Version 249.13

This reverts commit 4b8edcc3e2.

.gitignore

@@ -1,4 +1,5 @@
 *~
+/.mail.list
 /systemd-*/
 /.build-*.log
 /x86_64/

.zuul.yaml

@@ -0,0 +1,5 @@
+- project:
+    vars:
+      install_repo_exclude:
+        - systemd-standalone-tmpfiles
+        - systemd-standalone-sysuser

0001-rpm-don-t-specify-the-full-path-for-systemctl-and-ot.patch

@@ -0,0 +1,247 @@
+From aa56d0bbcef9c2f32845203b50df92492717fea6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 7 Jul 2021 14:02:36 +0200
+Subject: [PATCH 1/6] rpm: don't specify the full path for systemctl and other
+ commands
+
+We can make things a bit simpler and more readable by not specifying the path.
+Since we didn't specify the full path for all commands (including those invoked
+recursively by anythign we invoke), this didn't really privide any security or
+robustness benefits. I guess that full paths were used because this style of
+rpm packagnig was popular in the past, with macros used for everything
+possible, with special macros for common commands like %{__ln} and %{__mkdir}.
+---
+ src/rpm/macros.systemd.in      | 24 ++++++++++++------------
+ src/rpm/triggers.systemd.in    | 18 +++++++++---------
+ src/rpm/triggers.systemd.sh.in | 18 +++++++++---------
+ 3 files changed, 30 insertions(+), 30 deletions(-)
+
+diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
+index 3a0169a85f..3129ab2d61 100644
+--- a/src/rpm/macros.systemd.in
++++ b/src/rpm/macros.systemd.in
+@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \
+ 
+ %systemd_post() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \
+-if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \
++if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \
+     # Initial installation \
+-    %{_bindir}/systemctl --no-reload preset %{?*} || : \
++    systemctl --no-reload preset %{?*} || : \
+ fi \
+ %{nil}
+ 
+@@ -56,21 +56,21 @@ fi \
+ 
+ %systemd_preun() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \
+-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \
++if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \
+     # Package removal, not upgrade \
+     if [ -d /run/systemd/system ]; then \
+-          %{_bindir}/systemctl --no-reload disable --now %{?*} || : \
++          systemctl --no-reload disable --now %{?*} || : \
+     else \
+-          %{_bindir}/systemctl --no-reload disable %{?*} || : \
++          systemctl --no-reload disable %{?*} || : \
+     fi \
+ fi \
+ %{nil}
+ 
+ %systemd_user_preun() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \
+-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \
++if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \
+     # Package removal, not upgrade \
+-    %{_bindir}/systemctl --global disable %{?*} || : \
++    systemctl --global disable %{?*} || : \
+ fi \
+ %{nil}
+ 
+@@ -84,10 +84,10 @@ fi \
+ 
+ %systemd_postun_with_restart() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \
+-if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \
++if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \
+     # Package upgrade, not uninstall \
+     for unit in %{?*}; do \
+-         %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \
++        systemctl set-property $unit Markers=+needs-restart || : \
+     done \
+ fi \
+ %{nil}
+@@ -105,17 +105,17 @@ fi \
+ # Deprecated. Use %tmpfiles_create_package instead
+ %tmpfiles_create() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \
+-[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \
++command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \
+ %{nil}
+ 
+ # Deprecated. Use %sysusers_create_package instead
+ %sysusers_create() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \
+-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \
++command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \
+ %{nil}
+ 
+ %sysusers_create_inline() \
+-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - <<SYSTEMD_INLINE_EOF || : \
++command -v systemd-sysusers >/dev/null && systemd-sysusers - <<SYSTEMD_INLINE_EOF || : \
+ %{?*} \
+ SYSTEMD_INLINE_EOF\
+ %{nil}
+diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in
+index c10112fe54..483207e58c 100644
+--- a/src/rpm/triggers.systemd.in
++++ b/src/rpm/triggers.systemd.in
+@@ -16,14 +16,14 @@
+ if posix.access("/run/systemd/system") then
+     pid = posix.fork()
+     if pid == 0 then
+-        assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))
++        assert(posix.execp("systemctl", "daemon-reload"))
+     elseif pid > 0 then
+         posix.wait(pid)
+     end
+ 
+     pid = posix.fork()
+     if pid == 0 then
+-        assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked"))
++        assert(posix.execp("systemctl", "reload-or-restart", "--marked"))
+     elseif pid > 0 then
+         posix.wait(pid)
+     end
+@@ -38,7 +38,7 @@ end
+ if posix.access("/run/systemd/system") then
+     pid = posix.fork()
+     if pid == 0 then
+-        assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))
++        assert(posix.execp("systemctl", "daemon-reload"))
+     elseif pid > 0 then
+         posix.wait(pid)
+     end
+@@ -49,7 +49,7 @@ end
+ if posix.access("/run/systemd/system") then
+     pid = posix.fork()
+     if pid == 0 then
+-        assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked"))
++        assert(posix.execp("systemctl", "reload-or-restart", "--marked"))
+     elseif pid > 0 then
+         posix.wait(pid)
+     end
+@@ -61,7 +61,7 @@ end
+ -- will run before the tmpfiles file trigger.
+ pid = posix.fork()
+ if pid == 0 then
+-    assert(posix.exec("%{_bindir}/systemd-sysusers"))
++    assert(posix.execp("systemd-sysusers"))
+ elseif pid > 0 then
+     posix.wait(pid)
+ end
+@@ -71,7 +71,7 @@ end
+ -- installed or updated in {{UDEV_HWDB_DIR}}.
+ pid = posix.fork()
+ if pid == 0 then
+-    assert(posix.exec("%{_bindir}/systemd-hwdb", "update"))
++    assert(posix.execp("systemd-hwdb", "update"))
+ elseif pid > 0 then
+     posix.wait(pid)
+ end
+@@ -81,7 +81,7 @@ end
+ -- have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
+ pid = posix.fork()
+ if pid == 0 then
+-    assert(posix.exec("%{_bindir}/journalctl", "--update-catalog"))
++    assert(posix.execp("journalctl", "--update-catalog"))
+ elseif pid > 0 then
+     posix.wait(pid)
+ end
+@@ -105,7 +105,7 @@ end
+ if posix.access("/run/systemd/system") then
+     pid = posix.fork()
+     if pid == 0 then
+-        assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create"))
++        assert(posix.execp("systemd-tmpfiles", "--create"))
+     elseif pid > 0 then
+         posix.wait(pid)
+     end
+@@ -117,7 +117,7 @@ end
+ if posix.access("/run/systemd/system") then
+     pid = posix.fork()
+     if pid == 0 then
+-        assert(posix.exec("%{_bindir}/udevadm", "control", "--reload"))
++        assert(posix.execp("udevadm", "control", "--reload"))
+     elseif pid > 0 then
+         posix.wait(pid)
+     end
+diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in
+index e746c316d3..f8c4514313 100644
+--- a/src/rpm/triggers.systemd.sh.in
++++ b/src/rpm/triggers.systemd.sh.in
+@@ -15,8 +15,8 @@
+ # installed, because other cases are covered by the *un scriptlets,
+ # so sometimes we will reload needlessly.
+ if test -d "/run/systemd/system"; then
+-  %{_bindir}/systemctl daemon-reload || :
+-  %{_bindir}/systemctl reload-or-restart --marked || :
++  systemctl daemon-reload || :
++  systemctl reload-or-restart --marked || :
+ fi
+ 
+ %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+@@ -26,30 +26,30 @@ fi
+ # have been installed, but before %postun scripts in packages get
+ # executed.
+ if test -d "/run/systemd/system"; then
+-  %{_bindir}/systemctl daemon-reload || :
++  systemctl daemon-reload || :
+ fi
+ 
+ %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+ # We restart remaining services that should be restarted here.
+ if test -d "/run/systemd/system"; then
+-  %{_bindir}/systemctl reload-or-restart --marked || :
++  systemctl reload-or-restart --marked || :
+ fi
+ 
+ %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
+ # This script will process files installed in {{SYSUSERS_DIR}} to create
+ # specified users automatically. The priority is set such that it
+ # will run before the tmpfiles file trigger.
+-%{_bindir}/systemd-sysusers || :
++systemd-sysusers || :
+ 
+ %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}}
+ # This script will automatically invoke hwdb update if files have been
+ # installed or updated in {{UDEV_HWDB_DIR}}.
+-%{_bindir}/systemd-hwdb update || :
++systemd-hwdb update || :
+ 
+ %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}}
+ # This script will automatically invoke journal catalog update if files
+ # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.
+-%{_bindir}/journalctl --update-catalog || :
++journalctl --update-catalog || :
+ 
+ %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}}
+ # This script will automatically apply binfmt rules if files have been
+@@ -65,14 +65,14 @@ fi
+ # tmpfiles automatically. The priority is set such that it will run
+ # after the sysusers file trigger, but before any other triggers.
+ if test -d "/run/systemd/system"; then
+-  %{_bindir}/systemd-tmpfiles --create || :
++  systemd-tmpfiles --create || :
+ fi
+ 
+ %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}}
+ # This script will automatically update udev with new rules if files
+ # have been installed or updated in {{UDEV_RULES_DIR}}.
+ if test -e /run/udev/control; then
+-  %{_bindir}/udevadm control --reload || :
++  udevadm control --reload || :
+ fi
+ 
+ %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}}

