From d132ee972e23cee34d1a3c631f599229b64ac13a Mon Sep 17 00:00:00 2001
From: importbot <releng@rockylinux.org>
Date: Wed, 8 Jan 2025 17:44:47 +0000
Subject: [PATCH] import systemd-257-3.el10
---
.systemd.metadata | 2 +-
SOURCES/0001-Create-CNAME.patch | 18 ++
...nk-drop-unexported-functions-from-pu.patch | 56 ++++
...03-ci-reconfigure-Packit-for-RHEL-10.patch | 61 ----
...-test-modernize-generate-sym-test.py.patch | 195 +++++++++++++
...te-list-of-symbols-from-header-files.patch | 142 ++++++++++
...tenroll-sort-fido2-credential-algori.patch | 65 +++++
SOURCES/0006-analyze-tab-fix.patch | 23 ++
...add-missing-mask-option-to-help-text.patch | 24 ++
...set-nsec3-salt-length-8-in-knot.conf.patch | 29 ++
...CAP_LINUX_IMMUTABLE-is-not-available.patch | 44 +++
...p-test-when-lacking-privileges-to-cr.patch | 38 +++
...pare-FDs-to-bin-sh-instead-of-dev-nu.patch | 36 +++
...ils-package-instead-of-hostname-for-.patch | 66 +++++
...rivileged-is-not-for-reading-propert.patch | 55 ++++
...t-bail-if-SHELL_-variables-are-unset.patch | 56 ++++
...g-VLAN-ranges-in-man-systemd.network.patch | 25 ++
...t-fs-Migrate-to-new-assertion-macros.patch | 61 ++++
...example-in-systemd-measure.xml-35506.patch | 27 ++
...018-systemd-cryptenroll.xml-fix-typo.patch | 23 ++
SOURCES/0019-semaphore-skip-some-tests.patch | 28 ++
...0-shell-completion-add-systemd-creds.patch | 215 +++++++++++++++
...ding-verity-settings-for-MountImages.patch | 64 +++++
...e-coverage-for-extensions-and-verity.patch | 48 ++++
.../0023-README-drop-CentOS-CI-badges.patch | 26 ++
.../0024-meson.version-change-to-257.1.patch | 19 ++
...urnalctl-honor-quiet-with-setup-keys.patch | 76 +++++
...-disconnect-on-api-and-system-busses.patch | 35 +++
...add-list-of-subscribers-to-dump-info.patch | 26 ++
...to-invoke-polkit-ask-password-agent-.patch | 111 ++++++++
SOURCES/0029-mkosi-Fix-opensuse-build.patch | 27 ++
...eTmp-disconnected-instead-of-yes-if-.patch | 71 +++++
...rse-options-before-checking-for-kern.patch | 36 +++
...ock-return-77-on-skip-in-more-places.patch | 34 +++
...mkosi-update-debian-commit-reference.patch | 43 +++
...-add-smbios11-verb-to-systemd-analyz.patch | 25 ++
...m-wide-idle-begin-at-the-time-logind.patch | 67 +++++
...es-reduce-quoting-in-warning-message.patch | 35 +++
SOURCES/0037-semaphore-bump-timeout.patch | 26 ++
...038-Revert-semaphore-skip-some-tests.patch | 26 ++
...39-mkosi-fix-section-for-WithNetwork.patch | 23 ++
...e-util-fix-truncation-of-usec-to-sec.patch | 57 ++++
...ork-don-t-warn-with-no-NSID-assigned.patch | 40 +++
...TEST-35-LOGIN-check-only-tty-session.patch | 56 ++++
...ronment-setting-for-mkosi-should-be-.patch | 28 ++
...si-temporarily-disable-panic_on_warn.patch | 31 +++
...reguard-private-key-read-error-numbe.patch | 25 ++
...it-ignore-ENOENT-from-unit_is_masked.patch | 59 ++++
...-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch | 23 ++
...8-mkosi-Fix-tools-image-package-name.patch | 23 ++
...etry-unsealing-after-policy_pcr-retu.patch | 42 +++
...transaction-completes-expect-other-t.patch | 261 ++++++++++++++++++
...cument-generator-sandbox-environment.patch | 25 ++
...ix-regression-in-no-sign-kernel-flag.patch | 46 +++
...bian-ubuntu-to-ci-v257-stable-branch.patch | 25 ++
...-debian-ubuntu-to-ci-v257-stable-bra.patch | 23 ++
...util-unify-code-that-resets-dev-cons.patch | 172 ++++++++++++
SOURCES/0056-mkosi-move-config-options.patch | 80 ++++++
SOURCES/0057-mkosi-Update-to-latest.patch | 37 +++
.../0058-mkosi-Add-gdb-to-tools-tree.patch | 22 ++
...osi-Add-libz1-to-opensuse-tools-tree.patch | 24 ++
...le-EPEL-for-CentOS-Stream-tools-tree.patch | 30 ++
...0061-mkosi-Use-tools-tree-by-default.patch | 52 ++++
...uild-as-extra-search-path-by-default.patch | 30 ++
...-t-pass-host-if-we-re-not-using-flat.patch | 24 ++
...-mkosi.clangd-Fail-on-command-errors.patch | 21 ++
...-docs-Simplify-hacking-documentation.patch | 210 ++++++++++++++
...uthselect-systemd-homed-feature-name.patch | 27 ++
...s-Use-meson-compile-instead-of-ninja.patch | 68 +++++
...mention-.local-bin-in-section-on-ins.patch | 26 ++
...osi-update-opensuse-spec-repo-commit.patch | 23 ++
...osi-update-openSUSE-commit-reference.patch | 25 ++
...nssl-devel-package-to-openSUSE-tools.patch | 53 ++++
...github-mirror-of-openSUSE-sources-fr.patch | 144 ++++++++++
...bling-vcs-tag-via-environment-variab.patch | 65 +++++
...andbox-in-test-documentation-as-well.patch | 81 ++++++
...ME-s-Ubuntu-CI-section-for-mkosi-cha.patch | 83 ++++++
SOURCES/0076-mkosi-Add-docbook-tools.patch | 67 +++++
...ectories-in-debian-not-installed-cor.patch | 31 +++
...packaged-files-in-the-debian-package.patch | 23 ++
SOURCES/0079-mkosi-Update-to-latest.patch | 205 ++++++++++++++
...mkosi-Make-path-exclude-more-generic.patch | 33 +++
...ckit-Move-fmf-metadata-into-upstream.patch | 183 ++++++++++++
...precated-settings-and-command-with-n.patch | 66 +++++
...kosi-Migrate-more-deprecated-options.patch | 63 +++++
.../0084-ci-Rename-qemu-variable-to-vm.patch | 88 ++++++
...-Insist-on-mkosi-sha-being-available.patch | 43 +++
...ng-used-downstream-in-dist-git-tests.patch | 75 +++++
...when-AddDependencyUnitFiles-is-calle.patch | 35 +++
SOURCES/0088-repart-Use-streq_ptr.patch | 25 ++
...-sd-device-add-missing-debugging-log.patch | 25 ++
...lidation-for-devices-under-sys-firmw.patch | 67 +++++
...ns-lnrr-when-config-changes-to-disab.patch | 73 +++++
...-util-don-t-attempt-to-fiemap-fd-if-.patch | 48 ++++
...-util-handle-the-case-where-no-swap-.patch | 45 +++
...not-load-locale-from-environemnt-whe.patch | 30 ++
...GC-machine-when-no-leader-PID-is-set.patch | 36 +++
...-use-after-free-in-varlink-interface.patch | 131 +++++++++
...rialize-fix-serialization-of-markers.patch | 30 ++
...mdadm-create-question-for-compat-wit.patch | 84 ++++++
...-the-entry-for-Logitech-MX-Keys-for-.patch | 38 +++
...0-mkosi-Install-which-in-build-image.patch | 22 ++
.../0101-packit-Simplify-configuration.patch | 62 +++++
...mf-Check-out-target-branch-in-packit.patch | 23 ++
.../0103-stdio-bridge-fix-polled-fds.patch | 33 +++
...0104-Revert-mkosi-Fix-opensuse-build.patch | 28 ++
...low-integration-to-build-packages-on.patch | 33 +++
...s-also-trigger-Fedora-package-builds.patch | 29 ++
...ignore-ENOENT-in-checking-inhibitors.patch | 31 +++
...nly-ignore-ENOENT-in-checking-inhibi.patch | 33 +++
...invocation-and-list-invocations-acce.patch | 113 ++++++++
.../0110-meson-bump-version-to-257.2.patch | 16 ++
...orkflows-to-run-on-source-git-setup.patch} | 2 +-
...0112-ci-setup-source-git-automation.patch} | 2 +-
...13-ci-reconfigure-Packit-for-RHEL-10.patch | 67 +++++
...ate-user-journals-for-users-with-hi.patch} | 2 +-
...tmpfiles-make-purge-hard-to-mis-use.patch} | 2 +-
...use-system-auth-in-pam-systemd-user.patch} | 2 +-
...-start-rhel10-naming-and-include-rh.patch} | 2 +-
...es-copy-40-redhat.rules-from-RHEL-9.patch} | 2 +-
...d-set-RemoveIPC-to-false-by-default.patch} | 2 +-
...eate-resolv.conf-stub-resolv.conf-s.patch} | 2 +-
...l-order-after-network-online.target.patch} | 2 +-
...l-increase-random-seed-size-to-1024.patch} | 2 +-
...ble-systemd-journald-audit.socket-b.patch} | 2 +-
...-don-t-touch-current-audit-settings.patch} | 2 +-
...vator-kernel-command-line-parameter.patch} | 2 +-
...TasksMax-to-80-of-the-kernel-pid.ma.patch} | 2 +-
...nk-change-the-default-MACAddressPol.patch} | 2 +-
...-level-of-messages-about-use-of-Kil.patch} | 2 +-
...h => 0129-taint-remove-unmerged-bin.patch} | 2 +-
...tch => 0130-presets-remove-resolved.patch} | 2 +-
...t-only-for-Fedora-and-CentOS-Stream.patch} | 14 +-
...int-remove-unused-variable-usr_sbin.patch} | 2 +-
...ckit-drop-the-libarchive-workaround.patch} | 6 +-
...lt-process-and-store-core-files-up-.patch} | 2 +-
...ounted-as-tmpfs-without-the-user-s-.patch} | 2 +-
...it-don-t-add-Requires-for-tmp.mount.patch} | 2 +-
...ts-add-Install-section-to-tmp.mount.patch} | 2 +-
...e-tmp.mount-statically-in-local-fs..patch} | 2 +-
...f-naming-scheme-add-rhel-9.5-scheme.patch} | 2 +-
...me-rename-rhel-10.0-to-rhel-10.0.be.patch} | 2 +-
...me-disable-NAMING_FIRMWARE_NODE_SUN.patch} | 2 +-
...g-scheme-introduce-rhel-10.0-scheme.patch} | 2 +-
...introduce-naming-scheme-for-RHEL-9.6.patch | 58 ++++
SPECS/systemd.spec | 181 +++++++++---
146 files changed, 6385 insertions(+), 134 deletions(-)
create mode 100644 SOURCES/0001-Create-CNAME.patch
create mode 100644 SOURCES/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch
delete mode 100644 SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch
create mode 100644 SOURCES/0003-test-modernize-generate-sym-test.py.patch
create mode 100644 SOURCES/0004-test-also-generate-list-of-symbols-from-header-files.patch
create mode 100644 SOURCES/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch
create mode 100644 SOURCES/0006-analyze-tab-fix.patch
create mode 100644 SOURCES/0007-analyze-add-missing-mask-option-to-help-text.patch
create mode 100644 SOURCES/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch
create mode 100644 SOURCES/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch
create mode 100644 SOURCES/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch
create mode 100644 SOURCES/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch
create mode 100644 SOURCES/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch
create mode 100644 SOURCES/0013-man-document-unprivileged-is-not-for-reading-propert.patch
create mode 100644 SOURCES/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
create mode 100644 SOURCES/0015-Fixing-VLAN-ranges-in-man-systemd.network.patch
create mode 100644 SOURCES/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch
create mode 100644 SOURCES/0017-man-update-example-in-systemd-measure.xml-35506.patch
create mode 100644 SOURCES/0018-systemd-cryptenroll.xml-fix-typo.patch
create mode 100644 SOURCES/0019-semaphore-skip-some-tests.patch
create mode 100644 SOURCES/0020-shell-completion-add-systemd-creds.patch
create mode 100644 SOURCES/0021-core-fix-loading-verity-settings-for-MountImages.patch
create mode 100644 SOURCES/0022-test-add-more-coverage-for-extensions-and-verity.patch
create mode 100644 SOURCES/0023-README-drop-CentOS-CI-badges.patch
create mode 100644 SOURCES/0024-meson.version-change-to-257.1.patch
create mode 100644 SOURCES/0025-journalctl-honor-quiet-with-setup-keys.patch
create mode 100644 SOURCES/0026-dbus-log-disconnect-on-api-and-system-busses.patch
create mode 100644 SOURCES/0027-manager-add-list-of-subscribers-to-dump-info.patch
create mode 100644 SOURCES/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch
create mode 100644 SOURCES/0029-mkosi-Fix-opensuse-build.patch
create mode 100644 SOURCES/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch
create mode 100644 SOURCES/0031-battery-check-parse-options-before-checking-for-kern.patch
create mode 100644 SOURCES/0032-test-loop-block-return-77-on-skip-in-more-places.patch
create mode 100644 SOURCES/0033-mkosi-update-debian-commit-reference.patch
create mode 100644 SOURCES/0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch
create mode 100644 SOURCES/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch
create mode 100644 SOURCES/0036-tmpfiles-reduce-quoting-in-warning-message.patch
create mode 100644 SOURCES/0037-semaphore-bump-timeout.patch
create mode 100644 SOURCES/0038-Revert-semaphore-skip-some-tests.patch
create mode 100644 SOURCES/0039-mkosi-fix-section-for-WithNetwork.patch
create mode 100644 SOURCES/0040-test-time-util-fix-truncation-of-usec-to-sec.patch
create mode 100644 SOURCES/0041-network-don-t-warn-with-no-NSID-assigned.patch
create mode 100644 SOURCES/0042-TEST-35-LOGIN-check-only-tty-session.patch
create mode 100644 SOURCES/0043-test-README-Environment-setting-for-mkosi-should-be-.patch
create mode 100644 SOURCES/0044-mkosi-temporarily-disable-panic_on_warn.patch
create mode 100644 SOURCES/0045-networkd-show-wireguard-private-key-read-error-numbe.patch
create mode 100644 SOURCES/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch
create mode 100644 SOURCES/0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch
create mode 100644 SOURCES/0048-mkosi-Fix-tools-image-package-name.patch
create mode 100644 SOURCES/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch
create mode 100644 SOURCES/0050-resolved-if-one-transaction-completes-expect-other-t.patch
create mode 100644 SOURCES/0051-man-Document-generator-sandbox-environment.patch
create mode 100644 SOURCES/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch
create mode 100644 SOURCES/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch
create mode 100644 SOURCES/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch
create mode 100644 SOURCES/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch
create mode 100644 SOURCES/0056-mkosi-move-config-options.patch
create mode 100644 SOURCES/0057-mkosi-Update-to-latest.patch
create mode 100644 SOURCES/0058-mkosi-Add-gdb-to-tools-tree.patch
create mode 100644 SOURCES/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch
create mode 100644 SOURCES/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch
create mode 100644 SOURCES/0061-mkosi-Use-tools-tree-by-default.patch
