Backport 2 riscv64 specific patches from upstream

1. Add riscv_hwprobe to allow list.
2. DTB install.

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

10-oomd-per-slice-defaults.conf

@@ -1,3 +1,3 @@
 [Slice]
 ManagedOOMMemoryPressure=kill
-ManagedOOMMemoryPressureLimit=50%
+ManagedOOMMemoryPressureLimit=80%

20-grubby.install

@@ -1,51 +0,0 @@
-#!/bin/bash
-
-if [[ ! -x /sbin/new-kernel-pkg ]]; then
-    exit 0
-fi
-
-COMMAND="$1"
-KERNEL_VERSION="$2"
-BOOT_DIR_ABS="$3"
-KERNEL_IMAGE="$4"
-
-KERNEL_DIR="${KERNEL_IMAGE%/*}"
-[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
-case "$COMMAND" in
-    add)
-        if [[ "${KERNEL_DIR}" != "/boot" ]]; then
-            for i in \
-                "$KERNEL_IMAGE" \
-                    "$KERNEL_DIR"/System.map \
-                    "$KERNEL_DIR"/config \
-                    "$KERNEL_DIR"/zImage.stub \
-                    "$KERNEL_DIR"/dtb \
-                ; do
-                [[ -e "$i" ]] || continue
-                cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
-                command -v restorecon &>/dev/null && \
-                    restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
-            done
-            # hmac is .vmlinuz-<version>.hmac so needs a special treatment
-            i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
-            if [[ -e "$i" ]]; then
-                cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
-                command -v restorecon &>/dev/null && \
-                    restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
-            fi
-        fi
-        /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
-        /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
-        /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
-        ;;
-    remove)
-        /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
-        ;;
-    *)
-        ;;
-esac
-
-# skip other installation plugins, if we can't find a boot loader spec conforming setup
-if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
-    exit 77
-fi

2bca841137833edeaf3779542d6475f0dc3aa5a7.patch

@@ -0,0 +1,73 @@
+From 2bca841137833edeaf3779542d6475f0dc3aa5a7 Mon Sep 17 00:00:00 2001
+From: Emil Renner Berthing <systemd@esmil.dk>
+Date: Sat, 29 Jul 2023 22:26:54 +0200
+Subject: [PATCH] 90-loaderentry: support installing device trees
+
+Like the cmdline file we look for a devicetree file in
+$KERNEL_INSTALL_CONF_ROOT, /etc/kernel and /usr/lib/kernel. If it is
+present we look for the specified device tree that comes with the kernel
+we're adding and install it into $ENTRY_DIR_ABS and add a devicetree
+stanza to the loader entry.
+
+Unfortunately it seems there is no common consensus on where to install
+device tree blobs, so we have to look in a few different places for it.
+---
+ src/kernel-install/90-loaderentry.install.in | 38 ++++++++++++++++++++
+ 1 file changed, 38 insertions(+)
+
+diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in
+index bc4cad9e6f61f..dc7c371e5a195 100755
+--- a/src/kernel-install/90-loaderentry.install.in
++++ b/src/kernel-install/90-loaderentry.install.in
+@@ -115,6 +115,43 @@ install -m 0644 "$KERNEL_IMAGE" "$KERNEL_DEST" || {
+ }
+ chown root:root "$KERNEL_DEST" || :
+ 
++if [ -n "$KERNEL_INSTALL_CONF_ROOT" ]; then
++    if [ -f "$KERNEL_INSTALL_CONF_ROOT/devicetree" ]; then
++        read -r DEVICETREE <"$KERNEL_INSTALL_CONF_ROOT/devicetree"
++    fi
++elif [ -f /etc/kernel/devicetree ]; then
++    read -r DEVICETREE </etc/kernel/devicetree
++elif [ -f /usr/lib/kernel/devicetree ]; then
++    read -r DEVICETREE </usr/lib/kernel/devicetree
++fi
++if [ -n "$DEVICETREE" ]; then
++    for prefix in \
++        "/boot/dtb-$KERNEL_VERSION" \
++        "/boot/dtbs/$KERNEL_VERSION" \
++        "/lib/firmware/$KERNEL_VERSION/device-tree" \
++        "/lib/linux-image-$KERNEL_VERSION" \
++        "/lib/modules/$KERNEL_VERSION/dtb"
++    do
++        [ -f "$prefix/$DEVICETREE" ] || continue
++        DEVICETREE_SRC="$prefix/$DEVICETREE"
++        break
++    done
++
++    [ -n "$DEVICETREE_SRC" ] || {
++        echo "Error: could not find device tree blob '$DEVICETREE'." >&2
++        exit 1
++    }
++
++    DEVICETREE_DEST="$ENTRY_DIR_ABS/${DEVICETREE##*/}"
++    DEVICETREE_ENTRY="$ENTRY_DIR/${DEVICETREE##*/}"
++
++    install -m 0644 "$DEVICETREE_SRC" "$DEVICETREE_DEST" || {
++        echo "Error: could not copy '$DEVICETREE_SRC' to '$DEVICETREE_DEST'." >&2
++        exit 1
++    }
++    chown root:root "$DEVICETREE_DEST" || :
++fi
++
+ shift "$INITRD_OPTIONS_SHIFT"
+ # All files listed as arguments, and staged files starting with "initrd" are installed as initrds.
+ for initrd in "${KERNEL_INSTALL_STAGING_AREA}"/microcode* "${@}" "${KERNEL_INSTALL_STAGING_AREA}"/initrd*; do
+@@ -154,6 +191,7 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+     [ -n "$SORT_KEY" ] && echo "sort-key   $SORT_KEY"
+     echo "options    $BOOT_OPTIONS"
+     echo "linux      $KERNEL_ENTRY"
++    [ -n "$DEVICETREE_ENTRY" ] && echo "devicetree $DEVICETREE_ENTRY"
+ 
+     have_initrd=
+     for initrd in "${KERNEL_INSTALL_STAGING_AREA}"/microcode* "${@}" "${KERNEL_INSTALL_STAGING_AREA}"/initrd*; do