0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch

@@ -1,70 +0,0 @@
-From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 12 Nov 2020 14:28:24 +0100
-Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
- fails
-
-This test fails on i686 and ppc64le in koji:
-/* test_path */
-Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
-
-I guess some permission error is the most likely.
----
- src/test/test-path-util.c | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
-index f4f8d0550b..be428334f3 100644
---- a/src/test/test-path-util.c
-+++ b/src/test/test-path-util.c
-@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
- }
- 
- static void test_path(void) {
--        _cleanup_close_ int fd = -1;
--
-         log_info("/* %s */", __func__);
- 
-         test_path_compare("/goo", "/goo", 0);
-@@ -80,10 +78,6 @@ static void test_path(void) {
-         assert_se(streq(basename("/aa///file..."), "file..."));
-         assert_se(streq(basename("file.../"), ""));
- 
--        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
--        assert_se(fd >= 0);
--        assert_se(fd_is_mount_point(fd, "/", 0) > 0);
--
-         test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
-         test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
-         test_path_simplify("///", "/", "/");
-@@ -120,6 +114,22 @@ static void test_path(void) {
-         assert_se(!path_equal_ptr(NULL, "/a"));
- }
- 
-+static void test_path_is_mountpoint(void) {
-+        _cleanup_close_ int fd = -1;
-+        int r;
-+
-+        log_info("/* %s */", __func__);
-+
-+        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
-+        assert_se(fd >= 0);
-+
-+        r = fd_is_mount_point(fd, "/", 0);
-+        if (r < 0)
-+                log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
-+        else
-+                assert_se(r == 1);
-+}
-+
- static void test_path_equal_root(void) {
-         /* Nail down the details of how path_equal("/", ...) works. */
- 
-@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
- 
-         test_print_paths();
-         test_path();
-+        test_path_is_mountpoint();
-         test_path_equal_root();
-         test_find_executable_full();
-         test_find_executable(argv[0]);

0001-test-path-util-ignore-test-failure.patch

@@ -1,33 +0,0 @@
-From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 12 Nov 2020 15:06:12 +0100
-Subject: [PATCH] test-path-util: ignore test failure
-
----
- src/test/test-path-util.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
-index be428334f3..207c659b8b 100644
---- a/src/test/test-path-util.c
-+++ b/src/test/test-path-util.c
-@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
- 
-         log_info("/* %s */", __func__);
- 
-+        (void) system("uname -a");
-+        (void) system("mountpoint /");
-+
-         fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
-         assert_se(fd >= 0);
- 
-         r = fd_is_mount_point(fd, "/", 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
--        else
--                assert_se(r == 1);
-+        else if (r == 0)
-+                log_warning("/ is not a mountpoint?");
- }
- 
- static void test_path_equal_root(void) {

