Version 247.1

-container subpackage is for container *management*. Those files are
used *in* the container.

0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch

@@ -1,144 +0,0 @@
-From 6f202edb2c2e340523c6c0f2c0a93690eaab7a68 Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam@redhat.com>
-Date: Tue, 18 Feb 2020 08:44:34 -0800
-Subject: [PATCH] Revert "job: Don't mark as redundant if deps are relevant"
-
-This reverts commit 097537f07a2fab3cb73aef7bc59f2a66aa93f533. It
-causes https://bugzilla.redhat.com/show_bug.cgi?id=1803293 .
----
- src/core/job.c         | 51 ++++++------------------------------------
- src/core/job.h         |  3 +--
- src/core/transaction.c |  8 +++----
- 3 files changed, 12 insertions(+), 50 deletions(-)
-
-diff --git a/src/core/job.c b/src/core/job.c
-index 5982404cf0..5048a5093e 100644
---- a/src/core/job.c
-+++ b/src/core/job.c
-@@ -383,62 +383,25 @@ JobType job_type_lookup_merge(JobType a, JobType b) {
-         return job_merging_table[(a - 1) * a / 2 + b];
- }
- 
--bool job_later_link_matters(Job *j, JobType type, unsigned generation) {
--        JobDependency *l;
--
--        assert(j);
--
--        j->generation = generation;
--
--        LIST_FOREACH(subject, l, j->subject_list) {
--                UnitActiveState state = _UNIT_ACTIVE_STATE_INVALID;
--
--                /* Have we seen this before? */
--                if (l->object->generation == generation)
--                        continue;
--
--                state = unit_active_state(l->object->unit);
--                switch (type) {
--
--                case JOB_START:
--                        return IN_SET(state, UNIT_INACTIVE, UNIT_FAILED) ||
--                               job_later_link_matters(l->object, type, generation);
--
--                case JOB_STOP:
--                        return IN_SET(state, UNIT_ACTIVE, UNIT_RELOADING) ||
--                               job_later_link_matters(l->object, type, generation);
--
--                default:
--                        assert_not_reached("Invalid job type");
--                }
--        }
--
--        return false;
--}
--
--bool job_is_redundant(Job *j, unsigned generation) {
--
--        assert(j);
--
--        UnitActiveState state = unit_active_state(j->unit);
--        switch (j->type) {
-+bool job_type_is_redundant(JobType a, UnitActiveState b) {
-+        switch (a) {
- 
-         case JOB_START:
--                return IN_SET(state, UNIT_ACTIVE, UNIT_RELOADING) && !job_later_link_matters(j, JOB_START, generation);
-+                return IN_SET(b, UNIT_ACTIVE, UNIT_RELOADING);
- 
-         case JOB_STOP:
--                return IN_SET(state, UNIT_INACTIVE, UNIT_FAILED) && !job_later_link_matters(j, JOB_STOP, generation);
-+                return IN_SET(b, UNIT_INACTIVE, UNIT_FAILED);
- 
-         case JOB_VERIFY_ACTIVE:
--                return IN_SET(state, UNIT_ACTIVE, UNIT_RELOADING);
-+                return IN_SET(b, UNIT_ACTIVE, UNIT_RELOADING);
- 
-         case JOB_RELOAD:
-                 return
--                        state == UNIT_RELOADING;
-+                        b == UNIT_RELOADING;
- 
-         case JOB_RESTART:
-                 return
--                        state == UNIT_ACTIVATING;
-+                        b == UNIT_ACTIVATING;
- 
-         case JOB_NOP:
-                 return true;
-diff --git a/src/core/job.h b/src/core/job.h
-index 02b057ee06..03ad640618 100644
---- a/src/core/job.h
-+++ b/src/core/job.h
-@@ -196,8 +196,7 @@ _pure_ static inline bool job_type_is_superset(JobType a, JobType b) {
-         return a == job_type_lookup_merge(a, b);
- }
- 
--bool job_later_link_matters(Job *j, JobType type, unsigned generation);
--bool job_is_redundant(Job *j, unsigned generation);
-+bool job_type_is_redundant(JobType a, UnitActiveState b) _pure_;
- 
- /* Collapses a state-dependent job type into a simpler type by observing
-  * the state of the unit which it is going to be applied to. */
-diff --git a/src/core/transaction.c b/src/core/transaction.c
-index 8d67f9ce1a..a0ea0f0489 100644
---- a/src/core/transaction.c
-+++ b/src/core/transaction.c
-@@ -279,7 +279,7 @@ static int transaction_merge_jobs(Transaction *tr, sd_bus_error *e) {
-         return 0;
- }
- 
--static void transaction_drop_redundant(Transaction *tr, unsigned generation) {
-+static void transaction_drop_redundant(Transaction *tr) {
-         bool again;
- 
-         /* Goes through the transaction and removes all jobs of the units whose jobs are all noops. If not
-@@ -299,7 +299,7 @@ static void transaction_drop_redundant(Transaction *tr, unsigned generation) {
- 
-                         LIST_FOREACH(transaction, k, j)
-                                 if (tr->anchor_job == k ||
--                                    !job_is_redundant(k, generation) ||
-+                                    !job_type_is_redundant(k->type, unit_active_state(k->unit)) ||
-                                     (k->unit->job && job_type_is_conflicting(k->type, k->unit->job->type))) {
-                                         keep = true;
-                                         break;
-@@ -730,7 +730,7 @@ int transaction_activate(
-                 transaction_minimize_impact(tr);
- 
-         /* Third step: Drop redundant jobs */
--        transaction_drop_redundant(tr, generation++);
-+        transaction_drop_redundant(tr);
- 
-         for (;;) {
-                 /* Fourth step: Let's remove unneeded jobs that might
-@@ -772,7 +772,7 @@ int transaction_activate(
-         }
- 
-         /* Eights step: Drop redundant jobs again, if the merging now allows us to drop more. */
--        transaction_drop_redundant(tr, generation++);
-+        transaction_drop_redundant(tr);
- 
-         /* Ninth step: check whether we can actually apply this */
-         r = transaction_is_destructive(tr, mode, e);
--- 
-2.25.0
-

