systemd-256-6

Resolves: RHEL-40924,RHEL-46778

0065-doc-add-downstream-CONTRIBUTING-document.patch

@@ -0,0 +1,108 @@
+From f7c92899a77656a1bb7586f83c27b00cd5ea0707 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Thu, 27 Jun 2024 10:17:06 +0200
+Subject: [PATCH] doc: add downstream CONTRIBUTING document
+
+rhel-only: doc
+
+Related: RHEL-40924
+---
+ CONTRIBUTING.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++
+ README.md       |  2 +-
+ 2 files changed, 76 insertions(+), 1 deletion(-)
+ create mode 100644 CONTRIBUTING.md
+
+diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
+new file mode 100644
+index 0000000000..28466facac
+--- /dev/null
++++ b/CONTRIBUTING.md
+@@ -0,0 +1,75 @@
++# Contributing
++
++Welcome to systemd source-git for CentOS Stream and RHEL. When contributing, please follow the guide below.
++
++## Workflow
++
++```mermaid
++flowchart LR
++    A(Issue) --> B{is fixed\nupstream}
++    B -->|YES| C(backport\nupstream patch)
++    B -->|NO| D(upstream\nsubmit issue or PR)
++    D --> E{accepted\nand fixed}
++    E -->|YES| C
++    E -->|NO| F(rhel-only patch) --> G
++    C --> G(submit PR)
++```
++
++## Filing issues
++
++When you find an issue with systemd used in **CentOS Stream** or **RHEL**, please file an issue in Red Hat [Jira ticket system](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12380515).
++
++GitHub Issues are not supported tracking system. If your issue is reproducible using the latest upstream version of systemd, please consider creating [upstream issue](https://github.com/systemd/systemd/issues/new/choose).
++
++## Posting Pull Requests
++
++Every Pull Request has to comply with the following rules:
++
++- Each commit has to reference [upstream](https://github.com/systemd/systemd) commit.
++- Each commit has to reference the approved issue/tracker.
++- Pull requests have to pass mandatory CI validation and testing
++- Pull requests have to be approved by at least one systemd downstream maintainer
++
++### Upstream reference
++
++When doing a back-port of an upstream commit, always use `cherry-pick -x <sha>`. Consider proposing a change upstream first when an upstream commit doesn't exist.
++If the change isn't upstream relevant or accepted by upstream, mark the commit with the `rhel-only: <parameter>` string, where a `<parameter>` is:
++
++- `feature` - for feature-related commits (cross-version)
++- `bugfix` - for bugfix-related commits (cross-version)
++- `doc` - for documentation-related commits (usually version-specific)
++- `workaround` - for workaround-related commits (usually version-specific)
++- `ci` - for CI-related commits (version-specific)
++- `test` - for test-related commits (version-specific)
++- `other` - for commits that do not fit into any of the above categories (version-specific)
++
++```md
++doc: Fix TYPO
++
++rhel-only: doc
++
++Resolves: RHEL-678
++```
++
++### Issue reference
++
++Each commit has to reference the relevant approved systemd issue (see: [Filling issues section](#filing-issues)). For referencing issues, we use the following keywords:
++
++- **Resolves** for commits that directly resolve issues described in a referenced tracker
++- **Related** for commits related to the referenced issue, but they don't fix it. Usually, tests and documentation.
++- **Reverts** for commits that reverts previously merged commit
++
++When referencing issues, use the following structure: `<keyword>: <issue ID>`. See the example below:
++
++```md
++doc: Fix TYPO
++
++(cherry picked from commit c5afbac31bb33e7b1f4d59b253425af991a630a4)
++
++Resolves: RHEL-678
++```
++
++### Validation and testing
++
++Each Pull Request has to pass all enabled tests that are automatically run using GitHub Actions, CentOS Stream CI, and others.
++If CI failure is unrelated to the change introduced in Pull Request, the downstream maintainer will set the `ci-waived` label and explain why CI was waived.
+diff --git a/README.md b/README.md
+index 12f1381f08..421a2e6572 100644
+--- a/README.md
++++ b/README.md
+@@ -30,7 +30,7 @@ Please see the [Code Map](docs/ARCHITECTURE.md) for information about this repos
+ 
+ Please see the [Hacking guide](docs/HACKING.md) for information on how to hack on systemd and test your modifications.
+ 
+-Please see our [Contribution Guidelines](docs/CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests.
++Please see our [Contribution Guidelines](CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests.
+ 
+ When preparing patches for systemd, please follow our [Coding Style Guidelines](docs/CODING_STYLE.md).
+ 

