From ded8790b389daa9ec947d7f34de64d931ec33d7d Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 19:04:18 +0000 Subject: [PATCH] import UBI systemd-257-9.el10_0.1 --- sources | 2 +- systemd-journal-gatewayd.xml | 6 + systemd-journal-remote.xml | 6 + systemd-resolved.sysusers | 8 + systemd-udev-trigger-no-reload.conf | 3 + systemd.spec | 1570 +++++++++++++++++++++++++++ sysusers.attr | 2 + sysusers.generate-pre.sh | 96 ++ sysusers.prov | 61 ++ test_sysusers_defined.py | 34 + triggers.systemd | 87 ++ yum-protect-systemd.conf | 2 + 12 files changed, 1876 insertions(+), 1 deletion(-) create mode 100644 systemd-journal-gatewayd.xml create mode 100644 systemd-journal-remote.xml create mode 100644 systemd-resolved.sysusers create mode 100644 systemd-udev-trigger-no-reload.conf create mode 100644 systemd.spec create mode 100644 sysusers.attr create mode 100755 sysusers.generate-pre.sh create mode 100755 sysusers.prov create mode 100755 test_sysusers_defined.py create mode 100644 triggers.systemd create mode 100644 yum-protect-systemd.conf diff --git a/sources b/sources index c01b6be..10b97c7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-257.tar.gz) = 838105eec6c8d5e1bfde8942eda8903ee5f0ebd86ede4c9d545ff3c608c584011b42bf7663c30272d0d23b7b8862419b915cfeaef22bcef244a55197e388d61c +SHA512 (systemd-257.tar.gz) = b8cd23ed1a5dff1894f33a831413f9805b2b7bafe93046f163aa4c1c8b929365785d0c04a4c758823624a7536d2a47c8fafae659dd41d4440ddace3d88bb1ff7 diff --git a/systemd-journal-gatewayd.xml b/systemd-journal-gatewayd.xml new file mode 100644 index 0000000..a1b400c --- /dev/null +++ b/systemd-journal-gatewayd.xml @@ -0,0 +1,6 @@ + + + systemd-journal-gatewayd + Journal Gateway Service + + diff --git a/systemd-journal-remote.xml b/systemd-journal-remote.xml new file mode 100644 index 0000000..e115a12 --- /dev/null +++ b/systemd-journal-remote.xml @@ -0,0 +1,6 @@ + + + systemd-journal-remote + Journal Remote Sink + + diff --git a/systemd-resolved.sysusers b/systemd-resolved.sysusers new file mode 100644 index 0000000..37ccb7a --- /dev/null +++ b/systemd-resolved.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-resolve 193 "systemd Resolver" \ No newline at end of file diff --git a/systemd-udev-trigger-no-reload.conf b/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000..c879427 --- /dev/null +++ b/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/systemd.spec b/systemd.spec new file mode 100644 index 0000000..88a217b --- /dev/null +++ b/systemd.spec @@ -0,0 +1,1570 @@ +#global commit 1781de18ab8ebc3e42a607851d8effb3b0355c87 +%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} + +# We ship a .pc file but don't want to have a dep on pkg-config. We +# strip the automatically generated dep here and instead co-own the +# directory. +%global __requires_exclude pkg-config + +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user + +%if 0%{?__isa_bits} == 64 +%global elf_bits (64bit) +%global elf_suffix ()%{elf_bits} +%endif + +%bcond bzip2 1 +%bcond gnutls 1 +%bcond lz4 1 +%bcond xz 1 +%bcond zlib 1 +%bcond zstd 1 + +# Bootstrap may be needed to break circular dependencies with cryptsetup, +# e.g. when re-building cryptsetup on a json-c SONAME-bump. +%bcond bootstrap 0 +%bcond tests 1 +%bcond lto 1 +%bcond docs 1 + +# Build from git main +%bcond upstream 0 + +# When bootstrap, libcryptsetup is disabled +# but auto-features causes many options to be turned on +# that depend on libcryptsetup (e.g. libcryptsetup-plugins) +%if %{with bootstrap} +%global __meson_auto_features disabled +%endif + +# Override %%autorelease. This is ugly, but rpmautospec doesn't implement +# autorelease correctly if the macro is conditionalized in the Release field. +%{?release_override:%global autorelease %{release_override}%{?dist}} + +Name: systemd +Url: https://systemd.io +# Allow users to specify the version and release when building the rpm by +# setting the %%version_override and %%release_override macros. +Version: %{?version_override}%{!?version_override:257} +Release: 9%{?dist}.1 + +%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) + +# For a breakdown of the licensing, see README +License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later +Summary: System and Service Manager + +# download tarballs with "spectool -g systemd.spec" +%if %{defined commit} +Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz +%else +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%endif +# This file must be available before %%prep. +# It is generated during systemd build and can be found in build/src/core/. +Source1: triggers.systemd +Source2: split-files.py +Source3: purge-nobody-user +Source4: test_sysusers_defined.py + +# Prevent accidental removal of the systemd package +Source5: yum-protect-systemd.conf + +Source6: inittab +Source7: sysctl.conf.README +Source8: systemd-journal-remote.xml +Source9: systemd-journal-gatewayd.xml +Source10: 20-yama-ptrace.conf +Source11: systemd-udev-trigger-no-reload.conf +# https://fedoraproject.org/wiki/How_to_filter_libabigail_reports +Source13: .abignore + +Source14: 10-oomd-defaults.conf +Source15: 10-oomd-per-slice-defaults.conf + +Source17: 10-map-count.conf + +Source21: macros.sysusers +Source22: sysusers.attr +Source23: sysusers.prov +Source24: sysusers.generate-pre.sh + +Source25: 98-default-mac-none.link + +Source26: rc.local +Source27: systemd-resolved.sysusers + +%if 0 +GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable +i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py >hwdb.patch +%endif + +# Backports of patches from upstream (0000–0499) +# +# Any patches which are "in preparation" upstream should be listed here, rather +# than in the next section. Packit CI will drop any patches in this range before +# applying upstream pull requests. + +# RHEL-specific +Patch0001: 0001-Create-CNAME.patch +Patch0002: 0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch +Patch0003: 0003-test-modernize-generate-sym-test.py.patch +Patch0004: 0004-test-also-generate-list-of-symbols-from-header-files.patch +Patch0005: 0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch +Patch0006: 0006-analyze-tab-fix.patch +Patch0007: 0007-analyze-add-missing-mask-option-to-help-text.patch +Patch0008: 0008-test-set-nsec3-salt-length-8-in-knot.conf.patch +Patch0009: 0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch +Patch0010: 0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch +Patch0011: 0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch +Patch0012: 0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch +Patch0013: 0013-man-document-unprivileged-is-not-for-reading-propert.patch +Patch0014: 0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch +Patch0015: 0015-Fixing-VLAN-ranges-in-man-systemd.network.patch +Patch0016: 0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch +Patch0017: 0017-man-update-example-in-systemd-measure.xml-35506.patch +Patch0018: 0018-systemd-cryptenroll.xml-fix-typo.patch +Patch0019: 0019-semaphore-skip-some-tests.patch +Patch0020: 0020-shell-completion-add-systemd-creds.patch +Patch0021: 0021-core-fix-loading-verity-settings-for-MountImages.patch +Patch0022: 0022-test-add-more-coverage-for-extensions-and-verity.patch +Patch0023: 0023-README-drop-CentOS-CI-badges.patch +Patch0024: 0024-meson.version-change-to-257.1.patch +Patch0025: 0025-journalctl-honor-quiet-with-setup-keys.patch +Patch0026: 0026-dbus-log-disconnect-on-api-and-system-busses.patch +Patch0027: 0027-manager-add-list-of-subscribers-to-dump-info.patch +Patch0028: 0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch +Patch0029: 0029-mkosi-Fix-opensuse-build.patch +Patch0030: 0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch +Patch0031: 0031-battery-check-parse-options-before-checking-for-kern.patch +Patch0032: 0032-test-loop-block-return-77-on-skip-in-more-places.patch +Patch0033: 0033-mkosi-update-debian-commit-reference.patch +Patch0034: 0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch +Patch0035: 0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch +Patch0036: 0036-tmpfiles-reduce-quoting-in-warning-message.patch +Patch0037: 0037-semaphore-bump-timeout.patch +Patch0038: 0038-Revert-semaphore-skip-some-tests.patch +Patch0039: 0039-mkosi-fix-section-for-WithNetwork.patch +Patch0040: 0040-test-time-util-fix-truncation-of-usec-to-sec.patch +Patch0041: 0041-network-don-t-warn-with-no-NSID-assigned.patch +Patch0042: 0042-TEST-35-LOGIN-check-only-tty-session.patch +Patch0043: 0043-test-README-Environment-setting-for-mkosi-should-be-.patch +Patch0044: 0044-mkosi-temporarily-disable-panic_on_warn.patch +Patch0045: 0045-networkd-show-wireguard-private-key-read-error-numbe.patch +Patch0046: 0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch +Patch0047: 0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch +Patch0048: 0048-mkosi-Fix-tools-image-package-name.patch +Patch0049: 