0002-rpm-use-a-helper-script-to-actually-invoke-systemctl.patch

@@ -0,0 +1,332 @@
+From bbfbe1c31046d53640ebb4ef4e4820614fd0864e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 22 Jul 2021 11:22:33 +0200
+Subject: [PATCH 2/6] rpm: use a helper script to actually invoke systemctl
+ commands
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Instead of embedding the commands to invoke directly in the macros,
+let's use a helper script as indirection. This has a couple of advantages:
+
+- the macro language is awkward, we need to suffix most commands by "|| :"
+  and "\", which is easy to get wrong. In the new scheme, the macro becomes
+  a single simple command.
+- in the script we can use normal syntax highlighting, shellcheck, etc.
+- it's also easier to test the invoked commands by invoking the helper
+  manually.
+- most importantly, the logic is contained in the helper, i.e. we can
+  update systemd rpm and everything uses the new helper. Before, we would
+  have to rebuild all packages to update the macro definition.
+
+This raises the question whether it makes sense to use the lua scriptlets when
+the real work is done in a bash script. I think it's OK: we still have the
+efficient lua scripts that do the short scripts, and we use a single shared
+implementation in bash to do the more complex stuff.
+
+The meson version is raised to 0.47 because that's needed for install_mode.
+We were planning to raise the required version anyway…
+---
+ README                           |  2 +-
+ meson.build                      |  3 +-
+ src/rpm/macros.systemd.in        | 30 ++++++++--------
+ src/rpm/meson.build              | 13 ++++---
+ src/rpm/systemd-update-helper.in | 60 ++++++++++++++++++++++++++++++++
+ src/rpm/triggers.systemd.in      | 43 ++++++++---------------
+ src/rpm/triggers.systemd.sh.in   | 13 ++-----
+ 7 files changed, 105 insertions(+), 59 deletions(-)
+ create mode 100755 src/rpm/systemd-update-helper.in
+
+diff --git a/README b/README
+index 9e5bcab830..2b759e7f5a 100644
+--- a/README
++++ b/README
+@@ -195,7 +195,7 @@ REQUIREMENTS:
+         python-jinja2
+         python-lxml (optional, required to build the indices)
+         python >= 3.5
+-        meson >= 0.46 (>= 0.49 is required to build position-independent executables)
++        meson >= 0.47 (>= 0.49 is required to build position-independent executables)
+         ninja
+         gcc, awk, sed, grep, and similar tools
+         clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs
+diff --git a/meson.build b/meson.build
+index ece21fbd10..5962371e49 100644
+--- a/meson.build
++++ b/meson.build
+@@ -10,7 +10,7 @@ project('systemd', 'c',
+                 'localstatedir=/var',
+                 'warning_level=2',
+         ],
+-        meson_version : '>= 0.46',
++        meson_version : '>= 0.47',
+        )
+ 
+ libsystemd_version = '0.32.0'
+@@ -253,6 +253,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH',               join_paths(rootlib
+ conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH',           join_paths(bindir, 'systemd-stdio-bridge'))
+ conf.set_quoted('SYSTEMD_TEST_DATA',                          join_paths(testsdir, 'testdata'))
+ conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent'))
++conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH',                 join_paths(rootlibexecdir, 'systemd-update-helper'))
+ conf.set_quoted('SYSTEMD_USERWORK_PATH',                      join_paths(rootlibexecdir, 'systemd-userwork'))
+ conf.set_quoted('SYSTEMD_VERITYSETUP_PATH',                   join_paths(rootlibexecdir, 'systemd-veritysetup'))
+ conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR',                     join_paths(pkgsysconfdir, 'system'))
+diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
+index 3129ab2d61..bbdf036da7 100644
+--- a/src/rpm/macros.systemd.in
++++ b/src/rpm/macros.systemd.in
+@@ -46,31 +46,33 @@ OrderWithRequires(postun): systemd \
+ 
+ %systemd_post() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \
+-if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \
++if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
+     # Initial installation \
+-    systemctl --no-reload preset %{?*} || : \
++    {{SYSTEMD_UPDATE_HELPER_PATH}} install-system-units %{?*} || : \
+ fi \
+ %{nil}
+ 
+-%systemd_user_post() %{expand:%systemd_post \\--global %%{?*}}
++%systemd_user_post() \
++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_post}} \
++if [ $1 -eq 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
++    # Initial installation \
++    {{SYSTEMD_UPDATE_HELPER_PATH}} install-user-units %{?*} || : \
++fi \
++%{nil}
+ 
+ %systemd_preun() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \
+-if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \
++if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
+     # Package removal, not upgrade \
+-    if [ -d /run/systemd/system ]; then \
+-          systemctl --no-reload disable --now %{?*} || : \
+-    else \
+-          systemctl --no-reload disable %{?*} || : \
+-    fi \
++    {{SYSTEMD_UPDATE_HELPER_PATH}} remove-system-units %{?*} || : \
+ fi \
+ %{nil}
+ 
+ %systemd_user_preun() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \
+-if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \
++if [ $1 -eq 0 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
+     # Package removal, not upgrade \
+-    systemctl --global disable %{?*} || : \
++    {{SYSTEMD_UPDATE_HELPER_PATH}} remove-user-units %{?*} || : \
+ fi \
+ %{nil}
+ 
+@@ -84,11 +86,9 @@ fi \
+ 
+ %systemd_postun_with_restart() \
+ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \
+-if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \
++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
+     # Package upgrade, not uninstall \
+-    for unit in %{?*}; do \
+-        systemctl set-property $unit Markers=+needs-restart || : \
+-    done \
++    {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \
+ fi \
+ %{nil}
+ 
+diff --git a/src/rpm/meson.build b/src/rpm/meson.build
+index fc72fee73c..2ad3308cc1 100644
+--- a/src/rpm/meson.build
++++ b/src/rpm/meson.build
+@@ -1,9 +1,13 @@
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+ 