ca15fc4820ad1ef2d54c695699de949974dc5bbc.patch

@@ -0,0 +1,23 @@
+From ca15fc4820ad1ef2d54c695699de949974dc5bbc Mon Sep 17 00:00:00 2001
+From: Xeonacid <h.dwwwwww@gmail.com>
+Date: Sat, 8 Jul 2023 20:56:47 +0800
+Subject: [PATCH] seccomp: add riscv_hwprobe to @default
+
+This syscall is for probing hardware capabilities from userspace and should do no harm.
+Added in https://github.com/torvalds/linux/commit/ea3de9ce8aa280c5175c835bd3e94a3a9b814b74
+---
+ src/shared/seccomp-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index 4eae96e69a644..ed3119d14e697 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -358,6 +358,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
+                 "prlimit64\0"
+                 "restart_syscall\0"
+                 "riscv_flush_icache\0"
++                "riscv_hwprobe\0"
+                 "rseq\0"
+                 "rt_sigreturn\0"
+                 "sched_getaffinity\0"

sources

@@ -1 +1 @@
-SHA512 (systemd-253.2.tar.gz) = bfa8d232055603beb851156cc4dac3f8efa89da648114f97d0e62a4b9d3fda5ce6dd2358eb056c766d475c560645638ea8041794e03a7950613b791e69820280
+SHA512 (systemd-253.9.tar.gz) = 69ef361ea8aae8da0ce909461379219a1a9034940df32f04c5bb9185cbb829ea54b3438cc06eb76ad58d9edf06d16a891ca6a1c901e7ebfc62087a9cd0997df8

systemd.spec

@@ -15,25 +15,32 @@
 %global elf_suffix ()%{elf_bits}
 %endif
 
+%bcond bzip2  1
+%bcond gnutls 1
+%bcond lz4    1
+%bcond xz     1
+%bcond zlib   1
+%bcond zstd   1
+
 # Bootstrap may be needed to break circular dependencies with cryptsetup,
 # e.g. when re-building cryptsetup on a json-c SONAME-bump.
-%bcond_with    bootstrap
-%bcond_without tests
-%bcond_without lto
+%bcond bootstrap 0
+%bcond tests     1
+%bcond lto       1
 
 # Support for quick builds with rpmbuild --build-in-place.
 # See README.build-in-place.
-%bcond_with    inplace
+%bcond inplace 0
 
 Name:           systemd
 Url:            https://systemd.io
 %if %{without inplace}
-Version:        253.2
+Version:        253.9
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        %autorelease -e 7.riscv64
+Release:        %autorelease -e 8.riscv64
 