0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch +Patch0050: 0050-resolved-if-one-transaction-completes-expect-other-t.patch +Patch0051: 0051-man-Document-generator-sandbox-environment.patch +Patch0052: 0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch +Patch0053: 0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch +Patch0054: 0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch +Patch0055: 0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch +Patch0056: 0056-mkosi-move-config-options.patch +Patch0057: 0057-mkosi-Update-to-latest.patch +Patch0058: 0058-mkosi-Add-gdb-to-tools-tree.patch +Patch0059: 0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch +Patch0060: 0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch +Patch0061: 0061-mkosi-Use-tools-tree-by-default.patch +Patch0062: 0062-mkosi-Use-build-as-extra-search-path-by-default.patch +Patch0063: 0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch +Patch0064: 0064-mkosi.clangd-Fail-on-command-errors.patch +Patch0065: 0065-docs-Simplify-hacking-documentation.patch +Patch0066: 0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch +Patch0067: 0067-docs-Use-meson-compile-instead-of-ninja.patch +Patch0068: 0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch +Patch0069: 0069-mkosi-update-opensuse-spec-repo-commit.patch +Patch0070: 0070-mkosi-update-openSUSE-commit-reference.patch +Patch0071: 0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch +Patch0072: 0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch +Patch0073: 0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch +Patch0074: 0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch +Patch0075: 0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch +Patch0076: 0076-mkosi-Add-docbook-tools.patch +Patch0077: 0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch +Patch0078: 0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch +Patch0079: 0079-mkosi-Update-to-latest.patch +Patch0080: 0080-mkosi-Make-path-exclude-more-generic.patch +Patch0081: 0081-packit-Move-fmf-metadata-into-upstream.patch +Patch0082: 0082-mkosi-replace-deprecated-settings-and-command-with-n.patch +Patch0083: 0083-mkosi-Migrate-more-deprecated-options.patch +Patch0084: 0084-ci-Rename-qemu-variable-to-vm.patch +Patch0085: 0085-fmf-Insist-on-mkosi-sha-being-available.patch +Patch0086: 0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch +Patch0087: 0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch +Patch0088: 0088-repart-Use-streq_ptr.patch +Patch0089: 0089-sd-device-add-missing-debugging-log.patch +Patch0090: 0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch +Patch0091: 0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch +Patch0092: 0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch +Patch0093: 0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch +Patch0094: 0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch +Patch0095: 0095-machine-GC-machine-when-no-leader-PID-is-set.patch +Patch0096: 0096-creds-fix-use-after-free-in-varlink-interface.patch +Patch0097: 0097-core-unit-serialize-fix-serialization-of-markers.patch +Patch0098: 0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch +Patch0099: 0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch +Patch0100: 0100-mkosi-Install-which-in-build-image.patch +Patch0101: 0101-packit-Simplify-configuration.patch +Patch0102: 0102-fmf-Check-out-target-branch-in-packit.patch +Patch0103: 0103-stdio-bridge-fix-polled-fds.patch +Patch0104: 0104-Revert-mkosi-Fix-opensuse-build.patch +Patch0105: 0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch +Patch0106: 0106-obs-also-trigger-Fedora-package-builds.patch +Patch0107: 0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch +Patch0108: 0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch +Patch0109: 0109-journalctl-make-invocation-and-list-invocations-acce.patch +Patch0110: 0110-meson-bump-version-to-257.2.patch +Patch0111: 0111-fmf-Don-t-fail-if-we-can-t-put-selinux-in-permissive.patch +Patch0112: 0112-fmf-Fix-dist-git-example.patch +Patch0113: 0113-fmf-Fix-glob.patch +Patch0114: 0114-fmf-Only-mess-with-etc-yum.repos.d-when-running-with.patch +Patch0115: 0115-fmf-Dump-CPU-and-memory-information.patch +Patch0116: 0116-TEST-06-SELINUX-Add-knob-to-allow-checking-for-AVCs.patch +Patch0117: 0117-fmf-Force-SELinux-relabel-when-running-within-testin.patch +Patch0118: 0118-test-Drop-set-x-from-integration-test-setup.sh.patch +Patch0119: 0119-test-Only-plug-in-integration-test-setup.sh-in-inter.patch +Patch0120: 0120-mkosi-Re-enable-TEST-21-DFUZZER-when-running-with-sa.patch +Patch0121: 0121-fmf-Move-meson-logs-and-failed-test-journals-to-test.patch +Patch0122: 0122-fmf-Log-clock-source.patch +Patch0123: 0123-tree-wide-Fix-python-formatting.patch +Patch0124: 0124-test-Add-option-to-save-in-progress-test-journals-to.patch +Patch0125: 0125-test-Don-t-register-machines-with-machined-unless-we.patch +Patch0126: 0126-test-Move-StateDirectory-directive-into-dropin.patch +Patch0127: 0127-fmf-Bump-inotify-limits-to-avoid-systemd-nspawn-fail.patch +Patch0128: 0128-fmf-Use-different-heuristic-on-beefy-systems.patch +Patch0129: 0129-fmf-Skip-TEST-21-DFUZZER.patch +Patch0130: 0130-test-Fix-bug-in-integration-test-wrapper.patch +Patch0131: 0131-test-Only-move-journal-file-if-we-didn-t-just-unlink.patch +Patch0132: 0132-fmf-Only-move-logs-if-corresponding-directory-exists.patch +Patch0133: 0133-mkosi-Install-libxslt-on-CentOS-Fedora-instead-of-xs.patch +Patch0134: 0134-man-Clarify-systemd-notify-and-sd_notify-PID-documen.patch +Patch0135: 0135-mkosi-Update-to-latest.patch +Patch0136: 0136-test-Drop-sandbox-from-integration-test-wrapper.patch +Patch0137: 0137-ci-Stop-archiving-packages.patch +Patch0138: 0138-sbsign-Make-two-debug-logs-into-error-logs.patch +Patch0139: 0139-sbsign-Make-sure-output-file-mode-respects-umask.patch +Patch0140: 0140-mkosi-Don-t-set-ToolsTreeRepositories-for-CentOS-Str.patch +Patch0141: 0141-mkosi-Update-to-latest.patch +Patch0142: 0142-mkosi-Use-a-bigger-variety-of-tools-tree-distributio.patch +Patch0143: 0143-mkosi-lcov-and-shellcheck-are-not-in-EPEL-10.patch +Patch0144: 0144-mkosi-Don-t-set-O-orphan_file-in-centos-stream-9-too.patch +Patch0145: 0145-mkosi-Run-more-commands-as-root.patch +Patch0146: 0146-test-Look-for-qemu-in-usr-libexec-qemu-kvm-as-well.patch +Patch0147: 0147-TEST-74-AUX-UTILS-Move-run0-pcrlock-test-to-TEST-70-.patch +Patch0148: 0148-test-Make-sure-we-run-lcov-from-the-meson-source-dir.patch +Patch0149: 0149-mkosi-Run-two-more-mkosi-commands-with-sudo.patch +Patch0150: 0150-mkosi-Update-to-latest.patch +Patch0151: 0151-mkosi-Add-back-preserve-env-when-running-integration.patch +Patch0152: 0152-mkosi-Drop-usage-of-_systemd_QUIET-in-arch-build-scr.patch +Patch0153: 0153-HACKING-Move-OBS-section-further-down.patch +Patch0154: 0154-docs-HACKING-use-run0-to-indicate-which-commands-req.patch +Patch0155: 0155-HACKING-Drop-run0-from-mkosi-boot-invocation.patch +Patch0156: 0156-boot-Improve-log-message.patch +Patch0157: 0157-efivars-deal-with-uncommitted-efi-variables.patch +Patch0158: 0158-core-device-do-not-drop-backslashes-in-SYSTEMD_WANTS.patch +Patch0159: 0159-test-add-test-cases-for-parsing-SYSTEMD_WANTS-SYSTEM.patch +Patch0160: 0160-process-util-do-not-unblock-unrelated-signals-while-.patch +Patch0161: 0161-stub-drop-PE-sections-parsing-cap.patch +Patch0162: 0162-bus-wait-for-jobs-fix-service-result-table.patch +Patch0163: 0163-man-also-fix-documentation-of-start-limit-hit.patch +Patch0164: 0164-varlink-fix-error-name.patch +Patch0165: 0165-core-job-never-consider-reload-jobs-redundant.patch +Patch0166: 0166-mount-util-make-path_get_mount_info_at-also-read-uta.patch +Patch0167: 0167-machine-revert-type-change-of-leader-in-io.systemd.M.patch +Patch0168: 0168-resolved-do-not-disable-mdns-llmnr-globally-if-it-s-.patch +Patch0169: 0169-resolved-stop-mdns-llmnr-if-no-interface-request-it-.patch +Patch0170: 0170-man-fix-reference-to-non-existing-ukify-parameter.patch +Patch0171: 0171-ukify-add-loongarch64-to-efi-arch.patch +Patch0172: 0172-ukify-add-riscv32-to-efi-arch.patch +Patch0173: 0173-tools-add-loongarch64-to-debug-sd-boot-script.patch +Patch0174: 0174-systemctl-fix-memleak.patch +Patch0175: 0175-random-util-fix-compilation-error.patch +Patch0176: 0176-mkosi-Update-to-latest.patch +Patch0177: 0177-mkosi-Bump-minimum-version-to-25.patch +Patch0178: 0178-mkosi-Add-VCS_TAG-to-PassEnvironment.patch +Patch0179: 0179-mkosi-add-loongarch64-to-Debian-s-list-of-EFI-arches.patch +Patch0180: 0180-kbd-model-map-add-a-georgian-mapping.patch +Patch0181: 0181-core-add-trigger-to-path-unit-debug-log.patch +Patch0182: 0182-test-cleanup-after-testcase_12_resolvectl2.patch +Patch0183: 0183-test-install-stub-package-for-test-ukify-unit-test.patch +Patch0184: 0184-test-use-local-stub-if-available-in-test-ukify.patch +Patch0185: 0185-test-support-slow-test-ukify-on-Debian-Ubuntu.patch +Patch0186: 0186-man-Update-nss-myhostname.xml-to-reflect-files.patch +Patch0187: 0187-ukify-Fix-two-typing-issues.patch +Patch0188: 0188-meson-generate-keyboard-keys-list-from-local-input.h.patch +Patch0189: 0189-Fix-inversion-of-timesyncd_usec-epoch_usec-variables.patch +Patch0190: 0190-pe-do-not-warn-about-.initrd-addons.patch +Patch0191: 0191-Fix-tense-in-SD_MESSAGE_SHUTDOWN_STR.patch +Patch0192: 0192-firstboot-fix-crash-when-hostname-question-is-skippe.patch +Patch0193: 0193-build-deps-bump-coverallsapp-github-action-from-2.3..patch +Patch0194: 0194-build-deps-bump-softprops-action-gh-release-from-2.1.patch +Patch0195: 0195-build-deps-bump-super-linter-super-linter-from-7.1.0.patch +Patch0196: 0196-homectl-Fix-empty-checks.patch +Patch0197: 0197-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch +Patch0198: 0198-sysupdate-Update-example-mode-to-644-instead-of-444.patch +Patch0199: 0199-meson-add-install-tag-for-systemctl.patch +Patch0200: 0200-test-Drop-Dremote-enabled-instructions-from-readme.patch +Patch0201: 0201-test-Move-NO_BUILD-instructions-to-a-separate-sectio.patch +Patch0202: 0202-test-Move-external-packages-section-down-and-reword-.patch +Patch0203: 0203-repart-Don-t-fail-when-we-re-unable-to-read-file-att.patch +Patch0204: 0204-homectl-fix-typo-in-help-text.patch +Patch0205: 0205-homectl-fix-typo-in-man-page.patch +Patch0206: 0206-resolved-fix-DNSSEC-missing-key-error.patch +Patch0207: 0207-docs-Add-an-examples-for-command-line-access.patch +Patch0208: 0208-mkosi-Only-make-build-sources-ephemeral-if-NO_BUILD-.patch +Patch0209: 0209-vmspawn-ignore-failure-from-sshd-vsock-unit.patch +Patch0210: 0210-mkosi-extend-util-linux-script-config-drop-in-to-F43.patch +Patch0211: 0211-meson-Skip-getent-when-it-s-not-found.patch +Patch0212: 0212-meson-also-skip-uid-gid-check-for-nobody-user-group-.patch +Patch0213: 0213-core-namespace-relabel-bind-mount-source-based-on-th.patch +Patch0214: 0214-mkosi-Install-strace-in-build-image.patch +Patch0215: 0215-mkosi-Fix-section-for-BuildSourcesEphemeral.patch +Patch0216: 0216-mkosi-Work-around-regression-in-opensuse-rpm-4.20-re.patch +Patch0217: 0217-userdbctl-don-t-expect-argument-to-fuzzy.patch +Patch0218: 0218-userdb-reset-errno-before-getpwent.patch +Patch0219: 0219-network-routing-policy-rule-fix-compare-func.patch +Patch0220: 0220-test-network-add-test-case-for-issue-35874.patch +Patch0221: 0221-network-allow-to-configure-routing-policy-rule-even-.patch +Patch0222: 0222-test-network-add-test-case-for-requesting-routing-po.patch +Patch0223: 0223-meson-allow-to-customize-the-access-mode-for-tty-pts.patch +Patch0224: 0224-meson-fix-suite-of-alignment-check-tests.patch +Patch0225: 0225-hwdb-Make-remote-controllable-lights-work-out-of-the.patch +Patch0226: 0226-hwdb-update-to-main-2025-02-07.patch +Patch0227: 0227-udevadm-test-fix-gid-check.patch +Patch0228: 0228-update-utmp-do-not-give-up-if-the-first-attempt-at-c.patch +Patch0229: 0229-bootctl-fix-potential-uninitialized-memory-access.patch +Patch0230: 0230-bootctl-also-shown-whether-stub-loader-partition-dat.patch +Patch0231: 0231-bootctl-suppress-output-of-empty-partition-info-if-w.patch +Patch0232: 0232-bootctl-minor-reordering-of-fields-in-output.patch +Patch0233: 0233-missing_sched-add-CLONE_PIDFD.patch +Patch0234: 0234-stub-Mention-that-VirtualSize-should-be-SizeOfRawDat.patch +Patch0235: 0235-import-pubring.gpg-add-openSUSE-build-key.patch +Patch0236: 0236-import-update-to-current-fedora-keyring.patch +Patch0237: 0237-ukify-do-not-fail-if-pefile-complains-about-hardcode.patch +Patch0238: 0238-tmpfiles-fix-copypasta-in-create_symlink-FIFO-symlin.patch +Patch0239: 0239-udev-worker-add-debugging-log-about-success-of-flock.patch +Patch0240: 0240-udev-watch-mention-that-the-failure-is-ignored.patch +Patch0241: 0241-udev-watch-do-not-try-to-remove-invalid-watch-handle.patch +Patch0242: 0242-login-Continue-watching-leader-pidfd-after-stop.patch +Patch0243: 0243-login-Queue-session-for-garbage-collection-on-leader.patch +Patch0244: 0244-ukify-print-debug-progress-messages-to-stderr.patch +Patch0245: 0245-ukify-Calculate-section-size-more-correctly.patch +Patch0246: 0246-mkosi-Update-to-latest.patch +Patch0247: 0247-core-condition-fix-segfault-when-key-not-found-in-os.patch +Patch0248: 0248-meson-bump-version-to-257.3.patch +Patch0249: 0249-ci-update-workflows-to-run-on-source-git-setup.patch +Patch0250: 0250-ci-setup-source-git-automation.patch +Patch0251: 0251-ci-reconfigure-Packit-for-RHEL-10.patch +Patch0252: 0252-journal-again-create-user-journals-for-users-with-hi.patch +Patch0253: 0253-tmpfiles-make-purge-hard-to-mis-use.patch +Patch0254: 0254-fedora-use-system-auth-in-pam-systemd-user.patch +Patch0255: 0255-net-naming-scheme-start-rhel10-naming-and-include-rh.patch +Patch0256: 0256-rules-copy-40-redhat.rules-from-RHEL-9.patch +Patch0257: 0257-logind-set-RemoveIPC-to-false-by-default.patch +Patch0258: 0258-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch +Patch0259: 0259-rc-local-order-after-network-online.target.patch +Patch0260: 0260-random-util-increase-random-seed-size-to-1024.patch +Patch0261: 0261-journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0262: 0262-journald.conf-don-t-touch-current-audit-settings.patch +Patch0263: 0263-rules-add-elevator-kernel-command-line-parameter.patch +Patch0264: 0264-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0265: 0265-udev-net-setup-link-change-the-default-MACAddressPol.patch +Patch0266: 0266-core-decrease-log-level-of-messages-about-use-of-Kil.patch +Patch0267: 0267-taint-remove-unmerged-bin.patch +Patch0268: 0268-presets-remove-resolved.patch +Patch0269: 0269-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch +Patch0270: 0270-taint-remove-unused-variable-usr_sbin.patch +Patch0271: 0271-packit-drop-the-libarchive-workaround.patch +Patch0272: 0272-coredump-by-default-process-and-store-core-files-up-.patch +Patch0273: 0273-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0274: 0274-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0275: 0275-units-add-Install-section-to-tmp.mount.patch +Patch0276: 0276-units-don-t-enable-tmp.mount-statically-in-local-fs..patch +Patch0277: 0277-netif-naming-scheme-add-rhel-9.5-scheme.patch +Patch0278: 0278-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch +Patch0279: 0279-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch +Patch0280: 0280-netif-naming-scheme-introduce-rhel-10.0-scheme.patch +Patch0281: 0281-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch +Patch0282: 0282-ci-use-ubuntu-22-04-for-deploy-of-man-pages.patch +Patch0283: 0283-ci-fix-Packit.patch +Patch0284: 0284-ci-drop-testing-farm-test.patch +Patch0285: 0285-dbus-stash-the-subscriber-list-when-we-disconenct-fr.patch +Patch0286: 0286-manager-s-deserialized_subscribed-subscribed_as_strv.patch +Patch0287: 0287-shared-bus-util-move-bus_message_read_id128-to-bus-m.patch +Patch0288: 0288-shared-bus-util-move-bus_message_hash_ops-to-bus-mes.patch +Patch0289: 0289-shared-bus-util-move-string-set-append-get-funcs-to-.patch +Patch0290: 0290-shared-serialize-make-input-params-const.patch +Patch0291: 0291-shared-serialize-introduce-serialize_id128.patch +Patch0292: 0292-bus-util-do-not-reset-the-count-returned-by-sd_bus_t.patch +Patch0293: 0293-core-manager-use-FOREACH_ARRAY-at-one-more-place.patch +Patch0294: 0294-core-manager-drop-duplicate-bus-track-deserializatio.patch +Patch0295: 0295-bus-util-introduce-bus_get_instance_id.patch +Patch0296: 0296-core-serialize-API-bus-id-and-validate-before-deseri.patch +Patch0297: 0297-core-manager-restore-bus-track-deserialization-clean.patch +Patch0298: 0298-shared-bus-util-add-missing-set.h-include.patch +Patch0299: 0299-udevadm-test-add-missing-oom-check.patch +Patch0300: 0300-udev-rules-replace-type-func-type-func.patch +Patch0301: 0301-udev-rules-do-not-change-maximum-log-level-when-runn.patch +Patch0302: 0302-udevadm-test-introduce-v-verbose-option-to-show-verb.patch +Patch0303: 0303-udev-rules-show-original-token-string-in-log_event_e.patch +Patch0304: 0304-udev-rules-logs-result-of-format-substitution.patch +Patch0305: 0305-udev-rules-add-more-trace-logs-for-string-match.patch +Patch0306: 0306-udev-rules-introduce-udev_replace_chars_and_log.patch +Patch0307: 0307-udev-rules-ignore-whole-command-result-if-it-is-too-.patch +Patch0308: 0308-udev-rules-update-log-messages.patch +Patch0309: 0309-udev-rules-add-trace-logs-for-GOTO-and-parent-condit.patch +Patch0310: 0310-udev-move-enums-to-udev-def.h.patch +Patch0311: 0311-udev-move-listen_fds-to-udev-manager.c.patch +Patch0312: 0312-udev-several-coding-style-fixes.patch +Patch0313: 0313-udev-builtin-make-udev_builtin_add_property-and-frie.patch +Patch0314: 0314-udev-introduce-reference-counter-for-UdevEvent.patch +Patch0315: 0315-udev-net-make-Link-object-take-reference-to-UdevEven.patch +Patch0316: 0316-udev-move-parsers-for-config-file-kerenel-command-li.patch +Patch0317: 0317-udev-config-introduce-UdevConfig.patch +Patch0318: 0318-udev-reload-.rules-files-and-builtins-only-when-nece.patch +Patch0319: 0319-udev-also-reload-udev.conf-when-explicitly-requested.patch +Patch0320: 0320-TEST-17-use-udevadm-control-reload-or-systemctl-relo.patch +Patch0321: 0321-udevd-add-missing-header-for-glibc-2.34.patch +Patch0322: 0322-meson-sort-source-files.patch +Patch0323: 0323-sd-json-introduce-json_dispatch_log_level.patch +Patch0324: 0324-varlink-invert-uid-check-to-reduce-call-of-getuid.patch +Patch0325: 0325-string-util-modernize-split_pair.patch +Patch0326: 0326-udev-split-manager_init-and-manager_main-into-small-.patch +Patch0327: 0327-udev-config-split-on_ctrl_msg-into-small-pieces.patch +Patch0328: 0328-udev-introduce-udev_property_name_is_valid-and-frien.patch +Patch0329: 0329-udev-ctrl-refuse-ENV-control-message-with-invalid-en.patch +Patch0330: 0330-varlink-add-comments-for-io.systemd.service-interfac.patch +Patch0331: 0331-sd-varlink-introduce-sd_varlink_get_current_method.patch +Patch0332: 0332-TEST-17-UDEV-wait-for-udevd-being-restarted-after-ex.patch +Patch0333: 0333-udev-make-worker-event-source-take-file-descriptor.patch +Patch0334: 0334-udev-dump-split-out-dump_event-from-udevadm-test.c.patch +Patch0335: 0335-udev-rules-introduce-OPTIONS-dump-token.patch +Patch0336: 0336-udev-control-move-setting-of-log-level-to-manager_ad.patch +Patch0337: 0337-udev-config-allow-to-enable-trace-logging-through-ke.patch +Patch0338: 0338-udev-dump-voidify-one-function-call.patch +Patch0339: 0339-udev-dump-also-show-written-sysfs-attributes-and-sys.patch +Patch0340: 0340-udevadm-test-allow-to-specify-extra-directories-to-l.patch +Patch0341: 0341-shell-completion-udevadm-add-net_driver.patch +Patch0342: 0342-udev-sort-builtins.patch +Patch0343: 0343-udev-rules-log-the-first-line-number-when-continued.patch +Patch0344: 0344-chase-introduce-flags-that-verify-that-chased-inode-.patch +Patch0345: 0345-udevadm-verify-chase-specified-paths.patch +Patch0346: 0346-bash-completion-udevadm-verify-suggest-found-udev-ru.patch +Patch0347: 0347-udevadm-introduce-cat-command.patch + +# Downstream-only patches (9000–9999) + +%ifarch %{ix86} x86_64 aarch64 riscv64 +%global want_bootloader 1 +%endif + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: clang +BuildRequires: coreutils +BuildRequires: git-core +BuildRequires: libcap-devel +BuildRequires: libmount-devel +BuildRequires: libfdisk-devel +BuildRequires: libpwquality-devel +BuildRequires: pam-devel +BuildRequires: libselinux-devel +BuildRequires: audit-libs-devel +%if %{without bootstrap} +BuildRequires: cryptsetup-devel +%endif +BuildRequires: dbus-devel +BuildRequires: util-linux +# /usr/bin/getfacl is needed by test-acl-util +BuildRequires: acl +BuildRequires: libacl-devel +BuildRequires: gobject-introspection-devel +BuildRequires: libblkid-devel +%if %{with xz} +BuildRequires: xz-devel +BuildRequires: xz +%endif +%if %{with lz4} +BuildRequires: lz4-devel +BuildRequires: lz4 +%endif +%if %{with bzip2} +BuildRequires: bzip2-devel +%endif +%if %{with zstd} +BuildRequires: libzstd-devel +%endif +BuildRequires: libidn2-devel +BuildRequires: libcurl-devel +BuildRequires: kmod-devel +BuildRequires: elfutils-devel +BuildRequires: openssl-devel +%if %{with gnutls} +BuildRequires: gnutls-devel +%endif +%if %{undefined rhel} +BuildRequires: qrencode-devel +%endif +BuildRequires: libmicrohttpd-devel +BuildRequires: libxkbcommon-devel +BuildRequires: iptables-devel +BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(libarchive) +BuildRequires: pkgconfig(libfido2) +BuildRequires: pkgconfig(tss2-esys) +BuildRequires: pkgconfig(tss2-rc) +BuildRequires: pkgconfig(tss2-mu) +BuildRequires: pkgconfig(libbpf) +BuildRequires: systemtap-sdt-devel +%if %{with docs} +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +%endif +BuildRequires: pkgconfig +BuildRequires: gperf +BuildRequires: gawk +BuildRequires: tree +BuildRequires: hostname +BuildRequires: python3 +BuildRequires: python3-devel +BuildRequires: python3dist(jinja2) +BuildRequires: python3dist(lxml) +BuildRequires: python3dist(pefile) +%if %{undefined rhel} +BuildRequires: python3dist(pillow) +BuildRequires: python3dist(pytest-flakes) +%endif +BuildRequires: python3dist(pytest) +BuildRequires: python3dist(zstd) +%if 0%{?want_bootloader} +BuildRequires: python3dist(pyelftools) +%endif +# gzip and lzma are provided by the stdlib +BuildRequires: firewalld-filesystem +BuildRequires: libseccomp-devel +BuildRequires: meson >= 0.43 +BuildRequires: gettext +# We use RUNNING_ON_VALGRIND in tests, so the headers need to be available +%ifarch %{valgrind_arches} +BuildRequires: valgrind-devel +%endif + +%ifnarch %ix86 +# bpftool is not built for i368 +BuildRequires: bpftool +%global have_bpf 1 +%endif + +%if 0%{?fedora} +%ifarch x86_64 aarch64 +%global have_xen 1 +# That package is only built for those two architectures +BuildRequires: xen-devel +%endif +%endif + +Requires(post): coreutils +Requires(post): grep +# systemd-machine-id-setup requires libssl +Requires(post): openssl-libs +Requires: dbus >= 1.9.18 +Requires: %{name}-pam%{_isa} = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Requires: %{name}-libs%{_isa} = %{version}-%{release} +%{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} +Recommends: diffutils +Requires: (util-linux-core or util-linux) +Recommends: libxkbcommon%{_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +# systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308 +Obsoletes: systemd-sysv < 206 +# self-obsoletes so that dnf will install new subpackages on upgrade (#1260394) +Obsoletes: %{name} < 249~~ +Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 +%if 0%{?fedora} +Conflicts: fedora-release < 23-0.12 +%endif +%if 0%{?fedora} >= 41 +BuildRequires: setup >= 2.15.0-3 +BuildRequires: python3 +Conflicts: setup < 2.15.0-3 +Conflicts: selinux-policy-any < 41.1 +%endif + +%if 0%{?fedora} >= 41 +# Make sure that dracut supports systemd-executor and the renames done for v255, +# and dlopen libraries and read-only fs in initrd. +Conflicts: dracut < 060-2 +%else +# Make sure that dracut supports systemd-executor and the renames done for v255. +Conflicts: dracut < 059-16 +%endif + +Obsoletes: timedatex < 0.6-3 +Provides: timedatex = 0.6-3 +Provides: %{name}-tmpfiles = %{version}-%{release} +Provides: %{name}-sysusers = %{version}-%{release} +Provides: %{name}-shutdown = %{version}-%{release} + +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +Recommends: libidn2.so.0%{?elf_suffix} +Recommends: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Recommends: libpcre2-8.so.0%{?elf_suffix} +Recommends: libpwquality.so.1%{?elf_suffix} +Recommends: libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits} +%if %{undefined rhel} +Recommends: libqrencode.so.4%{?elf_suffix} +%endif +Recommends: libbpf.so.1%{?elf_suffix} +Recommends: libbpf.so.1(LIBBPF_0.4.0)%{?elf_bits} + +# used by systemd-coredump and systemd-analyze +Recommends: libdw.so.1%{?elf_suffix} +Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} +Recommends: libelf.so.1%{?elf_suffix} +Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} + +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} + +# Libkmod is used to load modules. +Recommends: libkmod.so.2%{?elf_suffix} +# kmod_list_next, kmod_load_resources, kmod_module_get_initstate, +# kmod_module_get_module, kmod_module_get_name, kmod_module_new_from_lookup, +# kmod_module_probe_insert_module, kmod_module_unref, kmod_module_unref_list, +# kmod_new, kmod_set_log_fn, kmod_unref, kmod_validate_resources +# are part of LIBKMOD_5. +Recommends: libkmod.so.2(LIBKMOD_5)%{?elf_bits} + +Recommends: libarchive.so.13%{?elf_suffix} + +%description +systemd is a system and service manager that runs as PID 1 and starts the rest +of the system. It provides aggressive parallelization capabilities, uses socket +and D-Bus activation for starting services, offers on-demand starting of +daemons, keeps track of processes using Linux control groups, maintains mount +and automount points, and implements an elaborate transactional dependency-based +service control logic. systemd supports SysV and LSB init scripts and works as a +replacement for sysvinit. Other parts of this package are a logging daemon, +utilities to control basic system configuration like the hostname, date, locale, +maintain a list of logged-in users, system accounts, runtime directories and +settings, and a logging daemons. +%if 0%{?stable} +This package was built from the %(c=%version; echo "v${c%.