systemd/systemd.spec

#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}

# We ship a .pc file but don't want to have a dep on pkg-config. We
# strip the automatically generated dep here and instead co-own the
# directory.
%global __requires_exclude pkg-config

%global pkgdir %{_prefix}/lib/systemd
%global system_unit_dir %{pkgdir}/system
%global user_unit_dir %{pkgdir}/user

%if 0%{?__isa_bits} == 64
%global elf_bits (64bit)
%global elf_suffix ()%{elf_bits}
%endif

%bcond bzip2     1
%bcond gnutls    1
%bcond lz4       1
%bcond xz        1
%bcond zlib      1
%bcond zstd      1

# Bootstrap may be needed to break circular dependencies with cryptsetup,
# e.g. when re-building cryptsetup on a json-c SONAME-bump.
%bcond bootstrap 0
%bcond tests     1
%bcond lto       1
%bcond docs      1

# Build from git main
%bcond upstream  0

# When bootstrap, libcryptsetup is disabled
# but auto-features causes many options to be turned on
# that depend on libcryptsetup (e.g. libcryptsetup-plugins)
%if %{with bootstrap}
%global __meson_auto_features disabled
%endif

# Override %%autorelease. This is ugly, but rpmautospec doesn't implement
# autorelease correctly if the macro is conditionalized in the Release field.
%{?release_override:%global autorelease %{release_override}%{?dist}}

Name:           systemd
Url:            https://systemd.io
# Allow users to specify the version and release when building the rpm by 
# setting the %%version_override and %%release_override macros.
Version:        %{?version_override}%{!?version_override:256}
Release:        14%{?dist}

%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)

# For a breakdown of the licensing, see README
License:        LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later
Summary:        System and Service Manager

# download tarballs with "spectool -g systemd.spec"
%if %{defined commit}
Source0:        https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
%else
Source0:        https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
%endif
# This file must be available before %%prep.
# It is generated during systemd build and can be found in build/src/core/.
Source1:        triggers.systemd
Source2:        split-files.py
Source3:        purge-nobody-user
Source4:        test_sysusers_defined.py

# Prevent accidental removal of the systemd package
Source5:        yum-protect-systemd.conf

Source6:        inittab
Source7:        sysctl.conf.README
Source8:        systemd-journal-remote.xml
Source9:        systemd-journal-gatewayd.xml
Source10:       20-yama-ptrace.conf
Source11:       systemd-udev-trigger-no-reload.conf
# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports
Source13:       .abignore

Source14:       10-oomd-defaults.conf
Source15:       10-oomd-per-slice-defaults.conf

Source17:       10-map-count.conf

Source21:       macros.sysusers
Source22:       sysusers.attr
Source23:       sysusers.prov
Source24:       sysusers.generate-pre.sh

Source25:       98-default-mac-none.link

%if 0
GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
i=1; for j in 00*patch; do printf "Patch%04d:      %s\n" $i $j; i=$((i+1));done|xclip
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch
%endif

# Backports of patches from upstream (0000–0499)
#
# Any patches which are "in preparation" upstream should be listed here, rather
# than in the next section. Packit CI will drop any patches in this range before
# applying upstream pull requests.