0066-ci-allow-policy-as-rhel-only-keyword.patch

@@ -0,0 +1,40 @@
+From 5d244e25b994f1db5988cf6de14fff9058a75bc2 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Mon, 15 Jul 2024 14:13:14 +0200
+Subject: [PATCH] ci: allow `policy` as rhel-only keyword
+
+rhel-only: ci
+
+Related: RHEL-40924
+---
+ .github/advanced-commit-linter.yml | 4 ++--
+ CONTRIBUTING.md                    | 1 +
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
+index 3e3e3fe2bf..4a7e6542b4 100644
+--- a/.github/advanced-commit-linter.yml
++++ b/.github/advanced-commit-linter.yml
+@@ -4,8 +4,8 @@ policy:
+       - github: systemd/systemd
+     exception:
+       note:
+-        - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)'
+-        - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)'
++        - 'rhel-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
++        - 'RHEL-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
+   tracker:
+     - keyword:
+         - 'Resolves: '
+diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
+index 28466facac..c2e3a2d4d0 100644
+--- a/CONTRIBUTING.md
++++ b/CONTRIBUTING.md
+@@ -37,6 +37,7 @@ If the change isn't upstream relevant or accepted by upstream, mark the commit w
+ 
+ - `feature` - for feature-related commits (cross-version)
+ - `bugfix` - for bugfix-related commits (cross-version)
++- `policy` - for policy-related commits (cross-version)
+ - `doc` - for documentation-related commits (usually version-specific)
+ - `workaround` - for workaround-related commits (usually version-specific)
+ - `ci` - for CI-related commits (version-specific)

0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch

@@ -0,0 +1,68 @@
+From 1a643a20c5e772fc15a921ed81c7b010fa6bd4a7 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 16 Jul 2024 10:08:06 +0200
+Subject: [PATCH]  ci: run mkosi test only for Fedora and CentOS Stream
+
+rhel-only: ci
+
+Related: RHEL-40924
+---
+ .github/workflows/mkosi.yml | 24 ++----------------------
+ 1 file changed, 2 insertions(+), 22 deletions(-)
+
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index 3a8dabd95c..9add22c2ea 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -8,7 +8,7 @@ on:
+   push:
+     branches:
+       - main
+-      - v[0-9]+-stable
++      - rhel-10.*
+     paths:
+       - '**'
+       - '!README*'
+@@ -26,7 +26,7 @@ on:
+   pull_request:
+     branches:
+       - main
+-      - v[0-9]+-stable
++      - rhel-10.*
+     paths:
+       - '**'
+       - '!README*'
+@@ -54,21 +54,6 @@ jobs:
+       fail-fast: false
+       matrix:
+         include:
+-          - distro: arch
+-            release: rolling
+-            sanitizers: ""
+-            llvm: 0
+-            cflags: "-O2 -D_FORTIFY_SOURCE=3"
+-          - distro: debian
+-            release: testing
+-            sanitizers: ""
+-            llvm: 0
+-            cflags: "-Og"
+-          - distro: ubuntu
+-            release: noble
+-            sanitizers: ""
+-            llvm: 0
+-            cflags: "-Og"
+           - distro: fedora
+             release: "40"
+             sanitizers: ""
+@@ -79,11 +64,6 @@ jobs:
+             sanitizers: address,undefined
+             llvm: 1
+             cflags: "-Og"
+-          - distro: opensuse
+-            release: tumbleweed
+-            sanitizers: ""
+-            llvm: 0
+-            cflags: "-Og"
+           - distro: centos
+             release: "9"
+             sanitizers: ""

0068-taint-remove-unused-variable-usr_sbin.patch

@@ -0,0 +1,27 @@
+From 423af3467e66fd07a3a739b40af97b265bd4e45e Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Tue, 16 Jul 2024 10:09:23 +0200
+Subject: [PATCH] taint: remove unused variable `usr_sbin`
+
+follow-up to https://github.com/redhat-plumbers/systemd-rhel10/commit/13a07024f674e770844de29cd3d01cb7117f56d9
+
+rhel-only: policy
+
+Related: RHEL-40924
+---
+ src/core/taint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/taint.c b/src/core/taint.c
+index 4c98312f54..370f0297e3 100644
+--- a/src/core/taint.c
++++ b/src/core/taint.c
+@@ -39,7 +39,7 @@ char* taint_string(void) {
+          * runtime should be tagged here. For stuff that is known during compilation, emit a warning in the
+          * configuration phase. */
+ 
+-        _cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL;
++        _cleanup_free_ char *bin = NULL, *var_run = NULL;
+ 
+         if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
+                 stage[n++] = "unmerged-usr";

0069-packit-drop-the-libarchive-workaround.patch

@@ -0,0 +1,28 @@
+From fb422df08369fd10a4d3543697f09a7bd2f4c288 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 17 Jul 2024 12:19:03 +0200
+Subject: [PATCH] packit: drop the libarchive workaround
+
+As it's not needed anymore.
+
+rhel-only: ci
+
+Related: RHEL-40924
+---
+ .packit.yml | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 340c6992ec..03b3aae7d5 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -39,9 +39,6 @@ actions:
+     - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+     # Ignore unpackaged standalone binaries
+     - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
+-    # Temporarily add libarchive-devel build dep and libarchive runtime dep
+-    # until the change propagates to Rawhide's specfile
+-    - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
+ 
+ # Available targets can be listed via `copr-cli list-chroots`
+ jobs:

