Version 247.1

-container subpackage is for container *management*. Those files are
used *in* the container.

.gitignore

@@ -1,3 +1,4 @@
+*~
 /systemd-*/
 /.build-*.log
 /x86_64/

0001-systemctl-be-sure-to-be-quiet-with-systemctl-is-enab.patch

@@ -1,33 +0,0 @@
-From 555c57de77d0a364c116b28809524a1067e2159f Mon Sep 17 00:00:00 2001
-From: Christian Rebischke <Chris.Rebischke@posteo.de>
-Date: Thu, 28 Jul 2016 04:40:20 +0200
-Subject: [PATCH] systemctl: be sure to be quiet with 'systemctl is-enabled
- --quiet' (#3819)
-
-Fixes #3813.
-(cherry picked from commit 689e4e6a94222b4d58a8b9cb3c51cc2f82268aa9)
----
- src/systemctl/systemctl.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
-index 6a0ed79a53..6e61eeadef 100644
---- a/src/systemctl/systemctl.c
-+++ b/src/systemctl/systemctl.c
-@@ -5566,10 +5566,12 @@ static int enable_sysv_units(const char *verb, char **args) {
-                 if (!found_sysv)
-                         continue;
- 
--                if (found_native)
--                        log_info("Synchronizing state of %s with SysV service script with %s.", name, argv[0]);
--                else
--                        log_info("%s is not a native service, redirecting to systemd-sysv-install.", name);
-+                if (!arg_quiet) {
-+                        if (found_native)
-+                                log_info("Synchronizing state of %s with SysV service script with %s.", name, argv[0]);
-+                        else
-+                                log_info("%s is not a native service, redirecting to systemd-sysv-install.", name);
-+                }
- 
-                 if (!isempty(arg_root))
-                         argv[c++] = q = strappend("--root=", arg_root);

0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch

@@ -0,0 +1,70 @@
+From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Nov 2020 14:28:24 +0100
+Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
+ fails
+
+This test fails on i686 and ppc64le in koji:
+/* test_path */
+Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
+
+I guess some permission error is the most likely.
+---
+ src/test/test-path-util.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
+index f4f8d0550b..be428334f3 100644
+--- a/src/test/test-path-util.c
++++ b/src/test/test-path-util.c
+@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
+ }
+ 
+ static void test_path(void) {
+-        _cleanup_close_ int fd = -1;
+-
+         log_info("/* %s */", __func__);
+ 
+         test_path_compare("/goo", "/goo", 0);
+@@ -80,10 +78,6 @@ static void test_path(void) {
+         assert_se(streq(basename("/aa///file..."), "file..."));
+         assert_se(streq(basename("file.../"), ""));
+ 
+-        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
+-        assert_se(fd >= 0);
+-        assert_se(fd_is_mount_point(fd, "/", 0) > 0);
+-
+         test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
+         test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
+         test_path_simplify("///", "/", "/");
+@@ -120,6 +114,22 @@ static void test_path(void) {
+         assert_se(!path_equal_ptr(NULL, "/a"));
+ }
+ 
++static void test_path_is_mountpoint(void) {
++        _cleanup_close_ int fd = -1;
++        int r;
++
++        log_info("/* %s */", __func__);
++
++        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
++        assert_se(fd >= 0);
++
++        r = fd_is_mount_point(fd, "/", 0);
++        if (r < 0)
++                log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
++        else
++                assert_se(r == 1);
++}
++
+ static void test_path_equal_root(void) {
+         /* Nail down the details of how path_equal("/", ...) works. */
+ 
+@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
+ 
+         test_print_paths();
+         test_path();
++        test_path_is_mountpoint();
+         test_path_equal_root();
+         test_find_executable_full();
+         test_find_executable(argv[0]);

0001-test-path-util-ignore-test-failure.patch

@@ -0,0 +1,33 @@
+From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Nov 2020 15:06:12 +0100
+Subject: [PATCH] test-path-util: ignore test failure
+
+---
+ src/test/test-path-util.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
+index be428334f3..207c659b8b 100644
+--- a/src/test/test-path-util.c
++++ b/src/test/test-path-util.c
+@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
+ 
+         log_info("/* %s */", __func__);
+ 
++        (void) system("uname -a");
++        (void) system("mountpoint /");
++
+         fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
+         assert_se(fd >= 0);
+ 
+         r = fd_is_mount_point(fd, "/", 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
+-        else
+-                assert_se(r == 1);
++        else if (r == 0)
++                log_warning("/ is not a mountpoint?");
+ }
+ 
+ static void test_path_equal_root(void) {

0002-logind-0-and-100-should-be-valid-for-UserTasksMax-38.patch

@@ -1,26 +0,0 @@
-From 821098286ee773662245254c11ada000ab32fa91 Mon Sep 17 00:00:00 2001
-From: Tejun Heo <htejun@fb.com>
-Date: Sun, 31 Jul 2016 21:38:47 -0400
-Subject: [PATCH] logind: 0% and 100% should be valid for UserTasksMax (#3836)
-
-config_parse_user_tasks_max() was incorrectly accepting percentage value
-between 1 and 99.  Update it to accept 0% and 100%.  This brings it in line
-with TasksMax handling in systemd.
-(cherry picked from commit cb3e4417590196bd30e1b8097348dca6ba34bd15)
----
- src/login/logind-user.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/login/logind-user.c b/src/login/logind-user.c
-index 348e396292..63363035e7 100644
---- a/src/login/logind-user.c
-+++ b/src/login/logind-user.c
-@@ -893,7 +893,7 @@ int config_parse_user_tasks_max(
- 
-         /* First, try to parse as percentage */
-         r = parse_percent(rvalue);
--        if (r > 0 && r < 100)
-+        if (r >= 0)
-                 k = system_tasks_max_scale(r, 100U);
-         else {
- 

0003-systemd-ask-password-make-sure-directory-watch-is-st.patch

@@ -1,40 +0,0 @@
-From c877672ff6ec11efc8cd55d4c156211b16cf0975 Mon Sep 17 00:00:00 2001
-From: tblume <Thomas.Blume@suse.com>
-Date: Tue, 2 Aug 2016 14:55:25 +0200
-Subject: [PATCH] systemd-ask-password: make sure directory watch is started
- before cryptsetup (#3850)
-
-The password directory watch should get ordered before cryptsetup to make sure
-that the password for unlocking the crypt device gets prompted.
-(cherry picked from commit 7633f8ef371a0992374956437fb7bb8189156b10)
----
- units/systemd-ask-password-console.path | 2 +-
- units/systemd-ask-password-wall.path    | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path
-index 2949635fea..7899ae788f 100644
---- a/units/systemd-ask-password-console.path
-+++ b/units/systemd-ask-password-console.path
-@@ -11,7 +11,7 @@ Documentation=man:systemd-ask-password-console.service(8)
- DefaultDependencies=no
- Conflicts=shutdown.target
- After=plymouth-start.service
--Before=paths.target shutdown.target
-+Before=paths.target shutdown.target cryptsetup.target
- ConditionPathExists=!/run/plymouth/pid
- 
- [Path]
-diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path
-index 95ec9bc8a0..a3ca617256 100644
---- a/units/systemd-ask-password-wall.path
-+++ b/units/systemd-ask-password-wall.path
-@@ -10,7 +10,7 @@ Description=Forward Password Requests to Wall Directory Watch
- Documentation=man:systemd-ask-password-console.service(8)
- DefaultDependencies=no
- Conflicts=shutdown.target
--Before=paths.target shutdown.target
-+Before=paths.target shutdown.target cryptsetup.target
- 
- [Path]
- DirectoryNotEmpty=/run/systemd/ask-password

0004-Revert-logind-really-handle-KeyIgnoreInhibited-optio.patch

@@ -1,34 +0,0 @@
-From 811a90e2de94c71bddf02cdab36c1a0560288695 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
-Date: Mon, 8 Aug 2016 11:07:38 +0300
-Subject: [PATCH] Revert "logind: really handle *KeyIgnoreInhibited options in
- logind.conf"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit 8121f4d209eca85dcb11830800483cdfafbef9b7.
-
-The special 'key handling' inhibitors should always work regardless of
-any *IgnoreInhibited settings – otherwise they're nearly useless.
-
-Reverts: #3470
-Fixes: #3897
-(cherry picked from commit 06a70b918d4d753769a727239f75af8896006467)
----
- src/login/logind-action.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/login/logind-action.c b/src/login/logind-action.c
-index 8ef48dbaa1..a950409254 100644
---- a/src/login/logind-action.c
-+++ b/src/login/logind-action.c
-@@ -85,7 +85,7 @@ int manager_handle_action(
-         }
- 
-         /* If the key handling is inhibited, don't do anything */
--        if (!ignore_inhibited && inhibit_key > 0) {
-+        if (inhibit_key > 0) {
-                 if (manager_is_inhibited(m, inhibit_key, INHIBIT_BLOCK, NULL, true, false, 0, NULL)) {
-                         log_debug("Refusing operation, %s is inhibited.", inhibit_what_to_string(inhibit_key));
-                         return 0;

