From bb571758c912c37c22736790c0162c2adb2b0f85 Mon Sep 17 00:00:00 2001
From: importbot <releng@rockylinux.org>
Date: Thu, 19 Dec 2024 01:48:35 +0000
Subject: [PATCH] import systemd-257-1.el10
---
.systemd.metadata | 2 +-
SOURCES/0001-Create-CNAME.patch | 18 --
...orkflows-to-run-on-source-git-setup.patch} | 10 +-
...0002-ci-setup-source-git-automation.patch} | 231 +++++++++++++++++-
...02-man-systemd-reorder-content-a-bit.patch | 103 --------
...3-ci-reconfigure-Packit-for-RHEL-10.patch} | 2 +-
...allow-hostnamed-to-exit-on-idle-if-v.patch | 43 ----
...ate-user-journals-for-users-with-hi.patch} | 2 +-
...p-server-clear-buffer-before-receive.patch | 30 ---
...number-of-device-units-generated-for.patch | 29 ---
...tmpfiles-make-purge-hard-to-mis-use.patch} | 12 +-
...use-system-auth-in-pam-systemd-user.patch} | 2 +-
...se-GREEDY_REALLOC-to-grow-the-buffer.patch | 81 ------
...-start-rhel10-naming-and-include-rh.patch} | 37 +--
...-fail-if-we-can-t-access-the-TPM-due.patch | 132 ----------
...dnssec-rrtype-questions-when-we-aren.patch | 37 ---
...es-copy-40-redhat.rules-from-RHEL-9.patch} | 2 +-
...d-set-RemoveIPC-to-false-by-default.patch} | 12 +-
...Use-crypt_reencrypt_run-if-available.patch | 123 ----------
...le-summary-at-the-end-of-TEST-02-UNI.patch | 136 -----------
...eate-resolv.conf-stub-resolv.conf-s.patch} | 16 +-
...l-order-after-network-online.target.patch} | 2 +-
...11-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch | 29 ---
...ew-stable-releases-will-be-in-the-ma.patch | 26 --
...l-increase-random-seed-size-to-1024.patch} | 6 +-
...ble-systemd-journald-audit.socket-b.patch} | 2 +-
...on-only-offer-devices-for-completion.patch | 29 ---
...E-document-reterr_-return-parameters.patch | 98 --------
...-don-t-touch-current-audit-settings.patch} | 4 +-
...nalyze-show-pcrs-also-in-sha384-bank.patch | 27 --
...vator-kernel-command-line-parameter.patch} | 2 +-
...are-flex-array-updated-for-gcc15-and.patch | 41 ----
...TasksMax-to-80-of-the-kernel-pid.ma.patch} | 8 +-
...-a-warning-to-systemd-tmpfiles-purge.patch | 31 ---
...nk-change-the-default-MACAddressPol.patch} | 8 +-
...-level-of-messages-about-use-of-Kil.patch} | 14 +-
...emporary-from-description-of-systemd.patch | 65 -----
...rivileged-user-ns-for-integration-te.patch | 24 --
...h => 0019-taint-remove-unmerged-bin.patch} | 20 +-
...rts.ubuntu.com-for-non-x86-backports.patch | 74 ------
...tch => 0020-presets-remove-resolved.patch} | 2 +-
...t-only-for-Fedora-and-CentOS-Stream.patch} | 34 ++-
...I-packages-only-on-EFI-architectures.patch | 58 -----
...int-remove-unused-variable-usr_sbin.patch} | 6 +-
...kip-condition-before-installing-addi.patch | 31 ---
...ckit-drop-the-libarchive-workaround.patch} | 2 +-
...-drop-unneeded-firmware-uefi-setting.patch | 37 ---
...lt-process-and-store-core-files-up-.patch} | 4 +-
SOURCES/0024-test-drop-obsolete-comment.patch | 28 ---
...ounted-as-tmpfs-without-the-user-s-.patch} | 2 +-
SOURCES/0025-test-support-TEST_NO_KVM.patch | 25 --
...T_NO_QEMU-in-mkosi-integration-wrapp.patch | 30 ---
...it-don-t-add-Requires-for-tmp.mount.patch} | 10 +-
...stead-of-uefi-for-automated-fallback.patch | 27 --
...ts-add-Install-section-to-tmp.mount.patch} | 2 +-
...ce-fix-accept-socket-deserialization.patch | 45 ----
...e-tmp.mount-statically-in-local-fs..patch} | 6 +-
...f-naming-scheme-add-rhel-9.5-scheme.patch} | 16 +-
...tion-that-the-captive-portal-option-.patch | 26 --
...isable-secure-boot-in-mkosi-GHA-runs.patch | 27 --
...me-rename-rhel-10.0-to-rhel-10.0.be.patch} | 24 +-
SOURCES/0031-mkosi-bump-to-latest.patch | 23 --
...eme-disable-NAMING_FIRMWARE_NODE_SUN.patch | 29 +++
SOURCES/0032-NEWS-fix-typo.patch | 23 --
...ng-scheme-introduce-rhel-10.0-scheme.patch | 61 +++++
...moving-symlinks-even-for-units-that-.patch | 69 ------
...t-bail-if-SHELL_-variables-are-unset.patch | 58 +++++
...ur-dry-run-when-removing-directories.patch | 35 ---
...on-at-least-one-configuration-file-b.patch | 68 ------
...rge-to-command-section-in-help-text-.patch | 37 ---
...rict-noble-backports-to-noble-builds.patch | 37 ---
SOURCES/0038-repart-fix-memory-leak.patch | 22 --
...-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch | 42 ----
...i-deploy-systemd-man-to-GitHub-Pages.patch | 78 ------
...-parameters-together-with-rhel-only-.patch | 37 ---
...n-rename-libbasic-to-libbasic_static.patch | 180 --------------
...ystemd-core-via-an-intermediate-stat.patch | 63 -----
...-to-build-systemd-executor-staticall.patch | 101 --------
...add-downstream-CONTRIBUTING-document.patch | 108 --------
...ci-allow-policy-as-rhel-only-keyword.patch | 40 ---
...-drop-the-dependency-on-python3-zstd.patch | 28 ---
..._id-use-firmware_node-sun-for-ID_NET.patch | 197 ---------------
...net-naming-scheme-add-missing-period.patch | 36 ---
...-drop-the-dependency-on-python3-zstd.patch | 28 ---
...-try-to-acquire-triggering-units-for.patch | 48 ----
...unit-add-one-assertion-for-u-manager.patch | 24 --
...troy-runtime-data-when-Type-oneshot-.patch | 88 -------
...nore-kernel-threads-in-cg_kill_items.patch | 34 ---
...t-try-to-open-pidfd-for-kernel-threa.patch | 30 ---
SOURCES/0085-cgroup-util-fix-typo.patch | 27 --
...eme-disable-NAMING_FIRMWARE_NODE_SUN.patch | 43 ----
...e-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch | 38 ---
...il-Don-t-try-to-open-pidfd-for-kerne.patch | 33 ---
...p-test-on-architectures-without-UEFI.patch | 30 ---
...e-beta-branch-to-match-dist-git-name.patch | 25 --
...device-symlink-properly-on-udev-acti.patch | 41 ----
...-TDX-confidential-VM-on-Azure-platfo.patch | 121 ---------
...t-split-caching-of-CVM-detection-int.patch | 76 ------
...-virt-add-detection-for-s390x-target.patch | 90 -------
...ct-virt-fix-row-spanning-for-VM-head.patch | 37 ---
...ect-virt-list-known-CVM-technologies.patch | 74 ------
...t-activation-of-stopped-services-wit.patch | 53 ----
SPECS/systemd.spec | 147 +++--------
103 files changed, 545 insertions(+), 3926 deletions(-)
delete mode 100644 SOURCES/0001-Create-CNAME.patch
rename SOURCES/{0040-ci-update-workflows-to-run-on-source-git-setup.patch => 0001-ci-update-workflows-to-run-on-source-git-setup.patch} (91%)
rename SOURCES/{0041-ci-setup-source-git-automation.patch => 0002-ci-setup-source-git-automation.patch} (51%)
delete mode 100644 SOURCES/0002-man-systemd-reorder-content-a-bit.patch
rename SOURCES/{0043-ci-reconfigure-Packit-for-RHEL-10.patch => 0003-ci-reconfigure-Packit-for-RHEL-10.patch} (97%)
delete mode 100644 SOURCES/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch
rename SOURCES/{0045-journal-again-create-user-journals-for-users-with-hi.patch => 0004-journal-again-create-user-journals-for-users-with-hi.patch} (97%)
delete mode 100644 SOURCES/0004-sd-dhcp-server-clear-buffer-before-receive.patch
delete mode 100644 SOURCES/0005-rules-Limit-the-number-of-device-units-generated-for.patch
rename SOURCES/{0046-tmpfiles-make-purge-hard-to-mis-use.patch => 0005-tmpfiles-make-purge-hard-to-mis-use.patch} (87%)
rename SOURCES/{0047-fedora-use-system-auth-in-pam-systemd-user.patch => 0006-fedora-use-system-auth-in-pam-systemd-user.patch} (93%)
delete mode 100644 SOURCES/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch
rename SOURCES/{0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch => 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch} (93%)
delete mode 100644 SOURCES/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch
delete mode 100644 SOURCES/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch
rename SOURCES/{0049-rules-copy-40-redhat.rules-from-RHEL-9.patch => 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch} (98%)
rename SOURCES/{0050-logind-set-RemoveIPC-to-false-by-default.patch => 0009-logind-set-RemoveIPC-to-false-by-default.patch} (89%)
delete mode 100644 SOURCES/0009-repart-Use-crypt_reencrypt_run-if-available.patch
delete mode 100644 SOURCES/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch
rename SOURCES/{0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch => 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch} (78%)
rename SOURCES/{0052-rc-local-order-after-network-online.target.patch => 0011-rc-local-order-after-network-online.target.patch} (92%)
delete mode 100644 SOURCES/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch
delete mode 100644 SOURCES/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch
rename SOURCES/{0053-random-util-increase-random-seed-size-to-1024.patch => 0012-random-util-increase-random-seed-size-to-1024.patch} (79%)
rename SOURCES/{0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch => 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch} (92%)
delete mode 100644 SOURCES/0013-shell-completion-only-offer-devices-for-completion.patch
delete mode 100644 SOURCES/0014-CODING_STYLE-document-reterr_-return-parameters.patch
rename SOURCES/{0055-journald.conf-don-t-touch-current-audit-settings.patch => 0014-journald.conf-don-t-touch-current-audit-settings.patch} (83%)
delete mode 100644 SOURCES/0015-analyze-show-pcrs-also-in-sha384-bank.patch
rename SOURCES/{0056-rules-add-elevator-kernel-command-line-parameter.patch => 0015-rules-add-elevator-kernel-command-line-parameter.patch} (96%)
delete mode 100644 SOURCES/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch
rename SOURCES/{0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch => 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch} (94%)
delete mode 100644 SOURCES/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch
rename SOURCES/{0058-udev-net-setup-link-change-the-default-MACAddressPol.patch => 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch} (89%)
rename SOURCES/{0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch => 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch} (79%)
delete mode 100644 SOURCES/0018-man-units-drop-temporary-from-description-of-systemd.patch
delete mode 100644 SOURCES/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch
rename SOURCES/{0063-taint-remove-unmerged-bin.patch => 0019-taint-remove-unmerged-bin.patch} (88%)
delete mode 100644 SOURCES/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch
rename SOURCES/{0064-presets-remove-resolved.patch => 0020-presets-remove-resolved.patch} (93%)
rename SOURCES/{0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch => 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch} (69%)
delete mode 100644 SOURCES/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch
rename SOURCES/{0068-taint-remove-unused-variable-usr_sbin.patch => 0022-taint-remove-unused-variable-usr_sbin.patch} (85%)
delete mode 100644 SOURCES/0022-test-check-the-skip-condition-before-installing-addi.patch
rename SOURCES/{0069-packit-drop-the-libarchive-workaround.patch => 0023-packit-drop-the-libarchive-workaround.patch} (93%)
delete mode 100644 SOURCES/0023-test-drop-unneeded-firmware-uefi-setting.patch
rename SOURCES/{0071-coredump-by-default-process-and-store-core-files-up-.patch => 0024-coredump-by-default-process-and-store-core-files-up-.patch} (87%)
delete mode 100644 SOURCES/0024-test-drop-obsolete-comment.patch
rename SOURCES/{0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch => 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch} (92%)
delete mode 100644 SOURCES/0025-test-support-TEST_NO_KVM.patch
delete mode 100644 SOURCES/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch
rename SOURCES/{0073-unit-don-t-add-Requires-for-tmp.mount.patch => 0026-unit-don-t-add-Requires-for-tmp.mount.patch} (84%)
delete mode 100644 SOURCES/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch
rename SOURCES/{0074-units-add-Install-section-to-tmp.mount.patch => 0027-units-add-Install-section-to-tmp.mount.patch} (90%)
delete mode 100644 SOURCES/0028-core-service-fix-accept-socket-deserialization.patch
rename SOURCES/{0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch => 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch} (85%)
rename SOURCES/{0076-netif-naming-scheme-add-rhel-9.5-scheme.patch => 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch} (86%)
delete mode 100644 SOURCES/0029-test-network-mention-that-the-captive-portal-option-.patch
delete mode 100644 SOURCES/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch
rename SOURCES/{0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch => 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch} (78%)
delete mode 100644 SOURCES/0031-mkosi-bump-to-latest.patch
create mode 100644 SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
delete mode 100644 SOURCES/0032-NEWS-fix-typo.patch
create mode 100644 SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
delete mode 100644 SOURCES/0033-install-allow-removing-symlinks-even-for-units-that-.patch
create mode 100644 SOURCES/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
delete mode 100644 SOURCES/0034-tmpfiles-honour-dry-run-when-removing-directories.patch
delete mode 100644 SOURCES/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch
delete mode 100644 SOURCES/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch
delete mode 100644 SOURCES/0037-mkosi-restrict-noble-backports-to-noble-builds.patch
delete mode 100644 SOURCES/0038-repart-fix-memory-leak.patch
delete mode 100644 SOURCES/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch
delete mode 100644 SOURCES/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch
delete mode 100644 SOURCES/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch
delete mode 100644 SOURCES/0060-meson-rename-libbasic-to-libbasic_static.patch
delete mode 100644 SOURCES/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch
delete mode 100644 SOURCES/0062-meson-add-option-to-build-systemd-executor-staticall.patch
delete mode 100644 SOURCES/0065-doc-add-downstream-CONTRIBUTING-document.patch
delete mode 100644 SOURCES/0066-ci-allow-policy-as-rhel-only-keyword.patch
delete mode 100644 SOURCES/0070-packit-drop-the-dependency-on-python3-zstd.patch
delete mode 100644 SOURCES/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch
delete mode 100644 SOURCES/0078-man-net-naming-scheme-add-missing-period.patch
delete mode 100644 SOURCES/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch
delete mode 100644 SOURCES/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch
delete mode 100644 SOURCES/0081-core-unit-add-one-assertion-for-u-manager.patch
delete mode 100644 SOURCES/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch
delete mode 100644 SOURCES/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch
delete mode 100644 SOURCES/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch
delete mode 100644 SOURCES/0085-cgroup-util-fix-typo.patch
delete mode 100644 SOURCES/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
delete mode 100644 SOURCES/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
delete mode 100644 SOURCES/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch
delete mode 100644 SOURCES/0090-ukify-Skip-test-on-architectures-without-UEFI.patch
delete mode 100644 SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch
delete mode 100644 SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch
delete mode 100644 SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch
delete mode 100644 SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch
delete mode 100644 SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch
delete mode 100644 SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch
delete mode 100644 SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch
delete mode 100644 SOURCES/0098-socket-fix-socket-activation-of-stopped-services-wit.patch
diff --git a/.systemd.metadata b/.systemd.metadata
index 85bc68d..55f5540 100644
--- a/.systemd.metadata
+++ b/.systemd.metadata
@@ -1 +1 @@
-4825b82700e1acf02ba81885652406e75d0c674c129a1a7e488e5b5200a17998 SOURCES/systemd-256.tar.gz
+14f6907eb5e289d8c39cbe1ef891ca54d8a0e3582c986a9ef5844b3f29add43b SOURCES/systemd-257.tar.gz
diff --git a/SOURCES/0001-Create-CNAME.patch b/SOURCES/0001-Create-CNAME.patch
deleted file mode 100644
index fbb444e..0000000
--- a/SOURCES/0001-Create-CNAME.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-From 1c27c902ad8316f490648a0e4415abd51b450b1a Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <luca.boccassi@gmail.com>
-Date: Tue, 11 Jun 2024 23:04:12 +0100
-Subject: [PATCH] Create CNAME
-
----
- docs/CNAME | 1 +
- 1 file changed, 1 insertion(+)
- create mode 100644 docs/CNAME
-
-diff --git a/docs/CNAME b/docs/CNAME
-new file mode 100644
-index 0000000000..cdcf4d9a52
---- /dev/null
-+++ b/docs/CNAME
-@@ -0,0 +1 @@
-+systemd.io
-\ No newline at end of file
diff --git a/SOURCES/0040-ci-update-workflows-to-run-on-source-git-setup.patch b/SOURCES/0001-ci-update-workflows-to-run-on-source-git-setup.patch
similarity index 91%
rename from SOURCES/0040-ci-update-workflows-to-run-on-source-git-setup.patch
rename to SOURCES/0001-ci-update-workflows-to-run-on-source-git-setup.patch
index b5a7f60..f68f1ab 100644
--- a/SOURCES/0040-ci-update-workflows-to-run-on-source-git-setup.patch
+++ b/SOURCES/0001-ci-update-workflows-to-run-on-source-git-setup.patch
@@ -1,4 +1,4 @@
-From 67ff61b054e8d4d4d3923c3b81586b2d4e286d6b Mon Sep 17 00:00:00 2001
+From de58c5c9d265444f6916015fd3e747012b07d958 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 May 2024 14:24:38 +0200
Subject: [PATCH] ci: update workflows to run on source-git setup
@@ -29,7 +29,7 @@ index f0d321794a..87dcd3c478 100644
permissions: read-all
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
-index 0d284f75f1..daf34486d2 100644
+index 397a5ca8cb..51034783ca 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -6,9 +6,6 @@ name: "CodeQL"
@@ -53,7 +53,7 @@ index 0d284f75f1..daf34486d2 100644
permissions:
contents: read
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
-index 244f5d503b..403b5cfc58 100644
+index 9122eeb70e..c0d8790680 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -4,11 +4,7 @@
@@ -69,7 +69,7 @@ index 244f5d503b..403b5cfc58 100644
permissions:
contents: read
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
-index cf0bc09453..e7fb70f2f5 100644
+index d9f6a37680..982013a773 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -6,9 +6,6 @@ name: Lint Code Base
@@ -83,7 +83,7 @@ index cf0bc09453..e7fb70f2f5 100644
permissions:
contents: read
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
-index 895068c2a2..bf6c820092 100644
+index 12c3a685c7..535ce9d1e2 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -5,9 +5,6 @@
diff --git a/SOURCES/0041-ci-setup-source-git-automation.patch b/SOURCES/0002-ci-setup-source-git-automation.patch
similarity index 51%
rename from SOURCES/0041-ci-setup-source-git-automation.patch
rename to SOURCES/0002-ci-setup-source-git-automation.patch
index 5f9deb7..777947e 100644
--- a/SOURCES/0041-ci-setup-source-git-automation.patch
+++ b/SOURCES/0002-ci-setup-source-git-automation.patch
@@ -1,4 +1,4 @@
-From 67b16d23396d9837f878850e890f90228d59d49e Mon Sep 17 00:00:00 2001
+From ce0e5f2206de1c6fa2b48177e076f4e6be5faae2 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 May 2024 14:36:04 +0200
Subject: [PATCH] ci: setup source-git automation
@@ -6,27 +6,72 @@ Subject: [PATCH] ci: setup source-git automation
rhel-only: ci
Related: RHEL-36636
+
+ci: deploy systemd man to GitHub Pages
+
+rhel-only: ci
+
+Related: RHEL-36636
+
+ci: allow to pass parameters together with rhel-only note
+
+Supported parameters:
+
+* feature - for feature related commits (cross-version)
+* bugfix - for bugfix related commits (cross-version)
+* doc - for documentation related commits (usually version specific)
+* workaround - for workaround related commits (usually version specific)
+* ci - for CI related commits (version specific)
+* test - for test related commits (version specific)
+* other - for commits that do not fit into any of the above categories or use just `rhel-only`
+
+rhel-only: ci
+
+Related: RHEL-36636
+
+doc: add downstream CONTRIBUTING document
+
+rhel-only: doc
+
+Related: RHEL-40924
+
+ci: allow `policy` as rhel-only keyword
+
+rhel-only: ci
+
+Related: RHEL-40924
+
+ci: rename beta branch to match dist-git name
+
+rhel-only: ci
+
+Related: RHEL-57603
---
.github/advanced-commit-linter.yml | 17 +++++
- .github/auto-merge.yml | 4 ++
- .github/pull-request-validator.yml | 4 ++
+ .github/auto-merge.yml | 4 +
+ .github/pull-request-validator.yml | 4 +
.github/regression-sniffer.yml | 1 +
.github/tracker-validator.yml | 31 ++++++++
- .github/workflows/gather-pr-metadata.yml | 12 ++--
- .../source-git-automation-on-demand.yml | 72 +++++++++++++++++++
- .github/workflows/source-git-automation.yml | 45 ++++++++++++
- 8 files changed, 179 insertions(+), 7 deletions(-)
+ .github/workflows/deploy-man-pages.yml | 59 ++++++++++++++
+ .github/workflows/gather-pr-metadata.yml | 12 ++-
+ .../source-git-automation-on-demand.yml | 72 ++++++++++++++++++
+ .github/workflows/source-git-automation.yml | 45 +++++++++++
+ CONTRIBUTING.md | 76 +++++++++++++++++++
+ README.md | 2 +-
+ 11 files changed, 315 insertions(+), 8 deletions(-)
create mode 100644 .github/advanced-commit-linter.yml
create mode 100644 .github/auto-merge.yml
create mode 100644 .github/pull-request-validator.yml
create mode 100644 .github/regression-sniffer.yml
create mode 100644 .github/tracker-validator.yml
+ create mode 100644 .github/workflows/deploy-man-pages.yml
create mode 100644 .github/workflows/source-git-automation-on-demand.yml
create mode 100644 .github/workflows/source-git-automation.yml
+ create mode 100644 CONTRIBUTING.md
diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
new file mode 100644
-index 0000000000..3609fe4612
+index 0000000000..4a7e6542b4
--- /dev/null
+++ b/.github/advanced-commit-linter.yml
@@ -0,0 +1,17 @@
@@ -36,8 +81,8 @@ index 0000000000..3609fe4612
+ - github: systemd/systemd
+ exception:
+ note:
-+ - rhel-only
-+ - RHEL-only
++ - 'rhel-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
++ - 'RHEL-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
+ tracker:
+ - keyword:
+ - 'Resolves: '
@@ -76,7 +121,7 @@ index 0000000000..3824028e92
+upstream: systemd/systemd
diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
new file mode 100644
-index 0000000000..2e858606ff
+index 0000000000..1226b8a92a
--- /dev/null
+++ b/.github/tracker-validator.yml
@@ -0,0 +1,31 @@
@@ -88,7 +133,7 @@ index 0000000000..2e858606ff
+products:
+ - Red Hat Enterprise Linux 10
+ - CentOS Stream 10
-+ - rhel-10.0.beta
++ - rhel-10.0-beta
+ - rhel-10.0
+ - rhel-10.0.z
+ - rhel-10.1
@@ -111,8 +156,73 @@ index 0000000000..2e858606ff
+ - rhel-10.9.z
+ - rhel-10.10
+ - rhel-10.10.z
+diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
+new file mode 100644
+index 0000000000..9739228a87
+--- /dev/null
++++ b/.github/workflows/deploy-man-pages.yml
+@@ -0,0 +1,59 @@
++name: Deploy systemd man to Pages
++
++on:
++ push:
++ branches: [ main ]
++ paths:
++ - man/*
++ - .github/workflows/deploy-man-pages.yml
++ schedule:
++ # Run every Monday at 4:00 AM UTC
++ - cron: 0 4 * * 1
++ workflow_dispatch:
++
++permissions:
++ contents: read
++
++# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
++# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
++concurrency:
++ group: pages
++ cancel-in-progress: false
++
++jobs:
++ # Single deploy job since we're just deploying
++ deploy:
++ environment:
++ name: github-pages
++ url: ${{ steps.deployment.outputs.page_url }}
++ runs-on: ubuntu-latest
++
++ permissions:
++ pages: write
++ id-token: write
++
++ steps:
++ - uses: actions/checkout@v4
++
++ - name: Install dependencies
++ run: |
++ sudo add-apt-repository -y --no-update --enable-source
++ sudo apt-get -y update
++ sudo apt-get -y build-dep systemd
++
++ - name: Build HTML man pages
++ run: |
++ meson setup build
++ ninja -C build man/html
++
++ - name: Setup Pages
++ uses: actions/configure-pages@v4
++
++ - name: Upload artifact
++ uses: actions/upload-pages-artifact@v3
++ with:
++ path: ./build/man
++
++ - name: Deploy to GitHub Pages
++ id: deployment
++ uses: actions/deploy-pages@v4
diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
-index e4a0caff03..857689a37b 100644
+index 20160ab91f..fde51a480f 100644
--- a/.github/workflows/gather-pr-metadata.yml
+++ b/.github/workflows/gather-pr-metadata.yml
@@ -1,18 +1,17 @@
@@ -280,3 +390,98 @@ index 0000000000..d58242efa7
+ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
+ jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
+ token: ${{ secrets.GITHUB_TOKEN }}
+diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
+new file mode 100644
+index 0000000000..c2e3a2d4d0
+--- /dev/null
++++ b/CONTRIBUTING.md
+@@ -0,0 +1,76 @@
++# Contributing
++
++Welcome to systemd source-git for CentOS Stream and RHEL. When contributing, please follow the guide below.
++
++## Workflow
++
++```mermaid
++flowchart LR
++ A(Issue) --> B{is fixed\nupstream}
++ B -->|YES| C(backport\nupstream patch)
++ B -->|NO| D(upstream\nsubmit issue or PR)
++ D --> E{accepted\nand fixed}
++ E -->|YES| C
++ E -->|NO| F(rhel-only patch) --> G
++ C --> G(submit PR)
++```
++
++## Filing issues
++
++When you find an issue with systemd used in **CentOS Stream** or **RHEL**, please file an issue in Red Hat [Jira ticket system](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12380515).
++
++GitHub Issues are not supported tracking system. If your issue is reproducible using the latest upstream version of systemd, please consider creating [upstream issue](https://github.com/systemd/systemd/issues/new/choose).
++
++## Posting Pull Requests
++
++Every Pull Request has to comply with the following rules:
++
++- Each commit has to reference [upstream](https://github.com/systemd/systemd) commit.
++- Each commit has to reference the approved issue/tracker.
++- Pull requests have to pass mandatory CI validation and testing
++- Pull requests have to be approved by at least one systemd downstream maintainer
++
++### Upstream reference
++
++When doing a back-port of an upstream commit, always use `cherry-pick -x <sha>`. Consider proposing a change upstream first when an upstream commit doesn't exist.
++If the change isn't upstream relevant or accepted by upstream, mark the commit with the `rhel-only: <parameter>` string, where a `<parameter>` is:
++
++- `feature` - for feature-related commits (cross-version)
++- `bugfix` - for bugfix-related commits (cross-version)
++- `policy` - for policy-related commits (cross-version)
++- `doc` - for documentation-related commits (usually version-specific)
++- `workaround` - for workaround-related commits (usually version-specific)
++- `ci` - for CI-related commits (version-specific)
++- `test` - for test-related commits (version-specific)
++- `other` - for commits that do not fit into any of the above categories (version-specific)
++
++```md
++doc: Fix TYPO
++
++rhel-only: doc
++
++Resolves: RHEL-678
++```
++
++### Issue reference
++
++Each commit has to reference the relevant approved systemd issue (see: [Filling issues section](#filing-issues)). For referencing issues, we use the following keywords:
++
++- **Resolves** for commits that directly resolve issues described in a referenced tracker
++- **Related** for commits related to the referenced issue, but they don't fix it. Usually, tests and documentation.
++- **Reverts** for commits that reverts previously merged commit
++
++When referencing issues, use the following structure: `<keyword>: <issue ID>`. See the example below:
++
++```md
++doc: Fix TYPO
++
++(cherry picked from commit c5afbac31bb33e7b1f4d59b253425af991a630a4)
++
++Resolves: RHEL-678
++```
++
++### Validation and testing
++
++Each Pull Request has to pass all enabled tests that are automatically run using GitHub Actions, CentOS Stream CI, and others.
++If CI failure is unrelated to the change introduced in Pull Request, the downstream maintainer will set the `ci-waived` label and explain why CI was waived.
