sysctl.conf.README
+Source7: systemd-journal-remote.xml
+Source8: systemd-journal-gatewayd.xml
+Source9: 20-yama-ptrace.conf
+Source10: systemd-udev-trigger-no-reload.conf
+Source11: 20-grubby.install
+Source12: systemd-user
+Source13: libsystemd-shared.abignore
+
+Source14: 10-oomd-defaults.conf
+Source15: 10-oomd-root-slice-defaults.conf
+Source16: 10-oomd-user-service-defaults.conf
+
+Source21: macros.sysusers
+Source22: sysusers.attr
+Source23: sysusers.prov
+Source24: sysusers.generate-pre.sh
+Source25: rc.local
+
+%if 0
+GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
+i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip
+GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
+%endif
+
+# Backports of patches from upstream (0000–0499)
+#
+# Any patches which are "in preparation" upstream should be listed
+# here, rather than in the next section. Packit CI will drop any
+# patches in this range before applying upstream pull requests.
+
+# RHEL-specific
+Patch0001: 0001-logind-set-RemoveIPC-to-false-by-default.patch
+Patch0002: 0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
+Patch0003: 0003-Copy-40-redhat.rules-from-RHEL-8.patch
+Patch0004: 0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+Patch0005: 0005-unit-don-t-add-Requires-for-tmp.mount.patch
+Patch0006: 0006-units-add-Install-section-to-tmp.mount.patch
+Patch0007: 0007-rc-local-order-after-network-online.target.patch
+Patch0008: 0008-ci-drop-CIs-irrelevant-for-downstream.patch
+Patch0009: 0009-ci-reconfigure-Packit-for-RHEL-9.patch
+Patch0010: 0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch
+Patch0011: 0011-random-util-increase-random-seed-size-to-1024.patch
+Patch0012: 0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch
+Patch0013: 0013-journald.conf-don-t-touch-current-audit-settings.patch
+Patch0014: 0014-Revert-udev-remove-WAIT_FOR-key.patch
+Patch0015: 0015-Really-don-t-enable-systemd-journald-audit.socket.patch
+Patch0016: 0016-rules-add-elevator-kernel-command-line-parameter.patch
+Patch0017: 0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+Patch0018: 0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+Patch0019: 0019-set-core-ulimit-to-0-like-on-RHEL-7.patch
+Patch0020: 0020-ci-use-C9S-chroots-in-Packit.patch
+Patch0021: 0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
+Patch0022: 0022-Treat-EPERM-as-not-available-too.patch
+Patch0023: 0023-test-copy-portable-profiles-into-the-image-if-they-d.patch
+Patch0024: 0024-test-introduce-get_cgroup_hierarchy-helper.patch
+Patch0025: 0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch
+Patch0026: 0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch
+Patch0027: 0027-test-allow-to-set-NULL-to-intro-or-outro.patch
+Patch0028: 0028-udev-net-setup-link-change-the-default-MACAddressPol.patch
+Patch0029: 0029-man-mention-System-Administrator-s-Guide-in-systemct.patch
+Patch0030: 0030-Net-naming-scheme-for-RHEL-9.0.patch
+Patch0031: 0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch
+Patch0032: 0032-ci-replace-apt-key-with-signed-by.patch
+Patch0033: 0033-ci-fix-clang-13-installation.patch
+Patch0034: 0034-Revert-kernel-install-also-remove-modules.builtin.al.patch
+Patch0035: 0035-Revert-kernel-install-prefer-boot-over-boot-efi-for-.patch
+Patch0036: 0036-kernel-install-50-depmod-port-to-bin-sh.patch
+Patch0037: 0037-kernel-install-90-loaderentry-port-to-bin-sh.patch
+Patch0038: 0038-kernel-install-fix-shellcheck.patch
+Patch0039: 0039-kernel-install-port-to-bin-sh.patch
+Patch0040: 0040-kernel-install-90-loaderentry-error-out-on-nonexiste.patch
+Patch0041: 0041-kernel-install-don-t-pull-out-KERNEL_IMAGE.patch
+Patch0042: 0042-kernel-install-prefer-boot-over-boot-efi-for-BOOT_RO.patch
+Patch0043: 0043-kernel-install-also-remove-modules.builtin.alias.bin.patch
+Patch0044: 0044-kernel-install-add-new-variable-KERNEL_INSTALL_INITR.patch
+Patch0045: 0045-kernel-install-k-i-already-creates-ENTRY_DIR_ABS-no-.patch
+Patch0046: 0046-kernel-install-prefix-errors-with-Error-exit-immedia.patch
+Patch0047: 0047-kernel-install-add-KERNEL_INSTALL_STAGING_AREA-direc.patch
+Patch0048: 0048-kernel-install-add-missing-log-line.patch
+Patch0049: 0049-kernel-install-don-t-try-to-persist-used-machine-ID-.patch
+Patch0050: 0050-kernel-install-add-a-new-ENTRY_TOKEN-variable-for-na.patch
+Patch0051: 0051-kernel-install-only-generate-systemd.boot_id-in-kern.patch
+Patch0052: 0052-kernel-install-search-harder-for-kernel-image-initrd.patch
+Patch0053: 0053-kernel-install-add-new-inspect-verb-showing-paths-an.patch
+Patch0054: 0054-bus-Use-OrderedSet-for-introspection.patch
+Patch0055: 0055-udev-net_id-avoid-slot-based-names-only-for-single-f.patch
+
+# Downstream-only patches (9000–9999)
+
+BuildRequires: gcc
+BuildRequires: gcc-c++
+BuildRequires: coreutils
+BuildRequires: libcap-devel
+BuildRequires: libmount-devel
+BuildRequires: libfdisk-devel
+BuildRequires: pam-devel
+BuildRequires: libselinux-devel
+BuildRequires: audit-libs-devel
+%if %{without bootstrap}
+BuildRequires: cryptsetup-devel
+%endif
+BuildRequires: dbus-devel
+# /usr/bin/getfacl is needed by test-acl-util
+BuildRequires: acl
+BuildRequires: libacl-devel
+BuildRequires: gobject-introspection-devel
+BuildRequires: libblkid-devel
+BuildRequires: xz-devel
+BuildRequires: xz
+BuildRequires: lz4-devel
+BuildRequires: lz4
+BuildRequires: bzip2-devel
+BuildRequires: libzstd-devel
+BuildRequires: libidn2-devel
+BuildRequires: libcurl-devel
+BuildRequires: kmod-devel
+BuildRequires: elfutils-devel
+BuildRequires: openssl-devel
+BuildRequires: libgcrypt-devel
+BuildRequires: libgpg-error-devel
+BuildRequires: gnutls-devel
+BuildRequires: libmicrohttpd-devel
+BuildRequires: libxkbcommon-devel
+BuildRequires: libxslt
+BuildRequires: docbook-style-xsl
+BuildRequires: pkgconfig
+BuildRequires: gperf
+BuildRequires: gawk
+BuildRequires: tree
+BuildRequires: hostname
+BuildRequires: python3dist(lxml)
+BuildRequires: python3dist(jinja2)
+BuildRequires: firewalld-filesystem
+BuildRequires: libseccomp-devel
+BuildRequires: meson >= 0.43
+BuildRequires: gettext
+# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
+BuildRequires: valgrind-devel
+BuildRequires: pkgconfig(bash-completion)
+BuildRequires: pkgconfig(tss2-esys)
+BuildRequires: pkgconfig(tss2-rc)
+BuildRequires: pkgconfig(tss2-mu)
+BuildRequires: perl
+BuildRequires: perl(IPC::SysV)
+
+Requires(post): coreutils
+Requires(post): sed
+Requires(post): acl
+Requires(post): grep
+# systemd-machine-id-setup requires libssl
+Requires(post): openssl-libs
+Requires(pre): coreutils
+Requires(pre): /usr/bin/getent
+Requires(pre): /usr/sbin/groupadd
+Requires: dbus >= 1.9.18
+Requires: %{name}-pam = %{version}-%{release}
+Requires: %{name}-rpm-macros = %{version}-%{release}
+Requires: %{name}-libs = %{version}-%{release}
+Requires: util-linux
+Provides: /bin/systemctl
+Provides: /sbin/shutdown
+Provides: syslog
+Provides: systemd-units = %{version}-%{release}
+Obsoletes: system-setup-keyboard < 0.9
+Provides: system-setup-keyboard = 0.9
+# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308
+Obsoletes: systemd-sysv < 206
+# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394)
+Obsoletes: %{name} < 246.6-2
+Provides: systemd-sysv = 206
+Conflicts: initscripts < 9.56.1
+%if 0%{?fedora}
+Conflicts: fedora-release < 23-0.12
+%endif
+Obsoletes: timedatex < 0.6-3
+Provides: timedatex = 0.6-3
+Conflicts: %{name}-standalone-tmpfiles < %{version}-%{release}^
+Obsoletes: %{name}-standalone-tmpfiles < %{version}-%{release}^
+Conflicts: %{name}-standalone-sysusers < %{version}-%{release}^
+Obsoletes: %{name}-standalone-sysusers < %{version}-%{release}^
+
+# Requires deps for stuff that is dlopen()ed
+Requires: pcre2%{?_isa}
+
+%description
+systemd is a system and service manager that runs as PID 1 and starts
+the rest of the system. It provides aggressive parallelization
+capabilities, uses socket and D-Bus activation for starting services,
+offers on-demand starting of daemons, keeps track of processes using
+Linux control groups, maintains mount and automount points, and
+implements an elaborate transactional dependency-based service control
+logic. systemd supports SysV and LSB init scripts and works as a
+replacement for sysvinit. Other parts of this package are a logging daemon,
+utilities to control basic system configuration like the hostname,
+date, locale, maintain a list of logged-in users, system accounts,
+runtime directories and settings, and daemons to manage simple network
+configuration, network time synchronization, log forwarding, and name
+resolution.
+%if 0%{?stable}
+This package was built from the %{version}-stable branch of systemd.
+%endif
+
+%package libs
+Summary: systemd libraries
+License: LGPLv2+ and MIT
+Obsoletes: libudev < 183
+Obsoletes: systemd < 185-4
+Conflicts: systemd < 185-4
+Obsoletes: systemd-compat-libs < 230
+Obsoletes: nss-myhostname < 0.4
+Provides: nss-myhostname = 0.4
+Provides: nss-myhostname%{_isa} = 0.4
+Requires(post): coreutils
+Requires(post): sed
+Requires(post): grep
+Requires(post): /usr/bin/getent
+
+%description libs
+Libraries for systemd and udev.
+
+%package pam
+Summary: systemd PAM module
+Requires: %{name} = %{version}-%{release}
+
+%description pam
+Systemd PAM module registers the session with systemd-logind.
+
+%package rpm-macros
+Summary: Macros that define paths and scriptlets related to systemd
+BuildArch: noarch
+
+%description rpm-macros
+Just the definitions of rpm macros.
+
+See
+https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
+for information how to use those macros.
+
+%package devel
+Summary: Development headers for systemd
+License: LGPLv2+ and MIT
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Provides: libudev-devel = %{version}
+Provides: libudev-devel%{_isa} = %{version}
+Obsoletes: libudev-devel < 183
+# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153)
+Requires: %{name}-pam = %{version}-%{release}
+
+%description devel
+Development headers and auxiliary files for developing applications linking
+to libudev or libsystemd.
+
+%package udev
+Summary: Rule-based device node and kernel event manager
+License: LGPLv2+
+
+Requires: systemd%{?_isa} = %{version}-%{release}
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires(post): grep
+Requires: kmod >= 18-4
+# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1
+Obsoletes: systemd < 245.6-1
+Provides: udev = %{version}
+Provides: udev%{_isa} = %{version}
+Obsoletes: udev < 183
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9
+Suggests: systemd-bootchart
+# https://bugzilla.redhat.com/show_bug.cgi?id=1408878
+Requires: kbd
+
+# Requires deps for stuff that is dlopen()ed
+Requires: cryptsetup-libs%{?_isa}
+# https://bugzilla.redhat.com/show_bug.cgi?id=2017541
+Requires: tpm2-tss%{?_isa}
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1753381
+Provides: u2f-hidraw-policy = 1.0.2-40
+Obsoletes: u2f-hidraw-policy < 1.0.2-40
+
+%description udev
+This package contains systemd-udev and the rules and hardware database
+needed to manage device nodes. This package is necessary on physical
+machines and in virtual machines, but not in containers.
+
+%package container
+# Name is the same as in Debian
+Summary: Tools for containers and VMs
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394)
+Obsoletes: %{name} < 229-5
+License: LGPLv2+
+
+%description container
+Systemd tools to spawn and manage containers and virtual machines.
+
+This package contains systemd-nspawn, machinectl, systemd-machined,
+and systemd-importd.
+
+%package journal-remote
+# Name is the same as in Debian
+Summary: Tools to send journal events over the network
+Requires: %{name}%{?_isa} = %{version}-%{release}
+License: LGPLv2+
+Requires(pre): /usr/bin/getent
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires: firewalld-filesystem
+Provides: %{name}-journal-gateway = %{version}-%{release}
+Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release}
+Obsoletes: %{name}-journal-gateway < 227-7
+
+%description journal-remote
+Programs to forward journal entries over the network, using encrypted HTTP,
+and to write journal files from serialized journal contents.
+
+This package contains systemd-journal-gatewayd,
+systemd-journal-remote, and systemd-journal-upload.
+
+%package resolved
+Summary: System daemon that provides network name resolution to local applications
+Requires: %{name}%{?_isa} = %{version}-%{release}
+License: LGPLv2+
+
+%description resolved
+systemd-resolved is a system service that provides network name
+resolution to local applications. It implements a caching and
+validating DNS/DNSSEC stub resolver, as well as an LLMNR and
+MulticastDNS resolver and responder.
+
+%package oomd
+Summary: A userspace out-of-memory (OOM) killer
+Requires: %{name}%{?_isa} = %{version}-%{release}
+License: LGPLv2+
+Provides: %{name}-oomd-defaults = %{version}-%{release}
+
+%description oomd
+systemd-oomd is a system service that uses cgroups-v2 and pressure stall
+information (PSI) to monitor and take action on processes before an OOM
+occurs in kernel space.
+
+%package standalone-tmpfiles
+Summary: Standalone tmpfiles binary for use in non-systemd systems
+RemovePathPostfixes: .standalone
+
+%description standalone-tmpfiles
+Standalone tmpfiles binary with no dependencies on the systemd-shared library
+or other libraries from systemd-libs. This package conflicts with the main
+systemd package and is meant for use in non-systemd systems.
+
+%package standalone-sysusers
+Summary: Standalone sysusers binary for use in non-systemd systems
+RemovePathPostfixes: .standalone
+
+%description standalone-sysusers
+Standalone sysusers binary with no dependencies on the systemd-shared library
+or other libraries from systemd-libs. This package conflicts with the main
+systemd package and is meant for use in non-systemd systems.
+
+%prep
+%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
+
+%build
+%define ntpvendor %(source /etc/os-release; echo ${ID})
+%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
+
+CONFIGURE_OPTS=(
+ -Dmode=release
+ -Dsysvinit-path=/etc/rc.d/init.d
+ -Drc-local=/etc/rc.d/rc.local
+ -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
+ -Ddns-servers=
+ -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
+ -Dservice-watchdog=3min
+ -Ddev-kvm-mode=0666
+ -Dkmod=true
+ -Dxkbcommon=true
+ -Dblkid=true
+ -Dfdisk=true
+ -Dseccomp=true
+ -Dima=true
+ -Dselinux=true
+ -Dapparmor=false
+ -Dpolkit=true
+ -Dxz=true
+ -Dzlib=true
+ -Dbzip2=true
+ -Dlz4=true
+ -Dzstd=true
+ -Dpam=true
+ -Dacl=true
+ -Dsmack=true
+ -Dopenssl=true
+ -Dcryptolib=openssl
+ -Dp11kit=true
+ -Dgcrypt=true
+ -Daudit=true
+ -Delfutils=true
+%if %{without bootstrap}
+ -Dlibcryptsetup=true
+%else
+ -Dlibcryptsetup=false
+%endif
+ -Delfutils=true
+ -Dpwquality=false
+ -Dqrencode=false
+ -Dgnutls=true
+ -Dmicrohttpd=true
+ -Dlibidn2=true
+ -Dlibiptc=false
+ -Dlibcurl=true
+ -Dlibfido2=false
+ -Dgnu-efi=false
+ -Dtpm=true
+ -Dtpm2=true
+ -Dhwdb=true
+ -Dsysusers=true
+ -Dstandalone-binaries=true
+ -Ddefault-kill-user-processes=false
+ -Dtests=unsafe
+ -Dinstall-tests=false
+ -Dtty-gid=5
+ -Dusers-gid=100
+ -Dnobody-user=nobody
+ -Dnobody-group=nobody
+ -Dcompat-mutable-uid-boundaries=true
+ -Dsplit-usr=false
+ -Dsplit-bin=true
+%if %{with lto}
+ -Db_lto=true
+%else
+ -Db_lto=false
+%endif
+ -Db_ndebug=false
+ -Dman=true
+ -Dversion-tag=%{version}-%{release}
+%if 0%{?fedora}
+ -Dfallback-hostname=fedora
+%else
+ -Dfallback-hostname=localhost
+%endif
+ -Ddefault-dnssec=no
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1867830
+ -Ddefault-mdns=no
+ -Ddefault-llmnr=resolve
+ -Doomd=true
+ -Dtimesyncd=false
+ -Dhomed=false
+ -Duserdb=false
+ -Dportabled=false
+ -Dnetworkd=false
+ -Dsupport-url=https://access.redhat.com/support
+)
+
+%if %{without lto}
+%global _lto_cflags %nil
+%endif
+
+%meson "${CONFIGURE_OPTS[@]}"
+
+new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh
+if ! diff -u %{SOURCE1} ${new_triggers}; then
+ echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!"
+ echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n"
+ sleep 5
+fi
+
+%meson_build
+
+%install
+%meson_install
+
+# udev links
+mkdir -p %{buildroot}/%{_sbindir}
+ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm
+
+# Compatiblity and documentation files
+touch %{buildroot}/etc/crypttab
+chmod 600 %{buildroot}/etc/crypttab
+
+# /etc/initab
+install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5}
+
+# /etc/sysctl.conf compat
+install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf
+ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf
+
+# Make sure these directories are properly owned
+mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants
+mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants
+mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants
+mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants
+mkdir -p %{buildroot}/run
+mkdir -p %{buildroot}%{_localstatedir}/log
+touch %{buildroot}%{_localstatedir}/log/lastlog
+chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog
+touch %{buildroot}/run/utmp
+touch %{buildroot}%{_localstatedir}/log/{w,b}tmp
+
+# Make sure the user generators dir exists too
+mkdir -p %{buildroot}%{pkgdir}/system-generators
+mkdir -p %{buildroot}%{pkgdir}/user-generators
+
+# Create new-style configuration files so that we can ghost-own them
+touch %{buildroot}%{_sysconfdir}/hostname
+touch %{buildroot}%{_sysconfdir}/vconsole.conf
+touch %{buildroot}%{_sysconfdir}/locale.conf
+touch %{buildroot}%{_sysconfdir}/machine-id
+touch %{buildroot}%{_sysconfdir}/machine-info
+touch %{buildroot}%{_sysconfdir}/localtime
+mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d
+touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf
+
+# Make sure the shutdown/sleep drop-in dirs exist
+mkdir -p %{buildroot}%{pkgdir}/system-shutdown/
+mkdir -p %{buildroot}%{pkgdir}/system-sleep/
+
+# Make sure directories in /var exist
+mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump
+mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog
+mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight
+mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill
+mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger
+mkdir -p %{buildroot}%{_localstatedir}/lib/private
+mkdir -p %{buildroot}%{_localstatedir}/log/private
+mkdir -p %{buildroot}%{_localstatedir}/cache/private
+mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload
+ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload
+mkdir -p %{buildroot}%{_localstatedir}/log/journal
+touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database
+touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin
+touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed
+touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state
+
+# Install rc.local
+mkdir -p %{buildroot}%{_sysconfdir}/rc.d/
+install -m 0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/rc.d/rc.local
+ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local
+
+# Install yum protection fragment
+install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf
+
+install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8}
+
+# Restore systemd-user pam config from before "removal of Fedora-specific bits"
+install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12}
+
+# Install additional docs
+# https://bugzilla.redhat.com/show_bug.cgi?id=1234951
+install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1378974
+install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10}
+
+# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040
+mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/
+cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf <<EOF
+[Service]
+PrivateDevices=no
+EOF
+
+install -Dm0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE11}
+
+install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
+
+install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
+
+# systemd-oomd default configuration
+install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
+install -Dm0644 -t %{buildroot}%{system_unit_dir}/-.slice.d/ %{SOURCE15}
+install -Dm0644 -t %{buildroot}%{system_unit_dir}/user@.service.d/ %{SOURCE16}
+
+install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21}
+install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
+install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
+install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}
+
+%find_lang %{name}
+
+# Split files in build root into rpms. See split-files.py for the
+# rules towards the end, anything which is an exception needs a line
+# here.
+python3 %{SOURCE2} %buildroot <<EOF
+%ghost %config(noreplace) /etc/crypttab
+%ghost /etc/udev/hwdb.bin
+/etc/inittab
+/usr/lib/systemd/purge-nobody-user
+%ghost %config(noreplace) /etc/vconsole.conf
+%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf
+%ghost %attr(0664,root,utmp) /run/utmp
+%ghost %attr(0664,root,utmp) /var/log/wtmp
+%ghost %attr(0600,root,utmp) /var/log/btmp
+%ghost %attr(0664,root,utmp) %verify(not md5 size mtime) /var/log/lastlog
+%ghost %config(noreplace) /etc/hostname
+%ghost %config(noreplace) /etc/localtime
+%ghost %config(noreplace) /etc/locale.conf
+%ghost %config(noreplace) /etc/machine-id
+%ghost %config(noreplace) /etc/machine-info
+%config(noreplace) %{_sysconfdir}/rc.d/rc.local
+%{_sysconfdir}/rc.local
+%ghost %attr(0700,root,root) %dir /var/cache/private
+%ghost %attr(0700,root,root) %dir /var/lib/private
+%ghost %dir /var/lib/private/systemd
+%ghost %dir /var/lib/private/systemd/journal-upload
+%ghost /var/lib/private/systemd/journal-upload/state
+%ghost %dir /var/lib/systemd/backlight
+%ghost /var/lib/systemd/catalog/database
+%ghost %dir /var/lib/systemd/coredump
+%ghost /var/lib/systemd/journal-upload
+%ghost %dir /var/lib/systemd/linger
+%ghost /var/lib/systemd/random-seed
+%ghost %dir /var/lib/systemd/rfkill
+%ghost %dir /var/log/journal
+%ghost %dir /var/log/journal/remote
+%ghost %attr(0700,root,root) %dir /var/log/private
+EOF
+
+%check
+%if %{with tests}
+meson test -C %{_vpath_builddir} -t 6 --print-errorlogs
+%endif
+
+#############################################################################################
+
+%include %{SOURCE1}
+
+%pre
+getent group cdrom &>/dev/null || groupadd -r -g 11 cdrom &>/dev/null || :
+getent group utmp &>/dev/null || groupadd -r -g 22 utmp &>/dev/null || :
+getent group tape &>/dev/null || groupadd -r -g 33 tape &>/dev/null || :
+getent group dialout &>/dev/null || groupadd -r -g 18 dialout &>/dev/null || :
+getent group input &>/dev/null || groupadd -r input &>/dev/null || :
+getent group kvm &>/dev/null || groupadd -r -g 36 kvm &>/dev/null || :
+getent group render &>/dev/null || groupadd -r render &>/dev/null || :
+getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2>&1 || :
+
+getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || :
+getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || :
+
+
+%post
+systemd-machine-id-setup &>/dev/null || :
+
+systemctl daemon-reexec &>/dev/null || {
+ # systemd v239 had bug #9553 in D-Bus authentication of the private socket,
+ # which was later fixed in v240 by #9625.
+ #
+ # The end result is that a `systemctl daemon-reexec` call as root will fail
+ # when upgrading from systemd v239, which means the system will not start
+ # running the new version of systemd after this post install script runs.
+ #
+ # To work around this issue, let's fall back to using a `kill -TERM 1` to
+ # re-execute the daemon when the `systemctl daemon-reexec` call fails.
+ #
+ # In order to prevent issues when the reason why the daemon-reexec failed is
+ # not the aforementioned bug, let's only use this fallback when:
+ # - we're upgrading this RPM package; and
+ # - we confirm that systemd is running as PID1 on this system.
+ if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then
+ kill -TERM 1 &>/dev/null || :
+ fi
+}
+
+if [ $1 -eq 1 ]; then
+ [ -w %{_localstatedir} ] && journalctl --update-catalog || :
+ systemd-tmpfiles --create &>/dev/null || :
+fi
+
+# Make sure new journal files will be owned by the "systemd-journal" group
+machine_id=$(cat /etc/machine-id 2>/dev/null)
+chgrp systemd-journal /{run,var}/log/journal/{,${machine_id}} &>/dev/null || :
+chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || :
+
+# Apply ACL to the journal directory
+setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || :
+
+[ $1 -eq 1 ] || exit 0
+
+# We reset the enablement of all services upon initial installation
+# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23
+# This will fix up enablement of any preset services that got installed
+# before systemd due to rpm ordering problems:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1647172.
+# We also do this for user units, see
+# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units.
+systemctl preset-all &>/dev/null || :
+systemctl --global preset-all &>/dev/null || :
+
+%postun
+if [ $1 -eq 1 ]; then
+ [ -w %{_localstatedir} ] && journalctl --update-catalog || :
+ systemd-tmpfiles --create &>/dev/null || :
+fi
+
+%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service
+
+%post libs
+%{?ldconfig}
+
+function mod_nss() {
+ if [ -f "$1" ] ; then
+ # Add nss-systemd to passwd and group
+ grep -E -q '^(passwd|group):.* systemd' "$1" ||
+ sed -i.bak -r -e '
+ s/^(passwd|group):(.*)/\1:\2 systemd/
+ ' "$1" &>/dev/null || :
+ fi
+}
+
+FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)"
+if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then
+ mod_nss "/etc/authselect/user-nsswitch.conf"
+ authselect apply-changes &> /dev/null || :
+else
+ mod_nss "$FILE"
+ # also apply the same changes to user-nsswitch.conf to affect
+ # possible future authselect configuration
+ mod_nss "/etc/authselect/user-nsswitch.conf"
+fi
+
+# check if nobody or nfsnobody is defined
+export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
+if getent passwd nfsnobody &>/dev/null; then
+ test -f /etc/systemd/dont-synthesize-nobody || {
+ echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody'
+ mkdir -p /etc/systemd || :
+ : >/etc/systemd/dont-synthesize-nobody || :
+ }
+elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then
+ test -f /etc/systemd/dont-synthesize-nobody || {
+ echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody'
+ mkdir -p /etc/systemd || :
+ : >/etc/systemd/dont-synthesize-nobody || :
+ }
+fi
+
+%{?ldconfig:%postun libs -p %ldconfig}
+
+%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket
+
+%post udev
+# Move old stuff around in /var/lib
+mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null
+mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null
+
+udevadm hwdb --update &>/dev/null
+
+%systemd_post %udev_services
+
+# Try to save the random seed, but don't complain if /dev/urandom is unavailable
+/usr/lib/systemd/systemd-random-seed save 2>&1 | \
+ grep -v 'Failed to open /dev/urandom' || :
+
+# Replace obsolete keymaps
+# https://bugzilla.redhat.com/show_bug.cgi?id=1151958
+grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
+ sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || :
+
+%preun udev
+%systemd_preun %udev_services
+
+%postun udev
+# Restart some services.
+# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974)
+%systemd_postun_with_restart systemd-udevd.service
+
+%pre journal-remote
+getent group systemd-journal-remote &>/dev/null || groupadd -r systemd-journal-remote 2>&1 || :
+getent passwd systemd-journal-remote &>/dev/null || useradd -r -l -g systemd-journal-remote -d %{_localstatedir}/log/journal/remote -s /sbin/nologin -c "Journal Remote" systemd-journal-remote &>/dev/null || :
+
+%post journal-remote
+%systemd_post systemd-journal-gatewayd.socket systemd-journal-gatewayd.service systemd-journal-remote.socket systemd-journal-remote.service systemd-journal-upload.service
+%firewalld_reload
+
+%preun journal-remote
+%systemd_preun systemd-journal-gatewayd.socket systemd-journal-gatewayd.service systemd-journal-remote.socket systemd-journal-remote.service systemd-journal-upload.service
+if [ $1 -eq 1 ] ; then
+ if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then
+ mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload
+ mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/.