0005-man-explain-that-KeyIgnoreInhibited-only-apply-to-a-.patch

@@ -1,109 +0,0 @@
-From 9ecf9e414a97e861db403e043696fed6033508f0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 14 Aug 2016 16:27:59 -0400
-Subject: [PATCH] man: explain that *KeyIgnoreInhibited only apply to a subset
- of locks
-
-Follow-up for #3924.
-
-(cherry picked from commit 05b2a8fd7a0533758d2f532df798cabc3c442683)
----
- man/logind.conf.xml            | 42 ++++++++++++++++++++++++++----------------
- man/systemd-inhibit.xml        |  2 +-
- man/systemd-logind.service.xml |  2 +-
- 3 files changed, 28 insertions(+), 18 deletions(-)
-
-diff --git a/man/logind.conf.xml b/man/logind.conf.xml
-index adba5a4131..5931832996 100644
---- a/man/logind.conf.xml
-+++ b/man/logind.conf.xml
-@@ -211,7 +211,7 @@
-         <term><varname>HandleLidSwitch=</varname></term>
-         <term><varname>HandleLidSwitchDocked=</varname></term>
- 
--        <listitem><para>Controls whether logind shall handle the
-+        <listitem><para>Controls how logind shall handle the
-         system power and sleep keys and the lid switch to trigger
-         actions such as system power-off or suspend. Can be one of
-         <literal>ignore</literal>,
-@@ -240,7 +240,16 @@
-         docking station, or if more than one display is connected, the
-         action specified by <varname>HandleLidSwitchDocked=</varname>
-         occurs; otherwise the <varname>HandleLidSwitch=</varname>
--        action occurs.</para></listitem>
-+        action occurs.</para>
-+
-+        <para>A different application may disable logind's handling of system power and
-+        sleep keys and the lid switch by taking a low-level inhibitor lock
-+        ("handle-power-key", "handle-suspend-key", "handle-hibernate-key",
-+        "handle-lid-switch"). This is most commonly used by graphical desktop environments
-+        to take over suspend and hibernation handling, and to use their own configuration
-+        mechanisms. If a low-level inhibitor lock is taken, logind will not take any
-+        action when that key or switch is triggered and the <varname>Handle*=</varname>
-+        settings are irrelevant.</para></listitem>
-       </varlistentry>
- 
-       <varlistentry>
-@@ -249,21 +258,22 @@
-         <term><varname>HibernateKeyIgnoreInhibited=</varname></term>
-         <term><varname>LidSwitchIgnoreInhibited=</varname></term>
- 
--        <listitem><para>Controls whether actions triggered by the
--        power and sleep keys and the lid switch are subject to
--        inhibitor locks. These settings take boolean arguments. If
--        <literal>no</literal>, the inhibitor locks taken by
--        applications in order to block the requested operation are
--        respected. If <literal>yes</literal>, the requested operation
--        is executed in any case.
-+        <listitem><para>Controls whether actions that <command>systemd-logind</command>
-+        takes when the power and sleep keys and the lid switch are triggered are subject
-+        to high-level inhibitor locks ("shutdown", "sleep", "idle"). Low level inhibitor
-+        locks ("handle-*-key"), are always honoured, irrespective of this setting.</para>
-+
-+        <para>These settings take boolean arguments. If <literal>no</literal>, the
-+        inhibitor locks taken by applications are respected. If <literal>yes</literal>,
-+        "shutdown", "sleep", and "idle" inhibitor locks are ignored.
-         <varname>PowerKeyIgnoreInhibited=</varname>,
--        <varname>SuspendKeyIgnoreInhibited=</varname> and
--        <varname>HibernateKeyIgnoreInhibited=</varname> default to
--        <literal>no</literal>.
--        <varname>LidSwitchIgnoreInhibited=</varname> defaults to
--        <literal>yes</literal>. This means that the lid switch does
--        not respect suspend blockers by default, but the power and
--        sleep keys do. </para></listitem>
-+        <varname>SuspendKeyIgnoreInhibited=</varname>, and
-+        <varname>HibernateKeyIgnoreInhibited=</varname> default to <literal>no</literal>.
-+        <varname>LidSwitchIgnoreInhibited=</varname> defaults to <literal>yes</literal>.
-+        This means that when <command>systemd-logind</command> is handling events by
-+        itself (no low level inhibitor locks are taken by another application), the lid
-+        switch does not respect suspend blockers by default, but the power and sleep keys
-+        do.</para></listitem>
-       </varlistentry>
- 
-       <varlistentry>
-diff --git a/man/systemd-inhibit.xml b/man/systemd-inhibit.xml
-index 9d85908f97..ce169960d8 100644
---- a/man/systemd-inhibit.xml
-+++ b/man/systemd-inhibit.xml
-@@ -61,7 +61,7 @@
-     <title>Description</title>
- 
-     <para><command>systemd-inhibit</command> may be used to execute a
--    program with a shutdown, sleep or idle inhibitor lock taken. The
-+    program with a shutdown, sleep, or idle inhibitor lock taken. The
-     lock will be acquired before the specified command line is
-     executed and released afterwards.</para>
- 
-diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml
-index 5733e42cd1..f0bdb1c756 100644
---- a/man/systemd-logind.service.xml
-+++ b/man/systemd-logind.service.xml
-@@ -84,7 +84,7 @@
-       management</para></listitem>
-     </itemizedlist>
- 
--    <para>User sessions are registered in logind via the
-+    <para>User sessions are registered with logind via the
-     <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-     PAM module.</para>
- 

0006-systemctl-fix-preset-all-with-missing-etc-systemd-sy.patch

@@ -1,25 +0,0 @@
-From ee2b7cbcd0633aaddd4f758580e9157dea0e6a1c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 11 Aug 2016 21:53:32 -0400
-Subject: [PATCH] systemctl: fix preset-all with missing /etc/systemd/system
-
-If the directory is missing, we can assume that those pesky symlinks are gone too.
-
-(cherry picked from commit 32d9493e593fed7fe5b4dd1e92fe4fd419042fe5)
----
- src/shared/install.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index 7b49e1ece9..2d9306058d 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -620,7 +620,7 @@ static int remove_marked_symlinks(
- 
-         fd = open(config_path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
-         if (fd < 0)
--                return -errno;
-+                return errno == ENOENT ? 0 : -errno;
- 
-         do {
-                 int q, cfd;

0007-shared-install-remove-unused-paramater-and-add-more-.patch

@@ -1,74 +0,0 @@
-From 6f3bf5e9e0ba04df7ffc85b6a21d296c2902edcb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 12 Aug 2016 23:50:58 -0400
-Subject: [PATCH] shared/install: remove unused paramater and add more comments
-
-(cherry picked from commit ff56349d5a83f2202ed331f232f5d73467db482c)
----
- src/shared/install.c | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index 2d9306058d..5e0f9c5d0c 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -903,6 +903,10 @@ static int install_info_may_process(
-         return 0;
- }
- 
-+/**
-+ * Adds a new UnitFileInstallInfo entry under name in the InstallContext.will_process
-+ * hashmap, or retrieves the existing one if already present.
-+ */
- static int install_info_add(
-                 InstallContext *c,
-                 const char *name,
-@@ -1334,9 +1338,8 @@ static int install_info_follow(
- }
- 
- /**
-- * Search for the unit file. If the unit name is a symlink,
-- * follow the symlink to the target, maybe more than once.
-- * Propagate the instance name if present.
-+ * Search for the unit file. If the unit name is a symlink, follow the symlink to the
-+ * target, maybe more than once. Propagate the instance name if present.
-  */
- static int install_info_traverse(
-                 UnitFileScope scope,
-@@ -1421,6 +1424,10 @@ static int install_info_traverse(
-         return 0;
- }
- 
-+/**
-+ * Call install_info_add() with name_or_path as the path (if name_or_path starts with "/")
-+ * or the name (otherwise). root_dir is prepended to the path.
-+ */
- static int install_info_add_auto(
-                 InstallContext *c,
-                 const LookupPaths *paths,
-@@ -2685,7 +2692,6 @@ static int preset_prepare_one(
-                 InstallContext *plus,
-                 InstallContext *minus,
-                 LookupPaths *paths,
--                UnitFilePresetMode mode,
-                 const char *name,
-                 Presets presets,
-                 UnitFileChange **changes,
-@@ -2748,7 +2754,7 @@ int unit_file_preset(
-                 return r;
- 
-         STRV_FOREACH(i, files) {
--                r = preset_prepare_one(scope, &plus, &minus, &paths, mode, *i, presets, changes, n_changes);
-+                r = preset_prepare_one(scope, &plus, &minus, &paths, *i, presets, changes, n_changes);
-                 if (r < 0)
-                         return r;
-         }
-@@ -2809,7 +2815,7 @@ int unit_file_preset_all(
-                                 continue;
- 
-                         /* we don't pass changes[] in, because we want to handle errors on our own */
--                        r = preset_prepare_one(scope, &plus, &minus, &paths, mode, de->d_name, presets, NULL, 0);
-+                        r = preset_prepare_one(scope, &plus, &minus, &paths, de->d_name, presets, NULL, 0);
-                         if (r == -ERFKILL)
-                                 r = unit_file_changes_add(changes, n_changes,
-                                                           UNIT_FILE_IS_MASKED, de->d_name, NULL);

0008-shared-install-ignore-unit-symlinks-when-doing-prese.patch

@@ -1,83 +0,0 @@
-From 35b8a55c85aa69af9634af337085da777d438bea Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 13 Aug 2016 01:20:29 -0400
-Subject: [PATCH] shared/install: ignore unit symlinks when doing preset-all
-
-Before, when interating over unit files during preset-all, behaviour was the
-following:
-
-- if we hit the real unit name first, presets were queried for that name, and
-  that unit was enabled or disabled accordingly,
-
-- if we hit an alias first (one of the symlinks chaining to the real unit), we
-  checked the presets using the symlink name, and then proceeded to enable or
-  disable the real unit.
-
-E.g. for systemd-networkd.service we have the alias dbus-org.freedesktop.network1.service
-(/usr/lib/systemd/system/dbus-org.freedesktop.network1.service), but the preset
-is only for the systemd-networkd.service name. The service would be enabled or
-disabled pseudorandomly depending on the order of iteration.
-
-For "preset", behaviour was analogous: preset on the alias name disabled the
-service (following the default disable policy), preset on the "real" name
-applied the presets.
-
-With the patch, for "preset" and "preset-all" we silently skip symlinks. This
-gives mostly the right behaviour, with the limitation that presets on aliases
-are ignored.  I think that presets on aliases are not that common (at least my
-preset files on Fedora don't exhibit any such usage), and should not be
-necessary, since whoever installs the preset can just refer to the real unit
-file. It would be possible to overcome this limitation by gathering a list of
-names of a unit first, and then checking whether *any* of the names matches the
-presets list. That would require a significant redesign of the code, and be
-a lot slower (since we would have to fully read all unit directories to preset
-one unit) to so I'm not doing that for now.
-
-With this patch, two properties are satisfied:
-- preset-all and preset are idempotent, and the second and subsequent invocations
-  do not produce any changes,
-- preset-all and preset for a specific name produce the same state for that unit.
-
-Fixes #3616.
-
-(cherry picked from commit 11e11fd57a837ea1cb142009c3048882392f3ed3)
----
- src/shared/install.c | 13 ++++++++++---
- 1 file changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index 5e0f9c5d0c..ef5a56391c 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -1974,7 +1974,6 @@ int unit_file_revert(
-                 unsigned *n_changes) {
- 
-         _cleanup_set_free_free_ Set *remove_symlinks_to = NULL;
--        /* _cleanup_(install_context_done) InstallContext c = {}; */
-         _cleanup_lookup_paths_free_ LookupPaths paths = {};
-         _cleanup_strv_free_ char **todo = NULL;
-         size_t n_todo = 0, n_allocated = 0;
-@@ -2697,13 +2696,21 @@ static int preset_prepare_one(
-                 UnitFileChange **changes,
-                 unsigned *n_changes) {
- 
-+        _cleanup_(install_context_done) InstallContext tmp = {};
-         UnitFileInstallInfo *i;
-         int r;
- 
--        if (install_info_find(plus, name) ||
--            install_info_find(minus, name))
-+        if (install_info_find(plus, name) || install_info_find(minus, name))
-                 return 0;
- 
-+        r = install_info_discover(scope, &tmp, paths, name, SEARCH_FOLLOW_CONFIG_SYMLINKS, &i);
-+        if (r < 0)
-+                return r;
-+        if (!streq(name, i->name)) {
-+                log_debug("Skipping %s because is an alias for %s", name, i->name);
-+                return 0;
-+        }
-+
-         r = query_presets(name, presets);
-         if (r < 0)
-                 return r;