# RHEL-specific
Patch0001: 0001-Create-CNAME.patch
Patch0002: 0002-man-systemd-reorder-content-a-bit.patch
Patch0003: 0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch
Patch0004: 0004-sd-dhcp-server-clear-buffer-before-receive.patch
Patch0005: 0005-rules-Limit-the-number-of-device-units-generated-for.patch
Patch0006: 0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch
Patch0007: 0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch
Patch0008: 0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch
Patch0009: 0009-repart-Use-crypt_reencrypt_run-if-available.patch
Patch0010: 0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch
Patch0011: 0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch
Patch0012: 0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch
Patch0013: 0013-shell-completion-only-offer-devices-for-completion.patch
Patch0014: 0014-CODING_STYLE-document-reterr_-return-parameters.patch
Patch0015: 0015-analyze-show-pcrs-also-in-sha384-bank.patch
Patch0016: 0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch
Patch0017: 0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch
Patch0018: 0018-man-units-drop-temporary-from-description-of-systemd.patch
Patch0019: 0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch
Patch0020: 0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch
Patch0021: 0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch
Patch0022: 0022-test-check-the-skip-condition-before-installing-addi.patch
Patch0023: 0023-test-drop-unneeded-firmware-uefi-setting.patch
Patch0024: 0024-test-drop-obsolete-comment.patch
Patch0025: 0025-test-support-TEST_NO_KVM.patch
Patch0026: 0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch
Patch0027: 0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch
Patch0028: 0028-core-service-fix-accept-socket-deserialization.patch
Patch0029: 0029-test-network-mention-that-the-captive-portal-option-.patch
Patch0030: 0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch
Patch0031: 0031-mkosi-bump-to-latest.patch
Patch0032: 0032-NEWS-fix-typo.patch
Patch0033: 0033-install-allow-removing-symlinks-even-for-units-that-.patch
Patch0034: 0034-tmpfiles-honour-dry-run-when-removing-directories.patch
Patch0035: 0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch
Patch0036: 0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch
Patch0037: 0037-mkosi-restrict-noble-backports-to-noble-builds.patch
Patch0038: 0038-repart-fix-memory-leak.patch
Patch0039: 0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch
Patch0040: 0040-ci-update-workflows-to-run-on-source-git-setup.patch
Patch0041: 0041-ci-setup-source-git-automation.patch
Patch0042: 0042-ci-deploy-systemd-man-to-GitHub-Pages.patch
Patch0043: 0043-ci-reconfigure-Packit-for-RHEL-10.patch
Patch0044: 0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch
Patch0045: 0045-journal-again-create-user-journals-for-users-with-hi.patch
Patch0046: 0046-tmpfiles-make-purge-hard-to-mis-use.patch
Patch0047: 0047-fedora-use-system-auth-in-pam-systemd-user.patch
Patch0048: 0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
Patch0049: 0049-rules-copy-40-redhat.rules-from-RHEL-9.patch
Patch0050: 0050-logind-set-RemoveIPC-to-false-by-default.patch
Patch0051: 0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
Patch0052: 0052-rc-local-order-after-network-online.target.patch
Patch0053: 0053-random-util-increase-random-seed-size-to-1024.patch
Patch0054: 0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch
Patch0055: 0055-journald.conf-don-t-touch-current-audit-settings.patch
Patch0056: 0056-rules-add-elevator-kernel-command-line-parameter.patch
Patch0057: 0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
Patch0058: 0058-udev-net-setup-link-change-the-default-MACAddressPol.patch
Patch0059: 0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch
Patch0060: 0060-meson-rename-libbasic-to-libbasic_static.patch
Patch0061: 0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch
Patch0062: 0062-meson-add-option-to-build-systemd-executor-staticall.patch
Patch0063: 0063-taint-remove-unmerged-bin.patch
Patch0064: 0064-presets-remove-resolved.patch
Patch0065: 0065-doc-add-downstream-CONTRIBUTING-document.patch
Patch0066: 0066-ci-allow-policy-as-rhel-only-keyword.patch
Patch0067: 0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
Patch0068: 0068-taint-remove-unused-variable-usr_sbin.patch
Patch0069: 0069-packit-drop-the-libarchive-workaround.patch
Patch0070: 0070-packit-drop-the-dependency-on-python3-zstd.patch
Patch0071: 0071-coredump-by-default-process-and-store-core-files-up-.patch
Patch0072: 0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Patch0073: 0073-unit-don-t-add-Requires-for-tmp.mount.patch
Patch0074: 0074-units-add-Install-section-to-tmp.mount.patch
Patch0075: 0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
Patch0076: 0076-netif-naming-scheme-add-rhel-9.5-scheme.patch
Patch0077: 0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch
Patch0078: 0078-man-net-naming-scheme-add-missing-period.patch
Patch0079: 0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch
Patch0080: 0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch
Patch0081: 0081-core-unit-add-one-assertion-for-u-manager.patch
Patch0082: 0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch
Patch0083: 0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch
Patch0084: 0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch
Patch0085: 0085-cgroup-util-fix-typo.patch
Patch0086: 0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
Patch0087: 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
Patch0088: 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
Patch0089: 0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch
Patch0090: 0090-ukify-Skip-test-on-architectures-without-UEFI.patch

# Downstream-only patches (9000–9999)

%ifarch %{ix86} x86_64 aarch64 riscv64
%global want_bootloader 1
%endif

BuildRequires:  gcc
BuildRequires:  gcc-c++
BuildRequires:  clang
BuildRequires:  coreutils
BuildRequires:  libcap-devel
BuildRequires:  libmount-devel
BuildRequires:  libfdisk-devel
BuildRequires:  libpwquality-devel
BuildRequires:  pam-devel
BuildRequires:  libselinux-devel
BuildRequires:  audit-libs-devel
%if %{without bootstrap}
BuildRequires:  cryptsetup-devel
%endif
BuildRequires:  dbus-devel
BuildRequires:  util-linux
# /usr/bin/getfacl is needed by test-acl-util
BuildRequires:  acl
BuildRequires:  libacl-devel
BuildRequires:  gobject-introspection-devel
BuildRequires:  libblkid-devel
%if %{with xz}
BuildRequires:  xz-devel
BuildRequires:  xz
%endif
%if %{with lz4}
BuildRequires:  lz4-devel
BuildRequires:  lz4
%endif
%if %{with bzip2}
BuildRequires:  bzip2-devel
%endif
%if %{with zstd}
BuildRequires:  libzstd-devel
%endif
BuildRequires:  libidn2-devel
BuildRequires:  libcurl-devel
BuildRequires:  kmod-devel
BuildRequires:  elfutils-devel
BuildRequires:  openssl-devel
%if %{with gnutls}
BuildRequires:  gnutls-devel
%endif
%if %{undefined rhel}
BuildRequires:  qrencode-devel
%endif
BuildRequires:  libmicrohttpd-devel
BuildRequires:  libxkbcommon-devel
BuildRequires:  iptables-devel
BuildRequires:  pkgconfig(bash-completion)
BuildRequires:  pkgconfig(libarchive)
BuildRequires:  pkgconfig(libfido2)
BuildRequires:  pkgconfig(tss2-esys)
BuildRequires:  pkgconfig(tss2-rc)
BuildRequires:  pkgconfig(tss2-mu)
BuildRequires:  pkgconfig(libbpf)
BuildRequires:  systemtap-sdt-devel
%if %{with docs}
BuildRequires:  libxslt
BuildRequires:  docbook-style-xsl
%endif
BuildRequires:  pkgconfig
BuildRequires:  gperf
BuildRequires:  gawk
BuildRequires:  tree
BuildRequires:  hostname
BuildRequires:  python3
BuildRequires:  python3-devel
BuildRequires:  python3dist(jinja2)
BuildRequires:  python3dist(lxml)
BuildRequires:  python3dist(pefile)
%if %{undefined rhel}
BuildRequires:  python3dist(pillow)
BuildRequires:  python3dist(pytest-flakes)
%endif
BuildRequires:  python3dist(pytest)
BuildRequires:  python3dist(zstd)
%if 0%{?want_bootloader}
BuildRequires:  python3dist(pyelftools)
%endif
# gzip and lzma are provided by the stdlib
BuildRequires:  firewalld-filesystem
BuildRequires:  libseccomp-devel
BuildRequires:  meson >= 0.43
BuildRequires:  gettext
# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
%ifarch %{valgrind_arches}
BuildRequires:  valgrind-devel
%endif

