Rebase to current fedora specfile

Related: RHEL-40924
2024-01-29 11:23:07 +01:00 · 2024-01-29 11:23:07 +01:00 · c560bc2e3a
commit c560bc2e3a
parent 76bcdb2924
7 changed files with 501 additions and 140 deletions
--- a/0001-Revert-machined-add-varlink-interface-for-registerin.patch
+++ b/0001-Revert-machined-add-varlink-interface-for-registerin.patch
@ -0,0 +1,217 @@
 From c93a24119977a11791aab0f3df5e5cb9973a34de Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Sat, 11 May 2024 13:27:12 +0200
 Subject: [PATCH] Revert "machined: add varlink interface for registering
 machines"
 This reverts commit 5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91.
 ---
 man/systemd-machined.service.xml        |  6 +--
 src/machine/machine-varlink.h           |  6 ---
 src/machine/machined-varlink.c          | 62 ++-----------------------
 src/machine/machined.c                  |  5 +-
 src/machine/machined.h                  |  3 +-
 src/machine/meson.build                 |  1 -
 src/shared/meson.build                  |  1 -
 src/shared/varlink-io.systemd.Machine.h |  6 ---
 8 files changed, 8 insertions(+), 82 deletions(-)
 delete mode 100644 src/machine/machine-varlink.h
 delete mode 100644 src/shared/varlink-io.systemd.Machine.h
 diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml
 index b2899ff0fd..f3d7755973 100644
 --- a/man/systemd-machined.service.xml
 +++ b/man/systemd-machined.service.xml
@@ -100,12 +100,10 @@
     <para>The daemon provides both a C library interface
     (which is shared with <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
 -    as well as a D-Bus interface and a Varlink interface.
 +    as well as a D-Bus interface.
     The library interface may be used to introspect and watch the state of virtual machines/containers.
     The bus interface provides the same but in addition may also be used to register or terminate
 -    machines. The Varlink interface may be used to register machines with optional extensions, e.g. with an
 -    SSH key / address; it can be queried with
 -    <command>varlinkctl introspect /run/systemd/machine/io.systemd.Machine io.systemd.Machine</command>.
 +    machines.
     For more information please consult
     <citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     and
 diff --git a/src/machine/machine-varlink.h b/src/machine/machine-varlink.h
 deleted file mode 100644
 index ce4ec54dc1..0000000000
 --- a/src/machine/machine-varlink.h
 +++ /dev/null
@@ -1,6 +0,0 @@
 -/* SPDX-License-Identifier: LGPL-2.1-or-later */
 -#pragma once
 -
 -#include "varlink.h"
 -
 -int vl_method_register(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata);
 diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c
 index 0d3ae627c1..6ca98e27cf 100644
 --- a/src/machine/machined-varlink.c
 +++ b/src/machine/machined-varlink.c
@@ -1,12 +1,10 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #include "format-util.h"
 -#include "machine-varlink.h"
 #include "machined-varlink.h"
 #include "mkdir.h"
 #include "user-util.h"
 #include "varlink.h"
 -#include "varlink-io.systemd.Machine.h"
 #include "varlink-io.systemd.UserDatabase.h"
 typedef struct LookupParameters {
@@ -380,13 +378,13 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var
         return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
 }
 -static int manager_varlink_init_userdb(Manager *m) {
 +int manager_varlink_init(Manager *m) {
         _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
         int r;
         assert(m);
 -        if (m->varlink_userdb_server)
 +        if (m->varlink_server)
                 return 0;
         r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA);
@@ -417,64 +415,12 @@ static int manager_varlink_init_userdb(Manager *m) {
         if (r < 0)
                 return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
 -        m->varlink_userdb_server = TAKE_PTR(s);
 -        return 0;
 -}
 -
 -static int manager_varlink_init_machine(Manager *m) {
 -        _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
 -        int r;
 -
 -        assert(m);
 -
 -        if (m->varlink_machine_server)
 -                return 0;
 -
 -        r = varlink_server_new(&s, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
 -        if (r < 0)
 -                return log_error_errno(r, "Failed to allocate varlink server object: %m");
 -
 -        varlink_server_set_userdata(s, m);
 -
 -        r = varlink_server_add_interface(s, &vl_interface_io_systemd_Machine);
 -        if (r < 0)
 -                return log_error_errno(r, "Failed to add UserDatabase interface to varlink server: %m");
 -
 -        r = varlink_server_bind_method(s, "io.systemd.Machine.Register", vl_method_register);
 -        if (r < 0)