+ in_files = [
+-        ['macros.systemd',      rpmmacrosdir != 'no'],
+-        ['triggers.systemd',    false],
+-        ['triggers.systemd.sh', false]]
++        ['macros.systemd',        rpmmacrosdir != 'no', rpmmacrosdir],
++
++        # we conditionalize on rpmmacrosdir, but install into rootlibexecdir
++        ['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir, 'rwxr-xr-x'],
++
++        ['triggers.systemd',      false],
++        ['triggers.systemd.sh',   false]]
+ 
+ # The last two don't get installed anywhere, one of them needs to included in
+ # the rpm spec file definition instead.
+@@ -17,6 +21,7 @@ foreach tuple : in_files
+                 command : [meson_render_jinja2, config_h, '@INPUT@'],
+                 capture : true,
+                 install : tuple[1],
+-                install_dir : rpmmacrosdir,
++                install_dir : tuple.length() > 2 ? tuple[2] : '',
++                install_mode : tuple.length() > 3 ? tuple[3] : false,
+                 build_by_default : true)
+ endforeach
+diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
+new file mode 100755
+index 0000000000..9fa49fa131
+--- /dev/null
++++ b/src/rpm/systemd-update-helper.in
+@@ -0,0 +1,60 @@
++#!/bin/bash
++set -eu
++set -o pipefail
++
++command="${1:?}"
++shift
++
++command -v systemctl >/dev/null || exit 0
++
++case "$command" in
++    install-system-units)
++        systemctl --no-reload preset "$@"
++        ;;
++
++    install-user-units)
++        systemctl --no-reload preset --global "$@"
++        ;;
++
++    remove-system-units)
++        if [ -d /run/systemd/system ]; then
++            systemctl --no-reload disable --now "$@"
++        else
++            systemctl --no-reload disable "$@"
++        fi
++        ;;
++
++    remove-user-units)
++        systemctl --global disable "$@"
++        ;;
++
++    mark-restart-system-units)
++        [ -d /run/systemd/system ] || exit 0
++
++        for unit in "$@"; do
++            systemctl set-property "$unit" Markers=+needs-restart || :
++        done
++        ;;
++
++    system-reload-restart|system-reload|system-restart)
++        if [ -n "$*" ]; then
++            echo "Unexpected arguments for '$command': $*"
++            exit 2
++        fi
++
++        [ -d /run/systemd/system ] || exit 0
++
++        if [[ "$command" =~ reload ]]; then
++            systemctl daemon-reload
++        fi
++
++        if [[ "$command" =~ restart ]]; then
++            systemctl reload-or-restart --marked
++        fi
++        ;;
++
++    *)
++        echo "Unknown verb '$command'"
++        exit 3
++        ;;
++esac
+diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in
+index 483207e58c..f56c80c7ca 100644
+--- a/src/rpm/triggers.systemd.in
++++ b/src/rpm/triggers.systemd.in
+@@ -13,20 +13,11 @@
+ -- upgraded. We care about the case where a package is initially
+ -- installed, because other cases are covered by the *un scriptlets,
+ -- so sometimes we will reload needlessly.
+-if posix.access("/run/systemd/system") then
+-    pid = posix.fork()
+-    if pid == 0 then
+-        assert(posix.execp("systemctl", "daemon-reload"))
+-    elseif pid > 0 then
+-        posix.wait(pid)
+-    end
+-
+-    pid = posix.fork()
+-    if pid == 0 then
+-        assert(posix.execp("systemctl", "reload-or-restart", "--marked"))
+-    elseif pid > 0 then
+-        posix.wait(pid)
+-    end
++pid = posix.fork()
++if pid == 0 then
++    assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload-restart"))
++elseif pid > 0 then
++    posix.wait(pid)
+ end
+ 
+ %transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+@@ -35,24 +26,20 @@ end
+ -- On upgrade, we need to run daemon-reload after any new unit files
+ -- have been installed, but before %postun scripts in packages get
+ -- executed.
+-if posix.access("/run/systemd/system") then
+-    pid = posix.fork()
+-    if pid == 0 then
+-        assert(posix.execp("systemctl", "daemon-reload"))
+-    elseif pid > 0 then
+-        posix.wait(pid)
+-    end
++pid = posix.fork()
++if pid == 0 then
++    assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-reload"))
++elseif pid > 0 then
++    posix.wait(pid)
+ end
+ 
+ %transfiletriggerpostun -P 10000 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+ -- We restart remaining services that should be restarted here.
+-if posix.access("/run/systemd/system") then
+-    pid = posix.fork()
+-    if pid == 0 then
+-        assert(posix.execp("systemctl", "reload-or-restart", "--marked"))
+-    elseif pid > 0 then
+-        posix.wait(pid)
+-    end
++pid = posix.fork()
++if pid == 0 then
++    assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart"))
++elseif pid > 0 then
++    posix.wait(pid)
+ end
+ 
+ %transfiletriggerin -P 100700 -p <lua> -- {{SYSUSERS_DIR}}
+diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in
+index f8c4514313..3b35a4b5c6 100644
+--- a/src/rpm/triggers.systemd.sh.in
++++ b/src/rpm/triggers.systemd.sh.in
+@@ -14,10 +14,7 @@
+ # upgraded. We care about the case where a package is initially
+ # installed, because other cases are covered by the *un scriptlets,
+ # so sometimes we will reload needlessly.
+-if test -d "/run/systemd/system"; then
+-  systemctl daemon-reload || :
+-  systemctl reload-or-restart --marked || :
+-fi
++{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || :
+ 
+ %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+ # On removal, we need to run daemon-reload after any units have been
+@@ -25,15 +22,11 @@ fi
+ # On upgrade, we need to run daemon-reload after any new unit files
+ # have been installed, but before %postun scripts in packages get
+ # executed.
+-if test -d "/run/systemd/system"; then
+-  systemctl daemon-reload || :
+-fi
++{{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || :
+ 
+ %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+ # We restart remaining services that should be restarted here.
+-if test -d "/run/systemd/system"; then
+-  systemctl reload-or-restart --marked || :
+-fi
++{{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || :
+ 
+ %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
+ # This script will process files installed in {{SYSUSERS_DIR}} to create

