Version 253~rc1

- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS
- New subpackages: systemd-repart-standalone, systemd-shutdown-standalone,
  and systemd-ukify.

0001-pam-align-second-and-third-columns.patch

@@ -1,48 +0,0 @@
-From 9efb224443d819b7d64ec76cb94c8aa625a8abf2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 23 Nov 2022 16:05:48 +0100
-Subject: [PATCH 1/2] pam: align second and third columns
-
-In our template file, we have jinja2 template markers, so the file
-looks fairly messy. But once it's rendered, it looks pretty clean, except
-that the columns are unaligned becuase of "-" in some lines in the first
-column. Let's make them aligned.
----
- src/login/systemd-user.in | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
-index 39bcbd71fe..d5597d28cb 100644
---- a/src/login/systemd-user.in
-+++ b/src/login/systemd-user.in
-@@ -4,18 +4,18 @@
- # Used by systemd --user instances.
- 
- {% if ENABLE_HOMED %}
---account sufficient pam_systemd_home.so
-+-account  sufficient pam_systemd_home.so
- {% endif %}
--account sufficient pam_unix.so no_pass_expiry
--account required pam_permit.so
-+account  sufficient pam_unix.so no_pass_expiry
-+account  required pam_permit.so
- 
- {% if HAVE_SELINUX %}
--session required pam_selinux.so close
--session required pam_selinux.so nottys open
-+session  required pam_selinux.so close
-+session  required pam_selinux.so nottys open
- {% endif %}
--session required pam_loginuid.so
--session optional pam_keyinit.so force revoke
-+session  required pam_loginuid.so
-+session  optional pam_keyinit.so force revoke
- {% if ENABLE_HOMED %}
---session optional pam_systemd_home.so
-+-session  optional pam_systemd_home.so
- {% endif %}
--session optional pam_systemd.so
-+session  optional pam_systemd.so
--- 
-2.38.1
-

0001-shared-install-Use-InstallChangeType-consistently.patch

@@ -1,37 +0,0 @@
-From 2fdd12acd5c69bc952d9ca4d5ad796e6e830d21b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com>
-Date: Fri, 11 Nov 2022 15:34:32 +0000
-Subject: [PATCH 1/5] shared|install: Use InstallChangeType consistently
-
-gcc 13 -Wenum-int-mismatch, enabled by default, reminds us enum ! = int
-
-(cherry picked from commit 9264db1a0ac6034ab5b40ef3f5914d8dc7d77aba)
----
- src/shared/install.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/shared/install.h b/src/shared/install.h
-index 9bb412ba06..0abc73897e 100644
---- a/src/shared/install.h
-+++ b/src/shared/install.h
-@@ -197,7 +197,7 @@ int unit_file_exists(LookupScope scope, const LookupPaths *paths, const char *na
- int unit_file_get_list(LookupScope scope, const char *root_dir, Hashmap *h, char **states, char **patterns);
- Hashmap* unit_file_list_free(Hashmap *h);
- 
--InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, int type, const char *path, const char *source);
-+InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, InstallChangeType type, const char *path, const char *source);
- void install_changes_free(InstallChange *changes, size_t n_changes);
- void install_changes_dump(int r, const char *verb, const InstallChange *changes, size_t n_changes, bool quiet);
- 
-@@ -224,7 +224,7 @@ UnitFileState unit_file_state_from_string(const char *s) _pure_;
- /* from_string conversion is unreliable because of the overlap between -EPERM and -1 for error. */
- 
- const char *install_change_type_to_string(InstallChangeType t) _const_;
--int install_change_type_from_string(const char *s) _pure_;
-+InstallChangeType install_change_type_from_string(const char *s) _pure_;
- 
- const char *unit_file_preset_mode_to_string(UnitFilePresetMode m) _const_;
- UnitFilePresetMode unit_file_preset_mode_from_string(const char *s) _pure_;
--- 
-2.39.1
-

0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch

@@ -1,34 +0,0 @@
-From b1b7667a44c4e8635b6d8dc070fb2446187fcdc5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com>
-Date: Fri, 11 Nov 2022 15:28:51 +0000
-Subject: [PATCH 2/5] journal-remote: code is of type enum
- MHD_RequestTerminationCode
-
-Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.
-
-(cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc)
----
- src/journal-remote/microhttpd-util.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
-index 7e7d1b56b1..df18335469 100644
---- a/src/journal-remote/microhttpd-util.h
-+++ b/src/journal-remote/microhttpd-util.h
-@@ -64,11 +64,11 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0);
- 
- int mhd_respondf(struct MHD_Connection *connection,
-                  int error,
--                 unsigned code,
-+                 enum MHD_RequestTerminationCode code,
-                  const char *format, ...) _printf_(4,5);
- 
- int mhd_respond(struct MHD_Connection *connection,
--                unsigned code,
-+                enum MHD_RequestTerminationCode code,
-                 const char *message);
- 
- int mhd_respond_oom(struct MHD_Connection *connection);
--- 
-2.39.1
-