 -                return log_error_errno(r, "Failed to register varlink methods: %m");
 -
 -        (void) mkdir_p("/run/systemd/machine", 0755);
 -
 -        r = varlink_server_listen_address(s, "/run/systemd/machine/io.systemd.Machine", 0666);
 -        if (r < 0)
 -                return log_error_errno(r, "Failed to bind to varlink socket: %m");
 -
 -        r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
 -        if (r < 0)
 -                return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
 -
 -        m->varlink_machine_server = TAKE_PTR(s);
 -        return 0;
 -}
 -
 -int manager_varlink_init(Manager *m) {
 -        int r;
 -
 -        r = manager_varlink_init_userdb(m);
 -        if (r < 0)
 -                return r;
 -
 -        r = manager_varlink_init_machine(m);
 -        if (r < 0)
 -                return r;
 -
 +        m->varlink_server = TAKE_PTR(s);
         return 0;
 }
 void manager_varlink_done(Manager *m) {
         assert(m);
 -        m->varlink_userdb_server = varlink_server_unref(m->varlink_userdb_server);
 -        m->varlink_machine_server = varlink_server_unref(m->varlink_machine_server);
 +        m->varlink_server = varlink_server_unref(m->varlink_server);
 }
 diff --git a/src/machine/machined.c b/src/machine/machined.c
 index d7087e4672..2638ed572e 100644
 --- a/src/machine/machined.c
 +++ b/src/machine/machined.c
@@ -316,10 +316,7 @@ static bool check_idle(void *userdata) {
         if (m->operations)
                 return false;
 -        if (varlink_server_current_connections(m->varlink_userdb_server) > 0)
 -                return false;
 -
 -        if (varlink_server_current_connections(m->varlink_machine_server) > 0)
 +        if (varlink_server_current_connections(m->varlink_server) > 0)
                 return false;
         manager_gc(m, true);
 diff --git a/src/machine/machined.h b/src/machine/machined.h
 index 67abed0fd6..280c32bab6 100644
 --- a/src/machine/machined.h
 +++ b/src/machine/machined.h
@@ -40,8 +40,7 @@ struct Manager {
         sd_event_source *nscd_cache_flush_event;
 #endif
 -        VarlinkServer *varlink_userdb_server;
 -        VarlinkServer *varlink_machine_server;
 +        VarlinkServer *varlink_server;
 };
 int manager_add_machine(Manager *m, const char *name, Machine **_machine);
 diff --git a/src/machine/meson.build b/src/machine/meson.build
 index 3150b33de5..c82a32589d 100644
 --- a/src/machine/meson.build
 +++ b/src/machine/meson.build
@@ -3,7 +3,6 @@
 libmachine_core_sources = files(
         'image-dbus.c',
         'machine-dbus.c',
 -        'machine-varlink.c',
         'machine.c',
         'machined-core.c',
         'machined-dbus.c',
 diff --git a/src/shared/meson.build b/src/shared/meson.build
 index d01367a159..17313aefed 100644
 --- a/src/shared/meson.build
 +++ b/src/shared/meson.build
@@ -180,7 +180,6 @@ shared_sources = files(
         'varlink-io.systemd.Credentials.c',
         'varlink-io.systemd.Hostname.c',
         'varlink-io.systemd.Journal.c',
 -        'varlink-io.systemd.Machine.c',
         'varlink-io.systemd.ManagedOOM.c',
         'varlink-io.systemd.MountFileSystem.c',
         'varlink-io.systemd.NamespaceResource.c',
 diff --git a/src/shared/varlink-io.systemd.Machine.h b/src/shared/varlink-io.systemd.Machine.h
 deleted file mode 100644
 index c9fc85f150..0000000000
 --- a/src/shared/varlink-io.systemd.Machine.h
 +++ /dev/null
@@ -1,6 +0,0 @@
 -/* SPDX-License-Identifier: LGPL-2.1-or-later */
 -#pragma once
 -
 -#include "varlink-idl.h"
 -
 -extern const VarlinkInterface vl_interface_io_systemd_Machine;
--- a/0001-tmpfiles-make-purge-hard-to-mis-use.patch
+++ b/0001-tmpfiles-make-purge-hard-to-mis-use.patch
@ -0,0 +1,63 @@
 From f62d1f6ea55fc0dcccbe60582804c9b033f8ad0e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Tue, 18 Jun 2024 20:32:10 +0200
 Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use
 Follow-up for https://github.com/systemd/systemd/pull/33383.
 ---
 src/tmpfiles/tmpfiles.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
 index 5841db293e..9b0f744ba9 100644
 --- a/src/tmpfiles/tmpfiles.c
 +++ b/src/tmpfiles/tmpfiles.c
@@ -4195,6 +4195,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_IMAGE_POLICY,
                 ARG_REPLACE,
                 ARG_DRY_RUN,
 +                ARG_DESTROY_DATA,
                 ARG_NO_PAGER,
         };
@@ -4218,10 +4219,18 @@ static int parse_argv(int argc, char *argv[]) {
                 { "replace",        required_argument,   NULL, ARG_REPLACE        },
                 { "dry-run",        no_argument,         NULL, ARG_DRY_RUN        },
                 { "no-pager",       no_argument,         NULL, ARG_NO_PAGER       },
 +
 +                /* This is not documented on purpose.