create mode 100644 SOURCES/0062-mkosi-Use-build-as-extra-search-path-by-default.patch
create mode 100644 SOURCES/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch
create mode 100644 SOURCES/0064-mkosi.clangd-Fail-on-command-errors.patch
create mode 100644 SOURCES/0065-docs-Simplify-hacking-documentation.patch
create mode 100644 SOURCES/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch
create mode 100644 SOURCES/0067-docs-Use-meson-compile-instead-of-ninja.patch
create mode 100644 SOURCES/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch
create mode 100644 SOURCES/0069-mkosi-update-opensuse-spec-repo-commit.patch
create mode 100644 SOURCES/0070-mkosi-update-openSUSE-commit-reference.patch
create mode 100644 SOURCES/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch
create mode 100644 SOURCES/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch
create mode 100644 SOURCES/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch
create mode 100644 SOURCES/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch
create mode 100644 SOURCES/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch
create mode 100644 SOURCES/0076-mkosi-Add-docbook-tools.patch
create mode 100644 SOURCES/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch
create mode 100644 SOURCES/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch
create mode 100644 SOURCES/0079-mkosi-Update-to-latest.patch
create mode 100644 SOURCES/0080-mkosi-Make-path-exclude-more-generic.patch
create mode 100644 SOURCES/0081-packit-Move-fmf-metadata-into-upstream.patch
create mode 100644 SOURCES/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch
create mode 100644 SOURCES/0083-mkosi-Migrate-more-deprecated-options.patch
create mode 100644 SOURCES/0084-ci-Rename-qemu-variable-to-vm.patch
create mode 100644 SOURCES/0085-fmf-Insist-on-mkosi-sha-being-available.patch
create mode 100644 SOURCES/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch
create mode 100644 SOURCES/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch
create mode 100644 SOURCES/0088-repart-Use-streq_ptr.patch
create mode 100644 SOURCES/0089-sd-device-add-missing-debugging-log.patch
create mode 100644 SOURCES/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch
create mode 100644 SOURCES/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch
create mode 100644 SOURCES/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch
create mode 100644 SOURCES/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch
create mode 100644 SOURCES/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch
create mode 100644 SOURCES/0095-machine-GC-machine-when-no-leader-PID-is-set.patch
create mode 100644 SOURCES/0096-creds-fix-use-after-free-in-varlink-interface.patch
create mode 100644 SOURCES/0097-core-unit-serialize-fix-serialization-of-markers.patch
create mode 100644 SOURCES/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch
create mode 100644 SOURCES/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch
create mode 100644 SOURCES/0100-mkosi-Install-which-in-build-image.patch
create mode 100644 SOURCES/0101-packit-Simplify-configuration.patch
create mode 100644 SOURCES/0102-fmf-Check-out-target-branch-in-packit.patch
create mode 100644 SOURCES/0103-stdio-bridge-fix-polled-fds.patch
create mode 100644 SOURCES/0104-Revert-mkosi-Fix-opensuse-build.patch
create mode 100644 SOURCES/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch
create mode 100644 SOURCES/0106-obs-also-trigger-Fedora-package-builds.patch
create mode 100644 SOURCES/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch
create mode 100644 SOURCES/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch
create mode 100644 SOURCES/0109-journalctl-make-invocation-and-list-invocations-acce.patch
create mode 100644 SOURCES/0110-meson-bump-version-to-257.2.patch
rename SOURCES/{0001-ci-update-workflows-to-run-on-source-git-setup.patch => 0111-ci-update-workflows-to-run-on-source-git-setup.patch} (97%)
rename SOURCES/{0002-ci-setup-source-git-automation.patch => 0112-ci-setup-source-git-automation.patch} (99%)
create mode 100644 SOURCES/0113-ci-reconfigure-Packit-for-RHEL-10.patch
rename SOURCES/{0004-journal-again-create-user-journals-for-users-with-hi.patch => 0114-journal-again-create-user-journals-for-users-with-hi.patch} (97%)
rename SOURCES/{0005-tmpfiles-make-purge-hard-to-mis-use.patch => 0115-tmpfiles-make-purge-hard-to-mis-use.patch} (97%)
rename SOURCES/{0006-fedora-use-system-auth-in-pam-systemd-user.patch => 0116-fedora-use-system-auth-in-pam-systemd-user.patch} (93%)
rename SOURCES/{0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch => 0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch} (99%)
rename SOURCES/{0008-rules-copy-40-redhat.rules-from-RHEL-9.patch => 0118-rules-copy-40-redhat.rules-from-RHEL-9.patch} (98%)
rename SOURCES/{0009-logind-set-RemoveIPC-to-false-by-default.patch => 0119-logind-set-RemoveIPC-to-false-by-default.patch} (96%)
rename SOURCES/{0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch => 0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch} (95%)
rename SOURCES/{0011-rc-local-order-after-network-online.target.patch => 0121-rc-local-order-after-network-online.target.patch} (92%)
rename SOURCES/{0012-random-util-increase-random-seed-size-to-1024.patch => 0122-random-util-increase-random-seed-size-to-1024.patch} (91%)
rename SOURCES/{0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch => 0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch} (92%)
rename SOURCES/{0014-journald.conf-don-t-touch-current-audit-settings.patch => 0124-journald.conf-don-t-touch-current-audit-settings.patch} (89%)
rename SOURCES/{0015-rules-add-elevator-kernel-command-line-parameter.patch => 0125-rules-add-elevator-kernel-command-line-parameter.patch} (96%)
rename SOURCES/{0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch => 0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch} (97%)
rename SOURCES/{0017-udev-net-setup-link-change-the-default-MACAddressPol.patch => 0127-udev-net-setup-link-change-the-default-MACAddressPol.patch} (96%)
rename SOURCES/{0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch => 0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch} (96%)
rename SOURCES/{0019-taint-remove-unmerged-bin.patch => 0129-taint-remove-unmerged-bin.patch} (98%)
rename SOURCES/{0020-presets-remove-resolved.patch => 0130-presets-remove-resolved.patch} (93%)
rename SOURCES/{0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch => 0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch} (89%)
rename SOURCES/{0022-taint-remove-unused-variable-usr_sbin.patch => 0132-taint-remove-unused-variable-usr_sbin.patch} (93%)
rename SOURCES/{0023-packit-drop-the-libarchive-workaround.patch => 0133-packit-drop-the-libarchive-workaround.patch} (87%)
rename SOURCES/{0024-coredump-by-default-process-and-store-core-files-up-.patch => 0134-coredump-by-default-process-and-store-core-files-up-.patch} (92%)
rename SOURCES/{0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch => 0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch} (92%)
rename SOURCES/{0026-unit-don-t-add-Requires-for-tmp.mount.patch => 0136-unit-don-t-add-Requires-for-tmp.mount.patch} (96%)
rename SOURCES/{0027-units-add-Install-section-to-tmp.mount.patch => 0137-units-add-Install-section-to-tmp.mount.patch} (90%)
rename SOURCES/{0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch => 0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch} (92%)
rename SOURCES/{0029-netif-naming-scheme-add-rhel-9.5-scheme.patch => 0139-netif-naming-scheme-add-rhel-9.5-scheme.patch} (97%)
rename SOURCES/{0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch => 0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch} (97%)
rename SOURCES/{0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch => 0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch} (94%)
rename SOURCES/{0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch => 0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch} (97%)
create mode 100644 SOURCES/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch
diff --git a/.systemd.metadata b/.systemd.metadata
index 09f18a6..55f5540 100644
--- a/.systemd.metadata
+++ b/.systemd.metadata
@@ -1 +1 @@
-6a2e4b3d055966d5c77fc067653da2cdd047b0968a01b181b4e551c00f632f33 SOURCES/systemd-257.tar.gz
+14f6907eb5e289d8c39cbe1ef891ca54d8a0e3582c986a9ef5844b3f29add43b SOURCES/systemd-257.tar.gz
diff --git a/SOURCES/0001-Create-CNAME.patch b/SOURCES/0001-Create-CNAME.patch
new file mode 100644
index 0000000..82f7ad2
--- /dev/null
+++ b/SOURCES/0001-Create-CNAME.patch
@@ -0,0 +1,18 @@
+From 217666530e117eafbed9af56e2e7ab467c02a405 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Tue, 10 Dec 2024 19:39:23 +0000
+Subject: [PATCH] Create CNAME
+
+---
+ docs/CNAME | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 docs/CNAME
+
+diff --git a/docs/CNAME b/docs/CNAME
+new file mode 100644
+index 0000000000..cdcf4d9a52
+--- /dev/null
++++ b/docs/CNAME
+@@ -0,0 +1 @@
++systemd.io
+\ No newline at end of file
diff --git a/SOURCES/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch b/SOURCES/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch
new file mode 100644
index 0000000..4fd4df8
--- /dev/null
+++ b/SOURCES/0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch
@@ -0,0 +1,56 @@
+From d7eeb60cdff19e3b2a69cc14118e65e7bfe96421 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 12 Dec 2024 19:42:48 +0900
+Subject: [PATCH] sd-json,sd-varlink: drop unexported functions from public
+ headers
+
+These functions are exported by e11f5aa7226253bf31b2ed61be8599bb213c1819
+and 5fcabde35b8d2592e4ba3f4915839a54d2f246ba in upstream after v257.
+
+Fixes #35554 in v257.
+---
+ src/libsystemd/sd-json/json-util.h | 3 +++
+ src/systemd/sd-json.h | 3 ---
+ src/systemd/sd-varlink.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/libsystemd/sd-json/json-util.h b/src/libsystemd/sd-json/json-util.h
+index 808df64d98..b3b4941dcc 100644
+--- a/src/libsystemd/sd-json/json-util.h
++++ b/src/libsystemd/sd-json/json-util.h
+@@ -8,6 +8,9 @@
+ #include "macro.h"
+ #include "pidref.h"
+
++const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
++sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
++
+ #define JSON_VARIANT_REPLACE(v, q) \
+ do { \
+ typeof(v)* _v = &(v); \
+diff --git a/src/systemd/sd-json.h b/src/systemd/sd-json.h
+index 3930d82b0d..33817f2327 100644
+--- a/src/systemd/sd-json.h
++++ b/src/systemd/sd-json.h
+@@ -339,9 +339,6 @@ int sd_json_variant_strv(sd_json_variant *v, char ***ret);
+ int sd_json_variant_unbase64(sd_json_variant *v, void **ret, size_t *ret_size);
+ int sd_json_variant_unhex(sd_json_variant *v, void **ret, size_t *ret_size);
+
+-const char* sd_json_variant_type_to_string(sd_json_variant_type_t t);
+-sd_json_variant_type_t sd_json_variant_type_from_string(const char *s);
+-
+ _sd_const_ static __inline__ int sd_json_format_enabled(sd_json_format_flags_t flags) {
+ return !(flags & SD_JSON_FORMAT_OFF);
+ }
+diff --git a/src/systemd/sd-varlink.h b/src/systemd/sd-varlink.h
+index 816b9b0ebf..17cf8b7386 100644
+--- a/src/systemd/sd-varlink.h
++++ b/src/systemd/sd-varlink.h
+@@ -184,7 +184,6 @@ int sd_varlink_dispatch(sd_varlink *v, sd_json_variant *parameters, const sd_jso
+ /* Write outgoing fds into the socket (to be associated with the next enqueued message) */
+ int sd_varlink_push_fd(sd_varlink *v, int fd);
+ int sd_varlink_push_dup_fd(sd_varlink *v, int fd);
+-int sd_varlink_reset_fds(sd_varlink *v);
+
+ /* Read incoming fds from the socket (associated with the currently handled message) */
+ int sd_varlink_peek_fd(sd_varlink *v, size_t i);
diff --git a/SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch b/SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch
deleted file mode 100644
index e9f479b..0000000
--- a/SOURCES/0003-ci-reconfigure-Packit-for-RHEL-10.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From ec05646d8b34762d270ab8d3f703e06828ed0a03 Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Fri, 17 May 2024 13:55:40 +0200
-Subject: [PATCH] ci: reconfigure Packit for RHEL 10
-
-rhel-only: ci
-
-Related: RHEL-36636
----
- .packit.yml | 28 +++++++++-------------------
- 1 file changed, 9 insertions(+), 19 deletions(-)
-
-diff --git a/.packit.yml b/.packit.yml
-index 2dcc9e86ca..340c6992ec 100644
---- a/.packit.yml
-+++ b/.packit.yml
-@@ -24,14 +24,12 @@ actions:
- - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'"
-
- post-upstream-clone:
-- # Use the Fedora Rawhide specfile
-- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
-+ # Use the CentOS Stream 10 specfile
-+ - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
- # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
- - "rm -fv .packit_rpm/sources"
-- # Drop backported patches from the specfile, but keep the downstream-only ones
-- # - Patch(0000-0499): backported patches from upstream
-- # - Patch0500-9999: downstream-only patches
-- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec"
-+ # Drop all patches, since they're already included in the tarball