%ifnarch %ix86
# bpftool is not built for i368
BuildRequires:  bpftool
%global have_bpf 1
%endif

%if 0%{?fedora}
%ifarch x86_64 aarch64
%global have_xen 1
# That package is only built for those two architectures
BuildRequires:  xen-devel
%endif
%endif

Requires(post): coreutils
Requires(post): grep
# systemd-machine-id-setup requires libssl
Requires(post): openssl-libs
Requires:       dbus >= 1.9.18
Requires:       %{name}-pam%{_isa} = %{version}-%{release}
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
Requires:       %{name}-libs%{_isa} = %{version}-%{release}
%{?fedora:Recommends:     %{name}-resolved = %{version}-%{release}}
Recommends:     diffutils
Requires:       (util-linux-core or util-linux)
Recommends:     libxkbcommon%{_isa}
Provides:       /bin/systemctl
Provides:       /sbin/shutdown
Provides:       syslog
Provides:       systemd-units = %{version}-%{release}
Obsoletes:      system-setup-keyboard < 0.9
Provides:       system-setup-keyboard = 0.9
# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308
Obsoletes:      systemd-sysv < 206
# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394)
Obsoletes:      %{name} < 249~~
Provides:       systemd-sysv = 206
Conflicts:      initscripts < 9.56.1
%if 0%{?fedora}
Conflicts:      fedora-release < 23-0.12
%endif
%if 0%{?fedora} >= 41
BuildRequires:  setup >= 2.15.0-3
BuildRequires:  python3
Conflicts:      setup < 2.15.0-3
Conflicts:      selinux-policy-any < 41.1
%endif

%if 0%{?fedora} >= 41
# Make sure that dracut supports systemd-executor and the renames done for v255,
# and dlopen libraries and read-only fs in initrd.
Conflicts:      dracut < 060-2
%else
# Make sure that dracut supports systemd-executor and the renames done for v255.
Conflicts:      dracut < 059-16
%endif

Obsoletes:      timedatex < 0.6-3
Provides:       timedatex = 0.6-3
Provides:       %{name}-tmpfiles = %{version}-%{release}
Provides:       %{name}-sysusers = %{version}-%{release}
Provides:       %{name}-shutdown = %{version}-%{release}

# Recommends to replace normal Requires deps for stuff that is dlopen()ed
Recommends:     libidn2.so.0%{?elf_suffix}
Recommends:     libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
Recommends:     libpcre2-8.so.0%{?elf_suffix}
Recommends:     libpwquality.so.1%{?elf_suffix}
Recommends:     libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
%if %{undefined rhel}
Recommends:     libqrencode.so.4%{?elf_suffix}
%endif
Recommends:     libbpf.so.1%{?elf_suffix}
Recommends:     libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits}

# used by systemd-coredump and systemd-analyze
Recommends:     libdw.so.1%{?elf_suffix}
Recommends:     libdw.so.1(ELFUTILS_0.186)%{?elf_bits}
Recommends:     libelf.so.1%{?elf_suffix}
Recommends:     libelf.so.1(ELFUTILS_1.7)%{?elf_bits}

# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
Recommends:     libcryptsetup.so.12%{?elf_suffix}
Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits}

# Libkmod is used to load modules.
Recommends:     libkmod.so.2%{?elf_suffix}
# kmod_list_next, kmod_load_resources, kmod_module_get_initstate,
# kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup,
# kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list,
# kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources
# are part of LIBKMOD_5.
Recommends:     libkmod.so.2(LIBKMOD_5)%{?elf_bits}

Recommends:     libarchive.so.13%{?elf_suffix}

%description
systemd is a system and service manager that runs as PID 1 and starts the rest
of the system. It provides aggressive parallelization capabilities, uses socket
and D-Bus activation for starting services, offers on-demand starting of
daemons, keeps track of processes using Linux control groups, maintains mount
and automount points, and implements an elaborate transactional dependency-based
service control logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname, date, locale,
maintain a list of logged-in users, system accounts, runtime directories and
settings, and a logging daemons.
%if 0%{?stable}
This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd.
%endif

%package libs
Summary:        systemd libraries
License:        LGPL-2.1-or-later AND MIT
Obsoletes:      libudev < 183
Obsoletes:      systemd < 185-4
Conflicts:      systemd < 185-4
Obsoletes:      systemd-compat-libs < 230
Obsoletes:      nss-myhostname < 0.4
Provides:       nss-myhostname = 0.4
Provides:       nss-myhostname%{_isa} = 0.4

%description libs
Libraries for systemd and udev.

%package pam
Summary:        systemd PAM module
Requires:       %{name} = %{version}-%{release}

%description pam
Systemd PAM module registers the session with systemd-logind.