 +                 * If you think --purge should be allowed without jumping through hoops,
 +                 * consider opening a bug report with the description of the use case.
 +                 */
 +                { "destroy-data",   no_argument,         NULL, ARG_DESTROY_DATA   },
 +
                 {}
         };
         int c, r;
 +        bool destroy_data = false;
         assert(argc >= 0);
         assert(argv);
@@ -4328,6 +4337,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_dry_run = true;
                         break;
 +                case ARG_DESTROY_DATA:
 +                        destroy_data = true;
 +                        break;
 +
                 case ARG_NO_PAGER:
                         arg_pager_flags |= PAGER_DISABLE;
                         break;
@@ -4347,6 +4360,10 @@ static int parse_argv(int argc, char *argv[]) {
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Refusing --purge without specification of a configuration file.");
 +        if (FLAGS_SET(arg_operation, OPERATION_PURGE) && !arg_dry_run && !destroy_data)
 +                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 +                                       "Refusing --purge without --destroy-data.");
 +
         if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Option --replace= is not supported with --cat-config/--tldr.");
--- a/30846.patch
+++ b/30846.patch
@ -1,4 +1,4 @@
-From 07fd822c59e29b4f5e7dab029ea1186c1b862e3e Mon Sep 17 00:00:00 2001
+From ca1344d04a9c1804234417dcfbd868524abc7ce6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Tue, 9 Jan 2024 11:28:04 +0100
 Subject: [PATCH] journal: again create user journals for users with high uids
@ -39,13 +39,13 @@ revert the change to fix user systems.
 Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
 ---
- src/basic/uid-alloc-range.c | 2 +-
+ src/basic/uid-classification.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c
+diff --git a/src/basic/uid-classification.c b/src/basic/uid-classification.c
-index 669cb6d56f7be..7b724b7959f60 100644
+index e2d2cebc6d..2c8b06c0d3 100644
--- a/src/basic/uid-alloc-range.c
+--- a/src/basic/uid-classification.c
-+++ b/src/basic/uid-alloc-range.c
+++ b/src/basic/uid-classification.c
@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
         /* Returns true if the specified UID shall get its data stored in the system journal. */
--- a/README.build-in-place.md
+++ b/README.build-in-place.md
@ -7,7 +7,7 @@ and his [talk during ASG2019](https://www.youtube.com/watch?v=fVM1kJrymRM).
 git clone https://github.com/systemd/systemd
 fedpkg clone systemd fedora-systemd
 cd systemd
-rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../fedora-systemd/systemd.spec
+rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with upstream ../fedora-systemd/systemd.spec
 sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
 ```
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453
+SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c
--- a/systemd.spec
+++ b/systemd.spec
@ -1,4 +1,4 @@
-#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
+#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
 # We ship a .pc file but don't want to have a dep on pkg-config. We
@ -15,31 +15,39 @@
 %global elf_suffix ()%{elf_bits}
 %endif
-%bcond bzip2  1
+%bcond bzip2     1
-%bcond gnutls 1
+%bcond gnutls    1
-%bcond lz4    1
+%bcond lz4       1
-%bcond xz     1
+%bcond xz        1
-%bcond zlib   1
+%bcond zlib      1
-%bcond zstd   1
+%bcond zstd      1
 # Bootstrap may be needed to break circular dependencies with cryptsetup,
 # e.g. when re-building cryptsetup on a json-c SONAME-bump.
 %bcond bootstrap 0
 %bcond tests     1
 %bcond lto       1
 %bcond docs      1
-# Support for quick builds with rpmbuild --build-in-place.
+# Build from git main
-# See README.build-in-place.
+%bcond upstream  0
-%bcond inplace 0
+
 # When bootstrap, libcryptsetup is disabled
 # but auto-features causes many options to be turned on
 # that depend on libcryptsetup (e.g. libcryptsetup-plugins, homed)
 %if %{with bootstrap}
 %global __meson_auto_features disabled
 %endif
 # Override %%autorelease. This is ugly, but rpmautospec doesn't implement
 # autorelease correctly if the macro is conditionalized in the Release field.
 %{?release_override:%global autorelease %{release_override}%{?dist}}
 Name:           systemd
 Url:            https://systemd.io
-%if %{without inplace}
+# Allow users to specify the version and release when building the rpm by 
-Version:        255.3
+# setting the %%version_override and %%release_override macros.