+ rmdir %{_localstatedir}/lib/systemd/journal-upload || :
+ fi
+fi
+
+%postun journal-remote
+%systemd_postun_with_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service
+%firewalld_reload
+
+%pre resolved
+getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || :
+getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || :
+
+%preun resolved
+%systemd_preun systemd-resolved.service
+
+%post resolved
+%systemd_post systemd-resolved.service
+
+%postun resolved
+%systemd_postun_with_restart systemd-resolved.service
+
+%pre oomd
+getent group systemd-oom &>/dev/null || groupadd -r systemd-oom 2>&1 || :
+getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /sbin/nologin -c "systemd Userspace OOM Killer" systemd-oom &>/dev/null || :
+
+%preun oomd
+%systemd_preun systemd-oomd.service
+
+%post oomd
+%systemd_post systemd-oomd.service
+
+%postun oomd
+%systemd_postun_with_restart systemd-oomd.service
+
+%global _docdir_fmt %{name}
+
+%files -f %{name}.lang -f .file-list-rest
+%doc %{_pkgdocdir}
+%exclude %{_pkgdocdir}/LICENSE.*
+%license LICENSE.GPL2 LICENSE.LGPL2.1
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants
+%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants
+%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd
+
+%files libs -f .file-list-libs
+%license LICENSE.LGPL2.1
+
+%files pam -f .file-list-pam
+
+%files rpm-macros -f .file-list-rpm-macros
+
+%files devel -f .file-list-devel
+
+%files udev -f .file-list-udev
+
+%files container -f .file-list-container
+
+%files journal-remote -f .file-list-remote
+
+%files resolved -f .file-list-resolved
+
+%files oomd -f .file-list-oomd
+
+%files standalone-tmpfiles -f .file-list-standalone-tmpfiles
+
+%files standalone-sysusers -f .file-list-standalone-sysusers
+
+%changelog
+* Thu Apr 07 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-6
+- udev/net_id: avoid slot based names only for single function devices (#2070097)
+
+* Fri Mar 25 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-5
+- Revert "kernel-install: also remove modules.builtin.alias.bin" (#2065061)
+- Revert "kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT" (#2065061)
+- kernel-install: 50-depmod: port to /bin/sh (#2065061)
+- kernel-install: 90-loaderentry: port to /bin/sh (#2065061)
+- kernel-install: fix shellcheck (#2065061)
+- kernel-install: port to /bin/sh (#2065061)
+- kernel-install: 90-loaderentry: error out on nonexistent initrds instead of swallowing them quietly (#2065061)
+- kernel-install: don't pull out KERNEL_IMAGE (#2065061)
+- kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT (#2065061)
+- kernel-install: also remove modules.builtin.alias.bin (#2065061)
+- kernel-install: add new variable $KERNEL_INSTALL_INITRD_GENERATOR (#2065061)
+- kernel-install: k-i already creates $ENTRY_DIR_ABS, no need to do it again (#2065061)
+- kernel-install: prefix errors with "Error:", exit immediately (#2065061)
+- kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory (#2065061)
+- kernel-install: add missing log line (#2065061)
+- kernel-install: don't try to persist used machine ID locally (#2065061)
+- kernel-install: add a new $ENTRY_TOKEN variable for naming boot entries (#2065061)
+- kernel-install: only generate systemd.boot_id= in kernel command line if used for naming the boot loader spec files/dirs (#2065061)
+- kernel-install: search harder for kernel image/initrd drop-in dir (#2065061)
+- kernel-install: add new "inspect" verb, showing paths and parameters we discovered (#2065061)
+- bus: Use OrderedSet for introspection (#2066325)
+
+* Wed Feb 23 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-4
+- udev/net-setup-link: change the default MACAddressPolicy to "none" (#2009237)
+- man: mention System Administrator's Guide in systemctl manpage (#1982596)
+- Net naming scheme for RHEL-9.0 (#2052106)
+- core: decrease log level of messages about use of KillMode=none (#2013213)
+- ci: replace apt-key with signed-by (#2013213)
+- ci: fix clang-13 installation (#2013213)
+
+* Tue Feb 08 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-3
+- Treat EPERM as "not available" too (#2017035)
+- test: copy portable profiles into the image if they don't exist there (#2017035)
+- test: introduce `get_cgroup_hierarchy() helper (#2047768)
+- test: require unified cgroup hierarchy for TEST-56 (#2047768)
+- tests: rework test macros to not take code as parameters (#2017035)
+- test: allow to set NULL to intro or outro (#2017035)
+
+* Tue Feb 01 2022 Michal Sekletar <msekleta@redhat.com> - 250-2
+- spec: make sure version string starts with version number (#2049054)
+
+* Mon Jan 31 2022 Jan Macku <jamacku@redhat.com> - 250-1
+- Rebase to v250 (#2047768)
+
+* Thu Nov 18 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-9
+- test: don't install test-network-generator-conversion.sh w/o networkd (#2017035)
+- meson.build: change operator combining bools from + to and (#2017035)
+- openssl-util: use EVP API to get RSA bits (#2016042)
+- procfs-util: fix confusion wrt. quantity limit and maximum value (#2017035)
+- test-process-util: also add EROFS to the list of "good" errors (#2017035)
+- ci: use C9S chroots in Packit (#2017035)
+- test-mountpointutil-util: do not assert in test_mnt_id() (#2017035)
+- core/mount: add implicit unit dependencies even if when mount unit is generated from /proc/self/mountinfo (#2019468)
+- Drop Patch9001 - https://github.com/systemd/systemd/pull/17050 - Replaced by Patch0046
+
+* Tue Oct 12 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-8
+- Really don't enable systemd-journald-audit.socket (#1973856)
+- rules: add elevator= kernel command line parameter (#2003002)
+- boot: don't build bootctl when -Dgnu-efi=false is set (#2003130)
+- unit: install the systemd-bless-boot.service only if we have gnu-efi (#2003130)
+- units: don't enable tmp.mount statically in local-fs.target (#2000927)
+- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (#2003031)
+- sd-device: introduce device_has_devlink() (#2005024)
+- udev-node: split out permission handling from udev_node_add() (#2005024)
+- udev-node: stack directory must exist when adding device node symlink (#2005024)
+- udev-node: save information about device node and priority in symlink (#2005024)
+- udev-node: always update timestamp of stack directory (#2005024)
+- udev-node: assume no new claim to a symlink if /run/udev/links is not updated (#2005024)
+- udev-node: always atomically create symlink to device node (#2005024)
+- udev-node: check stack directory change even if devlink is removed (#2005024)
+- udev-node: shorten code a bit and update log message (#2005024)
+- udev-node: add random delay on conflict in updating device node symlink (#2005024)
+- udev-node: drop redundant trial of devlink creation (#2005024)
+- udev-node: simplify the example of race (#2005024)
+- udev-node: do not ignore unexpected errors on removing symlink in stack directory (#2005024)
+- basic/time-util: introduce FORMAT_TIMESPAN (#2005024)
+- udev/net-setup-link: change the default MACAddressPolicy to "none" (#2009237)
+- set core ulimit to 0 like on RHEL-7 (#1998509)
+
+* Fri Aug 20 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-4
+- Revert "udev: remove WAIT_FOR key" (#1982666)
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com>
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+ Related: rhbz#1991688
+
+* Fri Aug 06 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-2
+- basic/unit-name: do not use strdupa() on a path (#1984299)
+- basic/unit-name: adjust comments (#1984299)
+- tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink (#1989472)
+- Copy 40-redhat.rules from RHEL-8 (#1978639)
+- Avoid /tmp being mounted as tmpfs without the user's will (#1959826)
+- unit: don't add Requires for tmp.mount (#1619292)
+- units: add [Install] section to tmp.mount (#1959826)
+- rc-local: order after network-online.target (#1954429)
+- ci: drop CIs irrelevant for downstream (#1960703)
+- ci: reconfigure Packit for RHEL 9 (#1960703)
+- ci: run unit tests on z-stream branches as well (#1960703)
+- Check return value of pam_get_item/pam_get_data functions (#1973210)
+- random-util: increase random seed size to 1024 (#1982603)
+- journal: don't enable systemd-journald-audit.socket by default (#1973856)
+- journald.conf: don't touch current audit settings (#1973856)
+
+* Mon Jul 12 2021 <msekleta@redhat.com> - 249-1
+- Rebase to v249 (#1981276)
+
+* Thu Jun 17 2021 systemd maintenance team <systemd-maint@redhat.com> - 248-7
+- core: allow omitting second part of LoadCredentials= argument (#1949568)
+
+* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 248-6
+- Rebuilt for RHEL 9 BETA for openssl 3.0 (#1971065)
+
+* Mon May 17 2021 systemd maintenance team <systemd-maint@redhat.com> - 248-5
+- Revert "rfkill: fix the format string to prevent compilation error" (#1931710)
+- Revert "rfkill: don't compare values of different signedness" (#1931710)
+- rfkill: add some casts to silence -Werror=sign-compare (#1931710)
+
+* Fri May 14 2021 systemd maintenance team <systemd-maint@redhat.com> - 248-4
+- logind: set RemoveIPC to false by default (#1959836)
+
+* Fri May 14 2021 systemd maintenance team <systemd-maint@redhat.com> - 248-3
+- rfkill: don't compare values of different signedness (#1931710)
+- rfkill: fix the format string to prevent compilation error (#1931710)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com>
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Mar 31 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248-1
+- Latest upstream release, see
+ https://github.com/systemd/systemd/blob/v248/NEWS.
+- The changes since -rc4 are rather small, various fixes all over the place.
+ A fix to how systemd-oomd selects a candidate to kill, and more debug logging
+ to make this more transparent.
+
+* Tue Mar 30 2021 Anita Zhang <the.anitazha@gmail.com> - 248~rc4-6
+- Increase oomd user memory pressure limit to 50% (#1941170)
+
+* Fri Mar 26 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc4-5
+- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service
+ on upgrades from before systemd-networkd was split out (#1943263)
+- In nsswitch.conf, move nss-myhostname to the front, before nss-mdns4 (#1943199)
+
+* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc4-4
+- Revert patch that seems to cause problems with dns resolution
+ (see comments on https://bodhi.fedoraproject.org/updates/FEDORA-2021-1c1a870ceb)
+
+* Mon Mar 22 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc4-3
+- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335)
+- Fix returning combined IPv4/IPv6 responses from systemd-resolved cache (#1940715)
+ (But note that the disablement of caching added previously is
+ retained until we can do more testing.)
+- Minor fix to interface naming by udev
+- Fix for systemd-repart --size
+
+* Fri Mar 19 2021 Adam Williamson <awilliam@redhat.com> - 248~rc4-2
+- Disable resolved cache via config snippet (#1940715)
+
+* Thu Mar 18 2021 Yu Watanabe <yuwatana@redhat.com> - 248~rc4-1
+- Latest upstream prelease, see
+ https://github.com/systemd/systemd/blob/v248-rc4/NEWS.
+- A bunch of documentation updates, correctness fixes, and systemd-networkd
+ features.
+- Resolves #1933137, #1935084, #1933873, #1931181, #1933335, #1935062, #1927148.
+
+* Tue Mar 16 2021 Adam Williamson <awilliam@redhat.com> - 248~rc2-8
+- Drop the resolved cache disablement config snippet
+
+* Tue Mar 16 2021 Adam Williamson <awilliam@redhat.com> - 248~rc2-7
+- Backport PR #19009 to fix CNAME redirect resolving some more (#1933433)
+
+* Fri Mar 12 2021 Adam Williamson <awilliam@redhat.com> - 248~rc2-6
+- Disable resolved cache via config snippet (#1933433)
+
+* Thu Mar 11 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc2-5
+- Fix crash in pid1 during daemon-reexec (#1931034)
+
+* Fri Mar 05 2021 Adam Williamson <awilliam@redhat.com> - 248~rc2-3
+- Fix stub resolver CNAME chain resolving (#1933433)
+
+* Mon Mar 01 2021 Josh Boyer <jwboyer@fedoraproject.org> - 248~rc2-2
+- Don't set the fallback hostname to Fedora on non-Fedora OSes
+
+* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc2-1
+- Latest upstream prelease, just a bunch of small fixes.
+- Fixes #1931957.
+
+* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc1-2
+- Rebuild with the newest scriptlets
+
+* Tue Feb 23 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 248~rc1-1
+- Latest upstream prerelease, see
+ https://github.com/systemd/systemd/blob/v248-rc1/NEWS.
+- Fixes #1614751 by only restarting services at the end of transcation.
+ Various packages need to be rebuilt to have the updated macros.
+- Fixes #1879028, though probably not completely.
+- Fixes #1925805, #1928235.
+
+* Wed Feb 17 2021 Michel Alexandre Salim <salimma@fedoraproject.org> - 247.3-3
+- Increase oomd user memory pressure limit to 10% (#1929856)
+
+* Fri Feb 5 2021 Anita Zhang <the.anitazha@gmail.com> - 247.3-2
+- Changes for https://fedoraproject.org/wiki/Changes/EnableSystemdOomd.
+- Backports consist primarily of PR #18361, #18444, and #18401 (plus some
+ additional ones to handle merge conflicts).
+- Create systemd-oomd-defaults subpackage to install unit drop-ins that will
+ configure systemd-oomd to monitor and act.
+
+* Tue Feb 2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.3-1
+- Minor stable release
+- Fixes #1895937, #1813219, #1903106.
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jan 13 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.2-2
+- Fix bfq patch again (#1813219)
+
+* Wed Dec 23 2020 Jonathan Underwood <jonathan.underwood@gmail.com> - 247.2-2
+- Add patch to enable crypttab to support disabling of luks read and
+ write workqueues (corresponding to
+ https://github.com/systemd/systemd/pull/18062/).
+
+* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.2-1
+- Minor stable release
+- Fixes #1908071.
+
+* Tue Dec 8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.1-3
+- Rebuild with fallback hostname change reverted.
+
+* Fri Dec 04 2020 Bastien Nocera <bnocera@redhat.com> - 247.1-2
+- Unset fallback-hostname as plenty of applications expected localhost
+ to mean "default hostname" without ever standardising it (#1892235)
+
+* Tue Dec 1 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.1-1
+- Latest stable release
+- Fixes #1902819.
+- Files to configure networking with systemd-networkd in a VM or container are
+ moved to systemd-networkd subpackage. (They were previously in the -container
+ subpackage, which is for container/VM management.)
+
+* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247-1
+- Update to the latest version
+- #1900878 should be fixed
+
+* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247~rc2
+- New upstream pre-release. See
+ https://github.com/systemd/systemd/blob/v247-rc1/NEWS.
+ Many smaller and bigger improvements and features are introduced.
+ (#1885101, #1890632, #1879216)
+
+ A backwards-incompatible change affects PCI network devices which
+ are connected through a bridge which is itself associated with a
+ slot. When more than one device was associated with the same slot,
+ one of the devices would pseudo-randomly get named after the slot.
+ That name is now not generated at all. This changed behaviour is
+ causes the net naming scheme to be changed to "v247". To restore
+ previous behaviour, specify net.naming-scheme=v245.
+
+ systemd-oomd is built, but should not be considered "production
+ ready" at this point. Testing and bug reports are welcome.
+
+* Wed Sep 30 2020 Dusty Mabe <dusty@dustymabe.com> - 246.6-3
+- Try to make files in subpackages (especially the networkd subpackage)
+ more appropriate.
+
+* Thu Sep 24 2020 Filipe Brandenburger <filbranden@gmail.com> - 246.6-2
+- Build a package with standalone binaries for non-systemd systems.
+ For now, only systemd-sysusers is included.
+
+* Thu Sep 24 2020 Christian Glombek <lorbus@fedoraproject.org> - 246.6-2
+- Split out networkd sub-package and add to main package as recommended dependency
+
+* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.6-1
+- Update to latest stable release (various minor fixes: manager,
+ networking, bootct, kernel-install, systemd-dissect, systemd-homed,
+ fstab-generator, documentation) (#1876905)
+- Do not fail in test because of kernel bug (#1803070)
+
+* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.5-1
+- Update to latest stable release (a bunch of small network-related
+ fixes in systemd-networkd and socket handling, documentation updates,
+ a bunch of fixes for error handling).
+- Also remove existing file when creating /etc/resolv.conf symlink
+ upon installation (#1873856 again)
+
+* Wed Sep 2 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.4-1
+- Update to latest stable version: a rework of how the unit cache mtime works
+ (hopefully #1872068, #1871327, #1867930), plus various fixes to
+ systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent,
+ systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for
+ instantiated units, documentation and shell completions.
+- Create /etc/resolv.conf symlink upon installation (#1873856)
+- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable
+ mdns by default in systemd-resolved (#1867830)
+
+* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.3-1
+- Update to bugfix version (some networkd fixes, minor documentation
+ fixes, relax handling of various error conditions, other fixlets for
+ bugs without bugzilla numbers).
+
+* Mon Aug 17 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.2-1
+- A few minor bugfixes
+- Adjust seccomp filter for kernel 5.8 and glibc 2.32 (#1869030)
+- Create /etc/resolv.conf symlink on upgrade (#1867865)
+
+* Fri Aug 7 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.1-1
+- A few minor bugfixes
+- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so
+ that systemd-resolved can take over the management of the symlink.
+
+* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246-1
+- Update to released version. Only some minor bugfixes since the pre-release.
+
+* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246~rc2-2
+- Make /tmp be 50% of RAM again (#1856514)
+- Re-run 'systemctl preset systemd-resolved' on upgrades.
+ /etc/resolv.conf is not modified, by a hint is emitted if it is
+ managed by NetworkManager.
+
+* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246~rc2-1
+- New pre-release with incremental fixes
+ (#1856037, #1858845, #1856122, #1857783)
+- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR
+ and mDNS support in resolve-only mode by default).
+ See https://fedoraproject.org/wiki/Changes/systemd-resolved.
+
+* Thu Jul 9 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246~rc1-1
+- New upstream release, see
+ https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS.
+
+ This release includes many new unit settings, related inter alia to
+ cgroupsv2 freezer support and cpu affinity, encryption and verification.
+ systemd-networkd has a ton of new functionality and many other tools gained
+ smaller enhancements. systemd-homed gained FIDO2 support.
+
+ Documentation has been significantly improved: sd-bus and sd-hwdb
+ libraries are now fully documented; man pages have been added for
+ the D-BUS APIs of systemd daemons and various new interfaces.
+
+ Closes #1392925, #1790972, #1197886, #1525593.
+
+* Wed Jun 24 2020 Bastien Nocera <bnocera@redhat.com> - 245.6-3
+- Set fallback-hostname to fedora so that unset hostnames are still
+ recognisable (#1392925)
+
+* Tue Jun 2 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.6-2
+- Add self-obsoletes to fix upgrades from F31
+
+* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.6-1
+- Update to latest stable version (some documentation updates, minor
+ memory correctness issues) (#1815605, #1827467, #1842067)
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 245.5-2
+- Add explicit BuildRequires: acl
+- Bootstrapping for json-c SONAME bump
+
+* Fri Apr 17 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.5-1
+- Update to latest stable version (#1819313, #1815412, #1800875)
+
+* Thu Apr 16 2020 Björn Esser <besser82@fedoraproject.org> - 245.4-2
+- Add bootstrap option to break circular deps on cryptsetup
+
+* Wed Apr 1 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.4-1
+- Update to latest stable version (#1814454)
+
+* Thu Mar 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.3-1
+- Update to latest stable version (no issue that got reported in bugzilla)
+
+* Wed Mar 18 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.2-1
+- Update to latest stable version (a few bug fixes for random things) (#1798776)
+
+* Fri Mar 6 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245-1
+- Update to latest version (#1807485)
+
+* Wed Feb 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245~rc2-1
+- Modify the downstream udev rule to use bfq to only apply to disks (#1803500)
+- "Upgrade" dependency on kbd package from Recommends to Requires (#1408878)
+- Move systemd-bless-boot.service and systemd-boot-system-token.service to
+ systemd-udev subpackage (#1807462)
+- Move a bunch of other services to systemd-udev:
+ systemd-pstore.service, all fsck-related functionality,
+ systemd-volatile-root.service, systemd-verity-setup.service, and a few
+ other related files.
+- Fix daemon-reload rule to not kill non-systemd pid1 (#1803240)
+- Fix namespace-related failure when starting systemd-homed (#1807465) and
+ group lookup failure in nss_systemd (#1809147)
+- Drop autogenerated BOOT_IMAGE= parameter from stored kernel command lines
+ (#1716164)
+- Don't require /proc to be mounted for systemd-sysusers to work (#1807768)
+
+* Fri Feb 21 2020 Filipe Brandenburger <filbranden@gmail.com> - 245~rc1-4
+- Update daemon-reexec fallback to check whether the system is booted with
+ systemd as PID 1 and check whether we're upgrading before using kill -TERM
+ on PID 1 (#1803240)
+
+* Tue Feb 18 2020 Adam Williamson <awilliam@redhat.com> - 245~rc1-3
+- Revert 097537f0 to fix plymouth etc. running when they shouldn't (#1803293)
+
+* Fri Feb 7 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245~rc1-2
+- Add default 'disable *' preset for user units (#1792474, #1468501),
+ see https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units.