-+ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
- # Build the RPM with --werror. Even though --werror doesn't work in all
- # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
- # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
-@@ -45,20 +43,12 @@ actions:
- # until the change propagates to Rawhide's specfile
- - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
-
-+# Available targets can be listed via `copr-cli list-chroots`
- jobs:
- - job: copr_build
- trigger: pull_request
- targets:
-- - fedora-rawhide-aarch64
-- - fedora-rawhide-i386
-- - fedora-rawhide-ppc64le
-- - fedora-rawhide-s390x
-- - fedora-rawhide-x86_64
--
--- job: tests
-- trigger: pull_request
-- fmf_url: https://src.fedoraproject.org/tests/systemd
-- fmf_ref: main
-- tmt_plan: ci
-- targets:
-- - fedora-rawhide-x86_64
-+ - centos-stream-10-aarch64
-+ - centos-stream-10-ppc64le
-+ - centos-stream-10-s390x
-+ - centos-stream-10-x86_64
diff --git a/SOURCES/0003-test-modernize-generate-sym-test.py.patch b/SOURCES/0003-test-modernize-generate-sym-test.py.patch
new file mode 100644
index 0000000..63992f8
--- /dev/null
+++ b/SOURCES/0003-test-modernize-generate-sym-test.py.patch
@@ -0,0 +1,195 @@
+From e231110a641237817490785bdf3e96df1de524e2 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 12 Dec 2024 10:01:48 +0900
+Subject: [PATCH] test: modernize generate-sym-test.py
+
+(cherry picked from commit 6e399ece1fd6dc8cbf5830c263a118b58d36acac)
+---
+ src/test/generate-sym-test.py | 107 +++++++++++++++++++++-------------
+ 1 file changed, 67 insertions(+), 40 deletions(-)
+
+diff --git a/src/test/generate-sym-test.py b/src/test/generate-sym-test.py
+index 2e5177c934..24223aa7b0 100755
+--- a/src/test/generate-sym-test.py
++++ b/src/test/generate-sym-test.py
+@@ -1,78 +1,99 @@
+ #!/usr/bin/env python3
+ # SPDX-License-Identifier: LGPL-2.1-or-later
++#
++# ruff: noqa: E501 UP015
+
+ import os
+ import re
+ import sys
++from typing import IO
+
+-def process_sym_file(file):
++
++def process_sym_file(file: IO[str]) -> None:
+ for line in file:
+ m = re.search(r'^ +([a-zA-Z0-9_]+);', line)
+ if m:
+ if m[1] == 'sd_bus_object_vtable_format':
+- print(' {{"{0}", &{0}}},'.format(m[1]))
++ print(f' {{ "{m[1]}", &{m[1]} }},')
+ else:
+- print(' {{"{0}", {0}}},'.format(m[1]))
++ print(f' {{ "{m[1]}", {m[1]} }},')
++
+
+-def process_source_file(file):
++def process_source_file(file: IO[str]) -> None:
+ for line in file:
+ # Functions
+ m = re.search(r'^_public_\s+(\S+\s+)+\**(\w+)\s*\(', line)
+ if m:
+- print(' {{ "{0}", {0} }},'.format(m[2]))
++ print(f' {{ "{m[2]}", {m[2]} }},')
++ continue
++
+ # Variables
+ m = re.search(r'^_public_\s+(\S+\s+)+\**(\w+)\s*=', line)
+ if m:
+- print(' {{ "{0}", &{0} }},'.format(m[2]))
++ print(f' {{ "{m[2]}", &{m[2]} }},')
++ continue
++
+ # Functions defined through a macro
+ m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_REF_FUNC\([^,]+,\s*(\w+)\s*\)', line)
+ if m:
+- print(' {{ "{0}_ref", {0}_ref }},'.format(m[1]))
++ print(f' {{ "{m[1]}_ref", {m[1]}_ref }},')
++ continue
++
+ m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC\([^,]+,\s*(\w+)\s*,', line)
+ if m:
+- print(' {{ "{0}_unref", {0}_unref }},'.format(m[1]))
+- m = re.search(r"^DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC\([^,]+,\s*(\w+)\s*,", line)
++ print(f' {{ "{m[1]}_unref", {m[1]}_unref }},')
++ continue
++
++ m = re.search(r'^DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC\([^,]+,\s*(\w+)\s*,', line)
++ if m:
++ print(f' {{ "{m[1]}_ref", {m[1]}_ref }},')
++ print(f' {{ "{m[1]}_unref", {m[1]}_unref }},')
++ continue
++
++ m = re.search(r'^_DEFINE_STRING_TABLE_LOOKUP\((\w+),\s*\w+,\s*_public_\s*\)', line)
+ if m:
+- print(' {{ "{0}_ref", {0}_ref }},'.format(m[1]))
+- print(' {{ "{0}_unref", {0}_unref }},'.format(m[1]))
++ print(f' {{ "{m[1]}_from_string", {m[1]}_from_string }},')
++ print(f' {{ "{m[1]}_to_string", {m[1]}_to_string }},')
++ continue
+
+-print('''/* SPDX-License-Identifier: LGPL-2.1-or-later */
++
++print("""/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+
+-''')
++""")
+
+ for header in sys.argv[3:]:
+ print('#include "{}"'.format(header.split('/')[-1]))
+
+-print('''
++print("""
+ /* We want to check deprecated symbols too, without complaining */
+ #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+-''')
++""")
+
+-print('''
++print("""
+ struct symbol {
+ const char *name;
+ const void *symbol;
+ };
+-static struct symbol symbols_from_sym[] = {''')
++static struct symbol symbols_from_sym[] = {""")
+
+-with open(sys.argv[1], "r") as f:
++with open(sys.argv[1], 'r') as f:
+ process_sym_file(f)
+
+-print(''' {}
+-}, symbols_from_source[] = {''')
++print(""" {}
++}, symbols_from_source[] = {""")
+
+ for dirpath, _, filenames in sorted(os.walk(sys.argv[2])):
+ for filename in sorted(filenames):
+- if not filename.endswith(".c") and not filename.endswith(".h"):
++ if not filename.endswith('.c') and not filename.endswith('.h'):
+ continue
+- with open(os.path.join(dirpath, filename), "r") as f:
++ with open(os.path.join(dirpath, filename), 'r') as f:
+ process_source_file(f)
+
+-print(''' {}
++print(""" {}
+ };
+
+ static int sort_callback(const void *a, const void *b) {
+@@ -81,34 +102,40 @@ static int sort_callback(const void *a, const void *b) {
+ }
+
+ int main(void) {
+- size_t i, j;
++ size_t size = sizeof(symbols_from_sym[0]),
++ n_sym = sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0]) - 1,
++ n_source = sizeof(symbols_from_source)/sizeof(symbols_from_source[0]) - 1;
+
+- qsort(symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
+- qsort(symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
++ qsort(symbols_from_sym, n_sym, size, sort_callback);
++ qsort(symbols_from_source, n_source, size, sort_callback);
+
+ puts("From symbol file:");
+- for (i = 0; symbols_from_sym[i].name; i++)
++ for (size_t i = 0; i < n_sym; i++)
+ printf("%p: %s\\n", symbols_from_sym[i].symbol, symbols_from_sym[i].name);
+
+ puts("\\nFrom source files:");
+- for (j = 0; symbols_from_source[j].name; j++)
+- printf("%p: %s\\n", symbols_from_source[j].symbol, symbols_from_source[j].name);
++ for (size_t i = 0; i < n_source; i++)
++ printf("%p: %s\\n", symbols_from_source[i].symbol, symbols_from_source[i].name);
+
+ puts("");
+- printf("Found %zu symbols from symbol file.\\n", i);
+- printf("Found %zu symbols from source files.\\n", j);
++ printf("Found %zu symbols from symbol file.\\n", n_sym);
++ printf("Found %zu symbols from source files.\\n", n_source);
++
++ unsigned n_error = 0;
+
+- for (i = 0; symbols_from_sym[i].name; i++) {
+- struct symbol *n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
+- if (!n)
++ for (size_t i = 0; i < n_sym; i++) {
++ if (!bsearch(symbols_from_sym+i, symbols_from_source, n_source, size, sort_callback)) {
+ printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
++ n_error++;
++ }
+ }
+
+- for (j = 0; symbols_from_source[j].name; j++) {
+- struct symbol *n = bsearch(symbols_from_source+j, symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
+- if (!n)
+- printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[j].name);
++ for (size_t i = 0; i < n_source; i++) {
++ if (!bsearch(symbols_from_source+i, symbols_from_sym, n_sym, size, sort_callback)) {
++ printf("Found in source file, but not in symbol file: %s\\n", symbols_from_source[i].name);
++ n_error++;
++ }
+ }
+
+- return i == j ? EXIT_SUCCESS : EXIT_FAILURE;
+-}''')
++ return n_error == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
++}""")
diff --git a/SOURCES/0004-test-also-generate-list-of-symbols-from-header-files.patch b/SOURCES/0004-test-also-generate-list-of-symbols-from-header-files.patch
new file mode 100644
index 0000000..9b9165c
--- /dev/null
+++ b/SOURCES/0004-test-also-generate-list-of-symbols-from-header-files.patch
@@ -0,0 +1,142 @@
+From 1601149c5b14ed9e6e34b46ddb2ba3006b5f5315 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 12 Dec 2024 13:18:59 +0900
+Subject: [PATCH] test: also generate list of symbols from header files
+
+To make the generated tests able to detect issues like #35554.
+
+(cherry picked from commit 0b39dc23ba2d8d3e99f5dc30c3da5d0f6baf10d7)
+---
+ src/test/generate-sym-test.py | 74 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 74 insertions(+)
+
+diff --git a/src/test/generate-sym-test.py b/src/test/generate-sym-test.py
+index 24223aa7b0..7b5ded936c 100755
+--- a/src/test/generate-sym-test.py
++++ b/src/test/generate-sym-test.py
+@@ -19,6 +19,47 @@ def process_sym_file(file: IO[str]) -> None:
+ print(f' {{ "{m[1]}", {m[1]} }},')
+
+
++def process_header_file(file: IO[str]) -> None:
++ for line in file:
++ if (
++ line.startswith('#')
++ or line.startswith('typedef')
++ or line.startswith('extern "C"')
++ or line.startswith('__extension__')
++ or line.startswith('/*')
++ or ' __inline__ ' in line
++ or re.search(r'^\s+', line)
++ ):
++ continue
++
++ m = re.search(r'^(.*)\s*__attribute__', line)
++ if m:
++ line = m[1]
++
++ m = re.search(r'^(.*)\s*_sd_printf_', line)
++ if m:
++ line = m[1]
++
++ # Functions
++ m = re.search(r'^(\S+\s+)+\**(\w+)\s*\(', line)
++ if m:
++ print(f' {{ "{m[2]}", {m[2]} }},')
++ continue
++
++ # Variables
++ m = re.search(r'^extern\s', line)
++ if m:
++ n = line.split()[-1].rstrip(';')
++ print(f' {{ "{n}", &{n} }},')
++ continue
++
++ # Functions defined by macro
++ m = re.search(r'_SD_DEFINE_POINTER_CLEANUP_FUNC\(\w+,\s*(\w+)\)', line)
++ if m:
++ print(f' {{ "{m[1]}", {m[1]} }},')
++ continue
++
++
+ def process_source_file(file: IO[str]) -> None:
+ for line in file:
+ # Functions
+@@ -83,6 +124,13 @@ static struct symbol symbols_from_sym[] = {""")
+ with open(sys.argv[1], 'r') as f:
+ process_sym_file(f)
+
++print(""" {}
++}, symbols_from_header[] = {""")
++
++for header in sys.argv[3:]:
++ with open(header, 'r') as f:
++ process_header_file(f)
++
+ print(""" {}
+ }, symbols_from_source[] = {""")
+
+@@ -104,37 +152,63 @@ static int sort_callback(const void *a, const void *b) {
+ int main(void) {
+ size_t size = sizeof(symbols_from_sym[0]),
+ n_sym = sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0]) - 1,
++ n_header = sizeof(symbols_from_header)/sizeof(symbols_from_header[0]) - 1,
+ n_source = sizeof(symbols_from_source)/sizeof(symbols_from_source[0]) - 1;
+
+ qsort(symbols_from_sym, n_sym, size, sort_callback);
++ qsort(symbols_from_header, n_header, size, sort_callback);
+ qsort(symbols_from_source, n_source, size, sort_callback);
+
+ puts("From symbol file:");
+ for (size_t i = 0; i < n_sym; i++)
+ printf("%p: %s\\n", symbols_from_sym[i].symbol, symbols_from_sym[i].name);
+
++ puts("\\nFrom header files:");
++ for (size_t i = 0; i < n_header; i++)
++ printf("%p: %s\\n", symbols_from_header[i].symbol, symbols_from_header[i].name);
++
+ puts("\\nFrom source files:");
+ for (size_t i = 0; i < n_source; i++)
+ printf("%p: %s\\n", symbols_from_source[i].symbol, symbols_from_source[i].name);
+
+ puts("");
+ printf("Found %zu symbols from symbol file.\\n", n_sym);
++ printf("Found %zu symbols from header files.\\n", n_header);
+ printf("Found %zu symbols from source files.\\n", n_source);
+
+ unsigned n_error = 0;
+
+ for (size_t i = 0; i < n_sym; i++) {
++ if (!bsearch(symbols_from_sym+i, symbols_from_header, n_header, size, sort_callback)) {
++ printf("Found in symbol file, but not in headers: %s\\n", symbols_from_sym[i].name);
++ n_error++;
++ }
+ if (!bsearch(symbols_from_sym+i, symbols_from_source, n_source, size, sort_callback)) {
+ printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
+ n_error++;
+ }
+ }
+
++ for (size_t i = 0; i < n_header; i++) {
++ if (!bsearch(symbols_from_header+i, symbols_from_sym, n_sym, size, sort_callback)) {
++ printf("Found in header file, but not in symbol file: %s\\n", symbols_from_header[i].name);
++ n_error++;
++ }
++ if (!bsearch(symbols_from_header+i, symbols_from_source, n_source, size, sort_callback)) {
++ printf("Found in header file, but not in sources: %s\\n", symbols_from_header[i].name);
++ n_error++;
++ }
++ }
++
+ for (size_t i = 0; i < n_source; i++) {
+ if (!bsearch(symbols_from_source+i, symbols_from_sym, n_sym, size, sort_callback)) {
+ printf("Found in source file, but not in symbol file: %s\\n", symbols_from_source[i].name);
+ n_error++;
+ }
++ if (!bsearch(symbols_from_source+i, symbols_from_header, n_header, size, sort_callback)) {
++ printf("Found in source file, but not in header: %s\\n", symbols_from_source[i].name);
++ n_error++;
++ }
+ }
+
+ return n_error == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
diff --git a/SOURCES/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch b/SOURCES/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch
new file mode 100644
index 0000000..58f10da
--- /dev/null
+++ b/SOURCES/0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch
@@ -0,0 +1,65 @@
+From 2f2cd7a8657ebc7cdbddabe1166cbdcb94d66995 Mon Sep 17 00:00:00 2001
+From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+Date: Wed, 11 Dec 2024 07:32:04 +0100
+Subject: [PATCH] man/systemd-cryptenroll: sort --fido2-credential-algorithm
+ after --fido2-device
+
+And also fix a typo.