0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch

@@ -0,0 +1,70 @@
+From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Nov 2020 14:28:24 +0100
+Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
+ fails
+
+This test fails on i686 and ppc64le in koji:
+/* test_path */
+Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
+
+I guess some permission error is the most likely.
+---
+ src/test/test-path-util.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
+index f4f8d0550b..be428334f3 100644
+--- a/src/test/test-path-util.c
++++ b/src/test/test-path-util.c
+@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
+ }
+ 
+ static void test_path(void) {
+-        _cleanup_close_ int fd = -1;
+-
+         log_info("/* %s */", __func__);
+ 
+         test_path_compare("/goo", "/goo", 0);
+@@ -80,10 +78,6 @@ static void test_path(void) {
+         assert_se(streq(basename("/aa///file..."), "file..."));
+         assert_se(streq(basename("file.../"), ""));
+ 
+-        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
+-        assert_se(fd >= 0);
+-        assert_se(fd_is_mount_point(fd, "/", 0) > 0);
+-
+         test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
+         test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
+         test_path_simplify("///", "/", "/");
+@@ -120,6 +114,22 @@ static void test_path(void) {
+         assert_se(!path_equal_ptr(NULL, "/a"));
+ }
+ 
++static void test_path_is_mountpoint(void) {
++        _cleanup_close_ int fd = -1;
++        int r;
++
++        log_info("/* %s */", __func__);
++
++        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
++        assert_se(fd >= 0);
++
++        r = fd_is_mount_point(fd, "/", 0);
++        if (r < 0)
++                log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
++        else
++                assert_se(r == 1);
++}
++
+ static void test_path_equal_root(void) {
+         /* Nail down the details of how path_equal("/", ...) works. */
+ 
+@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
+ 
+         test_print_paths();
+         test_path();
++        test_path_is_mountpoint();
+         test_path_equal_root();
+         test_find_executable_full();
+         test_find_executable(argv[0]);

0001-test-path-util-ignore-test-failure.patch

@@ -0,0 +1,33 @@
+From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Nov 2020 15:06:12 +0100
+Subject: [PATCH] test-path-util: ignore test failure
+
+---
+ src/test/test-path-util.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
+index be428334f3..207c659b8b 100644
+--- a/src/test/test-path-util.c
++++ b/src/test/test-path-util.c
+@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
+ 
+         log_info("/* %s */", __func__);
+ 
++        (void) system("uname -a");
++        (void) system("mountpoint /");
++
+         fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
+         assert_se(fd >= 0);
+ 
+         r = fd_is_mount_point(fd, "/", 0);
+         if (r < 0)
+                 log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
+-        else
+-                assert_se(r == 1);
++        else if (r == 0)
++                log_warning("/ is not a mountpoint?");
+ }
+ 
+ static void test_path_equal_root(void) {