0003-rpm-call-needs-restart-in-parallel.patch

@@ -0,0 +1,30 @@
+From bc587d08416e3517b82b764798866154caa11085 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 22 Jul 2021 11:28:36 +0200
+Subject: [PATCH 3/6] rpm: call +needs-restart in parallel
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some rpms install a bunch of units… It seems nicer to invoke them all in
+parallel. In particular, timeouts in systemctl also run in parallel, so if
+there's some communication mishap, we will wait less.
+---
+ src/rpm/systemd-update-helper.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
+index 9fa49fa131..f3c75b75fa 100755
+--- a/src/rpm/systemd-update-helper.in
++++ b/src/rpm/systemd-update-helper.in
+@@ -32,8 +32,9 @@ case "$command" in
+         [ -d /run/systemd/system ] || exit 0
+ 
+         for unit in "$@"; do
+-            systemctl set-property "$unit" Markers=+needs-restart || :
++            systemctl set-property "$unit" Markers=+needs-restart &
+         done
++        wait
+         ;;
+ 
+     system-reload-restart|system-reload|system-restart)

0004-rpm-restart-user-services-at-the-end-of-the-transact.patch

@@ -0,0 +1,254 @@
+From eb458aa5f37496059540e1db47f8b4f1c69ef206 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 7 Jul 2021 14:37:57 +0200
+Subject: [PATCH 4/6] rpm: restart user services at the end of the transaction
+
+This closes an important gap: so far we would reexecute the system manager and
+restart system services that were configured to do so, but we wouldn't do the
+same for user managers or user services.
+
+The scheme used for user managers is very similar to the system one, except
+that there can be multiple user managers running, so we query the system
+manager to get a list of them, and then tell each one to do the equivalent
+operations: daemon-reload, disable --now, set-property Markers=+needs-restart,
+reload-or-restart --marked.
+
+The total time that can be spend on this is bounded: we execute the commands in
+parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT
+to a lower value (15 s by default). User managers should not have too many
+units running, and they should be able to do all those operations very
+quickly (<< 1s). The final restart operation may take longer, but it's done
+asynchronously, so we only wait for the queuing to happen.
+
+The advantage of doing this synchronously is that we can wait for each step to
+happen, and for example daemon-reloads can finish before we execute the service
+restarts, etc. We can also order various steps wrt. to the phases in the rpm
+transaction.
+
+When this was initially proposed, we discussed a more relaxed scheme with bus
+property notifications. Such an approach would be more complex because a bunch
+of infrastructure would have to be added to system manager to propagate
+appropriate notifications to the user managers, and then the user managers
+would have to wait for them. Instead, now there is no new code in the managers,
+all new functionality is contained in src/rpm/. The ability to call 'systemctl
+--user user@' makes this approach very easy. Also, it would be very hard to
+order the user manager steps and the rpm transaction steps.
+
+Note: 'systemctl --user disable' is only called for a user managers that are
+running. I don't see a nice way around this, and it shouldn't matter too much:
+we'll just leave a dangling symlink in the case where the user enabled the
+service manually.
+
+A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and
+fa97d2fcf64e0558054bee673f734f523373b146.
+---
+ meson.build                      |  1 +
+ meson_options.txt                |  2 ++
+ src/rpm/macros.systemd.in        |  6 +++-
+ src/rpm/systemd-update-helper.in | 47 ++++++++++++++++++++++++++++++++
+ src/rpm/triggers.systemd.in      | 28 ++++++++++++++++++-
+ src/rpm/triggers.systemd.sh.in   | 13 ++++++++-
+ 6 files changed, 94 insertions(+), 3 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 5962371e49..e185c27750 100644
+--- a/meson.build
++++ b/meson.build
+@@ -270,6 +270,7 @@ conf.set_quoted('TMPFILES_DIR',                               tmpfilesdir)
+ conf.set_quoted('UDEVLIBEXECDIR',                             udevlibexecdir)
+ conf.set_quoted('UDEV_HWDB_DIR',                              udevhwdbdir)
+ conf.set_quoted('UDEV_RULES_DIR',                             udevrulesdir)
++conf.set_quoted('UPDATE_HELPER_USER_TIMEOUT',                 get_option('update-helper-user-timeout'))
+ conf.set_quoted('USER_CONFIG_UNIT_DIR',                       join_paths(pkgsysconfdir, 'user'))
+ conf.set_quoted('USER_DATA_UNIT_DIR',                         userunitdir)
+ conf.set_quoted('USER_ENV_GENERATOR_DIR',                     userenvgeneratordir)
+diff --git a/meson_options.txt b/meson_options.txt
+index 2f0f4e7b8f..43b815e433 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -182,6 +182,8 @@ option('xinitrcdir', type : 'string', value : '',
+        description : 'directory for xinitrc files')
+ option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d',
+        description : 'directory for rpm macros ["no" disables]')
++option('update-helper-user-timeout', type : 'string', value : '15s',
++       description : 'how long to wait for user manager operations')
+ option('pamlibdir', type : 'string',
+        description : 'directory for PAM modules')
+ option('pamconfdir', type : 'string',
+diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in
+index bbdf036da7..caa2e45595 100644
+--- a/src/rpm/macros.systemd.in
++++ b/src/rpm/macros.systemd.in
+@@ -93,7 +93,11 @@ fi \
+ %{nil}
+ 
+ %systemd_user_postun_with_restart() \
+-%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \
++%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_postun_with_restart}} \
++if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \
++    # Package upgrade, not uninstall \
++    {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-user-units %{?*} || : \
++fi \
+ %{nil}
+ 
+ %udev_hwdb_update() %{nil}
+diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
+index f3c75b75fa..f3466ab3c0 100755
+--- a/src/rpm/systemd-update-helper.in
++++ b/src/rpm/systemd-update-helper.in
+@@ -26,6 +26,15 @@ case "$command" in
+ 
+     remove-user-units)
+         systemctl --global disable "$@"
++
++        [ -d /run/systemd/system ] || exit 0
++
++        users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
++        for user in $users; do
++            SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                    systemctl --user -M "$user@" disable --now "$@" &
++        done
++        wait
+         ;;
+ 
+     mark-restart-system-units)
+@@ -37,6 +46,17 @@ case "$command" in
+         wait
+         ;;
+ 
++    mark-restart-user-units)
++        [ -d /run/systemd/system ] || exit 0
++
++        users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
++        for user in $users; do
++            SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                    systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart &
++        done
++        wait
++        ;;
++
+     system-reload-restart|system-reload|system-restart)
+         if [ -n "$*" ]; then
+             echo "Unexpected arguments for '$command': $*"
+@@ -54,6 +74,33 @@ case "$command" in
+         fi
+         ;;
+ 
++    user-reload-restart|user-reload|user-restart)
++        if [ -n "$*" ]; then
++            echo "Unexpected arguments for '$command': $*"
++            exit 2
++        fi
++
++        [ -d /run/systemd/system ] || exit 0
++
++        users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
++
++        if [[ "$command" =~ reload ]]; then
++            for user in $users; do
++                SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                        systemctl --user -M "$user@" daemon-reload &
++            done
++            wait
++        fi
++
++        if [[ "$command" =~ restart ]]; then
++            for user in $users; do
++                SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                        systemctl --user -M "$user@" reload-or-restart --marked &
++            done
++            wait
++        fi
++        ;;
++
+     *)
+         echo "Unknown verb '$command'"
+         exit 3
+diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in
+index f56c80c7ca..4755cdafe8 100644
+--- a/src/rpm/triggers.systemd.in
++++ b/src/rpm/triggers.systemd.in
+@@ -20,6 +20,14 @@ elseif pid > 0 then
+     posix.wait(pid)
+ end
+ 
++%transfiletriggerin -P 900899 -p <lua> -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
++pid = posix.fork()
++if pid == 0 then
++    assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload-restart"))
++elseif pid > 0 then
++    posix.wait(pid)
++end
++
+ %transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+ -- On removal, we need to run daemon-reload after any units have been
+ -- removed.
+@@ -33,8 +41,17 @@ elseif pid > 0 then
+     posix.wait(pid)
+ end
+ 
++%transfiletriggerpostun -P 1000100 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
++-- Execute daemon-reload in user managers.
++pid = posix.fork()
++if pid == 0 then
++    assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-reload"))
++elseif pid > 0 then
++    posix.wait(pid)
++end
++
+ %transfiletriggerpostun -P 10000 -p <lua> -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+--- We restart remaining services that should be restarted here.
++-- We restart remaining system services that should be restarted here.
+ pid = posix.fork()
+ if pid == 0 then
+     assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "system-restart"))
+@@ -42,6 +59,15 @@ elseif pid > 0 then
+     posix.wait(pid)
+ end
+ 
++%transfiletriggerpostun -P 9999 -p <lua> -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
++-- We restart remaining user services that should be restarted here.
++pid = posix.fork()
++if pid == 0 then
++    assert(posix.exec("{{SYSTEMD_UPDATE_HELPER_PATH}}", "user-restart"))
++elseif pid > 0 then
++    posix.wait(pid)
++end
++
+ %transfiletriggerin -P 100700 -p <lua> -- {{SYSUSERS_DIR}}
+ -- This script will process files installed in {{SYSUSERS_DIR}} to create
+ -- specified users automatically. The priority is set such that it
+diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in
+index 3b35a4b5c6..8c301f5ed9 100644
+--- a/src/rpm/triggers.systemd.sh.in
++++ b/src/rpm/triggers.systemd.sh.in
+@@ -16,6 +16,9 @@
+ # so sometimes we will reload needlessly.
+ {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload-restart || :
+ 
++%transfiletriggerin -P 900899 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
++{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload-restart || :
++
+ %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+ # On removal, we need to run daemon-reload after any units have been
+ # removed.
+@@ -24,10 +27,18 @@
+ # executed.
+ {{SYSTEMD_UPDATE_HELPER_PATH}} system-reload || :
+ 
++%transfiletriggerpostun -P 1000099 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
++# Execute daemon-reload in user managers.
++{{SYSTEMD_UPDATE_HELPER_PATH}} user-reload || :
++
+ %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system
+-# We restart remaining services that should be restarted here.
++# We restart remaining system services that should be restarted here.
+ {{SYSTEMD_UPDATE_HELPER_PATH}} system-restart || :
+ 
++%transfiletriggerpostun -P  9999 -- {{USER_DATA_UNIT_DIR}} /etc/systemd/user
++# We restart remaining user services that should be restarted here.
++{{SYSTEMD_UPDATE_HELPER_PATH}} user-restart || :
++
+ %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}
+ # This script will process files installed in {{SYSUSERS_DIR}} to create
+ # specified users automatically. The priority is set such that it