*}-stable") branch of systemd. +%endif + +%package libs +Summary: systemd libraries +License: LGPL-2.1-or-later AND MIT +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 + +%description libs +Libraries for systemd and udev. + +%package pam +Summary: systemd PAM module +Requires: %{name} = %{version}-%{release} + +%description pam +Systemd PAM module registers the session with systemd-logind. + +%package rpm-macros +Summary: Macros that define paths and scriptlets related to systemd +BuildArch: noarch + +%description rpm-macros +Just the definitions of rpm macros. + +See +https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd +for information how to use those macros. + +%package devel +Summary: Development headers for systemd +License: LGPL-2.1-or-later AND MIT +Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires(meta): (%{name}-rpm-macros = %{version}-%{release} if rpm-build) +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package udev +Summary: Rule-based device node and kernel event manager +License: LGPL-2.1-or-later + +Requires: systemd%{_isa} = %{version}-%{release} +Requires(post): systemd%{_isa} = %{version}-%{release} +Requires(preun): systemd%{_isa} = %{version}-%{release} +Requires(postun): systemd%{_isa} = %{version}-%{release} +Requires(post): grep +Requires: kmod >= 18-4 +# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1 +Obsoletes: systemd < 245.6-1 +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 +Requires: (grubby > 8.40-72 if grubby) +Requires: (sdubby > 1.0-3 if sdubby) + +# Libkmod is used to load modules. Assume that if we need udevd, we certainly +# want to load modules, so make this into a hard dependency here. +Requires: libkmod.so.2%{?elf_suffix} +Requires: libkmod.so.2(LIBKMOD_5)%{?elf_bits} + +# Recommends to replace normal Requires deps for stuff that is dlopen()ed +# used by dissect, integritysetup, veritysetyp, growfs, repart, cryptenroll, home +Recommends: libcryptsetup.so.12%{?elf_suffix} +Recommends: libcryptsetup.so.12(CRYPTSETUP_2.4)%{?elf_bits} + +# used by systemd-coredump and systemd-analyze +Recommends: libdw.so.1%{?elf_suffix} +Recommends: libdw.so.1(ELFUTILS_0.186)%{?elf_bits} +Recommends: libelf.so.1%{?elf_suffix} +Recommends: libelf.so.1(ELFUTILS_1.7)%{?elf_bits} + +# used by home, cryptsetup, cryptenroll, logind +Recommends: libfido2.so.1%{?elf_suffix} +Recommends: libp11-kit.so.0%{?elf_suffix} +Recommends: libtss2-esys.so.0%{?elf_suffix} +Recommends: libtss2-mu.so.0%{?elf_suffix} +Recommends: libtss2-rc.so.0%{?elf_suffix} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Suggests: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Requires: kbd + +# https://bugzilla.redhat.com/show_bug.cgi?id=1753381 +Provides: u2f-hidraw-policy = 1.0.2-40 +Obsoletes: u2f-hidraw-policy < 1.0.2-40 + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +Provides: %{name}-repart = %{version}-%{release} + +%description udev +This package contains systemd-udev and the rules and hardware database needed to +manage device nodes. This package is necessary on physical machines and in +virtual machines, but not in containers. + +This package also provides systemd-timesyncd, a network time protocol daemon. + +It also contains tools to manage encrypted home areas and secrets bound to the +machine, and to create or grow partitions and make file systems automatically. + +%package ukify +Summary: Tool to build Unified Kernel Images +Requires: %{name} = %{version}-%{release} + +Requires: (systemd-boot if %{shrink:( + filesystem(x86-32) or + filesystem(x86-64) or + filesystem(aarch64) or + filesystem(riscv64) +)}) +Requires: python3dist(pefile) +Requires: python3dist(zstd) +Requires: python3dist(cryptography) +Recommends: python3dist(pillow) + +# for tests +%ifarch riscv64 +# 2.42 received support for riscv64 + efi targets +%global binutils_version_req >= 2.42 +%endif +BuildRequires: binutils %{?binutils_version_req} + +BuildArch: noarch + +%description ukify +This package provides ukify, a script that combines a kernel image, an initrd, +with a command line, and possibly PCR measurements and other metadata, into a +Unified Kernel Image (UKI). + +%if 0%{?want_bootloader} +%package boot-unsigned +Summary: UEFI boot manager (unsigned version) + +Provides: systemd-boot-unsigned-%{efi_arch} = %version-%release +Provides: systemd-boot = %version-%release +Provides: systemd-boot%{_isa} = %version-%release +# A provides with just the version, no release or dist, used to build systemd-boot +Provides: version(systemd-boot-unsigned) = %version +Provides: version(systemd-boot-unsigned)%{_isa} = %version + +# self-obsoletes to install both packages after split of systemd-boot +Obsoletes: systemd-udev < 252.2^ + +%description boot-unsigned +systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a +graphical menu to select the entry to boot and an editor for the kernel command +line. systemd-boot supports systems with UEFI firmware only. + +This package contains the unsigned version. Install systemd-boot instead to get +the version that works with Secure Boot. +%endif + +%package container +# Name is the same as in Debian +Summary: Tools for containers and VMs +Requires: %{name}%{_isa} = %{version}-%{release} +Requires(post): systemd%{_isa} = %{version}-%{release} +Requires(preun): systemd%{_isa} = %{version}-%{release} +Requires(postun): systemd%{_isa} = %{version}-%{release} +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) +Suggests: libcurl-minimal +License: LGPL-2.1-or-later + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains systemd-nspawn, machinectl, systemd-machined, +and systemd-importd. + +%package journal-remote +# Name is the same as in Debian +Summary: Tools to send journal events over the network +Requires: %{name}%{_isa} = %{version}-%{release} +License: LGPL-2.1-or-later +Requires: firewalld-filesystem +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 +# Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) +Suggests: libcurl-minimal + +%description journal-remote +Programs to forward journal entries over the network, using encrypted HTTP, and +to write journal files from serialized journal contents. + +This package contains systemd-journal-gatewayd, systemd-journal-remote, and +systemd-journal-upload. + +%package resolved +Summary: Network Name Resolution manager +Requires: %{name}%{_isa} = %{version}-%{release} +Obsoletes: %{name} < 249~~ +Requires: libidn2.so.0%{?elf_suffix} +Requires: libidn2.so.0(IDN2_0.0.0)%{?elf_bits} +Requires(posttrans): grep +%{?sysusers_requires_compat} + +%description resolved +systemd-resolved is a system service that provides network name resolution to +local applications. It implements a caching and validating DNS/DNSSEC stub +resolver, as well as an LLMNR and MulticastDNS resolver and responder. + +%package oomd +Summary: A userspace out-of-memory (OOM) killer +Requires: %{name}-udev = %{version}-%{release} +Provides: %{name}-oomd-defaults = %{version}-%{release} +License: LGPL-2.1-or-later + +%description oomd +systemd-oomd is a system service that uses cgroups-v2 and pressure stall +information (PSI) to monitor and take action on processes before an OOM +occurs in kernel space. + +%prep +%autosetup -S git + +%build +%global ntpvendor %(source /etc/os-release; echo ${ID}) +%{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1} + +CONFIGURE_OPTS=( + -Dmode=%[%{with upstream}?"developer":"release"] + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Ddns-servers= + -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin + -Dservice-watchdog=3min + -Ddev-kvm-mode=0666 + -Dkmod=enabled + -Dxkbcommon=enabled + -Dblkid=enabled + -Dfdisk=enabled + -Dseccomp=enabled + -Dima=true + -Dselinux=enabled + -Dbpf-framework=%[0%{?have_bpf}?"enabled":"disabled"] + -Dapparmor=disabled + -Dpolkit=enabled + -Dxz=%[%{with xz}?"enabled":"disabled"] + -Dzlib=%[%{with zlib}?"enabled":"disabled"] + -Dbzip2=%[%{with bzip2}?"enabled":"disabled"] + -Dlz4=%[%{with lz4}?"enabled":"disabled"] + -Dzstd=%[%{with zstd}?"enabled":"disabled"] + -Dpam=enabled + -Dacl=enabled + -Dsmack=true + -Dopenssl=enabled + -Dcryptolib=openssl + -Dp11kit=enabled + -Dgcrypt=disabled + -Daudit=enabled + -Delfutils=enabled + -Dlibcryptsetup=%[%{with bootstrap}?"disabled":"enabled"] + -Delfutils=enabled + -Drepart=enabled + -Dpwquality=enabled + -Dqrencode=%[%{defined rhel}?"disabled":"enabled"] + -Dmicrohttpd=enabled + -Dlibiptc=disabled + -Dlibcurl=enabled + -Dlibfido2=enabled + -Dxenctrl=%[0%{?have_xen}?"enabled":"disabled"] + -Defi=true + -Dtpm=true + -Dtpm2=enabled + -Dhwdb=true + -Dsysusers=true + -Ddefault-kill-user-processes=false + -Dfirst-boot-full-preset=true + -Ddefault-network=true + -Dtests=unsafe + -Dinstall-tests=false + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dcompat-mutable-uid-boundaries=true + -Dsplit-bin=true + -Db_ndebug=false + -Dman=%[%{with docs}?"enabled":"disabled"] + -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] + # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 + -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] + -Dlink-executor-shared=false + -Dfallback-hostname="localhost" + -Ddefault-dnssec=no + -Ddefault-dns-over-tls=no + # https://bugzilla.redhat.com/show_bug.cgi?id=1867830 + -Ddefault-mdns=no + # https://bugzilla.redhat.com/show_bug.cgi?id=2028169 + -Dstatus-unit-format-default=combined + -Dconfigfiledir=/usr/lib + -Doomd=true + + -Dadm-gid=4 + -Dtty-gid=5 + -Ddisk-gid=6 + -Dlp-gid=7 + -Dkmem-gid=9 + -Dwheel-gid=10 + -Dcdrom-gid=11 + -Ddialout-gid=18 + -Dutmp-gid=22 + -Dtape-gid=33 + -Dkvm-gid=36 + -Dvideo-gid=39 + -Daudio-gid=63 + -Dusers-gid=100 + -Dinput-gid=104 + -Drender-gid=105 + -Dsgx-gid=106 + -Dsystemd-journal-gid=190 + -Dsystemd-network-uid=192 + -Dsystemd-resolve-uid=193 + # -Dsystemd-timesync-uid=, not set yet + + # For now, let's build the bootloader in the same places where we + # built with gnu-efi. Later on, we might want to extend coverage, but + # considering that that support is untested, let's not do this now. + -Dbootloader=%[%{?want_bootloader}?"enabled":"disabled"] + -Dukify=enabled + + # RHEL10 bootstrapping + -Dstandalone-binaries=false + -Dnscd=false + -Dportabled=false + -Dmountfsd=false + -Dhomed=disabled + -Dnetworkd=false + -Dtimesyncd=false + -Dcreate-log-dirs=false + -Dnsresourced=false + -Dfirstboot=true + -Dvmspawn=disabled + -Dstoragetm=false + -Dhtml=disabled + -Ddefault-net-naming-scheme=rhel-10.0 + -Ddefault-llmnr=no + -Ddns-over-tls=openssl + -Dntp-servers= + -Dsupport-url=https://access.redhat.com/support + -Dlibidn=disabled + -Dgnutls=disabled + -Ddefault-compression=zstd + # https://issues.redhat.com/browse/RHEL-16810 + -Dsbat-distro-url=mailto:secalert@redhat.com + -Dsshconfdir=no + -Dsshdconfdir=no + -Duserdb=true +) + +%if %{without lto} +%global _lto_cflags %nil +%endif + +{ %meson "${CONFIGURE_OPTS[@]}" %{?meson_extra_configure_options} ; } + +%meson_build + +new_triggers=%{_vpath_builddir}/src/rpm/triggers.systemd.sh +if ! diff -u %{SOURCE1} ${new_triggers}; then + echo -e "\n\n\nWARNING: triggers.systemd in Source1 is different!" + echo -e " cp $PWD/${new_triggers} %{SOURCE1}\n\n\n" + sleep 5 +fi + +%install +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# Config files that were moved under /usr. +# We need to %ghost them so that they are not removed on upgrades. +touch %{buildroot}/etc/systemd/coredump.conf \ + %{buildroot}/etc/systemd/journald.conf \ + %{buildroot}/etc/systemd/journal-remote.conf \ + %{buildroot}/etc/systemd/journal-upload.conf \ + %{buildroot}/etc/systemd/logind.conf \ + %{buildroot}/etc/systemd/oomd.conf \ + %{buildroot}/etc/systemd/pstore.conf \ + %{buildroot}/etc/systemd/resolved.conf \ + %{buildroot}/etc/systemd/sleep.conf \ + %{buildroot}/etc/systemd/system.conf \ + %{buildroot}/etc/systemd/user.conf \ + %{buildroot}/etc/udev/udev.conf \ + %{buildroot}/etc/udev/iocost.conf + +install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3} + +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE6} + +# /etc/sysctl.conf compat +install -Dm0644 %{SOURCE7} %{buildroot}/etc/sysctl.conf +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/log/lastlog +chmod 0664 %{buildroot}%{_localstatedir}/log/lastlog +touch %{buildroot}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload +ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state + +# Install rc.local +mkdir -p %{buildroot}%{_sysconfdir}/rc.d/ +install -m 0644 %{SOURCE26} %{buildroot}%{_sysconfdir}/rc.d/rc.local +ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local + +# Install yum protection fragment +install -Dm0644 %{SOURCE5} %{buildroot}/etc/dnf/protected.d/systemd.conf + +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE8} %{SOURCE9} + +# Install additional docs +# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE10} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE11} + +install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13} + +# systemd-oomd default configuration +install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/oomd.conf.d/ %{SOURCE14} +install -Dm0644 -t %{buildroot}%{system_unit_dir}/system.slice.d/ %{SOURCE15} +install -Dm0644 -t %{buildroot}%{user_unit_dir}/slice.d/ %{SOURCE15} + +# https://fedoraproject.org/wiki/Changes/IncreaseVmMaxMapCount +install -Dm0644 -t %{buildroot}%{_prefix}/lib/sysctl.d/ %{SOURCE17} + +sed -i 's|#!/usr/bin/env python3|#!%{__python3}|' %{buildroot}/usr/lib/systemd/tests/run-unit-tests.py || : + +install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/macros.d/ %{SOURCE21} +# Use rpm's own sysusers provides where available +%if ! (0%{?fedora} >= 39 || 0%{?rhel} >= 10) +install -m 0644 -D -t %{buildroot}%{_rpmconfigdir}/fileattrs/ %{SOURCE22} +install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE23} +%endif +install -m 0755 -D -t %{buildroot}%{_rpmconfigdir}/ %{SOURCE24} + +# https://bugzilla.redhat.com/show_bug.cgi?id=2107754 +install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/network/ %{SOURCE25} + +ln -s --relative %{buildroot}%{_bindir}/kernel-install %{buildroot}%{_sbindir}/installkernel + +%if "%{_sbindir}" == "%{_bindir}" +# Systemd has the split-sbin option which is also used to select the directory +# for alias symlinks. We need to keep split-sbin=true for now, to support +# unmerged systems. Move the symlinks here instead. +mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/ +%endif + +%if 0%{?fedora} >= 41 +# This requires https://pagure.io/setup/pull-request/50 +# and https://src.fedoraproject.org/rpms/setup/pull-request/10. +%{python3} %{SOURCE4} /usr/lib/sysusers.d/20-setup-{users,groups}.conf %{buildroot}/usr/lib/sysusers.d/basic.conf +rm %{buildroot}/usr/lib/sysusers.d/basic.conf +%endif + +%find_lang %{name} + +# Split files in build root into rpms +python3 %{SOURCE2} %buildroot %{!?want_bootloader:--no-bootloader} + +%check +%if %{with tests} +meson test -C %{_vpath_builddir} -t 6 --print-errorlogs +%endif + +############################################################################################# + +%include %{SOURCE1} + +%post +systemd-machine-id-setup &>/dev/null || : + +[ $1 -eq 1 ] || exit 0 + +[ -w %{_localstatedir} ] && journalctl --update-catalog || : +systemd-sysusers || : +systemd-tmpfiles --create &>/dev/null || : + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172. +# We also do this for user units, see +# https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units. +systemctl preset-all &>/dev/null || : +systemctl --global preset-all &>/dev/null || : + +%postun +if [ $1 -ge 1 ]; then + [ -w %{_localstatedir} ] && journalctl --update-catalog || : + + systemctl daemon-reexec || : + + systemd-tmpfiles --create &>/dev/null || : +fi + +%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service + +# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558) + +# This is the expanded form of %%systemd_user_daemon_reexec. We +# can't use the macro because we define it ourselves. +if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + # Package upgrade, not uninstall + /usr/lib/systemd/systemd-update-helper user-reexec || : +fi + +%triggerun -- systemd < 256 +# This is for upgrades from previous versions before systemd restart was moved to %%postun +systemctl daemon-reexec || : + +%triggerpostun -- systemd < 256-9 +if [ -L /etc/ssh/sshd_config.d/20-systemd-userdb.conf ] && \ + [ "$(readlink -m /etc/ssh/sshd_config.d/20-systemd-userdb.conf)" = "/usr/lib/systemd/sshd_config.d/20-systemd-userdb.conf" ] ; then + rm -f /etc/ssh/sshd_config.d/20-systemd-userdb.conf || : +fi + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket %{?want_bootloader:systemd-boot-update.service} systemd-pstore.service remote-cryptsetup.target + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null + +udevadm hwdb --update &>/dev/null + +%systemd_post %udev_services + +# Try to save the random seed, but don't complain if /dev/urandom is unavailable +/usr/lib/systemd/systemd-random-seed save 2>&1 | \ + grep -v 'Failed to open /dev/urandom' || : + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Restart some services. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service + + +%global journal_remote_units_restart systemd-journal-gatewayd.service systemd-journal-remote.service systemd-journal-upload.service +%global journal_remote_units_norestart systemd-journal-gatewayd.socket systemd-journal-remote.socket +%post journal-remote +%systemd_post %journal_remote_units_restart %journal_remote_units_norestart +%firewalld_reload + +%preun journal-remote +%systemd_preun %journal_remote_units_restart %journal_remote_units_norestart +if [ $1 -eq 1 ] ; then + if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then + mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload + mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. + rmdir %{_localstatedir}/lib/systemd/journal-upload || : + fi +fi + +%postun journal-remote +%systemd_postun_with_restart %journal_remote_units_restart +%firewalld_reload + +%pre resolved +%sysusers_create_compat %{SOURCE27} + +%post resolved +%systemd_post systemd-resolved.service + +%preun resolved +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + systemd-resolved.service \ + >/dev/null || : + if [ -L /etc/resolv.conf ] && \ + realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then + rm -f /etc/resolv.conf # no longer useful + # if network manager is enabled, move to it instead + [ -f /run/NetworkManager/resolv.conf ] && \ + systemctl -q is-enabled NetworkManager.service &>/dev/null && \ + ln -fsv ../run/NetworkManager/resolv.conf /etc/resolv.conf + fi +fi + +%postun resolved +%systemd_postun_with_restart systemd-resolved.service + +%pre +getent group systemd-oom &>/dev/null || groupadd -r systemd-oom 2>&1 || : +getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /sbin/nologin -c "systemd Userspace OOM Killer" systemd-oom &>/dev/null || : + +%preun oomd +%systemd_preun systemd-oomd.service + +%post oomd +%systemd_post systemd-oomd.service + +%postun oomd +%systemd_postun_with_restart systemd-oomd.service + +%global _docdir_fmt %{name} + +%files -f %{name}.lang -f .file-list-main +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE* +# Only the licenses texts for the licenses in License line are included. +%license LICENSE.GPL2 +%license LICENSES/MIT.txt +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0700,-,-) /var/lib/portables +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%files libs -f .file-list-libs +%license LICENSE.LGPL2.1 + +%files pam -f .file-list-pam + +%files rpm-macros -f .file-list-rpm-macros + +%files resolved -f .file-list-resolve + +%files devel -f .file-list-devel + +%files udev -f .file-list-udev + +%files ukify -f .file-list-ukify +%if 0%{?want_bootloader} +%files boot-unsigned -f .file-list-boot +%endif + +%files container -f .file-list-container +%ghost %dir %attr(0700,-,-) /var/lib/machines + +%files journal-remote -f .file-list-remote + +%files oomd -f .file-list-oomd + +%clean +rm -rf $RPM_BUILD_ROOT +rm -f 10-timeout-abort.conf.user +rm -f .file-list-* +rm -f %{name}.lang + +%changelog +* Mon Mar 10 2025 systemd team - 257-9.1 +- bump the NIC naming policy to RHEL-10.0 (RHEL-82568) + +* Fri Feb 14 2025 systemd maintenance team - 257-9 +- Add BuildRequires for git-core (RHEL-71409) + +* Fri Feb 14 2025 systemd maintenance team - 257-8 +- Rebase to new upstream stable release v257.3 (RHEL-71409) +- udev: introduce several features to make debugging rules easier (RHEL-75774) + +* Mon Feb 10 2025 systemd maintenance team - 257-7 +- Rebase to new upstream stable version v257.2+ (RHEL-71409) + +* Wed Feb 05 2025 Pat Riehecky - 257-6 +- Enable systemd-userdb (RHEL-59934) + +* Mon Feb 03 2025 systemd maintenance team - 257-5 +- Rebase to new upstream stable version v257.2+ (RHEL-71409) + +* Thu Jan 30 2025 systemd maintenance team - 257-4 +- ci: use ubuntu 22:04 for deploy of man pages (RHEL-57603) +- tree-wide: Fix python formatting (RHEL-57603) +- ci: fix Packit (RHEL-57603) +- ci: drop testing farm test (RHEL-57603) +- dbus: stash the subscriber list when we disconenct from the bus (RHEL-73780) +- manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-73780) +- shared/bus-util: move bus_message_read_id128() to bus-message-util (RHEL-73780) +- shared/bus-util: move bus_message_hash_ops to bus-message-util (RHEL-73780) +- shared/bus-util: move string set append/get funcs to bus-message-util and bus-get-properties, respectively (RHEL-73780) +- shared/serialize: make input params const (RHEL-73780) +- shared/serialize: introduce serialize_id128() (RHEL-73780) +- bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-73780) +- core/manager: use FOREACH_ARRAY at one more place (RHEL-73780) +- core/manager: drop duplicate bus track deserialization (RHEL-73780) +- bus-util: introduce bus_get_instance_id() (RHEL-73780) +- core: serialize API bus id and validate before deserializing bus tracks (RHEL-73780) +- core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-73780) +- shared/bus-util: add missing `set.h` include (RHEL-73780) +- udevadm-test: add missing oom check (RHEL-75774) +- udev-rules: replace 'type *func()' -> 'type* func()' (RHEL-75774) +- udev-rules: do not change maximum log level when running in test mode (RHEL-75774) +- udevadm-test: introduce -v/--verbose option to show verbose log messages (RHEL-75774) +- udev-rules: show original token string in log_event_error() and friends (RHEL-75774) +- udev-rules: logs result of format substitution (RHEL-75774) +- udev-rules: add more trace logs for string match (RHEL-75774) +- udev-rules: introduce udev_replace_chars_and_log() (RHEL-75774) +- udev-rules: ignore whole command result if it is too long and does not contain newline (RHEL-75774) +- udev-rules: update log messages (RHEL-75774) +- udev-rules: add trace logs for GOTO and parent conditions (RHEL-75774) + +* Wed Jan 08 2025 Jan Macku - 257-3 +- udev/net_id: introduce naming scheme for RHEL-9.6 (RHEL-44417) +- Rebase to new upstream stable release v257.2 (RHEL-71409) + +* Fri Dec 20 2024 Jan Macku - 257-2 +- Rebase to new upstream stable release v257.1 (RHEL-71409) + +* Tue Dec 17 2024 Jan Macku - 257-1 +- Rebase to new upstream release v257 (RHEL-71409) +- netif-naming-scheme: introduce rhel-10.0 scheme (RHEL-44417) + +* Tue Nov 19 2024 systemd maintenance team - 256-18 +- add %%pre sysuser scriptlet for resolved subpackage (RHEL-50564) + +* Tue Nov 12 2024 systemd maintenance team - 256-17 +- socket: fix socket activation of stopped services with pinned FD store (RHEL-60896) + +* Tue Oct 29 2024 Troy Dawson +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Tue Oct 15 2024 systemd maintenance team - 256-15 +- ci: rename beta branch to match dist-git name (RHEL-57603) +- udev: Handle PTP device symlink properly on udev action 'change' (RHEL-59871) +- Fix detection of TDX confidential VM on Azure platform (RHEL-56144) +- confidential-virt: split caching of CVM detection into separate method (RHEL-56144) +- confidential-virt: add detection for s390x target (RHEL-56144) +- man/systemd-detect-virt: fix row spanning for VM header (RHEL-56144) +- man/systemd-detect-virt: list known CVM technologies (RHEL-56144) + +* Fri Aug 30 2024 systemd maintenance team - 256-14 +- Revert "cgroup-util: Don't try to open pidfd for kernel threads" (RHEL-52634) +- ukify: Skip test on architectures without UEFI (RHEL-52634) + +* Thu Aug 22 2024 systemd maintenance team - 256-13 +- systemctl: do not try to acquire triggering units for template units (RHEL-55132) +- core/unit: add one assertion for u->manager (RHEL-55734) +- core/service: destroy runtime data when Type=oneshot services exit (RHEL-55734) +- cgroup-util: Ignore kernel threads in cg_kill_items() (RHEL-55746) +- cgroup-util: Don't try to open pidfd for kernel threads (RHEL-55746) +- cgroup-util: fix typo (RHEL-55746) +- netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta (RHEL-55728) +- net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN (RHEL-55728) +- net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5 (RHEL-55728) +- make systemd-ukify subpackage arch dependent (RHEL-52634) + +* Thu Aug 15 2024 systemd maintenance team - 256-12 +- netif-naming-scheme: add rhel-9.5 scheme (RHEL-44416) +- udev-builtin-net_id: use firmware_node/sun for ID_NET_NAME_SLOT (RHEL-44416) +- man/net-naming-scheme: add missing period (RHEL-44416) +- Revert "packit: drop the dependency on python3-zstd" (RHEL-36636) + +* Tue Jul 30 2024 systemd maintenance team - 256-11 +- fix OpenScanHub builds (RHEL-40924) + +* Mon Jul 29 2024 systemd maintenance team - 256-10 +- fix updgrade from versions before removal of systemd-ssh-generator - follow-up (RHEL-50131) + +* Thu Jul 25 2024 systemd maintenance team - 256-9 +- fix updgrade from versions before removal of systemd-ssh-generator (RHEL-50131) + +* Tue Jul 23 2024 systemd maintenance team - 256-8 +- Avoid /tmp being mounted as tmpfs without the user's will (RHEL-40924) +- unit: don't add Requires for tmp.mount (RHEL-40924) +- units: add [Install] section to tmp.mount (RHEL-40924) +- units: don't enable tmp.mount statically in local-fs.target (RHEL-40924) + +* Mon Jul 22 2024 systemd maintenance team - 256-7 +- drop 10-timeout-abort.conf snippet (RHEL-46280) +- don't ship systemd-userdbd (RHEL-46280) + +* Fri Jul 19 2024 systemd maintenance team - 256-6 +- doc: add downstream CONTRIBUTING document (RHEL-40924) +- ci: allow `policy` as rhel-only keyword (RHEL-40924) +- ci: run mkosi test only for Fedora and CentOS Stream (RHEL-40924) +- taint: remove unused variable `usr_sbin` (RHEL-40924) +- packit: drop the libarchive workaround (RHEL-40924) +- packit: drop the dependency on python3-zstd (RHEL-40924) +- coredump: by default process and store core files up to 1GiB (RHEL-46778) +- don't ship systemd-ssh-generator harder (RHEL-40924) + +* Wed Jul 17 2024 systemd maintenance team - 256-5 +- don't ship systemd-ssh-generator (RHEL-40924) + +* Tue Jul 16 2024 systemd maintenance