0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch

@@ -1,30 +0,0 @@
-From 0c670fec00f3d5c103d9b7415d4e0510c61ad006 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 11 Mar 2016 17:06:17 -0500
-Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime
-
-If the symlink exists, do nothing. In particular, if it is a broken symlink,
-we cannot really know if the administator configured it to point to
-a location used by some service that hasn't started yet, so we
-don't touch it in that case either.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1313085
----
- src/resolve/resolved.c | 4 ++++
- tmpfiles.d/etc.conf.m4 | 3 ---
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
-index f82e0b82ce..66a777bdb2 100644
---- a/tmpfiles.d/etc.conf.m4
-+++ b/tmpfiles.d/etc.conf.m4
-@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
- m4_ifdef(`HAVE_SMACK_RUN_LABEL',
- t /etc/mtab - - - - security.SMACK64=_
- )m4_dnl
--m4_ifdef(`ENABLE_RESOLVE',
--L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
--)m4_dnl
- C! /etc/nsswitch.conf - - - -
- m4_ifdef(`HAVE_PAM',
- C! /etc/pam.d - - - -

f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch

@@ -0,0 +1,129 @@
+From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 17:58:03 +0200
+Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1803070
+
+I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
+than the one we get from /proc/self/fdinfo/. This only matters when both statx and
+name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
+
+(gdb) !uname -r
+5.6.19-200.fc31.ppc64le
+
+(gdb) !cat /proc/self/mountinfo
+697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
+701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
+702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
+703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
+704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
+705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
+706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
+722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
+725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
+614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
+615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+
+The test process does
+name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
+openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
+read(open("/proc/self/fdinfo/4", ...)) which gives
+"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
+
+and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
+
+We could either drop the fallback path (and fail name_to_handle_at() is not
+avaliable) or ignore the error in the test. Not sure what is better. I think
+this issue only occurs sometimes and with older kernels, so probably continuing
+with the current flaky implementation is better than ripping out the fallback.
+
+Another strace:
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
+) = 28
+name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
+) = 20
+name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
+) = 30
+name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
+) = 23
+name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
+openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
+openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
+read(5</proc/20/fdinfo/4>, "", 1024)    = 0
+close(5</proc/20/fdinfo/4>)             = 0
+close(4</proc/filesystems>)             = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
+) = 42
+writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
+) = 39
+writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
+) = 109
+rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
+rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
+getpid()                                = 20
+gettid()                                = 20
+tgkill(20, 20, SIGABRT)                 = 0
+rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
+--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
++++ killed by SIGABRT (core dumped) +++
+---
+ src/test/test-mountpoint-util.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 30b00ae4d8b..ffe5144b04a 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
+                 /* The ids don't match? If so, then there are two mounts on the same path, let's check if
+                  * that's really the case */
+                 char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
+-                log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
+-                assert_se(path_equal(p, t));
++                log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
++
++                if (!path_equal(p, t))
++                        /* Apparent kernel bug in /proc/self/fdinfo */
++                        log_warning("Bad mount id given for %s: %d, should be %d",
++                                    p, mnt_id2, mnt_id);
+         }
+ }
+ 

sources

@@ -1 +1 @@
-SHA512 (systemd-245.5.tar.gz) = 47de4a59980643002f325c499eeb4dd76fa9f1d1267686e7564f103690487bf85974590d7cb3e3641409e5bfba567fe2a66efa80320e7e8adc48af4461e2e172
+SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a

split-files.py

@@ -21,8 +21,11 @@ o_pam = open('.file-list-pam', 'w')
 o_rpm_macros = open('.file-list-rpm-macros', 'w')
 o_devel = open('.file-list-devel', 'w')
 o_container = open('.file-list-container', 'w')
+o_networkd = open('.file-list-networkd', 'w')
 o_remote = open('.file-list-remote', 'w')
 o_tests = open('.file-list-tests', 'w')
+o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
+o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
 o_rest = open('.file-list-rest', 'w')
 for file in files(buildroot):
     n = file.path[1:]
@@ -51,10 +54,10 @@ for file in files(buildroot):
         o = o_pam
     elif '/rpm/' in n:
         o = o_rpm_macros
-    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
-        o = o_devel
     elif '/usr/lib/systemd/tests' in n:
         o = o_tests
+    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
+        o = o_devel
     elif re.search(r'''journal-(remote|gateway|upload)|
                        systemd-remote\.conf|
                        /usr/share/systemd/gatewayd|
@@ -69,10 +72,15 @@ for file in files(buildroot):
                        /machine.slice|
                        /machines.target|
                        var-lib-machines.mount|
-                       network/80-container-v[ez]|
                        org.freedesktop.(import|machine)1
     ''', n, re.X):
         o = o_container
+    elif re.search(r'''/usr/lib/systemd/network/80-|
+                       networkd|
+                       networkctl|
+                       org.freedesktop.network1
+    ''', n, re.X):
+        o = o_networkd
     elif '.so.' in n:
         o = o_libs
     elif re.search(r'''udev(?!\.pc)|
@@ -109,6 +117,13 @@ for file in files(buildroot):
                        /modprobe.d
     ''', n, re.X):
         o = o_udev
+    elif n.endswith('.standalone'):
+        if 'tmpfiles' in n:
+            o = o_standalone_tmpfiles
+        elif 'sysusers' in n:
+            o = o_standalone_sysusers
+        else:
+            assert False, 'Found .standalone not belonging to known packages'
     else:
         o = o_rest
 

systemd.spec

@@ -1,4 +1,4 @@
-#global commit ef677436aa203c24816021dd698b57f219f0ff64
+#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
 