0009-man-describe-what-symlinks-to-unit-do-and-specify-th.patch

@@ -1,94 +0,0 @@
-From c9b3950580db43c576d3ec8f7bf14e49905a09cb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 13 Aug 2016 09:38:12 -0400
-Subject: [PATCH] man: describe what symlinks to unit do, and specify that
- presets must use real names
-
-The man pages didn't ever mention that symlinks to units can be created, and what
-exactly this means. Fix that omission, and disallow presets on alias names.
-
-(cherry picked from commit d923e42eed9a29137821760dafecb13798264c07)
----
- man/systemctl.xml      |  3 ++-
- man/systemd.preset.xml |  4 ++++
- man/systemd.unit.xml   | 36 +++++++++++++++++++++++-------------
- 3 files changed, 29 insertions(+), 14 deletions(-)
-
-diff --git a/man/systemctl.xml b/man/systemctl.xml
-index e7880d24f7..8b73e91bdb 100644
---- a/man/systemctl.xml
-+++ b/man/systemctl.xml
-@@ -1088,7 +1088,8 @@ kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
-             enabled and disabled, or only enabled, or only disabled.</para>
- 
-             <para>If the unit carries no install information, it will be silently ignored
--            by this command.</para>
-+            by this command. <replaceable>NAME</replaceable> must be the real unit name,
-+            any alias names are ignored silently.</para>
- 
-             <para>For more information on the preset policy format, see
-             <citerefentry><refentrytitle>systemd.preset</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-diff --git a/man/systemd.preset.xml b/man/systemd.preset.xml
-index b7164014f0..d09167baaf 100644
---- a/man/systemd.preset.xml
-+++ b/man/systemd.preset.xml
-@@ -98,6 +98,10 @@
-     Empty lines and lines whose first non-whitespace character is # or
-     ; are ignored.</para>
- 
-+    <para>Presets must refer to the "real" unit file, and not to any aliases. See
-+    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-+    for a description of unit aliasing.</para>
-+
-     <para>Two different directives are understood:
-     <literal>enable</literal> may be used to enable units by default,
-     <literal>disable</literal> to disable units by default.</para>
-diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
-index 85a7b12d76..f818e772a9 100644
---- a/man/systemd.unit.xml
-+++ b/man/systemd.unit.xml
-@@ -144,21 +144,31 @@
-     <option>false</option> and <option>off</option> are
-     equivalent.</para>
- 
--    <para>Time span values encoded in unit files can be written in
--    various formats. A stand-alone number specifies a time in seconds.
--    If suffixed with a time unit, the unit is honored. A concatenation
--    of multiple values with units is supported, in which case the
--    values are added up. Example: "50" refers to 50 seconds; "2min
--    200ms" refers to 2 minutes plus 200 milliseconds, i.e. 120200ms.
--    The following time units are understood: s, min, h, d, w, ms, us.
--    For details see
-+    <para>Time span values encoded in unit files can be written in various formats. A stand-alone number specifies a
-+    time in seconds.  If suffixed with a time unit, the unit is honored. A concatenation of multiple values with units
-+    is supported, in which case the values are added up. Example: <literal>50</literal> refers to 50 seconds;
-+    <literal>2min 200ms</literal> refers to 2 minutes and 200 milliseconds, i.e. 120200 ms.  The following time units
-+    are understood: <literal>s</literal>, <literal>min</literal>, <literal>h</literal>, <literal>d</literal>,
-+    <literal>w</literal>, <literal>ms</literal>, <literal>us</literal>.  For details see
-     <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
- 
--    <para>Empty lines and lines starting with # or ; are
--    ignored. This may be used for commenting. Lines ending
--    in a backslash are concatenated with the following
--    line while reading and the backslash is replaced by a
--    space character. This may be used to wrap long lines.</para>
-+    <para>Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are ignored. This may be
-+    used for commenting. Lines ending in a backslash are concatenated with the following line while reading and the
-+    backslash is replaced by a space character. This may be used to wrap long lines.</para>
-+
-+    <para>Units can be aliased (have an alternative name), by creating a symlink from the new name to the existing name
-+    in one of the unit search paths. For example, <filename>systemd-networkd.service</filename> has the alias
-+    <filename>dbus-org.freedesktop.network1.service</filename>, created during installation as the symlink
-+    <filename>/usr/lib/systemd/system/dbus-org.freedesktop.network1.service</filename>. In addition, unit files may
-+    specify aliases through the <varname>Alias=</varname> directive in the [Install] section; those aliases are only
-+    effective when the unit is enabled. When the unit is enabled, symlinks will be created for those names, and removed
-+    when the unit is disabled. For example, <filename>reboot.target</filename> specifies
-+    <varname>Alias=ctrl-alt-del.target</varname>, so when enabled it will be invoked whenever CTRL+ALT+DEL is
-+    pressed. Alias names may be used in commands like <command>enable</command>, <command>disable</command>,
-+    <command>start</command>, <command>stop</command>, <command>status</command>, …, and in unit dependency directives
-+    <varname>Wants=</varname>, <varname>Requires=</varname>, <varname>Before=</varname>, <varname>After=</varname>, …,
-+    with the limitation that aliases specified through <varname>Alias=</varname> are only effective when the unit is
-+    enabled. Aliases cannot be used with the <command>preset</command> command.</para>
- 
-     <para>Along with a unit file <filename>foo.service</filename>, the
-     directory <filename>foo.service.wants/</filename> may exist. All

0010-shared-install-move-root-skipping-into-create_symlin.patch

@@ -1,144 +0,0 @@
-From f0d72d47f05bbbb851d9ab64df877a3f0e769b4e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 13 Aug 2016 01:21:57 -0400
-Subject: [PATCH] shared/install: move root skipping into create_symlink()
-
-No functional change intended.
-
-(cherry picked from commit 60bec8e4031367869520280350fa1523625d682b)
----
- src/shared/install.c | 33 +++++++++++++--------------------
- 1 file changed, 13 insertions(+), 20 deletions(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index ef5a56391c..8c45725f5a 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -394,6 +394,7 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
- }
- 
- static int create_symlink(
-+                const LookupPaths *paths,
-                 const char *old_path,
-                 const char *new_path,
-                 bool force,
-@@ -401,11 +402,16 @@ static int create_symlink(
-                 unsigned *n_changes) {
- 
-         _cleanup_free_ char *dest = NULL;
-+        const char *rp;
-         int r;
- 
-         assert(old_path);
-         assert(new_path);
- 
-+        rp = skip_root(paths, old_path);
-+        if (rp)
-+                old_path = rp;
-+
-         /* Actually create a symlink, and remember that we did. Is
-          * smart enough to check if there's already a valid symlink in
-          * place.
-@@ -1486,7 +1492,6 @@ static int install_info_symlink_alias(
- 
-         STRV_FOREACH(s, i->aliases) {
-                 _cleanup_free_ char *alias_path = NULL, *dst = NULL;
--                const char *rp;
- 
-                 q = install_full_printf(i, *s, &dst);
-                 if (q < 0)
-@@ -1496,9 +1501,7 @@ static int install_info_symlink_alias(
-                 if (!alias_path)
-                         return -ENOMEM;
- 
--                rp = skip_root(paths, i->path);
--
--                q = create_symlink(rp ?: i->path, alias_path, force, changes, n_changes);
-+                q = create_symlink(paths, i->path, alias_path, force, changes, n_changes);
-                 if (r == 0)
-                         r = q;
-         }
-@@ -1542,7 +1545,6 @@ static int install_info_symlink_wants(
- 
-         STRV_FOREACH(s, list) {
-                 _cleanup_free_ char *path = NULL, *dst = NULL;
--                const char *rp;
- 
-                 q = install_full_printf(i, *s, &dst);
-                 if (q < 0)
-@@ -1557,9 +1559,7 @@ static int install_info_symlink_wants(
-                 if (!path)
-                         return -ENOMEM;
- 
--                rp = skip_root(paths, i->path);
--
--                q = create_symlink(rp ?: i->path, path, true, changes, n_changes);
-+                q = create_symlink(paths, i->path, path, true, changes, n_changes);
-                 if (r == 0)
-                         r = q;
-         }
-@@ -1576,7 +1576,6 @@ static int install_info_symlink_link(
-                 unsigned *n_changes) {
- 
-         _cleanup_free_ char *path = NULL;
--        const char *rp;
-         int r;
- 
-         assert(i);
-@@ -1594,9 +1593,7 @@ static int install_info_symlink_link(
-         if (!path)
-                 return -ENOMEM;
- 
--        rp = skip_root(paths, i->path);
--
--        return create_symlink(rp ?: i->path, path, force, changes, n_changes);
-+        return create_symlink(paths, i->path, path, force, changes, n_changes);
- }
- 
- static int install_info_apply(
-@@ -1772,7 +1769,7 @@ int unit_file_mask(
-                 if (!path)
-                         return -ENOMEM;
- 
--                q = create_symlink("/dev/null", path, force, changes, n_changes);
-+                q = create_symlink(&paths, "/dev/null", path, force, changes, n_changes);
-                 if (q < 0 && r >= 0)
-                         r = q;
-         }
-@@ -1932,14 +1929,12 @@ int unit_file_link(
-         r = 0;
-         STRV_FOREACH(i, todo) {
-                 _cleanup_free_ char *new_path = NULL;
--                const char *old_path;
- 
--                old_path = skip_root(&paths, *i);
-                 new_path = path_make_absolute(basename(*i), config_path);
-                 if (!new_path)
-                         return -ENOMEM;
- 
--                q = create_symlink(old_path ?: *i, new_path, force, changes, n_changes);
-+                q = create_symlink(&paths, *i, new_path, force, changes, n_changes);
-                 if (q < 0 && r >= 0)
-                         r = q;
-         }
-@@ -2318,7 +2313,7 @@ int unit_file_set_default(
-         _cleanup_lookup_paths_free_ LookupPaths paths = {};
-         _cleanup_(install_context_done) InstallContext c = {};
-         UnitFileInstallInfo *i;
--        const char *new_path, *old_path;
-+        const char *new_path;
-         int r;
- 
-         assert(scope >= 0);
-@@ -2341,10 +2336,8 @@ int unit_file_set_default(
-         if (r < 0)
-                 return r;
- 
--        old_path = skip_root(&paths, i->path);
-         new_path = strjoina(paths.persistent_config, "/" SPECIAL_DEFAULT_TARGET);
--
--        return create_symlink(old_path ?: i->path, new_path, force, changes, n_changes);
-+        return create_symlink(&paths, i->path, new_path, force, changes, n_changes);
- }
- 
- int unit_file_get_default(