+diff --git a/README.md b/README.md
+index 12f1381f08..421a2e6572 100644
+--- a/README.md
++++ b/README.md
+@@ -30,7 +30,7 @@ Please see the [Code Map](docs/ARCHITECTURE.md) for information about this repos
+
+ Please see the [Hacking guide](docs/HACKING.md) for information on how to hack on systemd and test your modifications.
+
+-Please see our [Contribution Guidelines](docs/CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests.
++Please see our [Contribution Guidelines](CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests.
+
+ When preparing patches for systemd, please follow our [Coding Style Guidelines](docs/CODING_STYLE.md).
+
diff --git a/SOURCES/0002-man-systemd-reorder-content-a-bit.patch b/SOURCES/0002-man-systemd-reorder-content-a-bit.patch
deleted file mode 100644
index 1469876..0000000
--- a/SOURCES/0002-man-systemd-reorder-content-a-bit.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From d918804408801bf46a49018e374ebdfbeae08805 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 5 Jun 2024 11:28:21 +0200
-Subject: [PATCH] man/systemd: reorder content a bit
-
-Section "Description" didn't actually say what systemd does. And we had a giant
-"Concepts" section that actually described units types and other details about
-them. So let's move the basic description of functionality to "Description" and
-rename the following section to "Units".
-
-The link to the Original Design Document is moved to "See Also", it is of
-historical interest mostly at this point.
-
-The only actual change is that when talking about API filesystems, /dev is also
-mentioned. (I think /sys+/proc+/dev are the canonical set and should be always
-listed on one breath.)
-
-(cherry picked from commit f11aaf7dfb295de429b1567282b19caaba036bba)
----
- man/systemd.xml | 49 ++++++++++++++++++++++++-------------------------
- 1 file changed, 24 insertions(+), 25 deletions(-)
-
-diff --git a/man/systemd.xml b/man/systemd.xml
-index 66db5bbf25..f4aa7e06ca 100644
---- a/man/systemd.xml
-+++ b/man/systemd.xml
-@@ -62,10 +62,29 @@
- <filename>user.conf.d</filename> directories. See
- <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for more information.</para>
-+
-+ <para><command>systemd</command> contains native implementations of various tasks that need to be
-+ executed as part of the boot process. For example, it sets the hostname or configures the loopback
-+ network device. It also sets up and mounts various API file systems, such as <filename>/sys/</filename>,
-+ <filename>/proc/</filename>, and <filename>/dev/</filename>.</para>
-+
-+ <para>Note that some but not all interfaces provided by systemd are covered by the
-+ <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
-+
-+ <para>The D-Bus API of <command>systemd</command> is described in
-+ <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-+ and
-+ <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-+ </para>
-+
-+ <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
-+ url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
-+ <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
-+ specifications, respectively.</para>
- </refsect1>
-
- <refsect1>
-- <title>Concepts</title>
-+ <title>Units</title>
-
- <para>systemd provides a dependency system between various
- entities called "units" of 11 different types. Units encapsulate
-@@ -261,34 +280,10 @@
- example, start jobs for any of those inactive units getting queued as
- well.</para>
-
-- <para>systemd contains native implementations of various tasks
-- that need to be executed as part of the boot process. For example,
-- it sets the hostname or configures the loopback network device. It
-- also sets up and mounts various API file systems, such as
-- <filename>/sys/</filename> or <filename>/proc/</filename>.</para>
--
-- <para>For more information about the concepts and
-- ideas behind systemd, please refer to the
-- <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
--
-- <para>Note that some but not all interfaces provided by systemd are covered by the
-- <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
--
- <para>Units may be generated dynamically at boot and system
- manager reload time, for example based on other configuration
- files or parameters passed on the kernel command line. For details, see
- <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
--
-- <para>The D-Bus API of <command>systemd</command> is described in
-- <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-- and
-- <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-- </para>
--
-- <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
-- url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
-- <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
-- specifications, respectively.</para>
- </refsect1>
-
- <refsect1>
-@@ -1558,6 +1553,10 @@
- <member><citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
- <member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
- </simplelist></para>
-+
-+ <para>For more information about the concepts and
-+ ideas behind systemd, please refer to the
-+ <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
- </refsect1>
-
- </refentry>
diff --git a/SOURCES/0043-ci-reconfigure-Packit-for-RHEL-10.patch b/SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch
similarity index 97%
rename from SOURCES/0043-ci-reconfigure-Packit-for-RHEL-10.patch
rename to SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch
index d58235c..53c0bd6 100644
--- a/SOURCES/0043-ci-reconfigure-Packit-for-RHEL-10.patch
+++ b/SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch
@@ -1,4 +1,4 @@
-From 970ac707323ce1b50c6f45184df4373d651e669c Mon Sep 17 00:00:00 2001
+From 5c2ddd385ccfdf8ed57d2624ab95aa25f9e09bd5 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Fri, 17 May 2024 13:55:40 +0200
Subject: [PATCH] ci: reconfigure Packit for RHEL 10
diff --git a/SOURCES/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch b/SOURCES/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch
deleted file mode 100644
index 99e1e6e..0000000
--- a/SOURCES/0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From f2b5c1ff51b7c7876036c6c722e2a47b696695d9 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 8 May 2024 10:38:11 +0200
-Subject: [PATCH] hostnamed: don't allow hostnamed to exit on idle if varlink
- connections are still ongoing
-
-And while we are at it, ongoing PK authorizations are also a reason to
-block exit on idle.
-
-(cherry picked from commit ac908152b3b43a49f793d225c075423422cd3e33)
----
- src/hostname/hostnamed.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
-index 82d08803fa..fe1216fc1c 100644
---- a/src/hostname/hostnamed.c
-+++ b/src/hostname/hostnamed.c
-@@ -1682,6 +1682,13 @@ static int connect_varlink(Context *c) {
- return 0;
- }
-
-+static bool context_check_idle(void *userdata) {
-+ Context *c = ASSERT_PTR(userdata);
-+
-+ return varlink_server_current_connections(c->varlink_server) == 0 &&
-+ hashmap_isempty(c->polkit_registry);
-+}
-+
- static int run(int argc, char *argv[]) {
- _cleanup_(context_destroy) Context context = {
- .hostname_source = _HOSTNAME_INVALID, /* appropriate value will be set later */
-@@ -1731,8 +1738,8 @@ static int run(int argc, char *argv[]) {
- context.bus,
- "org.freedesktop.hostname1",
- DEFAULT_EXIT_USEC,
-- /* check_idle= */ NULL,
-- /* userdata= */ NULL);
-+ context_check_idle,
-+ &context);
- if (r < 0)
- return log_error_errno(r, "Failed to run event loop: %m");
-
diff --git a/SOURCES/0045-journal-again-create-user-journals-for-users-with-hi.patch b/SOURCES/0004-journal-again-create-user-journals-for-users-with-hi.patch
similarity index 97%
rename from SOURCES/0045-journal-again-create-user-journals-for-users-with-hi.patch
rename to SOURCES/0004-journal-again-create-user-journals-for-users-with-hi.patch
index 4358717..2d94138 100644
--- a/SOURCES/0045-journal-again-create-user-journals-for-users-with-hi.patch
+++ b/SOURCES/0004-journal-again-create-user-journals-for-users-with-hi.patch
@@ -1,4 +1,4 @@
-From 8ca92aa84573b47bb6ee6a5853ecd08463b97af8 Mon Sep 17 00:00:00 2001
+From bd654fc852571f2e87b3579fe0544c3859516de7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Jan 2024 11:28:04 +0100
Subject: [PATCH] journal: again create user journals for users with high uids
diff --git a/SOURCES/0004-sd-dhcp-server-clear-buffer-before-receive.patch b/SOURCES/0004-sd-dhcp-server-clear-buffer-before-receive.patch
deleted file mode 100644
index b51d6f3..0000000
--- a/SOURCES/0004-sd-dhcp-server-clear-buffer-before-receive.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0d573787ea1610ba57a359cf437841f62b186e77 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Wed, 12 Jun 2024 00:48:56 +0900
-Subject: [PATCH] sd-dhcp-server: clear buffer before receive
-
-I do not think this is necessary, but all other places in
-libsystemd-network we clear buffer before receive. Without this,
-Coverity warns about use-of-uninitialized-values.
-Let's silence Coverity.
-
-Closes CID#1469721.
-
-(cherry picked from commit 40f9fa0af4c3094d93e833e62f7e301cd453da62)
----
- src/libsystemd-network/sd-dhcp-server.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
-index c3b0f82dc4..4967f066dc 100644
---- a/src/libsystemd-network/sd-dhcp-server.c
-+++ b/src/libsystemd-network/sd-dhcp-server.c
-@@ -1252,7 +1252,7 @@ static int server_receive_message(sd_event_source *s, int fd,
- /* Preallocate the additional size for DHCP Relay Agent Information Option if needed */
- buflen += relay_agent_information_length(server->agent_circuit_id, server->agent_remote_id) + 2;
-
-- message = malloc(buflen);
-+ message = malloc0(buflen);
- if (!message)
- return -ENOMEM;
-
diff --git a/SOURCES/0005-rules-Limit-the-number-of-device-units-generated-for.patch b/SOURCES/0005-rules-Limit-the-number-of-device-units-generated-for.patch
deleted file mode 100644
index 8328a1d..0000000
--- a/SOURCES/0005-rules-Limit-the-number-of-device-units-generated-for.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From a3d94332a2b5128697373d3093c1cfa56649ec61 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Mon, 10 Jun 2024 12:59:58 +0200
-Subject: [PATCH] rules: Limit the number of device units generated for serial
- ttys
-
-As per the suggestion in https://github.com/systemd/systemd/issues/33242.
-
-This reduces the number of /dev/ttySXX device units generated in
-mkosi from 32 to 4.
-
-(cherry picked from commit dc38f9addd04c34d1fd743efc407bdebb3573d05)
----
- rules.d/99-systemd.rules.in | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
-index ad0c7e2fb5..8ba6f177f8 100644
---- a/rules.d/99-systemd.rules.in
-+++ b/rules.d/99-systemd.rules.in
-@@ -10,6 +10,8 @@
- ACTION=="remove", GOTO="systemd_end"
-
- SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*", TAG+="systemd"
-+# Exclude 8250 serial ports with a zero IO port, as they are not usable until "setserial /dev/ttySxxx port …" is invoked.
-+SUBSYSTEM=="tty", KERNEL=="ttyS*", DRIVERS=="serial8250", ATTR{port}=="0x0", ENV{SYSTEMD_READY}="0"
- KERNEL=="vport*", TAG+="systemd"
-
- SUBSYSTEM=="ptp", TAG+="systemd"
diff --git a/SOURCES/0046-tmpfiles-make-purge-hard-to-mis-use.patch b/SOURCES/0005-tmpfiles-make-purge-hard-to-mis-use.patch
similarity index 87%
rename from SOURCES/0046-tmpfiles-make-purge-hard-to-mis-use.patch
rename to SOURCES/0005-tmpfiles-make-purge-hard-to-mis-use.patch
index b699822..cf33177 100644
--- a/SOURCES/0046-tmpfiles-make-purge-hard-to-mis-use.patch
+++ b/SOURCES/0005-tmpfiles-make-purge-hard-to-mis-use.patch
@@ -1,4 +1,4 @@
-From 6ad266a125eabbf27dfbe64aae9a0d9060c2bd08 Mon Sep 17 00:00:00 2001
+From b9215bbda704a4773de41190a0b2ce004d579bda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jun 2024 20:32:10 +0200
Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use
@@ -13,10 +13,10 @@ Related: RHEL-40924
1 file changed, 17 insertions(+)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 8cc8c1ccd6..14048545db 100644
+index 86bf16356d..539c18f5e0 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
-@@ -4197,6 +4197,7 @@ static int parse_argv(int argc, char *argv[]) {
+@@ -4213,6 +4213,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_IMAGE_POLICY,
ARG_REPLACE,
ARG_DRY_RUN,
@@ -24,7 +24,7 @@ index 8cc8c1ccd6..14048545db 100644
ARG_NO_PAGER,
};
-@@ -4220,10 +4221,18 @@ static int parse_argv(int argc, char *argv[]) {
+@@ -4236,10 +4237,18 @@ static int parse_argv(int argc, char *argv[]) {
{ "replace", required_argument, NULL, ARG_REPLACE },
{ "dry-run", no_argument, NULL, ARG_DRY_RUN },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
@@ -43,7 +43,7 @@ index 8cc8c1ccd6..14048545db 100644
assert(argc >= 0);
assert(argv);
-@@ -4330,6 +4339,10 @@ static int parse_argv(int argc, char *argv[]) {
+@@ -4346,6 +4355,10 @@ static int parse_argv(int argc, char *argv[]) {
arg_dry_run = true;
break;
@@ -54,7 +54,7 @@ index 8cc8c1ccd6..14048545db 100644
case ARG_NO_PAGER:
arg_pager_flags |= PAGER_DISABLE;
break;
-@@ -4349,6 +4362,10 @@ static int parse_argv(int argc, char *argv[]) {
+@@ -4365,6 +4378,10 @@ static int parse_argv(int argc, char *argv[]) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Refusing --purge without specification of a configuration file.");
diff --git a/SOURCES/0047-fedora-use-system-auth-in-pam-systemd-user.patch b/SOURCES/0006-fedora-use-system-auth-in-pam-systemd-user.patch
similarity index 93%
rename from SOURCES/0047-fedora-use-system-auth-in-pam-systemd-user.patch
rename to SOURCES/0006-fedora-use-system-auth-in-pam-systemd-user.patch
index c7a7849..87190b0 100644
--- a/SOURCES/0047-fedora-use-system-auth-in-pam-systemd-user.patch
+++ b/SOURCES/0006-fedora-use-system-auth-in-pam-systemd-user.patch
@@ -1,4 +1,4 @@
-From 79519b922b59c2282223742327cc8d75c7b219d0 Mon Sep 17 00:00:00 2001
+From 992d0ebb01617ecc48a5667527a02f53d33d3c4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 14 Dec 2022 22:24:53 +0100
Subject: [PATCH] fedora: use system-auth in pam systemd-user
diff --git a/SOURCES/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch b/SOURCES/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch
deleted file mode 100644
index 776f109..0000000
--- a/SOURCES/0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 514ef0f93b76cbe0ba6b4de07a7b21fd0c2b7bae Mon Sep 17 00:00:00 2001
-From: q66 <q66@chimera-linux.org>
-Date: Thu, 6 Jun 2024 13:45:48 +0200
-Subject: [PATCH] strbuf: use GREEDY_REALLOC to grow the buffer
-
-This allows us to reserve a bunch of capacity ahead of time,
-improving the performance of hwdb significantly thanks to not
-having to reallocate so many times.
-
-Before:
-```
-$ sudo time valgrind --leak-check=full ./systemd-hwdb update
-==113297== Memcheck, a memory error detector
-==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
-==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
-==113297== Command: ./systemd-hwdb update
-==113297==
-==113297==
-==113297== HEAP SUMMARY:
-==113297== in use at exit: 0 bytes in 0 blocks
-==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated
-==113297==
-==113297== All heap blocks were freed -- no leaks are possible
-==113297==
-==113297== For lists of detected and suppressed errors, rerun with: -s
-==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
-132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k
-0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps
-```
-
-After:
-```
-$ sudo time valgrind --leak-check=full ./systemd-hwdb update
-==112572== Memcheck, a memory error detector
-==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
-==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
-==112572== Command: ./systemd-hwdb update
-==112572==
-==112572==
-==112572== HEAP SUMMARY:
-==112572== in use at exit: 0 bytes in 0 blocks
-==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated
-==112572==
-==112572== All heap blocks were freed -- no leaks are possible
-==112572==
-==112572== For lists of detected and suppressed errors, rerun with: -s
-==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
-21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k
-0inputs+25264outputs (0major+57275minor)pagefaults 0swaps
-```
-
-Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
-(cherry picked from commit 621b10fe2c3203c537996e84c7c89b0ff994ad93)
----
- src/basic/strbuf.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
-index 0617acc8d2..6d43955bb1 100644
---- a/src/basic/strbuf.c
-+++ b/src/basic/strbuf.c
-@@ -107,7 +107,6 @@ static void bubbleinsert(struct strbuf_node *node,
- /* add string, return the index/offset into the buffer */
- ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
- uint8_t c;
-- char *buf_new;
- struct strbuf_child_entry *child;
- struct strbuf_node *node;
- ssize_t off;
-@@ -147,10 +146,8 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
- }
-
- /* add new string */
-- buf_new = realloc(str->buf, str->len + len+1);
-- if (!buf_new)
-+ if (!GREEDY_REALLOC(str->buf, str->len + len + 1))
- return -ENOMEM;
-- str->buf = buf_new;
- off = str->len;
- memcpy(str->buf + off, s, len);
- str->len += len;
diff --git a/SOURCES/0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch b/SOURCES/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
similarity index 93%
rename from SOURCES/0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
rename to SOURCES/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
index 2e5bf6a..4d23050 100644
--- a/SOURCES/0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
+++ b/SOURCES/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
@@ -1,4 +1,4 @@
-From b91be007c4172b50e5ca570c3c3cd64fecbf377b Mon Sep 17 00:00:00 2001
+From bae9a92843339ced3fdca08e094881ff638b6b71 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 25 Jun 2024 14:00:45 +0200
Subject: [PATCH] net-naming-scheme: start rhel10 naming and include rhel8 and
@@ -10,20 +10,21 @@ rhel-only: feature
Resolves: RHEL-22621
---
- man/systemd.net-naming-scheme.xml | 186 ++++++++++++++++++++++++++++++
+ man/systemd.net-naming-scheme.xml | 187 ++++++++++++++++++++++++++++++
man/version-info.xml | 33 ++++++
src/shared/netif-naming-scheme.c | 17 +++
src/shared/netif-naming-scheme.h | 20 ++++
- 4 files changed, 256 insertions(+)
+ 4 files changed, 257 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index ff811c2bd7..690e3d2c27 100644
+index 19967af880..5965f293dc 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
-@@ -525,7 +525,193 @@
+@@ -540,7 +540,194 @@
+ <xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
-
++
+ <varlistentry>
+ <term><constant>rhel-10.0</constant></term>
+
@@ -215,13 +216,13 @@ index ff811c2bd7..690e3d2c27 100644
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd).</para>
diff --git a/man/version-info.xml b/man/version-info.xml
-index bd210b20d3..274450d408 100644
+index 54440febd0..325f6eaa3e 100644
--- a/man/version-info.xml
+++ b/man/version-info.xml
-@@ -81,4 +81,37 @@
- <para id="v255">Added in version 255.</para>
- <para id="v256">Added in version 256.</para>
- <para id="v257">Added in version 257.</para>
+@@ -84,4 +84,37 @@
+ <para id="v258">Added in version 258.</para>
+ <para id="v259">Added in version 259.</para>
+ <para id="v260">Added in version 260.</para>
+ <para id="rhel-8.0">Added in rhel-8.0.</para>
+ <para id="rhel-8.1">Added in rhel-8.1.</para>
+ <para id="rhel-8.2">Added in rhel-8.2.</para>
@@ -257,13 +258,13 @@ index bd210b20d3..274450d408 100644
+ <para id="rhel-10.10">Added in rhel-10.10.</para>
</refsect1>
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
-index 2955b6e8d5..e4d4c0ba88 100644
+index 67b7eb4d90..b85dd3dadf 100644
--- a/src/shared/netif-naming-scheme.c
+++ b/src/shared/netif-naming-scheme.c
-@@ -24,6 +24,23 @@ static const NamingScheme naming_schemes[] = {
- { "v253", NAMING_V253 },
+@@ -25,6 +25,23 @@ static const NamingScheme naming_schemes[] = {
{ "v254", NAMING_V254 },
{ "v255", NAMING_V255 },
+ { "v257", NAMING_V257 },
+ { "rhel-8.0", NAMING_RHEL_8_0 },
+ { "rhel-8.1", NAMING_RHEL_8_1 },
+ { "rhel-8.2", NAMING_RHEL_8_2 },
@@ -285,12 +286,12 @@ index 2955b6e8d5..e4d4c0ba88 100644
EXTRA_NET_NAMING_MAP
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
-index 62afdc514a..b0697c141e 100644
+index 3ab1d752c8..2cf7d3f3ba 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
-@@ -63,6 +63,26 @@ typedef enum NamingSchemeFlags {
- * systemd version 255, naming scheme "v255". */
+@@ -66,6 +66,26 @@ typedef enum NamingSchemeFlags {
NAMING_V255 = NAMING_V254 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
+ NAMING_V257 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN | NAMING_DEVICETREE_PORT_ALIASES,
+ NAMING_RHEL_8_0 = NAMING_V239,
+ NAMING_RHEL_8_1 = NAMING_V239,
@@ -310,7 +311,7 @@ index 62afdc514a..b0697c141e 100644
+ NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
+ NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
+
-+ NAMING_RHEL_10_0 = NAMING_V255,
++ NAMING_RHEL_10_0 = NAMING_V257,
+
EXTRA_NET_NAMING_SCHEMES
diff --git a/SOURCES/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch b/SOURCES/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch
deleted file mode 100644
index 683891a..0000000
--- a/SOURCES/0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 30df42a9277bbf138d52887c9b79e452db425585 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Fri, 17 May 2024 16:20:11 +0200
-Subject: [PATCH] tpm2-setup: Don't fail if we can't access the TPM due to
- authorization failure
-
-The TPM might be password/pin protected for various reasons even if
-there is no SRK yet. Let's handle those cases gracefully instead of
-failing the unit as it is enabled by default.
-
-(cherry picked from commit d6518003f8ebbfb6f85dbf227736ae05b0961199)
----
- catalog/systemd.catalog.in | 13 +++++++++++++
- src/shared/tpm2-util.c | 2 ++
- src/systemd/sd-messages.h | 3 +++
- src/tpm2-setup/tpm2-setup.c | 13 ++++++++++++-
- units/systemd-tpm2-setup-early.service.in | 3 +++
- units/systemd-tpm2-setup.service.in | 3 +++
- 6 files changed, 36 insertions(+), 1 deletion(-)
-
-diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
-index 3c9a6860da..2831152763 100644
---- a/catalog/systemd.catalog.in
-+++ b/catalog/systemd.catalog.in
-@@ -780,3 +780,16 @@ Documentation: https://systemd.io/PORTABLE_SERVICES/
- A Portable Service @PORTABLE_ROOT@ (with extensions: @PORTABLE_EXTENSION@) has been
- detached from the system and is no longer available for use. The list of attached
- Portable Services can be queried with 'portablectl list'.
-+
-+-- ad7089f928ac4f7ea00c07457d47ba8a
-+Subject: Authorization failure while attempting to enroll SRK into TPM
-+Defined-By: systemd
-+Support: %SUPPORT_URL%
-+Documentation: man:systemd-tpm2-setup.service(8)
-+
-+An authorization failure occured while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform
-+Module (TPM). Most likely this means that a PIN/Password (authValue) has been set on the Owner hierarchy of
-+the TPM.
-+
-+Automatic SRK enrollment on TPMs in such scenarios is not supported. In order to unset the PIN/password
-+protection on the owner hierarchy issue a command like the following: 'tpm2_changeauth -c o -p <OLDPW> ""'.
-diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
-index 87ce53cf95..9603f1837e 100644
---- a/src/shared/tpm2-util.c
-+++ b/src/shared/tpm2-util.c
-@@ -2119,6 +2119,8 @@ int tpm2_create_primary(
- /* creationData= */ NULL,
- /* creationHash= */ NULL,
- /* creationTicket= */ NULL);
-+ if (rc == TPM2_RC_BAD_AUTH)
-+ return log_debug_errno(SYNTHETIC_ERRNO(EDEADLK), "Authorization failure while attempting to enroll SRK into TPM.");
- if (rc != TSS2_RC_SUCCESS)
- return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
- "Failed to generate primary key in TPM: %s",
-diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h
-index e3f68068a8..16e9986be3 100644
---- a/src/systemd/sd-messages.h
-+++ b/src/systemd/sd-messages.h
-@@ -272,6 +272,9 @@ _SD_BEGIN_DECLARATIONS;
- #define SD_MESSAGE_PORTABLE_DETACHED SD_ID128_MAKE(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b)
- #define SD_MESSAGE_PORTABLE_DETACHED_STR SD_ID128_MAKE_STR(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b)
-
-+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION SD_ID128_MAKE(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a)
-+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR SD_ID128_MAKE_STR(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a)
-+
- _SD_END_DECLARATIONS;
-
- #endif
-diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
-index 35628fc02a..b95c5e7a58 100644
---- a/src/tpm2-setup/tpm2-setup.c
-+++ b/src/tpm2-setup/tpm2-setup.c
-@@ -3,6 +3,8 @@
- #include <getopt.h>
- #include <unistd.h>
-
-+#include "sd-messages.h"
-+
- #include "build.h"
- #include "fd-util.h"
- #include "fileio.h"
-@@ -223,6 +225,8 @@ static int load_public_key_tpm2(struct public_key_data *ret) {
- /* ret_name= */ NULL,
- /* ret_qname= */ NULL,
- NULL);
-+ if (r == -EDEADLK)
-+ return r;
- if (r < 0)
- return log_error_errno(r, "Failed to get or create SRK: %m");
- if (r > 0)
-@@ -289,6 +293,13 @@ static int run(int argc, char *argv[]) {
- }
-
- r = load_public_key_tpm2(&tpm2_key);
-+ if (r == -EDEADLK) {
-+ log_struct_errno(LOG_INFO, r,
-+ LOG_MESSAGE("Insufficient permissions to access TPM, not generating SRK."),
-+ "MESSAGE_ID=" SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR);
-+ return 76; /* Special return value which means "Insufficient permissions to access TPM,
-+ * cannot generate SRK". This isn't really an error when called at boot. */;
-+ }
- if (r < 0)
- return r;
-
-@@ -383,4 +394,4 @@ static int run(int argc, char *argv[]) {
- return 0;
- }
-
--DEFINE_MAIN_FUNCTION(run);
-+DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);
-diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in
-index 9982c84aba..7fdb99b53f 100644
---- a/units/systemd-tpm2-setup-early.service.in
-+++ b/units/systemd-tpm2-setup-early.service.in
-@@ -21,3 +21,6 @@ ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
- Type=oneshot
- RemainAfterExit=yes
- ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful
-+
-+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
-+SuccessExitStatus=76
-diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in
-index 0af7292528..ac29a76966 100644
---- a/units/systemd-tpm2-setup.service.in
-+++ b/units/systemd-tpm2-setup.service.in
-@@ -22,3 +22,6 @@ ConditionPathExists=!/etc/initrd-release
- Type=oneshot
- RemainAfterExit=yes
- ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful
-+
-+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
-+SuccessExitStatus=76
diff --git a/SOURCES/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch b/SOURCES/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch
deleted file mode 100644
index 47ce5cf..0000000
--- a/SOURCES/0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From ba031f1fe86e36d7adc0340b047de32399c98bf7 Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Fri, 8 Mar 2024 13:40:08 -0700
-Subject: [PATCH] resolved: permit dnssec rrtype questions when we aren't
- validating
-
-This check introduced in 91adc4db33f6 is intended to spare us from
-encountering broken resolver behavior we don't want to deal with.
-However if we aren't validating we more than likely don't know the state
-of the upstream resolver's support for dnssec. Let's let clients try
-these queries if they want.
-
-This brings the behavior of sd-resolved in-line with previouly stated
-change in the meaning of DNSSEC=no, which now means "don't validate"
-rather than "don't validate, because the upstream resolver is declared to
-be dnssec-unaware".