0005-update-helper-also-add-user-reexec-verb.patch

@@ -0,0 +1,42 @@
+From 50336a7d0c584c1731c656e991a317029ed45f84 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 23 Jul 2021 15:35:23 +0200
+Subject: [PATCH 5/6] update-helper: also add "user-reexec" verb
+
+This is not called from the systemd.triggers or systemd.macros files. Instead,
+it would be called from the scriptlets in systemd rpm package itself, at the
+place where we call systemctl daemon-reexec.
+
+See https://github.com/systemd/systemd/pull/20289#issuecomment-885622200 .
+---
+ src/rpm/systemd-update-helper.in | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
+index f3466ab3c0..0c6675a9db 100755
+--- a/src/rpm/systemd-update-helper.in
++++ b/src/rpm/systemd-update-helper.in
+@@ -74,7 +74,7 @@ case "$command" in
+         fi
+         ;;
+ 
+-    user-reload-restart|user-reload|user-restart)
++    user-reload-restart|user-reload|user-restart|user-reexec)
+         if [ -n "$*" ]; then
+             echo "Unexpected arguments for '$command': $*"
+             exit 2
+@@ -84,6 +84,14 @@ case "$command" in
+ 
+         users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
+ 
++        if [[ "$command" =~ reexec ]]; then
++            for user in $users; do
++                SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                        systemctl --user -M "$user@" daemon-reexec &
++            done
++            wait
++        fi
++
+         if [[ "$command" =~ reload ]]; then
+             for user in $users; do
+                 SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \

0006-update-helper-add-missing-loop-over-user-units.patch

@@ -0,0 +1,30 @@
+From 107f3e397937eb6a45054e22bd79c142fae19cd4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 4 Nov 2021 09:49:18 +0100
+Subject: [PATCH 6/6] update-helper: add missing loop over user units
+
+Noticed by Luca.
+
+shellcheck doens't catch this, and somehow it was missed in review
+and testing ;(
+---
+ src/rpm/systemd-update-helper.in | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in
+index 0c6675a9db..47d6663e07 100755
+--- a/src/rpm/systemd-update-helper.in
++++ b/src/rpm/systemd-update-helper.in
+@@ -51,8 +51,10 @@ case "$command" in
+ 
+         users=$(systemctl list-units 'user@*' --legend=no | sed -n -r 's/.*user@([0-9]+).service.*/\1/p')
+         for user in $users; do
+-            SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
+-                    systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart &
++            for unit in "$@"; do
++                SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT}} \
++                        systemctl --user -M "$user@" set-property "$unit" Markers=+needs-restart &
++            done
+         done
+         wait
+         ;;

10-oomd-defaults.conf

@@ -0,0 +1,2 @@
+[OOM]
+DefaultMemoryPressureDurationSec=20s

10-oomd-root-slice-defaults.conf

@@ -0,0 +1,2 @@
+[Slice]
+ManagedOOMSwap=kill

10-oomd-user-service-defaults.conf

@@ -0,0 +1,3 @@
+[Service]
+ManagedOOMMemoryPressure=kill
+ManagedOOMMemoryPressureLimit=50%

README.build-in-place

@@ -0,0 +1,14 @@
+== Building systemd rpms for local development using rpmbuild --build-in-place ==
+
+This approach is based on https://github.com/filbranden/git-rpmbuild
+and filbranden's talk during ASG2019 [https://www.youtube.com/watch?v=fVM1kJrymRM].
+
+```
+git clone https://github.com/systemd/systemd
+fedpkg clone systemd fedora-systemd
+cd systemd
+rpmbuild -bb --build-in-place --noprep --define "_sourcedir $PWD/../fedora-systemd" --define "_rpmdir $PWD/rpms" --with inplace ../systemd.spec
+sudo dnf upgrade --setopt install_weak_deps=False rpms/*/*.rpm
+```
+
+`--without lto` and `--without tests` may be useful to speed up the build.

owner-check.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+set -e
+
+verb="$1"
+
+[ "$verb" = "-s" ] && do_send=1 || do_send=
+
+[ -n "$do_send" ] && [ -z "$server" -o -z "login" ] && { echo '$server and $login need to be set'; exit 1; }
+
+header=
+from=systemd-maint@fedoraproject.org
+time='2 years ago'
+# time='1 day ago'
+port=587
+
+for user in "$@"; do
+    echo "checking $user…"
+
+    p=$(git log -1 --all --author "$user")
+    if [ -z "$p" ]; then
+	echo "No commits from $user, check spelling"
+	exit 1
+    fi
+
+    t=$(git shortlog --all --author "$user" --since "@{$time}" | wc -l)
+    if [ $t != 0 ]; then
+	echo "$t commits in the last two years, OK"
+	echo
+	continue
+    fi
+
+    echo "$p" | head -n6
+    echo ".. adding to list"
+
+    if [ -z "$header" ]; then
+	echo '$USER$;$EMAIL$' >.mail.list
+	header=done
+    fi
+
+    echo "$user;$user@fedoraproject.org" >>.mail.list
+    echo
+done
+
+[ -z "$header" ] && exit 0
+[ -n "$do_send" ] || exit 0
+
+echo "Sending mails…"
+set -x
+massmail -F "$from" \
+	 -C "$from" \
+	 -S 'write access to the fedora systemd package' \
+	 -z "$server" -u "$login" -P "$port" \
+	 .mail.list <owner-check.template