-%else
+Version:        %{?version_override}%{!?version_override:256.1}
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
 Release:        %autorelease
 %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@ -50,29 +58,26 @@ Summary:        System and Service Manager
 # download tarballs with "spectool -g systemd.spec"
 %if %{defined commit}
-Source0:        https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
+Source0:        https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 %else
 %if 0%{?stable}
 Source0:        https://github.com/systemd/systemd-stable/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
 %else
 Source0:        https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz
 %endif
 %endif
 # This file must be available before %%prep.
 # It is generated during systemd build and can be found in build/src/core/.
 Source1:        triggers.systemd
 Source2:        split-files.py
 Source3:        purge-nobody-user
 Source4:        test_sysusers_defined.py
 # Prevent accidental removal of the systemd package
-Source4:        yum-protect-systemd.conf
+Source5:        yum-protect-systemd.conf
-Source5:        inittab
+Source6:        inittab
-Source6:        sysctl.conf.README
+Source7:        sysctl.conf.README
-Source7:        systemd-journal-remote.xml
+Source8:        systemd-journal-remote.xml
-Source8:        systemd-journal-gatewayd.xml
+Source9:        systemd-journal-gatewayd.xml
-Source9:        20-yama-ptrace.conf
+Source10:       20-yama-ptrace.conf
-Source10:       systemd-udev-trigger-no-reload.conf
+Source11:       systemd-udev-trigger-no-reload.conf
 # https://fedoraproject.org/wiki/How_to_filter_libabigail_reports
 Source13:       .abignore
@ -100,11 +105,19 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 # than in the next section. Packit CI will drop any patches in this range before
 # applying upstream pull requests.
 %if %{without upstream}
 # Drop varlink method call until selinux policy is updated,
 # see https://bodhi.fedoraproject.org/updates/FEDORA-2024-d5c99f5063,
 # https://bugzilla.redhat.com/show_bug.cgi?id=2279923.
 # Reverts https://github.com/systemd/systemd/commit/5b44c81ff868a4d1b78a74e4770f7a8b2f1d0f91.
 Patch0001:      0001-Revert-machined-add-varlink-interface-for-registerin.patch
 %if 0%{?fedora} < 41
 # Work-around for dracut issue: run generators directly when we are in initrd
 # https://bugzilla.redhat.com/show_bug.cgi?id=2164404
 # Drop when dracut-060 is available.
-Patch0001:      https://github.com/systemd/systemd/pull/26494.patch
+Patch0010:      https://github.com/systemd/systemd/pull/26494.patch
-
+%endif
 # Those are downstream-only patches, but we don't want them in packit builds:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@ -112,10 +125,14 @@ Patch0490:      use-bfq-scheduler.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2251843
 Patch0491:      https://github.com/systemd/systemd/pull/30846.patch
 # Soft-disable tmpfiles --purge until a good use case comes up.
 Patch0492:      0001-tmpfiles-make-purge-hard-to-mis-use.patch
 %endif
 # Adjust upstream config to use our shared stack
 Patch0499:      fedora-use-system-auth-in-pam-systemd-user.patch
-%ifarch %{ix86} x86_64 aarch64
+%ifarch %{ix86} x86_64 aarch64 riscv64
 %global want_bootloader 1
 %endif
@ -134,9 +151,9 @@ BuildRequires:  audit-libs-devel
 BuildRequires:  cryptsetup-devel
 %endif
 BuildRequires:  dbus-devel
-BuildRequires:  /usr/sbin/sfdisk
+BuildRequires:  util-linux
 # /usr/bin/getfacl is needed by test-acl-util
-BuildRequires:  /usr/bin/getfacl
+BuildRequires:  acl
 BuildRequires:  libacl-devel
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  libblkid-devel
@ -168,14 +185,18 @@ BuildRequires:  qrencode-devel
 BuildRequires:  libmicrohttpd-devel
 BuildRequires:  libxkbcommon-devel
 BuildRequires:  iptables-devel
 BuildRequires:  pkgconfig(bash-completion)
 BuildRequires:  pkgconfig(libarchive)
 BuildRequires:  pkgconfig(libfido2)
 BuildRequires:  pkgconfig(tss2-esys)
 BuildRequires:  pkgconfig(tss2-rc)
 BuildRequires:  pkgconfig(tss2-mu)
 BuildRequires:  pkgconfig(libbpf)
 BuildRequires:  systemtap-sdt-devel
 %if %{with docs}
 BuildRequires:  libxslt
 BuildRequires:  docbook-style-xsl
 %endif
 BuildRequires:  pkgconfig
 BuildRequires:  gperf
 BuildRequires:  gawk
@ -201,10 +222,9 @@ BuildRequires:  libseccomp-devel
 BuildRequires:  meson >= 0.43
 BuildRequires:  gettext
 # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
 %ifarch %{valgrind_arches}
 BuildRequires:  valgrind-devel
-BuildRequires:  pkgconfig(bash-completion)
+%endif
 BuildRequires:  perl
 BuildRequires:  perl(IPC::SysV)