 %global stable 1
@@ -16,11 +16,12 @@
 # cryptsetup, e.g. when re-building cryptsetup on a json-c SONAME-bump.
 %bcond_with    bootstrap
 %bcond_without tests
+%bcond_without lto
 
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
-Version:        245.5
-Release:        2%{?commit:.git%{shortcommit}}%{?dist}
+Version:        247.1
+Release:        1%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -70,10 +71,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
 Patch0001:      use-bfq-scheduler.patch
 
-Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
+Patch0003:      0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch
+Patch0004:      0001-test-path-util-ignore-test-failure.patch
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1803293
-Patch1000:      0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch
+Patch0009:      https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
 
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
@@ -81,6 +82,7 @@ Patch1000:      0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch
 
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
+BuildRequires:  coreutils
 BuildRequires:  libcap-devel
 BuildRequires:  libmount-devel
 BuildRequires:  libfdisk-devel
@@ -102,6 +104,7 @@ BuildRequires:  xz
 BuildRequires:  lz4-devel
 BuildRequires:  lz4
 BuildRequires:  bzip2-devel
+BuildRequires:  libzstd-devel
 BuildRequires:  libidn2-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  kmod-devel
@@ -114,6 +117,7 @@ BuildRequires:  qrencode-devel
 BuildRequires:  libmicrohttpd-devel
 BuildRequires:  libxkbcommon-devel
 BuildRequires:  iptables-devel
+BuildRequires:  pkgconfig(libfido2)
 BuildRequires:  libxslt
 BuildRequires:  docbook-style-xsl
 BuildRequires:  pkgconfig
@@ -128,12 +132,13 @@ BuildRequires:  firewalld-filesystem
 BuildRequires:  gnu-efi gnu-efi-devel
 %endif
 BuildRequires:  libseccomp-devel
-BuildRequires:  git
 BuildRequires:  meson >= 0.43
 BuildRequires:  gettext
 # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
 BuildRequires:  valgrind-devel
 BuildRequires:  pkgconfig(bash-completion)
+BuildRequires:  perl
+BuildRequires:  perl(IPC::SysV)
 
 Requires(post): coreutils
 Requires(post): sed
@@ -148,6 +153,7 @@ Requires:       dbus >= 1.9.18
 Requires:       %{name}-pam = %{version}-%{release}
 Requires:       %{name}-rpm-macros = %{version}-%{release}
 Requires:       %{name}-libs = %{version}-%{release}
+Recommends:     %{name}-networkd = %{version}-%{release}
 Recommends:     diffutils
 Requires:       util-linux
 Recommends:     libxkbcommon%{?_isa}
@@ -160,7 +166,7 @@ Provides:       system-setup-keyboard = 0.9
 # systemd-sysv-convert was removed in f20: https://fedorahosted.org/fpc/ticket/308
 Obsoletes:      systemd-sysv < 206
 # self-obsoletes so that dnf will install new subpackages on upgrade (#1260394)
-Obsoletes:      %{name} < 229-5
+Obsoletes:      %{name} < 246.6-2
 Provides:       systemd-sysv = 206
 Conflicts:      initscripts < 9.56.1
 %if 0%{?fedora}
@@ -168,6 +174,20 @@ Conflicts:      fedora-release < 23-0.12
 %endif
 Obsoletes:      timedatex < 0.6-3
 Provides:       timedatex = 0.6-3
+Conflicts:      %{name}-standalone-tmpfiles < %{version}-%{release}^
+Obsoletes:      %{name}-standalone-tmpfiles < %{version}-%{release}^
+Conflicts:      %{name}-standalone-sysusers < %{version}-%{release}^
+Obsoletes:      %{name}-standalone-sysusers < %{version}-%{release}^
+
+# Recommends to replace normal Requires deps for stuff that is dlopen()ed
+Recommends:     libcryptsetup.so.12()(64bit)
+Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit)
+Recommends:     libidn2.so.0()(64bit)
+Recommends:     libidn2.so.0(IDN2_0.0.0)(64bit)
+Recommends:     libpcre2-8.so.0()(64bit)
+Recommends:     libpwquality.so.1()(64bit)
+Recommends:     libpwquality.so.1(LIBPWQUALITY_1.0)(64bit)
+Recommends:     libqrencode.so.4()(64bit)
 
 %description
 systemd is a system and service manager that runs as PID 1 and starts
@@ -241,17 +261,18 @@ to libudev or libsystemd.
 Summary: Rule-based device node and kernel event manager
 License:        LGPLv2+
 
-Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       systemd%{?_isa} = %{version}-%{release}
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
 Requires(post): grep
 Requires:       kmod >= 18-4
-# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394)
-Obsoletes:      %{name} < 229-5
+# https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd43dd05b1
+Obsoletes:      systemd < 245.6-1
 Provides:       udev = %{version}
 Provides:       udev%{_isa} = %{version}
 Obsoletes:      udev < 183
+
 # https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9
 Suggests:       systemd-bootchart
 # https://bugzilla.redhat.com/show_bug.cgi?id=1408878
@@ -261,6 +282,10 @@ Requires:       kbd
 Provides:       u2f-hidraw-policy = 1.0.2-40
 Obsoletes:      u2f-hidraw-policy < 1.0.2-40
 
+# Recommends to replace normal Requires deps for stuff that is dlopen()ed
+Recommends:     libcryptsetup.so.12()(64bit)
+Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit)
+
 %description udev
 This package contains systemd-udev and the rules and hardware database
 needed to manage device nodes. This package is necessary on physical
@@ -304,6 +329,18 @@ and to write journal files from serialized journal contents.
 This package contains systemd-journal-gatewayd,
 systemd-journal-remote, and systemd-journal-upload.
 
+%package networkd
+Summary:        System daemon that manages network configurations
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+License:        LGPLv2+
+# https://src.fedoraproject.org/rpms/systemd/pull-request/34
+Obsoletes:      systemd < 246.6-2
+
+%description networkd
+systemd-networkd is a system service that manages networks. It detects
+and configures network devices as they appear, as well as creating virtual
+network devices.
+
 %package tests
 Summary:       Internal unit tests for systemd
 Requires:      %{name}%{?_isa} = %{version}-%{release}
@@ -313,17 +350,37 @@ License:       LGPLv2+
 "Installed tests" that are usually run as part of the build system.
 They can be useful to test systemd internals.
 
+%package standalone-tmpfiles
+Summary:       Standalone tmpfiles binary for use in non-systemd systems
+RemovePathPostfixes: .standalone
+
+%description standalone-tmpfiles
+Standalone tmpfiles binary with no dependencies on the systemd-shared library
+or other libraries from systemd-libs. This package conflicts with the main
+systemd package and is meant for use in non-systemd systems.
+
+%package standalone-sysusers
+Summary:       Standalone sysusers binary for use in non-systemd systems
+RemovePathPostfixes: .standalone
+
+%description standalone-sysusers
+Standalone sysusers binary with no dependencies on the systemd-shared library
+or other libraries from systemd-libs. This package conflicts with the main
+systemd package and is meant for use in non-systemd systems.
+
 %prep
-%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{github_version}} -p1 -Sgit
+%autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{github_version}} -p1
 
 %build
 %define ntpvendor %(source /etc/os-release; echo ${ID})
 %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
 
 CONFIGURE_OPTS=(
+        -Dmode=release
         -Dsysvinit-path=/etc/rc.d/init.d
         -Drc-local=/etc/rc.d/rc.local
         -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
+        -Ddns-servers=
         -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
         -Dservice-watchdog=
         -Ddev-kvm-mode=0666
@@ -340,6 +397,7 @@ CONFIGURE_OPTS=(
         -Dzlib=true
         -Dbzip2=true
         -Dlz4=true
+        -Dzstd=true
         -Dpam=true
         -Dacl=true
         -Dsmack=true
@@ -361,11 +419,13 @@ CONFIGURE_OPTS=(
         -Dlibidn2=true
         -Dlibiptc=true
         -Dlibcurl=true
+        -Dlibfido2=true
         -Defi=true
         -Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false}
         -Dtpm=true
         -Dhwdb=true
         -Dsysusers=true
+        -Dstandalone-binaries=true
         -Ddefault-kill-user-processes=false
         -Dtests=unsafe
         -Dinstall-tests=true
@@ -373,12 +433,23 @@ CONFIGURE_OPTS=(
         -Dusers-gid=100
         -Dnobody-user=nobody
         -Dnobody-group=nobody
+        -Dcompat-mutable-uid-boundaries=true
         -Dsplit-usr=false
         -Dsplit-bin=true
+%if %{with lto}
         -Db_lto=true
+%else
+        -Db_lto=false
+%endif
         -Db_ndebug=false
         -Dman=true
         -Dversion-tag=v%{version}-%{release}
+        -Dfallback-hostname=fedora
+        -Ddefault-dnssec=no
+        # https://bugzilla.redhat.com/show_bug.cgi?id=1867830
+        -Ddefault-mdns=no
+        -Ddefault-llmnr=resolve
+        -Doomd=true
 )
 
 %meson "${CONFIGURE_OPTS[@]}"
@@ -473,7 +544,7 @@ EOF
 
 install -Dm0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE11}
 
-install -Dm0755 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
+install -Dm0644 -t %{buildroot}%{_prefix}/lib/systemd/ %{SOURCE13}
 
 install -D -t %{buildroot}/usr/lib/systemd/ %{SOURCE3}
 
@@ -525,7 +596,7 @@ EOF
 
 %check
 %if %{with tests}
-meson test -C %{_vpath_builddir} -t 6
+meson test -C %{_vpath_builddir} -t 6 --print-errorlogs
 %endif
 
 #############################################################################################
@@ -545,9 +616,6 @@ getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2
 getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || :
 getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || :
 
-getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
-getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
-
 getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || :
 getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || :
 
@@ -591,6 +659,8 @@ chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || :
 # Apply ACL to the journal directory
 setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || :
 
+[ $1 -eq 1 ] || exit 0
+
 # We reset the enablement of all services upon initial installation
 # https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23
 # This will fix up enablement of any preset services that got installed
@@ -598,9 +668,26 @@ setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/de
 # https://bugzilla.redhat.com/show_bug.cgi?id=1647172.
 # We also do this for user units, see
 # https://fedoraproject.org/wiki/Changes/Systemd_presets_for_user_units.
-if [ $1 -eq 1 ] ; then
-        systemctl preset-all &>/dev/null || :
-        systemctl --global preset-all &>/dev/null || :
+systemctl preset-all &>/dev/null || :
+systemctl --global preset-all &>/dev/null || :
+
+# Create /etc/resolv.conf symlink.
+# We would also create it using tmpfiles, but let's do this here
+# too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
+# does not do this, because it's marked with ! and we don't specify --boot.)
+# https://bugzilla.redhat.com/show_bug.cgi?id=1873856
+#
+# If systemd is not running, don't overwrite the symlink because that
+# will immediately break DNS resolution, since systemd-resolved is
+# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847).
+#
+# Also don't creat the symlink to the stub when the stub is disabled (#1891847 again).
+if test -d /run/systemd/system/ &&
+   systemctl -q is-enabled systemd-resolved.service &>/dev/null &&
+   ! mountpoint /etc/resolv.conf &>/dev/null &&
+   ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \
+        grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then
+  ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 fi
 
 %preun
@@ -611,29 +698,42 @@ if [ $1 -eq 0 ] ; then
                 serial-getty@.service \
                 console-getty.service \
                 debug-shell.service \
-                systemd-networkd.service \
-                systemd-networkd-wait-online.service \
                 systemd-resolved.service \
+                systemd-homed.service \
                 >/dev/null || :
 fi
 
+%triggerun -- systemd < 246.1-1
+# This is for upgrades from previous versions before systemd-resolved became the default.
+systemctl --no-reload preset systemd-resolved.service &>/dev/null || :
+
+if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
+  systemctl -q is-enabled NetworkManager.service 2>/dev/null && \
+  ! test -L /etc/resolv.conf 2>/dev/null && \
+  ! mountpoint /etc/resolv.conf &>/dev/null && \
+  grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \
+  echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \
+  mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \
+  ln -sv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 2>/dev/null || :
+
+  systemctl start systemd-resolved.service &>/dev/null || :
+fi
+
 %post libs
 %{?ldconfig}
 
 function mod_nss() {
     if [ -f "$1" ] ; then
-        # sed-fu to add myhostname to hosts line
-        grep -E -q '^hosts:.* myhostname' "$1" ||
-        sed -i.bak -e '
-                /^hosts:/ !b
-                /\<myhostname\>/ b
-                s/[[:blank:]]*$/ myhostname/
-                ' "$1" &>/dev/null || :
-
         # Add nss-systemd to passwd and group
         grep -E -q '^(passwd|group):.* systemd' "$1" ||
         sed -i.bak -r -e '
-                s/^(passwd|group):(.*)/\1: \2 systemd/
+                s/^(passwd|group):(.*)/\1:\2 systemd/
+                ' "$1" &>/dev/null || :
+
+        # Add nss-resolve to hosts
+        grep -E -q '^hosts:.* resolve' "$1" ||
+        sed -i.bak -r -e '
+                s/^(hosts):(.*) files( mdns4_minimal .NOTFOUND=return.)? dns myhostname/\1:\2 files\3 resolve [!UNAVAIL=return] myhostname dns/
                 ' "$1" &>/dev/null || :
     fi
 }
@@ -687,8 +787,12 @@ if [ -f %{_localstatedir}/lib/systemd/clock ] ; then
 fi
 
 udevadm hwdb --update &>/dev/null
+
 %systemd_post %udev_services
-/usr/lib/systemd/systemd-random-seed save 2>&1
+
+# Try to save the random seed, but don't complain if /dev/urandom is unavailable
+/usr/lib/systemd/systemd-random-seed save 2>&1 | \
+    grep -v 'Failed to open /dev/urandom' || :
 
 # Replace obsolete keymaps
 # https://bugzilla.redhat.com/show_bug.cgi?id=1151958
@@ -731,6 +835,16 @@ fi
 %systemd_postun_with_restart systemd-journal-upload.service
 %firewalld_reload
 
+%pre networkd
+getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
+getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
+
+%post networkd
+%systemd_post systemd-networkd.service systemd-networkd-wait-online.service
+
+%preun networkd
+%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service
+
 %global _docdir_fmt %{name}
 
 %files -f %{name}.lang -f .file-list-rest
@@ -769,9 +883,134 @@ fi
 
 %files journal-remote -f .file-list-remote
 
+%files networkd -f .file-list-networkd
+
 %files tests -f .file-list-tests
 
+%files standalone-tmpfiles -f .file-list-standalone-tmpfiles
+
+%files standalone-sysusers -f .file-list-standalone-sysusers
+
 %changelog
+* Tue Dec  1 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.1-1
+- Latest stable release
+- Fixes #1902819.
+- Files to configure networking with systemd-networkd in a VM or container are
+  moved to systemd-networkd subpackage. (They were previously in the -container
+  subpackage, which is for container/VM management.)
+
+* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247-1
+- Update to the latest version
+- #1900878 should be fixed
+
+* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247~rc2
+- New upstream pre-release. See
+  https://github.com/systemd/systemd/blob/v247-rc1/NEWS.
+  Many smaller and bigger improvements and features are introduced.
+  (#1885101, #1890632, #1879216)
+
+  A backwards-incompatible change affects PCI network devices which
+  are connected through a bridge which is itself associated with a
+  slot. When more than one device was associated with the same slot,
+  one of the devices would pseudo-randomly get named after the slot.
+  That name is now not generated at all. This changed behaviour is
+  causes the net naming scheme to be changed to "v247". To restore
+  previous behaviour, specify net.naming-scheme=v245.
+
+  systemd-oomd is built, but should not be considered "production
+  ready" at this point. Testing and bug reports are welcome.
+
+* Wed Sep 30 2020 Dusty Mabe <dusty@dustymabe.com> - 246.6-3
+- Try to make files in subpackages (especially the networkd subpackage)
+  more appropriate.
+
+* Thu Sep 24 2020 Filipe Brandenburger <filbranden@gmail.com> - 246.6-2
+- Build a package with standalone binaries for non-systemd systems.
+  For now, only systemd-sysusers is included.
+
+* Thu Sep 24 2020 Christian Glombek <lorbus@fedoraproject.org> - 246.6-2
+- Split out networkd sub-package and add to main package as recommended dependency
+
+* Sun Sep 20 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.6-1
+- Update to latest stable release (various minor fixes: manager,
+  networking, bootct, kernel-install, systemd-dissect, systemd-homed,
+  fstab-generator, documentation) (#1876905)
+- Do not fail in test because of kernel bug (#1803070)
+
+* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.5-1
+- Update to latest stable release (a bunch of small network-related
+  fixes in systemd-networkd and socket handling, documentation updates,
+  a bunch of fixes for error handling).
+- Also remove existing file when creating /etc/resolv.conf symlink
+  upon installation (#1873856 again)
+
+* Wed Sep  2 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.4-1
+- Update to latest stable version: a rework of how the unit cache mtime works
+  (hopefully #1872068, #1871327, #1867930), plus various fixes to
+  systemd-resolved, systemd-dissect, systemd-analyze, systemd-ask-password-agent,
+  systemd-networkd, systemd-homed, systemd-machine-id-setup, presets for
+  instantiated units, documentation and shell completions.
+- Create /etc/resolv.conf symlink upon installation (#1873856)
+- Move nss-mdns before nss-resolve in /etc/nsswitch.conf and disable
+  mdns by default in systemd-resolved (#1867830)
+
+* Wed Aug 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.3-1
+- Update to bugfix version (some networkd fixes, minor documentation
+  fixes, relax handling of various error conditions, other fixlets for
+  bugs without bugzilla numbers).
+
+* Mon Aug 17 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.2-1
+- A few minor bugfixes
+- Adjust seccomp filter for kernel 5.8 and glibc 2.32 (#1869030)
+- Create /etc/resolv.conf symlink on upgrade (#1867865)
+
+* Fri Aug  7 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.1-1
+- A few minor bugfixes
+- Remove /etc/resolv.conf on upgrades (if managed by NetworkManager), so
+  that systemd-resolved can take over the management of the symlink.
+
+* Thu Jul 30 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246-1
+- Update to released version. Only some minor bugfixes since the pre-release.
+
+* Sun Jul 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246~rc2-2
+- Make /tmp be 50% of RAM again (#1856514)
+- Re-run 'systemctl preset systemd-resolved' on upgrades.
+  /etc/resolv.conf is not modified, by a hint is emitted if it is
+  managed by NetworkManager.
+
+* Fri Jul 24 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246~rc2-1
+- New pre-release with incremental fixes
+  (#1856037, #1858845, #1856122, #1857783)
+- Enable systemd-resolved (with DNSSEC disabled by default, and LLMNR
+  and mDNS support in resolve-only mode by default).
+  See https://fedoraproject.org/wiki/Changes/systemd-resolved.
+
+* Thu Jul  9 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246~rc1-1
+- New upstream release, see
+  https://raw.githubusercontent.com/systemd/systemd/v246-rc1/NEWS.
+
+  This release includes many new unit settings, related inter alia to
+  cgroupsv2 freezer support and cpu affinity, encryption and verification.
+  systemd-networkd has a ton of new functionality and many other tools gained
+  smaller enhancements. systemd-homed gained FIDO2 support.
+
+  Documentation has been significantly improved: sd-bus and sd-hwdb
+  libraries are now fully documented; man pages have been added for
+  the D-BUS APIs of systemd daemons and various new interfaces.
+
+  Closes #1392925, #1790972, #1197886, #1525593.
+
+* Wed Jun 24 2020 Bastien Nocera <bnocera@redhat.com> - 245.6-3
+- Set fallback-hostname to fedora so that unset hostnames are still
+  recognisable (#1392925)
+
+* Tue Jun  2 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.6-2
+- Add self-obsoletes to fix upgrades from F31
+
+* Sun May 31 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 245.6-1
+- Update to latest stable version (some documentation updates, minor
+  memory correctness issues) (#1815605, #1827467, #1842067)
+
 * Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 245.5-2
 - Add explicit BuildRequires: acl
 - Bootstrapping for json-c SONAME bump

tests/tests-reboot.yml

@@ -0,0 +1,50 @@
+---
+- hosts: localhost
+  vars:
+  - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
+  tags:
+  - classic
+  tasks:
+  # switch SELinux to permissive mode
+  - name: Get default kernel
+    command: "grubby --default-kernel"
+    register: default_kernel
+  - debug: msg="{{ default_kernel.stdout }}"
+  - name: Set permissive mode
+    command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
+
+  - name: reboot
+    block:
+      - name: restart host
+        shell: sleep 2 && shutdown -r now "Ansible updates triggered"
+        async: 1
+        poll: 0
+        ignore_errors: true
+
+      - name: wait for host to come back
+        wait_for_connection:
+          delay: 10
+          timeout: 300
+
+      - name: Re-create /tmp/artifacts
+        command: mkdir /tmp/artifacts
+
+      - name: Gather SELinux denials since boot
+        shell: |
+            result=pass
+            dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
+            ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
+            grep -q '<no matches>' /tmp/avc.log || result=fail
+            echo -e "\nresults:\n- test: reboot and collect AVC\n  result: $result\n  logs:\n  - avc.log\n\n" > /tmp/results.yml
+            ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
+
+    always:
+      - name: Pull out the artifacts
+        fetch:
+          dest: "{{ artifacts }}/"
+          src: "{{ item }}"
+          flat: yes
+        with_items:
+          - /tmp/test.log
+          - /tmp/avc.log
+          - /tmp/results.yml

use-bfq-scheduler.patch

@@ -1,4 +1,4 @@
-From 464a73411c13596a130a7a8f0ac00ca728e5f69e Mon Sep 17 00:00:00 2001
+From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 14 Aug 2019 15:57:42 +0200
 Subject: [PATCH] udev: use bfq as the default scheduler
@@ -10,30 +10,29 @@ the default scheduler, and it currently needs to be set by userspace.
 
 See the bug for more discussion and links.
 ---
- rules/60-block-scheduler.rules | 5 +++++
- rules/meson.build              | 1 +
+ rules.d/60-block-scheduler.rules | 5 +++++
+ rules.d/meson.build              | 1 +
  2 files changed, 6 insertions(+)
- create mode 100644 rules/60-block-scheduler.rules
+ create mode 100644 rules.d/60-block-scheduler.rules
 
 diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
 new file mode 100644
-index 00000000000..480b941761f
+index 0000000000..480b941761
 --- /dev/null
 +++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,6 @@
+@@ -0,0 +1,5 @@
 +# do not edit this file, it will be overwritten on update
 +
 +ACTION=="add", SUBSYSTEM=="block", \
 +  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
-+  ENV{DEVTYPE}=="disk", \
 +  ATTR{queue/scheduler}="bfq"
 diff --git a/rules.d/meson.build b/rules.d/meson.build
-index b6a32ba77e2..1da958b4d46 100644
+index ca4445d774..38d6aa6970 100644
 --- a/rules.d/meson.build
 +++ b/rules.d/meson.build
-@@ -2,6 +2,7 @@
- 
+@@ -3,6 +3,7 @@
  rules = files('''
+         60-autosuspend.rules
          60-block.rules
 +        60-block-scheduler.rules
          60-cdrom_id.rules