%package rpm-macros
Summary:        Macros that define paths and scriptlets related to systemd
BuildArch:      noarch

%description rpm-macros
Just the definitions of rpm macros.

See
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
for information how to use those macros.

%package devel
Summary:        Development headers for systemd
License:        LGPL-2.1-or-later AND MIT
Requires:       %{name}-libs%{_isa} = %{version}-%{release}
Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build)
Provides:       libudev-devel = %{version}
Provides:       libudev-devel%{_isa} = %{version}
Obsoletes:      libudev-devel < 183

%description devel
Development headers and auxiliary files for developing applications linking
to libudev or libsystemd.

%package udev
Summary: Rule-based device node and kernel event manager
License:        LGPL-2.1-or-later

Requires:       systemd%{_isa} = %{version}-%{release}
Requires(post):   systemd%{_isa} = %{version}-%{release}
Requires(preun):  systemd%{_isa} = %{version}-%{release}
Requires(postun): systemd%{_isa} = %{version}-%{release}
Requires(post): grep
Requires:       kmod >= 18-4
# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1
Obsoletes:      systemd < 245.6-1
Provides:       udev = %{version}
Provides:       udev%{_isa} = %{version}
Obsoletes:      udev < 183
Requires:       (grubby > 8.40-72 if grubby)
Requires:       (sdubby > 1.0-3 if sdubby)

# Libkmod is used to load modules. Assume that if we need udevd, we certainly
# want to load modules, so make this into a hard dependency here.
Requires:       libkmod.so.2%{?elf_suffix}
Requires:       libkmod.so.2(LIBKMOD_5)%{?elf_bits}

# Recommends to replace normal Requires deps for stuff that is dlopen()ed
# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
Recommends:     libcryptsetup.so.12%{?elf_suffix}
Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits}

# used by systemd-coredump and systemd-analyze
Recommends:     libdw.so.1%{?elf_suffix}
Recommends:     libdw.so.1(ELFUTILS_0.186)%{?elf_bits}
Recommends:     libelf.so.1%{?elf_suffix}
Recommends:     libelf.so.1(ELFUTILS_1.7)%{?elf_bits}

# used by home, cryptsetup, cryptenroll, logind
Recommends:     libfido2.so.1%{?elf_suffix}
Recommends:     libp11-kit.so.0%{?elf_suffix}
Recommends:     libtss2-esys.so.0%{?elf_suffix}
Recommends:     libtss2-mu.so.0%{?elf_suffix}
Recommends:     libtss2-rc.so.0%{?elf_suffix}

# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9
Suggests:       systemd-bootchart
# https://bugzilla.redhat.com/show_bug.cgi?id=1408878
Requires:       kbd

# https://bugzilla.redhat.com/show_bug.cgi?id=1753381
Provides:       u2f-hidraw-policy = 1.0.2-40
Obsoletes:      u2f-hidraw-policy < 1.0.2-40

# self-obsoletes to install both packages after split of systemd-boot
Obsoletes:      systemd-udev < 252.2^

Provides:       %{name}-repart = %{version}-%{release}

%description udev
This package contains systemd-udev and the rules and hardware database needed to
manage device nodes. This package is necessary on physical machines and in
virtual machines, but not in containers.

This package also provides systemd-timesyncd, a network time protocol daemon.

It also contains tools to manage encrypted home areas and secrets bound to the
machine, and to create or grow partitions and make file systems automatically.

%package ukify
Summary:        Tool to build Unified Kernel Images
Requires:       %{name} = %{version}-%{release}

Requires:       (systemd-boot if %{shrink:(
        filesystem(x86-32) or
        filesystem(x86-64) or
        filesystem(aarch64) or
        filesystem(riscv64)
)})
Requires:       python3dist(pefile)
Requires:       python3dist(zstd)
Requires:       python3dist(cryptography)
Recommends:     python3dist(pillow)

# for tests
%ifarch riscv64
# 2.42 received support for riscv64 + efi targets
%global binutils_version_req >= 2.42
%endif
BuildRequires:  binutils %{?binutils_version_req}

BuildArch:      noarch

%description ukify
This package provides ukify, a script that combines a kernel image, an initrd,
with a command line, and possibly PCR measurements and other metadata, into a
Unified Kernel Image (UKI).

%if 0%{?want_bootloader}
%package boot-unsigned
Summary: UEFI boot manager (unsigned version)

Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release
Provides: systemd-boot = %version-%release
Provides: systemd-boot%{_isa} = %version-%release
# A provides with just the version, no release or dist, used to build systemd-boot
Provides: version(systemd-boot-unsigned) = %version
Provides: version(systemd-boot-unsigned)%{_isa} = %version

# self-obsoletes to install both packages after split of systemd-boot
Obsoletes:      systemd-udev < 252.2^

%description boot-unsigned
systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a
graphical menu to select the entry to boot and an editor for the kernel command
line. systemd-boot supports systems with UEFI firmware only.

This package contains the unsigned version. Install systemd-boot instead to get
the version that works with Secure Boot.
%endif

%package container
# Name is the same as in Debian
Summary: Tools for containers and VMs
Requires:       %{name}%{_isa} = %{version}-%{release}
Requires(post):   systemd%{_isa} = %{version}-%{release}
Requires(preun):  systemd%{_isa} = %{version}-%{release}
Requires(postun): systemd%{_isa} = %{version}-%{release}
# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394)
Obsoletes:      %{name} < 229-5
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
Suggests:       libcurl-minimal
License:        LGPL-2.1-or-later

%description container
Systemd tools to spawn and manage containers and virtual machines.