0011-shared-install-when-creating-symlinks-keep-existing-.patch

@@ -1,97 +0,0 @@
-From bfcaa19428a32234356fde460ef556c23bf80f4a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 13 Aug 2016 01:27:21 -0400
-Subject: [PATCH] shared/install: when creating symlinks, keep existing
- relative symlinks
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Running preset-all on a system installed from rpms or even created
-using make install would remove and recreate a lot of symlinks, changing
-relative to absolute symlinks. In general relative symlinks are nicer,
-so there is no reason to change them, and those spurious changes were
-obscuring more interesting stuff.
-
-$ make install DESTDIR=/var/tmp/inst1
-
-$ systemctl preset-all --root=/var/tmp/inst1
-(before)
-Removed /var/tmp/inst1/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/ctrl-alt-del.target → /usr/lib/systemd/system/exit.target.
-Removed /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/remote-fs.target.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/remote-fs.target → /usr/lib/systemd/system/remote-fs.target.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/machines.target → /usr/lib/systemd/system/machines.target.
-Created symlink /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-journal-remote.socket → /usr/lib/systemd/system/systemd-journal-remote.socket.
-Removed /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-networkd.socket.
-Created symlink /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-networkd.socket → /usr/lib/systemd/system/systemd-networkd.socket.
-Removed /var/tmp/inst1/etc/systemd/system/getty.target.wants/getty@tty1.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service → /usr/lib/systemd/system/systemd-journal-upload.service.
-Removed /var/tmp/inst1/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service → /usr/lib/systemd/system/systemd-timesyncd.service.
-Removed /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-resolved.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-resolved.service → /usr/lib/systemd/system/systemd-resolved.service.
-Removed /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-networkd.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-networkd.service → /usr/lib/systemd/system/systemd-networkd.service.
-
-(after)
-Removed /var/tmp/inst1/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service.
-Created symlink /var/tmp/inst1/etc/systemd/system/ctrl-alt-del.target → /usr/lib/systemd/system/exit.target.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/machines.target → /usr/lib/systemd/system/machines.target.
-Created symlink /var/tmp/inst1/etc/systemd/system/sockets.target.wants/systemd-journal-remote.socket → /usr/lib/systemd/system/systemd-journal-remote.socket.
-Created symlink /var/tmp/inst1/etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service → /usr/lib/systemd/system/systemd-journal-upload.service.
-
-(cherry picked from commit 25ea92778d5f4339e07c152a99d16223f43ad681)
----
- src/shared/install.c | 23 +++++++++++++++++++++--
- 1 file changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index 8c45725f5a..9ce8e4d390 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -393,6 +393,21 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
-                 log_error_errno(r, "Failed to %s: %m.", verb);
- }
- 
-+/**
-+ * Checks if two paths or symlinks from wd are the same, when root is the root of the filesystem.
-+ * wc should be the full path in the host file system.
-+ */
-+static bool chroot_symlinks_same(const char *root, const char *wd, const char *a, const char *b) {
-+        assert(path_is_absolute(wd));
-+
-+        /* This will give incorrect results if the paths are relative and go outside
-+         * of the chroot. False negatives are possible. */
-+
-+        a = strjoina(path_is_absolute(a) ? root : wd, "/", a);
-+        b = strjoina(path_is_absolute(b) ? root : wd, "/", b);
-+        return path_equal_or_files_same(a, b);
-+}
-+
- static int create_symlink(
-                 const LookupPaths *paths,
-                 const char *old_path,
-@@ -401,7 +416,7 @@ static int create_symlink(
-                 UnitFileChange **changes,
-                 unsigned *n_changes) {
- 
--        _cleanup_free_ char *dest = NULL;
-+        _cleanup_free_ char *dest = NULL, *dirname = NULL;
-         const char *rp;
-         int r;
- 
-@@ -442,7 +457,11 @@ static int create_symlink(
-                 return r;
-         }
- 
--        if (path_equal(dest, old_path))
-+        dirname = dirname_malloc(new_path);
-+        if (!dirname)
-+                return -ENOMEM;
-+
-+        if (chroot_symlinks_same(paths->root_dir, dirname, dest, old_path))
-                 return 1;
- 
-         if (!force) {

0012-shared-install-properly-report-masked-units-listed-i.patch

@@ -1,75 +0,0 @@
-From 3f5a187dcf8ad2f0690046876d30d37630c11014 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 17 Aug 2016 22:15:54 -0400
-Subject: [PATCH] shared/install: properly report masked units listed in Also=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A masked unit is listed in Also=:
-
-$ systemctl cat test1 test2
-→# /etc/systemd/system/test1.service
-[Unit]
-Description=test service 1
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/true
-
-[Install]
-WantedBy=multi-user.target
-Also=test2.service
-Alias=alias1.service
-
-→# /dev/null
-
-$ systemctl --root=/ enable test1
-(before)
-Created symlink /etc/systemd/system/alias1.service → /etc/systemd/system/test1.service.
-Created symlink /etc/systemd/system/multi-user.target.wants/test1.service → /etc/systemd/system/test1.service.
-The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
-settings in the [Install] section, and DefaultInstance for template units).
-This means they are not meant to be enabled using systemctl.
-Possible reasons for having this kind of units are:
-1) A unit may be statically enabled by being symlinked from another unit's
-   .wants/ or .requires/ directory.
-2) A unit's purpose may be to act as a helper for some other unit which has
-   a requirement dependency on it.
-3) A unit may be started when needed via activation (socket, path, timer,
-   D-Bus, udev, scripted systemctl call, ...).
-4) In case of template units, the unit is meant to be enabled with some
-   instance name specified.
-
-(after)
-Created symlink /etc/systemd/system/alias1.service → /etc/systemd/system/test1.service.
-Created symlink /etc/systemd/system/multi-user.target.wants/test1.service → /etc/systemd/system/test1.service.
-Unit /etc/systemd/system/test2.service is masked, ignoring.
-
-(cherry picked from commit f16517151310b88591f3501a59e23ae2a79e7f02)
----
- src/shared/install.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index 9ce8e4d390..9d9f4dff4f 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -1686,6 +1686,17 @@ static int install_context_apply(
-                 if (r < 0)
-                         return r;
- 
-+                /* We can attempt to process a masked unit when a different unit
-+                 * that we were processing specifies it in DefaultInstance= or Also=. */
-+                if (i->type == UNIT_FILE_TYPE_MASKED) {
-+                        unit_file_changes_add(changes, n_changes, UNIT_FILE_IS_MASKED, i->path, NULL);
-+                        if (r >= 0)
-+                                /* Assume that some *could* have been enabled here, avoid
-+                                 * "empty [Install] section" warning. */
-+                                r += 1;
-+                        continue;
-+                }
-+
-                 if (i->type != UNIT_FILE_TYPE_REGULAR)
-                         continue;
- 

0013-Revert-pid1-reconnect-to-the-console-before-being-re.patch

@@ -1,45 +0,0 @@
-From e59e123d9c0692b6104deea954e1a2db172e22e1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 18 Aug 2016 21:39:39 -0400
-Subject: [PATCH] Revert "pid1: reconnect to the console before being
- re-executed"
-
-This reverts commit affd7ed1a923b0df8479cff1bd9eafb625fdaa66.
-
-> So it looks like make_console_stdio() has bad side effect. More specifically it
-> does a TIOCSCTTY ioctl (via acquire_terminal()) which sees to disturb the
-> process which was using/owning the console.
-
-Fixes #3842.
-https://bugs.debian.org/834367
-https://bugzilla.redhat.com/show_bug.cgi?id=1367766
-
-(cherry picked from commit bd64d82c1c0e3fe2a5f9b3dd9132d62834f50b2d)
----
- src/core/main.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/core/main.c b/src/core/main.c
-index f2adca7d2b..f59a55f166 100644
---- a/src/core/main.c
-+++ b/src/core/main.c
-@@ -2016,9 +2016,6 @@ finish:
-                                 log_error_errno(r, "Failed to switch root, trying to continue: %m");
-                 }
- 
--                /* Reopen the console */
--                (void) make_console_stdio();
--
-                 args_size = MAX(6, argc+1);
-                 args = newa(const char*, args_size);
- 
-@@ -2066,6 +2063,9 @@ finish:
-                 arg_serialization = safe_fclose(arg_serialization);
-                 fds = fdset_free(fds);
- 
-+                /* Reopen the console */
-+                (void) make_console_stdio();
-+
-                 for (j = 1, i = 1; j < (unsigned) argc; j++)
-                         args[i++] = argv[j];
-                 args[i++] = NULL;

0014-systemd-ignore-lack-of-tty-when-checking-whether-col.patch

@@ -1,62 +0,0 @@
-From 0da0a63dba426aa351d733292df6ec41603b39b6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 18 Aug 2016 22:03:56 -0400
-Subject: [PATCH] systemd: ignore lack of tty when checking whether colors
- should be enabled
-
-When started by the kernel, we are connected to the console, and we'll set TERM
-properly to some value in fixup_environment(). We'll then enable or disable
-colors based on the value of $SYSTEMD_COLORS and $TERM.
-
-When reexecuting, TERM should be already set, so we can use this value.
-Effectively, behaviour is the same as before affd7ed1a was reverted, but instead
-of reopening the console before configuring color output, we just ignore what
-stdout is connected to and decide based on the variables only.
-
-(cherry picked from commit 158fbf7661912adf0f42c93155499119811dde82)
----
- src/basic/terminal-util.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
-index df56d85317..47d31ad4d7 100644
---- a/src/basic/terminal-util.c
-+++ b/src/basic/terminal-util.c
-@@ -1191,12 +1191,9 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) {
-         return receive_one_fd(pair[0], 0);
- }
- 
--bool terminal_is_dumb(void) {
-+static bool getenv_terminal_is_dumb(void) {
-         const char *e;
- 
--        if (!on_tty())
--                return true;
--
-         e = getenv("TERM");
-         if (!e)
-                 return true;
-@@ -1204,6 +1201,13 @@ bool terminal_is_dumb(void) {
-         return streq(e, "dumb");
- }
- 
-+bool terminal_is_dumb(void) {
-+        if (!on_tty())
-+                return true;
-+
-+        return getenv_terminal_is_dumb();
-+}
-+
- bool colors_enabled(void) {
-         static int enabled = -1;
- 
-@@ -1213,6 +1217,9 @@ bool colors_enabled(void) {
-                 colors = getenv("SYSTEMD_COLORS");
-                 if (colors)
-                         enabled = parse_boolean(colors) != 0;
-+                else if (getpid() == 1)
-+                        /* PID1 outputs to the console without holding it open all the time */
-+                        enabled = !getenv_terminal_is_dumb();
-                 else
-                         enabled = !terminal_is_dumb();
-         }