-
-Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
-(cherry picked from commit 364c948707afa097f6ad177b61c2b51a86c0089a)
----
- src/resolve/resolved-dns-server.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
-index 340f11f4f4..b37f541c7f 100644
---- a/src/resolve/resolved-dns-server.c
-+++ b/src/resolve/resolved-dns-server.c
-@@ -706,9 +706,6 @@ bool dns_server_dnssec_supported(DnsServer *server) {
- if (dns_server_get_dnssec_mode(server) == DNSSEC_YES) /* If strict DNSSEC mode is enabled, always assume DNSSEC mode is supported. */
- return true;
-
-- if (!DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(server->possible_feature_level))
-- return false;
--
- if (server->packet_bad_opt)
- return false;
-
diff --git a/SOURCES/0049-rules-copy-40-redhat.rules-from-RHEL-9.patch b/SOURCES/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
similarity index 98%
rename from SOURCES/0049-rules-copy-40-redhat.rules-from-RHEL-9.patch
rename to SOURCES/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
index 2d127b9..5195259 100644
--- a/SOURCES/0049-rules-copy-40-redhat.rules-from-RHEL-9.patch
+++ b/SOURCES/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
@@ -1,4 +1,4 @@
-From ee9a767142ec66b1ca93af9401dc8f723ae59881 Mon Sep 17 00:00:00 2001
+From 53a7f74c61db28b21bab57b9f9b3b068c6a40649 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 12 Jun 2024 14:23:30 +0200
Subject: [PATCH] rules: copy 40-redhat.rules from RHEL 9
diff --git a/SOURCES/0050-logind-set-RemoveIPC-to-false-by-default.patch b/SOURCES/0009-logind-set-RemoveIPC-to-false-by-default.patch
similarity index 89%
rename from SOURCES/0050-logind-set-RemoveIPC-to-false-by-default.patch
rename to SOURCES/0009-logind-set-RemoveIPC-to-false-by-default.patch
index f2a4438..328a578 100644
--- a/SOURCES/0050-logind-set-RemoveIPC-to-false-by-default.patch
+++ b/SOURCES/0009-logind-set-RemoveIPC-to-false-by-default.patch
@@ -1,4 +1,4 @@
-From 6e4f0c54b24080fb57261a54a4e26b64f806f40d Mon Sep 17 00:00:00 2001
+From bb8e0604ab3033d5436b1ea7b2bdfde077208f58 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 10:58:28 +0200
Subject: [PATCH] logind: set RemoveIPC to false by default
@@ -13,10 +13,10 @@ Related: RHEL-40924
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
-index c52431fd41..bb5e13bfd9 100644
+index 66240b58fe..3265b134e0 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
-@@ -374,7 +374,7 @@
+@@ -376,7 +376,7 @@
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
@@ -26,7 +26,7 @@ index c52431fd41..bb5e13bfd9 100644
<xi:include href="version-info.xml" xpointer="v212"/></listitem>
</varlistentry>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
-index 71e4247a79..26250c5704 100644
+index fad276f195..5c05afb197 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) {
@@ -39,10 +39,10 @@ index 71e4247a79..26250c5704 100644
m->user_stop_delay = 10 * USEC_PER_SEC;
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
-index b62458ec3c..dc798bea2d 100644
+index 2e06b9a050..d6f6938867 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
-@@ -46,7 +46,7 @@
+@@ -47,7 +47,7 @@
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodesMax=
diff --git a/SOURCES/0009-repart-Use-crypt_reencrypt_run-if-available.patch b/SOURCES/0009-repart-Use-crypt_reencrypt_run-if-available.patch
deleted file mode 100644
index 135eb65..0000000
--- a/SOURCES/0009-repart-Use-crypt_reencrypt_run-if-available.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 70f5fb2f7ab585458008b1d3144e4ebaf98db42e Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Sun, 2 Jun 2024 16:24:52 +0200
-Subject: [PATCH] repart: Use crypt_reencrypt_run() if available
-
-crypt_reencrypt() is deprecated, so let's look for and prefer
-crypt_reencrypt_run() if it is available.
-
-(cherry picked from commit b99b2941276a74878a23470b36c75b0c21dbdd4a)
----
- meson.build | 1 +
- src/partition/repart.c | 6 +++++-
- src/shared/cryptsetup-util.c | 19 ++++++++-----------
- src/shared/cryptsetup-util.h | 6 +++---
- 4 files changed, 17 insertions(+), 15 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index ea4e12aa1c..e42151998b 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size',
- 'crypt_token_max',
- 'crypt_reencrypt_init_by_passphrase',
- 'crypt_reencrypt',
-+ 'crypt_reencrypt_run',
- 'crypt_set_data_offset',
- 'crypt_set_keyring_to_link',
- 'crypt_resume_by_volume_key']
-diff --git a/src/partition/repart.c b/src/partition/repart.c
-index 6f67d46025..2ecae4ca03 100644
---- a/src/partition/repart.c
-+++ b/src/partition/repart.c
-@@ -3913,7 +3913,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget
- }
-
- static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) {
--#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT
-+#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT)
- const char *node = partition_target_path(target);
- struct crypt_params_luks2 luks_params = {
- .label = strempty(ASSERT_PTR(p)->new_label),
-@@ -4220,7 +4220,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
- if (r < 0)
- return log_error_errno(r, "Failed to load reencryption context: %m");
-
-+#if HAVE_CRYPT_REENCRYPT_RUN
-+ r = sym_crypt_reencrypt_run(cd, NULL, NULL);
-+#else
- r = sym_crypt_reencrypt(cd, NULL);
-+#endif
- if (r < 0)
- return log_error_errno(r, "Failed to encrypt %s: %m", node);
- } else {
-diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
-index 288e6e8942..d0dd434df8 100644
---- a/src/shared/cryptsetup-util.c
-+++ b/src/shared/cryptsetup-util.c
-@@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get);
- #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
- DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase);
- #endif
--#if HAVE_CRYPT_REENCRYPT
--DISABLE_WARNING_DEPRECATED_DECLARATIONS;
-+#if HAVE_CRYPT_REENCRYPT_RUN
-+DLSYM_FUNCTION(crypt_reencrypt_run);
-+#elif HAVE_CRYPT_REENCRYPT
- DLSYM_FUNCTION(crypt_reencrypt);
--REENABLE_WARNING;
- #endif
- DLSYM_FUNCTION(crypt_metadata_locking);
- #if HAVE_CRYPT_SET_DATA_OFFSET
-@@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) {
-
- /* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
- * crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
-- * still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the
-- * old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off
-- * warnings about this for now. */
--
-- DISABLE_WARNING_DEPRECATED_DECLARATIONS;
-+ * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
-+ * symbol if the new one is not available. */
-
- ELF_NOTE_DLOPEN("cryptsetup",
- "Support for disk encryption, integrity, and authentication",
-@@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) {
- #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
- DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
- #endif
--#if HAVE_CRYPT_REENCRYPT
-+#if HAVE_CRYPT_REENCRYPT_RUN
-+ DLSYM_ARG(crypt_reencrypt_run),
-+#elif HAVE_CRYPT_REENCRYPT
- DLSYM_ARG(crypt_reencrypt),
- #endif
- DLSYM_ARG(crypt_metadata_locking),
-@@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) {
- if (r <= 0)
- return r;
-
-- REENABLE_WARNING;
--
- /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
- * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
- * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
-diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
-index f00ac367b6..d255e59004 100644
---- a/src/shared/cryptsetup-util.h
-+++ b/src/shared/cryptsetup-util.h
-@@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get);
- #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
- DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
- #endif
--#if HAVE_CRYPT_REENCRYPT
--DISABLE_WARNING_DEPRECATED_DECLARATIONS;
-+#if HAVE_CRYPT_REENCRYPT_RUN
-+DLSYM_PROTOTYPE(crypt_reencrypt_run);
-+#elif HAVE_CRYPT_REENCRYPT
- DLSYM_PROTOTYPE(crypt_reencrypt);
--REENABLE_WARNING;
- #endif
- DLSYM_PROTOTYPE(crypt_metadata_locking);
- #if HAVE_CRYPT_SET_DATA_OFFSET
diff --git a/SOURCES/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch b/SOURCES/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch
deleted file mode 100644
index 315a5ff..0000000
--- a/SOURCES/0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-From 4a468387acbc8a2bd51bffaeca242e415e55b614 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <frantisek@sumsal.cz>
-Date: Wed, 12 Jun 2024 12:09:25 +0200
-Subject: [PATCH] test: dump a simple summary at the end of TEST-02-UNITTEST
-
-Let's dump a list of skipped tests and logs from failed tests at the end
-of TEST-02-UNITTEST to make debugging fails in CI slightly less painful.
-
-(cherry picked from commit 2ac0e52f29eb5f0040882fc46bcfa369893577f3)
----
- test/TEST-02-UNITTESTS/test.sh | 8 ----
- test/test-functions | 68 ---------------------------------
- test/units/TEST-02-UNITTESTS.sh | 14 +++++++
- 3 files changed, 14 insertions(+), 76 deletions(-)
-
-diff --git a/test/TEST-02-UNITTESTS/test.sh b/test/TEST-02-UNITTESTS/test.sh
-index f165c99368..2cf9c31096 100755
---- a/test/TEST-02-UNITTESTS/test.sh
-+++ b/test/TEST-02-UNITTESTS/test.sh
-@@ -37,12 +37,4 @@ test_append_files() {
- fi
- }
-
--check_result_nspawn() {
-- check_result_nspawn_unittests "${1}"
--}
--
--check_result_qemu() {
-- check_result_qemu_unittests
--}
--
- do_test "$@"
-diff --git a/test/test-functions b/test/test-functions
-index be6eb1d9b2..8b497b2e27 100644
---- a/test/test-functions
-+++ b/test/test-functions
-@@ -1860,74 +1860,6 @@ check_result_qemu() {
- return $ret
- }
-
--check_result_nspawn_unittests() {
-- local workspace="${1:?}"
-- local ret=1
--
-- [[ -e "$workspace/testok" ]] && ret=0
--
-- if [[ -s "$workspace/failed" ]]; then
-- ret=$((ret + 1))
-- echo "=== Failed test log ==="
-- cat "$workspace/failed"
-- else
-- if [[ -s "$workspace/skipped" ]]; then
-- echo "=== Skipped test log =="
-- cat "$workspace/skipped"
-- # We might have only skipped tests - that should not fail the job
-- ret=0
-- fi
-- if [[ -s "$workspace/testok" ]]; then
-- echo "=== Passed tests ==="
-- cat "$workspace/testok"
-- fi
-- fi
--
-- get_bool "${TIMED_OUT:=}" && ret=1
-- check_coverage_reports "$workspace" || ret=5
--
-- save_journal "$workspace/var/log/journal" $ret
-- echo "${JOURNAL_LIST:-"No journals were saved"}"
--
-- _umount_dir "${initdir:?}"
--
-- return $ret
--}
--
--check_result_qemu_unittests() {
-- local ret=1
--
-- mount_initdir
-- [[ -e "${initdir:?}/testok" ]] && ret=0
--
-- if [[ -s "$initdir/failed" ]]; then
-- ret=$((ret + 1))
-- echo "=== Failed test log ==="
-- cat "$initdir/failed"
-- else
-- if [[ -s "$initdir/skipped" ]]; then
-- echo "=== Skipped test log =="
-- cat "$initdir/skipped"
-- # We might have only skipped tests - that should not fail the job
-- ret=0
-- fi
-- if [[ -s "$initdir/testok" ]]; then
-- echo "=== Passed tests ==="
-- cat "$initdir/testok"
-- fi
-- fi
--
-- get_bool "${TIMED_OUT:=}" && ret=1
-- check_coverage_reports "$initdir" || ret=5
--
-- save_journal "$initdir/var/log/journal" $ret
-- echo "${JOURNAL_LIST:-"No journals were saved"}"
--
-- _umount_dir "$initdir"
--
-- return $ret
--}
--
- create_rc_local() {
- dinfo "Create rc.local"
- mkdir -p "${initdir:?}/etc/rc.d"
-diff --git a/test/units/TEST-02-UNITTESTS.sh b/test/units/TEST-02-UNITTESTS.sh
-index 6392425130..4448643f9a 100755
---- a/test/units/TEST-02-UNITTESTS.sh
-+++ b/test/units/TEST-02-UNITTESTS.sh
-@@ -95,6 +95,20 @@ export -f run_test
- find /usr/lib/systemd/tests/unit-tests/ -maxdepth 1 -type f -name "${TESTS_GLOB}" -print0 |
- xargs -0 -I {} --max-procs="$MAX_QUEUE_SIZE" bash -ec "run_test {}"
-
-+# Write all pending messages, so they don't get mixed with the summaries below
-+journalctl --sync
-+
-+# No need for full test logs in this case
-+if [[ -s /skipped-tests ]]; then
-+ : "=== SKIPPED TESTS ==="
-+ cat /skipped-tests
-+fi
-+
-+if [[ -s /failed ]]; then
-+ : "=== FAILED TESTS ==="
-+ cat /failed
-+fi
-+
- # Test logs are sometimes lost, as the system shuts down immediately after
- journalctl --sync
-
diff --git a/SOURCES/0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/SOURCES/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
similarity index 78%
rename from SOURCES/0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
rename to SOURCES/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
index beb127b..44ce976 100644
--- a/SOURCES/0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
+++ b/SOURCES/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
@@ -1,4 +1,4 @@
-From ed416f79aac6c1136f5d20a19cfc20c2709ab314 Mon Sep 17 00:00:00 2001
+From 04aacb1500c8625db8ec30d3cbeaacaf337653ad Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 5 Aug 2021 17:11:47 +0200
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
@@ -14,20 +14,20 @@ Related: RHEL-40924
delete mode 100644 tmpfiles.d/systemd-resolve.conf
diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
-index bec24ac7b4..55ce48979d 100644
+index 19eb6d9c99..4335f7c130 100644
--- a/tmpfiles.d/meson.build
+++ b/tmpfiles.d/meson.build
-@@ -10,7 +10,6 @@ files = [['README', ''],
+@@ -12,7 +12,6 @@ files = [['README'],
['systemd-nologin.conf', 'HAVE_PAM'],
['systemd-nspawn.conf', 'ENABLE_MACHINED'],
['systemd-pstore.conf', 'ENABLE_PSTORE'],
- ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
- ['systemd-tmp.conf', ''],
- ['tmp.conf', ''],
- ['x11.conf', ''],
+ ['systemd-tmp.conf'],
+ ['tmp.conf'],
+ ['x11.conf'],
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
deleted file mode 100644
-index cb1c56d6a6..0000000000
+index be5edc98e0..0000000000
--- a/tmpfiles.d/systemd-resolve.conf
+++ /dev/null
@@ -1,10 +0,0 @@
@@ -38,6 +38,6 @@ index cb1c56d6a6..0000000000
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
--# See tmpfiles.d(5) for details
+-# See tmpfiles.d(5) for details.
-
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
diff --git a/SOURCES/0052-rc-local-order-after-network-online.target.patch b/SOURCES/0011-rc-local-order-after-network-online.target.patch
similarity index 92%
rename from SOURCES/0052-rc-local-order-after-network-online.target.patch
rename to SOURCES/0011-rc-local-order-after-network-online.target.patch
index d8c1298..99ed7aa 100644
--- a/SOURCES/0052-rc-local-order-after-network-online.target.patch
+++ b/SOURCES/0011-rc-local-order-after-network-online.target.patch
@@ -1,4 +1,4 @@
-From 49241b42effa3684b485a8b90e5b4256a6223971 Mon Sep 17 00:00:00 2001
+From f1c96726a753198321ce124c413476d6eb1b2d43 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target
diff --git a/SOURCES/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch b/SOURCES/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch
deleted file mode 100644
index 8afa8c8..0000000
--- a/SOURCES/0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From d316aed5d8e15fb5b13b5618f1b2d1d020b1e7bf Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Mon, 3 Jun 2024 12:35:29 +0200
-Subject: [PATCH] repart: Use CRYPT_ACTIVATE_PRIVATE
-
-Let's skip udev device scanning when activating a LUKS volume in
-systemd-repart as we don't depend on any udev symlinks and don't
-expect anything except repart to access the volume.
-
-Suggested by https://github.com/systemd/systemd/issues/33129#issuecomment-2143390941.
-
-(cherry picked from commit 726fc7ae696510b04c24810f691d34f5d20529d6)
----
- src/partition/repart.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/partition/repart.c b/src/partition/repart.c
-index 2ecae4ca03..78cf60f724 100644
---- a/src/partition/repart.c
-+++ b/src/partition/repart.c
-@@ -4236,7 +4236,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
- dm_name,
- NULL,
- VOLUME_KEY_SIZE,
-- arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
-+ (arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0) | CRYPT_ACTIVATE_PRIVATE);
- if (r < 0)
- return log_error_errno(r, "Failed to activate LUKS superblock: %m");
-
diff --git a/SOURCES/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch b/SOURCES/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch
deleted file mode 100644
index 13f9173..0000000
--- a/SOURCES/0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4ebcdcb1360dbb10444f518bad7f04e10bcb6387 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Tue, 11 Jun 2024 23:09:30 +0100
-Subject: [PATCH] NEWS: note that new stable releases will be in the main repo
-
-(cherry picked from commit 40d637bace4041f081088673cb230669c1e34faf)
----
- NEWS | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 02ad8b2c79..bbee0852be 100644
---- a/NEWS
-+++ b/NEWS
-@@ -81,6 +81,11 @@ CHANGES WITH 256:
- * systemd.crash_reboot and related settings are deprecated in favor of
- systemd.crash_action=.
-
-+ * Stable releases for version v256 and newer will now be pushed in the
-+ main repository. The systemd-stable repository will be used for existing
-+ stable branches (v255-stable and lower), and when they reach EOL it will
-+ be archived.
-+
- General Changes and New Features:
-
- * Various programs will now attempt to load the main configuration file
diff --git a/SOURCES/0053-random-util-increase-random-seed-size-to-1024.patch b/SOURCES/0012-random-util-increase-random-seed-size-to-1024.patch
similarity index 79%
rename from SOURCES/0053-random-util-increase-random-seed-size-to-1024.patch
rename to SOURCES/0012-random-util-increase-random-seed-size-to-1024.patch
index f1710ba..09ca3e9 100644
--- a/SOURCES/0053-random-util-increase-random-seed-size-to-1024.patch
+++ b/SOURCES/0012-random-util-increase-random-seed-size-to-1024.patch
@@ -1,4 +1,4 @@
-From 9a6ef20bab1411570b3af6f6bbdb1a299ea8e73a Mon Sep 17 00:00:00 2001
+From bb9588c6bef5d4ec69665e30a7ae142ce02d5935 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jul 2021 11:15:17 +0200
Subject: [PATCH] random-util: increase random seed size to 1024
@@ -11,10 +11,10 @@ Related: RHEL-40924
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
-index b1a4d10971..08b1a3599a 100644
+index 0b5ba77190..4118b77864 100644
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
-@@ -21,7 +21,7 @@ static inline uint32_t random_u32(void) {
+@@ -23,7 +23,7 @@ static inline uint32_t random_u32(void) {
}
/* Some limits on the pool sizes when we deal with the kernel random pool */
diff --git a/SOURCES/0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/SOURCES/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
similarity index 92%
rename from SOURCES/0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch
rename to SOURCES/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
index 3d95209..6d03578 100644
--- a/SOURCES/0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch
+++ b/SOURCES/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
@@ -1,4 +1,4 @@
-From 15465a4a302c4379746a21ef7b7fb9a9bfea9297 Mon Sep 17 00:00:00 2001
+From 5a60eea4b59d1ec3620726c9307ce32f91f8bb3d Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 2 May 2019 14:11:54 +0200
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
diff --git a/SOURCES/0013-shell-completion-only-offer-devices-for-completion.patch b/SOURCES/0013-shell-completion-only-offer-devices-for-completion.patch
deleted file mode 100644
index 4d871f8..0000000
--- a/SOURCES/0013-shell-completion-only-offer-devices-for-completion.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 2034de6157cc0d3e60489cdc16c7a5651f38783c Mon Sep 17 00:00:00 2001
-From: David Tardon <dtardon@redhat.com>
-Date: Wed, 12 Jun 2024 14:35:34 +0200
-Subject: [PATCH] shell-completion: only offer devices for completion
-
-This skips directories and other stuff like /dev/core, /dev/initctl or
-/dev/log.
-
-(cherry picked from commit bde35f4a91663ebb854330f582baeef0f9adcbfb)
----
- shell-completion/bash/udevadm | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/shell-completion/bash/udevadm b/shell-completion/bash/udevadm
-index 05f921cf49..3842d722e7 100644
---- a/shell-completion/bash/udevadm
-+++ b/shell-completion/bash/udevadm
-@@ -32,10 +32,7 @@ __get_all_sysdevs() {
- }
-
- __get_all_device_nodes() {
-- local i
-- for i in /dev/* /dev/*/* /dev/*/*/*; do
-- echo $i
-- done
-+ find /dev -xtype b -o -xtype c
- }
-
- __get_all_device_units() {
diff --git a/SOURCES/0014-CODING_STYLE-document-reterr_-return-parameters.patch b/SOURCES/0014-CODING_STYLE-document-reterr_-return-parameters.patch
deleted file mode 100644
index 9a94776..0000000
--- a/SOURCES/0014-CODING_STYLE-document-reterr_-return-parameters.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From a61a83a22b5f464463f9ab9e3ee3950f299c9f43 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 12 Jun 2024 18:31:56 +0200
-Subject: [PATCH] CODING_STYLE: document "reterr_" return parameters
-
-In some recent PRs (e.g. #32628) I started to systematically name return
-parameters that shall only be initialized on failure (because they carry
-additional error meta information, such as the line/column number of
-parse failures or so). Let's make this official in the coding style.
-
-(cherry picked from commit 7811864b08393eda5ff92145ea2776180d9b28ee)
----
- docs/CODING_STYLE.md | 62 ++++++++++++++++++++++++++++++++++----------
- 1 file changed, 48 insertions(+), 14 deletions(-)
-
-diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
-index 8f687e6662..309436a397 100644
---- a/docs/CODING_STYLE.md
-+++ b/docs/CODING_STYLE.md
-@@ -164,30 +164,64 @@ SPDX-License-Identifier: LGPL-2.1-or-later
- thread. Use `is_main_thread()` to detect whether the calling thread is the
- main thread.
-
--- Do not write functions that clobber call-by-reference variables on
-- failure. Use temporary variables for these cases and change the passed in
-- variables only on success. The rule is: never clobber return parameters on
-- failure, always initialize return parameters on success.
--
--- Typically, function parameters fit into three categories: input parameters,
-- mutable objects, and call-by-reference return parameters. Input parameters
-- should always carry suitable "const" declarators if they are pointers, to
-- indicate they are input-only and not changed by the function. Return
-- parameters are best prefixed with "ret_", to clarify they are return
-- parameters. (Conversely, please do not prefix parameters that aren't
-- output-only with "ret_", in particular not mutable parameters that are both
-- input as well as output). Example:
-+- Typically, function parameters fit into four categories: input parameters,
-+ mutable objects, call-by-reference return parameters that are initialized on
-+ success, and call-by-reference return parameters that are initialized on
-+ failure. Input parameters should always carry suitable `const` declarators if
-+ they are pointers, to indicate they are input-only and not changed by the
-+ function. The name of return parameters that are initialized on success
-+ should be prefixed with `ret_`, to clarify they are return parameters. The
-+ name of return parameters that are initialized on failure should be prefixed
-+ with `reterr_`. (Examples of such parameters: those which carry additional
-+ error information, such as the row/column of parse errors or so). –
-+ Conversely, please do not prefix parameters that aren't output-only with
-+ `ret_` or `reterr_`, in particular not mutable parameters that are both input
-+ as well as output.
-+
-+ Example:
-
- ```c
- static int foobar_frobnicate(
- Foobar* object, /* the associated mutable object */
- const char *input, /* immutable input parameter */
-- char **ret_frobnicated) { /* return parameter */
-+ char **ret_frobnicated, /* return parameter on success */
-+ unsigned *reterr_line, /* return parameter on failure */
-+ unsigned *reterr_column) { /* ditto */
- …
- return 0;
- }
- ```
-
-+- Do not write functions that clobber call-by-reference success return
-+ parameters on failure (i.e. `ret_xyz`, see above), or that clobber
-+ call-by-reference failure return parameters on success
-+ (i.e. `reterr_xyz`). Use temporary variables for these cases and change the
-+ passed in variables only in the right condition. The rule is: never clobber
-+ success return parameters on failure, always initialize success return
-+ parameters on success (and the reverse for failure return parameters, of
-+ course).
-+
-+- Please put `reterr_` return parameters in the function parameter list last,
-+ and `ret_` return parameters immediately before that.
-+
-+ Good:
-+
-+ ```c
-+ static int do_something(
-+ const char *input,
-+ const char *ret_on_success,
-+ const char *reterr_on_failure);
-+ ```
-+
-+ Not good:
-+
-+ ```c
-+ static int do_something(
-+ const char *reterr_on_failure,
-+ const char *ret_on_success,
-+ const char *input);
-+ ```
-+
- - The order in which header files are included doesn't matter too
- much. systemd-internal headers must not rely on an include order, so it is
- safe to include them in any order possible. However, to not clutter global
diff --git a/SOURCES/0055-journald.conf-don-t-touch-current-audit-settings.patch b/SOURCES/0014-journald.conf-don-t-touch-current-audit-settings.patch
similarity index 83%
rename from SOURCES/0055-journald.conf-don-t-touch-current-audit-settings.patch
rename to SOURCES/0014-journald.conf-don-t-touch-current-audit-settings.patch
index fe1a827..94fef45 100644
--- a/SOURCES/0055-journald.conf-don-t-touch-current-audit-settings.patch
+++ b/SOURCES/0014-journald.conf-don-t-touch-current-audit-settings.patch
@@ -1,4 +1,4 @@
-From b340b4c797599aa444f9dbf07c6ef7ea29021604 Mon Sep 17 00:00:00 2001
+From 1ee56a7495a28b9479f49d664a56e1be8ee0f4b4 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 5 Aug 2021 15:26:13 +0200
Subject: [PATCH] journald.conf: don't touch current audit settings
@@ -11,7 +11,7 @@ Related: RHEL-40924
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/journal/journald.conf b/src/journal/journald.conf
-index 13cdd6300f..fc307c53c2 100644
+index 9a12ca7657..fe519f03e2 100644
--- a/src/journal/journald.conf
+++ b/src/journal/journald.conf
@@ -47,4 +47,4 @@
diff --git a/SOURCES/0015-analyze-show-pcrs-also-in-sha384-bank.patch b/SOURCES/0015-analyze-show-pcrs-also-in-sha384-bank.patch
deleted file mode 100644
index c94137a..0000000
--- a/SOURCES/0015-analyze-show-pcrs-also-in-sha384-bank.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 51390a1f41a762ef96d3c496d8a5d890d722907d Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Tue, 4 Jun 2024 11:02:34 +0200
-Subject: [PATCH] analyze: show pcrs also in sha384 bank
-
-SHA384 is pretty much the bank we actually *want* to use, since it's
-faster to calculate than SHA256, hence at the very least, start
-considering.
-
-(cherry picked from commit acaca5ab250a51be6ba07768bee80bf0f7b462fa)
----
- src/analyze/analyze-pcrs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c
-index 43e415fc6d..1c3da3fd84 100644
---- a/src/analyze/analyze-pcrs.c
-+++ b/src/analyze/analyze-pcrs.c
-@@ -11,7 +11,7 @@
- static int get_pcr_alg(const char **ret) {
- assert(ret);
-
-- FOREACH_STRING(alg, "sha256", "sha1") {
-+ FOREACH_STRING(alg, "sha256", "sha384", "sha1") {
- _cleanup_free_ char *p = NULL;
-
- if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/0", alg) < 0)
diff --git a/SOURCES/0056-rules-add-elevator-kernel-command-line-parameter.patch b/SOURCES/0015-rules-add-elevator-kernel-command-line-parameter.patch
similarity index 96%
rename from SOURCES/0056-rules-add-elevator-kernel-command-line-parameter.patch
rename to SOURCES/0015-rules-add-elevator-kernel-command-line-parameter.patch
index 58c8c31..532db99 100644
--- a/SOURCES/0056-rules-add-elevator-kernel-command-line-parameter.patch
+++ b/SOURCES/0015-rules-add-elevator-kernel-command-line-parameter.patch
@@ -1,4 +1,4 @@
-From 3847259c117fd511043a60400233ca9d1af1b5ce Mon Sep 17 00:00:00 2001
+From 9a50ecbb2ce61e7679b9e30c16cd9e18f3004e7c Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 12 Feb 2019 16:58:16 +0100
Subject: [PATCH] rules: add elevator= kernel command line parameter
diff --git a/SOURCES/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch b/SOURCES/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch
deleted file mode 100644
index 44ebc9b..0000000
--- a/SOURCES/0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 3706b5e8e92fe6a4ff21cefe66f2eb27953a3fdf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <cristian@rodriguez.im>
-Date: Thu, 13 Jun 2024 11:59:28 -0400
-Subject: [PATCH] fundamental: declare flex array updated for gcc15 and clang
- 19
-
-Silly workaround that:
-- allowed flexible arrays in unions
-- allowed flexible arrays in otherwise empty structs
-
-Is no longer needed since https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=adb1c8a0f167c3a1f7593d75f5a10eb07a5d741a
-(GCC15) or clang 19 https://github.com/llvm/llvm-project/commit/14ba782a87e16e9e15460a51f50e67e2744c26d9
-
-(cherry picked from commit 3c2f2146f50c75662987541719bedc4aee9df939)
----
- src/fundamental/macro-fundamental.h | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
-index 5ccbda5186..8aca5f784a 100644
---- a/src/fundamental/macro-fundamental.h
-+++ b/src/fundamental/macro-fundamental.h
-@@ -517,6 +517,10 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) {
- } \
- }
-
-+/* Restriction/bug (see above) was fixed in GCC 15 and clang 19.*/
-+#if __GNUC__ >= 15 || (defined(__clang__) && __clang_major__ >= 19)
-+#define DECLARE_FLEX_ARRAY(type, name) type name[];
-+#else
- /* Declare a flexible array usable in a union.
- * This is essentially a work-around for a pointless constraint in C99
- * and might go away in some future version of the standard.