This package contains systemd-nspawn, machinectl,
systemd-machined, and systemd-importd.

%package journal-remote
# Name is the same as in Debian
Summary:        Tools to send journal events over the network
Requires:       %{name}%{_isa} = %{version}-%{release}
License:        LGPL-2.1-or-later
Requires:       firewalld-filesystem
Provides:       %{name}-journal-gateway = %{version}-%{release}
Provides:       %{name}-journal-gateway%{_isa} = %{version}-%{release}
Obsoletes:      %{name}-journal-gateway < 227-7
# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
Suggests:       libcurl-minimal

%description journal-remote
Programs to forward journal entries over the network, using encrypted HTTP, and
to write journal files from serialized journal contents.

This package contains systemd-journal-gatewayd, systemd-journal-remote, and
systemd-journal-upload.

%package resolved
Summary:        Network Name Resolution manager
Requires:       %{name}%{_isa} = %{version}-%{release}
Obsoletes:      %{name} < 249~~
Requires:       libidn2.so.0%{?elf_suffix}
Requires:       libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
Requires(posttrans): grep

%description resolved
systemd-resolved is a system service that provides network name resolution to
local applications. It implements a caching and validating DNS/DNSSEC stub
resolver, as well as an LLMNR and MulticastDNS resolver and responder.

%package oomd
Summary:        A userspace out-of-memory (OOM) killer
Requires:       %{name}-udev = %{version}-%{release}
Provides:       %{name}-oomd-defaults = %{version}-%{release}
License:        LGPL-2.1-or-later

%description oomd
systemd-oomd is a system service that uses cgroups-v2 and pressure stall
information (PSI) to monitor and take action on processes before an OOM
occurs in kernel space.

%prep
%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1

%build
%global ntpvendor %(source /etc/os-release; echo ${ID})
%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}

CONFIGURE_OPTS=(
        -Dmode=%[%{with upstream}?"developer":"release"]
        -Dsysvinit-path=/etc/rc.d/init.d
        -Drc-local=/etc/rc.d/rc.local
        -Ddns-servers=
        -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
        -Dservice-watchdog=3min
        -Ddev-kvm-mode=0666
        -Dkmod=enabled
        -Dxkbcommon=enabled
        -Dblkid=enabled
        -Dfdisk=enabled
        -Dseccomp=enabled
        -Dima=true
        -Dselinux=enabled
        -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"]
        -Dapparmor=disabled
        -Dpolkit=enabled
        -Dxz=%[%{with xz}?"enabled":"disabled"]
        -Dzlib=%[%{with zlib}?"enabled":"disabled"]
        -Dbzip2=%[%{with bzip2}?"enabled":"disabled"]
        -Dlz4=%[%{with lz4}?"enabled":"disabled"]
        -Dzstd=%[%{with zstd}?"enabled":"disabled"]
        -Dpam=enabled
        -Dacl=enabled
        -Dsmack=true
        -Dopenssl=enabled
        -Dcryptolib=openssl
        -Dp11kit=enabled
        -Dgcrypt=disabled
        -Daudit=enabled
        -Delfutils=enabled
        -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"]
        -Delfutils=enabled
        -Drepart=enabled
        -Dpwquality=enabled
        -Dqrencode=%[%{defined rhel}?"disabled":"enabled"]
        -Dmicrohttpd=enabled
        -Dlibiptc=disabled
        -Dlibcurl=enabled
        -Dlibfido2=enabled
        -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"]
        -Defi=true
        -Dtpm=true
        -Dtpm2=enabled
        -Dhwdb=true
        -Dsysusers=true
        -Ddefault-kill-user-processes=false
        -Dfirst-boot-full-preset=true
        -Ddefault-network=true
        -Dtests=unsafe
        -Dinstall-tests=false
        -Dnobody-user=nobody
        -Dnobody-group=nobody
        -Dcompat-mutable-uid-boundaries=true
        -Dsplit-bin=true
        -Db_ndebug=false
        -Dman=%[%{with docs}?"enabled":"disabled"]
        -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""]
        # https://bugzilla.redhat.com/show_bug.cgi?id=1906010
        -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""]
        -Dlink-executor-shared=false
        -Dfallback-hostname="localhost"
        -Ddefault-dnssec=no
        -Ddefault-dns-over-tls=no
        # https://bugzilla.redhat.com/show_bug.cgi?id=1867830
        -Ddefault-mdns=no
        # https://bugzilla.redhat.com/show_bug.cgi?id=2028169
        -Dstatus-unit-format-default=combined
        -Dconfigfiledir=/usr/lib
        -Doomd=true

        -Dadm-gid=4
        -Dtty-gid=5
        -Ddisk-gid=6
        -Dlp-gid=7
        -Dkmem-gid=9
        -Dwheel-gid=10
        -Dcdrom-gid=11
        -Ddialout-gid=18
        -Dutmp-gid=22
        -Dtape-gid=33
        -Dkvm-gid=36
        -Dvideo-gid=39
        -Daudio-gid=63
        -Dusers-gid=100
        -Dinput-gid=104
        -Drender-gid=105
        -Dsgx-gid=106
        -Dsystemd-journal-gid=190
        -Dsystemd-network-uid=192
        -Dsystemd-resolve-uid=193
        # -Dsystemd-timesync-uid=, not set yet