+
+(cherry picked from commit 62b7b70bb78f85198509b3327cb29b83ed9218ec)
+---
+ man/systemd-cryptenroll.xml | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
+index 83f8b2d8a1..f3c23adfd0 100644
+--- a/man/systemd-cryptenroll.xml
++++ b/man/systemd-cryptenroll.xml
+@@ -384,24 +384,9 @@
+ <refsect1>
+ <title>FIDO2 Enrollment</title>
+
+- <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
++ <para>The following options are understood that may be used to enroll FIDO2 tokens:</para>
+
+ <variablelist>
+- <varlistentry>
+- <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
+- <listitem><para>Specify COSE algorithm used in credential generation. The default value is
+- <literal>es256</literal>. Supported values are <literal>es256</literal>, <literal>rs256</literal>
+- and <literal>eddsa</literal>.</para>
+-
+- <para><literal>es256</literal> denotes ECDSA over NIST P-256 with SHA-256. <literal>rs256</literal>
+- denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. <literal>eddsa</literal> denotes
+- EDDSA over Curve25519 with SHA-512.</para>
+-
+- <para>Note that your authenticator may choose not to support some algorithms.</para>
+-
+- <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+- </varlistentry>
+-
+ <varlistentry>
+ <term><option>--fido2-device=<replaceable>PATH</replaceable></option></term>
+
+@@ -428,6 +413,21 @@
+ <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
++ <listitem><para>Specify COSE algorithm used in credential generation. The default value is
++ <literal>es256</literal>. Supported values are <literal>es256</literal>, <literal>rs256</literal>
++ and <literal>eddsa</literal>.</para>
++
++ <para><literal>es256</literal> denotes ECDSA over NIST P-256 with SHA-256. <literal>rs256</literal>
++ denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. <literal>eddsa</literal> denotes
++ EDDSA over Curve25519 with SHA-512.</para>
++
++ <para>Note that your authenticator may choose not to support some algorithms.</para>
++
++ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
++ </varlistentry>
++
+ <varlistentry>
+ <term><option>--fido2-salt-file=<replaceable>PATH</replaceable></option></term>
+
diff --git a/SOURCES/0006-analyze-tab-fix.patch b/SOURCES/0006-analyze-tab-fix.patch
new file mode 100644
index 0000000..60a25d8
--- /dev/null
+++ b/SOURCES/0006-analyze-tab-fix.patch
@@ -0,0 +1,23 @@
+From f4215e7909a74e01f3275c8537d9574924aefa4c Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 11 Dec 2024 10:31:41 +0100
+Subject: [PATCH] analyze: tab fix
+
+(cherry picked from commit 7167bee6c672f9a0729631ba1f7459dd5e18f549)
+---
+ src/analyze/analyze-plot.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/analyze/analyze-plot.c b/src/analyze/analyze-plot.c
+index c50343d71c..20d6811f9b 100644
+--- a/src/analyze/analyze-plot.c
++++ b/src/analyze/analyze-plot.c
+@@ -170,7 +170,7 @@ static void plot_tooltip(const UnitTimes *ut) {
+ svg("%s:\n", ut->name);
+ svg("Activating: %"PRI_USEC".%.3"PRI_USEC"\n", ut->activating / USEC_PER_SEC, ut->activating % USEC_PER_SEC);
+ svg("Activated: %"PRI_USEC".%.3"PRI_USEC"\n", ut->activated / USEC_PER_SEC, ut->activated % USEC_PER_SEC);
+-
++
+ UnitDependency i;
+ FOREACH_ARGUMENT(i, UNIT_AFTER, UNIT_BEFORE, UNIT_REQUIRES, UNIT_REQUISITE, UNIT_WANTS, UNIT_CONFLICTS, UNIT_UPHOLDS)
+ if (!strv_isempty(ut->deps[i])) {
diff --git a/SOURCES/0007-analyze-add-missing-mask-option-to-help-text.patch b/SOURCES/0007-analyze-add-missing-mask-option-to-help-text.patch
new file mode 100644
index 0000000..604b9b3
--- /dev/null
+++ b/SOURCES/0007-analyze-add-missing-mask-option-to-help-text.patch
@@ -0,0 +1,24 @@
+From bbeb07ad24f5a4e2e391dc761fa05f3b39b29077 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 11 Dec 2024 10:31:58 +0100
+Subject: [PATCH] analyze: add missing --mask option to --help text
+
+Follow-up for: 3e7a029c2856e7814b930443cc2d4fb089377592
+
+(cherry picked from commit 4d09f976f6c10729619c7f4c87dd121aa34d019b)
+---
+ src/analyze/analyze.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
+index 0db3547a49..e21f12c65e 100644
+--- a/src/analyze/analyze.c
++++ b/src/analyze/analyze.c
+@@ -284,6 +284,7 @@ static int help(int argc, char *argv[], void *userdata) {
+ " --root=PATH Operate on an alternate filesystem root\n"
+ " --image=PATH Operate on disk image as filesystem root\n"
+ " --image-policy=POLICY Specify disk image dissection policy\n"
++ " -m --mask Parse parameter as numeric capability mask\n"
+ "\nSee the %2$s for details.\n",
+ program_invocation_short_name,
+ link,
diff --git a/SOURCES/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch b/SOURCES/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch
new file mode 100644
index 0000000..8c67cec
--- /dev/null
+++ b/SOURCES/0008-test-set-nsec3-salt-length-8-in-knot.conf.patch
@@ -0,0 +1,29 @@
+From 1b945fb1a727f85be9230e43d2fdaf78d2567946 Mon Sep 17 00:00:00 2001
+From: Nick Rosbrook <enr0n@ubuntu.com>
+Date: Tue, 10 Dec 2024 16:48:59 -0500
+Subject: [PATCH] test: set nsec3-salt-length=8 in knot.conf
+
+TEST-75-RESOLVED fails on Ubuntu autopkgtest due to this warning from
+knot:
+
+ notice: config, policy 'auto_rollover_nsec3' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0
+
+Explicitly set nsec3-salt-length=8 to silence.
+
+(cherry picked from commit 59e5108fb4e61957cb40bb15ac7966d085d13af2)
+---
+ test/knot-data/knot.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/test/knot-data/knot.conf b/test/knot-data/knot.conf
+index b8b9e7925d..6d177d7285 100644
+--- a/test/knot-data/knot.conf
++++ b/test/knot-data/knot.conf
+@@ -60,6 +60,7 @@ policy:
+ ksk-submission: parent_zone_sbm
+ nsec3-iterations: 0
+ nsec3: on
++ nsec3-salt-length: 8
+ propagation-delay: 1s
+ signing-threads: 4
+ zone-max-ttl: 1s
diff --git a/SOURCES/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch b/SOURCES/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch
new file mode 100644
index 0000000..5ba1267
--- /dev/null
+++ b/SOURCES/0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch
@@ -0,0 +1,44 @@
+From d80ab6aed678ed89327d86ced9fedd24b5baccd3 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Wed, 11 Dec 2024 12:10:13 +0000
+Subject: [PATCH] test-capability: CAP_LINUX_IMMUTABLE is not available in
+ unprivileged containers
+
+have ambient caps: yes
+Capabilities:cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
+Failed to drop auxiliary groups list: Operation not permitted
+Failed to change group ID: Operation not permitted
+Capabilities:cap_dac_override,cap_net_raw=ep
+Capabilities:cap_dac_override=ep
+Successfully forked off '(getambient)' as PID 12505.
+Skipping PR_SET_MM, as we don't have privileges.
+Ambient capability cap_linux_immutable requested but missing from bounding set, suppressing automatically.
+Assertion 'x < 0 || FLAGS_SET(c, UINT64_C(1) << CAP_LINUX_IMMUTABLE)' failed at src/test/test-capability.c:273, function test_capability_get_ambient(). Aborting.
+(getambient) terminated by signal ABRT.
+src/test/test-capability.c:258: Assertion failed: expected "r" to succeed, but got error: Protocol error
+
+Partially fixes #35552
+
+(cherry picked from commit 058a07635f3ff70cc99943dcf4f2a079bc9c28b9)
+---
+ src/test/test-capability.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/test/test-capability.c b/src/test/test-capability.c
+index 51bd806348..127f5e3d87 100644
+--- a/src/test/test-capability.c
++++ b/src/test/test-capability.c
+@@ -254,6 +254,13 @@ static void test_capability_get_ambient(void) {
+
+ ASSERT_OK(capability_get_ambient(&c));
+
++ r = prctl(PR_CAPBSET_READ, CAP_MKNOD);
++ if (r <= 0)
++ return (void) log_tests_skipped("Lacking CAP_MKNOD, skipping getambient test.");
++ r = prctl(PR_CAPBSET_READ, CAP_LINUX_IMMUTABLE);
++ if (r <= 0)
++ return (void) log_tests_skipped("Lacking CAP_LINUX_IMMUTABLE, skipping getambient test.");
++
+ r = safe_fork("(getambient)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_WAIT|FORK_LOG, NULL);
+ ASSERT_OK(r);
+
diff --git a/SOURCES/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch b/SOURCES/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch
new file mode 100644
index 0000000..4330b73
--- /dev/null
+++ b/SOURCES/0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch
@@ -0,0 +1,38 @@
+From 5573ac7d9c52bed8d38480788b02639ede3881fc Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Wed, 11 Dec 2024 12:01:18 +0000
+Subject: [PATCH] test-fd-util: skip test when lacking privileges to create a
+ new namespace
+
+To reproduce, as an unprivileged user start a docker container and build
+and run the unit tests inside it:
+
+$ docker run --rm -ti debian:bookworm bash
+...
+/* test_close_all_fds */
+Successfully forked off '(caf-plain)' as PID 10496.
+Skipping PR_SET_MM, as we don't have privileges.
+(caf-plain) succeeded.
+Failed to fork off '(caf-noproc)': Operation not permitted
+Assertion 'r >= 0' failed at src/test/test-fd-util.c:392, function test_close_all_fds(). Aborting.
+
+Partially fixes #35552
+
+(cherry picked from commit 630a2e7ee195ca96e102acac8df67a278a879124)
+---
+ src/test/test-fd-util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c
+index 20cf7b7627..5817d92725 100644
+--- a/src/test/test-fd-util.c
++++ b/src/test/test-fd-util.c
+@@ -389,6 +389,8 @@ TEST(close_all_fds) {
+ test_close_all_fds_inner();
+ _exit(EXIT_SUCCESS);
+ }
++ if (ERRNO_IS_NEG_PRIVILEGE(r))
++ return (void) log_tests_skipped("Lacking privileges for test in namespace with /proc/ overmounted");
+ assert_se(r >= 0);
+
+ if (!is_seccomp_available())
diff --git a/SOURCES/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch b/SOURCES/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch
new file mode 100644
index 0000000..c57455b
--- /dev/null
+++ b/SOURCES/0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch
@@ -0,0 +1,36 @@
+From c026cecac33c3b19b1a466304058eb0f7f71187b Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Wed, 11 Dec 2024 13:40:10 +0000
+Subject: [PATCH] test-fd-util: compare FDs to /bin/sh instead of /dev/null
+
+/dev/null is a character device, so same_fd() in the fallback path
+that compares fstat will fail, as that bails out if the fd refers
+to a char device. This happens on kernels without F_DUPFD_QUERY and
+without kcmp.
+
+/* test_same_fd */
+Assertion 'same_fd(d, e) > 0' failed at src/test/test-fd-util.c:111, function test_same_fd(). Aborting.
+
+Fixes #35552
+
+(cherry picked from commit 3b32d333e88f2a66651d58e32e01599fa84c3d19)
+---
+ src/test/test-fd-util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-fd-util.c b/src/test/test-fd-util.c
+index 5817d92725..a359efa052 100644
+--- a/src/test/test-fd-util.c
++++ b/src/test/test-fd-util.c
+@@ -76,9 +76,9 @@ TEST(same_fd) {
+
+ assert_se(pipe2(p, O_CLOEXEC) >= 0);
+ assert_se((a = fcntl(p[0], F_DUPFD, 3)) >= 0);
+- assert_se((b = open("/dev/null", O_RDONLY|O_CLOEXEC)) >= 0);
++ assert_se((b = open("/bin/sh", O_RDONLY|O_CLOEXEC)) >= 0);
+ assert_se((c = fcntl(a, F_DUPFD, 3)) >= 0);
+- assert_se((d = open("/dev/null", O_RDONLY|O_CLOEXEC|O_PATH)) >= 0); /* O_PATH changes error returns in F_DUPFD_QUERY, let's test explicitly */
++ assert_se((d = open("/bin/sh", O_RDONLY|O_CLOEXEC|O_PATH)) >= 0); /* O_PATH changes error returns in F_DUPFD_QUERY, let's test explicitly */
+ assert_se((e = fcntl(d, F_DUPFD, 3)) >= 0);
+
+ assert_se(same_fd(p[0], p[0]) > 0);
diff --git a/SOURCES/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch b/SOURCES/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch
new file mode 100644
index 0000000..6ed4077
--- /dev/null
+++ b/SOURCES/0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch
@@ -0,0 +1,66 @@
+From e1659133e79d20799a0841f3099f921957743691 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Wed, 11 Dec 2024 11:48:09 +0000
+Subject: [PATCH] mkosi: use inetutils package instead of hostname for
+ Archlinux
+
+In Arch the hostname binary is in a different package
+
+Follow-up for cf48bde7aea52b18ac3fa218d3f60fd3d533ef66
+
+(cherry picked from commit 446d737cba3652a9f3dbd07cea9cb4082350b241)
+---
+ mkosi.conf.d/10-arch/mkosi.conf | 1 +
+ mkosi.conf.d/10-centos-fedora/mkosi.conf | 1 +
+ mkosi.conf.d/10-debian-ubuntu/mkosi.conf | 1 +
+ mkosi.conf.d/10-opensuse/mkosi.conf | 1 +
+ 4 files changed, 4 insertions(+)
+
+diff --git a/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf
+index 5a4015e4d7..9ceb6ea6f8 100644
+--- a/mkosi.conf.d/10-arch/mkosi.conf
++++ b/mkosi.conf.d/10-arch/mkosi.conf
+@@ -25,6 +25,7 @@ Packages=
+ f2fs-tools
+ git
+ gnutls
++ inetutils
+ iproute
+ iputils
+ knot
+diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf
+index 5b1865a253..8004c089ad 100644
+--- a/mkosi.conf.d/10-centos-fedora/mkosi.conf
++++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf
+@@ -32,6 +32,7 @@ Packages=
+ glibc-langpack-de
+ glibc-langpack-en
+ gnutls-utils
++ hostname
+ integritysetup
+ iproute
+ iproute-tc
+diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+index 46dd98828f..c898664f83 100644
+--- a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
++++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+@@ -48,6 +48,7 @@ Packages=
+ fdisk
+ git-core
+ gnutls-bin
++ hostname
+ iproute2
+ iputils-ping
+ isc-dhcp-server
+diff --git a/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf
+index 8a08b1f8c7..4ee3894c00 100644
+--- a/mkosi.conf.d/10-opensuse/mkosi.conf
++++ b/mkosi.conf.d/10-opensuse/mkosi.conf
+@@ -47,6 +47,7 @@ Packages=
+ grep
+ group(wheel)
+ gzip
++ hostname
+ iputils
+ kernel-default
+ kmod
diff --git a/SOURCES/0013-man-document-unprivileged-is-not-for-reading-propert.patch b/SOURCES/0013-man-document-unprivileged-is-not-for-reading-propert.patch
new file mode 100644
index 0000000..ccf2cff
--- /dev/null
+++ b/SOURCES/0013-man-document-unprivileged-is-not-for-reading-propert.patch
@@ -0,0 +1,55 @@
+From cd727031a4daafe19f491df360c512433562f469 Mon Sep 17 00:00:00 2001
+From: Katariina Lounento <katariina.lounento@vaisala.com>
+Date: Mon, 9 Dec 2024 16:09:13 +0200
+Subject: [PATCH] man: document unprivileged is not for reading properties
+
+Document the fact that read-only properties may not have the flag
+SD_BUS_VTABLE_UNPRIVILEGED as that is not obvious especially given the
+flag is accepted for writable properties.
+
+Based on the check in `add_object_vtable_internal` called by
+`sd_bus_add_object_vtable` (as of the current tip of the main branch
+f7f5ba019206cacd486b0892fec76f70f525e04d):
+
+ case _SD_BUS_VTABLE_PROPERTY: {
+ [...]
+ if ([...] ||
+ [...]
+ (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
+ r = -EINVAL;
+ goto fail;
+ }
+
+(where `_SD_BUS_VTABLE_PROPERTY` means read-only property whereas
+`_SD_BUS_VTABLE_WRITABLE_PROPERTY` maps to writable property).
+
+This was implemented in the commit
+adacb9575a09981fcf11279f2f661e3fc21e58ff ("bus: introduce "trusted" bus
+concept and encode access control in object vtables") where
+`SD_BUS_VTABLE_UNPRIVILEGED` was introduced:
+
+ Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED
+ and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them.
+ Note however that read access is unrestricted, as PropertiesChanged
+ messages might send out the values anyway as an unrestricted
+ broadcast.