+- Add macro to generate "compat" scriptlets based off sysusers.d format
+ and autogenerate user() and group() virtual provides (#1792462),
+ see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format.
+- Revert patch to udev rules causing regression with usb hubs (#1800820).
+
+* Wed Feb 5 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245~rc1-1
+- New upstream release, see
+ https://raw.githubusercontent.com/systemd/systemd/v245-rc1/NEWS.
+
+ This release includes completely new functionality: systemd-repart,
+ systemd-homed, user reconds in json, and multi-instantiable
+ journald, and a partial rework of internal communcation to use
+ varlink, and bunch of more incremental changes.
+
+ The "predictable" interface name naming scheme is changed,
+ net.naming-scheme= can be used to undo the change. The change applies
+ to container interface names on the host.
+
+- Fixes #1774242, #1787089, #1798414/CVE-2020-1712.
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Dec 21 2019 <zbyszek@nano-f31> - 244.1-2
+- Disable service watchdogs (for systemd units)
+
+* Sun Dec 15 2019 <zbyszek@nano-f31> - 244.1-1
+- Update to latest stable batch (systemd-networkd fixups, better
+ support for seccomp on s390x, minor cleanups to documentation).
+- Drop patch to revert addition of NoNewPrivileges to systemd units
+
+* Fri Nov 29 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 244-1
+- Update to latest version. Just minor bugs fixed since the pre-release.
+
+* Fri Nov 22 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 244~rc1-1
+- Update to latest pre-release version,
+ see https://github.com/systemd/systemd/blob/master/NEWS#L3.
+ Biggest items: cgroups v2 cpuset controller, fido_id builtin in udev,
+ systemd-networkd does not create a default route for link local addressing,
+ systemd-networkd supports dynamic reconfiguration and a bunch of new settings.
+ Network files support matching on WLAN SSID and BSSID.
+- Better error messages when preset/enable/disable are used with a glob (#1763488)
+- u2f-hidraw-policy package is obsoleted (#1753381)
+
+* Tue Nov 19 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243.4
+- Latest bugfix release. Systemd-stable snapshots will now be numbered.
+- Fix broken PrivateDevices filter on big-endian, s390x in particular (#1769148)
+- systemd-modules-load.service should only warn, not fail, on error (#1254340)
+- Fix incorrect certificate validation with DNS over TLS (#1771725, #1771726,
+ CVE-2018-21029)
+- Fix regression with crypttab keys with colons
+- Various memleaks and minor memory access issues, warning adjustments
+
+* Fri Oct 18 2019 Adam Williamson <awilliam@redhat.com> - 243-4.gitef67743
+- Backport PR #13792 to fix nomodeset+BIOS CanGraphical bug (#1728240)
+
+* Thu Oct 10 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243-3.gitef67743
+- Various minor documentation and error message cleanups
+- Do not use cgroup v1 hierarchy in nspawn on groups v2 (#1756143)
+
+* Sat Sep 21 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243-2.gitfab6f01
+- Backport a bunch of patches (memory access issues, improvements to error
+ reporting and handling in networkd, some misleading man page contents #1751363)
+- Fix permissions on static nodes (#1740664)
+- Make systemd-networks follow the RFC for DHPCv6 and radv timeouts
+- Fix one crash in systemd-resolved (#1703598)
+- Make journal catalog creation reproducible (avoid unordered hashmap use)
+- Mark the accelerometer in HP laptops as part of the laptop base
+- Fix relabeling of directories with relabel-extra.d/
+- Fix potential stuck noop jobs in pid1
+- Obsolete timedatex package (#1735584)
+
+* Tue Sep 3 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243-1
+- Update to latest release
+- Emission of Session property-changed notifications from logind is fixed
+ (this was breaking the switching of sessions to and from gnome).
+- Security issue: unprivileged users were allowed to change DNS
+ servers configured in systemd-resolved. Now proper polkit authorization
+ is required.
+
+* Mon Aug 26 2019 Adam Williamson <awilliam@redhat.com> - 243~rc2-2
+- Backport PR #13406 to solve PATH ordering issue (#1744059)
+
+* Thu Aug 22 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243~rc2-1
+- Update to latest pre-release. Fixes #1740113, #1717712.
+- The default scheduler for disks is set to BFQ (1738828)
+- The default cgroup hierarchy is set to unified (cgroups v2) (#1732114).
+ Use systemd.unified-cgroup-hierarchy=0 on the kernel command line to revert.
+ See https://fedoraproject.org/wiki/Changes/CGroupsV2.
+
+* Wed Aug 07 2019 Adam Williamson <awilliam@redhat.com> - 243~rc1-2
+- Backport PR #1737362 so we own /etc/systemd/system again (#1737362)
+
+* Tue Jul 30 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 243~rc1-1
+- Update to latest version (#1715699, #1696373, #1711065, #1718192)
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242-6.git9d34e79
+- Ignore bad rdrand output on AMD CPUs (#1729268)
+- A bunch of backported patches from upstream: documentation, memory
+ access fixups, command output tweaks (#1708996)
+
+* Tue Jun 25 2019 Björn Esser <besser82@fedoraproject.org>- 242-5.git7a6d834
+- Rebuilt (libqrencode.so.4)
+
+* Tue Jun 25 2019 Miro Hrončok <mhroncok@redhat.com>- 242-4.git7a6d834
+- Rebuilt for iptables update (libip4tc.so.2)
+
+* Fri Apr 26 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242-3.git7a6d834
+- Add symbol to mark vtable format changes (anything using sd_add_object_vtable
+ or sd_add_fallback_vtable needs to be rebuilt)
+- Fix wireguard ListenPort handling in systemd-networkd
+- Fix hang in flush_accept (#1702358)
+- Fix handling of RUN keys in udevd
+- Some documentation and shell completion updates and minor fixes
+
+* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 242-2
+- Rebuild with Meson fix for #1699099
+
+* Thu Apr 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242-1
+- Update to latest release
+- Make scriptlet failure non-fatal
+
+* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242~rc4-1
+- Update to latest prerelease
+
+* Thu Apr 4 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242~rc3-1
+- Update to latest prerelease
+
+* Wed Apr 3 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 242~rc2-1
+- Update to the latest prerelease.
+- The bug reported on latest update that systemd-resolved and systemd-networkd are
+ re-enabled after upgrade is fixed.
+
+* Fri Mar 29 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241-4.gitcbf14c9
+- Backport various patches from the v241..v242 range:
+ kernel-install will not create the boot loader entry automatically (#1648907),
+ various bash completion improvements (#1183769),
+ memory leaks and such (#1685286).
+
+* Thu Mar 14 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241-3.gitc1f8ff8
+- Declare hyperv and framebuffer devices master-of-seat again (#1683197)
+
+* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241-2.gita09c170
+- Prevent buffer overread in systemd-udevd
+- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454)
+
+* Sat Feb 9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241~rc2-2
+- Turn LTO back on
+
+* Tue Feb 5 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241~rc2-1
+- Update to latest release -rc2
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sun Jan 27 2019 Yu Watanabe <watanabe.yu@gmail.com> - 241~rc1-2
+- Backport a patch for kernel-install
+
+* Sat Jan 26 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241~rc1-1
+- Update to latest release -rc1
+
+* Tue Jan 15 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-6.gitf02b547
+- Add a work-around for #1663040
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org>
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-4.gitf02b547
+- Add a work-around for selinux issue on live images (#1663040)
+
+* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-3.gitf02b547
+- systemd-journald and systemd-journal-remote reject entries which
+ contain too many fields (CVE-2018-16865, #1664973) and set limits on the
+ process' command line length (CVE-2018-16864, #1664972)
+- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857)
+- A fix for systemd-udevd crash (#1662303)
+
+* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-2
+- Add two more patches that revert recent udev changes
+
+* Fri Dec 21 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-1
+- Update to latest release
+ See https://github.com/systemd/systemd/blob/master/NEWS for the list of changes.
+
+* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-10.git9f3aed1
+- Hibernation checks for resume= are rescinded (#1645870)
+- Various patches:
+ - memory issues in logind, networkd, journald (#1653068), sd-device, etc.
+ - Adaptations for newer meson, lz4, kernel
+ - Fixes for misleading bugs in documentation
+- net.ipv4.conf.all.rp_filter is changed from 1 to 2
+
+* Thu Nov 29 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+- Adjust scriptlets to modify /etc/authselect/user-nsswitch.conf
+ (see https://github.com/pbrezina/authselect/issues/77)
+- Drop old scriptlets for nsswitch.conf modifications for nss-mymachines and nss-resolve
+
+* Sun Nov 18 2018 Alejandro Domínguez Muñoz <adomu@net-c.com>
+- Remove link creation for rsyslog.service
+
+* Thu Nov 8 2018 Adam Williamson <awilliam@redhat.com> - 239-9.git9f3aed1
+- Go back to using systemctl preset-all in %%post (#1647172, #1118740)
+
+* Mon Nov 5 2018 Adam Williamson <awilliam@redhat.com> - 239-8.git9f3aed1
+- Requires(post) openssl-libs to fix live image build machine-id issue
+ See: https://pagure.io/dusty/failed-composes/issue/960
+
+* Mon Nov 5 2018 Yu Watanabe <watanabe.yu@gmail.com>
+- Set proper attributes to private directories
+
+* Fri Nov 2 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-7.git9f3aed1
+- Split out the rpm macros into systemd-rpm-macros subpackage (#1645298)
+
+* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-6.git9f3aed1
+- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)
+- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)
+- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
+- The DHCP server is started only when link is UP
+- DHCPv6 prefix delegation is improved
+- Downgrade logging of various messages and add loging in other places
+- Many many fixes in error handling and minor memory leaks and such
+- Fix typos and omissions in documentation
+- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
+- Matching by MACAddress= in systemd-networkd is fixed
+- Creation of user runtime directories is improved, and the user
+ manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
+- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0
+- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression.
+- "systemctl --wait start" exits immediately if no valid units are named
+- zram devices are not considered as candidates for hibernation
+- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)
+- Various smaller improvements to unit ordering and dependencies
+- generators are now called with the manager's environment
+- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
+- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where
+ the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
+- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user
+ threads are used by bpfilter.
+- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present
+- Hibernation is not advertised if resume= is not present on the kernenl command line
+- Hibernation/Suspend/... modes can be disabled using AllowSuspend=,
+ AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
+- LOGO= and DOCUMENTATION_URL= are documented for the os-release file
+- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries
+- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects
+- Catalog entries for the journal are improved (#1639482)
+- If suspend fails, the post-suspend hooks are still called.
+- Various build issues on less-common architectures are fixed
+
+* Wed Oct 3 2018 Jan Synáček <jsynacek@redhat.com> - 239-5
+- Fix meson using -Ddebug, which results in FTBFS
+- Fix line_begins() to accept word matching full string (#1631840)
+
+* Mon Sep 10 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-4
+- Move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626969)
+
+* Wed Jul 18 2018 Terje Rosten <terje.rosten@ntnu.no> - 239-3
+- Ignore return value from systemd-binfmt in scriptlet (#1565425)
+
+* Sun Jul 15 2018 Filipe Brandenburger <filbranden@gmail.com>
+- Override systemd-user PAM config in install and not prep
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jun 25 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+- Rebuild for Python 3.7 again
+
+* Fri Jun 22 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-1
+- Update to latest version, mostly bug fixes and new functionality,
+ very little breaking changes. See
+ https://github.com/systemd/systemd/blob/v239/NEWS for details.
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com>
+- Rebuilt for Python 3.7
+
+* Fri May 11 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-8.git0e0aa59
+- Backport a number of patches (documentation, hwdb updates)
+- Fixes for tmpfiles 'e' entries
+- systemd-networkd crashes
+- XEN virtualization detection on hyper-v
+- Avoid relabelling /sys/fs/cgroup if not needed (#1576240)
+
+* Wed Apr 18 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-7.fc28.1
+- Allow fake Delegate= setting on slices (#1568594)
+
+* Wed Mar 28 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-7
+- Move udev transfiletriggers to the right package, fix quoting
+
+* Tue Mar 27 2018 Colin Walters <walters@verbum.org> - 238-6
+- Use shell for triggers; see https://github.com/systemd/systemd/pull/8550
+ This fixes compatibility with rpm-ostree.
+
+* Tue Mar 20 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-5
+- Backport patch to revert inadvertent change of "predictable" interface name (#1558027)
+
+* Fri Mar 16 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-4
+- Do not close dbus connection during dbus reload call (#1554578)
+
+* Wed Mar 7 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-3
+- Revert the patches for GRUB BootLoaderSpec support
+- Add patch for /etc/machine-id creation (#1552843)
+
+* Tue Mar 6 2018 Yu Watanabe <watanabe.yu@gmail.com> - 238-2
+- Fix transfiletrigger script (#1551793)
+
+* Mon Mar 5 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-1
+- Update to latest version
+- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954)
+- New transfiletriggers are installed for udev hwdb and rules, the journal
+ catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d.
+
+* Tue Feb 27 2018 Javier Martinez Canillas <javierm@redhat.com> - 237-7.git84c8da5
+- Add patch to install kernel images for GRUB BootLoaderSpec support
+
+* Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 237-6.git84c8da5
+- Create /etc/systemd in %%post libs if necessary (#1548607)
+
+* Fri Feb 23 2018 Adam Williamson <awilliam@redhat.com> - 237-5.git84c8da5
+- Use : not touch to create file in -libs %%post
+
+* Thu Feb 22 2018 Patrick Uiterwijk <patrick@puiterwijk.org> - 237-4.git84c8da5
+- Add coreutils dep for systemd-libs %%post
+- Add patch to typecast USB IDs to avoid compile failure
+
+* Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 237-3.git84c8da5
+- Update some patches for test skipping that were updated upstream
+ before merging
+- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined
+ correctly and possibly replace existing mappings
+
+* Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 237-2.gitdff4849
+- Backport a bunch of patches, most notably for the journal and various
+ memory issues. Some minor build fixes.
+- Switch to new ldconfig macros that do nothing in F28+
+- /etc/systemd/dont-synthesize-nobody is created in %%post if nfsnobody
+ or nobody users are defined (#1537262)
+
+* Fri Feb 9 2018 Zbigniew Jędrzejeweski-Szmek <zbyszek@in.waw.pl> - 237-1.git78bd769
+- Update to first stable snapshot (various minor memory leaks and misaccesses,
+ some documentation bugs, build fixes).
+
+* Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 237-1
+- Update to latest version
+
+* Sun Jan 21 2018 Björn Esser <besser82@fedoraproject.org> - 236-4.git3e14c4c
+- Add patch to include <crypt.h> if needed
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 236-3.git3e14c4c
+- Rebuilt for switch to libxcrypt
+
+* Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 236-2.git23e14c4
+- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621
+ various memory corruptions in systemd-networkd)
+- /dev/kvm is marked as a static node which fixes permissions on s390x
+ and ppc64 (#1532382)
+
+* Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 236-1
+- Update to latest version
+
+* Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-5.git4a0e928
+- Update to latest git snapshot, do not build for realz
+- Switch to libidn2 again (#1449145)
+
+* Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-4
+- Rebuild for cryptsetup-2.0.0-0.2.fc28
+
+* Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-3
+- Backport a bunch of patches, including LP#172535
+
+* Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-2
+- Patches for cryptsetup _netdev
+
+* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-1
+- Update to latest version
+
+* Tue Sep 26 2017 Nathaniel McCallum <npmccallum@redhat.com> - 234-8
+- Backport /etc/crypttab _netdev feature from upstream
+
+* Thu Sep 21 2017 Michal Sekletar <msekleta@redhat.com> - 234-7
+- Make sure to remove all device units sharing the same sysfs path (#1475570)
+
+* Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-6
+- Bump xslt recursion limit for libxslt-1.30
+
+* Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-5
+- Backport more patches (#1476005, hopefully #1462378)
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-3
+- Fix x-systemd.timeout=0 in /etc/fstab (#1462378)
+- Minor patches (memleaks, --help fixes, seccomp on arm64)
+
+* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-2
+- Create kvm group (#1431876)
+
+* Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 234-1
+- Latest release
+
+* Sat Jul 1 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-7.git74d8f1c
+- Update to snapshot
+- Build with meson again
+
+* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-6
+- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445)
+
+* Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-5.gitec36d05
+- Update to snapshot version, build with meson
+
+* Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-4
+- Backport a bunch of small fixes (memleaks, wrong format strings,
+ man page clarifications, shell completion)
+- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)
+- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686)
+- Drop soft-static uid for systemd-journal-gateway
+- Use ID from /etc/os-release as ntpvendor
+
+* Thu Mar 16 2017 Michal Sekletar <msekleta@redhat.com> - 233-3
+- Backport bugfixes from upstream
+- Don't return error when machinectl couldn't figure out container IP addresses (#1419501)
+
+* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-2
+- Fix installation conflict with polkit
+
+* Thu Mar 2 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 233-1
+- New upstream release (#1416201, #1405439, #1420753, many others)
+- New systemd-tests subpackage with "installed tests"
+
+* Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-15
+- Add %%ghost %%dir entries for .wants dirs of our targets (#1422894)
+
+* Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-14
+- Ignore the hwdb parser test
+
+* Tue Feb 14 2017 Jan Synáček <jsynacek@redhat.com> - 232-14
+- machinectl fails when virtual machine is running (#1419501)
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 232-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-12
+- Backport patch for initrd-switch-root.service getting killed (#1414904)
+- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE
+ extraction by sd-coredump.