0015-shared-install-do-not-enable-masked-instances-4005.patch

@@ -1,127 +0,0 @@
-From 3cb3b0145ed8439eb604b43596e6456ed3292c46 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 21 Aug 2016 09:10:51 -0400
-Subject: [PATCH] shared/install: do not enable masked instances (#4005)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When told to enable a template unit, and the DefaultInstance specified in that
-unit was masked, we would do this. Such a unit cannot be started or loaded, so
-reporting successful enabling is misleading and unexpected.
-
-$ systemctl mask getty@tty1
-Created symlink /etc/systemd/system/getty@tty1.service → /dev/null.
-$ systemctl --root=/ enable getty@tty1
-(unchanged)
-Failed to enable unit, unit /etc/systemd/system/getty@tty1.service is masked.
-
-$ systemctl --root=/ enable getty@
-(before)
-Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service.
-(now)
-Failed to enable unit, unit /etc/systemd/system/getty@tty1.service is masked.
-
-The same error is emitted for enable and preset. And an error is emmited, not a
-warning, so the failure to enable DefaultInstance is treated the same as if the
-instance was specified on the command line. I think that this makes most sense,
-for most template units.
-
-Fixes #2513.
-(cherry picked from commit 047d91f9c8cf1bcf5a30f428668babd619533944)
----
- src/shared/install.c | 35 ++++++++++++++++++++++++++++-------
- 1 file changed, 28 insertions(+), 7 deletions(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index 9d9f4dff4f..cb2a2e7e0d 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -912,8 +912,8 @@ static int install_info_may_process(
-         assert(i);
-         assert(paths);
- 
--        /* Checks whether the loaded unit file is one we should process, or is masked, transient or generated and thus
--         * not subject to enable/disable operations. */
-+        /* Checks whether the loaded unit file is one we should process, or is masked,
-+         * transient or generated and thus not subject to enable/disable operations. */
- 
-         if (i->type == UNIT_FILE_TYPE_MASKED) {
-                 unit_file_changes_add(changes, n_changes, -ERFKILL, i->path, NULL);
-@@ -1134,7 +1134,6 @@ static int unit_file_load(
-         struct stat st;
-         int r;
- 
--        assert(c);
-         assert(info);
-         assert(path);
- 
-@@ -1163,6 +1162,9 @@ static int unit_file_load(
-                 return 0;
-         }
- 
-+        /* c is only needed if we actually load the file */
-+        assert(c);
-+
-         fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
-         if (fd < 0)
-                 return -errno;
-@@ -1275,7 +1277,6 @@ static int unit_file_search(
-         char **p;
-         int r;
- 
--        assert(c);
-         assert(info);
-         assert(paths);
- 
-@@ -1546,7 +1547,14 @@ static int install_info_symlink_wants(
-         assert(paths);
-         assert(config_path);
- 
-+        if (strv_isempty(list))
-+                return 0;
-+
-         if (unit_name_is_valid(i->name, UNIT_NAME_TEMPLATE)) {
-+                UnitFileInstallInfo instance = {
-+                        .type = _UNIT_FILE_TYPE_INVALID,
-+                };
-+                _cleanup_free_ char *path = NULL;
- 
-                 /* Don't install any symlink if there's no default
-                  * instance configured */
-@@ -1558,6 +1566,19 @@ static int install_info_symlink_wants(
-                 if (r < 0)
-                         return r;
- 
-+                instance.name = buf;
-+                r = unit_file_search(NULL, &instance, paths, SEARCH_FOLLOW_CONFIG_SYMLINKS);
-+                if (r < 0)
-+                        return r;
-+
-+                path = instance.path;
-+                instance.path = NULL;
-+
-+                if (instance.type == UNIT_FILE_TYPE_MASKED) {
-+                        unit_file_changes_add(changes, n_changes, -ERFKILL, path, NULL);
-+                        return -ERFKILL;
-+                }
-+
-                 n = buf;
-         } else
-                 n = i->name;
-@@ -1687,12 +1708,12 @@ static int install_context_apply(
-                         return r;
- 
-                 /* We can attempt to process a masked unit when a different unit
--                 * that we were processing specifies it in DefaultInstance= or Also=. */
-+                 * that we were processing specifies it in Also=. */
-                 if (i->type == UNIT_FILE_TYPE_MASKED) {
-                         unit_file_changes_add(changes, n_changes, UNIT_FILE_IS_MASKED, i->path, NULL);
-                         if (r >= 0)
--                                /* Assume that some *could* have been enabled here, avoid
--                                 * "empty [Install] section" warning. */
-+                                /* Assume that something *could* have been enabled here,
-+                                 * avoid "empty [Install] section" warning. */
-                                 r += 1;
-                         continue;
-                 }

0016-If-the-notification-message-length-is-0-ignore-the-m.patch

@@ -1,29 +0,0 @@
-From 2e9b525caa9e3126e54f0d9506d0c36d7d533997 Mon Sep 17 00:00:00 2001
-From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
-Date: Wed, 28 Sep 2016 18:25:50 -0300
-Subject: [PATCH] If the notification message length is 0, ignore the message
- (#4237)
-
-Fixes #4234.
-
-Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
-(cherry picked from commit 531ac2b2349da02acc9c382849758e07eb92b020)
----
- src/core/manager.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index 4d84a0b37e..a085ed899a 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1648,6 +1648,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
- 
-                 return -errno;
-         }
-+        if (n == 0) {
-+                log_debug("Got zero-length notification message. Ignoring.");
-+                return 0;
-+        }
- 
-         CMSG_FOREACH(cmsg, &msghdr) {
-                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {

0017-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch

@@ -1,48 +0,0 @@
-From 39e5e97e68a9c1bca3bcfa6c9316a83dad0b072d Mon Sep 17 00:00:00 2001
-From: Franck Bui <fbui@suse.com>
-Date: Thu, 29 Sep 2016 19:44:34 +0200
-Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
- (#4240)
-
-If manager_dispatch_notify_fd() fails and returns an error then the handling of
-service notifications will be disabled entirely leading to a compromised system.
-
-For example pid1 won't be able to receive the WATCHDOG messages anymore and
-will kill all services supposed to send such messages.
-(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
----
- src/core/manager.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index a085ed899a..36488b673a 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1643,10 +1643,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
- 
-         n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
-         if (n < 0) {
--                if (errno == EAGAIN || errno == EINTR)
--                        return 0;
-+                if (!IN_SET(errno, EAGAIN, EINTR))
-+                        log_error("Failed to receive notification message: %m");
- 
--                return -errno;
-+                /* It's not an option to return an error here since it
-+                 * would disable the notification handler entirely. Services
-+                 * wouldn't be able to send the WATCHDOG message for
-+                 * example... */
-+                return 0;
-         }
-         if (n == 0) {
-                 log_debug("Got zero-length notification message. Ignoring.");
-@@ -1673,7 +1677,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
-                 r = fdset_new_array(&fds, fd_array, n_fds);
-                 if (r < 0) {
-                         close_many(fd_array, n_fds);
--                        return log_oom();
-+                        log_oom();
-+                        return 0;
-                 }
-         }
- 

0018-pid1-process-zero-length-notification-messages-again.patch

@@ -1,77 +0,0 @@
-From 9d77c48a80e1cc2ad016eba1756a5ca293d51f86 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 29 Sep 2016 16:06:02 +0200
-Subject: [PATCH] pid1: process zero-length notification messages again
-
-This undoes 531ac2b234. I acked that patch without looking at the code
-carefully enough. There are two problems:
-- we want to process the fds anyway
-- in principle empty notification messages are valid, and we should
-  process them as usual, including logging using log_unit_debug().
-
-(cherry picked from commit 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4)
----
- src/core/manager.c | 15 ++++++---------
- 1 file changed, 6 insertions(+), 9 deletions(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index 36488b673a..85bf858992 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1584,13 +1584,12 @@ static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, ui
-         return 0;
- }
- 
--static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
-+static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
-         _cleanup_strv_free_ char **tags = NULL;
- 
-         assert(m);
-         assert(u);
-         assert(buf);
--        assert(n > 0);
- 
-         tags = strv_split(buf, "\n\r");
-         if (!tags) {
-@@ -1652,10 +1651,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
-                  * example... */
-                 return 0;
-         }
--        if (n == 0) {
--                log_debug("Got zero-length notification message. Ignoring.");
--                return 0;
--        }
- 
-         CMSG_FOREACH(cmsg, &msghdr) {
-                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
-@@ -1692,25 +1687,27 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
-                 return 0;
-         }
- 
-+        /* The message should be a string. Here we make sure it's NUL-terminated,
-+         * but only the part until first NUL will be used anyway. */
-         buf[n] = 0;
- 
-         /* Notify every unit that might be interested, but try
-          * to avoid notifying the same one multiple times. */
-         u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
-         if (u1) {
--                manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
-+                manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
-                 found = true;
-         }
- 
-         u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
-         if (u2 && u2 != u1) {
--                manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
-+                manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
-                 found = true;
-         }
- 
-         u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
-         if (u3 && u3 != u2 && u3 != u1) {
--                manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
-+                manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
-                 found = true;
-         }
- 

0019-shared-install-fix-set-default-with-empty-root-4118.patch

@@ -1,30 +0,0 @@
-From eadc5d94950a04f9fb64cb3906644af04de81970 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sat, 10 Sep 2016 12:07:51 +0100
-Subject: [PATCH] shared/install: fix set-default with empty root (#4118)
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1374371
-
-When root was empty or equal to "/", chroot_symlinks_same was called with
-root==NULL, and strjoina returned "", so the code thought both paths are equal
-even if they were not. Fix that by always providing a non-null first argument
-to strjoina.
-(cherry picked from commit ae9efab711e7478b4f035edd00824d518bcf0d3c)
----
- src/shared/install.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index cb2a2e7e0d..cf1e8349d7 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -403,6 +403,9 @@ static bool chroot_symlinks_same(const char *root, const char *wd, const char *a
-         /* This will give incorrect results if the paths are relative and go outside
-          * of the chroot. False negatives are possible. */
- 
-+        if (!root)
-+                root = "/";
-+
-         a = strjoina(path_is_absolute(a) ? root : wd, "/", a);
-         b = strjoina(path_is_absolute(b) ? root : wd, "/", b);
-         return path_equal_or_files_same(a, b);