+
+(cherry picked from commit 3ca09aa4dd57327989eceb1298754601046ac041)
+---
+ man/sd_bus_add_object.xml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml
+index 4d14a7e731..5572f421fb 100644
+--- a/man/sd_bus_add_object.xml
++++ b/man/sd_bus_add_object.xml
+@@ -589,6 +589,9 @@
+ <constant>org.freedesktop.systemd1.Privileged</constant> annotation with value
+ <literal>true</literal> will be shown in introspection data.</para>
+
++ <para><constant>SD_BUS_VTABLE_UNPRIVILEGED</constant> may not be applied to read-only properties,
++ but read access (to both read-only and writable properties) is always unrestricted.</para>
++
+ <para>Note that this page describes checks implemented in the D-Bus client. The D-Bus server has an
+ additional policy that may permit or deny connections, see
+ "CONFIGURATION FILE" in
diff --git a/SOURCES/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch b/SOURCES/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
new file mode 100644
index 0000000..252f77c
--- /dev/null
+++ b/SOURCES/0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
@@ -0,0 +1,56 @@
+From 6b90a137892e18bd3c2cacb4aba2759da7ff3081 Mon Sep 17 00:00:00 2001
+From: Tobias Klauser <tklauser@distanz.ch>
+Date: Wed, 11 Dec 2024 15:10:39 +0100
+Subject: [PATCH] profile.d: don't bail if $SHELL_* variables are unset
+
+If - for whatever reason - a script uses set -u (nounset) and includes
+/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
+/etc/profile) the script would fail with:
+
+ /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
+
+For example:
+
+ $ cat > foo.sh <<EOF
+ #!/bin/sh
+ set -u
+
+ source /etc/profile
+ EOF
+ $ chmod 700 foo.sh
+ $ ./foo.sh
+ /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable
+
+Fix this by using shell parameter substitution[^1] (which is a POSIX
+shell concept) to set the $SHELL_* variables to the empty string if
+undefined.
+
+[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
+
+(cherry picked from commit 12e33d332b3f8754f4d5d0d21d5d3f0de8adc54c)
+---
+ profile.d/70-systemd-shell-extra.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/profile.d/70-systemd-shell-extra.sh b/profile.d/70-systemd-shell-extra.sh
+index 70be3341b9..dae77e4bc7 100644
+--- a/profile.d/70-systemd-shell-extra.sh
++++ b/profile.d/70-systemd-shell-extra.sh
+@@ -12,14 +12,14 @@
+ # credentials shell.prompt.prefix, shell.prompt.suffix and shell.welcome, and
+ # are propagated into these environment variables by pam_systemd(8).
+
+-if [ -n "$SHELL_PROMPT_PREFIX" ]; then
++if [ -n "${SHELL_PROMPT_PREFIX-}" ]; then
+ PS1="$SHELL_PROMPT_PREFIX$PS1"
+ fi
+
+-if [ -n "$SHELL_PROMPT_SUFFIX" ]; then
++if [ -n "${SHELL_PROMPT_SUFFIX-}" ]; then
+ PS1="$PS1$SHELL_PROMPT_SUFFIX"
+ fi
+
+-if [ -n "$SHELL_WELCOME" ]; then
++if [ -n "${SHELL_WELCOME-}" ]; then
+ printf '%b\n' "$SHELL_WELCOME"
+ fi
diff --git a/SOURCES/0015-Fixing-VLAN-ranges-in-man-systemd.network.patch b/SOURCES/0015-Fixing-VLAN-ranges-in-man-systemd.network.patch
new file mode 100644
index 0000000..fbb66a0
--- /dev/null
+++ b/SOURCES/0015-Fixing-VLAN-ranges-in-man-systemd.network.patch
@@ -0,0 +1,25 @@
+From 9fad72cc52bdec7f44337b1e48c23ee15fc08d77 Mon Sep 17 00:00:00 2001
+From: andrejpodzimek <andrej@podzimek.org>
+Date: Wed, 11 Dec 2024 12:46:43 +0000
+Subject: [PATCH] Fixing VLAN ranges in man systemd.network.
+
+Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
+
+(cherry picked from commit ae2f3af63962ba6e2f67cfce07c9fee61722e30e)
+---
+ man/systemd.network.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index 9d8dcba509..32cfb207e0 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -6431,7 +6431,7 @@ PVID=42
+ EgressUntagged=42
+
+ [BridgeVLAN]
+-VLAN=100-200
++VLAN=100-299
+
+ [BridgeVLAN]
+ EgressUntagged=300-400</programlisting>
diff --git a/SOURCES/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch b/SOURCES/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch
new file mode 100644
index 0000000..d467853
--- /dev/null
+++ b/SOURCES/0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch
@@ -0,0 +1,61 @@
+From ab99950f1a0ab9401b44357d226a5880b5f262a7 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 11 Dec 2024 12:44:26 +0000
+Subject: [PATCH] test-bpf-restrict-fs: Migrate to new assertion macros
+
+(cherry picked from commit 1c658c639db1c902266735754f2e2883fe67d1d9)
+---
+ src/test/test-bpf-restrict-fs.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/test/test-bpf-restrict-fs.c b/src/test/test-bpf-restrict-fs.c
+index 11e97bf922..349c5a6894 100644
+--- a/src/test/test-bpf-restrict-fs.c
++++ b/src/test/test-bpf-restrict-fs.c
+@@ -18,9 +18,9 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch
+ ExecContext *ec = NULL;
+ int cld_code, r;
+
+- assert_se(u = unit_new(m, sizeof(Service)));
+- assert_se(unit_add_name(u, unit_name) == 0);
+- assert_se(ec = unit_get_exec_context(u));
++ ASSERT_NOT_NULL(u = unit_new(m, sizeof(Service)));
++ ASSERT_OK_ZERO(unit_add_name(u, unit_name));
++ ASSERT_NOT_NULL(ec = unit_get_exec_context(u));
+
+ STRV_FOREACH(allow_filesystem, allowed_filesystems) {
+ r = config_parse_restrict_filesystems(
+@@ -30,7 +30,7 @@ static int test_restrict_filesystems(Manager *m, const char *unit_name, const ch
+ return log_unit_error_errno(u, r, "Failed to parse RestrictFileSystems: %m");
+ }
+
+- assert_se(exec_start = strjoin("cat ", file_path));
++ ASSERT_NOT_NULL(exec_start = strjoin("cat ", file_path));
+ r = config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart",
+ SERVICE_EXEC_START, exec_start, SERVICE(u)->exec_command, u);
+ if (r < 0)
+@@ -84,19 +84,19 @@ int main(int argc, char *argv[]) {
+
+ ASSERT_OK(get_testdata_dir("units", &unit_dir));
+ ASSERT_OK(setenv_unit_path(unit_dir));
+- assert_se(runtime_dir = setup_fake_runtime_dir());
++ ASSERT_NOT_NULL(runtime_dir = setup_fake_runtime_dir());
+
+ ASSERT_OK(manager_new(RUNTIME_SCOPE_SYSTEM, MANAGER_TEST_RUN_BASIC, &m));
+ ASSERT_OK(manager_startup(m, NULL, NULL, NULL));
+
+ /* We need to enable access to the filesystem where the binary is so we
+ * add @common-block and @application */
+- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")), 0);
++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("@common-block", "@application")));
+ ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application")));
+- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")), 0);
+- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")), 0);
++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/tracing/printk_formats", STRV_MAKE("tracefs", "@common-block", "@application", "~tracefs")));
++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("@common-block", "@application")));
+ ASSERT_OK(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("debugfs", "@common-block", "@application")));
+- ASSERT_LT(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")), 0);
++ ASSERT_FAIL(test_restrict_filesystems(m, "restrict_filesystems_test.service", "/sys/kernel/debug/sleep_time", STRV_MAKE("~debugfs")));
+
+ return 0;
+ }
diff --git a/SOURCES/0017-man-update-example-in-systemd-measure.xml-35506.patch b/SOURCES/0017-man-update-example-in-systemd-measure.xml-35506.patch
new file mode 100644
index 0000000..767f368
--- /dev/null
+++ b/SOURCES/0017-man-update-example-in-systemd-measure.xml-35506.patch
@@ -0,0 +1,27 @@
+From 926f5ab6bf0e3541106e6a6f95af4cbdec50582b Mon Sep 17 00:00:00 2001
+From: cvlc12 <97767846+cvlc12@users.noreply.github.com>
+Date: Wed, 11 Dec 2024 22:09:11 +0100
+Subject: [PATCH] man: update example in systemd-measure.xml (#35506)
+
+In the example from systemd-measure(1), do not bind to PCR 7 in
+addition to the PCR policy.
+
+As long as this is still done by default, see #35280.
+
+(cherry picked from commit 693038fce47a819c5eebeb4fce39c9ac991acf84)
+---
+ man/systemd-measure.xml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml
+index 5d697dd62f..368c94f700 100644
+--- a/man/systemd-measure.xml
++++ b/man/systemd-measure.xml
+@@ -328,6 +328,7 @@ $ ukify build \
+ <programlisting># systemd-cryptenroll --tpm2-device=auto \
+ --tpm2-public-key=tpm2-pcr-public-key.pem \
+ --tpm2-signature=tpm2-pcr-signature.json \
++ --tpm2-pcrs="" \
+ /dev/sda5</programlisting>
+
+ <para>And then unlock the device with the signature:</para>
diff --git a/SOURCES/0018-systemd-cryptenroll.xml-fix-typo.patch b/SOURCES/0018-systemd-cryptenroll.xml-fix-typo.patch
new file mode 100644
index 0000000..4ef898b
--- /dev/null
+++ b/SOURCES/0018-systemd-cryptenroll.xml-fix-typo.patch
@@ -0,0 +1,23 @@
+From df38ba869ceaf15ee7d5962660d644403c068f7a Mon Sep 17 00:00:00 2001
+From: Carlo Teubner <carlo@cteubner.net>
+Date: Wed, 11 Dec 2024 22:40:07 +0000
+Subject: [PATCH] systemd-cryptenroll.xml: fix typo
+
+(cherry picked from commit dfbd4d8bc5f18746051929e32f772078d6782e90)
+---
+ man/systemd-cryptenroll.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
+index f3c23adfd0..fb36f455ba 100644
+--- a/man/systemd-cryptenroll.xml
++++ b/man/systemd-cryptenroll.xml
+@@ -634,7 +634,7 @@
+ <para>Note the difference between <option>--tpm2-pcrs=</option> and
+ <option>--tpm2-public-key-pcrs=</option>: the former binds decryption to the current, specific PCR
+ values; the latter binds decryption to any set of PCR values for which a signature by the specified
+- public key can be provided. The latter is hence more useful in scenarios where software updates shell
++ public key can be provided. The latter is hence more useful in scenarios where software updates shall
+ be possible without losing access to all previously encrypted LUKS2 volumes. Like with
+ <option>--tpm2-pcrs=</option>, names defined in the table above can also be used to specify the
+ registers, for instance
diff --git a/SOURCES/0019-semaphore-skip-some-tests.patch b/SOURCES/0019-semaphore-skip-some-tests.patch
new file mode 100644
index 0000000..70e6781
--- /dev/null
+++ b/SOURCES/0019-semaphore-skip-some-tests.patch
@@ -0,0 +1,28 @@
+From e768cf55b19caec6c8936050b245f398aba8b884 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Wed, 11 Dec 2024 20:44:25 +0000
+Subject: [PATCH] semaphore: skip some tests
+
+semaphore CI runs are always very close to the limit of 1hr, and often
+time out when it's particularly oversubscribed.
+Skip some low-value test cases to shorten the runtime.
+
+(cherry picked from commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4)
+---
+ .semaphore/semaphore-runner.sh | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
+index e903ced70d..b663674652 100755
+--- a/.semaphore/semaphore-runner.sh
++++ b/.semaphore/semaphore-runner.sh
+@@ -109,6 +109,9 @@ EOF
+ --env DPKG_DEB_COMPRESSOR_TYPE="none" \
+ --env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \
+ --env TEST_UPSTREAM=1 \
++ --skip-test localed-locale \
++ --skip-test localed-x11-keymap \
++ --skip-test build-with-static-libsystemd \
+ ../systemd_*.dsc \
+ -o "$ARTIFACTS_DIR" \
+ -- lxc -s "$CONTAINER" \
diff --git a/SOURCES/0020-shell-completion-add-systemd-creds.patch b/SOURCES/0020-shell-completion-add-systemd-creds.patch
new file mode 100644
index 0000000..12204a5
--- /dev/null
+++ b/SOURCES/0020-shell-completion-add-systemd-creds.patch
@@ -0,0 +1,215 @@
+From b256e149d4eceb9931fa6b727f3523a8d9fd0198 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Tue, 10 Dec 2024 22:19:09 +0000
+Subject: [PATCH] shell completion: add systemd-creds
+
+(cherry picked from commit 783f794e89996ae7f2ae1872d65c515a672437fa)
+---
+ shell-completion/bash/meson.build | 1 +
+ shell-completion/bash/systemd-creds | 185 ++++++++++++++++++++++++++++
+ 2 files changed, 186 insertions(+)
+ create mode 100644 shell-completion/bash/systemd-creds
+
+diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build
+index 91635df74a..59c2e2ef40 100644
+--- a/shell-completion/bash/meson.build
++++ b/shell-completion/bash/meson.build
+@@ -24,6 +24,7 @@ items = [['busctl', ''],
+ ['systemd-cat', ''],
+ ['systemd-cgls', ''],
+ ['systemd-cgtop', ''],
++ ['systemd-creds', ''],
+ ['systemd-delta', ''],
+ ['systemd-detect-virt', ''],
+ ['systemd-id128', ''],
+diff --git a/shell-completion/bash/systemd-creds b/shell-completion/bash/systemd-creds
+new file mode 100644
+index 0000000000..310106b936
+--- /dev/null
++++ b/shell-completion/bash/systemd-creds
+@@ -0,0 +1,185 @@
++# shellcheck shell=bash
++# systemd-creds(1) completion -*- shell-script -*-
++# SPDX-License-Identifier: LGPL-2.1-or-later
++#
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++#
++# systemd is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with systemd; If not, see <https://www.gnu.org/licenses/>.