 %ifnarch %ix86
 # bpftool is not built for i368
@ -248,13 +268,24 @@ Conflicts:      initscripts < 9.56.1
 %if 0%{?fedora}
 Conflicts:      fedora-release < 23-0.12
 %endif
-# Make sure that dracut supports systemd-executor and the renames done for v255
+%if 0%{?fedora} >= 41
 BuildRequires:  setup >= 2.15.0-3
 BuildRequires:  python3
 Conflicts:      setup < 2.15.0-3
 Conflicts:      selinux-policy-any < 41.1
 %endif
 %if 0%{?fedora} >= 41
 # Make sure that dracut supports systemd-executor and the renames done for v255,
 # and dlopen libraries and read-only fs in initrd.
 Conflicts:      dracut < 060-2
 %else
 # Make sure that dracut supports systemd-executor and the renames done for v255.
 Conflicts:      dracut < 059-16
 %endif
 Obsoletes:      timedatex < 0.6-3
 Provides:       timedatex = 0.6-3
 Conflicts:      %{name}-standalone-repart < %{version}-%{release}^
 Provides:       %{name}-repart = %{version}-%{release}
 Conflicts:      %{name}-standalone-tmpfiles < %{version}-%{release}^
 Provides:       %{name}-tmpfiles = %{version}-%{release}
 Conflicts:      %{name}-standalone-sysusers < %{version}-%{release}^
@ -262,6 +293,19 @@ Provides:       %{name}-sysusers = %{version}-%{release}
 Conflicts:      %{name}-standalone-shutdown < %{version}-%{release}^
 Provides:       %{name}-shutdown = %{version}-%{release}
 %if "%{_sbindir}" == "%{_bindir}"
 # Compat symlinks for Requires in other packages.
 # We rely on filesystem to create the symlinks for us.
 Requires:       filesystem(unmerged-sbin-symlinks)
 Provides:       /usr/sbin/halt
 Provides:       /usr/sbin/init
 Provides:       /usr/sbin/poweroff
 Provides:       /usr/sbin/reboot
 Provides:       /usr/sbin/runlevel
 Provides:       /usr/sbin/shutdown
 Provides:       /usr/sbin/telinit
 %endif
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
 Recommends:     libidn2.so.0%{?elf_suffix}
 Recommends:     libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
@ -284,6 +328,17 @@ Recommends:     libelf.so.1(ELFUTILS_1.7)%{?elf_bits}
 Recommends:     libcryptsetup.so.12%{?elf_suffix}
 Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits}
 # Libkmod is used to load modules.
 Recommends:     libkmod.so.2%{?elf_suffix}
 # kmod_list_next, kmod_load_resources, kmod_module_get_initstate,
 # kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup,
 # kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list,
 # kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources
 # are part of LIBKMOD_5.
 Recommends:     libkmod.so.2(LIBKMOD_5)%{?elf_bits}
 Recommends:     libarchive.so.13%{?elf_suffix}
 %description
 systemd is a system and service manager that runs as PID 1 and starts the rest
 of the system. It provides aggressive parallelization capabilities, uses socket
@ -349,9 +404,9 @@ Summary: Rule-based device node and kernel event manager
 License:        LGPL-2.1-or-later
 Requires:       systemd%{_isa} = %{version}-%{release}
-Requires(post):   systemd
+Requires(post):   systemd%{_isa} = %{version}-%{release}
-Requires(preun):  systemd
+Requires(preun):  systemd%{_isa} = %{version}-%{release}
-Requires(postun): systemd
+Requires(postun): systemd%{_isa} = %{version}-%{release}
 Requires(post): grep
 Requires:       kmod >= 18-4
 # https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1
@ -362,6 +417,11 @@ Obsoletes:      udev < 183
 Requires:       (grubby > 8.40-72 if grubby)
 Requires:       (sdubby > 1.0-3 if sdubby)
 # Libkmod is used to load modules. Assume that if we need udevd, we certainly
 # want to load modules, so make this into a hard dependency here.
 Requires:       libkmod.so.2%{?elf_suffix}
 Requires:       libkmod.so.2(LIBKMOD_5)%{?elf_bits}
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
 # used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home
 Recommends:     libcryptsetup.so.12%{?elf_suffix}
@ -392,6 +452,16 @@ Obsoletes:      u2f-hidraw-policy < 1.0.2-40
 # self-obsoletes to install both packages after split of systemd-boot
 Obsoletes:      systemd-udev < 252.2^
 Conflicts:      %{name}-standalone-repart < %{version}-%{release}^
 Provides:       %{name}-repart = %{version}-%{release}
 %if "%{_sbindir}" == "%{_bindir}"