 %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
 
@@ -66,7 +73,6 @@ Source7:        systemd-journal-remote.xml
 Source8:        systemd-journal-gatewayd.xml
 Source9:        20-yama-ptrace.conf
 Source10:       systemd-udev-trigger-no-reload.conf
-Source11:       20-grubby.install
 Source13:       libsystemd-shared.abignore
 
 Source14:       10-oomd-defaults.conf
@@ -97,6 +103,9 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 Patch0001:      https://github.com/systemd/systemd/pull/26494.patch
 
 
+Patch0010:      https://github.com/systemd/systemd/commit/2bca841137833edeaf3779542d6475f0dc3aa5a7.patch
+Patch0011:      https://github.com/systemd/systemd/commit/ca15fc4820ad1ef2d54c695699de949974dc5bbc.patch
+
 # Those are downstream-only patches, but we don't want them in packit builds:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
 Patch0490:      use-bfq-scheduler.patch
@@ -129,19 +138,31 @@ BuildRequires:  /usr/bin/getfacl
 BuildRequires:  libacl-devel
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  libblkid-devel
+%if %{with xz}
 BuildRequires:  xz-devel
 BuildRequires:  xz
+%endif
+%if %{with lz4}
 BuildRequires:  lz4-devel
 BuildRequires:  lz4
+%endif
+%if %{with bzip2}
 BuildRequires:  bzip2-devel
+%endif
+%if %{with zstd}
 BuildRequires:  libzstd-devel
+%endif
 BuildRequires:  libidn2-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  kmod-devel
 BuildRequires:  elfutils-devel
 BuildRequires:  openssl-devel
+%if %{with gnutls}
 BuildRequires:  gnutls-devel
+%endif
+%if %{undefined rhel}
 BuildRequires:  qrencode-devel
+%endif
 BuildRequires:  libmicrohttpd-devel
 BuildRequires:  libxkbcommon-devel
 BuildRequires:  iptables-devel
@@ -163,9 +184,11 @@ BuildRequires:  python3-devel
 BuildRequires:  python3dist(jinja2)
 BuildRequires:  python3dist(lxml)
 BuildRequires:  python3dist(pefile)
+%if %{undefined rhel}
 BuildRequires:  python3dist(pillow)
-BuildRequires:  python3dist(pytest)
 BuildRequires:  python3dist(pytest-flakes)
+%endif
+BuildRequires:  python3dist(pytest)
 BuildRequires:  python3dist(zstd)
 # gzip and lzma are provided by the stdlib
 BuildRequires:  firewalld-filesystem
@@ -223,10 +246,14 @@ Conflicts:      fedora-release < 23-0.12
 %endif
 Obsoletes:      timedatex < 0.6-3
 Provides:       timedatex = 0.6-3
+Conflicts:      %{name}-standalone-repart < %{version}-%{release}^
+Provides:       %{name}-repart = %{version}-%{release}
 Conflicts:      %{name}-standalone-tmpfiles < %{version}-%{release}^
 Provides:       %{name}-tmpfiles = %{version}-%{release}
 Conflicts:      %{name}-standalone-sysusers < %{version}-%{release}^
 Provides:       %{name}-sysusers = %{version}-%{release}
+Conflicts:      %{name}-standalone-shutdown < %{version}-%{release}^
+Provides:       %{name}-shutdown = %{version}-%{release}
 
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
 Recommends:     libidn2.so.0%{?elf_suffix}
@@ -234,7 +261,9 @@ Recommends:     libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
 Recommends:     libpcre2-8.so.0%{?elf_suffix}
 Recommends:     libpwquality.so.1%{?elf_suffix}
 Recommends:     libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
+%if %{undefined rhel}
 Recommends:     libqrencode.so.4%{?elf_suffix}
+%endif
 Recommends:     libbpf.so.0%{?elf_suffix}
 Recommends:     libbpf.so.0(LIBBPF_0.4.0)%{?elf_bits}
 
@@ -490,7 +519,7 @@ useful to test systemd internals.
 
 %package standalone-repart
 Summary:       Standalone systemd-repart binary for use on systems without systemd
-Provides:      %{name}-tmpfiles = %{version}-%{release}
+Provides:      %{name}-repart = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-repart
@@ -520,7 +549,7 @@ package and is meant for use on systems without systemd.
 