-@@ -528,6 +532,7 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) {
- dummy_t __empty__ ## name; \
- type name[]; \
- }
-+#endif
-
- /* Declares an ELF read-only string section that does not occupy memory at runtime. */
- #define DECLARE_NOALLOC_SECTION(name, text) \
diff --git a/SOURCES/0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/SOURCES/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
similarity index 94%
rename from SOURCES/0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
rename to SOURCES/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
index a10993c..a245bf4 100644
--- a/SOURCES/0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+++ b/SOURCES/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
@@ -1,4 +1,4 @@
-From 5725d315940804ba80468e6e3b6ea4653587f109 Mon Sep 17 00:00:00 2001
+From 051e7668f89db42292bd5b060fdda07e6232effd Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 13:19:39 +0200
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
@@ -15,10 +15,10 @@ Related: RHEL-40924
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
-index ae5b61b149..22919842f5 100644
+index 580da9d75f..297838eaa4 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
-@@ -520,10 +520,10 @@
+@@ -230,10 +230,10 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
@@ -32,7 +32,7 @@ index ae5b61b149..22919842f5 100644
<xi:include href="version-info.xml" xpointer="v228"/></listitem>
diff --git a/src/core/manager.c b/src/core/manager.c
-index 90e72b0c02..8ddf37fdad 100644
+index f21a4f7ceb..485fdd1a66 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -117,7 +117,7 @@
diff --git a/SOURCES/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch b/SOURCES/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch
deleted file mode 100644
index a7a5afc..0000000
--- a/SOURCES/0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From aedeaf745028a463150fd6d2b1aca778797735ac Mon Sep 17 00:00:00 2001
-From: Nick Rosbrook <enr0n@ubuntu.com>
-Date: Fri, 14 Jun 2024 17:31:22 -0400
-Subject: [PATCH] man: add a bit of a warning to systemd-tmpfiles --purge
-
-Mention that by default, /home is managed by tmpfiles.d/home.conf, and
-recommend that users run systemd-tmpfiles --dry-run --purge first to
-see exactly what will be removed.
-
-(cherry picked from commit 9ebcac3b5125a8b0b11f371731ea167cd4684adc)
----
- man/systemd-tmpfiles.xml | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
-index 008bff62da..6f3ec66611 100644
---- a/man/systemd-tmpfiles.xml
-+++ b/man/systemd-tmpfiles.xml
-@@ -150,7 +150,11 @@
- <varlistentry>
- <term><option>--purge</option></term>
- <listitem><para>If this option is passed, all files and directories created by a
-- <filename>tmpfiles.d/</filename> entry will be deleted.</para>
-+ <filename>tmpfiles.d/</filename> entry will be deleted. Keep in mind that by default,
-+ <filename>/home</filename> is created by <command>systemd-tmpfiles</command>
-+ (see <filename>/usr/lib/tmpfiles.d/home.conf</filename>). Therefore it is recommended
-+ to first run <command>systemd-tmpfiles --dry-run --purge</command> to be certain which files
-+ and directories will be deleted.</para>
-
- <xi:include href="version-info.xml" xpointer="v256"/></listitem>
- </varlistentry>
diff --git a/SOURCES/0058-udev-net-setup-link-change-the-default-MACAddressPol.patch b/SOURCES/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
similarity index 89%
rename from SOURCES/0058-udev-net-setup-link-change-the-default-MACAddressPol.patch
rename to SOURCES/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
index 4929912..565098e 100644
--- a/SOURCES/0058-udev-net-setup-link-change-the-default-MACAddressPol.patch
+++ b/SOURCES/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
@@ -1,4 +1,4 @@
-From 2b9b38af0bd6f15d316869022ad296f5927f2d2b Mon Sep 17 00:00:00 2001
+From 053b814d8f22c15e07f25ce5820d27a25d80a68b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 15:01:19 +0200
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
@@ -19,7 +19,7 @@ Related: RHEL-40924
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
-index 3991d91881..0002eb3617 100644
+index 81d54cdc39..cfdad61741 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -1386,7 +1386,7 @@ OriginalName=*
@@ -32,13 +32,13 @@ index 3991d91881..0002eb3617 100644
<example>
diff --git a/network/99-default.link b/network/99-default.link
-index 56030b62be..5628dcf845 100644
+index 083dca48c9..e64ac7efec 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -12,4 +12,4 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
- AlternativeNamesPolicy=database onboard slot path
+ AlternativeNamesPolicy=database onboard slot path mac
-MACAddressPolicy=persistent
+MACAddressPolicy=none
diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
diff --git a/SOURCES/0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/SOURCES/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
similarity index 79%
rename from SOURCES/0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch
rename to SOURCES/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
index 6422fc2..775a290 100644
--- a/SOURCES/0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch
+++ b/SOURCES/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
@@ -1,4 +1,4 @@
-From 74151c1fd19cbd73f2a6d1c2f84eac9bb73eac7e Mon Sep 17 00:00:00 2001
+From 06b4116be34987c24502088bcff404621ea658fa Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 22 Feb 2022 13:24:11 +0100
Subject: [PATCH] core: decrease log level of messages about use of
@@ -13,10 +13,10 @@ Related: RHEL-40924
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index 5ae68886af..d4c006eb87 100644
+index f34c930f4e..b46f53f157 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
-@@ -868,7 +868,7 @@ int config_parse_kill_mode(
+@@ -871,7 +871,7 @@ int config_parse_kill_mode(
}
if (m == KILL_NONE)
@@ -26,15 +26,15 @@ index 5ae68886af..d4c006eb87 100644
"This is unsafe, as it disables systemd's process lifecycle management for the service. "
"Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
diff --git a/src/core/unit.c b/src/core/unit.c
-index 2d40618fcb..0ec5dcaf75 100644
+index 0d88f4f641..1a5fffcc15 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
-@@ -5867,7 +5867,7 @@ int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata)
+@@ -5914,7 +5914,7 @@ static int unit_log_leftover_process_start(const PidRef *pid, int sig, void *use
/* During start we print a warning */
-- log_unit_warning(userdata,
-+ log_unit_debug(userdata,
+- log_unit_warning(u,
++ log_unit_debug(u,
"Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
"This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
pid->pid, strna(comm));
diff --git a/SOURCES/0018-man-units-drop-temporary-from-description-of-systemd.patch b/SOURCES/0018-man-units-drop-temporary-from-description-of-systemd.patch
deleted file mode 100644
index 207204d..0000000
--- a/SOURCES/0018-man-units-drop-temporary-from-description-of-systemd.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 1a0e6961cfaed42bda542e111738c136f7b4d73f Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Sat, 15 Jun 2024 17:27:33 +0200
-Subject: [PATCH] man,units: drop "temporary" from description of
- systemd-tmpfiles
-
-Historically, systemd-tmpfiles was designed to manager temporary
-files, but nowadays it has become a generic tool for managing
-all kinds of files. To avoid user confusion, let's remove "temporary"
-from the tool's description.
-
-As discussed in #33349
-
-(cherry picked from commit b5c8cc0a3b8e4e2fea0539d6420a76b524ea5735)
----
- man/systemd-tmpfiles.xml | 8 +++++---
- units/systemd-tmpfiles-setup.service | 2 +-
- units/user/systemd-tmpfiles-setup.service | 2 +-
- 3 files changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
-index 6f3ec66611..9767aead85 100644
---- a/man/systemd-tmpfiles.xml
-+++ b/man/systemd-tmpfiles.xml
-@@ -55,9 +55,11 @@
- <refsect1>
- <title>Description</title>
-
-- <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
-- and directories, using the configuration file format and location specified in
-- <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
-+ <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up files and directories, using
-+ the configuration file format and location specified in
-+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-+ Historically, it was designed to manage volatile and temporary files, as the name suggests, but it provides
-+ generic file management functionality and can be used to manage any kind of files. It must
- be invoked with one or more commands <option>--create</option>, <option>--remove</option>, and
- <option>--clean</option>, to select the respective subset of operations.</para>
-
-diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service
-index 6cae32850f..b92beb7314 100644
---- a/units/systemd-tmpfiles-setup.service
-+++ b/units/systemd-tmpfiles-setup.service
-@@ -8,7 +8,7 @@
- # (at your option) any later version.
-
- [Unit]
--Description=Create Volatile Files and Directories
-+Description=Create System Files and Directories
- Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
-
- DefaultDependencies=no
-diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service
-index 156689edcd..54e453c4fc 100644
---- a/units/user/systemd-tmpfiles-setup.service
-+++ b/units/user/systemd-tmpfiles-setup.service
-@@ -8,7 +8,7 @@
- # (at your option) any later version.
-
- [Unit]
--Description=Create User's Volatile Files and Directories
-+Description=Create User Files and Directories
- Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
- DefaultDependencies=no
- Conflicts=shutdown.target
diff --git a/SOURCES/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch b/SOURCES/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch
deleted file mode 100644
index ddc2f39..0000000
--- a/SOURCES/0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 9f5f3c2f8bc2c3d82678672f3e700c1eb4e52d61 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 11:16:21 +0100
-Subject: [PATCH] mkosi: enable unprivileged user ns for integration tests
-
-Ubuntu disables them by default in Noble, ship a sysctl to turn them back on
-so that tests can use them
-
-(cherry picked from commit 4cfcde024f34b3e5f682364d4e0c6185ef07d467)
----
- .../usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf | 4 ++++
- 1 file changed, 4 insertions(+)
- create mode 100644 mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
-
-diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
-new file mode 100644
-index 0000000000..657ac72f8d
---- /dev/null
-+++ b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
-@@ -0,0 +1,4 @@
-+# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed
-+# for integration tests
-+kernel.apparmor_restrict_unprivileged_unconfined = 0
-+kernel.apparmor_restrict_unprivileged_userns = 0
diff --git a/SOURCES/0063-taint-remove-unmerged-bin.patch b/SOURCES/0019-taint-remove-unmerged-bin.patch
similarity index 88%
rename from SOURCES/0063-taint-remove-unmerged-bin.patch
rename to SOURCES/0019-taint-remove-unmerged-bin.patch
index d73f29b..09b102d 100644
--- a/SOURCES/0063-taint-remove-unmerged-bin.patch
+++ b/SOURCES/0019-taint-remove-unmerged-bin.patch
@@ -1,4 +1,4 @@
-From 13a07024f674e770844de29cd3d01cb7117f56d9 Mon Sep 17 00:00:00 2001
+From 42a6e71e98d03988ecf0915183f7c228690d2788 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 8 Jul 2024 14:44:45 +0200
Subject: [PATCH] taint: remove unmerged-bin
@@ -16,10 +16,10 @@ Resolves: RHEL-46277
4 files changed, 1 insertion(+), 17 deletions(-)
diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
-index 2831152763..66ffefd1c8 100644
+index eab4afd0cd..cf86af9d8d 100644
--- a/catalog/systemd.catalog.in
+++ b/catalog/systemd.catalog.in
-@@ -560,7 +560,6 @@ Support: %SUPPORT_URL%
+@@ -570,7 +570,6 @@ Support: %SUPPORT_URL%
The following "tags" are possible:
- "unmerged-usr" - /bin, /sbin, /lib* are not symlinks to their counterparts
under /usr/
@@ -28,10 +28,10 @@ index 2831152763..66ffefd1c8 100644
- "cgroupsv1" - the system is using the deprecated cgroup v1 hierarchy
- "local-hwclock" - the local hardware clock (RTC) is configured to be in
diff --git a/catalog/systemd.pl.catalog.in b/catalog/systemd.pl.catalog.in
-index 75039e9fcd..fcba4b500a 100644
+index f8a525f030..a7102439a2 100644
--- a/catalog/systemd.pl.catalog.in
+++ b/catalog/systemd.pl.catalog.in
-@@ -566,7 +566,6 @@ Support: %SUPPORT_URL%
+@@ -578,7 +578,6 @@ Support: %SUPPORT_URL%
Możliwe sÄ… nastÄ™pujÄ…ce „etykietyâ€:
• „unmerged-usr†— /bin, /sbin, /lib* nie są dowiązaniami symbolicznymi
do swoich odpowiedników pod /usr/,
@@ -40,10 +40,10 @@ index 75039e9fcd..fcba4b500a 100644
• „cgroupsv1†— system używa przestarzałej hierarchii cgroup v1,
• „local-hwclock†— lokalny zegar sprzętowy (RTC) jest skonfigurowany
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
-index b0b45097e3..f2b5ca39e7 100644
+index 9cd6a69311..caa7a687cd 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
-@@ -1666,15 +1666,6 @@ node /org/freedesktop/systemd1 {
+@@ -1676,15 +1676,6 @@ node /org/freedesktop/systemd1 {
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
@@ -60,19 +60,19 @@ index b0b45097e3..f2b5ca39e7 100644
<term><literal>var-run-bad</literal></term>
diff --git a/src/core/taint.c b/src/core/taint.c
-index 969b37f209..4c98312f54 100644
+index b7a1c647a2..f9b3b3d69a 100644
--- a/src/core/taint.c
+++ b/src/core/taint.c
@@ -32,7 +32,7 @@ static int short_uid_gid_range(UIDRangeUsernsMode mode) {
}
- char* taint_string(void) {
+ char** taint_strv(void) {
- const char *stage[12] = {};
+ const char *stage[11] = {};
size_t n = 0;
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
-@@ -44,11 +44,6 @@ char* taint_string(void) {
+@@ -44,11 +44,6 @@ char** taint_strv(void) {
if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
stage[n++] = "unmerged-usr";
diff --git a/SOURCES/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch b/SOURCES/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch
deleted file mode 100644
index 19dd89d..0000000
--- a/SOURCES/0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 21feae324e812580062c36aa14cc5e68a37aa151 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 15:28:56 +0100
-Subject: [PATCH] mkosi: use ports.ubuntu.com for non-x86 backports
-
-Follow-up for 46368556afee7a1f3a1685609942438ef2d9d6c1
-
-(cherry picked from commit c01cb8cbff8512b65b7903b55f78c8d12661b8d7)
----
- mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf | 3 ---
- .../mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 9 +++++++++
- .../system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 9 +++++++++
- .../mkosi.conf.d/10-ubuntu/noble-backports-ports.sources | 6 ++++++
- 4 files changed, 24 insertions(+), 3 deletions(-)
- create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
- create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
- create mode 100644 mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
-
-diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
-index 25957b1e92..86f9736ed9 100644
---- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
-+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
-@@ -3,9 +3,6 @@
- [Match]
- Distribution=ubuntu
-
--[Distribution]
--PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
--
- [Content]
- Packages=
- linux-image-generic
-diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
-new file mode 100644
-index 0000000000..0ec4807822
---- /dev/null
-+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
-@@ -0,0 +1,9 @@
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+# The ports Ubuntu archive is for non i386/amd64 repositories
-+
-+[Match]
-+Architecture=!x86-64
-+Architecture=!x86
-+
-+[Distribution]
-+PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
-diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
-new file mode 100644
-index 0000000000..c08eeac337
---- /dev/null
-+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
-@@ -0,0 +1,9 @@
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+# The main Ubuntu archive is only for i386/amd64 repositories
-+
-+[Match]
-+Architecture=|x86-64
-+Architecture=|x86
-+
-+[Distribution]
-+PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
-diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
-new file mode 100644
-index 0000000000..5b96dc544d
---- /dev/null
-+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
-@@ -0,0 +1,6 @@
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+Types: deb
-+URIs: http://ports.ubuntu.com
-+Suites: noble-backports
-+Components: main universe
-+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
diff --git a/SOURCES/0064-presets-remove-resolved.patch b/SOURCES/0020-presets-remove-resolved.patch
similarity index 93%
rename from SOURCES/0064-presets-remove-resolved.patch
rename to SOURCES/0020-presets-remove-resolved.patch
index 5ed7b6a..6139bae 100644
--- a/SOURCES/0064-presets-remove-resolved.patch
+++ b/SOURCES/0020-presets-remove-resolved.patch
@@ -1,4 +1,4 @@
-From c2f507732264038dbef44b7652c8f5dee148e1e2 Mon Sep 17 00:00:00 2001
+From e10f3e04f92d72ecac5179609b6dc900443625b5 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 8 Jul 2024 13:13:10 +0200
Subject: [PATCH] presets: remove resolved
diff --git a/SOURCES/0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch b/SOURCES/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
similarity index 69%
rename from SOURCES/0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
rename to SOURCES/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
index d6d81ff..0098b40 100644
--- a/SOURCES/0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
+++ b/SOURCES/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
@@ -1,4 +1,4 @@
-From 1a643a20c5e772fc15a921ed81c7b010fa6bd4a7 Mon Sep 17 00:00:00 2001
+From 44b06a0c152412b9e08db6caae10a3b73fa240ef Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Jul 2024 10:08:06 +0200
Subject: [PATCH] ci: run mkosi test only for Fedora and CentOS Stream
@@ -7,11 +7,11 @@ rhel-only: ci
Related: RHEL-40924
---
- .github/workflows/mkosi.yml | 24 ++----------------------
- 1 file changed, 2 insertions(+), 22 deletions(-)
+ .github/workflows/mkosi.yml | 32 ++------------------------------
+ 1 file changed, 2 insertions(+), 30 deletions(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
-index 3a8dabd95c..9add22c2ea 100644
+index e7575fb6bb..ee46b3544a 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -8,7 +8,7 @@ on:
@@ -21,8 +21,8 @@ index 3a8dabd95c..9add22c2ea 100644
- - v[0-9]+-stable
+ - rhel-10.*
paths:
- - '**'
- - '!README*'
+ - "**"
+ - "!README*"
@@ -26,7 +26,7 @@ on:
pull_request:
branches:
@@ -30,9 +30,9 @@ index 3a8dabd95c..9add22c2ea 100644
- - v[0-9]+-stable
+ - rhel-10.*
paths:
- - '**'
- - '!README*'
-@@ -54,21 +54,6 @@ jobs:
+ - "**"
+ - "!README*"
+@@ -54,27 +54,6 @@ jobs:
fail-fast: false
matrix:
include:
@@ -41,28 +41,36 @@ index 3a8dabd95c..9add22c2ea 100644
- sanitizers: ""
- llvm: 0
- cflags: "-O2 -D_FORTIFY_SOURCE=3"
+- relabel: no
+- qemu: 1
- - distro: debian
- release: testing
- sanitizers: ""
- llvm: 0
- cflags: "-Og"
+- relabel: no
+- qemu: 0
- - distro: ubuntu
- release: noble
- sanitizers: ""
- llvm: 0
- cflags: "-Og"
+- relabel: no
+- qemu: 0
- distro: fedora
- release: "40"
+ release: "41"
sanitizers: ""
-@@ -79,11 +64,6 @@ jobs:
- sanitizers: address,undefined
- llvm: 1
+@@ -89,13 +68,6 @@ jobs:
cflags: "-Og"
+ relabel: yes
+ qemu: 0
- - distro: opensuse
- release: tumbleweed
- sanitizers: ""
- llvm: 0
- cflags: "-Og"
+- relabel: no
+- qemu: 0
- distro: centos
release: "9"
sanitizers: ""
diff --git a/SOURCES/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch b/SOURCES/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch
deleted file mode 100644
index 3229128..0000000
--- a/SOURCES/0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 9802a28b367b3d403c41b570949e3c91f505ede5 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 20:42:12 +0100
-Subject: [PATCH] mkosi: install EFI packages only on EFI architectures
-
-sbsigntool, systemd-boot and systemd-boot-efi do not exist on other
-architectures
-
-(cherry picked from commit 47fe3f29b4ba1b44ae71a7e67c579c4883731dd4)
----
- .../mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 3 ---
- .../10-debian-ubuntu/mkosi.conf.d/efi.conf | 16 ++++++++++++++++
- 2 files changed, 16 insertions(+), 3 deletions(-)
- create mode 100644 mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
-
-diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
-index ae014fa966..ecac78049d 100644
---- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
-+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
-@@ -20,8 +20,6 @@ VolatilePackages=
- libsystemd-dev
- libudev-dev
- systemd
-- systemd-boot
-- systemd-boot-efi
- systemd-container
- systemd-coredump
- systemd-dev
-@@ -74,7 +72,6 @@ Packages=
- python3-pexpect
- python3-psutil
- quota
-- sbsigntool
- softhsm2
- squashfs-tools
- stress
-diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
-new file mode 100644
-index 0000000000..781670a775
---- /dev/null
-+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
-@@ -0,0 +1,16 @@
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+# sbsigntool exists only on UEFI architectures
-+
-+[Match]
-+Architecture=|x86
-+Architecture=|x86-64
-+Architecture=|arm
-+Architecture=|arm64
-+Architecture=|riscv32
-+Architecture=|riscv64
-+
-+[Content]
-+Packages=
-+ sbsigntool
-+ systemd-boot
-+ systemd-boot-efi
diff --git a/SOURCES/0068-taint-remove-unused-variable-usr_sbin.patch b/SOURCES/0022-taint-remove-unused-variable-usr_sbin.patch
similarity index 85%
rename from SOURCES/0068-taint-remove-unused-variable-usr_sbin.patch
rename to SOURCES/0022-taint-remove-unused-variable-usr_sbin.patch
index 5f0af4a..54a4f1c 100644
--- a/SOURCES/0068-taint-remove-unused-variable-usr_sbin.patch
+++ b/SOURCES/0022-taint-remove-unused-variable-usr_sbin.patch
@@ -1,4 +1,4 @@
-From 423af3467e66fd07a3a739b40af97b265bd4e45e Mon Sep 17 00:00:00 2001
+From f224307ee5d471a6b619244e6e36c9740e4319f5 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Jul 2024 10:09:23 +0200
Subject: [PATCH] taint: remove unused variable `usr_sbin`
@@ -13,10 +13,10 @@ Related: RHEL-40924
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/taint.c b/src/core/taint.c
-index 4c98312f54..370f0297e3 100644
+index f9b3b3d69a..676cb4d5e7 100644
--- a/src/core/taint.c
+++ b/src/core/taint.c
-@@ -39,7 +39,7 @@ char* taint_string(void) {
+@@ -39,7 +39,7 @@ char** taint_strv(void) {
* runtime should be tagged here. For stuff that is known during compilation, emit a warning in the
* configuration phase. */
diff --git a/SOURCES/0022-test-check-the-skip-condition-before-installing-addi.patch b/SOURCES/0022-test-check-the-skip-condition-before-installing-addi.patch
deleted file mode 100644
index 415f47d..0000000
--- a/SOURCES/0022-test-check-the-skip-condition-before-installing-addi.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 50b53b8221aa9d5e8fa3269b73d13b8a304728a8 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 13:41:50 +0100
-Subject: [PATCH] test: check the skip condition before installing additional
- files
-
-(cherry picked from commit e1daedb4be6d8180790e0b303872fb1c87ddc7fc)
----
- test/units/TEST-43-PRIVATEUSER-UNPRIV.sh | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
-index 165af47f15..f8a2a62467 100755
---- a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
-+++ b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
-@@ -6,13 +6,13 @@ set -o pipefail
- # shellcheck source=test/units/util.sh
- . "$(dirname "$0")"/util.sh
-
--install_extension_images
--
- if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then
- echo "Cannot create unprivileged user namespaces" >/skipped
- exit 77
- fi
-
-+install_extension_images
-+
- systemd-analyze log-level debug
-
- runas testuser systemd-run --wait --user --unit=test-private-users \
diff --git a/SOURCES/0069-packit-drop-the-libarchive-workaround.patch b/SOURCES/0023-packit-drop-the-libarchive-workaround.patch
similarity index 93%
rename from SOURCES/0069-packit-drop-the-libarchive-workaround.patch
rename to SOURCES/0023-packit-drop-the-libarchive-workaround.patch
index c32dd65..d2b0aa7 100644
--- a/SOURCES/0069-packit-drop-the-libarchive-workaround.patch
+++ b/SOURCES/0023-packit-drop-the-libarchive-workaround.patch
@@ -1,4 +1,4 @@
-From fb422df08369fd10a4d3543697f09a7bd2f4c288 Mon Sep 17 00:00:00 2001
+From 17218ad668ec29b0ea7556bd67e5a7170e1ab794 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 17 Jul 2024 12:19:03 +0200
Subject: [PATCH] packit: drop the libarchive workaround
diff --git a/SOURCES/0023-test-drop-unneeded-firmware-uefi-setting.patch b/SOURCES/0023-test-drop-unneeded-firmware-uefi-setting.patch
deleted file mode 100644
index 32a797a..0000000
--- a/SOURCES/0023-test-drop-unneeded-firmware-uefi-setting.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 51a2e7be5ec1a28be11d309897671c8dd4511ae8 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 16:08:57 +0100
-Subject: [PATCH] test: drop unneeded firmware: uefi setting
-
-These tests no longer need this, as they are running in nspawn, drop it
-
-(cherry picked from commit f44fc531c95e37c83203375c411189009a01b482)
----
- test/TEST-09-REBOOT/meson.build | 2 --
- test/TEST-18-FAILUREACTION/meson.build | 2 --
- 2 files changed, 4 deletions(-)
-
-diff --git a/test/TEST-09-REBOOT/meson.build b/test/TEST-09-REBOOT/meson.build
-index c4b41bc97b..b7556189f5 100644
---- a/test/TEST-09-REBOOT/meson.build
-+++ b/test/TEST-09-REBOOT/meson.build
-@@ -4,7 +4,5 @@ integration_tests += [
- integration_test_template + {
- 'name' : fs.name(meson.current_source_dir()),
- 'storage' : 'persistent',
-- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
-- 'firmware' : 'uefi',
- },
- ]
-diff --git a/test/TEST-18-FAILUREACTION/meson.build b/test/TEST-18-FAILUREACTION/meson.build
-index 5edfbcad1f..8dec5f37e7 100644
---- a/test/TEST-18-FAILUREACTION/meson.build
-+++ b/test/TEST-18-FAILUREACTION/meson.build
-@@ -3,7 +3,5 @@
- integration_tests += [
- integration_test_template + {
- 'name' : fs.name(meson.current_source_dir()),
-- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
-- 'firmware' : 'uefi',
- },
- ]
diff --git a/SOURCES/0071-coredump-by-default-process-and-store-core-files-up-.patch b/SOURCES/0024-coredump-by-default-process-and-store-core-files-up-.patch
similarity index 87%
rename from SOURCES/0071-coredump-by-default-process-and-store-core-files-up-.patch
rename to SOURCES/0024-coredump-by-default-process-and-store-core-files-up-.patch
index 0d1e230..d4144b5 100644
--- a/SOURCES/0071-coredump-by-default-process-and-store-core-files-up-.patch
+++ b/SOURCES/0024-coredump-by-default-process-and-store-core-files-up-.patch
@@ -1,4 +1,4 @@
-From 612afd332a5e647faed3c3acba03ca653bace41b Mon Sep 17 00:00:00 2001
+From 78b2176529760fac86dfc994f13fefbcd6a4b5aa Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 5 Apr 2024 15:56:58 +0200
Subject: [PATCH] coredump: by default process and store core files up to 1GiB
@@ -13,7 +13,7 @@ Related: RHEL-46778
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/coredump/coredump.conf b/src/coredump/coredump.conf
-index ae341e40d7..3603edb782 100644
+index 181aede9da..1a65655fda 100644
--- a/src/coredump/coredump.conf
+++ b/src/coredump/coredump.conf
@@ -19,9 +19,8 @@
diff --git a/SOURCES/0024-test-drop-obsolete-comment.patch b/SOURCES/0024-test-drop-obsolete-comment.patch
deleted file mode 100644
index 4b1e1ab..0000000
--- a/SOURCES/0024-test-drop-obsolete-comment.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From df1e7d9572fab94209989f341bb1e1a86d88223b Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 19:21:32 +0100
-Subject: [PATCH] test: drop obsolete comment
-
-We want to keep various logic here instead of mkosi, so drop the
-temporary comment
-
-(cherry picked from commit 626518ecd5e7b0c0c708ba53d7eb62934506ed54)
----
- test/integration-test-wrapper.py | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
-index 5b098a3e01..1e015e7d47 100755
---- a/test/integration-test-wrapper.py
-+++ b/test/integration-test-wrapper.py
-@@ -2,10 +2,6 @@
- # SPDX-License-Identifier: LGPL-2.1-or-later
-
- '''Test wrapper command for driving integration tests.
--
--Note: This is deliberately rough and only intended to drive existing tests
--with the expectation that as part of formally defining the API it will be tidy.
--
- '''
-
- import argparse
diff --git a/SOURCES/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/SOURCES/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
similarity index 92%
rename from SOURCES/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
rename to SOURCES/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
index d4434cd..b3ecbf5 100644
--- a/SOURCES/0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+++ b/SOURCES/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
@@ -1,4 +1,4 @@
-From 352f8ad0bfdd8a41f6aa34e3e43038ae75eedf73 Mon Sep 17 00:00:00 2001
+From 038ea755196a3270fc5a8074ee5a3e55fd5b88be Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 May 2018 09:24:20 +0200
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
diff --git a/SOURCES/0025-test-support-TEST_NO_KVM.patch b/SOURCES/0025-test-support-TEST_NO_KVM.patch
deleted file mode 100644
index e30df11..0000000
--- a/SOURCES/0025-test-support-TEST_NO_KVM.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From a36cb5660e4d84c16242c1d70b99d9a2e389f191 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Sun, 16 Jun 2024 19:15:24 +0100
-Subject: [PATCH] test: support TEST_NO_KVM
-
-The shell integration suite allows to manually deselect KVM, so
-suppor the same env var for the same purpose in python.
-
-(cherry picked from commit 7d2701e7d1d0a7194026dd371071df6e63f59a82)
----
- test/integration-test-wrapper.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
-index 1e015e7d47..15b1ce1055 100755
---- a/test/integration-test-wrapper.py
-+++ b/test/integration-test-wrapper.py
-@@ -124,6 +124,7 @@ def main():
- *args.mkosi_args,
- '--append',
- '--qemu-firmware', args.firmware,
-+ '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no",
- '--kernel-command-line-extra',
- ' '.join([
- 'systemd.hostname=H',
diff --git a/SOURCES/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch b/SOURCES/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch
deleted file mode 100644
index 95739e6..0000000
--- a/SOURCES/0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 6178aa4bbcc6b0531314c1a2e9df61e45e6c9ad4 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Mon, 17 Jun 2024 14:09:40 +0100
-Subject: [PATCH] test: support TEST_NO_QEMU in mkosi integration wrapper
-
-Same as the old integration test suite, allow skipping tests that
-require qemu.