+
+* Sun Jan 29 2017 zbyszek <zbyszek@in.waw.pl> - 232-11
+- Backport a number of patches (#1411299, #1413075, #1415745,
+ ##1415358, #1416588, #1408884)
+- Fix various memleaks and unitialized variable access
+- Shell completion enhancements
+- Enable TPM logging by default (#1411156)
+- Update hwdb (#1270124)
+
+* Thu Jan 19 2017 Adam Williamson <awilliam@redhat.com> - 232-10
+- Backport fix for boot failure in initrd-switch-root (#1414904)
+
+* Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-9
+- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam
+ is available as multilib (#1414153)
+
+* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-8
+- Fix buildsystem to check for lz4 correctly (#1404406)
+
+* Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-7
+- Various small tweaks to scriplets
+
+* Sat Jan 07 2017 Kevin Fenzi <kevin@scrye.com> - 232-6
+- Fix scriptlets to never fail in libs post
+
+* Fri Jan 06 2017 Kevin Fenzi <kevin@scrye.com> - 232-5
+- Add patch from Michal Schmidt to avoid process substitution (#1392236)
+
+* Sun Nov 6 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-4
+- Rebuild (#1392236)
+
+* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-3
+- Make /etc/dbus-1/system.d directory non-%%ghost
+
+* Fri Nov 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-2
+- Fix kernel-install (#1391829)
+- Restore previous systemd-user PAM config (#1391836)
+- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833)
+- Fix permissions on /var/lib/systemd/journal-upload (#1262665)
+
+* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-1
+- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161)
+- Add %%{_isa} to Provides on arch-full packages (#1387912)
+- Create systemd-coredump user in %%pre (#1309574)
+- Replace grubby patch with a short-circuiting install.d "plugin"
+- Enable nss-systemd in the passwd, group lines in nsswith.conf
+- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf
+- Move systemd-nspawn man pages to the right subpackage (#1391703)
+
+* Tue Oct 18 2016 Jan Synáček <jsynacek@redhat.com> - 231-11
+- SPC - Cannot restart host operating from container (#1384523)
+
+* Sun Oct 9 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-10
+- Do not recreate /var/log/journal on upgrades (#1383066)
+- Move nss-myhostname provides to systemd-libs (#1383271)
+
+* Fri Oct 7 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-9
+- Fix systemctl set-default (#1374371)
+- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974)
+
+* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-8
+- Apply fix for #1378974
+
+* Mon Oct 3 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-7
+- Apply patches properly
+
+* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-6
+- Better fix for (#1380286)
+
+* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-5
+- Denial-of-service bug against pid1 (#1380286)
+
+* Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-4
+- Fix preset-all (#1363858)
+- Fix issue with daemon-reload messing up graphics (#1367766)
+- A few other bugfixes
+
+* Wed Aug 03 2016 Adam Williamson <awilliam@redhat.com> - 231-3
+- Revert preset-all change, it broke stuff (#1363858)
+
+* Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 231-2
+- Call preset-all on initial installation (#1118740)
+- Fix botched Recommends for libxkbcommon
+
+* Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 231-1
+- Update to latest version
+
+* Wed Jun 8 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 230-3
+- Update to latest git snapshot (fixes for systemctl set-default,
+ polkit lingering policy, reversal of the framebuffer rules,
+ unaligned access fixes, fix for StartupBlockIOWeight-over-dbus).
+ Those changes are interspersed with other changes and new features
+ (mostly in lldp, networkd, and nspawn). Some of those new features
+ might not work, but I think that existing functionality should not
+ be broken, so it seems worthwile to update to the snapshot.
+
+* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 230-2
+- Remove systemd-compat-libs on upgrade
+
+* Sat May 21 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 230-1
+- New version
+- Drop compat-libs
+- Require libxkbcommon explictly, since the automatic dependency will
+ not be generated anymore
+
+* Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-15
+- Remove duplicated entries in -container %%files (#1330395)
+
+* Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-14
+- Move installation of udev services to udev subpackage (#1329023)
+
+* Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-13
+- Split out systemd-pam subpackage (#1327402)
+
+* Mon Apr 18 2016 Harald Hoyer <harald@redhat.com> - 229-12
+- move more binaries and services from the main package to subpackages
+
+* Mon Apr 18 2016 Harald Hoyer <harald@redhat.com> - 229-11
+- move more binaries and services from the main package to subpackages
+
+* Mon Apr 18 2016 Harald Hoyer <harald@redhat.com> - 229-10
+- move device dependant stuff to the udev subpackage
+
+* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-9
+- Add myhostname to /etc/nsswitch.conf (#1318303)
+
+* Mon Mar 21 2016 Harald Hoyer <harald@redhat.com> - 229-8
+- fixed kernel-install for copying files for grubby
+Resolves: rhbz#1299019
+
+* Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-7
+- Moar patches (#1316964, #1317928)
+- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev
+- Protect systemd-udev from deinstallation
+
+* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-6
+- Create /etc/resolv.conf symlink from systemd-resolved (#1313085)
+
+* Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-5
+- Split out systemd-container subpackage (#1163412)
+- Split out system-udev subpackage
+- Add various bugfix patches, incl. a tentative fix for #1308771
+
+* Tue Mar 1 2016 Peter Robinson <pbrobinson@fedoraproject.org> 229-4
+- Power64 and s390(x) now have libseccomp support
+- aarch64 has gnu-efi
+
+* Tue Feb 23 2016 Jan Synáček <jsynacek@redhat.com> - 229-3
+- Fix build failures on ppc64 (#1310800)
+
+* Tue Feb 16 2016 Dennis Gilmore <dennis@ausil.us> - 229-2
+- revert: fixed kernel-install for copying files for grubby
+Resolves: rhbz#1299019
+- this causes the dtb files to not get installed at all and the fdtdir
+- line in extlinux.conf to not get updated correctly
+
+* Thu Feb 11 2016 Michal Sekletar <msekleta@redhat.com> - 229-1
+- New upstream release
+
+* Thu Feb 11 2016 Harald Hoyer <harald@redhat.com> - 228-10.gite35a787
+- fixed kernel-install for copying files for grubby
+Resolves: rhbz#1299019
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 228-9.gite35a787
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jan 27 2016 Peter Robinson <pbrobinson@fedoraproject.org> 228-8.gite35a787
+- Rebuild for binutils on aarch64 fix
+
+* Fri Jan 08 2016 Dan Horák <dan[at]danny.cz> - 228-7.gite35a787
+- apply the conflict with fedora-release only in Fedora
+
+* Thu Dec 10 2015 Jan Synáček <jsynacek@redhat.com> - 228-6.gite35a787
+- Fix rawhide build failures on ppc64 (#1286249)
+
+* Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 228-6.gite35a787
+- Create /etc/systemd/network (#1286397)
+
+* Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 228-5.gite35a787
+- Do not install nss modules by default
+
+* Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 228-4.gite35a787
+- Update to latest upstream git: there is a bunch of fixes
+ (nss-mymachines overflow bug, networkd fixes, more completions are
+ properly installed), mixed with some new resolved features.
+- Rework file triggers so that they always run before daemons are restarted
+
+* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 228-3
+- Enable rpm file triggers for daemon-reload
+
+* Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 228-2
+- Fix version number in obsoleted package name (#1283452)
+
+* Wed Nov 18 2015 Kay Sievers <kay@redhat.com> - 228-1
+- New upstream release
+
+* Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 227-7
+- Rename journal-gateway subpackage to journal-remote
+- Ignore the access mode on /var/log/journal (#1048424)
+- Do not assume fstab is present (#1281606)
+
+* Wed Nov 11 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 227-6
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
+* Tue Nov 10 2015 Lukáš Nykrýn <lnykryn@redhat.com> - 227-5
+- Rebuild for libmicrohttpd soname bump
+
+* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 227-4
+- Rebuilt for Python3.5 rebuild
+
+* Wed Nov 4 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 227-3
+- Fix syntax in kernel-install (#1277264)
+
+* Tue Nov 03 2015 Michal Schmidt <mschmidt@redhat.com> - 227-2
+- Rebuild for libmicrohttpd soname bump.
+
+* Wed Oct 7 2015 Kay Sievers <kay@redhat.com> - 227-1
+- New upstream release
+
+* Fri Sep 18 2015 Jan Synáček <jsynacek@redhat.com> - 226-3
+- user systemd-journal-upload should be in systemd-journal group (#1262743)
+
+* Fri Sep 18 2015 Kay Sievers <kay@redhat.com> - 226-2
+- Add selinux to system-user PAM config
+
+* Tue Sep 8 2015 Kay Sievers <kay@redhat.com> - 226-1
+- New upstream release
+
+* Thu Aug 27 2015 Kay Sievers <kay@redhat.com> - 225-1
+- New upstream release
+
+* Fri Jul 31 2015 Kay Sievers <kay@redhat.com> - 224-1
+- New upstream release
+
+* Wed Jul 29 2015 Kay Sievers <kay@redhat.com> - 223-2
+- update to git snapshot
+
+* Wed Jul 29 2015 Kay Sievers <kay@redhat.com> - 223-1
+- New upstream release
+
+* Thu Jul 9 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 222-2
+- Remove python subpackages (python-systemd in now standalone)
+
+* Tue Jul 7 2015 Kay Sievers <kay@redhat.com> - 222-1
+- New upstream release
+
+* Mon Jul 6 2015 Kay Sievers <kay@redhat.com> - 221-5.git619b80a
+- update to git snapshot
+
+* Mon Jul 6 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@laptop> - 221-4.git604f02a
+- Add example file with yama config (#1234951)
+
+* Sun Jul 5 2015 Kay Sievers <kay@redhat.com> - 221-3.git604f02a
+- update to git snapshot
+
+* Mon Jun 22 2015 Kay Sievers <kay@redhat.com> - 221-2
+- build systemd-boot EFI tools
+
+* Fri Jun 19 2015 Lennart Poettering <lpoetter@redhat.com> - 221-1
+- New upstream release
+- Undoes botched translation check, should be reinstated later?
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 220-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Thu Jun 11 2015 Peter Robinson <pbrobinson@fedoraproject.org> 220-9
+- The gold linker is now fixed on aarch64
+
+* Tue Jun 9 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 220-8
+- Remove gudev which is now provided as separate package (libgudev)
+- Fix for spurious selinux denials (#1224211)
+- Udev change events (#1225905)
+- Patches for some potential crashes
+- ProtectSystem=yes does not touch /home
+- Man page fixes, hwdb updates, shell completion updates
+- Restored persistent device symlinks for bcache, xen block devices
+- Tag all DRM cards as master-of-seat
+
+* Tue Jun 09 2015 Harald Hoyer <harald@redhat.com> 220-7
+- fix udev block device watch
+
+* Tue Jun 09 2015 Harald Hoyer <harald@redhat.com> 220-6
+- add support for network disk encryption
+
+* Sun Jun 7 2015 Peter Robinson <pbrobinson@fedoraproject.org> 220-5
+- Disable gold on aarch64 until it's fixed (tracked in rhbz #1225156)
+
+* Sat May 30 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 220-4
+- systemd-devel should require systemd-libs, not the main package (#1226301)
+- Check for botched translations (#1226566)
+- Make /etc/udev/hwdb.d part of the rpm (#1226379)
+
+* Thu May 28 2015 Richard W.M. Jones <rjones@redhat.com> - 220-3
+- Add patch to fix udev --daemon not cleaning child processes
+ (upstream commit 86c3bece38bcf5).
+
+* Wed May 27 2015 Richard W.M. Jones <rjones@redhat.com> - 220-2
+- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08).
+
+* Thu May 21 2015 Lennart Poettering <lpoetter@redhat.com> - 220-1
+- New upstream release
+- Drop /etc/mtab hack, as that's apparently fixed in mock now (#1116158)
+- Remove ghosting for /etc/systemd/system/runlevel*.target, these
+ targets are not configurable anymore in systemd upstream
+- Drop work-around for #1002806, since this is solved upstream now
+
+* Wed May 20 2015 Dennis Gilmore <dennis@ausil.us> - 219-15
+- fix up the conflicts version for fedora-release
+
+* Wed May 20 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 219-14
+- Remove presets (#1221340)
+- Fix (potential) crash and memory leak in timedated, locking failure
+ in systemd-nspawn, crash in resolved.
+- journalctl --list-boots should be faster
+- zsh completions are improved
+- various ommissions in docs are corrected (#1147651)
+- VARIANT and VARIANT_ID fields in os-release are documented
+- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818)
+- systemd-tmpfiles should behave better on read-only file systems (#1207083)
+
+* Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 219-13
+- Patches for some outstanding annoyances
+- Small keyboard hwdb updates
+
+* Wed Apr 8 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 219-12
+- Tighten requirements between subpackages (#1207381).
+
+* Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 219-11
+- Move all parts systemd-journal-{remote,upload} to
+ systemd-journal-gatewayd subpackage (#1193143).
+- Create /var/lib/systemd/journal-upload directory (#1193145).
+- Cut out lots of stupid messages at debug level which were obscuring more
+ important stuff.
+- Apply "tentative" state for devices only when they are added, not removed.
+- Ignore invalid swap pri= settings (#1204336)
+- Fix SELinux check for timedated operations to enable/disable ntp (#1014315)
+- Fix comparing of filesystem paths (#1184016)
+
+* Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 219-10
+- Fixes for bugs 1186018, 1195294, 1185604, 1196452.
+- Hardware database update.
+- Documentation fixes.
+- A fix for journalctl performance regression.
+- Fix detection of inability to open files in journalctl.
+- Detect SuperH architecture properly.
+- The first of duplicate lines in tmpfiles wins again.
+- Do vconsole setup after loading vconsole driver, not fbcon.
+- Fix problem where some units were restarted during systemd reexec.
+- Fix race in udevadm settle tripping up NetworkManager.
+- Downgrade various log messages.
+- Fix issue where journal-remote would process some messages with a delay.
+- GPT /srv partition autodiscovery is fixed.
+- Reconfigure old Finnish keymaps in post (#1151958)
+
+* Tue Mar 10 2015 Jan Synáček <jsynacek@redhat.com> - 219-9
+- Buttons on Lenovo X6* tablets broken (#1198939)
+
+* Tue Mar 3 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 219-8
+- Reworked device handling (#1195761)
+- ACL handling fixes (with a script in %%post)
+- Various log messages downgraded (#1184712)
+- Allow PIE on s390 again (#1197721)
+
+* Wed Feb 25 2015 Michal Schmidt <mschmidt@redhat.com> - 219-7
+- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212)
+
+* Tue Feb 24 2015 Colin Walters <walters@redhat.com> - 219-6
+- Revert patch that breaks Atomic/OSTree (#1195761)
+
+* Fri Feb 20 2015 Michal Schmidt <mschmidt@redhat.com> - 219-5
+- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide.
+
+* Fri Feb 20 2015 Michal Schmidt <mschmidt@redhat.com> - 219-4
+- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes.
+
+* Wed Feb 18 2015 Michal Schmidt <mschmidt@redhat.com> - 219-3
+- arm: disabling gold did not help; disable lto instead (#1193212)
+
+* Tue Feb 17 2015 Peter Jones <pjones@redhat.com> - 219-2
+- Update 90-default.present for dbxtool.
+
+* Mon Feb 16 2015 Lennart Poettering <lpoetter@redhat.com> - 219-1
+- New upstream release
+- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736)
+- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink
+- This enables "%%check"
+- disable gold on arm, as that is broken (see #1193212)
+
+* Mon Feb 16 2015 Peter Robinson <pbrobinson@fedoraproject.org> 218-6
+- aarch64 now has seccomp support
+
+* Thu Feb 05 2015 Michal Schmidt <mschmidt@redhat.com> - 218-5
+- Don't overwrite systemd.macros with unrelated Source file.