0070-packit-drop-the-dependency-on-python3-zstd.patch

@@ -0,0 +1,28 @@
+From 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 17 Jul 2024 12:22:55 +0200
+Subject: [PATCH] packit: drop the dependency on python3-zstd
+
+Since it's only in the RHEL buildroot repo.
+
+rhel-only: ci
+
+Related: RHEL-40924
+---
+ .packit.yml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/.packit.yml b/.packit.yml
+index 03b3aae7d5..48ba210947 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -39,6 +39,9 @@ actions:
+     - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+     # Ignore unpackaged standalone binaries
+     - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
++    # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot
++    # repo
++    - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec"
+ 
+ # Available targets can be listed via `copr-cli list-chroots`
+ jobs:

0071-coredump-by-default-process-and-store-core-files-up-.patch

@@ -0,0 +1,30 @@
+From 612afd332a5e647faed3c3acba03ca653bace41b Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 5 Apr 2024 15:56:58 +0200
+Subject: [PATCH] coredump: by default process and store core files up to 1GiB
+
+This brings policy inline with RHEL-9.
+
+rhel-only: policy
+
+Related: RHEL-46778
+---
+ src/coredump/coredump.conf | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/coredump/coredump.conf b/src/coredump/coredump.conf
+index ae341e40d7..3603edb782 100644
+--- a/src/coredump/coredump.conf
++++ b/src/coredump/coredump.conf
+@@ -19,9 +19,8 @@
+ [Coredump]
+ #Storage=external
+ #Compress=yes
+-# On 32-bit, the default is 1G instead of 32G.
+-#ProcessSizeMax=32G
+-#ExternalSizeMax=32G
++ProcessSizeMax=1G
++ExternalSizeMax=1G
+ #JournalSizeMax=767M
+ #MaxUse=
+ #KeepFree=

systemd.spec

@@ -48,7 +48,7 @@ Url:            https://systemd.io
 # Allow users to specify the version and release when building the rpm by 
 # setting the %%version_override and %%release_override macros.
 Version:        %{?version_override}%{!?version_override:256}
-Release:        5%{?dist}
+Release:        6%{?dist}
 
 %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
 
@@ -170,6 +170,13 @@ Patch0061: 0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch
 Patch0062: 0062-meson-add-option-to-build-systemd-executor-staticall.patch
 Patch0063: 0063-taint-remove-unmerged-bin.patch
 Patch0064: 0064-presets-remove-resolved.patch
+Patch0065: 0065-doc-add-downstream-CONTRIBUTING-document.patch
+Patch0066: 0066-ci-allow-policy-as-rhel-only-keyword.patch
+Patch0067: 0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
+Patch0068: 0068-taint-remove-unused-variable-usr_sbin.patch
+Patch0069: 0069-packit-drop-the-libarchive-workaround.patch
+Patch0070: 0070-packit-drop-the-dependency-on-python3-zstd.patch
+Patch0071: 0071-coredump-by-default-process-and-store-core-files-up-.patch
 
 # Downstream-only patches (9000–9999)
 
@@ -731,6 +738,7 @@ CONFIGURE_OPTS=(
         # https://issues.redhat.com/browse/RHEL-16810
         -Dsbat-distro-url=mailto:secalert@redhat.com
         -Dsshconfdir=no
+        -Dsshdconfdir=no
 )
 
 %if %{without lto}
@@ -888,12 +896,9 @@ rm %{buildroot}/usr/lib/sysusers.d/basic.conf
 %endif
 
 # We don't want to ship systemd-ssh-generator and it is not possible to disable it via meson_options.txt
-rm %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/20-systemd-userdb.conf
-rmdir %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
-rm %{buildroot}%{_prefix}/lib/systemd/sshd_config.d/20-systemd-userdb.conf
-rmdir %{buildroot}%{_prefix}/lib/systemd/sshd_config.d/
 rm %{buildroot}%{_prefix}/lib/systemd/system-generators/systemd-ssh-generator
 rm %{buildroot}%{_prefix}/lib/systemd/system/ssh-access.target
+rm %{buildroot}%{_prefix}/lib/systemd/systemd-ssh-proxy
 rm %{buildroot}%{_mandir}/man1/systemd-ssh-proxy.1
 rm %{buildroot}%{_mandir}/man8/systemd-ssh-generator.8
 
@@ -1102,6 +1107,16 @@ rm -f .file-list-*
 rm -f %{name}.lang
 
 %changelog
+* Fri Jul 19 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-6
+- doc: add downstream CONTRIBUTING document (RHEL-40924)
+- ci: allow `policy` as rhel-only keyword (RHEL-40924)
+-  ci: run mkosi test only for Fedora and CentOS Stream (RHEL-40924)
+- taint: remove unused variable `usr_sbin` (RHEL-40924)
+- packit: drop the libarchive workaround (RHEL-40924)
+- packit: drop the dependency on python3-zstd (RHEL-40924)
+- coredump: by default process and store core files up to 1GiB (RHEL-46778)
+- don't ship systemd-ssh-generator harder (RHEL-40924)
+
 * Wed Jul 17 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-5
 - don't ship systemd-ssh-generator (RHEL-40924)