++
++__contains_word() {
++ local w word=$1; shift
++ for w in "$@"; do
++ [[ $w = "$word" ]] && return
++ done
++}
++
++__get_tpm2_devices() {
++ local i
++ for i in /dev/tpmrm*; do
++ [ -c "$i" ] && printf '%s\n' "$i"
++ done
++}
++
++__get_creds() {
++ local a b c
++ local mode=$1; shift 1
++ systemd-creds list $mode --no-legend --no-pager $1 2>/dev/null | \
++ { while read -r a b c; do echo " $a"; done }
++}
++
++_systemd_creds() {
++ local verb comps mode i
++ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
++ local -A OPTS=(
++ [STANDALONE]='-h --help --version --no-pager --no-legend
++ -H -T --system --user -p --pretty --allow-null'
++ [ARG]='--tpm2-device
++ --tpm2-device-key
++ --tpm2-pcrs
++ --tpm2-public-key
++ --tpm2-public-key-pcrs
++ --tpm2-signature
++ --json
++ --transcode
++ --newline
++ --name
++ --timestamp
++ --not-after
++ --with-key
++ --uid'
++ )
++
++ local -A VERBS=(
++ [STANDALONE]='list setup'
++ [CAT]='cat'
++ [ENCRYPT]='encrypt'
++ [DECRYPT]='decrypt'
++ )
++
++ local -A OPTS_FOR_VERB=(
++ [CAT]='--help
++ --version
++ --no-pager
++ --no-legend
++ --user
++ --system'
++ [ENCRYPT]='--help
++ --version
++ --no-pager
++ --no-legend
++ --uid
++ --with-key
++ -H
++ -T
++ --tpm2-device
++ --tpm2-pcrs
++ --tpm2-public-key
++ --tpm2-public-key-pcrs
++ --tpm2-signature
++ --not-after
++ --name
++ --timestamp
++ --pretty'
++ [DECRYPT]='--help
++ --version
++ --no-pager
++ --no-legend
++ --uid
++ --tpm2-device
++ --tpm2-pcrs
++ --tpm2-public-key
++ --tpm2-public-key-pcrs
++ --tpm2-signature
++ --name
++ --timestamp
++ --allow-null'
++ )
++
++ _init_completion || return
++
++ if __contains_word "--user" ${COMP_WORDS[*]}; then
++ mode=--user
++ elif __contains_word "--system" ${COMP_WORDS[*]}; then
++ mode=--system
++ else
++ mode=''
++ fi
++
++ if __contains_word "$prev" ${OPTS[ARG]}; then
++ case $prev in
++ --tpm2-public-key|--tpm2-signature)
++ comps=$(compgen -A file -- "$cur")
++ compopt -o filenames
++ ;;
++ --tpm2-device)
++ comps="auto list $(__get_tpm2_devices)"
++ ;;
++ --json)
++ comps=$( systemd-creds --json=help 2>/dev/null )
++ ;;
++ --transcode)
++ comps='base64 unbase64 hex unhex'
++ ;;
++ --with-key)
++ comps='host tpm2 host+tpm2 null auto auto-initrd'
++ ;;
++ esac
++ COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
++ return 0
++ fi
++
++ if [[ -z ${verb-} && "$cur" = -* ]]; then
++ COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
++ return 0
++ fi
++
++ for ((i=0; i < COMP_CWORD; i++)); do
++ if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
++ ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
++ verb=${COMP_WORDS[i]}
++ break
++ fi
++ done
++
++ if [[ -z ${verb-} ]]; then
++ comps=${VERBS[*]}
++ elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
++ comps=''
++ elif __contains_word "$verb" ${VERBS[CAT]}; then
++ if [[ $cur = -* ]]; then
++ comps=${OPTS_FOR_VERB[CAT]}
++ else
++ comps=$( __get_creds $mode )
++ fi
++ elif __contains_word "$verb" ${VERBS[ENCRYPT]}; then
++ if [[ $cur = -* ]]; then
++ comps=${OPTS_FOR_VERB[ENCRYPT]}
++ else
++ comps=$( compgen -A file -- "$cur" )
++ compopt -o filenames
++ fi
++ elif __contains_word "$verb" ${VERBS[DECRYPT]}; then
++ if [[ $cur = -* ]]; then
++ comps=${OPTS_FOR_VERB[DECRYPT]}
++ else
++ comps=$( compgen -A file -- "$cur" )
++ compopt -o filenames
++ fi
++ fi
++
++ COMPREPLY=( $(compgen -W '${comps-}' -- "$cur") )
++ return 0
++}
++
++complete -F _systemd_creds systemd-creds
diff --git a/SOURCES/0021-core-fix-loading-verity-settings-for-MountImages.patch b/SOURCES/0021-core-fix-loading-verity-settings-for-MountImages.patch
new file mode 100644
index 0000000..19138e3
--- /dev/null
+++ b/SOURCES/0021-core-fix-loading-verity-settings-for-MountImages.patch
@@ -0,0 +1,64 @@
+From c52f82b8d53c986798480ceaab4a269ca70126b1 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 12 Dec 2024 00:24:05 +0000
+Subject: [PATCH] core: fix loading verity settings for MountImages=
+
+The MountEntry logic was refactored to store the verity
+settings, and updated for ExtensionImages=, but not for
+MountImages=.
+
+Follow-up for a1a40297dbfa5bcd926d1a19320deb73c033c6f5
+
+(cherry picked from commit 59a83e11887e13a35d88fd7dc71a13b450433715)
+---
+ src/core/namespace.c | 8 ++++++++
+ test/units/TEST-50-DISSECT.dissect.sh | 3 +++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index 57dbbc4fc7..10f4c50bcc 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -480,20 +480,28 @@ static int append_bind_mounts(MountList *ml, const BindMount *binds, size_t n) {
+ }
+
+ static int append_mount_images(MountList *ml, const MountImage *mount_images, size_t n) {
++ int r;
++
+ assert(ml);
+ assert(mount_images || n == 0);
+
+ FOREACH_ARRAY(m, mount_images, n) {
++ _cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
+ MountEntry *me = mount_list_extend(ml);
+ if (!me)
+ return log_oom_debug();
+
++ r = verity_settings_load(&verity, m->source, /* root_hash_path= */ NULL, /* root_hash_sig_path= */ NULL);
++ if (r < 0)
++ return log_debug_errno(r, "Failed to check verity root hash of %s: %m", m->source);
++
+ *me = (MountEntry) {
+ .path_const = m->destination,
+ .mode = MOUNT_IMAGE,
+ .source_const = m->source,
+ .image_options_const = m->mount_options,
+ .ignore = m->ignore_enoent,
++ .verity = TAKE_GENERIC(verity, VeritySettings, VERITY_SETTINGS_DEFAULT),
+ };
+ }
+
+diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
+index 6cf1213551..09cb676200 100755
+--- a/test/units/TEST-50-DISSECT.dissect.sh
++++ b/test/units/TEST-50-DISSECT.dissect.sh
+@@ -281,6 +281,9 @@ systemd-run -P \
+ -p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
+ -p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
+ cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
++systemd-run -P \
++ -p MountImages="$MINIMAL_IMAGE.raw:/run/img2" \
++ veritysetup status "${MINIMAL_IMAGE_ROOTHASH}-verity" | grep -q "${MINIMAL_IMAGE_ROOTHASH}"
+ cat >/run/systemd/system/testservice-50c.service <<EOF
+ [Service]
+ MountAPIVFS=yes
diff --git a/SOURCES/0022-test-add-more-coverage-for-extensions-and-verity.patch b/SOURCES/0022-test-add-more-coverage-for-extensions-and-verity.patch
new file mode 100644
index 0000000..6c04b3f
--- /dev/null
+++ b/SOURCES/0022-test-add-more-coverage-for-extensions-and-verity.patch
@@ -0,0 +1,48 @@
+From 06467e1dbc0fbf3346a990e6d6a02b1bfc5e8a1c Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 12 Dec 2024 00:50:45 +0000
+Subject: [PATCH] test: add more coverage for extensions and verity
+
+(cherry picked from commit c7fcb08324774c62bd2a786b03a7104a33049db6)
+---
+ test/units/TEST-50-DISSECT.dissect.sh | 6 ++++++
+ test/units/util.sh | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/test/units/TEST-50-DISSECT.dissect.sh b/test/units/TEST-50-DISSECT.dissect.sh
+index 09cb676200..f2b4db5133 100755
+--- a/test/units/TEST-50-DISSECT.dissect.sh
++++ b/test/units/TEST-50-DISSECT.dissect.sh
+@@ -365,6 +365,12 @@ systemd-run -P \
+ --property ExtensionImages=/etc/service-scoped-test.raw \
+ --property RootImage="$MINIMAL_IMAGE.raw" \
+ cat /etc/systemd/system/some_file | grep -q -F "MARKER_CONFEXT_123"
++systemd-run -P \
++ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \
++ veritysetup status "$(cat /tmp/app0.roothash)-verity" | grep -q "$(cat /tmp/app0.roothash)"
++systemd-run -P \
++ --property ExtensionImages="/tmp/app0.raw /tmp/conf0.raw" \
++ veritysetup status "$(cat /tmp/conf0.roothash)-verity" | grep -q "$(cat /tmp/conf0.roothash)"
+
+ # Check that two identical verity images at different paths do not fail with -ELOOP from OverlayFS
+ mkdir -p /tmp/loop
+diff --git a/test/units/util.sh b/test/units/util.sh
+index 7a39d4267e..1f903b3293 100755
+--- a/test/units/util.sh
++++ b/test/units/util.sh
+@@ -284,6 +284,7 @@ EOF
+ chmod +x "$initdir/opt/script0.sh"
+ echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file"
+ mksquashfs "$initdir" /tmp/app0.raw -noappend
++ veritysetup format /tmp/app0.raw /tmp/app0.verity --root-hash-file /tmp/app0.roothash
+
+ initdir="/var/tmp/conf0"
+ mkdir -p "$initdir/etc/extension-release.d" "$initdir/etc/systemd/system" "$initdir/opt"
+@@ -295,6 +296,7 @@ EOF
+ ) >>"$initdir/etc/extension-release.d/extension-release.conf0"
+ echo MARKER_1 >"$initdir/etc/systemd/system/some_file"
+ mksquashfs "$initdir" /tmp/conf0.raw -noappend
++ veritysetup format /tmp/conf0.raw /tmp/conf0.verity --root-hash-file /tmp/conf0.roothash
+
+ initdir="/var/tmp/app1"
+ mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt"
diff --git a/SOURCES/0023-README-drop-CentOS-CI-badges.patch b/SOURCES/0023-README-drop-CentOS-CI-badges.patch
new file mode 100644
index 0000000..6814028
--- /dev/null
+++ b/SOURCES/0023-README-drop-CentOS-CI-badges.patch
@@ -0,0 +1,26 @@
+From 3b6b819a289feb76774e7c73654b3f4197181986 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 12 Dec 2024 11:58:24 +0900
+Subject: [PATCH] README: drop CentOS CI badges
+
+CentOS CIs are disabled after ead814a0b0f64c572282b9e27a0a995893f10cf0.
+
+(cherry picked from commit 1fe583861feb5796fa0be937dc7f4c2ce07bcde5)
+---
+ README.md | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/README.md b/README.md
+index 12f1381f08..9e026b287c 100644
+--- a/README.md
++++ b/README.md
+@@ -7,9 +7,6 @@ System and Service Manager
+ [](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#systemd)<br/>
+ [](https://github.com/systemd/systemd/actions)<br/>
+ [](https://bestpractices.coreinfrastructure.org/projects/1369)<br/>
+-[](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-centos9s/)<br/>
+-[](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux/)<br/>
+-[&job=upstream-vagrant-archlinux-sanitizers)](https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/)<br/>
+ [](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.html)</br>
+ [](https://translate.fedoraproject.org/engage/systemd/)</br>
+ [](https://coveralls.io/github/systemd/systemd?branch=main)</br>
diff --git a/SOURCES/0024-meson.version-change-to-257.1.patch b/SOURCES/0024-meson.version-change-to-257.1.patch
new file mode 100644
index 0000000..81997e7
--- /dev/null
+++ b/SOURCES/0024-meson.version-change-to-257.1.patch
@@ -0,0 +1,19 @@
+From 3267661c626bd904395e3dd0f5e24b550f7309fe Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 12 Dec 2024 13:11:51 +0000
+Subject: [PATCH] meson.version: change to 257.1
+
+This is used to detect in various CIs that we are on a stable branch,
+so set the new version early, otherwise some scripts will think it's
+running in main
+---
+ meson.version | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.version b/meson.version
+index a700e79997..97fb426c59 100644
+--- a/meson.version
++++ b/meson.version
+@@ -1 +1 @@
+-257
++257.1
diff --git a/SOURCES/0025-journalctl-honor-quiet-with-setup-keys.patch b/SOURCES/0025-journalctl-honor-quiet-with-setup-keys.patch
new file mode 100644
index 0000000..96e814c
--- /dev/null
+++ b/SOURCES/0025-journalctl-honor-quiet-with-setup-keys.patch
@@ -0,0 +1,76 @@
+From 644f2a02c8befba986ebbc5d58767807fb2999ee Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 10 Dec 2024 09:40:43 +0900
+Subject: [PATCH] journalctl: honor --quiet with --setup-keys
+
+Closes #35504.
+
+(cherry picked from commit a5b2973850e5952b9dffdfa3f6a0ef486957cb17)
+---
+ src/journal/journalctl-authenticate.c | 13 ++++++++-----
+ test/units/TEST-04-JOURNAL.fss.sh | 6 ++++--
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c
+index 865814cd03..87374816b4 100644
+--- a/src/journal/journalctl-authenticate.c
++++ b/src/journal/journalctl-authenticate.c
+@@ -97,17 +97,20 @@ int action_setup_keys(void) {
+ state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
+ state = alloca_safe(state_size);
+
+- log_info("Generating seed...");
++ if (!arg_quiet)
++ log_info("Generating seed...");
+ r = crypto_random_bytes(seed, seed_size);
+ if (r < 0)
+ return log_error_errno(r, "Failed to acquire random seed: %m");
+
+- log_info("Generating key pair...");
++ if (!arg_quiet)
++ log_info("Generating key pair...");
+ r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
+ if (r < 0)
+ return log_error_errno(r, "Failed to generate key pair: %m");
+
+- log_info("Generating sealing key...");
++ if (!arg_quiet)
++ log_info("Generating sealing key...");
+ r = FSPRG_GenState0(state, mpk, seed, seed_size);
+ if (r < 0)
+ return log_error_errno(r, "Failed to generate sealing key: %m");
+@@ -122,7 +125,7 @@ int action_setup_keys(void) {
+
+ r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
+ if (r < 0)
+- log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING,
++ log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING,
+ r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
+
+ struct FSSHeader h = {
+@@ -155,7 +158,7 @@ int action_setup_keys(void) {
+ if (r < 0)
+ return r;
+
+- if (!on_tty()) {
++ if (!on_tty() || arg_quiet) {
+ /* If we are not on a TTY, show only the key. */
+ puts(key);
+ return 0;
+diff --git a/test/units/TEST-04-JOURNAL.fss.sh b/test/units/TEST-04-JOURNAL.fss.sh
+index 03351b812f..140bd9fd67 100755
+--- a/test/units/TEST-04-JOURNAL.fss.sh
++++ b/test/units/TEST-04-JOURNAL.fss.sh
+@@ -10,8 +10,10 @@ if ! journalctl --version | grep -qF +GCRYPT; then
+ exit 0
+ fi
+
+-journalctl --force --setup-keys --interval=2 |& tee /tmp/fss
+-FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)"
++# without --quiet, should be effectively equivalent to the below, as we are not on tty
++journalctl --force --setup-keys --interval=2
++
++FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet)
+ [[ -n "$FSS_VKEY" ]]
+
+ # Generate some buzz in the journal and wait until the FSS key is changed
diff --git a/SOURCES/0026-dbus-log-disconnect-on-api-and-system-busses.patch b/SOURCES/0026-dbus-log-disconnect-on-api-and-system-busses.patch
new file mode 100644
index 0000000..df375f6
--- /dev/null
+++ b/SOURCES/0026-dbus-log-disconnect-on-api-and-system-busses.patch
@@ -0,0 +1,35 @@
+From c189ecc7fe5039d98bbb448ab45ab0fa3842b3a3 Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Thu, 28 Nov 2024 12:51:38 -0700
+Subject: [PATCH] dbus: log disconnect on api and system busses
+
+This is an interesting event. Let's log about it.