 # Compat symlinks for Requires in other packages.
 # We rely on filesystem to create the symlinks for us.
 Requires:       filesystem(unmerged-sbin-symlinks)
 Provides:       /usr/sbin/udevadm
 %endif
 %description udev
 This package contains systemd-udev and the rules and hardware database needed to
 manage device nodes. This package is necessary on physical machines and in
@ -407,11 +477,19 @@ machine, and to create or grow partitions and make file systems automatically.
 Summary:        Tool to build Unified Kernel Images
 Requires:       %{name} = %{version}-%{release}
 Requires:       systemd-boot
 Requires:       python3dist(pefile)
 Requires:       python3dist(zstd)
 Requires:       python3dist(cryptography)
 Recommends:     python3dist(pillow)
 # for tests
 %ifarch riscv64
 # 2.42 received support for riscv64 + efi targets
 %global binutils_version_req >= 2.42
 %endif
 BuildRequires:  binutils %{?binutils_version_req}
 BuildArch:      noarch
 %description ukify
@ -445,9 +523,9 @@ the version that works with Secure Boot.
 # Name is the same as in Debian
 Summary: Tools for containers and VMs
 Requires:       %{name}%{_isa} = %{version}-%{release}
-Requires(post):   systemd
+Requires(post):   systemd%{_isa} = %{version}-%{release}
-Requires(preun):  systemd
+Requires(preun):  systemd%{_isa} = %{version}-%{release}
-Requires(postun): systemd
+Requires(postun): systemd%{_isa} = %{version}-%{release}
 # obsolete parent package so that dnf will install new subpackage on upgrade (#1260394)
 Obsoletes:      %{name} < 229-5
 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040)
@ -482,6 +560,7 @@ systemd-journal-upload.
 %package networkd
 Summary:        System daemon that manages network configurations
 Requires:       %{name}%{_isa} = %{version}-%{release}
 %{?fedora:Recommends:     %{name}-udev = %{version}-%{release}}
 License:        LGPL-2.1-or-later
 # https://src.fedoraproject.org/rpms/systemd/pull-request/34
 Obsoletes:      systemd < 246.6-2
@ -531,6 +610,7 @@ Requires:      %{name}%{_isa} = %{version}-%{release}
 # This dependency is provided transitively. Also add it explicitly to
 # appease rpminspect, https://github.com/rpminspect/rpminspect/issues/1231:
 Requires:      %{name}-libs%{_isa} = %{version}-%{release}
 Requires:      python3dist(psutil)
 License:       LGPL-2.1-or-later
@ -579,14 +659,14 @@ other libraries from systemd-libs. This package conflicts with the main systemd
 package and is meant for use in exitrds.
 %prep
-%autosetup -n %{?commit:%{name}%[%stable?"-stable":""]-%{commit}}%{!?commit:%{name}%[%stable?"-stable":""]-%{version_no_tilde}} -p1
+%autosetup -n %{?commit:%{name}-%{commit}}%{!?commit:%{name}-%{version_no_tilde}} -p1
 %build
 %global ntpvendor %(source /etc/os-release; echo ${ID})
 %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
 CONFIGURE_OPTS=(
-        -Dmode=release
+        -Dmode=%[%{with upstream}?"developer":"release"]
        -Dsysvinit-path=/etc/rc.d/init.d
        -Drc-local=/etc/rc.d/rc.local
        -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
@ -620,6 +700,7 @@ CONFIGURE_OPTS=(
        -Delfutils=enabled
        -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"]
        -Delfutils=enabled
        -Drepart=enabled
        -Dpwquality=enabled
        -Dqrencode=%[%{defined rhel}?"disabled":"enabled"]
        -Dgnutls=%[%{with gnutls}?"enabled":"disabled"]
@ -641,18 +722,15 @@ CONFIGURE_OPTS=(
        -Ddefault-network=true
        -Dtests=unsafe
        -Dinstall-tests=true
        -Dtty-gid=5
        -Dusers-gid=100
        -Dnobody-user=nobody
        -Dnobody-group=nobody
        -Dcompat-mutable-uid-boundaries=true
        -Dsplit-bin=true
        -Db_lto=%[%{with lto}?"true":"false"]
        -Db_ndebug=false
-        -Dman=enabled
+        -Dman=%[%{with docs}?"enabled":"disabled"]
-        -Dversion-tag=%{version}-%{release}
+        -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""]
        # https://bugzilla.redhat.com/show_bug.cgi?id=1906010
-        -Dshared-lib-tag=%{version_no_tilde}-%{release}
+        -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""]
        -Dfallback-hostname="localhost"
        -Ddefault-dnssec=no
        -Ddefault-dns-over-tls=no
@ -666,23 +744,24 @@ CONFIGURE_OPTS=(