-ppc64el's vsock support doesn't appear to work, so we'll skip it,
-as it is already done in the legacy framework.
-
-(cherry picked from commit 464d182b3e470e4163ca376145539a537a6e43a2)
----
- test/integration-test-wrapper.py | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
-index 15b1ce1055..b6a16aa3ef 100755
---- a/test/integration-test-wrapper.py
-+++ b/test/integration-test-wrapper.py
-@@ -57,6 +57,10 @@ def main():
- print(f"SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}", file=sys.stderr)
- exit(77)
-
-+ if args.vm and bool(int(os.getenv("TEST_NO_QEMU", "0"))):
-+ print(f"TEST_NO_QEMU=1, skipping {args.name}", file=sys.stderr)
-+ exit(77)
-+
- name = args.name + (f"-{i}" if (i := os.getenv("MESON_TEST_ITERATION")) else "")
-
- dropin = textwrap.dedent(
diff --git a/SOURCES/0073-unit-don-t-add-Requires-for-tmp.mount.patch b/SOURCES/0026-unit-don-t-add-Requires-for-tmp.mount.patch
similarity index 84%
rename from SOURCES/0073-unit-don-t-add-Requires-for-tmp.mount.patch
rename to SOURCES/0026-unit-don-t-add-Requires-for-tmp.mount.patch
index c4e7c5a..980bc7e 100644
--- a/SOURCES/0073-unit-don-t-add-Requires-for-tmp.mount.patch
+++ b/SOURCES/0026-unit-don-t-add-Requires-for-tmp.mount.patch
@@ -1,4 +1,4 @@
-From e794e570a50392b503549befb65bc8cac0a29869 Mon Sep 17 00:00:00 2001
+From 781f75b5677cb1843f2c51859b160ee4110c330a Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 5 Sep 2016 12:47:09 +0200
Subject: [PATCH] unit: don't add Requires for tmp.mount
@@ -12,10 +12,10 @@ Related: RHEL-40924
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
-index ebafcafa92..9edb2d47eb 100644
+index 689ef5672d..f16e46e276 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
-@@ -313,7 +313,7 @@ static int mount_add_mount_dependencies(Mount *m) {
+@@ -314,7 +314,7 @@ static int mount_add_mount_dependencies(Mount *m) {
if (r < 0)
return r;
@@ -25,10 +25,10 @@ index ebafcafa92..9edb2d47eb 100644
r = unit_add_dependency(
other,
diff --git a/src/core/unit.c b/src/core/unit.c
-index 0ec5dcaf75..a5556ba462 100644
+index 1a5fffcc15..ac893ac82a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
-@@ -1544,7 +1544,7 @@ static int unit_add_mount_dependencies(Unit *u) {
+@@ -1529,7 +1529,7 @@ static int unit_add_mount_dependencies(Unit *u) {
return r;
changed = changed || r > 0;
diff --git a/SOURCES/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch b/SOURCES/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch
deleted file mode 100644
index 405e322..0000000
--- a/SOURCES/0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 7d65709901cb3fc746639398776cfdb7cb750a03 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Mon, 17 Jun 2024 15:37:43 +0100
-Subject: [PATCH] test: use 'auto' instead of 'uefi' for automated fallback
-
-mkosi will prefer UEFI if the architecture supports it, but fallback
-to 'linux' if it doesn't.
-
-(cherry picked from commit 80468db8fa21ffd07dc2f28c656eeaf8f0292367)
----
- test/TEST-06-SELINUX/meson.build | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build
-index 7a850beb81..9261a49c49 100644
---- a/test/TEST-06-SELINUX/meson.build
-+++ b/test/TEST-06-SELINUX/meson.build
-@@ -5,7 +5,8 @@ integration_tests += [
- 'name' : fs.name(meson.current_source_dir()),
- 'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'],
- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
-- 'firmware' : 'uefi',
-+ # Use 'auto' to automatically fallback on non-uefi architectures.
-+ 'firmware' : 'auto',
- 'vm' : true,
- },
- ]
diff --git a/SOURCES/0074-units-add-Install-section-to-tmp.mount.patch b/SOURCES/0027-units-add-Install-section-to-tmp.mount.patch
similarity index 90%
rename from SOURCES/0074-units-add-Install-section-to-tmp.mount.patch
rename to SOURCES/0027-units-add-Install-section-to-tmp.mount.patch
index 9095578..03ff401 100644
--- a/SOURCES/0074-units-add-Install-section-to-tmp.mount.patch
+++ b/SOURCES/0027-units-add-Install-section-to-tmp.mount.patch
@@ -1,4 +1,4 @@
-From de0e2fde86a7eebbc5c11bb5e4d40d9ab6621ed1 Mon Sep 17 00:00:00 2001
+From 2d2c58ac4f748caa6b8726a1c155729aa70472ca Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 22 Jan 2019 10:28:42 +0100
Subject: [PATCH] units: add [Install] section to tmp.mount
diff --git a/SOURCES/0028-core-service-fix-accept-socket-deserialization.patch b/SOURCES/0028-core-service-fix-accept-socket-deserialization.patch
deleted file mode 100644
index c92c6b2..0000000
--- a/SOURCES/0028-core-service-fix-accept-socket-deserialization.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From f7d55cc801611781fbff2817f2fd4a16ec96ca85 Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Mon, 17 Jun 2024 07:47:20 +0200
-Subject: [PATCH] core/service: fix accept-socket deserialization
-
-Follow-up for 45b1017488cef2a5bacdf82028ce900a311c9a1c
-
-(cherry picked from commit 9f5d8c3da4f505346bd1edfae907a2abcdbdc578)
----
- src/core/service.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/core/service.c b/src/core/service.c
-index 8ec27c463a..6e81460ad0 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -1351,7 +1351,7 @@ static int service_coldplug(Unit *u) {
- service_start_watchdog(s);
-
- if (UNIT_ISSET(s->accept_socket)) {
-- Socket* socket = SOCKET(UNIT_DEREF(s->accept_socket));
-+ Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket));
-
- if (socket->max_connections_per_source > 0) {
- SocketPeer *peer;
-@@ -3220,8 +3220,8 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
- } else if (streq(key, "accept-socket")) {
- Unit *socket;
-
-- if (u->type != UNIT_SOCKET) {
-- log_unit_debug(u, "Failed to deserialize accept-socket: unit is not a socket");
-+ if (unit_name_to_type(value) != UNIT_SOCKET) {
-+ log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value);
- return 0;
- }
-
-@@ -3230,7 +3230,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
- log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value);
- else {
- unit_ref_set(&s->accept_socket, u, socket);
-- SOCKET(socket)->n_connections++;
-+ ASSERT_PTR(SOCKET(socket))->n_connections++;
- }
-
- } else if (streq(key, "socket-fd")) {
diff --git a/SOURCES/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/SOURCES/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
similarity index 85%
rename from SOURCES/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
rename to SOURCES/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
index b355b18..e3a4eca 100644
--- a/SOURCES/0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+++ b/SOURCES/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
@@ -1,4 +1,4 @@
-From 571c902adb894bfff481de4591a56a16add2670b Mon Sep 17 00:00:00 2001
+From 19091a48b923a990183c791f25bcf4fb24fc1b67 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 22 Sep 2021 14:38:00 +0200
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
@@ -11,10 +11,10 @@ Related: RHEL-40924
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/units/meson.build b/units/meson.build
-index b231341a1f..39fa6f42c0 100644
+index 96f4852741..086e7735d4 100644
--- a/units/meson.build
+++ b/units/meson.build
-@@ -761,10 +761,7 @@ units = [
+@@ -771,10 +771,7 @@ units = [
{ 'file' : 'time-set.target' },
{ 'file' : 'time-sync.target' },
{ 'file' : 'timers.target' },
diff --git a/SOURCES/0076-netif-naming-scheme-add-rhel-9.5-scheme.patch b/SOURCES/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
similarity index 86%
rename from SOURCES/0076-netif-naming-scheme-add-rhel-9.5-scheme.patch
rename to SOURCES/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
index 69e96ab..8237856 100644
--- a/SOURCES/0076-netif-naming-scheme-add-rhel-9.5-scheme.patch
+++ b/SOURCES/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
@@ -1,4 +1,4 @@
-From fefc4bc15fe28d8f7def8bd75ada13ede21663cb Mon Sep 17 00:00:00 2001
+From 339250daaa9eb39cc690c2b2a2cedaa7bbb04a85 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 8 Aug 2024 13:12:58 +0200
Subject: [PATCH] netif-naming-scheme: add rhel-9.5 scheme
@@ -13,10 +13,10 @@ Resolves: RHEL-44416
3 files changed, 17 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index 690e3d2c27..b2d78c95ab 100644
+index 5965f293dc..8c2979f420 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
-@@ -592,6 +592,21 @@
+@@ -608,6 +608,21 @@
<xi:include href="version-info.xml" xpointer="rhel-9.4"/>
</listitem>
</varlistentry>
@@ -39,10 +39,10 @@ index 690e3d2c27..b2d78c95ab 100644
</refsect2>
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
-index e4d4c0ba88..149794e926 100644
+index b85dd3dadf..553ad13269 100644
--- a/src/shared/netif-naming-scheme.c
+++ b/src/shared/netif-naming-scheme.c
-@@ -40,6 +40,7 @@ static const NamingScheme naming_schemes[] = {
+@@ -41,6 +41,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-9.2", NAMING_RHEL_9_2 },
{ "rhel-9.3", NAMING_RHEL_9_3 },
{ "rhel-9.4", NAMING_RHEL_9_4 },
@@ -51,14 +51,14 @@ index e4d4c0ba88..149794e926 100644
/* … add more schemes here, as the logic to name devices is updated … */
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
-index b0697c141e..a55bb0b1cb 100644
+index 2cf7d3f3ba..35ab0a98da 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
-@@ -80,6 +80,7 @@ typedef enum NamingSchemeFlags {
+@@ -83,6 +83,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
- NAMING_RHEL_10_0 = NAMING_V255,
+ NAMING_RHEL_10_0 = NAMING_V257,
diff --git a/SOURCES/0029-test-network-mention-that-the-captive-portal-option-.patch b/SOURCES/0029-test-network-mention-that-the-captive-portal-option-.patch
deleted file mode 100644
index 4e78bf7..0000000
--- a/SOURCES/0029-test-network-mention-that-the-captive-portal-option-.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4cc6da9a5dfb69f149404d5a784c57bca2a21237 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Tue, 18 Jun 2024 00:09:03 +0900
-Subject: [PATCH] test-network: mention that the captive portal option is
- supported since v2.20
-
-The current latest release is v2.19, hence the test is typically skipped now.
-
-(cherry picked from commit 4f6d8ab0767e534553bfa130f39dbb07ebb804a4)
----
- test/test-network/systemd-networkd-tests.py | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
-index 92cb07f11c..0355c7aca1 100755
---- a/test/test-network/systemd-networkd-tests.py
-+++ b/test/test-network/systemd-networkd-tests.py
-@@ -5824,6 +5824,8 @@ class NetworkdRATests(unittest.TestCase, Utilities):
- self.assertIn('pref high', output)
- self.assertNotIn('pref low', output)
-
-+ # radvd supports captive portal since v2.20.
-+ # https://github.com/radvd-project/radvd/commit/791179a7f730decbddb2290ef0e34aa85d71b1bc
- @unittest.skipUnless(radvd_check_config('captive-portal.conf'), "Installed radvd doesn't support captive portals")
- def test_captive_portal(self):
- copy_network_unit('25-veth-client.netdev',
diff --git a/SOURCES/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch b/SOURCES/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch
deleted file mode 100644
index 72675ca..0000000
--- a/SOURCES/0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From b455006ae189d4ceef4214d8d4ab2027781d37e0 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Mon, 17 Jun 2024 17:40:28 +0100
-Subject: [PATCH] CI: disable secure boot in mkosi GHA runs
-
-Booting a guest with secure boot is broken in Azure due to a hypervisor
-bug. Disable it for now. Given there's no option, need to edit
-the configuration on the fly.
-
-(cherry picked from commit bdd0b45bfd7190bb8eb50c71ff6f50a80d6e6e52)
----
- .github/workflows/mkosi.yml | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
-index 425d737b62..62efd367cb 100644
---- a/.github/workflows/mkosi.yml
-+++ b/.github/workflows/mkosi.yml
-@@ -117,6 +117,8 @@ jobs:
-
- - name: Configure
- run: |
-+ # XXX: drop after the HyperV bug that breaks secure boot KVM guests is solved
-+ sed -i "s/'firmware'\s*:\s*'auto'/'firmware' : 'uefi'/g" test/*/meson.build
- tee mkosi.local.conf <<EOF
- [Distribution]
- Distribution=${{ matrix.distro }}
diff --git a/SOURCES/0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch b/SOURCES/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
similarity index 78%
rename from SOURCES/0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
rename to SOURCES/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
index 57a24af..d90c2de 100644
--- a/SOURCES/0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
+++ b/SOURCES/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
@@ -1,4 +1,4 @@
-From c3300ddbcdd138da8bd3fb31d0f35a20f5b6ca13 Mon Sep 17 00:00:00 2001
+From f878792eb14fb051d03dc91cc87f46ec6dd5f692 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:42:11 +0200
Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta
@@ -13,17 +13,17 @@ Related: RHEL-55728
4 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index e458b5dd6b..610a05485b 100644
+index 8c2979f420..18c1d95a74 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
-@@ -526,15 +526,15 @@
+@@ -542,15 +542,15 @@
</varlistentry>
<varlistentry>
- <term><constant>rhel-10.0</constant></term>
+ <term><constant>rhel-10.0-beta</constant></term>
- <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
+ <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
- <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
+ <xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
@@ -36,10 +36,10 @@ index e458b5dd6b..610a05485b 100644
<refsect2>
<title>RHEL-9 schemes</title>
diff --git a/man/version-info.xml b/man/version-info.xml
-index 274450d408..c05cebfbe2 100644
+index 325f6eaa3e..c1138dfe22 100644
--- a/man/version-info.xml
+++ b/man/version-info.xml
-@@ -103,6 +103,7 @@
+@@ -106,6 +106,7 @@
<para id="rhel-9.8">Added in rhel-9.8.</para>
<para id="rhel-9.9">Added in rhel-9.9.</para>
<para id="rhel-9.10">Added in rhel-9.10.</para>
@@ -48,10 +48,10 @@ index 274450d408..c05cebfbe2 100644
<para id="rhel-10.1">Added in rhel-10.1.</para>
<para id="rhel-10.2">Added in rhel-10.2.</para>
diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
-index 149794e926..cb5f8c5d38 100644
+index 553ad13269..45646af6a6 100644
--- a/src/shared/netif-naming-scheme.c
+++ b/src/shared/netif-naming-scheme.c
-@@ -41,7 +41,7 @@ static const NamingScheme naming_schemes[] = {
+@@ -42,7 +42,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-9.3", NAMING_RHEL_9_3 },
{ "rhel-9.4", NAMING_RHEL_9_4 },
{ "rhel-9.5", NAMING_RHEL_9_5 },
@@ -61,14 +61,14 @@ index 149794e926..cb5f8c5d38 100644
EXTRA_NET_NAMING_MAP
diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
-index 229232d452..2e2023ba5b 100644
+index 35ab0a98da..c511ee86f5 100644
--- a/src/shared/netif-naming-scheme.h
+++ b/src/shared/netif-naming-scheme.h
-@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags {
+@@ -85,7 +85,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
- NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
-- NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
+- NAMING_RHEL_10_0 = NAMING_V257,
+ NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
EXTRA_NET_NAMING_SCHEMES
diff --git a/SOURCES/0031-mkosi-bump-to-latest.patch b/SOURCES/0031-mkosi-bump-to-latest.patch
deleted file mode 100644
index a64acdd..0000000
--- a/SOURCES/0031-mkosi-bump-to-latest.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From d89c99c7ad165fa2471e1c5c1a3bdedab0818da9 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Mon, 17 Jun 2024 15:40:10 +0100
-Subject: [PATCH] mkosi: bump to latest
-
-(cherry picked from commit 3001339dc5b3faf8f8edee4c07b14a4abdf3d66f)
----
- .github/workflows/mkosi.yml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
-index 62efd367cb..3a8dabd95c 100644
---- a/.github/workflows/mkosi.yml
-+++ b/.github/workflows/mkosi.yml
-@@ -92,7 +92,7 @@ jobs:
-
- steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
-- - uses: systemd/mkosi@0081ea66faf56a35353d6aeadfe42f9679c7d1cf
-+ - uses: systemd/mkosi@6972f9efba5c8472d990be3783b7e7dbf76e109e
-
- # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
- # immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch b/SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
new file mode 100644
index 0000000..d47db3b
--- /dev/null
+++ b/SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
@@ -0,0 +1,29 @@
+From 06efc733d10fba0b1282e1e65b4d464587d4ad41 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 22 Aug 2024 13:47:56 +0200
+Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN
+
+It seems that virtio devices always have "0" in
+the firmware_node/sun. And because of that, udev will
+always name the device ens0, which leads to collisions.
+So let's disable it for now.
+
+rhel-only: policy
+Resolves: RHEL-55728
+---
+ src/shared/netif-naming-scheme.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
+index c511ee86f5..c4e18bb035 100644
+--- a/src/shared/netif-naming-scheme.h
++++ b/src/shared/netif-naming-scheme.h
+@@ -85,7 +85,7 @@ typedef enum NamingSchemeFlags {
+ NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
+
+- NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
++ NAMING_RHEL_10_0_BETA = NAMING_V255,
+
+ EXTRA_NET_NAMING_SCHEMES
+
diff --git a/SOURCES/0032-NEWS-fix-typo.patch b/SOURCES/0032-NEWS-fix-typo.patch
deleted file mode 100644
index 4c4fbcd..0000000
--- a/SOURCES/0032-NEWS-fix-typo.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From a776dcf7af3b189f4f9616d174dbfc53a9bd6db6 Mon Sep 17 00:00:00 2001
-From: Carlo Teubner <carlo@cteubner.net>
-Date: Tue, 18 Jun 2024 09:41:59 +0100
-Subject: [PATCH] NEWS: fix typo
-
-(cherry picked from commit f6d517f8478bdd83b7d149b242a47d7686235c7e)
----
- NEWS | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/NEWS b/NEWS
-index bbee0852be..da81fe3c5d 100644
---- a/NEWS
-+++ b/NEWS
-@@ -195,7 +195,7 @@ CHANGES WITH 256:
- additional per-user service managers, whose users are transient and
- are only defined as long as the service manager is running. (This is
- implemented via DynamicUser=1), allowing a user manager to be used to
-- manager a group of processes without needing to create an actual user
-+ manage a group of processes without needing to create an actual user
- account. These service managers run with home directories of
- /var/lib/capsules/<capsule-name> and can contain regular services and
- other units. A capsule is started via a simple "systemctl start
diff --git a/SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch b/SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
new file mode 100644
index 0000000..8b9c979
--- /dev/null
+++ b/SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
@@ -0,0 +1,61 @@
+From 8711965bf33fafe4685bb3df1d130c4fa45251d4 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Mon, 16 Dec 2024 15:08:50 +0100
+Subject: [PATCH] netif-naming-scheme: introduce rhel-10.0 scheme
+
+rhel-only: policy
+
+Related: RHEL-44417
+---
+ man/systemd.net-naming-scheme.xml | 11 ++++++++++-
+ src/shared/netif-naming-scheme.c | 1 +
+ src/shared/netif-naming-scheme.h | 1 +
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
+index 18c1d95a74..e23d1c5758 100644
+--- a/man/systemd.net-naming-scheme.xml
++++ b/man/systemd.net-naming-scheme.xml
+@@ -549,8 +549,17 @@
+ <xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
+ </listitem>
+ </varlistentry>
++
++ <varlistentry>
++ <term><constant>rhel-10.0</constant></term>
++
++ <listitem><para>Same as naming scheme <constant>v257</constant>.</para>
++
++ <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
++ </listitem>
++ </varlistentry>
+ </variablelist>
+- <para>By default <constant>rhel-10.0-beta</constant> is used.</para>
++ <para>By default <constant>rhel-10.0</constant> is used.</para>
+
+ <refsect2>
+ <title>RHEL-9 schemes</title>
+diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
+index 45646af6a6..42b0470a11 100644
+--- a/src/shared/netif-naming-scheme.c
++++ b/src/shared/netif-naming-scheme.c
+@@ -43,6 +43,7 @@ static const NamingScheme naming_schemes[] = {
+ { "rhel-9.4", NAMING_RHEL_9_4 },
+ { "rhel-9.5", NAMING_RHEL_9_5 },
+ { "rhel-10.0-beta", NAMING_RHEL_10_0_BETA },
++ { "rhel-10.0", NAMING_RHEL_10_0 },
+ /* … add more schemes here, as the logic to name devices is updated … */
+
+ EXTRA_NET_NAMING_MAP
+diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
+index c4e18bb035..780392a583 100644
+--- a/src/shared/netif-naming-scheme.h
++++ b/src/shared/netif-naming-scheme.h
+@@ -86,6 +86,7 @@ typedef enum NamingSchemeFlags {
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
+
+ NAMING_RHEL_10_0_BETA = NAMING_V255,
++ NAMING_RHEL_10_0 = NAMING_V257,
+
+ EXTRA_NET_NAMING_SCHEMES
+
diff --git a/SOURCES/0033-install-allow-removing-symlinks-even-for-units-that-.patch b/SOURCES/0033-install-allow-removing-symlinks-even-for-units-that-.patch
deleted file mode 100644
index b8e614f..0000000
--- a/SOURCES/0033-install-allow-removing-symlinks-even-for-units-that-.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From c26e56d08f30a2946dfa1d03781c63bfa9f56c1d Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Fri, 7 Jun 2024 21:39:45 +0100
-Subject: [PATCH] install: allow removing symlinks even for units that are gone
-
-If a symlink is leftover, still allow cleaning it up via 'disable'. This
-happens when a unit is stopped and removed, but not disabled, and a reload
-has already happened. At that point, cleaning up the old symlinks becomes
-impossible through the APIs, and needs to be done manually. Always allow
-cleaning up symlinks, if they exist, by only erroring out if there is an
-OOM.
-
-Follow-up for f31f10a6207efc9ae9e0b1f73975b5b610914017
-
-(cherry picked from commit 5163c9b1e56293b1bb2803420613c5b374570892)
----
- src/shared/install.c | 14 ++++++++++----
- test/units/TEST-26-SYSTEMCTL.sh | 6 ++++++
- 2 files changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/src/shared/install.c b/src/shared/install.c
-index dd2bd5c948..c94b456c21 100644
---- a/src/shared/install.c
-+++ b/src/shared/install.c
-@@ -2282,7 +2282,9 @@ static int install_context_mark_for_removal(
- else {
- log_debug_errno(r, "Unit %s not found, removing name.", i->name);
- r = install_changes_add(changes, n_changes, r, i->path ?: i->name, NULL);
-- if (r < 0)
-+ /* In case there's no unit, we still want to remove any leftover symlink, even if
-+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */
-+ if (r != -ENOENT)
- return r;
- }
- } else if (r < 0) {
-@@ -2874,9 +2876,13 @@ static int do_unit_file_disable(
- r = install_info_add(&ctx, *name, NULL, lp->root_dir, /* auxiliary= */ false, &info);
- if (r >= 0)
- r = install_info_traverse(&ctx, lp, info, SEARCH_LOAD|SEARCH_FOLLOW_CONFIG_SYMLINKS, NULL);
--
-- if (r < 0)
-- return install_changes_add(changes, n_changes, r, *name, NULL);
-+ if (r < 0) {
-+ r = install_changes_add(changes, n_changes, r, *name, NULL);
-+ /* In case there's no unit, we still want to remove any leftover symlink, even if
-+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */
-+ if (r != -ENOENT)
-+ return r;
-+ }
-
- /* If we enable multiple units, some with install info and others without,
- * the "empty [Install] section" warning is not shown. Let's make the behavior
-diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh
-index ae7a5d6eb6..1471f3fd9e 100755
---- a/test/units/TEST-26-SYSTEMCTL.sh
-+++ b/test/units/TEST-26-SYSTEMCTL.sh
-@@ -343,6 +343,12 @@ systemctl cat "$UNIT_NAME"
- systemctl help "$UNIT_NAME"
- systemctl service-watchdogs
- systemctl service-watchdogs "$(systemctl service-watchdogs)"
-+# Ensure that the enablement symlinks can still be removed after the user is gone, to avoid having leftovers
-+systemctl enable "$UNIT_NAME"
-+systemctl stop "$UNIT_NAME"
-+rm -f "/usr/lib/systemd/system/$UNIT_NAME"
-+systemctl daemon-reload
-+systemctl disable "$UNIT_NAME"
-
- # show/set-environment
- # Make sure PATH is set
diff --git a/SOURCES/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch b/SOURCES/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
new file mode 100644
index 0000000..84a4d66
--- /dev/null
+++ b/SOURCES/0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
@@ -0,0 +1,58 @@
+From 2a6fbf9da93ad2f76aa5578641e39801a13fd5dd Mon Sep 17 00:00:00 2001
+From: Tobias Klauser <tklauser@distanz.ch>
+Date: Wed, 11 Dec 2024 15:10:39 +0100
+Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset
+
+If - for whatever reason - a script uses set -u (nounset) and includes
+/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
+/etc/profile) the script would fail with:
+
+ /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
+
+For example:
+
+ $ cat > foo.sh <<EOF
+ #!/bin/sh
+ set -u
+
+ source /etc/profile
+ EOF
+ $ chmod 700 foo.sh
+ $ ./foo.sh
+ /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
+
+Fix this by using shell parameter substitution[^1] (which is a POSIX
+shell concept) to set the $SHELL_* variables to the empty string if
+undefined.
+
+[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
+
+(cherry picked from commit 12e33d332b3f8754f4d5d0d21d5d3f0de8adc54c)
+
+Related: RHEL-71409
+---
+ profile.d/70-systemd-shell-extra.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/profile.d/70-systemd-shell-extra.sh b/profile.d/70-systemd-shell-extra.sh
+index 70be3341b9..dae77e4bc7 100644
+--- a/profile.d/70-systemd-shell-extra.sh
++++ b/profile.d/70-systemd-shell-extra.sh
+@@ -12,14 +12,14 @@
+ # credentials shell.prompt.prefix, shell.prompt.suffix and shell.welcome, and
+ # are propagated into these environment variables by pam_systemd(8).
+
+-if [ -n "$SHELL_PROMPT_PREFIX" ]; then
++if [ -n "${SHELL_PROMPT_PREFIX-}" ]; then
+ PS1="$SHELL_PROMPT_PREFIX$PS1"
+ fi
+
+-if [ -n "$SHELL_PROMPT_SUFFIX" ]; then
++if [ -n "${SHELL_PROMPT_SUFFIX-}" ]; then
+ PS1="$PS1$SHELL_PROMPT_SUFFIX"
+ fi
+
+-if [ -n "$SHELL_WELCOME" ]; then
++if [ -n "${SHELL_WELCOME-}" ]; then
+ printf '%b\n' "$SHELL_WELCOME"
+ fi
diff --git a/SOURCES/0034-tmpfiles-honour-dry-run-when-removing-directories.patch b/SOURCES/0034-tmpfiles-honour-dry-run-when-removing-directories.patch
deleted file mode 100644
index 13b0e02..0000000
--- a/SOURCES/0034-tmpfiles-honour-dry-run-when-removing-directories.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 90ec0265707d381ed8cc77de475cd963686eaba3 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Tue, 18 Jun 2024 09:54:33 +0200
-Subject: [PATCH] tmpfiles: honour --dry-run when removing directories
-
-(cherry picked from commit edeceb80a91e8400e8c22f08a41045a2ba270fe6)
----
- src/tmpfiles/tmpfiles.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 807925f199..283be21d16 100644
---- a/src/tmpfiles/tmpfiles.c
-+++ b/src/tmpfiles/tmpfiles.c
-@@ -3024,10 +3024,16 @@ static int remove_recursive(
- return r;
-
- if (remove_instance) {
-- log_debug("Removing directory \"%s\".", instance);
-- r = RET_NERRNO(rmdir(instance));
-- if (r < 0 && !IN_SET(r, -ENOENT, -ENOTEMPTY))
-- return log_error_errno(r, "Failed to remove %s: %m", instance);
-+ log_action("Would remove", "Removing", "%s directory \"%s\".", instance);
-+ if (!arg_dry_run) {
-+ r = RET_NERRNO(rmdir(instance));
-+ if (r < 0) {
-+ bool fatal = !IN_SET(r, -ENOENT, -ENOTEMPTY);
-+ log_full_errno(fatal ? LOG_ERR : LOG_DEBUG, r, "Failed to remove %s: %m", instance);
-+ if (fatal)
-+ return r;
-+ }
-+ }
- }
- return 0;
- }
diff --git a/SOURCES/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch b/SOURCES/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch
deleted file mode 100644
index 0fc7532..0000000
--- a/SOURCES/0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From e76015738942246db70f444b3567afd1b132f824 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Tue, 18 Jun 2024 09:55:20 +0200
-Subject: [PATCH] tmpfiles: insist on at least one configuration file being
- specified on --purge
-
-Also, extend the man page explanation substantially, matching more
-closely what --create says.