0002-pam-add-a-call-to-pam_namespace.patch

@@ -1,41 +0,0 @@
-From 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 23 Nov 2022 16:09:56 +0100
-Subject: [PATCH 2/2] pam: add a call to pam_namespace
-
-A call to pam_namespace is required so that children of user@.service end up in
-a namespace as expected. pam_namespace gets called as part of the stack that
-creates a session (login, sshd, gdm, etc.) and those processes end up in a
-namespace, but it also needs to be called from our stack which is parallel and
-descends from pid1 itself.
-
-The call to pam_namespace is similar to the call to pam_keyinit that was added
-in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service
-creates a new session which is disconnected from the parent environment. Both
-calls are not suitable for inclusion in the shared part of the stack (e.g.
-@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser
-should not include them.
-
-Fixes #17043 (Allow to execute user service into dedicated namespace
-              if pam_namespace enabled)
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1861836
-(Polyinstantiation is ignored/bypassed in GNOME sessions)
----
- src/login/systemd-user.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
-index d5597d28cb..06f7e36458 100644
---- a/src/login/systemd-user.in
-+++ b/src/login/systemd-user.in
-@@ -15,6 +15,7 @@ session  required pam_selinux.so nottys open
- {% endif %}
- session  required pam_loginuid.so
- session  optional pam_keyinit.so force revoke
-+session  required pam_namespace.so
- {% if ENABLE_HOMED %}
- -session  optional pam_systemd_home.so
- {% endif %}
--- 
-2.38.1
-

0003-pam-actually-align-the-columns.patch

@@ -1,47 +0,0 @@
-From 369dfbf43a0064b70a774ccdd3dd1c1a09fd95ca Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 14 Dec 2022 22:23:31 +0100
-Subject: [PATCH 3/4] pam: actually align the columns
-
-In 9efb224443d819b7d64ec76cb94c8aa625a8abf2 was supposed to align
-them, but for some reason I just added a second space everywhere.
----
- src/login/systemd-user.in | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
-index 06f7e36458..9a665bd959 100644
---- a/src/login/systemd-user.in
-+++ b/src/login/systemd-user.in
-@@ -4,19 +4,19 @@
- # Used by systemd --user instances.
- 
- {% if ENABLE_HOMED %}
---account  sufficient pam_systemd_home.so
-+-account sufficient pam_systemd_home.so
- {% endif %}
- account  sufficient pam_unix.so no_pass_expiry
--account  required pam_permit.so
-+account  required   pam_permit.so
- 
- {% if HAVE_SELINUX %}
--session  required pam_selinux.so close
--session  required pam_selinux.so nottys open
-+session  required   pam_selinux.so close
-+session  required   pam_selinux.so nottys open
- {% endif %}
--session  required pam_loginuid.so
--session  optional pam_keyinit.so force revoke
--session  required pam_namespace.so
-+session  required   pam_loginuid.so
-+session  optional   pam_keyinit.so force revoke
-+session  required   pam_namespace.so
- {% if ENABLE_HOMED %}
---session  optional pam_systemd_home.so
-+-session optional   pam_systemd_home.so
- {% endif %}
--session  optional pam_systemd.so
-+session  optional   pam_systemd.so
--- 
-2.38.1
-

0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch

@@ -1,31 +0,0 @@
-From ba5f7915d25a400f0651bc9e8546a3ec6a738eaa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com>
-Date: Fri, 11 Nov 2022 15:31:18 +0000
-Subject: [PATCH 3/5] resolve: dns_server_feature_level_*_string type is
- DnsServerFeatureLevel
-
-gcc 13 -Wenum-int-mismatch reminds us that enum != int
-
-(cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43)
----
- src/resolve/resolved-dns-server.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h
-index be9efb0a79..f939b534c3 100644
---- a/src/resolve/resolved-dns-server.h
-+++ b/src/resolve/resolved-dns-server.h
-@@ -44,8 +44,8 @@ typedef enum DnsServerFeatureLevel {
- #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO)
- #define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO)
- 
--const char* dns_server_feature_level_to_string(int i) _const_;
--int dns_server_feature_level_from_string(const char *s) _pure_;
-+const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_;
-+DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_;
- 
- struct DnsServer {
-         Manager *manager;
--- 
-2.39.1
-