0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch

@@ -1,51 +0,0 @@
-From 108c060c5521309b9448e3a7905b50dd505f36a8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 11 Mar 2016 17:06:17 -0500
-Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime
-
-If the symlink doesn't exists, and we are being started, let's
-create it to provie name resolution.
-
-If it exists, do nothing. In particular, if it is a broken symlink,
-we cannot really know if the administator configured it to point to
-a location used by some service that hasn't started yet, so we
-don't touch it in that case either.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1313085
----
- src/resolve/resolved.c | 4 ++++
- tmpfiles.d/etc.conf.m4 | 3 ---
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
-index deb75f9ae5..914d3b8a2d 100644
---- a/src/resolve/resolved.c
-+++ b/src/resolve/resolved.c
-@@ -67,6 +67,10 @@ int main(int argc, char *argv[]) {
-                 goto finish;
-         }
- 
-+        r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
-+        if (r < 0 && errno != EEXIST)
-+                log_warning_errno(errno, "Could not create /etc/resolv.conf symlink: %m");
-+
-         /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */
-         r = drop_privileges(uid, gid,
-                             (UINT64_C(1) << CAP_NET_RAW)|          /* needed for SO_BINDTODEVICE */
-diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
-index 064eae94f1..928105ea8d 100644
---- a/tmpfiles.d/etc.conf.m4
-+++ b/tmpfiles.d/etc.conf.m4
-@@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
- m4_ifdef(`HAVE_SMACK_RUN_LABEL',
- t /etc/mtab - - - - security.SMACK64=_
- )m4_dnl
--m4_ifdef(`ENABLE_RESOLVED',
--L! /etc/resolv.conf - - - - ../usr/lib/systemd/resolv.conf
--)m4_dnl
- C /etc/nsswitch.conf - - - -
- m4_ifdef(`HAVE_PAM',
- C /etc/pam.d - - - -
--- 
-2.9.2
-

20-grubby.install

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+if [[ ! -x /sbin/new-kernel-pkg ]]; then
+    exit 0
+fi
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+BOOT_DIR_ABS="$3"
+KERNEL_IMAGE="$4"
+
+KERNEL_DIR="${KERNEL_IMAGE%/*}"
+[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
+case "$COMMAND" in
+    add)
+        if [[ "${KERNEL_DIR}" != "/boot" ]]; then
+            for i in \
+                "$KERNEL_IMAGE" \
+                    "$KERNEL_DIR"/System.map \
+                    "$KERNEL_DIR"/config \
+                    "$KERNEL_DIR"/zImage.stub \
+                    "$KERNEL_DIR"/dtb \
+                ; do
+                [[ -e "$i" ]] || continue
+                cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
+                command -v restorecon &>/dev/null && \
+                    restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
+            done
+            # hmac is .vmlinuz-<version>.hmac so needs a special treatment
+            i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
+            if [[ -e "$i" ]]; then
+                cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+                command -v restorecon &>/dev/null && \
+                    restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+            fi
+        fi
+        /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
+        /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
+        /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
+        ;;
+    remove)
+        /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
+        ;;
+    *)
+        ;;
+esac
+
+# skip other installation plugins, if we can't find a boot loader spec conforming setup
+if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
+    exit 77
+fi

85-display-manager.preset

@@ -1,11 +0,0 @@
-# We enable all display managers by default. Since only one can
-# actually be enabled at the same time the one which is installed
-# first wins
-
-enable gdm.service
-enable lightdm.service
-enable slim.service
-enable lxdm.service
-enable sddm.service
-enable kdm.service
-enable xdm.service

90-default.preset

@@ -1,126 +0,0 @@
-# Also see:
-# https://fedoraproject.org/wiki/Starting_services_by_default
-
-# On Fedora we deviate from some upstream defaults
-disable systemd-timesyncd.service
-disable systemd-networkd.service
-disable systemd-resolved.service
-
-# System stuff
-enable sshd.service
-enable atd.*
-enable crond.*
-enable chronyd.service
-enable NetworkManager.service
-enable NetworkManager-dispatcher.service
-enable ModemManager.service
-enable auditd.service
-enable restorecond.service
-enable bluetooth.*
-enable avahi-daemon.*
-enable cups.*
-
-# The various syslog implementations
-enable rsyslog.*
-enable syslog-ng.*
-enable sysklogd.*
-
-# Network facing
-enable firewalld.service
-enable libvirtd.service
-enable xinetd.service
-enable ladvd.service
-
-# Storage
-enable multipathd.service
-enable libstoragemgmt.service
-enable lvm2-monitor.*
-enable lvm2-lvmetad.*
-enable dm-event.*
-enable dmraid-activation.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=855372
-enable mdmonitor.service
-enable mdmonitor-takeover.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=876237
-enable spice-vdagentd.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=885406
-enable qemu-guest-agent.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=928726
-enable dnf-makecache.timer
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=929403
-enable initial-setup-graphical.service
-enable initial-setup-text.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=957135
-enable vmtoolsd.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=976315
-enable dkms.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=961878
-enable ipmi.service
-enable ipmievd.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1039351
-enable x509watch.timer
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1060754
-enable dnssec-triggerd.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1095353
-enable uuidd.socket
-
-# Hardware
-enable gpm.*
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1066421
-enable gpsd.socket
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1141607
-enable x2gocleansessions.service
-
-# https://fedoraproject.org/wiki/Changes/UEFISecureBootBlacklistUpdates
-#
-enable dbxtool.service
-
-enable irqbalance.service
-enable lm_sensors.service
-enable mcelog.*
-enable acpid.*
-enable smartd.service
-enable pcscd.socket
-enable rngd.service
-
-# Other stuff
-enable abrtd.service
-enable abrt-ccpp.service
-enable abrt-oops.service
-enable abrt-xorg.service
-enable abrt-vmcore.service
-enable lttng-sessiond.service
-enable ksm.service
-enable ksmtuned.service
-enable rootfs-resize.service
-enable sysstat.service
-enable sysstat-collect.timer
-enable sysstat-summary.timer
-enable uuidd.service
-enable xendomains.service
-enable xenstored.service
-enable xenconsoled.service
-
-# Desktop stuff
-enable accounts-daemon.service
-enable rtkit-daemon.service
-enable upower.service
-enable udisks2.service
-enable polkit.service
-enable packagekit-offline-update.service
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1187072
-enable timedatex.service

99-default-disable.preset

@@ -1 +0,0 @@
-disable *

f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch

@@ -0,0 +1,129 @@
+From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 17:58:03 +0200
+Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1803070
+
+I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
+than the one we get from /proc/self/fdinfo/. This only matters when both statx and
+name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
+
+(gdb) !uname -r
+5.6.19-200.fc31.ppc64le
+
+(gdb) !cat /proc/self/mountinfo
+697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
+701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
+702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
+703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
+704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
+705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
+706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
+722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
+725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
+614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
+615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+
+The test process does
+name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
+openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
+read(open("/proc/self/fdinfo/4", ...)) which gives
+"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
+
+and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
+
+We could either drop the fallback path (and fail name_to_handle_at() is not
+avaliable) or ignore the error in the test. Not sure what is better. I think
+this issue only occurs sometimes and with older kernels, so probably continuing
+with the current flaky implementation is better than ripping out the fallback.
+
+Another strace:
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
+) = 28
+name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
+) = 20
+name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
+) = 30
+name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
+) = 23
+name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
+openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
+openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
+read(5</proc/20/fdinfo/4>, "", 1024)    = 0
+close(5</proc/20/fdinfo/4>)             = 0
+close(4</proc/filesystems>)             = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
+) = 42
+writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
+) = 39
+writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
+) = 109
+rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
+rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
+getpid()                                = 20
+gettid()                                = 20
+tgkill(20, 20, SIGABRT)                 = 0
+rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
+--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
++++ killed by SIGABRT (core dumped) +++
+---
+ src/test/test-mountpoint-util.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 30b00ae4d8b..ffe5144b04a 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
+                 /* The ids don't match? If so, then there are two mounts on the same path, let's check if
+                  * that's really the case */
+                 char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
+-                log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
+-                assert_se(path_equal(p, t));
++                log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
++
++                if (!path_equal(p, t))
++                        /* Apparent kernel bug in /proc/self/fdinfo */
++                        log_warning("Bad mount id given for %s: %d, should be %d",
++                                    p, mnt_id2, mnt_id);
+         }
+ }
+ 

kernel-install-grubby.patch

@@ -1,70 +0,0 @@
-From 859a022f807bbab2d072c7299743b527156e7f7d Mon Sep 17 00:00:00 2001
-From: Harald Hoyer <harald@redhat.com>
-Date: Tue, 14 Jan 2014 17:48:08 -0500
-Subject: [PATCH] kernel-install: add fedora specific callouts to
- new-kernel-pkg
-
----
- src/kernel-install/kernel-install | 43 +++++++++++++++++++++++++++++++++++++++
- 1 file changed, 43 insertions(+)
- mode change 100644 => 100755 src/kernel-install/kernel-install
-
-diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
-old mode 100644
-new mode 100755
-index 3ae1d77..2b8fe1e
---- a/src/kernel-install/kernel-install
-+++ b/src/kernel-install/kernel-install
-@@ -71,6 +71,49 @@ fi
- KERNEL_VERSION="$1"
- KERNEL_IMAGE="$2"
- 
-+if [[ -x /sbin/new-kernel-pkg ]]; then
-+    KERNEL_DIR="${KERNEL_IMAGE%/*}"
-+    [[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
-+    case "$COMMAND" in
-+        add)
-+            if [[ "${KERNEL_DIR}" != "/boot" ]]; then
-+                for i in \
-+                    "$KERNEL_IMAGE" \
-+                        "$KERNEL_DIR"/System.map \
-+                        "$KERNEL_DIR"/config \
-+                        "$KERNEL_DIR"/zImage.stub \
-+                        "$KERNEL_DIR"/dtb \
-+                    ; do
-+                    [[ -e "$i" ]] || continue
-+                    cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
-+                    command -v restorecon &>/dev/null && \
-+                        restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
-+                done
-+                # hmac is .vmlinuz-<version>.hmac so needs a special treatment
-+                i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
-+                if [[ -e "$i" ]]; then
-+                    cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
-+                    command -v restorecon &>/dev/null && \
-+                        restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
-+                fi
-+            fi
-+            /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
-+            /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
-+            /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
-+            ;;
-+        remove)
-+            /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
-+            ;;
-+        *)
-+            ;;
-+    esac
-+
-+    # exit, if we can't find a boot loader spec conforming setup
-+    if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
-+        exit 0
-+    fi
-+fi
-+
- if [[ -f /etc/machine-id ]]; then
-     read MACHINE_ID < /etc/machine-id
- fi
--- 
-2.7.2
-