-
-Fixes: #33349
-(cherry picked from commit 41064a3c97c9a53c97bbe8a1de799a82c4374a2d)
----
- man/systemd-tmpfiles.xml | 26 ++++++++++++++++++++------
- src/tmpfiles/tmpfiles.c | 4 ++++
- 2 files changed, 24 insertions(+), 6 deletions(-)
-
-diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
-index 9767aead85..2a494b9c5c 100644
---- a/man/systemd-tmpfiles.xml
-+++ b/man/systemd-tmpfiles.xml
-@@ -151,12 +151,26 @@
-
- <varlistentry>
- <term><option>--purge</option></term>
-- <listitem><para>If this option is passed, all files and directories created by a
-- <filename>tmpfiles.d/</filename> entry will be deleted. Keep in mind that by default,
-- <filename>/home</filename> is created by <command>systemd-tmpfiles</command>
-- (see <filename>/usr/lib/tmpfiles.d/home.conf</filename>). Therefore it is recommended
-- to first run <command>systemd-tmpfiles --dry-run --purge</command> to be certain which files
-- and directories will be deleted.</para>
-+
-+ <listitem><para>If this option is passed, all files and directories marked for
-+ <emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
-+ line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
-+ marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
-+ <varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
-+ <varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
-+ <varname>w</varname>, <varname>e</varname>. If this switch is used at least one
-+ <filename>tmpfiles.d/</filename> file (or <filename>-</filename> for standard input) must be
-+ specified on the command line or the invocation will be refused, for safety reasons (as otherwise
-+ much of the installed system files might be removed).</para>
-+
-+ <para>The primary usecase for this option is to automatically remove files and directories that
-+ originally have been created on behalf of an installed packaged at package removal time.</para>
-+
-+ <para>It is recommended to first run this command in combination with <option>--dry-run</option>
-+ (see below) to verify which files and directories will be deleted.</para>
-+
-+ <para><emphasis>Warning!</emphasis> This is is usually not the command you want! In most cases
-+ <option>--remove</option> is what you are looking for.</para>
-
- <xi:include href="version-info.xml" xpointer="v256"/></listitem>
- </varlistentry>
-diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 283be21d16..1704197207 100644
---- a/src/tmpfiles/tmpfiles.c
-+++ b/src/tmpfiles/tmpfiles.c
-@@ -4344,6 +4344,10 @@ static int parse_argv(int argc, char *argv[]) {
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
- "You need to specify at least one of --clean, --create, --remove, or --purge.");
-
-+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && optind >= argc)
-+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-+ "Refusing --purge without specification of a configuration file.");
-+
- if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
- "Option --replace= is not supported with --cat-config/--tldr.");
diff --git a/SOURCES/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch b/SOURCES/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch
deleted file mode 100644
index 954232f..0000000
--- a/SOURCES/0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 08b8237303efdf072a0f61615b7f1633eafc8e0a Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Tue, 18 Jun 2024 09:56:15 +0200
-Subject: [PATCH] tmpfiles: move --purge to command section in --help text
- where it belongs
-
-Also, make contrast between --remove and --purge clearer: one deletes
-files marked for deletion, the other deletes files marked for creation.
-
-(cherry picked from commit 69d76823ce6e9c307184946ed55b207eb728e625)
----
- src/tmpfiles/tmpfiles.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 1704197207..8cc8c1ccd6 100644
---- a/src/tmpfiles/tmpfiles.c
-+++ b/src/tmpfiles/tmpfiles.c
-@@ -4148,7 +4148,9 @@ static int help(void) {
- "\n%3$sCommands:%4$s\n"
- " --create Create files and directories\n"
- " --clean Clean up files and directories\n"
-- " --remove Remove files and directories\n"
-+ " --remove Remove files and directories marked for removal\n"
-+ " --purge Delete files and directories marked for creation in\n"
-+ " specified configuration files (careful!)\n"
- " -h --help Show this help\n"
- " --version Show package version\n"
- "\n%3$sOptions:%4$s\n"
-@@ -4157,7 +4159,6 @@ static int help(void) {
- " --tldr Show non-comment parts of configuration\n"
- " --boot Execute actions only safe at boot\n"
- " --graceful Quietly ignore unknown users or groups\n"
-- " --purge Delete all files owned by the configuration files\n"
- " --prefix=PATH Only apply rules with the specified prefix\n"
- " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
- " -E Ignore rules prefixed with /dev, /proc, /run, /sys\n"
diff --git a/SOURCES/0037-mkosi-restrict-noble-backports-to-noble-builds.patch b/SOURCES/0037-mkosi-restrict-noble-backports-to-noble-builds.patch
deleted file mode 100644
index b2dd982..0000000
--- a/SOURCES/0037-mkosi-restrict-noble-backports-to-noble-builds.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 7b18adadde58798a895366105c6c1517231029d9 Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Tue, 18 Jun 2024 13:35:32 +0100
-Subject: [PATCH] mkosi: restrict noble-backports to noble builds
-
-Follow-up for c01cb8cbff8512b65b7903b55f78c8d12661b8d7
-
-(cherry picked from commit f97b243edfcae211aade6ceb2fd89ae9d9209fac)
----
- .../system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf | 1 +
- mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
-index 0ec4807822..582f038b5f 100644
---- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
-+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
-@@ -4,6 +4,7 @@
- [Match]
- Architecture=!x86-64
- Architecture=!x86
-+Release=noble
-
- [Distribution]
- PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
-diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
-index c08eeac337..7347be9069 100644
---- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
-+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
-@@ -4,6 +4,7 @@
- [Match]
- Architecture=|x86-64
- Architecture=|x86
-+Release=noble
-
- [Distribution]
- PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
diff --git a/SOURCES/0038-repart-fix-memory-leak.patch b/SOURCES/0038-repart-fix-memory-leak.patch
deleted file mode 100644
index 1b81bdb..0000000
--- a/SOURCES/0038-repart-fix-memory-leak.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From f8f669fd69bf15f386308ef8f4cbbbd5a7ad69cd Mon Sep 17 00:00:00 2001
-From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
-Date: Tue, 18 Jun 2024 14:07:50 +0200
-Subject: [PATCH] repart: fix memory leak
-
-(cherry picked from commit a81f5ffd40081441dafc678fe83d185436dde35a)
----
- src/partition/repart.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/partition/repart.c b/src/partition/repart.c
-index 78cf60f724..8f64520ee7 100644
---- a/src/partition/repart.c
-+++ b/src/partition/repart.c
-@@ -187,6 +187,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_hash_pcr_values, freep);
- STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep);
- STATIC_DESTRUCTOR_REGISTER(arg_tpm2_pcrlock, freep);
- STATIC_DESTRUCTOR_REGISTER(arg_filter_partitions, freep);
-+STATIC_DESTRUCTOR_REGISTER(arg_defer_partitions, freep);
- STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
- STATIC_DESTRUCTOR_REGISTER(arg_copy_from, strv_freep);
- STATIC_DESTRUCTOR_REGISTER(arg_copy_source, freep);
diff --git a/SOURCES/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch b/SOURCES/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch
deleted file mode 100644
index 5e2315d..0000000
--- a/SOURCES/0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 34ba18b0124407403690738b46fbd6236fe65c92 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Tue, 18 Jun 2024 17:55:31 +0900
-Subject: [PATCH] logs-show: do not use _SOURCE_MONOTONIC_TIMESTAMP field
-
-The timestamp is not in CLOCK_MONOTONIC, but CLOCK_BOOTTIME,
-while header monotonic timestamp is in CLOCK_MONOTONIC. Hence, we cannot
-adjust timestamp by comparing with header monotonic timestamp and
-_SOURCE_MONOTONIC_TIMESTAMP field.
-
-Fixes a regression caused by affde1d7e79a634ee6053dbd4a57b3b51b74c170.
-Fixes #33293.
-
-(cherry picked from commit 144498e7e6efe2d90981cb14e3ed462a70a955c6)
----
- src/shared/logs-show.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
-index c71c868889..153a4110ce 100644
---- a/src/shared/logs-show.c
-+++ b/src/shared/logs-show.c
-@@ -450,6 +450,9 @@ static void parse_display_realtime(
- assert(j);
- assert(ret);
-
-+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime.
-+ source_monotonic = NULL;
-+
- /* First, try _SOURCE_REALTIME_TIMESTAMP. */
- if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t)) {
- *ret = t;
-@@ -488,6 +491,9 @@ static void parse_display_timestamp(
- assert(ret_display_ts);
- assert(ret_boot_id);
-
-+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime.
-+ source_monotonic = NULL;
-+
- if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t))
- source_ts.realtime = t;
-
diff --git a/SOURCES/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch b/SOURCES/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch
deleted file mode 100644
index a42248f..0000000
--- a/SOURCES/0042-ci-deploy-systemd-man-to-GitHub-Pages.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From ecae988291383e13e5b23b5d7a4a1f8a7d6736dc Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 16 May 2024 15:14:17 +0200
-Subject: [PATCH] ci: deploy systemd man to GitHub Pages
-
-rhel-only: ci
-
-Related: RHEL-36636
----
- .github/workflows/deploy-man-pages.yml | 59 ++++++++++++++++++++++++++
- 1 file changed, 59 insertions(+)
- create mode 100644 .github/workflows/deploy-man-pages.yml
-
-diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
-new file mode 100644
-index 0000000000..9739228a87
---- /dev/null
-+++ b/.github/workflows/deploy-man-pages.yml
-@@ -0,0 +1,59 @@
-+name: Deploy systemd man to Pages
-+
-+on:
-+ push:
-+ branches: [ main ]
-+ paths:
-+ - man/*
-+ - .github/workflows/deploy-man-pages.yml
-+ schedule:
-+ # Run every Monday at 4:00 AM UTC
-+ - cron: 0 4 * * 1
-+ workflow_dispatch:
-+
-+permissions:
-+ contents: read
-+
-+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
-+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
-+concurrency:
-+ group: pages
-+ cancel-in-progress: false
-+
-+jobs:
-+ # Single deploy job since we're just deploying
-+ deploy:
-+ environment:
-+ name: github-pages
-+ url: ${{ steps.deployment.outputs.page_url }}
-+ runs-on: ubuntu-latest
-+
-+ permissions:
-+ pages: write
-+ id-token: write
-+
-+ steps:
-+ - uses: actions/checkout@v4
-+
-+ - name: Install dependencies
-+ run: |
-+ sudo add-apt-repository -y --no-update --enable-source
-+ sudo apt-get -y update
-+ sudo apt-get -y build-dep systemd
-+
-+ - name: Build HTML man pages
-+ run: |
-+ meson setup build
-+ ninja -C build man/html
-+
-+ - name: Setup Pages
-+ uses: actions/configure-pages@v4
-+
-+ - name: Upload artifact
-+ uses: actions/upload-pages-artifact@v3
-+ with:
-+ path: ./build/man
-+
-+ - name: Deploy to GitHub Pages
-+ id: deployment
-+ uses: actions/deploy-pages@v4
diff --git a/SOURCES/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch b/SOURCES/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch
deleted file mode 100644
index bac631f..0000000
--- a/SOURCES/0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 517bf132e5508a2ac140dbea3650e89205dee052 Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Fri, 21 Jun 2024 16:15:24 +0200
-Subject: [PATCH] ci: allow to pass parameters together with rhel-only note
-
-Supported parameters:
-
-* feature - for feature related commits (cross-version)
-* bugfix - for bugfix related commits (cross-version)
-* doc - for documentation related commits (usually version specific)
-* workaround - for workaround related commits (usually version specific)
-* ci - for CI related commits (version specific)
-* test - for test related commits (version specific)
-* other - for commits that do not fit into any of the above categories or use just `rhel-only`
-
-rhel-only: ci
-
-Related: RHEL-36636
----
- .github/advanced-commit-linter.yml | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
-index 3609fe4612..3e3e3fe2bf 100644
---- a/.github/advanced-commit-linter.yml
-+++ b/.github/advanced-commit-linter.yml
-@@ -4,8 +4,8 @@ policy:
- - github: systemd/systemd
- exception:
- note:
-- - rhel-only
-- - RHEL-only
-+ - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)'
-+ - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)'
- tracker:
- - keyword:
- - 'Resolves: '
diff --git a/SOURCES/0060-meson-rename-libbasic-to-libbasic_static.patch b/SOURCES/0060-meson-rename-libbasic-to-libbasic_static.patch
deleted file mode 100644
index 5f3a54b..0000000
--- a/SOURCES/0060-meson-rename-libbasic-to-libbasic_static.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 40527d91d2fb1d987473bb4bcf1c929a85ffe9a0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 3 Jul 2024 16:51:05 +0200
-Subject: [PATCH] meson: rename libbasic to libbasic_static
-
-Our variables for internal libraries are named 'libfoo' for the shared lib
-variant, and 'libfoo_static' for the static lib variant. The only exception was
-libbasic, because we didn't have a shared variant for it. But let's rename it
-for consitency. This makes the build config easier to understand.
-
-see currently unmerged https://github.com/systemd/systemd/pull/33599
-
-RHEL-only workaround
-
-Resolves: RHEL-46020
----
- meson.build | 4 ++--
- src/basic/meson.build | 2 +-
- src/libsystemd/meson.build | 2 +-
- src/partition/meson.build | 2 +-
- src/shared/meson.build | 2 +-
- src/shutdown/meson.build | 2 +-
- src/sysusers/meson.build | 2 +-
- src/test/meson.build | 8 ++++----
- src/tmpfiles/meson.build | 2 +-
- 9 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index e42151998b..18115cad5e 100644
---- a/meson.build
-+++ b/meson.build
-@@ -2078,7 +2078,7 @@ libsystemd = shared_library(
- # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles.
- '-z', 'nodelete',
- '-Wl,--version-script=' + libsystemd_sym_path],
-- link_with : [libbasic],
-+ link_with : [libbasic_static],
- link_whole : [libsystemd_static],
- dependencies : [librt,
- threads,
-@@ -2243,7 +2243,7 @@ nss_template = {
- 'link_with' : [
- libsystemd_static,
- libshared_static,
-- libbasic,
-+ libbasic_static,
- ],
- 'dependencies' : [
- librt,
-diff --git a/src/basic/meson.build b/src/basic/meson.build
-index 9a214575a5..b538775576 100644
---- a/src/basic/meson.build
-+++ b/src/basic/meson.build
-@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target(
-
- basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h]
-
--libbasic = static_library(
-+libbasic_static = static_library(
- 'basic',
- basic_sources,
- fundamental_sources,
-diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build
-index 6d4337d1a7..243549299f 100644
---- a/src/libsystemd/meson.build
-+++ b/src/libsystemd/meson.build
-@@ -118,7 +118,7 @@ libsystemd_static = static_library(
- libsystemd_sources,
- include_directories : libsystemd_includes,
- c_args : libsystemd_c_args,
-- link_with : [libbasic],
-+ link_with : [libbasic_static],
- dependencies : [threads,
- librt,
- userspace],
-diff --git a/src/partition/meson.build b/src/partition/meson.build
-index 52e1368116..2cfe43e029 100644
---- a/src/partition/meson.build
-+++ b/src/partition/meson.build
-@@ -32,7 +32,7 @@ executables += [
- 'sources' : files('repart.c'),
- 'c_args' : '-DSTANDALONE',
- 'link_with' : [
-- libbasic,
-+ libbasic_static,
- libshared_fdisk,
- libshared_static,
- libsystemd_static,
-diff --git a/src/shared/meson.build b/src/shared/meson.build
-index c5106d87d5..e513c0ec1c 100644
---- a/src/shared/meson.build
-+++ b/src/shared/meson.build
-@@ -358,7 +358,7 @@ libshared = shared_library(
- '-Wl,--version-script=' + libshared_sym_path],
- link_depends : libshared_sym_path,
- link_whole : [libshared_static,
-- libbasic,
-+ libbasic_static,
- libsystemd_static],
- dependencies : [libshared_deps,
- userspace],
-diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build
-index 219f9fd308..9bc60f83e5 100644
---- a/src/shutdown/meson.build
-+++ b/src/shutdown/meson.build
-@@ -20,7 +20,7 @@ executables += [
- 'sources' : systemd_shutdown_sources,
- 'c_args' : '-DSTANDALONE',
- 'link_with' : [
-- libbasic,
-+ libbasic_static,
- libshared_static,
- libsystemd_static,
- ],
-diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build
-index 0f9c067d50..403d82a340 100644
---- a/src/sysusers/meson.build
-+++ b/src/sysusers/meson.build
-@@ -14,7 +14,7 @@ executables += [
- 'sources' : files('sysusers.c'),
- 'c_args' : '-DSTANDALONE',
- 'link_with' : [
-- libbasic,
-+ libbasic_static,
- libshared_static,
- libsystemd_static,
- ],
-diff --git a/src/test/meson.build b/src/test/meson.build
-index 3abbb94d9f..9d3c7d675f 100644
---- a/src/test/meson.build
-+++ b/src/test/meson.build
-@@ -274,7 +274,7 @@ executables += [
- # only static linking apart from libdl, to make sure that the
- # module is linked to all libraries that it uses.
- 'sources' : files('test-dlopen.c'),
-- 'link_with' : libbasic,
-+ 'link_with' : libbasic_static,
- 'dependencies' : libdl,
- 'install' : false,
- 'type' : 'manual',
-@@ -410,7 +410,7 @@ executables += [
- },
- test_template + {
- 'sources' : files('test-sizeof.c'),
-- 'link_with' : libbasic,
-+ 'link_with' : libbasic_static,
- },
- test_template + {
- 'sources' : files('test-time-util.c'),
-@@ -590,7 +590,7 @@ executables += [
- test_template + {
- 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'),
- 'link_with' : [
-- libbasic,
-+ libbasic_static,
- libsystemd,
- ],
- 'dependencies' : threads,
-@@ -598,7 +598,7 @@ executables += [
- test_template + {
- 'sources' : files('../libudev/test-udev-device-thread.c'),
- 'link_with' : [
-- libbasic,
-+ libbasic_static,
- libudev,
- ],
- 'dependencies' : threads,
-diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build
-index 2e918509a7..09ad839586 100644
---- a/src/tmpfiles/meson.build
-+++ b/src/tmpfiles/meson.build
-@@ -20,7 +20,7 @@ executables += [
- 'sources' : systemd_tmpfiles_sources,
- 'c_args' : '-DSTANDALONE',
- 'link_with' : [
-- libbasic,
-+ libbasic_static,
- libshared_static,
- libsystemd_static,
- ],
diff --git a/SOURCES/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/SOURCES/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch
deleted file mode 100644
index d29e276..0000000
--- a/SOURCES/0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 9eccd6c09f06979003eb2ae1f159defc40213fe0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 3 Jul 2024 17:03:26 +0200
-Subject: [PATCH] meson: build libsystemd-core via an intermediate static
- library
-
-By itself, this is not useful. I'm making this a separate commit to
-make debugging easier. It turns out that meson does static libraries
-using references, so the "static library" a tiny stub stub that refers
-to the object files on disk and this has negligible cost:
-$ ls -lhd build/src/core/libsystemd-core-257.{a,so}
--rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a
--rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so
-
-see currently unmerged https://github.com/systemd/systemd/pull/33599
-
-RHEL-only workaround
-
-Resolves: RHEL-46020
----
- src/core/meson.build | 16 +++++++++++-----
- 1 file changed, 11 insertions(+), 5 deletions(-)
-
-diff --git a/src/core/meson.build b/src/core/meson.build
-index 7a2012a372..1ef31cc529 100644
---- a/src/core/meson.build
-+++ b/src/core/meson.build
-@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target(
-
- libcore_name = 'systemd-core-@0@'.format(shared_lib_tag)
-
--libcore = shared_library(
-+libcore_static = static_library(
- libcore_name,
- libcore_sources,
- load_fragment_gperf_c,
- load_fragment_gperf_nulstr_c,
- include_directories : includes,
- c_args : ['-fvisibility=default'],
-- link_args : ['-shared',
-- '-Wl,--version-script=' + libshared_sym_path],
-- link_depends : libshared_sym_path,
-- link_with : libshared,
- dependencies : [libacl,
- libapparmor,
- libaudit,
-@@ -135,6 +131,16 @@ libcore = shared_library(
- libselinux,
- threads,
- userspace],
-+ build_by_default : false)
-+
-+libcore = shared_library(
-+ libcore_name,
-+ c_args : ['-fvisibility=default'],
-+ link_args : ['-shared',
-+ '-Wl,--version-script=' + libshared_sym_path],
-+ link_depends : libshared_sym_path,
-+ link_whole: libcore_static,
-+ link_with : libshared,
- install : true,
- install_dir : pkglibdir)
-
diff --git a/SOURCES/0062-meson-add-option-to-build-systemd-executor-staticall.patch b/SOURCES/0062-meson-add-option-to-build-systemd-executor-staticall.patch
deleted file mode 100644
index a7464ff..0000000
--- a/SOURCES/0062-meson-add-option-to-build-systemd-executor-staticall.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From f3b375da4cd070788b2b8a21fe678c15cb4babe8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 3 Jul 2024 17:05:31 +0200
-Subject: [PATCH] meson: add option to build systemd-executor "statically"
-
-The new link-executor-shared option is similar to the existing
-link-udev-shared: when set to false, we link to the static versions of our
-internal libraries.
-
-The resulting exuctor binary is fairly large, about as large as libsystemd-core
-(14 MB without lto, 8 with lto).
-
-This is intended as a workaround for the fuckup with the pinned executor
-binary:
-when an upgrade is performed, the package manager will install new version of
-the libraries and new version of the code, and some time later reexecute the
-managers. This creates a window when the pinned executor binary will fail to
-execute. There are two factors which make the issue easier to hit:
-
-- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora
- uses version-release as the tag, which means that the issue occurs on
- every package upgrade. This is the right thing to do, because the
- ABI of our internal libraries is not stable at all, so replacing the
- library from a different version in place creates a window where our
- programs may crash or misbehave.
-
-- when the distribution doesn't immediately reexec all the managers after
- upgrade. In early versions of systemd, we used to hammer the machine during
- upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and
- wasteful. Doing the reexecs while the upgrade is in progres also creates a
- window where a mix of old and new configs or both is loaded. Users are
- particularly annoyed by those reloads if there is some issue in the
- configuration causing us to emit warnings on every reexec. Doing the
- reexecs once after the new configuration and libraries have been put
- in place is nicer.
-
-The pinning of the executor binary breaks upgrades and in particular
-it penalizes the distributions which make use of the features which
-were previously added to avoid bugs and inefficiency during upgrades.
-
-When the executor is linked statically, there is a smaller chance that it'll
-fail to load libraries. The issue can still occur because other libraries, not
-our own, are linked dynamically.
-
-see currently unmerged https://github.com/systemd/systemd/pull/33599
-
-RHEL-only workaround
-
-Resolves: RHEL-46020
----
- meson_options.txt | 2 ++
- src/core/meson.build | 16 ++++++++++++----
- 2 files changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/meson_options.txt b/meson_options.txt
-index d52ca4e4b5..3cce818392 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true,
- description : '''This option is deprecated and will be removed in a future release''')
- option('link-udev-shared', type : 'boolean',
- description : 'link systemd-udevd and its helpers to libsystemd-shared.so')
-+option('link-executor-shared', type : 'boolean',
-+ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so')
- option('link-systemctl-shared', type: 'boolean',
- description : 'link systemctl against libsystemd-shared.so')
- option('link-networkd-shared', type: 'boolean',
-diff --git a/src/core/meson.build b/src/core/meson.build
-index 1ef31cc529..dbeb752977 100644
---- a/src/core/meson.build
-+++ b/src/core/meson.build
-@@ -156,6 +156,17 @@ systemd_executor_sources = files(
- 'exec-invoke.c',
- )
-
-+executor_libs = get_option('link-executor-shared') ? \
-+ [
-+ libcore,
-+ libshared,
-+ ] : [
-+ libcore_static,
-+ libshared_static,
-+ libbasic_static,
-+ libsystemd_static,
-+ ]
-+
- executables += [
- libexec_template + {
- 'name' : 'systemd',
-@@ -173,10 +184,7 @@ executables += [
- 'public' : true,
- 'sources' : systemd_executor_sources,
- 'include_directories' : core_includes,
-- 'link_with' : [
-- libcore,
-- libshared,
-- ],
-+ 'link_with' : executor_libs,
- 'dependencies' : [
- libapparmor,
- libpam,
diff --git a/SOURCES/0065-doc-add-downstream-CONTRIBUTING-document.patch b/SOURCES/0065-doc-add-downstream-CONTRIBUTING-document.patch
deleted file mode 100644
index c28d26d..0000000
--- a/SOURCES/0065-doc-add-downstream-CONTRIBUTING-document.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From f7c92899a77656a1bb7586f83c27b00cd5ea0707 Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 27 Jun 2024 10:17:06 +0200
-Subject: [PATCH] doc: add downstream CONTRIBUTING document
-
-rhel-only: doc
-
-Related: RHEL-40924
----
- CONTRIBUTING.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++
- README.md | 2 +-
- 2 files changed, 76 insertions(+), 1 deletion(-)
- create mode 100644 CONTRIBUTING.md
-
-diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
-new file mode 100644
-index 0000000000..28466facac
---- /dev/null
-+++ b/CONTRIBUTING.md
-@@ -0,0 +1,75 @@
-+# Contributing
-+
-+Welcome to systemd source-git for CentOS Stream and RHEL. When contributing, please follow the guide below.
-+
-+## Workflow
-+
-+```mermaid
-+flowchart LR
-+ A(Issue) --> B{is fixed\nupstream}
-+ B -->|YES| C(backport\nupstream patch)
-+ B -->|NO| D(upstream\nsubmit issue or PR)
-+ D --> E{accepted\nand fixed}
-+ E -->|YES| C
-+ E -->|NO| F(rhel-only patch) --> G
-+ C --> G(submit PR)
-+```
-+
-+## Filing issues
-+
-+When you find an issue with systemd used in **CentOS Stream** or **RHEL**, please file an issue in Red Hat [Jira ticket system](https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12380515).
-+
-+GitHub Issues are not supported tracking system. If your issue is reproducible using the latest upstream version of systemd, please consider creating [upstream issue](https://github.com/systemd/systemd/issues/new/choose).
-+
-+## Posting Pull Requests
-+
-+Every Pull Request has to comply with the following rules:
-+
-+- Each commit has to reference [upstream](https://github.com/systemd/systemd) commit.
-+- Each commit has to reference the approved issue/tracker.
-+- Pull requests have to pass mandatory CI validation and testing
-+- Pull requests have to be approved by at least one systemd downstream maintainer
-+
-+### Upstream reference
-+
-+When doing a back-port of an upstream commit, always use `cherry-pick -x <sha>`. Consider proposing a change upstream first when an upstream commit doesn't exist.
-+If the change isn't upstream relevant or accepted by upstream, mark the commit with the `rhel-only: <parameter>` string, where a `<parameter>` is:
-+
-+- `feature` - for feature-related commits (cross-version)
-+- `bugfix` - for bugfix-related commits (cross-version)
-+- `doc` - for documentation-related commits (usually version-specific)
-+- `workaround` - for workaround-related commits (usually version-specific)
-+- `ci` - for CI-related commits (version-specific)
-+- `test` - for test-related commits (version-specific)
-+- `other` - for commits that do not fit into any of the above categories (version-specific)
-+
-+```md
-+doc: Fix TYPO
-+
-+rhel-only: doc
-+
-+Resolves: RHEL-678
-+```
-+
-+### Issue reference
-+
-+Each commit has to reference the relevant approved systemd issue (see: [Filling issues section](#filing-issues)). For referencing issues, we use the following keywords:
-+
-+- **Resolves** for commits that directly resolve issues described in a referenced tracker
-+- **Related** for commits related to the referenced issue, but they don't fix it. Usually, tests and documentation.
-+- **Reverts** for commits that reverts previously merged commit
-+
-+When referencing issues, use the following structure: `<keyword>: <issue ID>`. See the example below:
-+
-+```md
-+doc: Fix TYPO
-+
-+(cherry picked from commit c5afbac31bb33e7b1f4d59b253425af991a630a4)
-+
-+Resolves: RHEL-678
-+```
-+
-+### Validation and testing
-+
-+Each Pull Request has to pass all enabled tests that are automatically run using GitHub Actions, CentOS Stream CI, and others.
-+If CI failure is unrelated to the change introduced in Pull Request, the downstream maintainer will set the `ci-waived` label and explain why CI was waived.
-diff --git a/README.md b/README.md
-index 12f1381f08..421a2e6572 100644
---- a/README.md
-+++ b/README.md
-@@ -30,7 +30,7 @@ Please see the [Code Map](docs/ARCHITECTURE.md) for information about this repos
-
- Please see the [Hacking guide](docs/HACKING.md) for information on how to hack on systemd and test your modifications.
-
--Please see our [Contribution Guidelines](docs/CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests.