        -Ddefault-user-timeout-sec=45
        -Dconfigfiledir=/usr/lib
        -Doomd=true
        -Dadm-gid=4
-        -Daudio-gid=63
+        -Dtty-gid=5
        -Ddisk-gid=6
        -Dlp-gid=7
        -Dkmem-gid=9
        -Dwheel-gid=10
        -Dcdrom-gid=11
        -Ddialout-gid=18
-        -Ddisk-gid=6
+        -Dutmp-gid=22
-        -Dinput-gid=104
+        -Dtape-gid=33
        -Dkmem-gid=9
        -Dkvm-gid=36
-        -Dlp-gid=7
+        -Dvideo-gid=39
        -Daudio-gid=63
        -Dusers-gid=100
        -Dinput-gid=104
        -Drender-gid=105
        -Dsgx-gid=106
        -Dtape-gid=33
        -Dtty-gid=5
        -Dusers-gid=100
        -Dutmp-gid=22
        -Dvideo-gid=39
        -Dwheel-gid=10
        -Dsystemd-journal-gid=190
        -Dsystemd-network-uid=192
        -Dsystemd-resolve-uid=193
@ -701,15 +780,7 @@ CONFIGURE_OPTS=(
 %global _lto_cflags %nil
 %endif
-# Do configuration. If doing an inplace build, try to do
+{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; }
 # reconfiguration to pick up new options.
 %if %{with inplace}
  command -v ccache 2>/dev/null && { CC="${CC:-ccache %__cc}"; CXX="${CXX:-ccache %__cxx}"; }
  [ -e %{_vpath_builddir}/build.ninja ] &&
  %__meson configure %{_vpath_builddir} "${CONFIGURE_OPTS[@]}" ||
 %endif
 { %meson "${CONFIGURE_OPTS[@]}"; }
 %meson_build
@ -726,8 +797,10 @@ sed -r 's|/system/|/user/|g' %{SOURCE16} >10-timeout-abort.conf.user
 %meson_install
 # udev links
 %if "%{_sbindir}" != "%{_bindir}"
 mkdir -p %{buildroot}/%{_sbindir}
 ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm
 %endif
 # Compatiblity and documentation files
 touch %{buildroot}/etc/crypttab
@ -752,11 +825,13 @@ touch %{buildroot}/etc/systemd/coredump.conf \
      %{buildroot}/etc/udev/udev.conf \
      %{buildroot}/etc/udev/iocost.conf
 install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
 # /etc/initab
-install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5}
+install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6}
 # /etc/sysctl.conf compat
-install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf
+install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf
 ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf
 # Make sure these directories are properly owned
@ -809,21 +884,19 @@ touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock
 touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state
 # Install yum protection fragment
-install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf
+install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf
-install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8}
+install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE8} %{SOURCE9}
 # Install additional docs
 # https://bugzilla.redhat.com/show_bug.cgi?id=1234951
-install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}
+install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10}
 # https://bugzilla.redhat.com/show_bug.cgi?id=1378974
-install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10}
+install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11}
 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
 install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
 # systemd-oomd default configuration
 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14}
 install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15}
@ -850,6 +923,20 @@ install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25}
 ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel
 %if "%{_sbindir}" == "%{_bindir}"
 # Systemd has the split-sbin option which is also used to select the directory
 # for alias symlinks. We need to keep split-sbin=true for now, to support
 # unmerged systems. Move the symlinks here instead.
 mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/
 %endif
 %if 0%{?fedora} >= 41
 # This requires https://pagure.io/setup/pull-request/50
 # and https://src.fedoraproject.org/rpms/setup/pull-request/10.
 %{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf
 rm %{buildroot}/usr/lib/sysusers.d/basic.conf
 %endif
 %find_lang %{name}
 # Split files in build root into rpms
@ -867,33 +954,6 @@ meson test -C %{_vpath_builddir} -t 6 --print-errorlogs
 %post
 systemd-machine-id-setup &>/dev/null || :