libsystemd-shared.abignore

@@ -0,0 +1,3 @@
+[suppress_file]
+# This shared object is private to systemd
+file_name_regexp=libsystemd-shared-.*.so

macros.sysusers

@@ -0,0 +1,10 @@
+# RPM macros for packages creating system accounts
+#
+# Turn a sysusers.d file into macros specified by
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
+
+%sysusers_requires_compat Requires(pre): shadow-utils
+
+%sysusers_create_compat() \
+%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
+%{nil}

purge-nobody-user

@@ -0,0 +1,101 @@
+#!/bin/bash -eu
+
+if [ $UID -ne 0 ]; then
+    echo "WARNING: This script needs to run as root to be effective"
+    exit 1
+fi
+
+export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
+
+if [ "${1:-}" = "--ignore-journal" ]; then
+    shift
+    ignore_journal=1
+else
+    ignore_journal=0
+fi
+
+echo "Checking processes..."
+if ps h -u 99 | grep .; then
+    echo "ERROR: ps reports processes with UID 99!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking UTMP..."
+if w -h 199 | grep . ; then
+    echo "ERROR: w reports UID 99 as active!"
+    exit 2
+fi
+if w -h nobody | grep . ; then
+    echo "ERROR: w reports user nobody as active!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking the journal..."
+if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
+    echo "ERROR: journalctl reports messages from UID 99 in current boot!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Looking for files in /etc, /run, /tmp, and /var..."
+if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
+    echo "ERROR: found files belonging to UID 99"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking if nobody is defined correctly..."
+if getent passwd nobody |
+	grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
+then
+    echo "OK, nothing to do."
+    exit 0
+else
+    echo "NOTICE: User nobody is not defined correctly"
+fi
+
+echo "Checking if nfsnobody or something else is using the uid..."
+if getent passwd 65534 | grep . ; then
+    echo "NOTICE: will have to remove this user"
+else
+    echo "... not found"
+fi
+
+if [ "${1:-}" = "-x" ]; then
+    if getent passwd nobody >/dev/null; then
+	# this will remove both the user and the group.
+	( set -x
+   	  userdel nobody
+	)
+    fi
+
+    if getent passwd 65534 >/dev/null; then
+	# Make sure the uid is unused. This should free gid too.
+	name="$(getent passwd 65534 | cut -d: -f1)"
+	( set -x
+	  userdel "$name"
+	)
+    fi
+
+    if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
+	echo "Sleeping, so sss can catch up"
+	sleep 3
+    fi
+
+    if getent group 65534; then
+	# Make sure the gid is unused, even if uid wasn't.
+	name="$(getent group 65534 | cut -d: -f1)"
+	( set -x
+	  groupdel "$name"
+	)
+    fi
+
+    # systemd-sysusers uses the same gid and uid
+    ( set -x
+      systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
+    )
+else
+    echo "Pass '-x' to perform changes"
+fi

sources

@@ -1 +1 @@
-e6fa7f4a9c06f0427ff0539a90c69390  systemd-231.tar.gz
+SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a

split-files.py

@@ -0,0 +1,143 @@
+import re, sys, os, collections
+
+buildroot = sys.argv[1]
+known_files = sys.stdin.read().splitlines()
+known_files = {line.split()[-1]:line for line in known_files}
+
+def files(root):
+    os.chdir(root)
+    todo = collections.deque(['.'])
+    while todo:
+        n = todo.pop()
+        files = os.scandir(n)
+        for file in files:
+            yield file
+            if file.is_dir() and not file.is_symlink():
+                todo.append(file)
+
+o_libs = open('.file-list-libs', 'w')
+o_udev = open('.file-list-udev', 'w')
+o_pam = open('.file-list-pam', 'w')
+o_rpm_macros = open('.file-list-rpm-macros', 'w')
+o_devel = open('.file-list-devel', 'w')
+o_container = open('.file-list-container', 'w')
+o_networkd = open('.file-list-networkd', 'w')
+o_remote = open('.file-list-remote', 'w')
+o_tests = open('.file-list-tests', 'w')
+o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
+o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
+o_rest = open('.file-list-rest', 'w')
+for file in files(buildroot):
+    n = file.path[1:]
+    if re.match(r'''/usr/(share|include)$|
+                    /usr/share/man(/man.|)$|
+                    /usr/share/zsh(/site-functions|)$|
+                    /usr/share/dbus-1$|
+                    /usr/share/dbus-1/system.d$|
+                    /usr/share/dbus-1/(system-|)services$|
+                    /usr/share/polkit-1(/actions|/rules.d|)$|
+                    /usr/share/pkgconfig$|
+                    /usr/share/bash-completion(/completions|)$|
+                    /usr(/lib|/lib64|/bin|/sbin|)$|
+                    /usr/lib.*/(security|pkgconfig)$|
+                    /usr/lib/rpm(/macros.d|)$|
+                    /usr/lib/firewalld(/services|)$|
+                    /usr/share/(locale|licenses|doc)|             # no $
+                    /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
+                    /etc/(dnf|dnf/protected.d)$|
+                    /usr/(src|lib/debug)|                         # no $
+                    /run$|
+                    /var(/cache|/log|/lib|/run|)$
+    ''', n, re.X):
+        continue
+    if '/security/pam_' in n or '/man8/pam_' in n:
+        o = o_pam
+    elif '/rpm/' in n:
+        o = o_rpm_macros
+    elif '/usr/lib/systemd/tests' in n:
+        o = o_tests
+    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
+        o = o_devel
+    elif re.search(r'''journal-(remote|gateway|upload)|
+                       systemd-remote\.conf|
+                       /usr/share/systemd/gatewayd|
+                       /var/log/journal/remote
+    ''', n, re.X):
+        o = o_remote
+    elif re.search(r'''mymachines|
+                       machinectl|
+                       systemd-nspawn|
+                       import-pubring.gpg|
+                       systemd-(machined|import|pull)|
+                       /machine.slice|
+                       /machines.target|
+                       var-lib-machines.mount|
+                       org.freedesktop.(import|machine)1
+    ''', n, re.X):
+        o = o_container
+    elif re.search(r'''/usr/lib/systemd/network/80-|
+                       networkd|
+                       networkctl|
+                       org.freedesktop.network1
+    ''', n, re.X):
+        o = o_networkd
+    elif '.so.' in n:
+        o = o_libs
+    elif re.search(r'''udev(?!\.pc)|
+                       hwdb|
+                       bootctl|
+                       sd-boot|systemd-boot\.|loader.conf|
+                       bless-boot|
+                       boot-system-token|
+                       kernel-install|
+                       vconsole|
+                       backlight|
+                       rfkill|
+                       random-seed|
+                       modules-load|
+                       timesync|
+                       cryptsetup|
+                       kmod|
+                       quota|
+                       pstore|
+                       sleep|suspend|hibernate|
+                       systemd-tmpfiles-setup-dev|
+                       network/99-default.link|
+                       growfs|makefs|makeswap|mkswap|
+                       fsck|
+                       repart|
+                       gpt-auto|
+                       volatile-root|
+                       verity-setup|
+                       remount-fs|
+                       /boot$|
+                       /boot/efi|
+                       /kernel/|
+                       /kernel$|
+                       /modprobe.d
+    ''', n, re.X):
+        o = o_udev
+    elif n.endswith('.standalone'):
+        if 'tmpfiles' in n:
+            o = o_standalone_tmpfiles
+        elif 'sysusers' in n:
+            o = o_standalone_sysusers
+        else:
+            assert False, 'Found .standalone not belonging to known packages'
+    else:
+        o = o_rest
+
+    if n in known_files:
+        prefix = ' '.join(known_files[n].split()[:-1])
+        if prefix:
+            prefix += ' '
+    elif file.is_dir() and not file.is_symlink():
+        prefix = '%dir '
+    elif n.startswith('/etc'):
+        prefix = '%config(noreplace) '
+    else:
+        prefix = ''
+
+    suffix = '*' if '/man/' in n else ''
+
+    print(f'{prefix}{n}{suffix}', file=o)

systemd-user

@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+account  include system-auth
+
+session  required pam_selinux.so close
+session  required pam_selinux.so nottys open
+session  required pam_loginuid.so
+session  include system-auth

systemd.rpmlintrc

@@ -0,0 +1,50 @@
+# Just kill all warnings about README being wrong in every possible way
+addFilter(r'README')
+
+addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
+
+addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
+
+addFilter(r'non-readable /etc/crypttab')
+
+addFilter(r'non-conffile-in-etc /etc/inittab')
+
+addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
+
+addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
+
+addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
+
+addFilter(r'non-standard-dir-perm /var/cache/private 700')
+
+addFilter(r'non-root-group-log-file /var/log/btmp utmp')
+
+addFilter(r'non-standard-dir-perm /var/log/private 700')
+
+addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
+
+addFilter(r'dangerous-command-in-')
+
+addFilter(r'summary-not-capitalized C systemd')
+
+addFilter(r'obsolete-not-provided')
+
+addFilter(r'postin-without-ldconfig')
+
+addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
+
+addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
+
+addFilter(r'systemd-tests\..*: W: no-documentation')
+
+addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
+
+addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
+
+# everybody does it this way: systemd, syslog-ng, rsyslog
+addFilter(r'unversioned-explicit-provides syslog')
+
+# systemd-machine-id-setup requires libssl
+addFilter(r'explicit-lib-dependency openssl-libs')
+
+addFilter(r'systemd.src:.*strange-permission')

sysusers.attr

@@ -0,0 +1,2 @@
+%__sysusers_provides	%{_rpmconfigdir}/sysusers.prov
+%__sysusers_path	^%{_sysusersdir}/.*\\.conf$

sysusers.generate-pre.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# This script turns sysuser.d files into scriptlets mandated by Fedora
+# packaging guidelines. The general idea is to define users using the
+# declarative syntax but to turn this into traditional scriptlets.
+
+user() {
+    user="$1"
+    uid="$2"
+    desc="$3"
+    group="$4"
+    home="$5"
+    shell="$6"
+
+[ "$desc" = '-' ] && desc=
+[ "$home" = '-' -o "$home" = '' ] && home=/
+[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
+
+if [ "$uid" = '-' -o "$uid" = '' ]; then
+    cat <<EOF
+getent passwd '$user' >/dev/null || \\
+    useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
+EOF
+else
+    cat <<EOF
+if ! getent passwd '$user' >/dev/null ; then
+    if ! getent passwd '$uid' >/dev/null ; then
+        useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+    else
+        useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+    fi
+fi
+
+EOF
+fi
+}
+
+group() {
+    group="$1"
+    gid="$2"
+if [ "$gid" = '-' ]; then
+    cat <<EOF
+getent group '$group' >/dev/null || groupadd -r '$group'
+EOF
+else
+    cat <<EOF
+getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
+EOF
+fi
+}
+
+parse() {
+    while read line || [ "$line" ]; do
+        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+        line="${line## *}"
+        [ -z "$line" ] && continue
+        eval arr=( $line )
+        case "${arr[0]}" in
+            ('u')
+                group "${arr[1]}" "${arr[2]}"
+                user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
+                # TODO: user:group support
+                ;;
+            ('g')
+                group "${arr[1]}" "${arr[2]}"
+                ;;
+            ('m')
+                group "${arr[2]}" "-"
+                user "${arr[1]}" "-" "" "${arr[2]}"
+                ;;
+        esac
+    done
+}
+
+for fn in "$@"; do
+    [ -e "$fn" ] || continue
+    echo "# generated from $(basename $fn)"
+    parse < "$fn"
+done

sysusers.prov

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+parse() {
+    while read line; do
+        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+        line="${line## *}"
+        [ -z "$line" ] && continue
+        set -- $line
+        case "$1" in
+            ('u')
+                echo "user($2)"
+                echo "group($2)"
+                # TODO: user:group support
+                ;;
+            ('g')
+                echo "group($2)"
+                ;;
+            ('m')
+                echo "user($2)"
+                echo "group($3)"
+                ;;
+        esac
+    done
+}
+
+while read fn; do
+    parse < "$fn"
+done

tests/tests-reboot.yml

@@ -0,0 +1,50 @@
+---
+- hosts: localhost
+  vars:
+  - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
+  tags:
+  - classic
+  tasks:
+  # switch SELinux to permissive mode
+  - name: Get default kernel
+    command: "grubby --default-kernel"
+    register: default_kernel
+  - debug: msg="{{ default_kernel.stdout }}"
+  - name: Set permissive mode
+    command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
+
+  - name: reboot
+    block:
+      - name: restart host
+        shell: sleep 2 && shutdown -r now "Ansible updates triggered"
+        async: 1
+        poll: 0
+        ignore_errors: true
+
+      - name: wait for host to come back
+        wait_for_connection:
+          delay: 10
+          timeout: 300
+
+      - name: Re-create /tmp/artifacts
+        command: mkdir /tmp/artifacts
+
+      - name: Gather SELinux denials since boot
+        shell: |
+            result=pass
+            dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
+            ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
+            grep -q '<no matches>' /tmp/avc.log || result=fail
+            echo -e "\nresults:\n- test: reboot and collect AVC\n  result: $result\n  logs:\n  - avc.log\n\n" > /tmp/results.yml
+            ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
+
+    always:
+      - name: Pull out the artifacts
+        fetch:
+          dest: "{{ artifacts }}/"
+          src: "{{ item }}"
+          flat: yes
+        with_items:
+          - /tmp/test.log
+          - /tmp/avc.log
+          - /tmp/results.yml

triggers.systemd

@@ -1,8 +1,10 @@
 #  -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
+#  SPDX-License-Identifier: LGPL-2.1+
 #
 #  This file is part of systemd.
 #
 #  Copyright 2015 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2018 Neal Gompa
 #
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU Lesser General Public License as published by
@@ -18,47 +20,92 @@
 #  along with systemd; If not, see <http://www.gnu.org/licenses/>.
 
 # The contents of this are an example to be copied into systemd.spec.
+#
+# Minimum rpm version supported: 4.13.0
 
-%transfiletriggerin -P 900900 -p <lua> -- /usr/lib/systemd/system /etc/systemd/system
--- This script will run after any package is initially installed or
--- upgraded. We care about the case where a package is initially
--- installed, because other cases are covered by the *un scriptlets,
--- so sometimes we will reload needlessly.
+%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
+# This script will run after any package is initially installed or
+# upgraded. We care about the case where a package is initially
+# installed, because other cases are covered by the *un scriptlets,
+# so sometimes we will reload needlessly.
+if test -d /run/systemd/system; then
+  %{_bindir}/systemctl daemon-reload
+fi
 
-pid = posix.fork()
-if pid == 0 then
-    assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))
-elseif pid > 0 then
-    posix.wait(pid)
-end
+%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
+# On removal, we need to run daemon-reload after any units have been
+# removed. %transfiletriggerpostun would be ideal, but it does not get
+# executed for some reason.
+# On upgrade, we need to run daemon-reload after any new unit files
+# have been installed, but before %postun scripts in packages get
+# executed. %transfiletriggerun gets the right list of files
+# but it is invoked too early (before changes happen).
+# %filetriggerpostun happens at the right time, but it fires for
+# every package.
+# To execute the reload at the right time, we create a state
+# file in %transfiletriggerun and execute the daemon-reload in
+# the first %filetriggerpostun.
 
-%transfiletriggerun -p <lua> -- /usr/lib/systemd/system /etc/systemd/system
--- On removal, we need to run daemon-reload after any units have been
--- removed. %transfiletriggerpostun would be ideal, but it does not get
--- executed for some reason.
--- On upgrade, we need to run daemon-reload after any new unit files
--- have been installed, but before %postun scripts in packages get
--- executed. %transfiletriggerun gets the right list of files
--- but it is invoked too early (before changes happen).
--- %filetriggerpostun happens at the right time, but it fires for
--- every package.
--- To execute the reload at the right time, we create a state
--- file in %transfiletriggerun and execute the daemon-reload in
--- the first %filetriggerpostun.
+if test -d "/run/systemd/system"; then
+    mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
+    touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
+fi
 
-posix.mkdir("%{_localstatedir}/lib")
-posix.mkdir("%{_localstatedir}/lib/rpm-state")
-posix.mkdir("%{_localstatedir}/lib/rpm-state/systemd")
-io.open("%{_localstatedir}/lib/rpm-state/systemd/needs-reload", "w")
+%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
+if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
+    rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
+    %{_bindir}/systemctl daemon-reload
+fi
 
-%filetriggerpostun -P 1000100 -p <lua> -- /usr/lib/systemd/system /etc/systemd/system
-if posix.access("%{_localstatedir}/lib/rpm-state/systemd/needs-reload") then
-    posix.unlink("%{_localstatedir}/lib/rpm-state/systemd/needs-reload")
-    posix.rmdir("%{_localstatedir}/lib/rpm-state/systemd")
-    pid = posix.fork()
-    if pid == 0 then
-        assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))
-    elseif pid > 0 then
-        posix.wait(pid)
-    end
-end
+%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
+# This script will process files installed in /usr/lib/sysusers.d to create
+# specified users automatically. The priority is set such that it
+# will run before the tmpfiles file trigger.
+if test -d /run/systemd/system; then
+  %{_bindir}/systemd-sysusers || :
+fi
+
+%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
+# This script will process files installed in /usr/lib/tmpfiles.d to create
+# tmpfiles automatically. The priority is set such that it will run
+# after the sysusers file trigger, but before any other triggers.
+if test -d /run/systemd/system; then
+  %{_bindir}/systemd-tmpfiles --create || :
+fi
+
+%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
+# This script will automatically invoke hwdb update if files have been
+# installed or updated in /usr/lib/udev/hwdb.d.
+if test -d /run/systemd/system; then
+  %{_bindir}/systemd-hwdb update || :
+fi
+
+%transfiletriggerin -- /usr/lib/systemd/catalog
+# This script will automatically invoke journal catalog update if files
+# have been installed or updated in /usr/lib/systemd/catalog.
+if test -d /run/systemd/system; then
+  %{_bindir}/journalctl --update-catalog || :
+fi
+
+%transfiletriggerin udev -- /usr/lib/udev/rules.d
+# This script will automatically update udev with new rules if files
+# have been installed or updated in /usr/lib/udev/rules.d.
+if test -e /run/udev/control; then
+  %{_bindir}/udevadm control --reload || :
+fi
+
+%transfiletriggerin -- /usr/lib/sysctl.d
+# This script will automatically apply sysctl rules if files have been
+# installed or updated in /usr/lib/sysctl.d.
+if test -d /run/systemd/system; then
+  /usr/lib/systemd/systemd-sysctl || :
+fi
+
+%transfiletriggerin -- /usr/lib/binfmt.d
+# This script will automatically apply binfmt rules if files have been
+# installed or updated in /usr/lib/binfmt.d.
+if test -d /run/systemd/system; then
+  # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
+  # during install
+  /usr/lib/systemd/systemd-binfmt || :
+fi

use-bfq-scheduler.patch

@@ -0,0 +1,40 @@
+From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 14 Aug 2019 15:57:42 +0200
+Subject: [PATCH] udev: use bfq as the default scheduler
+
+As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
+Test results are that bfq seems to behave better and more consistently on
+typical hardware. The kernel does not have a configuration option to set
+the default scheduler, and it currently needs to be set by userspace.
+
+See the bug for more discussion and links.
+---
+ rules.d/60-block-scheduler.rules | 5 +++++
+ rules.d/meson.build              | 1 +
+ 2 files changed, 6 insertions(+)
+ create mode 100644 rules.d/60-block-scheduler.rules
+
+diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
+new file mode 100644
+index 0000000000..480b941761
+--- /dev/null
++++ b/rules.d/60-block-scheduler.rules
+@@ -0,0 +1,5 @@
++# do not edit this file, it will be overwritten on update
++
++ACTION=="add", SUBSYSTEM=="block", \
++  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
++  ATTR{queue/scheduler}="bfq"
+diff --git a/rules.d/meson.build b/rules.d/meson.build
+index ca4445d774..38d6aa6970 100644
+--- a/rules.d/meson.build
++++ b/rules.d/meson.build
+@@ -3,6 +3,7 @@
+ rules = files('''
+         60-autosuspend.rules
+         60-block.rules
++        60-block-scheduler.rules
+         60-cdrom_id.rules
+         60-drm.rules
+         60-evdev.rules