-+Please see our [Contribution Guidelines](CONTRIBUTING.md) for more information about filing GitHub Issues and posting GitHub Pull Requests.
-
- When preparing patches for systemd, please follow our [Coding Style Guidelines](docs/CODING_STYLE.md).
-
diff --git a/SOURCES/0066-ci-allow-policy-as-rhel-only-keyword.patch b/SOURCES/0066-ci-allow-policy-as-rhel-only-keyword.patch
deleted file mode 100644
index 76d27f3..0000000
--- a/SOURCES/0066-ci-allow-policy-as-rhel-only-keyword.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 5d244e25b994f1db5988cf6de14fff9058a75bc2 Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Mon, 15 Jul 2024 14:13:14 +0200
-Subject: [PATCH] ci: allow `policy` as rhel-only keyword
-
-rhel-only: ci
-
-Related: RHEL-40924
----
- .github/advanced-commit-linter.yml | 4 ++--
- CONTRIBUTING.md | 1 +
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
-index 3e3e3fe2bf..4a7e6542b4 100644
---- a/.github/advanced-commit-linter.yml
-+++ b/.github/advanced-commit-linter.yml
-@@ -4,8 +4,8 @@ policy:
- - github: systemd/systemd
- exception:
- note:
-- - 'rhel-only: (feature|bugfix|doc|workaround|ci|test|other)'
-- - 'RHEL-only: (feature|bugfix|doc|workaround|ci|test|other)'
-+ - 'rhel-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
-+ - 'RHEL-only: (feature|bugfix|policy|doc|workaround|ci|test|other)'
- tracker:
- - keyword:
- - 'Resolves: '
-diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
-index 28466facac..c2e3a2d4d0 100644
---- a/CONTRIBUTING.md
-+++ b/CONTRIBUTING.md
-@@ -37,6 +37,7 @@ If the change isn't upstream relevant or accepted by upstream, mark the commit w
-
- - `feature` - for feature-related commits (cross-version)
- - `bugfix` - for bugfix-related commits (cross-version)
-+- `policy` - for policy-related commits (cross-version)
- - `doc` - for documentation-related commits (usually version-specific)
- - `workaround` - for workaround-related commits (usually version-specific)
- - `ci` - for CI-related commits (version-specific)
diff --git a/SOURCES/0070-packit-drop-the-dependency-on-python3-zstd.patch b/SOURCES/0070-packit-drop-the-dependency-on-python3-zstd.patch
deleted file mode 100644
index 8b52cc0..0000000
--- a/SOURCES/0070-packit-drop-the-dependency-on-python3-zstd.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <frantisek@sumsal.cz>
-Date: Wed, 17 Jul 2024 12:22:55 +0200
-Subject: [PATCH] packit: drop the dependency on python3-zstd
-
-Since it's only in the RHEL buildroot repo.
-
-rhel-only: ci
-
-Related: RHEL-40924
----
- .packit.yml | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/.packit.yml b/.packit.yml
-index 03b3aae7d5..48ba210947 100644
---- a/.packit.yml
-+++ b/.packit.yml
-@@ -39,6 +39,9 @@ actions:
- - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
- # Ignore unpackaged standalone binaries
- - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
-+ # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot
-+ # repo
-+ - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec"
-
- # Available targets can be listed via `copr-cli list-chroots`
- jobs:
diff --git a/SOURCES/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch b/SOURCES/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch
deleted file mode 100644
index ff6c617..0000000
--- a/SOURCES/0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From 45fe2e91e4f73c998ff4d29c316cc4fca9d25942 Mon Sep 17 00:00:00 2001
-From: Etienne Champetier <e.champetier@ateme.com>
-Date: Tue, 9 Jul 2024 11:53:50 -0400
-Subject: [PATCH] udev-builtin-net_id: use firmware_node/sun for
- ID_NET_NAME_SLOT
-
-pci_get_hotplug_slot() has the following limitations:
-- if slots are not hotpluggable, they are not in /sys/bus/pci/slots.
-- the address at /sys/bus/pci/slots/X/addr doesn't contains the function part,
- so on some system, 2 different slots with different _SUN end up with the same
- hotplug_slot, leading to naming conflicts.
-- it tries all parent devices until it finds a slot number, which is incorrect,
- and what led to NAMING_BRIDGE_MULTIFUNCTION_SLOT being disabled.
-
-The use of PCI hotplug to find the slot (ACPI _SUN) was introduced in
-https://github.com/systemd/systemd/commit/0035597a30d120f70df2dd7da3d6128fb8ba6051
-"udev: net_id - export PCI hotplug slot names" on 2012/11/26.
-At the same time on the kernel side we got
-https://github.com/torvalds/linux/commit/bb74ac23b10820d8722c3e1f4add9ef59e703f63
-"ACPI: create _SUN sysfs file" on 2012/11/16.
-
-Using PCI hotplug was the only way at the time, but now 12 years later we can use
-firmware_node/sun sysfs file.
-Looking at a small selection of server HW, for HPE (Gen10 DL325), the _SUN is attached
-to the NIC device, whereas for Dell (R640/R6515/R6615) and Cisco (UCSC-C220-M5SX),
-the _SUN is on the first parent pcieport.
-
-We still fallback to pci_get_hotplug_slot() to handle the s390 case and
-maybe some other coner cases (_SUN on grand parent device that is not a
-bridge ?).
-
-(cherry picked from commit 0a4ecc54cb9f2d3418b970c51bfadb69c34ae9eb)
-
-Related: RHEL-44416
----
- man/systemd.net-naming-scheme.xml | 6 ++-
- src/shared/netif-naming-scheme.h | 5 ++-
- src/udev/udev-builtin-net_id.c | 72 ++++++++++++++++++++++++++-----
- 3 files changed, 69 insertions(+), 14 deletions(-)
-
-diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index b2d78c95ab..ea9a9c8d3c 100644
---- a/man/systemd.net-naming-scheme.xml
-+++ b/man/systemd.net-naming-scheme.xml
-@@ -528,7 +528,7 @@
- <varlistentry>
- <term><constant>rhel-10.0</constant></term>
-
-- <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
-+ <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
-
- <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
- </listitem>
-@@ -604,6 +604,8 @@
- children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
- </para>
-
-+ <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
-+
- <xi:include href="version-info.xml" xpointer="rhel-9.5"/>
- </listitem>
- </varlistentry>
-@@ -798,7 +800,7 @@ ID_NET_NAME_ONBOARD_LABEL=Ethernet Port 1
- </example>
-
- <example>
-- <title>PCI Ethernet card in hotplug slot with firmware index number</title>
-+ <title>PCI Ethernet card in slot with firmware index number</title>
-
- <programlisting># /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/net/ens1
- ID_NET_NAME_MAC=enx000000000466
-diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
-index a55bb0b1cb..229232d452 100644
---- a/src/shared/netif-naming-scheme.h
-+++ b/src/shared/netif-naming-scheme.h
-@@ -43,6 +43,7 @@ typedef enum NamingSchemeFlags {
- NAMING_DEVICETREE_ALIASES = 1 << 15, /* Generate names from devicetree aliases */
- NAMING_USB_HOST = 1 << 16, /* Generate names for usb host */
- NAMING_SR_IOV_R = 1 << 17, /* Use "r" suffix for SR-IOV VF representors */
-+ NAMING_FIRMWARE_NODE_SUN = 1 << 18, /* Use firmware_node/sun to get PCI slot number */
-
- /* And now the masks that combine the features above */
- NAMING_V238 = 0,
-@@ -80,9 +81,9 @@ typedef enum NamingSchemeFlags {
- NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
- NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
- NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
-- NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
-+ NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
-
-- NAMING_RHEL_10_0 = NAMING_V255,
-+ NAMING_RHEL_10_0 = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
-
- EXTRA_NET_NAMING_SCHEMES
-
-diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
-index 384a1f31cb..d34357fdb2 100644
---- a/src/udev/udev-builtin-net_id.c
-+++ b/src/udev/udev-builtin-net_id.c
-@@ -566,6 +566,51 @@ static int pci_get_hotplug_slot(sd_device *dev, uint32_t *ret) {
- return -ENOENT;
- }
-
-+static int get_device_firmware_node_sun(sd_device *dev, uint32_t *ret) {
-+ const char *attr;
-+ int r;
-+
-+ assert(dev);
-+ assert(ret);
-+
-+ r = device_get_sysattr_value_filtered(dev, "firmware_node/sun", &attr);
-+ if (r < 0)
-+ return log_device_debug_errno(dev, r, "Failed to read firmware_node/sun, ignoring: %m");
-+
-+ r = safe_atou32(attr, ret);
-+ if (r < 0)
-+ return log_device_warning_errno(dev, r, "Failed to parse firmware_node/sun '%s', ignoring: %m", attr);
-+
-+ return 0;
-+}
-+
-+static int pci_get_slot_from_firmware_node_sun(sd_device *dev, uint32_t *ret) {
-+ int r;
-+ sd_device *slot_dev;
-+
-+ assert(dev);
-+ assert(ret);
-+
-+ /* Try getting the ACPI _SUN for the device */
-+ if (get_device_firmware_node_sun(dev, ret) >= 0)
-+ return 0;
-+
-+ r = sd_device_get_parent_with_subsystem_devtype(dev, "pci", NULL, &slot_dev);
-+ if (r < 0)
-+ return log_device_debug_errno(dev, r, "Failed to find pci parent, ignoring: %m");
-+
-+ if (is_pci_bridge(slot_dev) && is_pci_multifunction(dev) <= 0)
-+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ESTALE),
-+ "Not using slot information because the parent pcieport "
-+ "is a bridge and the PCI device is not multifunction.");
-+
-+ /* Try getting the ACPI _SUN from the parent pcieport */
-+ if (get_device_firmware_node_sun(slot_dev, ret) >= 0)
-+ return 0;
-+
-+ return -ENOENT;
-+}
-+
- static int get_pci_slot_specifiers(
- sd_device *dev,
- char **ret_domain,
-@@ -616,7 +661,7 @@ static int get_pci_slot_specifiers(
-
- static int names_pci_slot(sd_device *dev, sd_device *pci_dev, const char *prefix, const char *suffix, EventMode mode) {
- _cleanup_free_ char *domain = NULL, *bus_and_slot = NULL, *func = NULL, *port = NULL;
-- uint32_t hotplug_slot = 0; /* avoid false maybe-uninitialized warning */
-+ uint32_t slot = 0; /* avoid false maybe-uninitialized warning */
- char str[ALTIFNAMSIZ];
- int r;
-
-@@ -641,20 +686,27 @@ static int names_pci_slot(sd_device *dev, sd_device *pci_dev, const char *prefix
- strna(domain), bus_and_slot, strna(func), strna(port),
- special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(str));
-
-- r = pci_get_hotplug_slot(pci_dev, &hotplug_slot);
-- if (r < 0)
-- return r;
-- if (r > 0)
-- /* If the hotplug slot is found through the function ID, then drop the domain from the name.
-- * See comments in parse_hotplug_slot_from_function_id(). */
-- domain = mfree(domain);
-+ if (naming_scheme_has(NAMING_FIRMWARE_NODE_SUN))
-+ r = pci_get_slot_from_firmware_node_sun(pci_dev, &slot);
-+ else
-+ r = -1;
-+ /* If we don't find a slot using firmware_node/sun, fallback to hotplug_slot */
-+ if (r < 0) {
-+ r = pci_get_hotplug_slot(pci_dev, &slot);
-+ if (r < 0)
-+ return r;
-+ if (r > 0)
-+ /* If the hotplug slot is found through the function ID, then drop the domain from the name.
-+ * See comments in parse_hotplug_slot_from_function_id(). */
-+ domain = mfree(domain);
-+ }
-
- if (snprintf_ok(str, sizeof str, "%s%ss%"PRIu32"%s%s%s",
-- prefix, strempty(domain), hotplug_slot, strempty(func), strempty(port), strempty(suffix)))
-+ prefix, strempty(domain), slot, strempty(func), strempty(port), strempty(suffix)))
- udev_builtin_add_property(dev, mode, "ID_NET_NAME_SLOT", str);
-
- log_device_debug(dev, "Slot identifier: domain=%s slot=%"PRIu32" func=%s port=%s %s %s",
-- strna(domain), hotplug_slot, strna(func), strna(port),
-+ strna(domain), slot, strna(func), strna(port),
- special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), empty_to_na(str));
-
- return 0;
diff --git a/SOURCES/0078-man-net-naming-scheme-add-missing-period.patch b/SOURCES/0078-man-net-naming-scheme-add-missing-period.patch
deleted file mode 100644
index 5a04788..0000000
--- a/SOURCES/0078-man-net-naming-scheme-add-missing-period.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From f5470e9076138ccf69fb6576e950a75da4b89717 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Fri, 2 Aug 2024 16:51:15 +0900
-Subject: [PATCH] man/net-naming-scheme: add missing period
-
-Follow-up for 0a4ecc54cb9f2d3418b970c51bfadb69c34ae9eb.
-
-(cherry picked from commit 2bb72aadb8169c9310c8ca0d586d277a4a71e2f8)
-
-Related: RHEL-44416
----
- man/systemd.net-naming-scheme.xml | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index ea9a9c8d3c..e458b5dd6b 100644
---- a/man/systemd.net-naming-scheme.xml
-+++ b/man/systemd.net-naming-scheme.xml
-@@ -528,7 +528,7 @@
- <varlistentry>
- <term><constant>rhel-10.0</constant></term>
-
-- <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
-+ <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
-
- <xi:include href="version-info.xml" xpointer="rhel-10.0"/>
- </listitem>
-@@ -604,7 +604,7 @@
- children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
- </para>
-
-- <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file</para>
-+ <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
-
- <xi:include href="version-info.xml" xpointer="rhel-9.5"/>
- </listitem>
diff --git a/SOURCES/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch b/SOURCES/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch
deleted file mode 100644
index c3f26af..0000000
--- a/SOURCES/0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 6bec94d825960a39bed6429531e722fd1571664b Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Wed, 14 Aug 2024 12:21:59 +0200
-Subject: [PATCH] Revert "packit: drop the dependency on python3-zstd"
-
-This reverts commit 43bf3e1a42e2c1a6ecd0ca6fd72c9bc6fe904703.
-
-rhel-only: ci
-
-Related: RHEL-36636
----
- .packit.yml | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/.packit.yml b/.packit.yml
-index 48ba210947..03b3aae7d5 100644
---- a/.packit.yml
-+++ b/.packit.yml
-@@ -39,9 +39,6 @@ actions:
- - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
- # Ignore unpackaged standalone binaries
- - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
-- # Drop the python3dist(zstd) dependency, as it's only in the RHEL buildroot
-- # repo
-- - "sed -i '/python3dist(zstd)/d' .packit_rpm/systemd.spec"
-
- # Available targets can be listed via `copr-cli list-chroots`
- jobs:
diff --git a/SOURCES/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch b/SOURCES/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch
deleted file mode 100644
index 8ab3b20..0000000
--- a/SOURCES/0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From a81dc0cad9c24df7c005378fe2c438a98054a7d3 Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Sun, 30 Jun 2024 13:12:45 +0200
-Subject: [PATCH] systemctl: do not try to acquire triggering units for
- template units
-
-(cherry picked from commit 09d6038d833468ba7c24c658597387ef699ca4fd)
-
-Resolves: RHEL-55132
----
- src/systemctl/systemctl-util.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c
-index 2482b7ccb2..08a3ebe128 100644
---- a/src/systemctl/systemctl-util.c
-+++ b/src/systemctl/systemctl-util.c
-@@ -327,14 +327,15 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske
- if (r < 0)
- return r;
-
-+ if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE))
-+ goto skip;
-+
- if (ignore_masked) {
- r = unit_is_masked(bus, name);
- if (r < 0)
- return r;
-- if (r > 0) {
-- *ret = NULL;
-- return 0;
-- }
-+ if (r > 0)
-+ goto skip;
- }
-
- dbus_path = unit_dbus_path_from_name(name);
-@@ -370,6 +371,10 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske
-
- *ret = TAKE_PTR(active);
- return 0;
-+
-+skip:
-+ *ret = NULL;
-+ return 0;
- }
-
- void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, bool ignore_masked) {
diff --git a/SOURCES/0081-core-unit-add-one-assertion-for-u-manager.patch b/SOURCES/0081-core-unit-add-one-assertion-for-u-manager.patch
deleted file mode 100644
index 9986235..0000000
--- a/SOURCES/0081-core-unit-add-one-assertion-for-u-manager.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From dee8164e2d136efb7bac04775c8bef255f659766 Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Sat, 22 Jun 2024 12:08:39 +0200
-Subject: [PATCH] core/unit: add one assertion for u->manager
-
-(cherry picked from commit 8b17371b6185c9829bb21a813aadb2225ccfc4de)
-
-Resolves: RHEL-55734
----
- src/core/unit.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/core/unit.c b/src/core/unit.c
-index a5556ba462..c668c45ee9 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -6103,6 +6103,7 @@ int unit_test_trigger_loaded(Unit *u) {
-
- void unit_destroy_runtime_data(Unit *u, const ExecContext *context) {
- assert(u);
-+ assert(u->manager);
- assert(context);
-
- /* EXEC_PRESERVE_RESTART is handled via unit_release_resources()! */
diff --git a/SOURCES/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch b/SOURCES/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch
deleted file mode 100644
index 1529c48..0000000
--- a/SOURCES/0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 45d326633b32f4dee739ca38a67347c828c1c136 Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Sat, 22 Jun 2024 12:03:50 +0200
-Subject: [PATCH] core/service: destroy runtime data when Type=oneshot services
- exit
-
-Currently, we have a bunch of Type=oneshot + RemainAfterExit=yes
-services that make use of credentials. When those exits, the cred mounts
-remain established, which is pointless and quite annoying. Let's
-instead destroy the runtime data on SERVICE_EXITED, if no process
-will be spawned for the unit again.
-
-(cherry picked from commit c26948c6dae1d2ca13499b36f193b13a0760834c)
-
-Resolves: RHEL-55734
----
- src/core/service.c | 37 ++++++++++++++++++++++++++-----------
- 1 file changed, 26 insertions(+), 11 deletions(-)
-
-diff --git a/src/core/service.c b/src/core/service.c
-index 6e81460ad0..60cc902745 100644
---- a/src/core/service.c
-+++ b/src/core/service.c
-@@ -1206,13 +1206,12 @@ static void service_search_main_pid(Service *s) {
- }
-
- static void service_set_state(Service *s, ServiceState state) {
-+ Unit *u = UNIT(ASSERT_PTR(s));
- ServiceState old_state;
- const UnitActiveState *table;
-
-- assert(s);
--
- if (s->state != state)
-- bus_unit_send_pending_change_signal(UNIT(s), false);
-+ bus_unit_send_pending_change_signal(u, false);
-
- table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
-
-@@ -1246,8 +1245,8 @@ static void service_set_state(Service *s, ServiceState state) {
- SERVICE_DEAD, SERVICE_FAILED,
- SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
- SERVICE_DEAD_RESOURCES_PINNED)) {
-- unit_unwatch_all_pids(UNIT(s));
-- unit_dequeue_rewatch_pids(UNIT(s));
-+ unit_unwatch_all_pids(u);
-+ unit_dequeue_rewatch_pids(u);
- }
-
- if (state != SERVICE_START)
-@@ -1256,15 +1255,31 @@ static void service_set_state(Service *s, ServiceState state) {
- if (!IN_SET(state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY))
- service_stop_watchdog(s);
-
-- /* For the inactive states unit_notify() will trim the cgroup,
-- * but for exit we have to do that ourselves... */
-- if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(UNIT(s)->manager))
-- unit_prune_cgroup(UNIT(s));
-+ if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(u->manager)) {
-+ /* For the inactive states unit_notify() will trim the cgroup. But for exit we have to
-+ * do that ourselves... */
-+ unit_prune_cgroup(u);
-+
-+ /* If none of ExecReload= and ExecStop*= is used, we can safely destroy runtime data
-+ * as soon as the service enters SERVICE_EXITED. This saves us from keeping the credential mount
-+ * for the whole duration of the oneshot service while no processes are actually running,
-+ * among other things. */
-+
-+ bool start_only = true;
-+ for (ServiceExecCommand c = SERVICE_EXEC_RELOAD; c < _SERVICE_EXEC_COMMAND_MAX; c++)
-+ if (s->exec_command[c]) {
-+ start_only = false;
-+ break;
-+ }
-+
-+ if (start_only)
-+ unit_destroy_runtime_data(u, &s->exec_context);
-+ }
-
- if (old_state != state)
-- log_unit_debug(UNIT(s), "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
-+ log_unit_debug(u, "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
-
-- unit_notify(UNIT(s), table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
-+ unit_notify(u, table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
- }
-
- static usec_t service_coldplug_timeout(Service *s) {
diff --git a/SOURCES/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch b/SOURCES/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch
deleted file mode 100644
index a0ad409..0000000
--- a/SOURCES/0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 05c29b1e58784c87ecb4ae7b56425af786e1cd05 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Tue, 30 Jul 2024 11:53:32 +0200
-Subject: [PATCH] cgroup-util: Ignore kernel threads in cg_kill_items()
-
-Similar to the implementation of cgroup.kill in the kernel, let's
-skip kernel threads in cg_kill_items() as trying to kill kernel
-threads as an unprivileged process will fail with EPERM and doesn't
-do anything when running privileged.
-
-(cherry picked from commit 0fbb569de1dcc06118dba006cf7a40caf6cd94d0)
-
-Resolves: RHEL-55746
----
- src/basic/cgroup-util.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 553ee6075a..1fc83a656a 100644
---- a/src/basic/cgroup-util.c
-+++ b/src/basic/cgroup-util.c
-@@ -369,6 +369,12 @@ static int cg_kill_items(
- if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
- continue;
-
-+ /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
-+ if (pidref_is_kernel_thread(&pidref) > 0) {
-+ log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
-+ continue;
-+ }
-+
- if (log_kill)
- ret_log_kill = log_kill(&pidref, sig, userdata);
-
diff --git a/SOURCES/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch b/SOURCES/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch
deleted file mode 100644
index f89482c..0000000
--- a/SOURCES/0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 418d2192e0e2bcdc7fe10f4f331231a2ad5a5c00 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Wed, 31 Jul 2024 13:38:50 +0200
-Subject: [PATCH] cgroup-util: Don't try to open pidfd for kernel threads
-
-The kernel might start returning -EINVAL when trying to open pidfd's
-for kernel threads so let's not try to open pidfd's for kernel threads.
-
-(cherry picked from commit ead48ec35c863650944352a3455f26ce3b393058)
-
-Resolves: RHEL-55746
----
- src/basic/cgroup-util.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 1fc83a656a..b0fe0ecbe8 100644
---- a/src/basic/cgroup-util.c
-+++ b/src/basic/cgroup-util.c
-@@ -149,7 +149,9 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) {
- if (pid == 0)
- return -EREMOTE;
-
-- if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) {
-+ /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so
-+ * catch those and don't try to create a pidfd for them. */
-+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) {
- *ret = PIDREF_MAKE_FROM_PID(pid);
- return 1;
- }
diff --git a/SOURCES/0085-cgroup-util-fix-typo.patch b/SOURCES/0085-cgroup-util-fix-typo.patch
deleted file mode 100644
index e98aa10..0000000
--- a/SOURCES/0085-cgroup-util-fix-typo.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From d41b2bdf876e0d46486c1800d5ee12a6f641a9d4 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 3 Aug 2024 05:48:51 +0900
-Subject: [PATCH] cgroup-util: fix typo
-
-Follow-up for 0fbb569de1dcc06118dba006cf7a40caf6cd94d0.
-
-(cherry picked from commit ec4964692ae0e080c596610adee2ddb83008c839)
-
-Resolves: RHEL-55746
----
- src/basic/cgroup-util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index b0fe0ecbe8..2c64a54906 100644
---- a/src/basic/cgroup-util.c
-+++ b/src/basic/cgroup-util.c
-@@ -371,7 +371,7 @@ static int cg_kill_items(
- if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
- continue;
-
-- /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
-+ /* Ignore kernel threads to mimic the behavior of cgroup.kill. */
- if (pidref_is_kernel_thread(&pidref) > 0) {
- log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
- continue;
diff --git a/SOURCES/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch b/SOURCES/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
deleted file mode 100644
index 2fa6969..0000000
--- a/SOURCES/0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 8da695b27c2620e6410e0b1a4d8dda4747d89b5f Mon Sep 17 00:00:00 2001
-From: Lukas Nykryn <lnykryn@redhat.com>
-Date: Thu, 22 Aug 2024 13:47:56 +0200
-Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN
-
-It seems that virtio devices always have "0" in
-the firmware_node/sun. And because of that, udev will
-always name the device ens0, which leads to collisions.
-So let's disable it for now.
-
-rhel-only: policy
-Resolves: RHEL-55728
----
- man/systemd.net-naming-scheme.xml | 2 +-
- src/shared/netif-naming-scheme.h | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index 610a05485b..8be24e4243 100644
---- a/man/systemd.net-naming-scheme.xml
-+++ b/man/systemd.net-naming-scheme.xml
-@@ -528,7 +528,7 @@
- <varlistentry>
- <term><constant>rhel-10.0-beta</constant></term>
-
-- <listitem><para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
-+ <listitem><para>Same as naming scheme <constant>v255</constant>.</para>
-
- <xi:include href="version-info.xml" xpointer="rhel-10.0.beta"/>
- </listitem>
-diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
-index 2e2023ba5b..fb733ba768 100644
---- a/src/shared/netif-naming-scheme.h
-+++ b/src/shared/netif-naming-scheme.h
-@@ -83,7 +83,7 @@ typedef enum NamingSchemeFlags {
- NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
- NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
-
-- NAMING_RHEL_10_0_BETA = NAMING_V255 | NAMING_FIRMWARE_NODE_SUN,
-+ NAMING_RHEL_10_0_BETA = NAMING_V255,
-
- EXTRA_NET_NAMING_SCHEMES
-
diff --git a/SOURCES/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch b/SOURCES/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
deleted file mode 100644
index 8096f5d..0000000
--- a/SOURCES/0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 6a8e030c0a8481e42ee60a52e7a91f736537f5e3 Mon Sep 17 00:00:00 2001
-From: Lukas Nykryn <lnykryn@redhat.com>
-Date: Thu, 22 Aug 2024 14:31:54 +0200
-Subject: [PATCH] net-naming-scheme: remove NAMING_FIRMWARE_NODE_SUN from 9.5
-
-rhel-only: policy
-Resolves: RHEL-55728
----
- man/systemd.net-naming-scheme.xml | 2 --
- src/shared/netif-naming-scheme.h | 2 +-
- 2 files changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
-index 8be24e4243..246c6509e3 100644
---- a/man/systemd.net-naming-scheme.xml
-+++ b/man/systemd.net-naming-scheme.xml
-@@ -604,8 +604,6 @@
- children of the same PCI bridge, e.g. there are multiple PCI bridges in the same slot.
- </para>
-
-- <para>PCI slot number is now read from <constant>firmware_node/sun</constant> sysfs file.</para>
--
- <xi:include href="version-info.xml" xpointer="rhel-9.5"/>
- </listitem>
- </varlistentry>
-diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
-index fb733ba768..b2b2ee648f 100644
---- a/src/shared/netif-naming-scheme.h
-+++ b/src/shared/netif-naming-scheme.h
-@@ -81,7 +81,7 @@ typedef enum NamingSchemeFlags {
- NAMING_RHEL_9_2 = NAMING_RHEL_9_0,
- NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
- NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
-- NAMING_RHEL_9_5 = (NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT) | NAMING_FIRMWARE_NODE_SUN,
-+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
-
- NAMING_RHEL_10_0_BETA = NAMING_V255,
-
diff --git a/SOURCES/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch b/SOURCES/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch
deleted file mode 100644
index 2b96897..0000000
--- a/SOURCES/0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 38623336fb84eb0df1f72ef8d472a36bb5d60822 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Wed, 21 Aug 2024 11:25:46 +0200
-Subject: [PATCH] Revert "cgroup-util: Don't try to open pidfd for kernel
- threads"
-
-The kernel patch was reverted so let's try again to open pidfds
-for kernel threads.
-
-This reverts commit ead48ec35c863650944352a3455f26ce3b393058.
-
-(cherry picked from commit 1ce69e06615e69692a6d02d447acfd77f5d44631)
-
-Related: RHEL-52634
----
- src/basic/cgroup-util.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 2c64a54906..a6ad711ac0 100644
---- a/src/basic/cgroup-util.c
-+++ b/src/basic/cgroup-util.c
-@@ -149,9 +149,7 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) {
- if (pid == 0)
- return -EREMOTE;
-
-- /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so
-- * catch those and don't try to create a pidfd for them. */
-- if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) {
-+ if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) {
- *ret = PIDREF_MAKE_FROM_PID(pid);
- return 1;
- }
diff --git a/SOURCES/0090-ukify-Skip-test-on-architectures-without-UEFI.patch b/SOURCES/0090-ukify-Skip-test-on-architectures-without-UEFI.patch
deleted file mode 100644
index e502a96..0000000
--- a/SOURCES/0090-ukify-Skip-test-on-architectures-without-UEFI.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 65dbacdb67ae94f7481a413dfea651b2d8a74d13 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Wed, 28 Aug 2024 14:08:30 +0200
-Subject: [PATCH] ukify: Skip test on architectures without UEFI
-
-(cherry picked from commit 5121f7c45b37afca53c89f42123b1dd6a04fa80f)
-
-Related: RHEL-52634
----
- src/ukify/test/test_ukify.py | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py
-index 0e3f932890..15d1578695 100755
---- a/src/ukify/test/test_ukify.py
-+++ b/src/ukify/test/test_ukify.py
-@@ -35,6 +35,13 @@ except ImportError as e:
- sys.path.append(os.path.dirname(__file__) + '/..')