+
+* Thu Feb 5 2015 Jan Synáček <jsynacek@redhat.com> - 218-4
+- Add a touchpad hwdb (#1189319)
+
+* Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 218-4
+- Enable xkbcommon dependency to allow checking of keymaps
+- Fix permissions of /var/log/journal (#1048424)
+- Enable timedatex in presets (#1187072)
+- Disable rpcbind in presets (#1099595)
+
+* Wed Jan 7 2015 Jan Synáček <jsynacek@redhat.com> - 218-3
+- RFE: journal: automatically rotate the file if it is unlinked (#1171719)
+
+* Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 218-3
+- Add firewall description files (#1176626)
+
+* Thu Dec 18 2014 Jan Synáček <jsynacek@redhat.com> - 218-2
+- systemd-nspawn doesn't work on s390/s390x (#1175394)
+
+* Wed Dec 10 2014 Lennart Poettering <lpoetter@redhat.com> - 218-1
+- New upstream release
+- Enable "nss-mymachines" in /etc/nsswitch.conf
+
+* Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 217-4
+- Change libgudev1 to only require systemd-libs (#727499), there's
+ no need to require full systemd stack.
+- Fixes for bugs #1159448, #1152220, #1158035.
+- Bash completions updates to allow propose more units for start/restart,
+ and completions for set-default,get-default.
+- Again allow systemctl enable of instances.
+- Hardware database update and fixes.
+- Udev crash on invalid options and kernel commandline timeout parsing are fixed.
+- Add "embedded" chassis type.
+- Sync before 'reboot -f'.
+- Fix restarting of timer units.
+
+* Wed Nov 05 2014 Michal Schmidt <mschmidt@redhat.com> - 217-3
+- Fix hanging journal flush (#1159641)
+
+* Fri Oct 31 2014 Michal Schmidt <mschmidt@redhat.com> - 217-2
+- Fix ordering cycles involving systemd-journal-flush.service and
+ remote-fs.target (#1159117)
+
+* Tue Oct 28 2014 Lennart Poettering <lpoetter@redhat.com> - 217-1
+- New upstream release
+
+* Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-12
+- Drop PackageKit.service from presets (#1154126)
+
+* Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-11
+- Conflict with old versions of initscripts (#1152183)
+- Remove obsolete Finnish keymap (#1151958)
+
+* Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-10
+- Fix a problem with voluntary daemon exits and some other bugs
+ (#1150477, #1095962, #1150289)
+
+* Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-9
+- Update to latest git, but without the readahead removal patch
+ (#1114786, #634736)
+
+* Wed Oct 01 2014 Kay Sievers <kay@redhat.com> - 216-8
+- revert "don't reset selinux context during CHANGE events"
+
+* Wed Oct 01 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 216-7
+- add temporary workaround for #1147910
+- don't reset selinux context during CHANGE events
+
+* Wed Sep 10 2014 Michal Schmidt <mschmidt@redhat.com> - 216-6
+- Update timesyncd with patches to avoid hitting NTP pool too often.
+
+* Tue Sep 09 2014 Michal Schmidt <mschmidt@redhat.com> - 216-5
+- Use common CONFIGURE_OPTS for build2 and build3.
+- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone.
+
+* Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-4
+- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580)
+
+* Thu Aug 28 2014 Peter Robinson <pbrobinson@fedoraproject.org> 216-3
+- Drop no LTO build option for aarch64/s390 now it's fixed in binutils (RHBZ 1091611)
+
+* Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 216-2
+- Re-add patch to disable resolve.conf symlink (#1043119)
+
+* Wed Aug 20 2014 Lennart Poettering <lpoetter@redhat.com> - 216-1
+- New upstream release
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 215-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Wed Aug 13 2014 Dan Horák <dan[at]danny.cz> 215-11
+- disable LTO also on s390(x)
+
+* Sat Aug 09 2014 Harald Hoyer <harald@redhat.com> 215-10
+- fixed PPC64LE
+
+* Wed Aug 6 2014 Tom Callaway <spot@fedoraproject.org> - 215-9
+- fix license handling
+
+* Wed Jul 30 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 215-8
+- Create systemd-journal-remote and systemd-journal-upload users (#1118907)
+
+* Thu Jul 24 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 215-7
+- Split out systemd-compat-libs subpackage
+
+* Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 215-6
+- Rebuilt for gobject-introspection 1.41.4
+
+* Mon Jul 21 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 215-5
+- Fix SELinux context of /etc/passwd-, /etc/group-, /etc/.updated (#1121806)
+- Add missing BR so gnutls and elfutils are used
+
+* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 215-4
+- Various man page updates
+- Static device node logic is conditionalized on CAP_SYS_MODULES instead of CAP_MKNOD
+ for better behaviour in containers
+- Some small networkd link handling fixes
+- vconsole-setup runs setfont before loadkeys (https://bugs.freedesktop.org/show_bug.cgi?id=80685)
+- New systemd-escape tool
+- XZ compression settings are tweaked to greatly improve journald performance
+- "watch" is accepted as chassis type
+- Various sysusers fixes, most importantly correct selinux labels
+- systemd-timesyncd bug fix (https://bugs.freedesktop.org/show_bug.cgi?id=80932)
+- Shell completion improvements
+- New udev tag ID_SOFTWARE_RADIO can be used to instruct logind to allow user access
+- XEN and s390 virtualization is properly detected
+
+* Mon Jul 07 2014 Colin Walters <walters@redhat.com> - 215-3
+- Add patch to disable resolve.conf symlink (#1043119)
+
+* Sun Jul 06 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 215-2
+- Move systemd-journal-remote to systemd-journal-gateway package (#1114688)
+- Disable /etc/mtab handling temporarily (#1116158)
+
+* Thu Jul 03 2014 Lennart Poettering <lpoetter@redhat.com> - 215-1
+- New upstream release
+- Enable coredump logic (which abrt would normally override)
+
+* Sun Jun 29 2014 Peter Robinson <pbrobinson@fedoraproject.org> 214-5
+- On aarch64 disable LTO as it still has issues on that arch
+
+* Thu Jun 26 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 214-4
+- Bugfixes (#996133, #1112908)
+
+* Mon Jun 23 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 214-3
+- Actually create input group (#1054549)
+
+* Sun Jun 22 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 214-2
+- Do not restart systemd-logind on upgrades (#1110697)
+- Add some patches (#1081429, #1054549, #1108568, #928962)
+
+* Wed Jun 11 2014 Lennart Poettering <lpoetter@redhat.com> - 214-1
+- New upstream release
+- Get rid of "floppy" group, since udev uses "disk" now
+- Reenable LTO
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 213-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed May 28 2014 Kay Sievers <kay@redhat.com> - 213-3
+- fix systemd-timesync user creation
+
+* Wed May 28 2014 Michal Sekletar <msekleta@redhat.com> - 213-2
+- Create temporary files after installation (#1101983)
+- Add sysstat-collect.timer, sysstat-summary.timer to preset policy (#1101621)
+
+* Wed May 28 2014 Kay Sievers <kay@redhat.com> - 213-1
+- New upstream release
+
+* Tue May 27 2014 Kalev Lember <kalevlember@gmail.com> - 212-6
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Fri May 23 2014 Adam Williamson <awilliam@redhat.com> - 212-5
+- revert change from 212-4, causes boot fail on single CPU boxes (RHBZ 1095891)
+
+* Wed May 07 2014 Kay Sievers <kay@redhat.com> - 212-4
+- add netns udev workaround
+
+* Wed May 07 2014 Michal Sekletar <msekleta@redhat.com> - 212-3
+- enable uuidd.socket by default (#1095353)
+
+* Sat Apr 26 2014 Peter Robinson <pbrobinson@fedoraproject.org> 212-2
+- Disable building with -flto for the moment due to gcc 4.9 issues (RHBZ 1091611)
+
+* Tue Mar 25 2014 Lennart Poettering <lpoetter@redhat.com> - 212-1
+- New upstream release
+
+* Mon Mar 17 2014 Peter Robinson <pbrobinson@fedoraproject.org> 211-2
+- Explicitly define which upstream platforms support libseccomp
+
+* Tue Mar 11 2014 Lennart Poettering <lpoetter@redhat.com> - 211-1
+- New upstream release
+
+* Mon Mar 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 210-8
+- Fix logind unpriviledged reboot issue and a few other minor fixes
+- Limit generator execution time
+- Recognize buttonless joystick types
+
+* Fri Mar 07 2014 Karsten Hopp <karsten@redhat.com> 210-7
+- ppc64le needs link warnings disabled, too
+
+* Fri Mar 07 2014 Karsten Hopp <karsten@redhat.com> 210-6
+- move ifarch ppc64le to correct place (libseccomp req)
+
+* Fri Mar 07 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 210-5
+- Bugfixes: #1047568, #1047039, #1071128, #1073402
+- Bash completions for more systemd tools
+- Bluetooth database update
+- Manpage fixes
+
+* Thu Mar 06 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 210-4
+- Apply work-around for ppc64le too (#1073647).
+
+* Sat Mar 01 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 210-3
+- Backport a few patches, add completion for systemd-nspawn.
+
+* Fri Feb 28 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 210-3
+- Apply work-arounds for ppc/ppc64 for bugs 1071278 and 1071284
+
+* Mon Feb 24 2014 Lennart Poettering <lpoetter@redhat.com> - 210-2
+- Check more services against preset list and enable by default
+
+* Mon Feb 24 2014 Lennart Poettering <lpoetter@redhat.com> - 210-1
+- new upstream release
+
+* Sun Feb 23 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 209-2.gitf01de96
+- Enable dnssec-triggerd.service by default (#1060754)
+
+* Sun Feb 23 2014 Kay Sievers <kay@redhat.com> - 209-2.gitf01de96
+- git snapshot to sort out ARM build issues
+
+* Thu Feb 20 2014 Lennart Poettering <lpoetter@redhat.com> - 209-1
+- new upstream release
+
+* Tue Feb 18 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-15
+- Make gpsd lazily activated (#1066421)
+
+* Mon Feb 17 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-14
+- Back out patch which causes user manager to be destroyed when unneeded
+ and spams logs (#1053315)
+
+* Sun Feb 16 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-13
+- A different fix for #1023820 taken from Mageia
+- Backported fix for #997031
+- Hardward database updates, man pages improvements, a few small memory
+ leaks, utf-8 correctness and completion fixes
+- Support for key-slot option in crypttab
+
+* Sat Jan 25 2014 Ville Skyttä <ville.skytta@iki.fi> - 208-12
+- Own the %%{_prefix}/lib/kernel(/*) and %%{_datadir}/zsh(/*) dirs.
+
+* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-11
+- Backport a few fixes, relevant documentation updates, and HWDB changes
+ (#1051797, #1051768, #1047335, #1047304, #1047186, #1045849, #1043304,
+ #1043212, #1039351, #1031325, #1023820, #1017509, #953077)
+- Flip journalctl to --full by default (#984758)
+
+* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-9
+- Apply two patches for #1026860
+
+* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-8
+- Bump release to stay ahead of f20
+
+* Tue Dec 03 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-7
+- Backport patches (#1023041, #1036845, #1006386?)
+- HWDB update
+- Some small new features: nspawn --drop-capability=, running PID 1 under
+ valgrind, "yearly" and "annually" in calendar specifications
+- Some small documentation and logging updates
+
+* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-6
+- Bump release to stay ahead of f20
+
+* Tue Nov 19 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-5
+- Use unit name in PrivateTmp= directories (#957439)
+- Update manual pages, completion scripts, and hardware database
+- Configurable Timeouts/Restarts default values
+- Support printing of timestamps on the console
+- Fix some corner cases in detecting when writing to the console is safe
+- Python API: convert keyword values to string, fix sd_is_booted() wrapper
+- Do not tread missing /sbin/fsck.btrfs as an error (#1015467)
+- Allow masking of fsck units
+- Advertise hibernation to swap files
+- Fix SO_REUSEPORT settings
+- Prefer converted xkb keymaps to legacy keymaps (#981805, #1026872)
+- Make use of newer kmod
+- Assorted bugfixes: #1017161, #967521, #988883, #1027478, #821723, #1014303
+
+* Tue Oct 22 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-4
+- Add temporary fix for #1002806
+
+* Mon Oct 21 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 208-3
+- Backport a bunch of fixes and hwdb updates
+
+* Wed Oct 2 2013 Lennart Poettering <lpoetter@redhat.com> - 208-2
+- Move old random seed and backlight files into the right place
+
+* Wed Oct 2 2013 Lennart Poettering <lpoetter@redhat.com> - 208-1
+- New upstream release
+
+* Thu Sep 26 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 207-5
+- Do not create /var/var/... dirs
+
+* Wed Sep 18 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 207-4
+- Fix policykit authentication
+- Resolves: rhbz#1006680
+
+* Tue Sep 17 2013 Harald Hoyer <harald@redhat.com> 207-3
+- fixed login
+- Resolves: rhbz#1005233
+
+* Mon Sep 16 2013 Harald Hoyer <harald@redhat.com> 207-2
+- add some upstream fixes for 207
+- fixed swap activation
+- Resolves: rhbz#1008604
+
+* Fri Sep 13 2013 Lennart Poettering <lpoetter@redhat.com> - 207-1
+- New upstream release
+
+* Fri Sep 06 2013 Harald Hoyer <harald@redhat.com> 206-11
+- support "debug" kernel command line parameter
+- journald: fix fd leak in journal_file_empty
+- journald: fix vacuuming of archived journals
+- libudev: enumerate - do not try to match against an empty subsystem
+- cgtop: fixup the online help
+- libudev: fix memleak when enumerating childs
+
+* Wed Sep 04 2013 Harald Hoyer <harald@redhat.com> 206-10
+- Do not require grubby, lorax now takes care of grubby
+- cherry-picked a lot of patches from upstream
+
+* Tue Aug 27 2013 Dennis Gilmore <dennis@ausil.us> - 206-9
+- Require grubby, Fedora installs require grubby,
+- kernel-install took over from new-kernel-pkg
+- without the Requires we are unable to compose Fedora
+- everyone else says that since kernel-install took over
+- it is responsible for ensuring that grubby is in place
+- this is really what we want for Fedora
+
+* Tue Aug 27 2013 Kay Sievers <kay@redhat.com> - 206-8
+- Revert "Require grubby its needed by kernel-install"
+
+* Mon Aug 26 2013 Dennis Gilmore <dennis@ausil.us> 206-7
+- Require grubby its needed by kernel-install
+
+* Thu Aug 22 2013 Harald Hoyer <harald@redhat.com> 206-6
+- kernel-install now understands kernel flavors like PAE
+
+* Tue Aug 20 2013 Rex Dieter <rdieter@fedoraproject.org> - 206-5
+- add sddm.service to preset file (#998978)
+
+* Fri Aug 16 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 206-4
+- Filter out provides for private python modules.
+- Add requires on kmod >= 14 (#990994).
+
+* Sun Aug 11 2013 Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl> - 206-3
+- New systemd-python3 package (#976427).
+- Add ownership of a few directories that we create (#894202).
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 206-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Jul 23 2013 Kay Sievers <kay@redhat.com> - 206-1
+- New upstream release
+ Resolves (#984152)
+
+* Wed Jul 3 2013 Lennart Poettering <lpoetter@redhat.com> - 205-1
+- New upstream release
+
+* Wed Jun 26 2013 Michal Schmidt <mschmidt@redhat.com> 204-10
+- Split systemd-journal-gateway subpackage (#908081).
+
+* Mon Jun 24 2013 Michal Schmidt <mschmidt@redhat.com> 204-9
+- Rename nm_dispatcher to NetworkManager-dispatcher in default preset (#977433)
+
+* Fri Jun 14 2013 Harald Hoyer <harald@redhat.com> 204-8
+- fix, which helps to sucessfully browse journals with
+ duplicated seqnums
+
+* Fri Jun 14 2013 Harald Hoyer <harald@redhat.com> 204-7
+- fix duplicate message ID bug
+Resolves: rhbz#974132
+
+* Thu Jun 06 2013 Harald Hoyer <harald@redhat.com> 204-6
+- introduce 99-default-disable.preset
+
+* Thu Jun 6 2013 Lennart Poettering <lpoetter@redhat.com> - 204-5
+- Rename 90-display-manager.preset to 85-display-manager.preset so that it actually takes precedence over 90-default.preset's "disable *" line (#903690)
+
+* Tue May 28 2013 Harald Hoyer <harald@redhat.com> 204-4
+- Fix kernel-install (#965897)
+
+* Wed May 22 2013 Kay Sievers <kay@redhat.com> - 204-3
+- Fix kernel-install (#965897)
+
+* Thu May 9 2013 Lennart Poettering <lpoetter@redhat.com> - 204-2
+- New upstream release
+- disable isdn by default (#959793)
+
+* Tue May 07 2013 Harald Hoyer <harald@redhat.com> 203-2
+- forward port kernel-install-grubby.patch
+
+* Tue May 7 2013 Lennart Poettering <lpoetter@redhat.com> - 203-1
+- New upstream release
+
+* Wed Apr 24 2013 Harald Hoyer <harald@redhat.com> 202-3
+- fix ENOENT for getaddrinfo
+- Resolves: rhbz#954012 rhbz#956035
+- crypt-setup-generator: correctly check return of strdup
+- logind-dbus: initialize result variable
+- prevent library underlinking
+
+* Fri Apr 19 2013 Harald Hoyer <harald@redhat.com> 202-2
+- nspawn create empty /etc/resolv.conf if necessary
+- python wrapper: add sd_journal_add_conjunction()
+- fix s390 booting
+- Resolves: rhbz#953217
+
+* Thu Apr 18 2013 Lennart Poettering <lpoetter@redhat.com> - 202-1
+- New upstream release
+
+* Tue Apr 09 2013 Michal Schmidt <mschmidt@redhat.com> - 201-2
+- Automatically discover whether to run autoreconf and add autotools and git
+ BuildRequires based on the presence of patches to be applied.