+
+(cherry picked from commit 11ee1bab60abde67cd0edc470c93c1afe10d975d)
+---
+ src/core/dbus.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/dbus.c b/src/core/dbus.c
+index 744b97f991..3f0f40e702 100644
+--- a/src/core/dbus.c
++++ b/src/core/dbus.c
+@@ -131,10 +131,16 @@ static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_e
+ assert(message);
+ assert_se(bus = sd_bus_message_get_bus(message));
+
+- if (bus == m->api_bus)
++ if (bus == m->api_bus) {
++ log_notice("Got disconnect on API bus.");
+ bus_done_api(m);
+- if (bus == m->system_bus)
++ }
++ if (bus == m->system_bus) {
++ /* If we are the system manager, this is already logged by the API bus. */
++ if (!MANAGER_IS_SYSTEM(m))
++ log_notice("Got disconnect on system bus.");
+ bus_done_system(m);
++ }
+
+ if (set_remove(m->private_buses, bus)) {
+ log_debug("Got disconnect on private connection.");
diff --git a/SOURCES/0027-manager-add-list-of-subscribers-to-dump-info.patch b/SOURCES/0027-manager-add-list-of-subscribers-to-dump-info.patch
new file mode 100644
index 0000000..1a7853f
--- /dev/null
+++ b/SOURCES/0027-manager-add-list-of-subscribers-to-dump-info.patch
@@ -0,0 +1,26 @@
+From bcf740e4a3caa32b3a920512833b68fc6d530125 Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Thu, 28 Nov 2024 12:52:45 -0700
+Subject: [PATCH] manager: add list of subscribers to dump info
+
+This is handy for debugging.
+
+(cherry picked from commit 91713841491d0d4775566ed59f621f0f9a2413b5)
+---
+ src/core/manager-dump.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/manager-dump.c b/src/core/manager-dump.c
+index a12d50c91e..7e678fa03e 100644
+--- a/src/core/manager-dump.c
++++ b/src/core/manager-dump.c
+@@ -77,6 +77,9 @@ static void manager_dump_header(Manager *m, FILE *f, const char *prefix) {
+ timestamp_is_set(t->realtime) ? FORMAT_TIMESTAMP(t->realtime) :
+ FORMAT_TIMESPAN(t->monotonic, 1));
+ }
++
++ for (const char *n = sd_bus_track_first(m->subscribed); n; n = sd_bus_track_next(m->subscribed))
++ fprintf(f, "%sSubscribed: %s\n", strempty(prefix), n);
+ }
+
+ void manager_dump(Manager *m, FILE *f, char **patterns, const char *prefix) {
diff --git a/SOURCES/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch b/SOURCES/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch
new file mode 100644
index 0000000..21d724b
--- /dev/null
+++ b/SOURCES/0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch
@@ -0,0 +1,111 @@
+From 070c28a12a3687966d91a633ce9df78b35e0b364 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 1 Dec 2024 17:36:33 +0900
+Subject: [PATCH] exec-util: allow to invoke polkit/ask-password agent even if
+ STDIN is not a tty
+
+Closes #35018.
+
+(cherry picked from commit 0f81c8406f0f47175c699715e84de8291057033c)
+---
+ src/shared/ask-password-agent.c | 8 ++------
+ src/shared/exec-util.c | 23 ++++++++++++++---------
+ src/shared/polkit-agent.c | 8 ++------
+ 3 files changed, 18 insertions(+), 21 deletions(-)
+
+diff --git a/src/shared/ask-password-agent.c b/src/shared/ask-password-agent.c
+index 62b73503ca..d02d68a4e1 100644
+--- a/src/shared/ask-password-agent.c
++++ b/src/shared/ask-password-agent.c
+@@ -18,12 +18,8 @@ int ask_password_agent_open(void) {
+ if (agent_pid > 0)
+ return 0;
+
+- /* We check STDIN here, not STDOUT, since this is about input, not output */
+- if (!isatty_safe(STDIN_FILENO))
+- return 0;
+-
+- /* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
+- * interactively on a terminal, hence fail */
++ /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
++ * interactively on a terminal, hence fail. */
+ r = get_ctty_devnr(0, NULL);
+ if (r == -ENXIO)
+ return 0;
+diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
+index 8435c4f118..599b925a99 100644
+--- a/src/shared/exec-util.c
++++ b/src/shared/exec-util.c
+@@ -544,7 +544,6 @@ int fexecve_or_execve(int executable_fd, const char *executable, char *const arg
+ }
+
+ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
+- bool stdout_is_tty, stderr_is_tty;
+ size_t n, i;
+ va_list ap;
+ char **l;
+@@ -567,17 +566,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re
+
+ /* In the child: */
+
+- stdout_is_tty = isatty_safe(STDOUT_FILENO);
+- stderr_is_tty = isatty_safe(STDERR_FILENO);
++ bool stdin_is_tty = isatty_safe(STDIN_FILENO),
++ stdout_is_tty = isatty_safe(STDOUT_FILENO),
++ stderr_is_tty = isatty_safe(STDERR_FILENO);
+
+- if (!stdout_is_tty || !stderr_is_tty) {
++ if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) {
+ int fd;
+
+- /* Detach from stdout/stderr and reopen /dev/tty for them. This is important to ensure that
+- * when systemctl is started via popen() or a similar call that expects to read EOF we
++ /* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure
++ * that when systemctl is started via popen() or a similar call that expects to read EOF we
+ * actually do generate EOF and not delay this indefinitely by keeping an unused copy of
+ * stdin around. */
+- fd = open("/dev/tty", O_WRONLY);
++ fd = open("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR);
+ if (fd < 0) {
+ if (errno != ENXIO) {
+ log_error_errno(errno, "Failed to open /dev/tty: %m");
+@@ -588,13 +588,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re
+ * connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
+ * skip the forking of the agents, given the TTY setup is not in order. */
+ } else {
++ if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) {
++ log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m");
++ _exit(EXIT_FAILURE);
++ }
++
+ if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
+- log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
++ log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m");
+ _exit(EXIT_FAILURE);
+ }
+
+ if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
+- log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
++ log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m");
+ _exit(EXIT_FAILURE);
+ }
+
+diff --git a/src/shared/polkit-agent.c b/src/shared/polkit-agent.c
+index 842e41e8db..d87eb56164 100644
+--- a/src/shared/polkit-agent.c
++++ b/src/shared/polkit-agent.c
+@@ -31,12 +31,8 @@ int polkit_agent_open(void) {
+ if (geteuid() == 0)
+ return 0;
+
+- /* We check STDIN here, not STDOUT, since this is about input, not output */
+- if (!isatty_safe(STDIN_FILENO))
+- return 0;
+-
+- /* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
+- * interactively on a terminal, hence fail */
++ /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
++ * interactively on a terminal, hence fail. */
+ r = get_ctty_devnr(0, NULL);
+ if (r == -ENXIO)
+ return 0;
diff --git a/SOURCES/0029-mkosi-Fix-opensuse-build.patch b/SOURCES/0029-mkosi-Fix-opensuse-build.patch
new file mode 100644
index 0000000..a753129
--- /dev/null
+++ b/SOURCES/0029-mkosi-Fix-opensuse-build.patch
@@ -0,0 +1,27 @@
+From 4162c331dd4fc6657d1f51c90a7a0223e9f4a30d Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 12 Dec 2024 11:58:42 +0000
+Subject: [PATCH] mkosi: Fix opensuse build
+
+The opensuse spec still looks for README.testsuite so hack it to look
+for README.md instead now that we changed the name in the repo.
+
+(cherry picked from commit 3aa725732161f11788a51405f9c5204190e7a0e9)
+---
+ mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+index 7349038638..c9089b78c4 100755
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+@@ -60,6 +60,9 @@ fi
+ # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
+ sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
+
++# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite.
++sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec"
++
+ build() {
+ IFS=
+ # shellcheck disable=SC2046
diff --git a/SOURCES/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch b/SOURCES/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch
new file mode 100644
index 0000000..6fea3cc
--- /dev/null
+++ b/SOURCES/0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch
@@ -0,0 +1,71 @@
+From 1f6e1928488d461d19fd1e4b4d645b0ea5ea8bf5 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 12 Dec 2024 11:48:52 +0000
+Subject: [PATCH] units: use PrivateTmp=disconnected instead of 'yes' if
+ DefaultDependencies=no
+
+Avoids subtle race conditions such as the one described at
+#35582.
+
+Fixes #35582
+
+(cherry picked from commit 1ca315be0097bccc9ff55e09ac339a48fdb9a040)
+---
+ units/systemd-coredump@.service.in | 2 +-
+ units/systemd-oomd.service.in | 2 +-
+ units/systemd-resolved.service.in | 2 +-
+ units/systemd-timesyncd.service.in | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in
+index fa3206d07b..c74dc7a5a1 100644
+--- a/units/systemd-coredump@.service.in
++++ b/units/systemd-coredump@.service.in
+@@ -26,7 +26,7 @@ NoNewPrivileges=yes
+ OOMScoreAdjust=500
+ PrivateDevices=yes
+ PrivateNetwork=yes
+-PrivateTmp=yes
++PrivateTmp=disconnected
+ ProtectControlGroups=yes
+ ProtectHome=read-only
+ ProtectHostname=yes
+diff --git a/units/systemd-oomd.service.in b/units/systemd-oomd.service.in
+index 82bd6245f8..670d5e6140 100644
+--- a/units/systemd-oomd.service.in
++++ b/units/systemd-oomd.service.in
+@@ -37,7 +37,7 @@ MemoryLow=64M
+ NoNewPrivileges=yes
+ OOMScoreAdjust=-900
+ PrivateDevices=yes
+-PrivateTmp=yes
++PrivateTmp=disconnected
+ ProtectClock=yes
+ ProtectHome=yes
+ ProtectHostname=yes
+diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
+index 4aa0788ac4..e181b2528a 100644
+--- a/units/systemd-resolved.service.in
++++ b/units/systemd-resolved.service.in
+@@ -29,7 +29,7 @@ LockPersonality=yes
+ MemoryDenyWriteExecute=yes
+ NoNewPrivileges=yes
+ PrivateDevices=yes
+-PrivateTmp=yes
++PrivateTmp=disconnected
+ ProtectClock=yes
+ ProtectControlGroups=yes
+ ProtectHome=yes
+diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
+index cf233fbffd..835d6327e7 100644
+--- a/units/systemd-timesyncd.service.in
++++ b/units/systemd-timesyncd.service.in
+@@ -31,7 +31,7 @@ LockPersonality=yes
+ MemoryDenyWriteExecute=yes
+ NoNewPrivileges=yes
+ PrivateDevices=yes
+-PrivateTmp=yes
++PrivateTmp=disconnected
+ ProtectProc=invisible
+ ProtectControlGroups=yes
+ ProtectHome=yes
diff --git a/SOURCES/0031-battery-check-parse-options-before-checking-for-kern.patch b/SOURCES/0031-battery-check-parse-options-before-checking-for-kern.patch
new file mode 100644
index 0000000..534a4cd
--- /dev/null
+++ b/SOURCES/0031-battery-check-parse-options-before-checking-for-kern.patch
@@ -0,0 +1,36 @@
+From 29cdad871ea5febb64336b43f08aab5ac15ab4cb Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Fri, 8 Nov 2024 12:23:37 +0000
+Subject: [PATCH] battery-check: parse options before checking for kernel
+ command line
+
+Otherwise --help/--version/etc which exit immediately will do pointless work
+
+(cherry picked from commit 60d23b7f4ae26d934e5748d30bb7ae956f3ad83d)
+---
+ src/battery-check/battery-check.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/battery-check/battery-check.c b/src/battery-check/battery-check.c
+index 1563147b7b..a2ed5cbafd 100644
+--- a/src/battery-check/battery-check.c
++++ b/src/battery-check/battery-check.c
+@@ -123,14 +123,14 @@ static int run(int argc, char *argv[]) {
+
+ log_setup();
+
+- r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
+- if (r < 0)
+- log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
+-
+ r = parse_argv(argc, argv);
+ if (r <= 0)
+ return r;
+
++ r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
++ if (r < 0)
++ log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
++
+ if (!arg_doit) {
+ log_info("Checking battery status and AC power existence is disabled by the kernel command line, skipping execution.");
+ return 0;
diff --git a/SOURCES/0032-test-loop-block-return-77-on-skip-in-more-places.patch b/SOURCES/0032-test-loop-block-return-77-on-skip-in-more-places.patch
new file mode 100644
index 0000000..58a16ff
--- /dev/null
+++ b/SOURCES/0032-test-loop-block-return-77-on-skip-in-more-places.patch
@@ -0,0 +1,34 @@
+From 1fb4673a6977c6a694f786dbc6cf2ff1990794ff Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Wed, 13 Nov 2024 14:20:34 +0000
+Subject: [PATCH] test-loop-block: return -77 on skip in more places
+
+(cherry picked from commit 81e0693465402d2e72cb3ba1b28e25e3c4c0206a)
+---
+ src/test/test-loop-block.c | 12 ++++--------
+ 1 file changed, 4 insertions(+), 8 deletions(-)
+
+diff --git a/src/test/test-loop-block.c b/src/test/test-loop-block.c
+index e69c0d5caf..921049c3fb 100644
+--- a/src/test/test-loop-block.c
++++ b/src/test/test-loop-block.c
+@@ -224,15 +224,11 @@ static int run(int argc, char *argv[]) {
+ dissected = dissected_image_unref(dissected);
+ #endif
+
+- if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
+- log_tests_skipped("not running privileged");
+- return 0;
+- }
++ if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
++ return log_tests_skipped("not running privileged");
+
+- if (detect_container() > 0) {
+- log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
+- return 0;
+- }
++ if (detect_container() > 0)
++ return log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
+
+ assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);
+
diff --git a/SOURCES/0033-mkosi-update-debian-commit-reference.patch b/SOURCES/0033-mkosi-update-debian-commit-reference.patch
new file mode 100644
index 0000000..6e82278
--- /dev/null
+++ b/SOURCES/0033-mkosi-update-debian-commit-reference.patch
@@ -0,0 +1,43 @@
+From 1a259b4e6006a48d5e3a83680f3341e1c68a2ba2 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 12 Dec 2024 16:46:11 +0000
+Subject: [PATCH] mkosi: update debian commit reference
+
+* e8b7c9a4dd Install 81-net-bridge.rules
+* 50d2997a07 Install systemd-creds bash completion
+* ff0c42823c test: fix flaky boot-and-services test
+* 2a19dee4ba test: fix flaky boot-and-services test
+* a15a0bfe60 Update changelog for 257-2 release
+* c24eafcb7e Backport patches to fix test failures
+* 29840f9b68 udev: install dmi_memory_id and its rules on riscv64
+* 44893bdb32 Update changelog for 257-1 release
+* 7f71d995fb Update symbols file for v257
+* 2dd2b80499 Update upstream source from tag 'upstream/257'
+* 51a3271a85 Update changelog for 257~rc3-1 release
+* 8e687227c5 Update symbols for 257~rc3
+* c9bae527d6 Drop patches, merged upstream
+* e8cf329870 Update upstream source from tag 'upstream/257_rc3'
+* 794457516d autopkgtest: fix one more tzdata dependency
+* 16bb143da1 Bump version in tzdata dependency due to p-u upload
+* f2ddf70604 sysctl: Add file trigger on /usr/lib/sysctl.d to restart systemd-sysctl
+* 79260cb0f4 Increase minimum sections in stub PE header on arm64/armhf/riscv64 to 500
+* ed3af24635 systemd-ukfy: recommend systemd-boot-efi for the stub
+
+(cherry picked from commit 8d20606eec236232fb003594b3e6c88131744f6b)
+---
+ mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+index 5fb7dab758..6914a9ed59 100644
+--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+@@ -9,7 +9,7 @@ Environment=
+ GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
+ GIT_SUBDIR=debian
+ GIT_BRANCH=debian/master
+- GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
++ GIT_COMMIT=e8b7c9a4dda2888fec41ac020e1194cfdf57eb5d
+ PKG_SUBDIR=debian
+
+ [Content]
diff --git a/SOURCES/0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch b/SOURCES/0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch
new file mode 100644
index 0000000..f51344e
--- /dev/null
+++ b/SOURCES/0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch
@@ -0,0 +1,25 @@
+From 63b6d6aab14487ca4581c639b175f2fa5dfcb6e2 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 12 Dec 2024 12:41:45 +0000
+Subject: [PATCH] shell-completion: add smbios11 verb to systemd-analyze
+
+Follow-up for 8c5045f9b2681774e8731dc0d142c207b61aedf6
+
+(cherry picked from commit e7fce6a370894de3a3ded32910e0a4b251d805df)
+---
+ shell-completion/bash/systemd-analyze | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shell-completion/bash/systemd-analyze b/shell-completion/bash/systemd-analyze
+index 7c5cb1c512..caec77e718 100644
+--- a/shell-completion/bash/systemd-analyze
++++ b/shell-completion/bash/systemd-analyze
+@@ -67,7 +67,7 @@ _systemd_analyze() {
+ )
+
+ local -A VERBS=(
+- [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2'
++ [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2 smbios11'
+ [CRITICAL_CHAIN]='critical-chain'
+ [DOT]='dot'
+ [DUMP]='dump'
diff --git a/SOURCES/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch b/SOURCES/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch
new file mode 100644
index 0000000..83c0cee
--- /dev/null
+++ b/SOURCES/0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch
@@ -0,0 +1,67 @@
+From 9d36809256c6d92c6d8358769479ad2c2b695664 Mon Sep 17 00:00:00 2001
+From: Florian Schmaus <flo@geekplace.eu>
+Date: Sat, 16 Nov 2024 10:29:35 +0100
+Subject: [PATCH] logind: let system-wide idle begin at the time logind was
+ initialized
+
+Initialize the start of the system-wide idle time with the time logind was
+initialized and not with the start of the Unix epoch. This means that systemd
+will not repport a unreasonable long idle time (around 54 years at the time of
+writing this), especially at in the early boot, while no login manager session,
+e.g,. gdm, had a chance to provide a more accurate start of the idle period.