- import ukify
-
-+# Skip if we're running on an architecture that does not use UEFI.
-+try:
-+ ukify.guess_efi_arch()
-+except ValueError as e:
-+ print(str(e), file=sys.stderr)
-+ sys.exit(77)
-+
- build_root = os.getenv('PROJECT_BUILD_ROOT')
- try:
- slow_tests = bool(int(os.getenv('SYSTEMD_SLOW_TESTS', '1')))
diff --git a/SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch b/SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch
deleted file mode 100644
index 10eeca5..0000000
--- a/SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From d6ed92f6f6bffbf98700002eeed231af3336b40e Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 5 Sep 2024 12:36:01 +0200
-Subject: [PATCH] ci: rename beta branch to match dist-git name
-
-rhel-only: ci
-
-Related: RHEL-57603
----
- .github/tracker-validator.yml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
-index 2e858606ff..1226b8a92a 100644
---- a/.github/tracker-validator.yml
-+++ b/.github/tracker-validator.yml
-@@ -6,7 +6,7 @@ labels:
- products:
- - Red Hat Enterprise Linux 10
- - CentOS Stream 10
-- - rhel-10.0.beta
-+ - rhel-10.0-beta
- - rhel-10.0
- - rhel-10.0.z
- - rhel-10.1
diff --git a/SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch b/SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch
deleted file mode 100644
index 3fa0ed7..0000000
--- a/SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From ab07d071227dd878a7376296ab4baaca4522e4fb Mon Sep 17 00:00:00 2001
-From: Chengen Du <chengen.du@canonical.com>
-Date: Mon, 12 Aug 2024 11:41:52 +0800
-Subject: [PATCH] udev: Handle PTP device symlink properly on udev action
- 'change'
-
-PTP device symlink creation rules are currently executed only when the
-udev action is 'add'. If a user reloads the rules and runs the udevadm
-trigger command to reapply changes, the symlink may be deleted, which
-can prevent the chronyd service from restarting properly.
-
-Signed-off-by: Chengen Du <chengen.du@canonical.com>
-(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b)
-
-Resolves: RHEL-59871
----
- rules.d/50-udev-default.rules.in | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
-index 9b00c7037e..6f80feeecf 100644
---- a/rules.d/50-udev-default.rules.in
-+++ b/rules.d/50-udev-default.rules.in
-@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id"
-
- SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
-
-+SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
-+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
-+
- ACTION!="add", GOTO="default_end"
-
- SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
-@@ -116,7 +119,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node
-
- KERNEL=="udmabuf", GROUP="kvm"
-
--SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
--SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
--
- LABEL="default_end"
diff --git a/SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch b/SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch
deleted file mode 100644
index a4616df..0000000
--- a/SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From 1fbfcb7d98c95e80e9332770b78613a803c15c20 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Jul 2024 10:51:21 +0100
-Subject: [PATCH] Fix detection of TDX confidential VM on Azure platform
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The original CVM detection logic for TDX assumes that the guest can see
-the standard TDX CPUID leaf. This was true in Azure when this code was
-originally written, however, current Azure now blocks that leaf in the
-paravisor. Instead it is required to use the same Azure specific CPUID
-leaf that is used for SEV-SNP detection, which reports the VM isolation
-type.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd)
-
-Related: RHEL-56144
----
- src/basic/confidential-virt.c | 11 ++++++++---
- src/boot/efi/vmm.c | 9 ++++++---
- src/fundamental/confidential-virt-fundamental.h | 1 +
- 3 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
-index b6521cf5bf..8a88a3eb83 100644
---- a/src/basic/confidential-virt.c
-+++ b/src/basic/confidential-virt.c
-@@ -76,7 +76,7 @@ static uint64_t msr(uint64_t index) {
- return ret;
- }
-
--static bool detect_hyperv_sev(void) {
-+static bool detect_hyperv_cvm(uint32_t isoltype) {
- uint32_t eax, ebx, ecx, edx, feat;
- char sig[13] = {};
-
-@@ -100,7 +100,7 @@ static bool detect_hyperv_sev(void) {
- ebx = ecx = edx = 0;
- cpuid(&eax, &ebx, &ecx, &edx);
-
-- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
-+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
- return true;
- }
-
-@@ -133,7 +133,7 @@ static ConfidentialVirtualization detect_sev(void) {
- if (!(eax & EAX_SEV)) {
- log_debug("No sev in CPUID, trying hyperv CPUID");
-
-- if (detect_hyperv_sev())
-+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP))
- return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP;
-
- log_debug("No hyperv CPUID");
-@@ -171,6 +171,11 @@ static ConfidentialVirtualization detect_tdx(void) {
- if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
- return CONFIDENTIAL_VIRTUALIZATION_TDX;
-
-+ log_debug("No tdx in CPUID, trying hyperv CPUID");
-+
-+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
-+ return CONFIDENTIAL_VIRTUALIZATION_TDX;
-+
- return CONFIDENTIAL_VIRTUALIZATION_NONE;
- }
-
-diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c
-index 60e216d54c..3459461390 100644
---- a/src/boot/efi/vmm.c
-+++ b/src/boot/efi/vmm.c
-@@ -337,7 +337,7 @@ static uint64_t msr(uint32_t index) {
- return val;
- }
-
--static bool detect_hyperv_sev(void) {
-+static bool detect_hyperv_cvm(uint32_t isoltype) {
- uint32_t eax, ebx, ecx, edx, feat;
- char sig[13] = {};
-
-@@ -354,7 +354,7 @@ static bool detect_hyperv_sev(void) {
- if (ebx & CPUID_HYPERV_ISOLATION && !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) {
- __cpuid(CPUID_HYPERV_ISOLATION_CONFIG, eax, ebx, ecx, edx);
-
-- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
-+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
- return true;
- }
-
-@@ -379,7 +379,7 @@ static bool detect_sev(void) {
- * specific CPUID checks.
- */
- if (!(eax & EAX_SEV))
-- return detect_hyperv_sev();
-+ return detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP);
-
- msrval = msr(MSR_AMD64_SEV);
-
-@@ -403,6 +403,9 @@ static bool detect_tdx(void) {
- if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
- return true;
-
-+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
-+ return true;
-+
- return false;
- }
- #endif /* ! __i386__ && ! __x86_64__ */
-diff --git a/src/fundamental/confidential-virt-fundamental.h b/src/fundamental/confidential-virt-fundamental.h
-index 986923e1c2..618b5800ea 100644
---- a/src/fundamental/confidential-virt-fundamental.h
-+++ b/src/fundamental/confidential-virt-fundamental.h
-@@ -65,6 +65,7 @@
-
- #define CPUID_HYPERV_ISOLATION_TYPE_MASK UINT32_C(0xf)
- #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
-+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
-
- #define EAX_SEV (UINT32_C(1) << 1)
- #define MSR_SEV (UINT64_C(1) << 0)
diff --git a/SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch b/SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch
deleted file mode 100644
index 7dafb36..0000000
--- a/SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From d697ad145aa564aff3ac5cb9b6a63667ce2b391c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Fri, 2 Aug 2024 16:26:00 +0100
-Subject: [PATCH] confidential-virt: split caching of CVM detection into
- separate method
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We have different impls of detect_confidential_virtualization per
-architecture. The detection is cached in the x86_64 impl, and as we
-add support for more targets, we want to use caching for all. It thus
-makes sense to split caching out into an architecture independent
-method.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a)
-
-Related: RHEL-56144
----
- src/basic/confidential-virt.c | 25 ++++++++++++++-----------
- 1 file changed, 14 insertions(+), 11 deletions(-)
-
-diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
-index 8a88a3eb83..0e05ecffbf 100644
---- a/src/basic/confidential-virt.c
-+++ b/src/basic/confidential-virt.c
-@@ -194,34 +194,37 @@ static bool detect_hypervisor(void) {
- return is_hv;
- }
-
--ConfidentialVirtualization detect_confidential_virtualization(void) {
-- static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
-+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
- char sig[13] = {};
-- ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE;
--
-- if (cached_found >= 0)
-- return cached_found;
-
- /* Skip everything on bare metal */
- if (detect_hypervisor()) {
- cpuid_leaf(0, sig, true);
-
- if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0)
-- cv = detect_sev();
-+ return detect_sev();
- else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0)
-- cv = detect_tdx();
-+ return detect_tdx();
- }
-
-- cached_found = cv;
-- return cv;
-+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
- }
- #else /* ! x86_64 */
--ConfidentialVirtualization detect_confidential_virtualization(void) {
-+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
- log_debug("No confidential virtualization detection on this architecture");
- return CONFIDENTIAL_VIRTUALIZATION_NONE;
- }
- #endif /* ! x86_64 */
-
-+ConfidentialVirtualization detect_confidential_virtualization(void) {
-+ static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
-+
-+ if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID)
-+ cached_found = detect_confidential_virtualization_impl();
-+
-+ return cached_found;
-+}
-+
- static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
diff --git a/SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch b/SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch
deleted file mode 100644
index bd6a577..0000000
--- a/SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Fri, 2 Aug 2024 11:03:10 +0100
-Subject: [PATCH] confidential-virt: add detection for s390x target
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The s390x platform provides confidential VMs using the "Secure Execution"
-technology, which is also referred to as "Protected Virtualization" or
-just "prot virt" in Linux / QEMU.
-
-This can be detected through a simple sysfs attribute.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
-
-Resolves: RHEL-56144
----
- src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++-----
- src/basic/confidential-virt.h | 1 +
- 2 files changed, 26 insertions(+), 5 deletions(-)
-
-diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
-index 0e05ecffbf..c246636c7c 100644
---- a/src/basic/confidential-virt.c
-+++ b/src/basic/confidential-virt.c
-@@ -11,6 +11,7 @@
- #include "confidential-virt-fundamental.h"
- #include "confidential-virt.h"
- #include "fd-util.h"
-+#include "fileio.h"
- #include "missing_threads.h"
- #include "string-table.h"
- #include "utf8.h"
-@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
-
- return CONFIDENTIAL_VIRTUALIZATION_NONE;
- }
-+#elif defined(__s390x__)
-+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
-+ _cleanup_free_ char *s = NULL;
-+ size_t readsize;
-+ int r;
-+
-+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
-+ if (r < 0) {
-+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
-+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
-+ }
-+
-+ if (readsize >= 1 && s[0] == '1')
-+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
-+
-+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
-+}
-+
- #else /* ! x86_64 */
- static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
- log_debug("No confidential virtualization detection on this architecture");
-@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
- }
-
- static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
-- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
-- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
-- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
-- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
-- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
-+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
-+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
-+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
-+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
-+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
-+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
- };
-
- DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
-diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
-index c02f3b2321..f92e3e883d 100644
---- a/src/basic/confidential-virt.h
-+++ b/src/basic/confidential-virt.h
-@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
- CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
- CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
- CONFIDENTIAL_VIRTUALIZATION_TDX,
-+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
-
- _CONFIDENTIAL_VIRTUALIZATION_MAX,
- _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
diff --git a/SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch b/SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch
deleted file mode 100644
index 06fdc49..0000000
--- a/SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 776706c0b675a52ea83d1790e3598253592dd6a6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Fri, 2 Aug 2024 13:07:13 +0100
-Subject: [PATCH] man/systemd-detect-virt: fix row spanning for VM header
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes
-
- commit 9b0688f491674b53ef7a52bdf561a430c53673d6
- Author: Yu Watanabe <watanabe.yu+github@gmail.com>
- Date: Tue Jan 9 10:52:49 2024 +0900
-
- virt: add Google Compute Engine support
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e)
-
-Related: RHEL-56144
----
- man/systemd-detect-virt.xml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
-index 2239294145..6b49e3a519 100644
---- a/man/systemd-detect-virt.xml
-+++ b/man/systemd-detect-virt.xml
-@@ -62,7 +62,7 @@
- </thead>
- <tbody>
- <row>
-- <entry valign="top" morerows="16">VM</entry>
-+ <entry valign="top" morerows="17">VM</entry>
- <entry><varname>qemu</varname></entry>
- <entry>QEMU software virtualization, without KVM</entry>
- </row>
diff --git a/SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch b/SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch
deleted file mode 100644
index 092c06e..0000000
--- a/SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 390217689905f0e12f080ddf8bd4fdefefcd38df Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Fri, 2 Aug 2024 13:17:56 +0100
-Subject: [PATCH] man/systemd-detect-virt: list known CVM technologies
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Add a section which lists the known confidential virtual machine
-technologies.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893)
-
-Related: RHEL-56144
----
- man/systemd-detect-virt.xml | 44 +++++++++++++++++++++++++++++++++++++
- 1 file changed, 44 insertions(+)
-
-diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
-index 6b49e3a519..a4fcdfbc9d 100644
---- a/man/systemd-detect-virt.xml
-+++ b/man/systemd-detect-virt.xml
-@@ -217,6 +217,50 @@
- WSL is categorized as a container for practical purposes.
- Multiple WSL environments share the same kernel and services
- should generally behave like when being run in a container.</para>
-+
-+ <para>When executed with <option>--cvm</option>, instead of
-+ printing the virtualization technology, it will display the
-+ confidential virtual machine technology, if any. The
-+ following technologies are currently identified:</para>
-+
-+ <table>
-+ <title>Known confidential virtualization technologies</title>
-+ <tgroup cols='2' align='left' colsep='1' rowsep='1'>
-+ <colspec colname="id" />
-+ <colspec colname="product" />
-+ <thead>
-+ <row>
-+ <entry>Arch</entry>
-+ <entry>ID</entry>
-+ <entry>Technology</entry>
-+ </row>
-+ </thead>
-+ <tbody>
-+ <row>
-+ <entry valign="top" morerows="3">x86_64</entry>
-+ <entry><varname>sev</varname></entry>
-+ <entry>AMD Secure Encrypted Virtualization</entry>
-+ </row>
-+ <row>
-+ <entry><varname>sev-es</varname></entry>
-+ <entry>AMD Secure Encrypted Virtualization - Encrypted State</entry>
-+ </row>
-+ <row>
-+ <entry><varname>sev-snp</varname></entry>
-+ <entry>AMD Secure Encrypted Virtualization - Secure Nested Paging</entry>
-+ </row>
-+ <row>
-+ <entry><varname>tdx</varname></entry>
-+ <entry>Intel Trust Domain Extensions</entry>
-+ </row>
-+ <row>
-+ <entry>s390x</entry>
-+ <entry><varname>protvirt</varname></entry>
-+ <entry>IBM Protected Virtualization (Secure Execution)</entry>
-+ </row>
-+ </tbody>
-+ </tgroup>
-+ </table>
- </refsect1>
-
- <refsect1>
diff --git a/SOURCES/0098-socket-fix-socket-activation-of-stopped-services-wit.patch b/SOURCES/0098-socket-fix-socket-activation-of-stopped-services-wit.patch
deleted file mode 100644
index ddc86c5..0000000
--- a/SOURCES/0098-socket-fix-socket-activation-of-stopped-services-wit.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From e20fddc3c5769ad1babb24392500264de6db59b6 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Tue, 30 Jul 2024 16:22:03 +0200
-Subject: [PATCH] socket: fix socket activation of stopped services with pinned
- FD store
-
-(cherry picked from commit 941a12dcba57f6673230a9c413738c51374d2998)
-
-Resolves: RHEL-60896
----
- src/core/socket.c | 4 ++--
- .../units/TEST-04-JOURNAL.stopped-socket-activation.sh | 10 ++++++++++
- 2 files changed, 12 insertions(+), 2 deletions(-)
- create mode 100755 test/units/TEST-04-JOURNAL.stopped-socket-activation.sh
-
-diff --git a/src/core/socket.c b/src/core/socket.c
-index 41147d4bf7..0694fe7aad 100644
---- a/src/core/socket.c
-+++ b/src/core/socket.c
-@@ -2481,7 +2481,7 @@ static int socket_start(Unit *u) {
- /* If the service is already active we cannot start the
- * socket */
- if (!IN_SET(service->state,
-- SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
-+ SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
- SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED))
- return log_unit_error_errno(u, SYNTHETIC_ERRNO(EBUSY),
- "Socket service %s already active, refusing.", UNIT(service)->id);
-@@ -3369,7 +3369,7 @@ static void socket_trigger_notify(Unit *u, Unit *other) {
- return;
-
- if (IN_SET(SERVICE(other)->state,
-- SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
-+ SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
- SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
- SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED))
- socket_enter_listening(s);
-diff --git a/test/units/TEST-04-JOURNAL.stopped-socket-activation.sh b/test/units/TEST-04-JOURNAL.stopped-socket-activation.sh
-new file mode 100755
-index 0000000000..083f5fa055
---- /dev/null
-+++ b/test/units/TEST-04-JOURNAL.stopped-socket-activation.sh
-@@ -0,0 +1,10 @@
-+#!/usr/bin/env bash
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+set -eux
-+set -o pipefail
-+
-+systemctl stop systemd-journald.service
-+systemd-cat date
-+
-+# shellcheck disable=SC2016
-+timeout 30 bash -xec 'until test "$(systemctl show -p SubState --value systemd-journald.service)" = "running"; do sleep 1; done'
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index bb57491..8e3cfee 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -47,8 +47,8 @@ Name: systemd
Url: https://systemd.io
# Allow users to specify the version and release when building the rpm by
# setting the %%version_override and %%release_override macros.
-Version: %{?version_override}%{!?version_override:256}
-Release: 18%{?dist}
+Version: %{?version_override}%{!?version_override:257}
+Release: 1%{?dist}
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@@ -109,104 +109,39 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# applying upstream pull requests.
# RHEL-specific
-Patch0001: 0001-Create-CNAME.patch
-Patch0002: 0002-man-systemd-reorder-content-a-bit.patch
-Patch0003: 0003-hostnamed-don-t-allow-hostnamed-to-exit-on-idle-if-v.patch
-Patch0004: 0004-sd-dhcp-server-clear-buffer-before-receive.patch
-Patch0005: 0005-rules-Limit-the-number-of-device-units-generated-for.patch
-Patch0006: 0006-strbuf-use-GREEDY_REALLOC-to-grow-the-buffer.patch
-Patch0007: 0007-tpm2-setup-Don-t-fail-if-we-can-t-access-the-TPM-due.patch
-Patch0008: 0008-resolved-permit-dnssec-rrtype-questions-when-we-aren.patch
-Patch0009: 0009-repart-Use-crypt_reencrypt_run-if-available.patch
-Patch0010: 0010-test-dump-a-simple-summary-at-the-end-of-TEST-02-UNI.patch
-Patch0011: 0011-repart-Use-CRYPT_ACTIVATE_PRIVATE.patch
-Patch0012: 0012-NEWS-note-that-new-stable-releases-will-be-in-the-ma.patch
-Patch0013: 0013-shell-completion-only-offer-devices-for-completion.patch
-Patch0014: 0014-CODING_STYLE-document-reterr_-return-parameters.patch
-Patch0015: 0015-analyze-show-pcrs-also-in-sha384-bank.patch
-Patch0016: 0016-fundamental-declare-flex-array-updated-for-gcc15-and.patch
-Patch0017: 0017-man-add-a-bit-of-a-warning-to-systemd-tmpfiles-purge.patch
-Patch0018: 0018-man-units-drop-temporary-from-description-of-systemd.patch
-Patch0019: 0019-mkosi-enable-unprivileged-user-ns-for-integration-te.patch
-Patch0020: 0020-mkosi-use-ports.ubuntu.com-for-non-x86-backports.patch
-Patch0021: 0021-mkosi-install-EFI-packages-only-on-EFI-architectures.patch
-Patch0022: 0022-test-check-the-skip-condition-before-installing-addi.patch
-Patch0023: 0023-test-drop-unneeded-firmware-uefi-setting.patch
-Patch0024: 0024-test-drop-obsolete-comment.patch
-Patch0025: 0025-test-support-TEST_NO_KVM.patch
-Patch0026: 0026-test-support-TEST_NO_QEMU-in-mkosi-integration-wrapp.patch
-Patch0027: 0027-test-use-auto-instead-of-uefi-for-automated-fallback.patch
-Patch0028: 0028-core-service-fix-accept-socket-deserialization.patch
-Patch0029: 0029-test-network-mention-that-the-captive-portal-option-.patch
-Patch0030: 0030-CI-disable-secure-boot-in-mkosi-GHA-runs.patch
-Patch0031: 0031-mkosi-bump-to-latest.patch
-Patch0032: 0032-NEWS-fix-typo.patch
-Patch0033: 0033-install-allow-removing-symlinks-even-for-units-that-.patch
-Patch0034: 0034-tmpfiles-honour-dry-run-when-removing-directories.patch
-Patch0035: 0035-tmpfiles-insist-on-at-least-one-configuration-file-b.patch
-Patch0036: 0036-tmpfiles-move-purge-to-command-section-in-help-text-.patch
-Patch0037: 0037-mkosi-restrict-noble-backports-to-noble-builds.patch
-Patch0038: 0038-repart-fix-memory-leak.patch
-Patch0039: 0039-logs-show-do-not-use-_SOURCE_MONOTONIC_TIMESTAMP-fie.patch
-Patch0040: 0040-ci-update-workflows-to-run-on-source-git-setup.patch
-Patch0041: 0041-ci-setup-source-git-automation.patch
-Patch0042: 0042-ci-deploy-systemd-man-to-GitHub-Pages.patch
-Patch0043: 0043-ci-reconfigure-Packit-for-RHEL-10.patch
-Patch0044: 0044-ci-allow-to-pass-parameters-together-with-rhel-only-.patch
-Patch0045: 0045-journal-again-create-user-journals-for-users-with-hi.patch
-Patch0046: 0046-tmpfiles-make-purge-hard-to-mis-use.patch
-Patch0047: 0047-fedora-use-system-auth-in-pam-systemd-user.patch
-Patch0048: 0048-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
-Patch0049: 0049-rules-copy-40-redhat.rules-from-RHEL-9.patch
-Patch0050: 0050-logind-set-RemoveIPC-to-false-by-default.patch
-Patch0051: 0051-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
-Patch0052: 0052-rc-local-order-after-network-online.target.patch
-Patch0053: 0053-random-util-increase-random-seed-size-to-1024.patch
-Patch0054: 0054-journal-don-t-enable-systemd-journald-audit.socket-b.patch
-Patch0055: 0055-journald.conf-don-t-touch-current-audit-settings.patch
-Patch0056: 0056-rules-add-elevator-kernel-command-line-parameter.patch
-Patch0057: 0057-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
-Patch0058: 0058-udev-net-setup-link-change-the-default-MACAddressPol.patch
-Patch0059: 0059-core-decrease-log-level-of-messages-about-use-of-Kil.patch
-Patch0060: 0060-meson-rename-libbasic-to-libbasic_static.patch
-Patch0061: 0061-meson-build-libsystemd-core-via-an-intermediate-stat.patch
-Patch0062: 0062-meson-add-option-to-build-systemd-executor-staticall.patch
-Patch0063: 0063-taint-remove-unmerged-bin.patch
-Patch0064: 0064-presets-remove-resolved.patch
-Patch0065: 0065-doc-add-downstream-CONTRIBUTING-document.patch
-Patch0066: 0066-ci-allow-policy-as-rhel-only-keyword.patch
-Patch0067: 0067-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
-Patch0068: 0068-taint-remove-unused-variable-usr_sbin.patch
-Patch0069: 0069-packit-drop-the-libarchive-workaround.patch
-Patch0070: 0070-packit-drop-the-dependency-on-python3-zstd.patch
-Patch0071: 0071-coredump-by-default-process-and-store-core-files-up-.patch
-Patch0072: 0072-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
-Patch0073: 0073-unit-don-t-add-Requires-for-tmp.mount.patch
-Patch0074: 0074-units-add-Install-section-to-tmp.mount.patch
-Patch0075: 0075-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
-Patch0076: 0076-netif-naming-scheme-add-rhel-9.5-scheme.patch
-Patch0077: 0077-udev-builtin-net_id-use-firmware_node-sun-for-ID_NET.patch
-Patch0078: 0078-man-net-naming-scheme-add-missing-period.patch
-Patch0079: 0079-Revert-packit-drop-the-dependency-on-python3-zstd.patch
-Patch0080: 0080-systemctl-do-not-try-to-acquire-triggering-units-for.patch
-Patch0081: 0081-core-unit-add-one-assertion-for-u-manager.patch
-Patch0082: 0082-core-service-destroy-runtime-data-when-Type-oneshot-.patch
-Patch0083: 0083-cgroup-util-Ignore-kernel-threads-in-cg_kill_items.patch
-Patch0084: 0084-cgroup-util-Don-t-try-to-open-pidfd-for-kernel-threa.patch
-Patch0085: 0085-cgroup-util-fix-typo.patch
-Patch0086: 0086-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
-Patch0087: 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
-Patch0088: 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch
-Patch0089: 0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch
-Patch0090: 0090-ukify-Skip-test-on-architectures-without-UEFI.patch
-Patch0091: 0091-ci-rename-beta-branch-to-match-dist-git-name.patch
-Patch0092: 0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch
-Patch0093: 0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch
-Patch0094: 0094-confidential-virt-split-caching-of-CVM-detection-int.patch
-Patch0095: 0095-confidential-virt-add-detection-for-s390x-target.patch
-Patch0096: 0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch
-Patch0097: 0097-man-systemd-detect-virt-list-known-CVM-technologies.patch
-Patch0098: 0098-socket-fix-socket-activation-of-stopped-services-wit.patch
+Patch0001: 0001-ci-update-workflows-to-run-on-source-git-setup.patch
+Patch0002: 0002-ci-setup-source-git-automation.patch
+Patch0003: 0003-ci-reconfigure-Packit-for-RHEL-10.patch
+Patch0004: 0004-journal-again-create-user-journals-for-users-with-hi.patch
+Patch0005: 0005-tmpfiles-make-purge-hard-to-mis-use.patch
+Patch0006: 0006-fedora-use-system-auth-in-pam-systemd-user.patch
+Patch0007: 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
+Patch0008: 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
+Patch0009: 0009-logind-set-RemoveIPC-to-false-by-default.patch
+Patch0010: 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
+Patch0011: 0011-rc-local-order-after-network-online.target.patch
+Patch0012: 0012-random-util-increase-random-seed-size-to-1024.patch
+Patch0013: 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
+Patch0014: 0014-journald.conf-don-t-touch-current-audit-settings.patch
+Patch0015: 0015-rules-add-elevator-kernel-command-line-parameter.patch
+Patch0016: 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+Patch0017: 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
+Patch0018: 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
+Patch0019: 0019-taint-remove-unmerged-bin.patch
+Patch0020: 0020-presets-remove-resolved.patch
+Patch0021: 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
+Patch0022: 0022-taint-remove-unused-variable-usr_sbin.patch
+Patch0023: 0023-packit-drop-the-libarchive-workaround.patch
+Patch0024: 0024-coredump-by-default-process-and-store-core-files-up-.patch
+Patch0025: 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+Patch0026: 0026-unit-don-t-add-Requires-for-tmp.mount.patch
+Patch0027: 0027-units-add-Install-section-to-tmp.mount.patch
+Patch0028: 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+Patch0029: 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
+Patch0030: 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
+Patch0031: 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
+Patch0032: 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
+Patch0033: 0033-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
# Downstream-only patches (9000–9999)
@@ -930,14 +865,6 @@ mv -v %{buildroot}/usr/sbin/* %{buildroot}%{_bindir}/
rm %{buildroot}/usr/lib/sysusers.d/basic.conf
%endif
-# We don't want to ship systemd-ssh-generator and it is not possible to disable it via meson_options.txt
-# OpenScanHub doesn't build man pages, so let's not fail when they are not present
-rm %{buildroot}%{_prefix}/lib/systemd/system-generators/systemd-ssh-generator
-rm %{buildroot}%{_prefix}/lib/systemd/system/ssh-access.target
-rm %{buildroot}%{_prefix}/lib/systemd/systemd-ssh-proxy
-rm %{buildroot}%{_mandir}/man1/systemd-ssh-proxy.1 || :
-rm %{buildroot}%{_mandir}/man8/systemd-ssh-generator.8 || :
-
%find_lang %{name}
# Split files in build root into rpms
@@ -1145,6 +1072,10 @@ rm -f .file-list-*
rm -f %{name}.lang
%changelog
+* Tue Dec 17 2024 Jan Macku <jamacku@redhat.com> - 257-1
+- Rebase to new upstream release v257 (RHEL-71409)
+- netif-naming-scheme: introduce rhel-10.0 scheme (RHEL-44417)
+
* Tue Nov 19 2024 systemd maintenance team <systemd-maint@redhat.com> - 256-18
- add %%pre sysuser scriptlet for resolved subpackage (RHEL-50564)
--
GitLab