        # For now, let's build the bootloader in the same places where we
        # built with gnu-efi. Later on, we might want to extend coverage, but
        # considering that that support is untested, let's not do this now.
        -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"]
        -Dukify=enabled

        # RHEL10 bootstrapping
        -Dstandalone-binaries=false
        -Dnscd=false
        -Dportabled=false
        -Dmountfsd=false
        -Dhomed=disabled
        -Dnetworkd=false
        -Dtimesyncd=false
        -Dcreate-log-dirs=false
        -Dnsresourced=false
        -Dfirstboot=true
        -Dvmspawn=disabled
        -Dstoragetm=false
        -Dhtml=disabled
        -Ddefault-net-naming-scheme=rhel-10.0-beta
        -Ddefault-llmnr=no
        -Ddns-over-tls=openssl
        -Dntp-servers=
        -Dsupport-url=https://access.redhat.com/support
        -Dlibidn=disabled
        -Dgnutls=disabled
        -Ddefault-compression=zstd
        # https://issues.redhat.com/browse/RHEL-16810
        -Dsbat-distro-url=mailto:secalert@redhat.com
        -Dsshconfdir=no
        -Dsshdconfdir=no
        -Duserdb=false
)

%if %{without lto}
%global _lto_cflags %nil
%endif

{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; }

%meson_build

new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh
if ! diff -u %{SOURCE1} ${new_triggers}; then
   echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!"
   echo -e "      cp $PWD/${new_triggers} %{SOURCE1}\n\n\n"
   sleep 5
fi

%install
%meson_install

# udev links
mkdir -p %{buildroot}/%{_sbindir}
ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm

# Compatiblity and documentation files
touch %{buildroot}/etc/crypttab
chmod 600 %{buildroot}/etc/crypttab

# Config files that were moved under /usr.
# We need to %ghost them so that they are not removed on upgrades.
touch %{buildroot}/etc/systemd/coredump.conf \
      %{buildroot}/etc/systemd/journald.conf \
      %{buildroot}/etc/systemd/journal-remote.conf \
      %{buildroot}/etc/systemd/journal-upload.conf \
      %{buildroot}/etc/systemd/logind.conf \
      %{buildroot}/etc/systemd/oomd.conf \
      %{buildroot}/etc/systemd/pstore.conf \
      %{buildroot}/etc/systemd/resolved.conf \
      %{buildroot}/etc/systemd/sleep.conf \
      %{buildroot}/etc/systemd/system.conf \
      %{buildroot}/etc/systemd/user.conf \
      %{buildroot}/etc/udev/udev.conf \
      %{buildroot}/etc/udev/iocost.conf

install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}

# /etc/initab
install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6}

# /etc/sysctl.conf compat
install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf
ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf

# Make sure these directories are properly owned
mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants
mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants
mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants
mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants
mkdir -p %{buildroot}/run
mkdir -p %{buildroot}%{_localstatedir}/log
touch %{buildroot}%{_localstatedir}/log/lastlog
chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog
touch %{buildroot}/run/utmp
touch %{buildroot}%{_localstatedir}/log/{w,b}tmp

# Make sure the user generators dir exists too
mkdir -p %{buildroot}%{pkgdir}/system-generators
mkdir -p %{buildroot}%{pkgdir}/user-generators

# Create new-style configuration files so that we can ghost-own them
touch %{buildroot}%{_sysconfdir}/hostname
touch %{buildroot}%{_sysconfdir}/vconsole.conf
touch %{buildroot}%{_sysconfdir}/locale.conf
touch %{buildroot}%{_sysconfdir}/machine-id
touch %{buildroot}%{_sysconfdir}/machine-info
touch %{buildroot}%{_sysconfdir}/localtime
mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d
touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf

# Make sure the shutdown/sleep drop-in dirs exist
mkdir -p %{buildroot}%{pkgdir}/system-shutdown/
mkdir -p %{buildroot}%{pkgdir}/system-sleep/

# Make sure directories in /var exist
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger
mkdir -p %{buildroot}%{_localstatedir}/lib/private
mkdir -p %{buildroot}%{_localstatedir}/log/private
mkdir -p %{buildroot}%{_localstatedir}/cache/private
mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload
ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload
mkdir -p %{buildroot}%{_localstatedir}/log/journal
touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database
touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin
touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed
touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state

# Install yum protection fragment
install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf

install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE8} %{SOURCE9}

# Install additional docs
# https://bugzilla.redhat.com/show_bug.cgi?id=1234951
install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10}

# https://bugzilla.redhat.com/show_bug.cgi?id=1378974
install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11}

install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}

# systemd-oomd default configuration
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15}

# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount
install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17}

sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py || :

install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21}
# Use rpm's own sysusers provides where available
%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10)
install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22}
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23}
%endif
install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24}

# https://bugzilla.redhat.com/show_bug.cgi?id=2107754
install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25}

ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel

%if "%{_sbindir}" == "%{_bindir}"
# Systemd has the split-sbin option which is also used to select the directory
# for alias symlinks. We need to keep split-sbin=true for now, to support
# unmerged systems. Move the symlinks here instead.
mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/
%endif

%if 0%{?fedora} >= 41
# This requires https://pagure.io/setup/pull-request/50
# and https://src.fedoraproject.org/rpms/setup/pull-request/10.
%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf
rm %{buildroot}/usr/lib/sysusers.d/basic.conf
%endif