 %package standalone-shutdown
 Summary:       Standalone systemd-shutdown binary for use on systems without systemd
-Provides:      %{name}-sysusers = %{version}-%{release}
+Provides:      %{name}-shutdown = %{version}-%{release}
 RemovePathPostfixes: .standalone
 
 %description standalone-shutdown
@@ -570,11 +599,11 @@ CONFIGURE_OPTS=(
         -Dbpf-framework=%[0%{?have_bpf}?"true":"false"]
         -Dapparmor=false
         -Dpolkit=true
-        -Dxz=true
-        -Dzlib=true
-        -Dbzip2=true
-        -Dlz4=true
-        -Dzstd=true
+        -Dxz=%[%{with xz}?"true":"false"]
+        -Dzlib=%[%{with zlib}?"true":"false"]
+        -Dbzip2=%[%{with bzip2}?"true":"false"]
+        -Dlz4=%[%{with lz4}?"true":"false"]
+        -Dzstd=%[%{with zstd}?"true":"false"]
         -Dpam=true
         -Dacl=true
         -Dsmack=true
@@ -587,8 +616,8 @@ CONFIGURE_OPTS=(
         -Dlibcryptsetup=%[%{with bootstrap}?"false":"true"]
         -Delfutils=true
         -Dpwquality=true
-        -Dqrencode=true
-        -Dgnutls=true
+        -Dqrencode=%[%{defined rhel}?"false":"true"]
+        -Dgnutls=%[%{with gnutls}?"true":"false"]
         -Dmicrohttpd=true
         -Dlibidn2=true
         -Dlibiptc=false
@@ -763,8 +792,6 @@ install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}
 # https://bugzilla.redhat.com/show_bug.cgi?id=1378974
 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10}
 
-install -Dm0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE11}
-
 install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
 
 install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
@@ -903,7 +930,7 @@ if [ $1 -eq 1 ]; then
    systemd-tmpfiles --create &>/dev/null || :
 fi
 
-%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
+%systemd_postun_with_restart systemd-timedated.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
 
 # FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
 # FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec
@@ -935,8 +962,7 @@ systemctl --no-reload preset systemd-oomd.service &>/dev/null || :
 # a different package version.
 systemctl --no-reload preset systemd-journald-audit.socket &>/dev/null || :
 
-
-%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service}
+%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-homed.service systemd-timesyncd.service %{?have_gnu_efi:systemd-boot-update.service} systemd-portabled.service systemd-pstore.service remote-cryptsetup.target
 
 %post udev
 # Move old stuff around in /var/lib

sysusers.generate-pre.sh

@@ -20,16 +20,16 @@ user() {
 	if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
 		cat <<-EOF
 		getent passwd '$user' >/dev/null || \\
-			useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
+		    useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
 		EOF
 	else
 		cat <<-EOF
-		if ! getent passwd '$user' >/dev/null; then
-			if ! getent passwd '$uid' >/dev/null; then
-			useradd -r -u '$uid' -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
-			else
-			useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user' || :
-			fi
+		if ! getent passwd ${user@Q} >/dev/null; then
+		    if ! getent passwd ${uid@Q} >/dev/null; then
+		        useradd -r -u ${uid@Q} -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
+		    else
+		        useradd -r -g ${group@Q} -d ${home@Q} -s ${shell@Q} -c ${desc@Q} ${user@Q} || :
+		    fi
 		fi
 
 		EOF
@@ -42,11 +42,11 @@ group() {
 
 	if [ "$gid" = '-' ]; then
 		cat <<-EOF
-		getent group '$group' >/dev/null || groupadd -r '$group' || :
+		getent group ${group@Q} >/dev/null || groupadd -r ${group@Q} || :
 		EOF
 	else
 		cat <<-EOF
-		getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group' || :
+		getent group ${group@Q} >/dev/null || groupadd -f -g ${gid@Q} -r ${group@Q} || :
 		EOF
 	fi
 }
@@ -56,8 +56,8 @@ usermod() {
 	group="$2"
 
 	cat <<-EOF
-	if getent group '$group' >/dev/null; then
-		usermod -a -G '$group' '$user' || :
+	if getent group ${group@Q} >/dev/null; then
+	    usermod -a -G ${group@Q} '$user' || :
 	fi
 	EOF
 }