owner-check.template

@@ -0,0 +1,20 @@
+Dear $USER$,
+
+the automation to check activity in the systemd dist-git repo [1]
+determined that you haven't done any commits in the last two years.
+
+To decrease the potential for unauthorized access, such checks will be
+executed periodically. Not-used accounts with write access to the repo
+will be downgraded to "ticket" (no write privileges).
+
+If you want to retain access, please reply to this mail.
+Otherwise, in two weeks, your access mode will be changed to "ticket".
+Even without write access, anyone can open a pull request in pagure,
+so write access is not necessary to contribute to the package.
+Obviously such changes not permanent, so even if your access mode is
+downgraded, it can easily be restored later on.
+
+Yours friendly,
+./owner-check.sh
+
+[1] https://src.fedoraproject.org/rpms/systemd

rpminspect.yaml

@@ -0,0 +1,13 @@
+ # Disable badfuncs check that has tons of false positives.
+badfuncs:
+  exclude_path: .*
+
+# don't report changed content of compiled files
+# that is expected with every update
+changedfiles:
+  exclude_path: .*
+
+# completely disabled inspections:
+inspections:
+  # we know about our patches, no need to report anything
+  patches: off

sources

@@ -1 +1 @@
-SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a
+SHA512 (systemd-249.13.tar.gz) = eca374a66cc6a3439e83495e11d96f885c68508f340332cd750558f9fde3e6f31775e98caf085be53c7ef1ac8cf01ba7f84641112e5c978c4670e053cca305b0

split-files.py

@@ -22,7 +22,9 @@ o_rpm_macros = open('.file-list-rpm-macros', 'w')
 o_devel = open('.file-list-devel', 'w')
 o_container = open('.file-list-container', 'w')
 o_networkd = open('.file-list-networkd', 'w')
+o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
 o_remote = open('.file-list-remote', 'w')
+o_resolve = open('.file-list-resolve', 'w')
 o_tests = open('.file-list-tests', 'w')
 o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
 o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
@@ -83,6 +85,7 @@ for file in files(buildroot):
         o = o_networkd
     elif '.so.' in n:
         o = o_libs
+
     elif re.search(r'''udev(?!\.pc)|
                        hwdb|
                        bootctl|
@@ -96,6 +99,7 @@ for file in files(buildroot):
                        random-seed|
                        modules-load|
                        timesync|
+                       crypttab|
                        cryptsetup|
                        kmod|
                        quota|
@@ -108,15 +112,35 @@ for file in files(buildroot):
                        repart|
                        gpt-auto|
                        volatile-root|
-                       verity-setup|
+                       veritysetup|
+                       integritysetup|
+                       integritytab|
                        remount-fs|
                        /boot$|
                        /boot/efi|
                        /kernel/|
                        /kernel$|
-                       /modprobe.d
-    ''', n, re.X):
+                       /modprobe.d|
+                       binfmt|
+                       sysctl|
+                       coredump|
+                       homed|home1|
+                       portabled|portable1
+    ''', n, re.X):     # coredumpctl, homectl, portablectl are included in the main package because
+                       # they can be used to interact with remote daemons. Also, the user could be
+                       # confused if those user-facing binaries are not available.
         o = o_udev
+
+    elif re.search(r'''resolved|resolve1|
+                       systemd-resolve|
+                       resolvconf|
+                       systemd\.(positive|negative)
+    ''', n, re.X):     # resolvectl and nss-resolve are in the main package.
+        o = o_resolve
+
+    elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
+        o = o_oomd_defaults
+
     elif n.endswith('.standalone'):
         if 'tmpfiles' in n:
             o = o_standalone_tmpfiles
@@ -124,6 +148,7 @@ for file in files(buildroot):
             o = o_standalone_sysusers
         else:
             assert False, 'Found .standalone not belonging to known packages'
+
     else:
         o = o_rest
 
@@ -133,6 +158,8 @@ for file in files(buildroot):
             prefix += ' '
     elif file.is_dir() and not file.is_symlink():
         prefix = '%dir '
+    elif 'README' in n:
+        prefix = '%doc '
     elif n.startswith('/etc'):
         prefix = '%config(noreplace) '
     else:

sysusers.generate-pre.sh

@@ -12,17 +12,17 @@ user() {
     home="$5"
     shell="$6"
 
-[ "$desc" = '-' ] && desc=
-[ "$home" = '-' -o "$home" = '' ] && home=/
-[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
+    [ "$desc" = '-' ] && desc=
+    { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
+    { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/sbin/nologin
 
-if [ "$uid" = '-' -o "$uid" = '' ]; then
-    cat <<EOF
+    if [ "$uid" = '-' ] || [ "$uid" = '' ]; then
+        cat <<EOF
 getent passwd '$user' >/dev/null || \\
     useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
 EOF
-else
-    cat <<EOF
+    else
+        cat <<EOF
 if ! getent passwd '$user' >/dev/null ; then
     if ! getent passwd '$uid' >/dev/null ; then
         useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
@@ -32,29 +32,29 @@ if ! getent passwd '$user' >/dev/null ; then
 fi
 
 EOF
-fi
+    fi
 }
 
 group() {
     group="$1"
     gid="$2"
-if [ "$gid" = '-' ]; then
-    cat <<EOF
-getent group '$group' >/dev/null || groupadd -r '$group'
-EOF
-else
-    cat <<EOF
-getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
-EOF
-fi
+    if [ "$gid" = '-' ]; then
+        cat <<-EOF
+	getent group '$group' >/dev/null || groupadd -r '$group'
+	EOF
+    else
+        cat <<-EOF
+	getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
+	EOF
+    fi
 }
 
 parse() {
-    while read line || [ "$line" ]; do
-        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+    while read -r line || [ -n "$line" ] ; do
+        { [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
         line="${line## *}"
         [ -z "$line" ] && continue
-        eval arr=( $line )
+        eval "arr=( $line )"
         case "${arr[0]}" in
             ('u')
                 group "${arr[1]}" "${arr[2]}"
@@ -74,6 +74,6 @@ parse() {
 
 for fn in "$@"; do
     [ -e "$fn" ] || continue
-    echo "# generated from $(basename $fn)"
-    parse < "$fn"
+    echo "# generated from $(basename "$fn")"
+    parse <"$fn"
 done

sysusers.prov

@@ -1,5 +1,40 @@
 #!/bin/bash
 
+process_u() {
+    if [ ! -z "${2##*[!0-9]*}" ]; then
+        # Single shared static ID.
+        echo "user($1) = $2"
+        echo "group($1) = $2"
+    elif [[ $2 == *:* ]]; then
+        # UID:<group>.
+        uid=$(echo $2 | cut -d':' -f1 -)
+        group=$(echo $2 | cut -d':' -f2 -)
+        if [ ! -z "${group##*[!0-9]*}" ]; then
+            # UID:GID.
+            echo "user($1) = ${uid}"
+            echo "group($1) = ${group}"
+        else
+            # UID:<groupname>.
+            echo "user($1) = ${uid}"
+            echo "group(${group})"
+        fi
+    else
+        # Dynamic (or something else uninteresting).
+        echo "user($1)"
+        echo "group($1)"
+    fi
+}
+
+process_g() {
+    if [ ! -z "${2##*[!0-9]*}" ]; then
+        # Static GID.
+        echo "group($1) = $2"
+    else
+        # Dynamic (or something else uninteresting).
+        echo "group($1)"
+    fi
+}
+
 parse() {
     while read line; do
         [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
@@ -8,12 +43,10 @@ parse() {
         set -- $line
         case "$1" in
             ('u')
-                echo "user($2)"
-                echo "group($2)"
-                # TODO: user:group support
+                process_u "$2" "$3"
                 ;;
             ('g')
-                echo "group($2)"
+                process_g "$2" "$3"
                 ;;
             ('m')
                 echo "user($2)"