0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch

@@ -1,104 +0,0 @@
-From 34b9eddfc12936917fab000b780a451d6277c2b4 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@gotplt.org>
-Date: Tue, 13 Dec 2022 16:54:36 -0500
-Subject: [PATCH 4/5] Use dummy allocator to make accesses defined as per
- standard
-
-systemd uses malloc_usable_size() everywhere to use memory blocks
-obtained through malloc, but that is abuse since the
-malloc_usable_size() interface isn't meant for this kind of use, it is
-for diagnostics only.  This is also why systemd behaviour is flaky when
-built with _FORTIFY_SOURCE.
-
-One way to make this more standard (and hence safer) is to, at every
-malloc_usable_size() call, also 'reallocate' the block so that the
-compiler can see the larger size.  This is done through a dummy
-reallocator whose only purpose is to tell the compiler about the larger
-usable size, it doesn't do any actual reallocation.
-
-Florian Weimer pointed out that this doesn't solve the problem of an
-allocator potentially growing usable size at will, which will break the
-implicit assumption in systemd use that the value returned remains
-constant as long as the object is valid.  The safest way to fix that is
-for systemd to step away from using malloc_usable_size() like this.
-
-Resolves #22801.
-
-(cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758)
----
- src/basic/alloc-util.c |  4 ++++
- src/basic/alloc-util.h | 38 ++++++++++++++++++++++++++++----------
- 2 files changed, 32 insertions(+), 10 deletions(-)
-
-diff --git a/src/basic/alloc-util.c b/src/basic/alloc-util.c
-index b030f454b2..6063943c88 100644
---- a/src/basic/alloc-util.c
-+++ b/src/basic/alloc-util.c
-@@ -102,3 +102,7 @@ void* greedy_realloc0(
- 
-         return q;
- }
-+
-+void *expand_to_usable(void *ptr, size_t newsize _unused_) {
-+        return ptr;
-+}
-diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
-index b38db7d473..eb53aae6f3 100644
---- a/src/basic/alloc-util.h
-+++ b/src/basic/alloc-util.h
-@@ -2,6 +2,7 @@
- #pragma once
- 
- #include <alloca.h>
-+#include <malloc.h>
- #include <stddef.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -184,17 +185,34 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
- #  define msan_unpoison(r, s)
- #endif
- 
--/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), in a way that
-- * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the
-- * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of
-- * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by
-- * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the
-- * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory,
-- * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
-- * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner
-- * case. */
-+/* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the
-+ * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be
-+ * a static inline because gcc then loses the attributes on the function.
-+ * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */
-+void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_;
-+
-+static inline size_t malloc_sizeof_safe(void **xp) {
-+        if (_unlikely_(!xp || !*xp))
-+                return 0;
-+
-+        size_t sz = malloc_usable_size(*xp);
-+        *xp = expand_to_usable(*xp, sz);
-+        /* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly
-+         * clear that expand_to_usable won't return NULL.
-+         * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */
-+        if (!*xp)
-+                assert_not_reached();
-+        return sz;
-+}
-+
-+/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), which may
-+ * return a value larger than the size that was actually allocated. Access to that additional memory is
-+ * discouraged because it violates the C standard; a compiler cannot see that this as valid. To help the
-+ * compiler out, the MALLOC_SIZEOF_SAFE macro 'allocates' the usable size using a dummy allocator function
-+ * expand_to_usable. There is a possibility of malloc_usable_size() returning different values during the
-+ * lifetime of an object, which may cause problems, but the glibc allocator does not do that at the moment. */
- #define MALLOC_SIZEOF_SAFE(x) \
--        MIN(malloc_usable_size(x), __builtin_object_size(x, 0))
-+        malloc_sizeof_safe((void**) &__builtin_choose_expr(__builtin_constant_p(x), (void*) { NULL }, (x)))
- 
- /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items
-  * that fit into the specified memory block */
--- 
-2.39.1
-