+- Use find -delete.
+
+* Mon Apr 8 2013 Lennart Poettering <lpoetter@redhat.com> - 201-1
+- New upstream release
+
+* Mon Apr 8 2013 Lennart Poettering <lpoetter@redhat.com> - 200-4
+- Update preset file
+
+* Fri Mar 29 2013 Lennart Poettering <lpoetter@redhat.com> - 200-3
+- Remove NetworkManager-wait-online.service from presets file again, it should default to off
+
+* Fri Mar 29 2013 Lennart Poettering <lpoetter@redhat.com> - 200-2
+- New upstream release
+
+* Tue Mar 26 2013 Lennart Poettering <lpoetter@redhat.com> - 199-2
+- Add NetworkManager-wait-online.service to the presets file
+
+* Tue Mar 26 2013 Lennart Poettering <lpoetter@redhat.com> - 199-1
+- New upstream release
+
+* Mon Mar 18 2013 Michal Schmidt <mschmidt@redhat.com> 198-7
+- Drop /usr/s?bin/ prefixes.
+
+* Fri Mar 15 2013 Harald Hoyer <harald@redhat.com> 198-6
+- run autogen to pickup all changes
+
+* Fri Mar 15 2013 Harald Hoyer <harald@redhat.com> 198-5
+- do not mount anything, when not running as pid 1
+- add initrd.target for systemd in the initrd
+
+* Wed Mar 13 2013 Harald Hoyer <harald@redhat.com> 198-4
+- fix switch-root and local-fs.target problem
+- patch kernel-install to use grubby, if available
+
+* Fri Mar 08 2013 Harald Hoyer <harald@redhat.com> 198-3
+- add Conflict with dracut < 026 because of the new switch-root isolate
+
+* Thu Mar 7 2013 Lennart Poettering <lpoetter@redhat.com> - 198-2
+- Create required users
+
+* Thu Mar 7 2013 Lennart Poettering <lpoetter@redhat.com> - 198-1
+- New release
+- Enable journal persistancy by default
+
+* Sun Feb 10 2013 Peter Robinson <pbrobinson@fedoraproject.org> 197-3
+- Bump for ARM
+
+* Fri Jan 18 2013 Michal Schmidt <mschmidt@redhat.com> - 197-2
+- Added qemu-guest-agent.service to presets (Lennart, #885406).
+- Add missing pygobject3-base to systemd-analyze deps (Lennart).
+- Do not require hwdata, it is all in the hwdb now (Kay).
+- Drop dependency on dbus-python.
+
+* Tue Jan 8 2013 Lennart Poettering <lpoetter@redhat.com> - 197-1
+- New upstream release
+
+* Mon Dec 10 2012 Michal Schmidt <mschmidt@redhat.com> - 196-4
+- Enable rngd.service by default (#857765).
+
+* Mon Dec 10 2012 Michal Schmidt <mschmidt@redhat.com> - 196-3
+- Disable hardening on s390(x) because PIE is broken there and produces
+ text relocations with __thread (#868839).
+
+* Wed Dec 05 2012 Michal Schmidt <mschmidt@redhat.com> - 196-2
+- added spice-vdagentd.service to presets (Lennart, #876237)
+- BR cryptsetup-devel instead of the legacy cryptsetup-luks-devel provide name
+ (requested by Milan Brož).
+- verbose make to see the actual build flags
+
+* Wed Nov 21 2012 Lennart Poettering <lpoetter@redhat.com> - 196-1
+- New upstream release
+
+* Tue Nov 20 2012 Lennart Poettering <lpoetter@redhat.com> - 195-8
+- https://bugzilla.redhat.com/show_bug.cgi?id=873459
+- https://bugzilla.redhat.com/show_bug.cgi?id=878093
+
+* Thu Nov 15 2012 Michal Schmidt <mschmidt@redhat.com> - 195-7
+- Revert udev killing cgroup patch for F18 Beta.
+- https://bugzilla.redhat.com/show_bug.cgi?id=873576
+
+* Fri Nov 09 2012 Michal Schmidt <mschmidt@redhat.com> - 195-6
+- Fix cyclical dep between systemd and systemd-libs.
+- Avoid broken build of test-journal-syslog.
+- https://bugzilla.redhat.com/show_bug.cgi?id=873387
+- https://bugzilla.redhat.com/show_bug.cgi?id=872638
+
+* Thu Oct 25 2012 Kay Sievers <kay@redhat.com> - 195-5
+- require 'sed', limit HOSTNAME= match
+
+* Wed Oct 24 2012 Michal Schmidt <mschmidt@redhat.com> - 195-4
+- add dmraid-activation.service to the default preset
+- add yum protected.d fragment
+- https://bugzilla.redhat.com/show_bug.cgi?id=869619
+- https://bugzilla.redhat.com/show_bug.cgi?id=869717
+
+* Wed Oct 24 2012 Kay Sievers <kay@redhat.com> - 195-3
+- Migrate /etc/sysconfig/ i18n, keyboard, network files/variables to
+ systemd native files
+
+* Tue Oct 23 2012 Lennart Poettering <lpoetter@redhat.com> - 195-2
+- Provide syslog because the journal is fine as a syslog implementation
+
+* Tue Oct 23 2012 Lennart Poettering <lpoetter@redhat.com> - 195-1
+- New upstream release
+- https://bugzilla.redhat.com/show_bug.cgi?id=831665
+- https://bugzilla.redhat.com/show_bug.cgi?id=847720
+- https://bugzilla.redhat.com/show_bug.cgi?id=858693
+- https://bugzilla.redhat.com/show_bug.cgi?id=863481
+- https://bugzilla.redhat.com/show_bug.cgi?id=864629
+- https://bugzilla.redhat.com/show_bug.cgi?id=864672
+- https://bugzilla.redhat.com/show_bug.cgi?id=864674
+- https://bugzilla.redhat.com/show_bug.cgi?id=865128
+- https://bugzilla.redhat.com/show_bug.cgi?id=866346
+- https://bugzilla.redhat.com/show_bug.cgi?id=867407
+- https://bugzilla.redhat.com/show_bug.cgi?id=868603
+
+* Wed Oct 10 2012 Michal Schmidt <mschmidt@redhat.com> - 194-2
+- Add scriptlets for migration away from systemd-timedated-ntp.target
+
+* Wed Oct 3 2012 Lennart Poettering <lpoetter@redhat.com> - 194-1
+- New upstream release
+- https://bugzilla.redhat.com/show_bug.cgi?id=859614
+- https://bugzilla.redhat.com/show_bug.cgi?id=859655
+
+* Fri Sep 28 2012 Lennart Poettering <lpoetter@redhat.com> - 193-1
+- New upstream release
+
+* Tue Sep 25 2012 Lennart Poettering <lpoetter@redhat.com> - 192-1
+- New upstream release
+
+* Fri Sep 21 2012 Lennart Poettering <lpoetter@redhat.com> - 191-2
+- Fix journal mmap header prototype definition to fix compilation on 32bit
+
+* Fri Sep 21 2012 Lennart Poettering <lpoetter@redhat.com> - 191-1
+- New upstream release
+- Enable all display managers by default, as discussed with Adam Williamson
+
+* Thu Sep 20 2012 Lennart Poettering <lpoetter@redhat.com> - 190-1
+- New upstream release
+- Take possession of /etc/localtime, and remove /etc/sysconfig/clock
+- https://bugzilla.redhat.com/show_bug.cgi?id=858780
+- https://bugzilla.redhat.com/show_bug.cgi?id=858787
+- https://bugzilla.redhat.com/show_bug.cgi?id=858771
+- https://bugzilla.redhat.com/show_bug.cgi?id=858754
+- https://bugzilla.redhat.com/show_bug.cgi?id=858746
+- https://bugzilla.redhat.com/show_bug.cgi?id=858266
+- https://bugzilla.redhat.com/show_bug.cgi?id=858224
+- https://bugzilla.redhat.com/show_bug.cgi?id=857670
+- https://bugzilla.redhat.com/show_bug.cgi?id=856975
+- https://bugzilla.redhat.com/show_bug.cgi?id=855863
+- https://bugzilla.redhat.com/show_bug.cgi?id=851970
+- https://bugzilla.redhat.com/show_bug.cgi?id=851275
+- https://bugzilla.redhat.com/show_bug.cgi?id=851131
+- https://bugzilla.redhat.com/show_bug.cgi?id=847472
+- https://bugzilla.redhat.com/show_bug.cgi?id=847207
+- https://bugzilla.redhat.com/show_bug.cgi?id=846483
+- https://bugzilla.redhat.com/show_bug.cgi?id=846085
+- https://bugzilla.redhat.com/show_bug.cgi?id=845973
+- https://bugzilla.redhat.com/show_bug.cgi?id=845194
+- https://bugzilla.redhat.com/show_bug.cgi?id=845028
+- https://bugzilla.redhat.com/show_bug.cgi?id=844630
+- https://bugzilla.redhat.com/show_bug.cgi?id=839736
+- https://bugzilla.redhat.com/show_bug.cgi?id=835848
+- https://bugzilla.redhat.com/show_bug.cgi?id=831740
+- https://bugzilla.redhat.com/show_bug.cgi?id=823485
+- https://bugzilla.redhat.com/show_bug.cgi?id=821813
+- https://bugzilla.redhat.com/show_bug.cgi?id=807886
+- https://bugzilla.redhat.com/show_bug.cgi?id=802198
+- https://bugzilla.redhat.com/show_bug.cgi?id=767795
+- https://bugzilla.redhat.com/show_bug.cgi?id=767561
+- https://bugzilla.redhat.com/show_bug.cgi?id=752774
+- https://bugzilla.redhat.com/show_bug.cgi?id=732874
+- https://bugzilla.redhat.com/show_bug.cgi?id=858735
+
+* Thu Sep 13 2012 Lennart Poettering <lpoetter@redhat.com> - 189-4
+- Don't pull in pkg-config as dep
+- https://bugzilla.redhat.com/show_bug.cgi?id=852828
+
+* Wed Sep 12 2012 Lennart Poettering <lpoetter@redhat.com> - 189-3
+- Update preset policy
+- Rename preset policy file from 99-default.preset to 90-default.preset so that people can order their own stuff after the Fedora default policy if they wish
+
+* Thu Aug 23 2012 Lennart Poettering <lpoetter@redhat.com> - 189-2
+- Update preset policy
+- https://bugzilla.redhat.com/show_bug.cgi?id=850814
+
+* Thu Aug 23 2012 Lennart Poettering <lpoetter@redhat.com> - 189-1
+- New upstream release
+
+* Thu Aug 16 2012 Ray Strode <rstrode@redhat.com> 188-4
+- more scriptlet fixes
+ (move dm migration logic to %%posttrans so the service
+ files it's looking for are available at the time
+ the logic is run)
+
+* Sat Aug 11 2012 Lennart Poettering <lpoetter@redhat.com> - 188-3
+- Remount file systems MS_PRIVATE before switching roots
+- https://bugzilla.redhat.com/show_bug.cgi?id=847418
+
+* Wed Aug 08 2012 Rex Dieter <rdieter@fedoraproject.org> - 188-2
+- fix scriptlets
+
+* Wed Aug 8 2012 Lennart Poettering <lpoetter@redhat.com> - 188-1
+- New upstream release
+- Enable gdm and avahi by default via the preset file
+- Convert /etc/sysconfig/desktop to display-manager.service symlink
+- Enable hardened build
+
+* Mon Jul 30 2012 Kay Sievers <kay@redhat.com> - 187-3
+- Obsolete: system-setup-keyboard
+
+* Wed Jul 25 2012 Kalev Lember <kalevlember@gmail.com> - 187-2
+- Run ldconfig for the new -libs subpackage
+
+* Thu Jul 19 2012 Lennart Poettering <lpoetter@redhat.com> - 187-1
+- New upstream release
+
+* Mon Jul 09 2012 Harald Hoyer <harald@redhat.com> 186-2
+- fixed dracut conflict version
+
+* Tue Jul 3 2012 Lennart Poettering <lpoetter@redhat.com> - 186-1
+- New upstream release
+
+* Fri Jun 22 2012 Nils Philippsen <nils@redhat.com> - 185-7.gite7aee75
+- add obsoletes/conflicts so multilib systemd -> systemd-libs updates work
+
+* Thu Jun 14 2012 Michal Schmidt <mschmidt@redhat.com> - 185-6.gite7aee75
+- Update to current git
+
+* Wed Jun 06 2012 Kay Sievers - 185-5.gita2368a3
+- disable plymouth in configure, to drop the .wants/ symlinks
+
+* Wed Jun 06 2012 Michal Schmidt <mschmidt@redhat.com> - 185-4.gita2368a3
+- Update to current git snapshot
+ - Add systemd-readahead-analyze
+ - Drop upstream patch
+- Split systemd-libs
+- Drop duplicate doc files
+- Fixed License headers of subpackages
+
+* Wed Jun 06 2012 Ray Strode <rstrode@redhat.com> - 185-3
+- Drop plymouth files
+- Conflict with old plymouth
+
+* Tue Jun 05 2012 Kay Sievers - 185-2
+- selinux udev labeling fix
+- conflict with older dracut versions for new udev file names
+
+* Mon Jun 04 2012 Kay Sievers - 185-1
+- New upstream release
+ - udev selinux labeling fixes
+ - new man pages
+ - systemctl help <unit name>
+
+* Thu May 31 2012 Lennart Poettering <lpoetter@redhat.com> - 184-1
+- New upstream release
+
+* Thu May 24 2012 Kay Sievers <kay@redhat.com> - 183-1
+- New upstream release including udev merge.
+
+* Wed Mar 28 2012 Michal Schmidt <mschmidt@redhat.com> - 44-4
+- Add triggers from Bill Nottingham to correct the damage done by
+ the obsoleted systemd-units's preun scriptlet (#807457).
+
+* Mon Mar 26 2012 Dennis Gilmore <dennis@ausil.us> - 44-3
+- apply patch from upstream so we can build systemd on arm and ppc
+- and likely the rest of the secondary arches
+
+* Tue Mar 20 2012 Michal Schmidt <mschmidt@redhat.com> - 44-2
+- Don't build the gtk parts anymore. They're moving into systemd-ui.
+- Remove a dead patch file.
+
+* Fri Mar 16 2012 Lennart Poettering <lpoetter@redhat.com> - 44-1
+- New upstream release
+- Closes #798760, #784921, #783134, #768523, #781735
+
+* Mon Feb 27 2012 Dennis Gilmore <dennis@ausil.us> - 43-2
+- don't conflict with fedora-release systemd never actually provided
+- /etc/os-release so there is no actual conflict
+
+* Wed Feb 15 2012 Lennart Poettering <lpoetter@redhat.com> - 43-1
+- New upstream release
+- Closes #789758, #790260, #790522
+
+* Sat Feb 11 2012 Lennart Poettering <lpoetter@redhat.com> - 42-1
+- New upstream release
+- Save a bit of entropy during system installation (#789407)
+- Don't own /etc/os-release anymore, leave that to fedora-release
+
+* Thu Feb 9 2012 Adam Williamson <awilliam@redhat.com> - 41-2
+- rebuild for fixed binutils
+
+* Thu Feb 9 2012 Lennart Poettering <lpoetter@redhat.com> - 41-1
+- New upstream release
+
+* Tue Feb 7 2012 Lennart Poettering <lpoetter@redhat.com> - 40-1
+- New upstream release
+
+* Thu Jan 26 2012 Kay Sievers <kay@redhat.com> - 39-3
+- provide /sbin/shutdown
+
+* Wed Jan 25 2012 Harald Hoyer <harald@redhat.com> 39-2
+- increment release
+
+* Wed Jan 25 2012 Kay Sievers <kay@redhat.com> - 39-1.1
+- install everything in /usr
+ https://fedoraproject.org/wiki/Features/UsrMove
+
+* Wed Jan 25 2012 Lennart Poettering <lpoetter@redhat.com> - 39-1
+- New upstream release
+
+* Sun Jan 22 2012 Michal Schmidt <mschmidt@redhat.com> - 38-6.git9fa2f41
+- Update to a current git snapshot.
+- Resolves: #781657
+
+* Sun Jan 22 2012 Michal Schmidt <mschmidt@redhat.com> - 38-5
+- Build against libgee06. Reenable gtk tools.
+- Delete unused patches.
+- Add easy building of git snapshots.
+- Remove legacy spec file elements.
+- Don't mention implicit BuildRequires.
+- Configure with --disable-static.
+- Merge -units into the main package.
+- Move section 3 manpages to -devel.
+- Fix unowned directory.
+- Run ldconfig in scriptlets.
+- Split systemd-analyze to a subpackage.
+
+* Sat Jan 21 2012 Dan Horák <dan[at]danny.cz> - 38-4
+- fix build on big-endians
+
+* Wed Jan 11 2012 Lennart Poettering <lpoetter@redhat.com> - 38-3
+- Disable building of gtk tools for now
+
+* Wed Jan 11 2012 Lennart Poettering <lpoetter@redhat.com> - 38-2
+- Fix a few (build) dependencies
+
+* Wed Jan 11 2012 Lennart Poettering <lpoetter@redhat.com> - 38-1
+- New upstream release
+
+* Tue Nov 15 2011 Michal Schmidt <mschmidt@redhat.com> - 37-4
+- Run authconfig if /etc/pam.d/system-auth is not a symlink.
+- Resolves: #753160
+
+* Wed Nov 02 2011 Michal Schmidt <mschmidt@redhat.com> - 37-3
+- Fix remote-fs-pre.target and its ordering.
+- Resolves: #749940
+
+* Wed Oct 19 2011 Michal Schmidt <mschmidt@redhat.com> - 37-2
+- A couple of fixes from upstream:
+- Fix a regression in bash-completion reported in Bodhi.
+- Fix a crash in isolating.
+- Resolves: #717325
+
+* Tue Oct 11 2011 Lennart Poettering <lpoetter@redhat.com> - 37-1
+- New upstream release
+- Resolves: #744726, #718464, #713567, #713707, #736756
+
+* Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-5
+- Undo the workaround. Kay says it does not belong in systemd.
+- Unresolves: #741655
+
+* Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-4
+- Workaround for the crypto-on-lvm-on-crypto disk layout
+- Resolves: #741655
+
+* Sun Sep 25 2011 Michal Schmidt <mschmidt@redhat.com> - 36-3
+- Revert an upstream patch that caused ordering cycles
+- Resolves: #741078
+
+* Fri Sep 23 2011 Lennart Poettering <lpoetter@redhat.com> - 36-2
+- Add /etc/timezone to ghosted files
+
+* Fri Sep 23 2011 Lennart Poettering <lpoetter@redhat.com> - 36-1
+- New upstream release
+- Resolves: #735013, #736360, #737047, #737509, #710487, #713384
+
+* Thu Sep 1 2011 Lennart Poettering <lpoetter@redhat.com> - 35-1
+- New upstream release
+- Update post scripts
+- Resolves: #726683, #713384, #698198, #722803, #727315, #729997, #733706, #734611
+
+* Thu Aug 25 2011 Lennart Poettering <lpoetter@redhat.com> - 34-1
+- New upstream release
+
+* Fri Aug 19 2011 Harald Hoyer <harald@redhat.com> 33-2
+- fix ABRT on service file reloading
+- Resolves: rhbz#732020
+
+* Wed Aug 3 2011 Lennart Poettering <lpoetter@redhat.com> - 33-1
+- New upstream release
+
+* Fri Jul 29 2011 Lennart Poettering <lpoetter@redhat.com> - 32-1
+- New upstream release
+
+* Wed Jul 27 2011 Lennart Poettering <lpoetter@redhat.com> - 31-2
+- Fix access mode of modprobe file, restart logind after upgrade
+
+* Wed Jul 27 2011 Lennart Poettering <lpoetter@redhat.com> - 31-1
+- New upstream release
+
+* Wed Jul 13 2011 Lennart Poettering <lpoetter@redhat.com> - 30-1
+- New upstream release
+
+* Thu Jun 16 2011 Lennart Poettering <lpoetter@redhat.com> - 29-1
+- New upstream release
+
+* Mon Jun 13 2011 Michal Schmidt <mschmidt@redhat.com> - 28-4
+- Apply patches from current upstream.
+- Fixes memory size detection on 32-bit with >4GB RAM (BZ712341)
+
+* Wed Jun 08 2011 Michal Schmidt <mschmidt@redhat.com> - 28-3
+- Apply patches from current upstream
+- https://bugzilla.redhat.com/show_bug.cgi?id=709909
+- https://bugzilla.redhat.com/show_bug.cgi?id=710839
+- https://bugzilla.redhat.com/show_bug.cgi?id=711015
+
+* Sat May 28 2011 Lennart Poettering <lpoetter@redhat.com> - 28-2
+- Pull in nss-myhostname
+
+* Thu May 26 2011 Lennart Poettering <lpoetter@redhat.com> - 28-1
+- New upstream release
+
+* Wed May 25 2011 Lennart Poettering <lpoetter@redhat.com> - 26-2
+- Bugfix release
+- https://bugzilla.redhat.com/show_bug.cgi?id=707507
+- https://bugzilla.redhat.com/show_bug.cgi?id=707483
+- https://bugzilla.redhat.com/show_bug.cgi?id=705427
+- https://bugzilla.redhat.com/show_bug.cgi?id=707577
+
+* Sat Apr 30 2011 Lennart Poettering <lpoetter@redhat.com> - 26-1
+- New upstream release
+- https://bugzilla.redhat.com/show_bug.cgi?id=699394
+- https://bugzilla.redhat.com/show_bug.cgi?id=698198
+- https://bugzilla.redhat.com/show_bug.cgi?id=698674
+- https://bugzilla.redhat.com/show_bug.cgi?id=699114
+- https://bugzilla.redhat.com/show_bug.cgi?id=699128
+
+* Thu Apr 21 2011 Lennart Poettering <lpoetter@redhat.com> - 25-1
+- New upstream release
+- https://bugzilla.redhat.com/show_bug.cgi?id=694788
+- https://bugzilla.redhat.com/show_bug.cgi?id=694321
+- https://bugzilla.redhat.com/show_bug.cgi?id=690253
+- https://bugzilla.redhat.com/show_bug.cgi?id=688661
+- https://bugzilla.redhat.com/show_bug.cgi?id=682662
+- https://bugzilla.redhat.com/show_bug.cgi?id=678555
+- https://bugzilla.redhat.com/show_bug.cgi?id=628004
+
+* Wed Apr 6 2011 Lennart Poettering <lpoetter@redhat.com> - 24-1
+- New upstream release
+- https://bugzilla.redhat.com/show_bug.cgi?id=694079
+- https://bugzilla.redhat.com/show_bug.cgi?id=693289
+- https://bugzilla.redhat.com/show_bug.cgi?id=693274
+- https://bugzilla.redhat.com/show_bug.cgi?id=693161
+
+* Tue Apr 5 2011 Lennart Poettering <lpoetter@redhat.com> - 23-1
+- New upstream release
+- Include systemd-sysv-convert
+
+* Fri Apr 1 2011 Lennart Poettering <lpoetter@redhat.com> - 22-1
+- New upstream release
+
+* Wed Mar 30 2011 Lennart Poettering <lpoetter@redhat.com> - 21-2
+- The quota services are now pulled in by mount points, hence no need to enable them explicitly
+
+* Tue Mar 29 2011 Lennart Poettering <lpoetter@redhat.com> - 21-1
+- New upstream release
+
+* Mon Mar 28 2011 Matthias Clasen <mclasen@redhat.com> - 20-2
+- Apply upstream patch to not send untranslated messages to plymouth
+
+* Tue Mar 8 2011 Lennart Poettering <lpoetter@redhat.com> - 20-1
+- New upstream release
+
+* Tue Mar 1 2011 Lennart Poettering <lpoetter@redhat.com> - 19-1
+- New upstream release
+
+* Wed Feb 16 2011 Lennart Poettering <lpoetter@redhat.com> - 18-1
+- New upstream release
+
+* Mon Feb 14 2011 Bill Nottingham <notting@redhat.com> - 17-6
+- bump upstart obsoletes (#676815)
+
+* Wed Feb 9 2011 Tom Callaway <spot@fedoraproject.org> - 17-5
+- add macros.systemd file for %%{_unitdir}
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 17-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Feb 9 2011 Lennart Poettering <lpoetter@redhat.com> - 17-3
+- Fix popen() of systemctl, #674916
+
+* Mon Feb 7 2011 Bill Nottingham <notting@redhat.com> - 17-2
+- add epoch to readahead obsolete
+
+* Sat Jan 22 2011 Lennart Poettering <lpoetter@redhat.com> - 17-1
+- New upstream release
+
+* Tue Jan 18 2011 Lennart Poettering <lpoetter@redhat.com> - 16-2
+- Drop console.conf again, since it is not shipped in pamtmp.conf
+
+* Sat Jan 8 2011 Lennart Poettering <lpoetter@redhat.com> - 16-1
+- New upstream release
+
+* Thu Nov 25 2010 Lennart Poettering <lpoetter@redhat.com> - 15-1
+- New upstream release
+
+* Thu Nov 25 2010 Lennart Poettering <lpoetter@redhat.com> - 14-1
+- Upstream update
+- Enable hwclock-load by default
+- Obsolete readahead
+- Enable /var/run and /var/lock on tmpfs
+
+* Fri Nov 19 2010 Lennart Poettering <lpoetter@redhat.com> - 13-1
+- new upstream release
+
+* Wed Nov 17 2010 Bill Nottingham <notting@redhat.com> 12-3
+- Fix clash
+
+* Wed Nov 17 2010 Lennart Poettering <lpoetter@redhat.com> - 12-2
+- Don't clash with initscripts for now, so that we don't break the builders
+
+* Wed Nov 17 2010 Lennart Poettering <lpoetter@redhat.com> - 12-1
+- New upstream release
+
+* Fri Nov 12 2010 Matthias Clasen <mclasen@redhat.com> - 11-2
+- Rebuild with newer vala, libnotify
+
+* Thu Oct 7 2010 Lennart Poettering <lpoetter@redhat.com> - 11-1
+- New upstream release
+
+* Wed Sep 29 2010 Jesse Keating <jkeating@redhat.com> - 10-6
+- Rebuilt for gcc bug 634757
+
+* Thu Sep 23 2010 Bill Nottingham <notting@redhat.com> - 10-5
+- merge -sysvinit into main package
+
+* Mon Sep 20 2010 Bill Nottingham <notting@redhat.com> - 10-4
+- obsolete upstart-sysvinit too
+
+* Fri Sep 17 2010 Bill Nottingham <notting@redhat.com> - 10-3
+- Drop upstart requires
+
+* Tue Sep 14 2010 Lennart Poettering <lpoetter@redhat.com> - 10-2
+- Enable audit
+- https://bugzilla.redhat.com/show_bug.cgi?id=633771
+
+* Tue Sep 14 2010 Lennart Poettering <lpoetter@redhat.com> - 10-1
+- New upstream release
+- https://bugzilla.redhat.com/show_bug.cgi?id=630401
+- https://bugzilla.redhat.com/show_bug.cgi?id=630225
+- https://bugzilla.redhat.com/show_bug.cgi?id=626966
+- https://bugzilla.redhat.com/show_bug.cgi?id=623456
+
+* Fri Sep 3 2010 Bill Nottingham <notting@redhat.com> - 9-3
+- move fedora-specific units to initscripts; require newer version thereof
+
+* Fri Sep 3 2010 Lennart Poettering <lpoetter@redhat.com> - 9-2
+- Add missing tarball
+
+* Fri Sep 3 2010 Lennart Poettering <lpoetter@redhat.com> - 9-1
+- New upstream version
+- Closes 501720, 614619, 621290, 626443, 626477, 627014, 627785, 628913
+
+* Fri Aug 27 2010 Lennart Poettering <lpoetter@redhat.com> - 8-3
+- Reexecute after installation, take ownership of /var/run/user
+- https://bugzilla.redhat.com/show_bug.cgi?id=627457
+- https://bugzilla.redhat.com/show_bug.cgi?id=627634
+
+* Thu Aug 26 2010 Lennart Poettering <lpoetter@redhat.com> - 8-2
+- Properly create default.target link
+
+* Wed Aug 25 2010 Lennart Poettering <lpoetter@redhat.com> - 8-1
+- New upstream release
+
+* Thu Aug 12 2010 Lennart Poettering <lpoetter@redhat.com> - 7-3
+- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623561
+
+* Thu Aug 12 2010 Lennart Poettering <lpoetter@redhat.com> - 7-2
+- Fix https://bugzilla.redhat.com/show_bug.cgi?id=623430
+
+* Tue Aug 10 2010 Lennart Poettering <lpoetter@redhat.com> - 7-1
+- New upstream release
+
+* Fri Aug 6 2010 Lennart Poettering <lpoetter@redhat.com> - 6-2
+- properly hide output on package installation
+- pull in coreutils during package installtion
+
+* Fri Aug 6 2010 Lennart Poettering <lpoetter@redhat.com> - 6-1
+- New upstream release
+- Fixes #621200
+
+* Wed Aug 4 2010 Lennart Poettering <lpoetter@redhat.com> - 5-2
+- Add tarball
+
+* Wed Aug 4 2010 Lennart Poettering <lpoetter@redhat.com> - 5-1
+- Prepare release 5
+
+* Tue Jul 27 2010 Bill Nottingham <notting@redhat.com> - 4-4
+- Add 'sysvinit-userspace' provide to -sysvinit package to fix upgrade/install (#618537)
+
+* Sat Jul 24 2010 Lennart Poettering <lpoetter@redhat.com> - 4-3
+- Add libselinux to build dependencies
+
+* Sat Jul 24 2010 Lennart Poettering <lpoetter@redhat.com> - 4-2
+- Use the right tarball
+
+* Sat Jul 24 2010 Lennart Poettering <lpoetter@redhat.com> - 4-1
+- New upstream release, and make default
+
+* Tue Jul 13 2010 Lennart Poettering <lpoetter@redhat.com> - 3-3
+- Used wrong tarball
+
+* Tue Jul 13 2010 Lennart Poettering <lpoetter@redhat.com> - 3-2
+- Own /cgroup jointly with libcgroup, since we don't dpend on it anymore
+
+* Tue Jul 13 2010 Lennart Poettering <lpoetter@redhat.com> - 3-1
+- New upstream release
+
+* Fri Jul 9 2010 Lennart Poettering <lpoetter@redhat.com> - 2-0
+- New upstream release
+
+* Wed Jul 7 2010 Lennart Poettering <lpoetter@redhat.com> - 1-0
+- First upstream release
+
+* Tue Jun 29 2010 Lennart Poettering <lpoetter@redhat.com> - 0-0.7.20100629git4176e5
+- New snapshot
+- Split off -units package where other packages can depend on without pulling in the whole of systemd
+
+* Tue Jun 22 2010 Lennart Poettering <lpoetter@redhat.com> - 0-0.6.20100622gita3723b
+- Add missing libtool dependency.
+
+* Tue Jun 22 2010 Lennart Poettering <lpoetter@redhat.com> - 0-0.5.20100622gita3723b
+- Update snapshot
+
+* Mon Jun 14 2010 Rahul Sundaram <sundaram@fedoraproject.org> - 0-0.4.20100614git393024
+- Pull the latest snapshot that fixes a segfault. Resolves rhbz#603231
+
+* Fri Jun 11 2010 Rahul Sundaram <sundaram@fedoraproject.org> - 0-0.3.20100610git2f198e
+- More minor fixes as per review
+
+* Thu Jun 10 2010 Rahul Sundaram <sundaram@fedoraproject.org> - 0-0.2.20100610git2f198e
+- Spec improvements from David Hollis
+
+* Wed Jun 09 2010 Rahul Sundaram <sundaram@fedoraproject.org> - 0-0.1.20090609git2f198e
+- Address review comments
+
+* Tue Jun 01 2010 Rahul Sundaram <sundaram@fedoraproject.org> - 0-0.0.git2010-06-02
+- Initial spec (adopted from Kay Sievers)