# We don't want to ship systemd-ssh-generator and it is not possible to disable it via meson_options.txt
# OpenScanHub doesn't build man pages, so let's not fail when they are not present
rm %{buildroot}%{_prefix}/lib/systemd/system-generators/systemd-ssh-generator
rm %{buildroot}%{_prefix}/lib/systemd/system/ssh-access.target
rm %{buildroot}%{_prefix}/lib/systemd/systemd-ssh-proxy
rm %{buildroot}%{_mandir}/man1/systemd-ssh-proxy.1 || :
rm %{buildroot}%{_mandir}/man8/systemd-ssh-generator.8 || :

%find_lang %{name}

# Split files in build root into rpms
python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader}

%check
%if %{with tests}
meson test -C %{_vpath_builddir} -t 6 --print-errorlogs
%endif

#############################################################################################

%include %{SOURCE1}

%post
systemd-machine-id-setup &>/dev/null || :

[ $1 -eq 1 ] || exit 0

[ -w %{_localstatedir} ] && journalctl --update-catalog || :
systemd-sysusers || :
systemd-tmpfiles --create &>/dev/null || :

# We reset the enablement of all services upon initial installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23
# This will fix up enablement of any preset services that got installed
# before systemd due to rpm ordering problems:
# https://bugzilla.redhat.com/show_bug.cgi?id=1647172.
# We also do this for user units, see
# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units.
systemctl preset-all &>/dev/null || :
systemctl --global preset-all &>/dev/null || :

%postun
if [ $1 -ge 1 ]; then
  [ -w %{_localstatedir} ] && journalctl --update-catalog || :

  systemctl daemon-reexec || :

  systemd-tmpfiles --create &>/dev/null || :
fi

%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service

# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)

# This is the expanded form of %%systemd_user_daemon_reexec. We
# can't use the macro because we define it ourselves.
if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
    # Package upgrade, not uninstall
    /usr/lib/systemd/systemd-update-helper user-reexec || :
fi

%triggerun -- systemd < 256
# This is for upgrades from previous versions before systemd restart was moved to %%postun
systemctl daemon-reexec || :

%triggerpostun -- systemd < 256-9
if [ -L /etc/ssh/sshd_config.d/20-systemd-userdb.conf ] && \
   [ "$(readlink -m /etc/ssh/sshd_config.d/20-systemd-userdb.conf)" = "/usr/lib/systemd/sshd_config.d/20-systemd-userdb.conf" ] ; then
  rm -f /etc/ssh/sshd_config.d/20-systemd-userdb.conf || :
fi

%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket %{?want_bootloader:systemd-boot-update.service} systemd-pstore.service remote-cryptsetup.target

%post udev
# Move old stuff around in /var/lib
mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null
mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null

udevadm hwdb --update &>/dev/null

%systemd_post %udev_services

# Try to save the random seed, but don't complain if /dev/urandom is unavailable
/usr/lib/systemd/systemd-random-seed save 2>&1 | \
    grep -v 'Failed to open /dev/urandom' || :

# Replace obsolete keymaps
# https://bugzilla.redhat.com/show_bug.cgi?id=1151958
grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
    sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || :

%preun udev
%systemd_preun %udev_services

%postun udev
# Restart some services.
# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974)
%systemd_postun_with_restart systemd-udevd.service


%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service
%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket
%post journal-remote
%systemd_post %journal_remote_units_restart %journal_remote_units_norestart
%firewalld_reload

%preun journal-remote
%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart
if [ $1 -eq 1 ] ; then
    if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then
        mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload
        mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/.
        rmdir %{_localstatedir}/lib/systemd/journal-upload || :
    fi
fi

%postun journal-remote
%systemd_postun_with_restart %journal_remote_units_restart
%firewalld_reload

%post resolved
%systemd_post systemd-resolved.service

%preun resolved
if [ $1 -eq 0 ] ; then
        systemctl disable --quiet \
                systemd-resolved.service \
                >/dev/null || :
        if [ -L /etc/resolv.conf ] && \
            realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then
                rm -f /etc/resolv.conf # no longer useful
                # if network manager is enabled, move to it instead
                [ -f /run/NetworkManager/resolv.conf ] && \
                systemctl -q is-enabled NetworkManager.service &>/dev/null && \
                    ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf
        fi
fi

%postun resolved
%systemd_postun_with_restart systemd-resolved.service

%pre
getent group systemd-oom &>/dev/null || groupadd -r systemd-oom 2>&1 || :
getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /sbin/nologin -c "systemd Userspace OOM Killer" systemd-oom &>/dev/null || :

%preun oomd
%systemd_preun systemd-oomd.service

%post oomd
%systemd_post systemd-oomd.service

%postun oomd
%systemd_postun_with_restart systemd-oomd.service

%global _docdir_fmt %{name}

%files -f %{name}.lang -f .file-list-main
%doc %{_pkgdocdir}
%exclude %{_pkgdocdir}/LICENSE*
# Only the licenses texts for the licenses in License line are included.
%license LICENSE.GPL2
%license LICENSES/MIT.txt
%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants
%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants
%ghost %dir %attr(0700,-,-) /var/lib/portables
%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd

%files libs -f .file-list-libs
%license LICENSE.LGPL2.1

%files pam -f .file-list-pam

%files rpm-macros -f .file-list-rpm-macros

%files resolved -f .file-list-resolve

%files devel -f .file-list-devel

%files udev -f .file-list-udev

%files ukify -f .file-list-ukify
%if 0%{?want_bootloader}
%files boot-unsigned -f .file-list-boot
%endif

%files container -f .file-list-container
%ghost %dir %attr(0700,-,-) /var/lib/machines