0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch

@@ -1,48 +0,0 @@
-From e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4 Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@gotplt.org>
-Date: Sat, 7 Jan 2023 19:30:32 -0500
-Subject: [PATCH 5/5] alloc-util: Disallow inlining of expand_to_usable
-
-Explicitly set __attribute__ ((noinline)) so that the compiler does not
-attempt to inline expand_to_usable, even with LTO.
-
-(cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4)
----
- src/basic/alloc-util.h              | 7 ++++---
- src/fundamental/macro-fundamental.h | 1 +
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
-index eb53aae6f3..bf783b15a2 100644
---- a/src/basic/alloc-util.h
-+++ b/src/basic/alloc-util.h
-@@ -186,10 +186,11 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
- #endif
- 
- /* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the
-- * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be
-- * a static inline because gcc then loses the attributes on the function.
-+ * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute.  This must not
-+ * be inlined (hence a non-static function with _noinline_ because LTO otherwise tries to inline it) because
-+ * gcc then loses the attributes on the function.
-  * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */
--void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_;
-+void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_ _noinline_;
- 
- static inline size_t malloc_sizeof_safe(void **xp) {
-         if (_unlikely_(!xp || !*xp))
-diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
-index c11a5b15f4..e73174a593 100644
---- a/src/fundamental/macro-fundamental.h
-+++ b/src/fundamental/macro-fundamental.h
-@@ -20,6 +20,7 @@
- #define _hidden_ __attribute__((__visibility__("hidden")))
- #define _likely_(x) (__builtin_expect(!!(x), 1))
- #define _malloc_ __attribute__((__malloc__))
-+#define _noinline_ __attribute__((noinline))
- #define _noreturn_ _Noreturn
- #define _packed_ __attribute__((__packed__))
- #define _printf_(a, b) __attribute__((__format__(printf, a, b)))
--- 
-2.39.1
-

sources

@@ -1 +1 @@
-SHA512 (systemd-252.4.tar.gz) = 007165a6ca0563e2fc9834179d502d3d5497c9d1b93c92a009f31a2e0d4a0b154bfa57eaf52b0c94243e09123b8184036a69c145be6efaa4baaffe687c1fd28e
+SHA512 (systemd-253-rc1.tar.gz) = aaf0a6bf21bbc50a42015c9cb17f69d1aaf6cab6cabfba5140a94212fb864e38d638dace9a70447f62b4d2a817a0d3bd6f4ae8d9b3c2e741cdeb1cb332f70b65

split-files.py

@@ -17,6 +17,7 @@ def files(root):
 
 o_libs = open('.file-list-libs', 'w')
 o_udev = open('.file-list-udev', 'w')
+o_ukify = open('.file-list-ukify', 'w')
 o_boot = open('.file-list-boot', 'w')
 o_pam = open('.file-list-pam', 'w')
 o_rpm_macros = open('.file-list-rpm-macros', 'w')
@@ -27,8 +28,10 @@ o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
 o_remote = open('.file-list-remote', 'w')
 o_resolve = open('.file-list-resolve', 'w')
 o_tests = open('.file-list-tests', 'w')
+o_standalone_repart = open('.file-list-standalone-repart', 'w')
 o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
 o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
+o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w')
 o_main = open('.file-list-main', 'w')
 for file in files(buildroot):
     n = file.path[1:]
@@ -53,12 +56,27 @@ for file in files(buildroot):
                     /var(/cache|/log|/lib|/run|)$
     ''', n, re.X):
         continue
-    if '/security/pam_' in n or '/man8/pam_' in n:
+
+    if n.endswith('.standalone'):
+        if 'repart' in n:
+            o = o_standalone_repart
+        elif 'tmpfiles' in n:
+            o = o_standalone_tmpfiles
+        elif 'sysusers' in n:
+            o = o_standalone_sysusers
+        elif 'shutdown' in n:
+            o = o_standalone_shutdown
+        else:
+            assert False, 'Found .standalone not belonging to known packages'
+
+    elif '/security/pam_' in n or '/man8/pam_' in n:
         o = o_pam
     elif '/rpm/' in n:
         o = o_rpm_macros
     elif '/usr/lib/systemd/tests' in n:
         o = o_tests
+    elif 'ukify' in n:
+        o = o_ukify
     elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
         o = o_main
     elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
@@ -160,14 +178,6 @@ for file in files(buildroot):
     elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
         o = o_oomd_defaults
 
-    elif n.endswith('.standalone'):
-        if 'tmpfiles' in n:
-            o = o_standalone_tmpfiles
-        elif 'sysusers' in n:
-            o = o_standalone_sysusers
-        else:
-            assert False, 'Found .standalone not belonging to known packages'
-
     else:
         o = o_main
 

systemd.spec

@@ -1,7 +1,7 @@
 #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
 
-%global stable 1
+#global stable 1
 
 # We ship a .pc file but don't want to have a dep on pkg-config. We
 # strip the automatically generated dep here and instead co-own the
@@ -30,7 +30,7 @@
 Name:           systemd
 Url:            https://systemd.io
 %if %{without inplace}
-Version:        252.4
+Version:        253~rc1
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@@ -88,15 +88,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 # than in the next section. Packit CI will drop any patches in this range before
 # applying upstream pull requests.
 