team - 256-4 +- reenable systemd-firstboot (RHEL-48822) +- don't create /var/log/journal (RHEL-40924) + +* Mon Jul 08 2024 systemd maintenance team - 256-3 +- taint: remove unmerged-bin (RHEL-46277) +- presets: remove resolved (RHEL-46576) +- remove resolved scriptlets +- don't install tests + +* Thu Jul 04 2024 systemd maintenance team - 256-2 +- logind: set RemoveIPC to false by default (RHEL-40924) +- tmpfiles: don't create resolv.conf -> stub-resolv.conf symlink (RHEL-40924) +- rc-local: order after network-online.target (RHEL-40924) +- random-util: increase random seed size to 1024 (RHEL-40924) +- journal: don't enable systemd-journald-audit.socket by default (RHEL-40924) +- journald.conf: don't touch current audit settings (RHEL-40924) +- rules: add elevator= kernel command line parameter (RHEL-40924) +- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (RHEL-40924) +- udev/net-setup-link: change the default MACAddressPolicy to "none" (RHEL-40924) +- core: decrease log level of messages about use of KillMode=none (RHEL-40924) +- meson: rename libbasic to libbasic_static (RHEL-46020) +- meson: build libsystemd-core via an intermediate static library (RHEL-46020) +- meson: add option to build systemd-executor "statically" (RHEL-46020) + +* Wed Jun 26 2024 Jan Macku - 256-1 +- Initial import and bootsprap from Fedora + * remove standalone packages + * remove networkd package + * remove homed + * remove portabled + * remove timesyncd + * remove tests package + * move oomd to separate package + * revert bin-sbin merge related changes +- remove autorelease stuff + * for changelog history see changelog file +- rules: copy 40-redhat.rules from RHEL 9 (RHEL-40360) +- net-naming-scheme: start rhel10 naming and include rhel8 and rhel9 ones (RHEL-22621) +- fedora: use system-auth in pam systemd-user (RHEL-40924) +- tmpfiles: make --purge hard to (mis-)use (RHEL-40924) +- journal: again create user journals for users with high uids (RHEL-40924) +- (origin/rhel-10.0.beta, rhel-10.0.beta) ci: allow to pass parameters together with rhel-only note (RHEL-36636) +- ci: reconfigure Packit for RHEL 10 (RHEL-36636) +- ci: deploy systemd man to GitHub Pages (RHEL-36636) +- ci: setup source-git automation (RHEL-36636) +- ci: update workflows to run on source-git setup (RHEL-36636) diff --git a/sysusers.attr b/sysusers.attr new file mode 100644 index 0000000..367c137 --- /dev/null +++ b/sysusers.attr @@ -0,0 +1,2 @@ +%__sysusers_provides %{_rpmconfigdir}/sysusers.prov +%__sysusers_path ^%{_sysusersdir}/.*\\.conf$ diff --git a/sysusers.generate-pre.sh b/sysusers.generate-pre.sh new file mode 100755 index 0000000..4a87d53 --- /dev/null +++ b/sysusers.generate-pre.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: true; tab-width: 4; -*- + +# This script turns sysuser.d files into scriptlets mandated by Fedora +# packaging guidelines. The general idea is to define users using the +# declarative syntax but to turn this into traditional scriptlets. + +user() { + user="$1" + uid="$2" + desc="$3" + group="$4" + home="$5" + shell="$6" + + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin + + if [ "$uid" = '-' ] || [ "$uid" = '' ]; then + cat <<-EOF + getent passwd '$user' >/dev/null || \\ + useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + EOF + else + cat <<-EOF + if ! getent passwd ${user@Q} >/dev/null; then + if ! getent passwd ${uid@Q} >/dev/null; then + useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + else + useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || : + fi + fi + + EOF + fi +} + +group() { + group="$1" + gid="$2" + + if [ "$gid" = '-' ]; then + cat <<-EOF + getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || : + EOF + else + cat <<-EOF + getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || : + EOF + fi +} + +usermod() { + user="$1" + group="$2" + + cat <<-EOF + if getent group ${group@Q} >/dev/null; then + usermod -a -G ${group@Q} '$user' || : + fi + EOF +} + +parse() { + while read -r line || [ -n "$line" ] ; do + { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue + line="${line## *}" + [ -z "$line" ] && continue + eval "arr=( $line )" + case "${arr[0]}" in + ('u') + if [[ "${arr[2]}" == *":"* ]]; then + user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" + else + group "${arr[1]}" "${arr[2]}" + user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" + fi + ;; + ('g') + group "${arr[1]}" "${arr[2]}" + ;; + ('m') + group "${arr[2]}" "-" + user "${arr[1]}" "-" "" "${arr[1]}" "" "" + usermod "${arr[1]}" "${arr[2]}" + ;; + esac + done +} + +for fn in "$@"; do + [ -e "$fn" ] || continue + echo "# generated from $(basename "$fn")" + parse <"$fn" +done diff --git a/sysusers.prov b/sysusers.prov new file mode 100755 index 0000000..f12e929 --- /dev/null +++ b/sysusers.prov @@ -0,0 +1,61 @@ +#!/bin/bash + +process_u() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Single shared static ID. + echo "user($1) = $2" + echo "group($1) = $2" + elif [[ $2 == *:* ]]; then + # UID:. + uid=$(echo $2 | cut -d':' -f1 -) + group=$(echo $2 | cut -d':' -f2 -) + if [ ! -z "${group##*[!0-9]*}" ]; then + # UID:GID. + echo "user($1) = ${uid}" + echo "group($1) = ${group}" + else + # UID:. + echo "user($1) = ${uid}" + echo "group(${group})" + fi + else + # Dynamic (or something else uninteresting). + echo "user($1)" + echo "group($1)" + fi +} + +process_g() { + if [ ! -z "${2##*[!0-9]*}" ]; then + # Static GID. + echo "group($1) = $2" + else + # Dynamic (or something else uninteresting). + echo "group($1)" + fi +} + +parse() { + while read line; do + [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue + line="${line## *}" + [ -z "$line" ] && continue + set -- $line + case "$1" in + ('u') + process_u "$2" "$3" + ;; + ('g') + process_g "$2" "$3" + ;; + ('m') + echo "user($2)" + echo "group($3)" + ;; + esac + done +} + +while read fn; do + parse < "$fn" +done diff --git a/test_sysusers_defined.py b/test_sysusers_defined.py new file mode 100755 index 0000000..2754578 --- /dev/null +++ b/test_sysusers_defined.py @@ -0,0 +1,34 @@ +#!/usr/bin/python + +import sys + +def parse_sysusers_file(filename): + users, groups = set(), set() + + for line in open(filename): + line = line.strip() + if not line or line.startswith('#'): + continue + words = line.split() + match words[0]: + case 'u': + users.add(words[1]) + case 'g': + groups.add(words[1]) + case 'm'|'r': + continue + case _: + assert False + return users, groups + +setup_users, setup_groups = parse_sysusers_file(sys.argv[1]) +setup_users2, setup_groups2 = parse_sysusers_file(sys.argv[2]) +setup_users |= setup_users2 +setup_groups |= setup_groups2 + +basic_users, basic_groups = parse_sysusers_file(sys.argv[3]) + +if d := basic_users - setup_users: + exit(f'We have new users: {d}') +if d := basic_groups - setup_groups: + exit(f'We have new groups: {d}') diff --git a/triggers.systemd b/triggers.systemd new file mode 100644 index 0000000..f8bb078 --- /dev/null +++ b/triggers.systemd @@ -0,0 +1,87 @@ +# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# Copyright 2018 Neal Gompa + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.14.0 + +%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +/usr/lib/systemd/systemd-update-helper system-reload-restart || : + +%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user +/usr/lib/systemd/systemd-update-helper user-reload-restart || : + +%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. +/usr/lib/systemd/systemd-update-helper system-reload || : + +%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user +# Execute daemon-reload in user managers. +/usr/lib/systemd/systemd-update-helper user-reload || : + +%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system +# We restart remaining system services that should be restarted here. +/usr/lib/systemd/systemd-update-helper system-restart || : + +%transfiletriggerpostun -P 9999 -- /usr/lib/systemd/user /etc/systemd/user +# We restart remaining user services that should be restarted here. +/usr/lib/systemd/systemd-update-helper user-restart || : + +%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +systemd-sysusers || : + +%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +systemd-hwdb update || : + +%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in /usr/lib/systemd/catalog. +journalctl --update-catalog || : + +%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d "/run/systemd/system"; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : +fi + +%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d "/run/systemd/system"; then + systemd-tmpfiles --create || : +fi + +%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + udevadm control --reload || : +fi + +%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d "/run/systemd/system"; then + /usr/lib/systemd/systemd-sysctl || : +fi diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev