Fix riscv seccomp patch

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

0001-Add-riscv-SECCOMP-support.patch

@@ -0,0 +1,250 @@
+From 5231b108f5d5924381e58182f8fd2592d1077caf Mon Sep 17 00:00:00 2001
+From: David Abdurachmanov <davidlt@rivosinc.com>
+Date: Fri, 10 Jun 2022 15:58:34 +0300
+Subject: [PATCH] Add riscv SECCOMP support
+
+Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
+
+diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
+index fc79870..e4daadc 100644
+--- a/src/basic/missing_syscall.h
++++ b/src/basic/missing_syscall.h
+@@ -81,6 +81,8 @@ static inline int missing_pivot_root(const char *new_root, const char *put_old)
+ #      define __NR_memfd_create 356
+ #    elif defined __arc__
+ #      define __NR_memfd_create 279
++#    elif defined __riscv
++#      define __NR_memfd_create 279
+ #    else
+ #      warning "__NR_memfd_create unknown for your architecture"
+ #    endif
+@@ -134,6 +136,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) {
+ #      endif
+ #    elif defined(__arc__)
+ #      define __NR_getrandom 278
++#    elif defined(__riscv)
++#      define __NR_getrandom 278
+ #    else
+ #      warning "__NR_getrandom unknown for your architecture"
+ #    endif
+@@ -179,6 +183,8 @@ static inline pid_t missing_gettid(void) {
+ #      define __NR_name_to_handle_at 345
+ #    elif defined(__arc__)
+ #      define __NR_name_to_handle_at 264
++#    elif defined(__riscv)
++#      define __NR_name_to_handle_at 264
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_name_to_handle_at systemd_SC_arch_bias(339)
+@@ -224,6 +230,8 @@ static inline int missing_name_to_handle_at(int fd, const char *name, struct fil
+ #      define __NR_setns 346
+ #    elif defined(__arc__)
+ #      define __NR_setns 268
++#    elif defined(__riscv)
++#      define __NR_setns 268
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_setns systemd_SC_arch_bias(344)
+@@ -291,6 +299,8 @@ static inline pid_t raw_getpid(void) {
+ #      define __NR_renameat2 347
+ #    elif defined __arc__
+ #      define __NR_renameat2 276
++#    elif defined __riscv
++#      define __NR_renameat2 276
+ #    else
+ #      warning "__NR_renameat2 unknown for your architecture"
+ #    endif
+@@ -382,6 +392,8 @@ static inline key_serial_t missing_request_key(const char *type, const char *des
+ #      define __NR_copy_file_range 379
+ #    elif defined __arc__
+ #      define __NR_copy_file_range 285
++#    elif defined __riscv
++#      define __NR_copy_file_range 285
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_copy_file_range systemd_SC_arch_bias(360)
+@@ -432,6 +444,8 @@ static inline ssize_t missing_copy_file_range(int fd_in, loff_t *off_in,
+ #      define __NR_bpf 351
+ #    elif defined __tilegx__
+ #      define __NR_bpf 280
++#    elif defined __riscv
++#      define __NR_bpf 280
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_bpf systemd_SC_arch_bias(355)
+@@ -479,6 +493,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      define __NR_pkey_mprotect 386
+ #    elif defined __s390__
+ #      define __NR_pkey_mprotect 384
++#    elif defined __riscv
++#      define __NR_pkey_mprotect 288
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define __NR_pkey_mprotect 4363
+@@ -489,6 +505,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      if _MIPS_SIM == _MIPS_SIM_ABI64
+ #        define __NR_pkey_mprotect 5323
+ #      endif
++#    elif defined __riscv
++#      define __NR_pkey_mprotect 288
+ #    else
+ #      warning "__NR_pkey_mprotect not defined for your architecture"
+ #    endif
+@@ -513,6 +531,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      define __NR_statx 383
+ #    elif defined __sparc__
+ #      define __NR_statx 360
++#    elif defined __riscv
++#      define __NR_statx 291
+ #    elif defined __x86_64__
+ #      define __NR_statx systemd_SC_arch_bias(332)
+ #    elif defined _MIPS_SIM
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index 35acc73..6da76d5 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -84,7 +84,7 @@ static int detect_vm_cpuid(void) {
+ }
+ 
+ static int detect_vm_device_tree(void) {
+-#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__)
++#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__) || defined(__riscv)
+         _cleanup_free_ char *hvtype = NULL;
+         int r;
+ 
+@@ -134,7 +134,7 @@ static int detect_vm_device_tree(void) {
+ }
+ 
+ static int detect_vm_dmi(void) {
+-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ 
+         static const char *const dmi_vendors[] = {
+                 "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index 3f91b75..ab61915 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -90,6 +90,8 @@ const uint32_t seccomp_local_archs[] = {
+                 SCMP_ARCH_S390X,      /* native */
+ #elif defined(__s390__)
+                 SCMP_ARCH_S390,
++#elif defined(__riscv) && __riscv_xlen == 64
++                SCMP_ARCH_RISCV64,    /* native */
+ #endif
+                 (uint32_t) -1
+         };
+@@ -135,6 +137,8 @@ const char* seccomp_arch_to_string(uint32_t c) {
+                 return "s390";
+         case SCMP_ARCH_S390X:
+                 return "s390x";
++        case SCMP_ARCH_RISCV64:
++                return "riscv64";
+         default:
+                 return NULL;
+         }
+@@ -180,6 +184,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
+                 *ret = SCMP_ARCH_S390;
+         else if (streq(n, "s390x"))
+                 *ret = SCMP_ARCH_S390X;
++        else if (streq(n, "riscv64"))
++                *ret = SCMP_ARCH_RISCV64;
+         else
+                 return -EINVAL;
+ 
+@@ -1339,6 +1345,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
+                 case SCMP_ARCH_MIPS64N32:
+                 case SCMP_ARCH_MIPSEL64:
+                 case SCMP_ARCH_MIPS64:
++                case SCMP_ARCH_RISCV64:
+                         /* These we know we support (i.e. are the ones that do not use socketcall()) */
+                         supported = true;
+                         break;
+@@ -1579,7 +1586,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp,
+ }
+ 
+ /* For known architectures, check that syscalls are indeed defined or not. */
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ assert_cc(SCMP_SYS(shmget) > 0);
+ assert_cc(SCMP_SYS(shmat) > 0);
+ assert_cc(SCMP_SYS(shmdt) > 0);
+@@ -1624,13 +1631,14 @@ int seccomp_memory_deny_write_execute(void) {
+                 case SCMP_ARCH_X86_64:
+                 case SCMP_ARCH_X32:
+                 case SCMP_ARCH_AARCH64:
+-                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32 and arm64 have only mmap */
++				case SCMP_ARCH_RISCV64:
++                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32. arm64 and riscv64 have only mmap */
+                         shmat_syscall = SCMP_SYS(shmat);
+                         break;
+ 
+                 /* Please add more definitions here, if you port systemd to other architectures! */
+ 
+-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__)
++#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !defined(__riscv)
+ #warning "Consider adding the right mmap() syscall definitions here!"
+ #endif
+                 }
+diff --git a/src/test/test-execute.c b/src/test/test-execute.c
+index 9ca0620..e673ea9 100644
+--- a/src/test/test-execute.c
++++ b/src/test/test-execute.c
+@@ -277,6 +277,9 @@ static void test_exec_personality(Manager *m) {
+ #elif defined(__aarch64__)
+         test(__func__, m, "exec-personality-aarch64.service", 0, CLD_EXITED);
+ 
++#elif defined(__riscv__) && __riscv_xlen == 64
++        test(__func__, m, "exec-personality-riscv64.service", 0, CLD_EXITED);
++
+ #elif defined(__i386__)
+         test(__func__, m, "exec-personality-x86.service", 0, CLD_EXITED);
+ #else
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index b685c2d..8647656 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -74,7 +74,8 @@ static void test_architecture_table(void) {
+                        "ppc64\0"
+                        "ppc64-le\0"
+                        "s390\0"
+-                       "s390x\0") {
++                       "s390x\0"
++                       "riscv64\0") {
+                 uint32_t c;
+ 
+                 assert_se(seccomp_arch_from_string(n, &c) >= 0);
+@@ -538,7 +539,7 @@ static void test_memory_deny_write_execute_mmap(void) {
+                 assert_se(seccomp_memory_deny_write_execute() >= 0);
+ 
+                 p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0);
+-#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+                 assert_se(p == MAP_FAILED);
+                 assert_se(errno == EPERM);
+ #endif
+@@ -602,7 +603,7 @@ static void test_memory_deny_write_execute_shmat(void) {
+ 
+                 p = shmat(shmid, NULL, SHM_EXEC);
+                 log_debug_errno(p == MAP_FAILED ? errno : 0, "shmat(SHM_EXEC): %m");
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+                 assert_se(p == MAP_FAILED);
+                 assert_se(errno == EPERM);
+ #endif
+diff --git a/test/test-execute/exec-personality-riscv64.service b/test/test-execute/exec-personality-riscv64.service
+new file mode 100644
+index 0000000..ab20396
+--- /dev/null
++++ b/test/test-execute/exec-personality-riscv64.service
+@@ -0,0 +1,7 @@
++[Unit]
++Description=Test for Personality=riscv64
++
++[Service]
++ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "riscv64")'
++Type=oneshot
++Personality=riscv64
+-- 
+2.35.1
+

0004-test-path-use-Type-exec.patch

@@ -1,94 +0,0 @@
-From 1a83d7234e374e991235f4ef21c56998f93cb875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 14 Sep 2020 08:58:54 +0200
-Subject: [PATCH 4/4] test-path: use Type=exec
-
-In general, Type=exec is superior to Type=simple. Let's not assume that
-the service is started before it was really started.
----
- test/test-path/path-changed.service           | 2 +-
- test/test-path/path-directorynotempty.service | 2 +-
- test/test-path/path-exists.service            | 2 +-
- test/test-path/path-existsglob.service        | 2 +-
- test/test-path/path-makedirectory.service     | 2 +-
- test/test-path/path-modified.service          | 2 +-
- test/test-path/path-mycustomunit.service      | 2 +-
- 7 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/test/test-path/path-changed.service b/test/test-path/path-changed.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-changed.service
-+++ b/test/test-path/path-changed.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-directorynotempty.service b/test/test-path/path-directorynotempty.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-directorynotempty.service
-+++ b/test/test-path/path-directorynotempty.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-exists.service b/test/test-path/path-exists.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-exists.service
-+++ b/test/test-path/path-exists.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-existsglob.service b/test/test-path/path-existsglob.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-existsglob.service
-+++ b/test/test-path/path-existsglob.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-makedirectory.service b/test/test-path/path-makedirectory.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-makedirectory.service
-+++ b/test/test-path/path-makedirectory.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-modified.service b/test/test-path/path-modified.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-modified.service
-+++ b/test/test-path/path-modified.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-mycustomunit.service b/test/test-path/path-mycustomunit.service
-index bcdafe4f30..8fbc40d13f 100644
---- a/test/test-path/path-mycustomunit.service
-+++ b/test/test-path/path-mycustomunit.service
-@@ -3,5 +3,5 @@ Description=Service Test Path Unit
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true

sources

@@ -1 +1 @@
-SHA512 (systemd-246.6.tar.gz) = 1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9
+SHA512 (systemd-246.15.tar.gz) = 71c8afb9de149b9f4b2f63c7a84e2ce2d897e90570692eaa75d8c99c345ad6cfc9717f93844ff1f582f65b7bdbb1166de1d4574cf6f4329edda8920a6c6bf536

split-files.py

@@ -72,12 +72,10 @@ for file in files(buildroot):
                        /machine.slice|
                        /machines.target|
                        var-lib-machines.mount|
-                       network/80-container|
-                       network/80-vm|
                        org.freedesktop.(import|machine)1
     ''', n, re.X):
         o = o_container
-    elif re.search(r'''/usr/lib/systemd/network/..-wifi|
+    elif re.search(r'''/usr/lib/systemd/network/80-|
                        networkd|
                        networkctl|
                        org.freedesktop.network1

systemd.spec

@@ -20,8 +20,8 @@
 
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
-Version:        246.6
-Release:        3%{?dist}
+Version:        246.15
+Release:        1.0.riscv64%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -74,13 +74,14 @@ Patch0001:      use-bfq-scheduler.patch
 Patch0002:      0001-Revert-test-path-increase-timeout.patch
 Patch0003:      0002-test-path-more-debugging-information.patch
 Patch0004:      0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch
-Patch0005:      0004-test-path-use-Type-exec.patch
 
 Patch0006:      0001-test-acl-util-output-more-debug-info.patch
 Patch0007:      0001-Do-not-assert-in-test_add_acls_for_user.patch
 
 Patch0009:      https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
 
+Patch0040:      0001-Add-riscv-SECCOMP-support.patch
+
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
 %endif
@@ -140,8 +141,12 @@ BuildRequires:  libseccomp-devel
 BuildRequires:  meson >= 0.43
 BuildRequires:  gettext
 # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
+%ifarch %{valgrind_arches}
 BuildRequires:  valgrind-devel
+%endif
 BuildRequires:  pkgconfig(bash-completion)
+BuildRequires:  perl
+BuildRequires:  perl(IPC::SysV)
 
 Requires(post): coreutils
 Requires(post): sed
@@ -319,17 +324,16 @@ This package contains systemd-journal-gatewayd,
 systemd-journal-remote, and systemd-journal-upload.
 
 %package networkd
-Summary:        A system service that manages network configurations
+Summary:        System daemon that manages network configurations
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 License:        LGPLv2+
 # https://src.fedoraproject.org/rpms/systemd/pull-request/34
 Obsoletes:      systemd < 246.6-2
 
 %description networkd
-%{summary}.
-
-It detects and configures network devices as they appear,
-as well as creating virtual network devices.
+systemd-networkd is a system service that manages networks. It detects
+and configures network devices as they appear, as well as creating virtual
+network devices.
 
 %package tests
 Summary:       Internal unit tests for systemd
@@ -369,6 +373,7 @@ CONFIGURE_OPTS=(
         -Dsysvinit-path=/etc/rc.d/init.d
         -Drc-local=/etc/rc.d/rc.local
         -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
+        -Ddns-servers=
         -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
         -Dservice-watchdog=
         -Ddev-kvm-mode=0666
@@ -602,9 +607,6 @@ getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2
 getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || :
 getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || :
 
-getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
-getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
-
 getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || :
 getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || :
 
@@ -665,7 +667,17 @@ systemctl --global preset-all &>/dev/null || :
 # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
 # does not do this, because it's marked with ! and we don't specify --boot.)
 # https://bugzilla.redhat.com/show_bug.cgi?id=1873856
-if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
+#
+# If systemd is not running, don't overwrite the symlink because that
+# will immediately break DNS resolution, since systemd-resolved is
+# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847).
+#
+# Also don't creat the symlink to the stub when the stub is disabled (#1891847 again).
+if test -d /run/systemd/system/ &&
+   systemctl -q is-enabled systemd-resolved.service &>/dev/null &&
+   ! mountpoint /etc/resolv.conf &>/dev/null &&
+   ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \
+        grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then
   ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 fi
 
@@ -689,6 +701,7 @@ systemctl --no-reload preset systemd-resolved.service &>/dev/null || :
 if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
   systemctl -q is-enabled NetworkManager.service 2>/dev/null && \
   ! test -L /etc/resolv.conf 2>/dev/null && \
+  ! mountpoint /etc/resolv.conf &>/dev/null && \
   grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \
   echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \
   mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \
@@ -813,14 +826,29 @@ fi
 %systemd_postun_with_restart systemd-journal-upload.service
 %firewalld_reload
 
-%preun networkd
-if [ $1 -eq 0 ] ; then
-        systemctl disable --quiet \
-                systemd-networkd.service \
-                systemd-networkd-wait-online.service \
-                >/dev/null || :
+%pre networkd
+getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
+getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
+
+%post networkd
+# systemd-networkd was split out in systemd-246.6-2.
+# Ideally, we would have a trigger scriptlet to record enablement
+# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS,
+# rpm doesn't allow us to trigger on another package, short of
+# querying the rpm database ourselves, which seems risky. For rpm,
+# systemd and systemd-networkd are completely unrelated.  So let's use
+# a hack to detect if an old systemd version is currently present in
+# the file system.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1943263
+if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then
+    echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd."
+else
+    %systemd_post systemd-networkd.service systemd-networkd-wait-online.service
 fi
 
+%preun networkd
+%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service
+
 %global _docdir_fmt %{name}
 
 %files -f %{name}.lang -f .file-list-rest
@@ -868,6 +896,68 @@ fi
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
 %changelog
+* Fri Jun 10 2022 David Abdurachmanov <davidlt@rivosinc.com> - 246.15-1.0.riscv64
+- Add SECCOMP support for RISC-V 64-bit (riscv64)
+
+* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.15-1
+- Various correctness and potential crash fixes (systemd-journald,
+  udev, systemctl, systemd, systemd-tmpfiles, systemd-resolved)
+- Better handling of very long sysfs paths
+- Compilation fixes for updated glibc and kernel headers
+- Addition of new syscalls to seccomp filters
+- Latvian and Spanish/Dvorak keyboard mappings
+- Shell completion fixes
+- Ignore FORCERENEW DHCP messages in systemd-networkd (TALOS-2020-1142,
+  CVE-2020-13529, #1959398)
+- by-uuid symlinks for ubifs volumes are now created
+- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to
+  crash systemd and cause the system to reboot by creating a very long
+  fuse mountpoint path.
+
+* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.14-1
+- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service
+  on upgrades from before systemd-networkd was split out (#1943263)
+- A bunch of patches for systemd-resolved (#1944171, #1949670)
+- Fix for systemd-tmpfiles (#1944468)
+- Various fixes for systemd, systemd-run, systemd-networkd, bootctl,
+  the shutdown sequence, documentation, logging, libsystemd, and shell
+  completions.
+
+* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.13-1
+- Revert patch that seems to cause problems with dns resolution
+- A few minor fixes
+
+* Tue Mar 23 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.12-1
+- Latest bugfix release (#1941335, some documentation and
+  minor memory-access-correctness fixes).
+- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335)
+
+* Fri Mar 12 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.11-1
+- Latest bugfix release (#1933137, #1935084).
+
+* Tue Feb  2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.10-1
+- Latest bugfix release (#1903106, #1895937).
+- Fixes #1813219.
+
+* Mon Jan  4 2021 Owen Taylor <otaylor@redhat.com> - 246.9-3
+- Fix nss-resolve to properly fallback in a Flatpak sandbox
+
+* Sat Jan  2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.9-2
+- Fix bfq patch again (#1813219)
+
+* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.9-1
+- Minor stable release
+
+* Tue Dec  8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.7-2
+- Rebuild with fallback hostname change reverted.
+
+* Tue Dec  8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.7-1
+- Update to latest stable release. Unfortunately this contains
+  a fairly large number of patches for a stable release (180+).
+  Fixes rhbz#1879216, rhbz#1890632, rhbz#1891847, rhbz#1885101.
+- Unset fallback-hostname as plenty of applications expected localhost
+  to mean "default hostname" without ever standardising it (#1892235)
+
 * Wed Sep 30 2020 Dusty Mabe <dusty@dustymabe.com> - 246.6-3
 - Try to make files in subpackages (especially the networkd subpackage)
   more appropriate.
@@ -889,6 +979,8 @@ fi
 - Update to latest stable release (a bunch of small network-related
   fixes in systemd-networkd and socket handling, documentation updates,
   a bunch of fixes for error handling).
+
+* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.4-2
 - Also remove existing file when creating /etc/resolv.conf symlink
   upon installation (#1873856 again)
 

use-bfq-scheduler.patch

@@ -20,11 +20,12 @@ new file mode 100644
 index 0000000000..480b941761
 --- /dev/null
 +++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,5 @@
+@@ -0,0 +1,6 @@
 +# do not edit this file, it will be overwritten on update
 +
 +ACTION=="add", SUBSYSTEM=="block", \
 +  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
++  ENV{DEVTYPE}=="disk", \
 +  ATTR{queue/scheduler}="bfq"
 diff --git a/rules.d/meson.build b/rules.d/meson.build
 index ca4445d774..38d6aa6970 100644