-Patch0001:      0001-pam-align-second-and-third-columns.patch
-Patch0002:      0002-pam-add-a-call-to-pam_namespace.patch
-Patch0003:      0003-pam-actually-align-the-columns.patch
-
-Patch0011:      0001-shared-install-Use-InstallChangeType-consistently.patch
-Patch0012:      0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch
-Patch0013:      0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch
-Patch0014:      0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch
-Patch0015:      0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch
 
 # Those are downstream-only patches, but we don't want them in packit builds:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@@ -160,8 +151,13 @@ BuildRequires:  gawk
 BuildRequires:  tree
 BuildRequires:  hostname
 BuildRequires:  python3
-BuildRequires:  python3dist(lxml)
+BuildRequires:  python3-devel
 BuildRequires:  python3dist(jinja2)
+BuildRequires:  python3dist(lxml)
+BuildRequires:  python3dist(pefile)
+BuildRequires:  python3dist(pillow)
+BuildRequires:  python3dist(zstd)
+# gzip and lzma are provided by the stdlib
 BuildRequires:  firewalld-filesystem
 %if 0%{?have_gnu_efi}
 BuildRequires:  gnu-efi gnu-efi-devel
@@ -357,6 +353,16 @@ It also contains tools to manage encrypted home areas and secrets bound to the
 machine, and to create or grow partitions and make file systems automatically.
 
 %if 0%{?have_gnu_efi}
+%package ukify
+Summary:        Tool to build Unified Kernel Images
+Requires:       %{name} = %{version}-%{release}
+BuildArch:      noarch
+
+%description ukify
+This package provides ukify, a script that combines a kernel image, an initrd,
+with a command line, and possibly PCR measurements and other metadata, into a
+Unified Kernel Image (UKI).
+
 %package boot-unsigned
 Summary: UEFI boot manager (unsigned version)
 
@@ -458,25 +464,45 @@ License:       LGPLv2+
 "Installed tests" that are usually run as part of the build system. They can be
 useful to test systemd internals.
 
+%package standalone-repart
+Summary:       Standalone systemd-repart binary for use on systems without systemd
+Provides:      %{name}-tmpfiles = %{version}-%{release}
+RemovePathPostfixes: .standalone
+
+%description standalone-repart
+Standalone systemd-repart binary with no dependencies on the systemd-shared library or
+other libraries from systemd-libs. This package conflicts with the main systemd
+package and is meant for use on systems without systemd.
+
 %package standalone-tmpfiles
-Summary:       Standalone tmpfiles binary for use in non-systemd systems
+Summary:       Standalone systemd-tmpfiles binary for use on systems without systemd
 Provides:      %{name}-tmpfiles = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-tmpfiles
-Standalone tmpfiles binary with no dependencies on the systemd-shared library or
+Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
 
 %package standalone-sysusers
-Summary:       Standalone sysusers binary for use in non-systemd systems
+Summary:       Standalone systemd-sysusers binary for use on systems without systemd
 Provides:      %{name}-sysusers = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-sysusers
-Standalone sysusers binary with no dependencies on the systemd-shared library or
+Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
+
+%package standalone-shutdown
+Summary:       Standalone systemd-shutdown binary for use on systems without systemd
+Provides:      %{name}-sysusers = %{version}-%{release}
+RemovePathPostfixes: .standalone
+
+%description standalone-shutdown
+Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or
+other libraries from systemd-libs. This package conflicts with the main systemd
+package and is meant for use in exitrds.
 
 %prep
 %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
@@ -1025,6 +1051,7 @@ fi
 %files udev -f .file-list-udev
 
 %if 0%{?have_gnu_efi}
+%files ukify -f .file-list-ukify
 %files boot-unsigned -f .file-list-boot
 %endif
 
@@ -1039,9 +1066,13 @@ fi
 
 %files tests -f .file-list-tests
 
+%files standalone-repart -f .file-list-standalone-repart
+
 %files standalone-tmpfiles -f .file-list-standalone-tmpfiles
 
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
+%files standalone-shutdown -f .file-list-standalone-shutdown
+
 %changelog
 %autochangelog