%files journal-remote -f .file-list-remote

%files oomd -f .file-list-oomd

%clean
rm -rf $RPM_BUILD_ROOT
rm -f 10-timeout-abort.conf.user
rm -f .file-list-*
rm -f %{name}.lang

%changelog
* Fri Aug 30 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-14
- Revert "cgroup-util: Don't try to open pidfd for kernel threads" (RHEL-52634)
- ukify: Skip test on architectures without UEFI (RHEL-52634)

* Thu Aug 22 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-13
- systemctl: do not try to acquire triggering units for template units (RHEL-55132)
- core/unit: add one assertion for u->manager (RHEL-55734)
- core/service: destroy runtime data when Type=oneshot services exit (RHEL-55734)
- cgroup-util: Ignore kernel threads in cg_kill_items() (RHEL-55746)
- cgroup-util: Don't try to open pidfd for kernel threads (RHEL-55746)
- cgroup-util: fix typo (RHEL-55746)
- netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta (RHEL-55728)
- net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN (RHEL-55728)
- net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5 (RHEL-55728)
- make systemd-ukify subpackage arch dependent (RHEL-52634)

* Thu Aug 15 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-12
- netif-naming-scheme: add rhel-9.5 scheme (RHEL-44416)
- udev-builtin-net_id: use firmware_node/sun for ID_NET_NAME_SLOT (RHEL-44416)
- man/net-naming-scheme: add missing period (RHEL-44416)
- Revert "packit: drop the dependency on python3-zstd" (RHEL-36636)

* Tue Jul 30 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-11
- fix OpenScanHub builds (RHEL-40924)

* Mon Jul 29 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-10
- fix updgrade from versions before removal of systemd-ssh-generator - follow-up (RHEL-50131)

* Thu Jul 25 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-9
- fix updgrade from versions before removal of systemd-ssh-generator (RHEL-50131)

* Tue Jul 23 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-8
- Avoid /tmp being mounted as tmpfs without the user's will (RHEL-40924)
- unit: don't add Requires for tmp.mount (RHEL-40924)
- units: add [Install] section to tmp.mount (RHEL-40924)
- units: don't enable tmp.mount statically in local-fs.target (RHEL-40924)

* Mon Jul 22 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-7
- drop 10-timeout-abort.conf snippet (RHEL-46280)
- don't ship systemd-userdbd (RHEL-46280)

* Fri Jul 19 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-6
- doc: add downstream CONTRIBUTING document (RHEL-40924)
- ci: allow `policy` as rhel-only keyword (RHEL-40924)
-  ci: run mkosi test only for Fedora and CentOS Stream (RHEL-40924)
- taint: remove unused variable `usr_sbin` (RHEL-40924)
- packit: drop the libarchive workaround (RHEL-40924)
- packit: drop the dependency on python3-zstd (RHEL-40924)
- coredump: by default process and store core files up to 1GiB (RHEL-46778)
- don't ship systemd-ssh-generator harder (RHEL-40924)

* Wed Jul 17 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-5
- don't ship systemd-ssh-generator (RHEL-40924)

* Tue Jul 16 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-4
- reenable systemd-firstboot (RHEL-48822)
- don't create /var/log/journal (RHEL-40924)

* Mon Jul 08 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-3
- taint: remove unmerged-bin (RHEL-46277)
- presets: remove resolved (RHEL-46576)
- remove resolved scriptlets
- don't install tests

* Thu Jul 04 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-2
- logind: set RemoveIPC to false by default (RHEL-40924)
- tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink (RHEL-40924)
- rc-local: order after network-online.target (RHEL-40924)
- random-util: increase random seed size to 1024 (RHEL-40924)
- journal: don't enable systemd-journald-audit.socket by default (RHEL-40924)
- journald.conf: don't touch current audit settings (RHEL-40924)
- rules: add elevator= kernel command line parameter (RHEL-40924)
- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (RHEL-40924)
- udev/net-setup-link: change the default MACAddressPolicy to "none" (RHEL-40924)
- core: decrease log level of messages about use of KillMode=none (RHEL-40924)
- meson: rename libbasic to libbasic_static (RHEL-46020)
- meson: build libsystemd-core via an intermediate static library (RHEL-46020)
- meson: add option to build systemd-executor "statically" (RHEL-46020)

* Wed Jun 26 2024 Jan Macku <jamacku@redhat.com> - 256-1
- Initial import and bootsprap from Fedora
  * remove standalone packages
  * remove networkd package
  * remove homed
  * remove portabled
  * remove timesyncd
  * remove tests package
  * move oomd to separate package
  * revert bin-sbin merge related changes
- remove autorelease stuff
  * for changelog history see changelog file
- rules: copy 40-redhat.rules from RHEL 9 (RHEL-40360)
- net-naming-scheme: start rhel10 naming and include rhel8 and rhel9 ones (RHEL-22621)
- fedora: use system-auth in pam systemd-user (RHEL-40924)
- tmpfiles: make --purge hard to (mis-)use (RHEL-40924)
- journal: again create user journals for users with high uids (RHEL-40924)
- (origin/rhel-10.0.beta, rhel-10.0.beta) ci: allow to pass parameters together with rhel-only note (RHEL-36636)
- ci: reconfigure Packit for RHEL 10 (RHEL-36636)
- ci: deploy systemd man to GitHub Pages (RHEL-36636)
- ci: setup source-git automation (RHEL-36636)
- ci: update workflows to run on source-git setup (RHEL-36636)