 # FIXME: move to %postun. We want to restart systemd *after* removing
 # files from the old rpm. Right now we may still have bits the old
 # setup if the files are not present in the new version. But before
 # implement restarting of *other* services after the transaction, moving
 # this would make things worse, increasing the number of warnings we get
 # about needed daemon-reload.
 systemctl daemon-reexec &>/dev/null || {
  # systemd v239 had bug #9553 in D-Bus authentication of the private socket,
  # which was later fixed in v240 by #9625.
  #
  # The end result is that a `systemctl daemon-reexec` call as root will fail
  # when upgrading from systemd v239, which means the system will not start
  # running the new version of systemd after this post install script runs.
  #
  # To work around this issue, let's fall back to using a `kill -TERM 1` to
  # re-execute the daemon when the `systemctl daemon-reexec` call fails.
  #
  # In order to prevent issues when the reason why the daemon-reexec failed is
  # not the aforementioned bug, let's only use this fallback when:
  #   - we're upgrading this RPM package; and
  #   - we confirm that systemd is running as PID1 on this system.
  if [ $1 -gt 1 ] && [ -d /run/systemd/system ] ; then
    kill -TERM 1 &>/dev/null || :
  fi
 }
 [ $1 -eq 1 ] || exit 0
 # create /var/log/journal only on initial installation,
@ -915,41 +975,28 @@ systemctl preset-all &>/dev/null || :
 systemctl --global preset-all &>/dev/null || :
 %postun
-if [ $1 -eq 1 ]; then
+if [ $1 -ge 1 ]; then
-   [ -w %{_localstatedir} ] && journalctl --update-catalog || :
+  [ -w %{_localstatedir} ] && journalctl --update-catalog || :
-   systemd-tmpfiles --create &>/dev/null || :
+
  systemctl daemon-reexec || :
  systemd-tmpfiles --create &>/dev/null || :
 fi
 %systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service
 # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
-# This is the explanded form of %%systemd_user_daemon_reexec. We
+# This is the expanded form of %%systemd_user_daemon_reexec. We
 # can't use the macro because we define it ourselves.
 if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
    # Package upgrade, not uninstall
    /usr/lib/systemd/systemd-update-helper user-reexec || :
 fi
-%triggerun resolved -- systemd < 246.1-1
+%triggerun -- systemd < 256
-# This is for upgrades from previous versions before systemd-resolved became the default.
+# This is for upgrades from previous versions before systemd restart was moved to %%postun
-systemctl --no-reload preset systemd-resolved.service &>/dev/null || :
+systemctl daemon-reexec || :
 if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
  systemctl -q is-enabled NetworkManager.service 2>/dev/null && \
  ! test -L /etc/resolv.conf 2>/dev/null && \
  ! mountpoint /etc/resolv.conf &>/dev/null && \
  grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \
  echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \
  mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \
  ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || :
  systemctl start systemd-resolved.service &>/dev/null || :
 fi
 %triggerun -- systemd < 247.3-2
 # This is for upgrades from previous versions before oomd-defaults is available.
 systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
 %triggerpostun -- systemd < 253~rc1-2
 # This is for upgrades from previous versions where systemd-journald-audit.socket
@ -968,7 +1015,7 @@ if [ -L %{_localstatedir}/lib/systemd/timesync ]; then
    rm %{_localstatedir}/lib/systemd/timesync
    mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync
 fi
-if [ -f %{_localstatedir}/lib/systemd/clock ] ; then
+if [ -f %{_localstatedir}/lib/systemd/clock ]; then
    mkdir -p %{_localstatedir}/lib/systemd/timesync
    mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/.
 fi
--- a/test_sysusers_defined.py
+++ b/test_sysusers_defined.py
@ -0,0 +1,34 @@
 #!/usr/bin/python
 import sys
 def parse_sysusers_file(filename):
    users, groups = set(), set()
    for line in open(filename):
        line = line.strip()
        if not line or line.startswith('#'):
            continue
        words = line.split()
        match words[0]:
            case 'u':
                users.add(words[1])
            case 'g':
                groups.add(words[1])
            case 'm'|'r':
                continue
            case _:
                assert False
    return users, groups
 setup_users, setup_groups = parse_sysusers_file(sys.argv[1])
 setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2])
 setup_users |= setup_users2
 setup_groups |= setup_groups2
 basic_users, basic_groups = parse_sysusers_file(sys.argv[3])
 if d := basic_users - setup_users:
    exit(f'We have new users: {d}')
 if d := basic_groups - setup_groups:
    exit(f'We have new groups: {d}')
`@ -1 +1 @@`
	`SHA512 (systemd-255.3.tar.gz) = c2868a53df2176649b0d0c94e5d451c46ba783bcdbc89ce12434ed2d11dba44b4854ffe4c2430f3f64eef2e214cbb51d5f740170afbd9edd66761a8851157453`	`SHA512 (systemd-256.1.tar.gz) = 5441f634f43b726c13fe57d1ba0030f1b91427d7c2d4f4f32e4add8ff93aeb5139e9337422653df3b897c241e0a8760dafcd441dc622d1e2c1230bbe27dd1a1c`