triggers.systemd

@@ -1,111 +1,105 @@
 #  -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
-#  SPDX-License-Identifier: LGPL-2.1+
+#  SPDX-License-Identifier: LGPL-2.1-or-later
 #
 #  This file is part of systemd.
 #
-#  Copyright 2015 Zbigniew Jędrzejewski-Szmek
 #  Copyright 2018 Neal Gompa
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-#
-#  systemd is distributed in the hope that it will be useful, but
-#  WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-#  Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
 
 # The contents of this are an example to be copied into systemd.spec.
 #
-# Minimum rpm version supported: 4.13.0
+# Minimum rpm version supported: 4.14.0
 
 %transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
 # This script will run after any package is initially installed or
 # upgraded. We care about the case where a package is initially
 # installed, because other cases are covered by the *un scriptlets,
 # so sometimes we will reload needlessly.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemctl daemon-reload
+/usr/lib/systemd/systemd-update-helper system-reload-restart || :
+
+%transfiletriggerin -P 900899 -- /usr/lib/systemd/user /etc/systemd/user
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-reload-restart 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-reload-restart || :
 fi
 
-%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
+%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
 # On removal, we need to run daemon-reload after any units have been
-# removed. %transfiletriggerpostun would be ideal, but it does not get
-# executed for some reason.
+# removed.
 # On upgrade, we need to run daemon-reload after any new unit files
 # have been installed, but before %postun scripts in packages get
-# executed. %transfiletriggerun gets the right list of files
-# but it is invoked too early (before changes happen).
-# %filetriggerpostun happens at the right time, but it fires for
-# every package.
-# To execute the reload at the right time, we create a state
-# file in %transfiletriggerun and execute the daemon-reload in
-# the first %filetriggerpostun.
+# executed.
+/usr/lib/systemd/systemd-update-helper system-reload || :
 
-if test -d "/run/systemd/system"; then
-    mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
-    touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
+%transfiletriggerpostun -P 1000099 -- /usr/lib/systemd/user /etc/systemd/user
+# Execute daemon-reload in user managers.
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-reload 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-reload || :
 fi
 
-%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
-if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
-    rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
-    %{_bindir}/systemctl daemon-reload
+%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
+# We restart remaining system services that should be restarted here.
+/usr/lib/systemd/systemd-update-helper system-restart || :
+
+%transfiletriggerpostun -P  9999 -- /usr/lib/systemd/user /etc/systemd/user
+# We restart remaining user services that should be restarted here.
+if selinuxenabled &>/dev/null; then
+  /usr/lib/systemd/systemd-update-helper user-restart 2>/dev/null || :
+else
+  /usr/lib/systemd/systemd-update-helper user-restart || :
 fi
 
-%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
+%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
 # This script will process files installed in /usr/lib/sysusers.d to create
 # specified users automatically. The priority is set such that it
 # will run before the tmpfiles file trigger.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemd-sysusers || :
+if test -d "/run/systemd/system"; then
+  systemd-sysusers || :
 fi
 
-%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
-# This script will process files installed in /usr/lib/tmpfiles.d to create
-# tmpfiles automatically. The priority is set such that it will run
-# after the sysusers file trigger, but before any other triggers.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemd-tmpfiles --create || :
-fi
-
-%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
+%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
 # This script will automatically invoke hwdb update if files have been
 # installed or updated in /usr/lib/udev/hwdb.d.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemd-hwdb update || :
+if test -d "/run/systemd/system"; then
+  systemd-hwdb update || :
 fi
 
-%transfiletriggerin -- /usr/lib/systemd/catalog
+%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
 # This script will automatically invoke journal catalog update if files
 # have been installed or updated in /usr/lib/systemd/catalog.
-if test -d /run/systemd/system; then
-  %{_bindir}/journalctl --update-catalog || :
+if test -d "/run/systemd/system"; then
+  journalctl --update-catalog || :
 fi
 
-%transfiletriggerin udev -- /usr/lib/udev/rules.d
-# This script will automatically update udev with new rules if files
-# have been installed or updated in /usr/lib/udev/rules.d.
-if test -e /run/udev/control; then
-  %{_bindir}/udevadm control --reload || :
-fi
-
-%transfiletriggerin -- /usr/lib/sysctl.d
-# This script will automatically apply sysctl rules if files have been
-# installed or updated in /usr/lib/sysctl.d.
-if test -d /run/systemd/system; then
-  /usr/lib/systemd/systemd-sysctl || :
-fi
-
-%transfiletriggerin -- /usr/lib/binfmt.d
+%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
 # This script will automatically apply binfmt rules if files have been
 # installed or updated in /usr/lib/binfmt.d.
-if test -d /run/systemd/system; then
+if test -d "/run/systemd/system"; then
   # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
   # during install
   /usr/lib/systemd/systemd-binfmt || :
 fi
+
+%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d
+# This script will process files installed in /usr/lib/tmpfiles.d to create
+# tmpfiles automatically. The priority is set such that it will run
+# after the sysusers file trigger, but before any other triggers.
+if test -d "/run/systemd/system"; then
+  systemd-tmpfiles --create || :
+fi
+
+%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d
+# This script will automatically update udev with new rules if files
+# have been installed or updated in /usr/lib/udev/rules.d.
+if test -e /run/udev/control; then
+  udevadm control --reload || :
+fi
+
+%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d
+# This script will automatically apply sysctl rules if files have been
+# installed or updated in /usr/lib/sysctl.d.
+if test -d "/run/systemd/system"; then
+  /usr/lib/systemd/systemd-sysctl || :
+fi

use-bfq-scheduler.patch

@@ -20,11 +20,12 @@ new file mode 100644
 index 0000000000..480b941761
 --- /dev/null
 +++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,5 @@
+@@ -0,0 +1,6 @@
 +# do not edit this file, it will be overwritten on update
 +
 +ACTION=="add", SUBSYSTEM=="block", \
 +  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
++  ENV{DEVTYPE}=="disk", \
 +  ATTR{queue/scheduler}="bfq"
 diff --git a/rules.d/meson.build b/rules.d/meson.build
 index ca4445d774..38d6aa6970 100644