+
+Fixes #35163
+
+(cherry picked from commit 718b31138b9a93f262259f297ad6b521454decc6)
+---
+ src/login/logind-core.c | 6 +++++-
+ src/login/logind.c | 2 ++
+ src/login/logind.h | 2 ++
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-core.c b/src/login/logind-core.c
+index fad276f195..9892285805 100644
+--- a/src/login/logind-core.c
++++ b/src/login/logind-core.c
+@@ -407,10 +407,14 @@ int manager_get_user_by_pid(Manager *m, pid_t pid, User **ret) {
+ int manager_get_idle_hint(Manager *m, dual_timestamp *t) {
+ Session *s;
+ bool idle_hint;
+- dual_timestamp ts = DUAL_TIMESTAMP_NULL;
++ dual_timestamp ts;
+
+ assert(m);
+
++ /* Initialize the baseline timestamp with the time the manager got initialized to avoid reporting
++ * unreasonable large idle periods starting with the Unix epoch. */
++ ts = m->init_ts;
++
+ idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, /* block= */ true, t, false, false, 0, NULL);
+
+ HASHMAP_FOREACH(s, m->sessions) {
+diff --git a/src/login/logind.c b/src/login/logind.c
+index f88a2004fd..8dc1781edf 100644
+--- a/src/login/logind.c
++++ b/src/login/logind.c
+@@ -100,6 +100,8 @@ static int manager_new(Manager **ret) {
+
+ (void) sd_event_set_watchdog(m->event, true);
+
++ dual_timestamp_now(&m->init_ts);
++
+ manager_reset_config(m);
+
+ *ret = TAKE_PTR(m);
+diff --git a/src/login/logind.h b/src/login/logind.h
+index 1e17b610bc..ce7e76e761 100644
+--- a/src/login/logind.h
++++ b/src/login/logind.h
+@@ -145,6 +145,8 @@ struct Manager {
+ struct stat efi_loader_entry_one_shot_stat;
+
+ CalendarSpec *maintenance_time;
++
++ dual_timestamp init_ts;
+ };
+
+ void manager_reset_config(Manager *m);
diff --git a/SOURCES/0036-tmpfiles-reduce-quoting-in-warning-message.patch b/SOURCES/0036-tmpfiles-reduce-quoting-in-warning-message.patch
new file mode 100644
index 0000000..5012437
--- /dev/null
+++ b/SOURCES/0036-tmpfiles-reduce-quoting-in-warning-message.patch
@@ -0,0 +1,35 @@
+From 3efa9e717f047bc4e51f6b1130468bdd6e004fdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 7 Nov 2024 15:45:24 +0100
+Subject: [PATCH] tmpfiles: reduce quoting in warning message
+
+We printed:
+systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/20-systemd-shell-extra.conf:10: Unknown modifiers in command 'L$'.
+systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:10: Unknown modifiers in command 'd$'.
+systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:11: Unknown modifiers in command 'd$'.
+...
+
+There's a lot of additional characters here make the message harder to parse. We know
+that the command is a word without any whitespace, so quoting isn't really necessary.
+
+Change this to:
+... unknown modifiers in command: L$
+
+(cherry picked from commit 390bab53923eea822ac525d0e4aa4b7f86d8cd92)
+---
+ src/tmpfiles/tmpfiles.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 86bf16356d..bff05cda6f 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -3684,7 +3684,7 @@ static int parse_line(
+ else {
+ *invalid_config = true;
+ return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
+- "Unknown modifiers in command '%s'.", action);
++ "Unknown modifiers in command: %s", action);
+ }
+
+ if (boot && !arg_boot) {
diff --git a/SOURCES/0037-semaphore-bump-timeout.patch b/SOURCES/0037-semaphore-bump-timeout.patch
new file mode 100644
index 0000000..b75bc64
--- /dev/null
+++ b/SOURCES/0037-semaphore-bump-timeout.patch
@@ -0,0 +1,26 @@
+From 96b9fe831f888a0e9772a33acc752ebb822357b9 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Fri, 13 Dec 2024 22:08:27 +0000
+Subject: [PATCH] semaphore: bump timeout
+
+When semaphore is overloaded tests can take more than 1hr, bump
+timeout
+
+(cherry picked from commit 1855064d4eb95abe6909a93f72bee46658dad36b)
+---
+ .semaphore/semaphore.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
+index 07742337e8..42df0f648f 100644
+--- a/.semaphore/semaphore.yml
++++ b/.semaphore/semaphore.yml
+@@ -15,7 +15,7 @@ auto_cancel:
+ when: "true"
+
+ execution_time_limit:
+- hours: 1
++ hours: 2
+
+ blocks:
+ - name: "Setup & test"
diff --git a/SOURCES/0038-Revert-semaphore-skip-some-tests.patch b/SOURCES/0038-Revert-semaphore-skip-some-tests.patch
new file mode 100644
index 0000000..d0914cc
--- /dev/null
+++ b/SOURCES/0038-Revert-semaphore-skip-some-tests.patch
@@ -0,0 +1,26 @@
+From 61e321c452309b6686b345ff3be363d37dfb21d6 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Fri, 13 Dec 2024 23:43:28 +0000
+Subject: [PATCH] Revert "semaphore: skip some tests"
+
+This reverts commit e19cae12ff2e832ce7d79aa483e1aa27ed0ea1f4.
+
+(cherry picked from commit 7406e0a3afafc1e1c994a88a4e988e94177e5550)
+---
+ .semaphore/semaphore-runner.sh | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
+index b663674652..e903ced70d 100755
+--- a/.semaphore/semaphore-runner.sh
++++ b/.semaphore/semaphore-runner.sh
+@@ -109,9 +109,6 @@ EOF
+ --env DPKG_DEB_COMPRESSOR_TYPE="none" \
+ --env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \
+ --env TEST_UPSTREAM=1 \
+- --skip-test localed-locale \
+- --skip-test localed-x11-keymap \
+- --skip-test build-with-static-libsystemd \
+ ../systemd_*.dsc \
+ -o "$ARTIFACTS_DIR" \
+ -- lxc -s "$CONTAINER" \
diff --git a/SOURCES/0039-mkosi-fix-section-for-WithNetwork.patch b/SOURCES/0039-mkosi-fix-section-for-WithNetwork.patch
new file mode 100644
index 0000000..8e76e24
--- /dev/null
+++ b/SOURCES/0039-mkosi-fix-section-for-WithNetwork.patch
@@ -0,0 +1,23 @@
+From 6186c2735bdd922cb5287be8586bdae1a5736c89 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Sat, 14 Dec 2024 10:57:34 +0000
+Subject: [PATCH] mkosi: fix section for WithNetwork=
+
+/tmp/autopkgtest.L6NPL0/build.doZ/src/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf: Setting WithNetwork should be configured in [Build], not [Content]
+
+(cherry picked from commit 301c159ce526933d048b9fd02ad7e2adfb4a6c58)
+---
+ mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
+index 4fb4f46075..a535736452 100644
+--- a/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
++++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf
+@@ -3,5 +3,5 @@
+ [Match]
+ Environment=NO_BUILD=1
+
+-[Content]
++[Build]
+ WithNetwork=yes
diff --git a/SOURCES/0040-test-time-util-fix-truncation-of-usec-to-sec.patch b/SOURCES/0040-test-time-util-fix-truncation-of-usec-to-sec.patch
new file mode 100644
index 0000000..139c7fd
--- /dev/null
+++ b/SOURCES/0040-test-time-util-fix-truncation-of-usec-to-sec.patch
@@ -0,0 +1,57 @@
+From 11d70500171ca6dbbad8ecf9b1cf0d29e1d6d1ed Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 14 Dec 2024 16:49:54 +0900
+Subject: [PATCH] test-time-util: fix truncation of usec to sec
+
+Also
+- use ASSERT_XYZ() macros,
+- log tzname[] on failure.
+
+(cherry picked from commit 3f1d499964abb6a4c0141d7ea8f852829880adff)
+---
+ src/test/test-time-util.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index d761261e24..d717ca94d2 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -393,27 +393,31 @@ TEST(format_timestamp) {
+ static void test_format_timestamp_impl(usec_t x) {
+ bool success, override;
+ const char *xx, *yy;
+- usec_t y;
++ usec_t y, x_sec, y_sec;
+
+ xx = FORMAT_TIMESTAMP(x);
+- assert_se(xx);
+- assert_se(parse_timestamp(xx, &y) >= 0);
++ ASSERT_NOT_NULL(xx);
++ ASSERT_OK(parse_timestamp(xx, &y));
+ yy = FORMAT_TIMESTAMP(y);
+- assert_se(yy);
++ ASSERT_NOT_NULL(yy);
+
+- success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy);
++ x_sec = x / USEC_PER_SEC;
++ y_sec = y / USEC_PER_SEC;
++ success = (x_sec == y_sec) && streq(xx, yy);
+ /* Workaround for https://github.com/systemd/systemd/issues/28472
+ * and https://github.com/systemd/systemd/pull/35471. */
+ override = !success &&
+ (STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") ||
+ STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) &&
+- DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */
++ (x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */
+ log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR,
+ "@" USEC_FMT " → %s → @" USEC_FMT " → %s%s",
+ x, xx, y, yy,
+ override ? ", ignoring." : "");
+ if (!override) {
+- assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC);
++ if (!success)
++ log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]);
++ ASSERT_EQ(x_sec, y_sec);
+ ASSERT_STREQ(xx, yy);
+ }
+ }
diff --git a/SOURCES/0041-network-don-t-warn-with-no-NSID-assigned.patch b/SOURCES/0041-network-don-t-warn-with-no-NSID-assigned.patch
new file mode 100644
index 0000000..c5ba13c
--- /dev/null
+++ b/SOURCES/0041-network-don-t-warn-with-no-NSID-assigned.patch
@@ -0,0 +1,40 @@
+From 0cddbebfbeedd3f71037d988dc91b6fb9f9b281f Mon Sep 17 00:00:00 2001
+From: Ronan Pigott <ronan@rjp.ie>
+Date: Sat, 14 Dec 2024 14:39:26 -0700
+Subject: [PATCH] network: don't warn with no NSID assigned
+
+This is nothing interesting to warn about. Also use the symbolic
+constant name when testing for this condition.
+
+(cherry picked from commit e803e95760be87588533f9affd76db6ad0b5fac8)
+---
+ src/network/networkd-manager-bus.c | 2 +-
+ src/shared/socket-netlink.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/networkd-manager-bus.c b/src/network/networkd-manager-bus.c
+index 04a986a38d..29e5895255 100644
+--- a/src/network/networkd-manager-bus.c
++++ b/src/network/networkd-manager-bus.c
+@@ -304,7 +304,7 @@ static int property_get_namespace_nsid(
+ * number. */
+
+ r = netns_get_nsid(/* netnsfd= */ -EBADF, &nsid);
+- if (r < 0)
++ if (r < 0 && r != -ENODATA)
+ log_warning_errno(r, "Failed to query network nsid, ignoring: %m");
+
+ return sd_bus_message_append(reply, "u", nsid);
+diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c
+index 09477449b9..b0500abd8b 100644
+--- a/src/shared/socket-netlink.c
++++ b/src/shared/socket-netlink.c
+@@ -475,7 +475,7 @@ int netns_get_nsid(int netnsfd, uint32_t *ret) {
+ if (r < 0)
+ return r;
+
+- if (u == UINT32_MAX) /* no NSID assigned yet */
++ if (u == (uint32_t) NETNSA_NSID_NOT_ASSIGNED) /* no NSID assigned yet */
+ return -ENODATA;
+
+ if (ret)
diff --git a/SOURCES/0042-TEST-35-LOGIN-check-only-tty-session.patch b/SOURCES/0042-TEST-35-LOGIN-check-only-tty-session.patch
new file mode 100644
index 0000000..b0c0e8f
--- /dev/null
+++ b/SOURCES/0042-TEST-35-LOGIN-check-only-tty-session.patch
@@ -0,0 +1,56 @@
+From d23133ef7914a63df4a79864d0b2170a790ddd60 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 15 Dec 2024 17:42:10 +0900
+Subject: [PATCH] TEST-35-LOGIN: check only tty session
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For some reasons, another session logind-test-user may be started.
+===
+Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
+(snip)
+Dec 13 07:04:16 systemd-logind[2140]: New session 15 of user logind-test-user.
+Dec 13 07:04:16 systemd-logind[2140]: VT changed to 2
+Dec 13 07:04:16 systemd-logind[2140]: rfkill: Found udev node /dev/rfkill for seat seat0
+Dec 13 07:04:16 systemd-logind[2140]: udmabuf: Found udev node /dev/udmabuf for seat seat0
+Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/timer for seat seat0
+Dec 13 07:04:16 systemd-logind[2140]: Found static node /dev/snd/seq for seat seat0
+Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/timer for seat seat0 (uid 0→4712 add)
+Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/rfkill for seat seat0 (uid 0→4712 add)
+Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/udmabuf for seat seat0 (uid 0→4712 add)
+Dec 13 07:04:16 systemd-logind[2140]: Changing ACLs at /dev/snd/seq for seat seat0 (uid 0→4712 add)
+Dec 13 07:04:16 systemd[1]: user-4712.slice: Changed dead -> active
+Dec 13 07:04:16 systemd[1]: user-4712.slice: Job 5951 user-4712.slice/start finished, result=done
+Dec 13 07:04:16 systemd[1]: Created slice user-4712.slice.
+Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
+Dec 13 07:04:16 systemd-logind[2140]: Choosing session 15 in preference to -
+(snip)
+Dec 13 07:04:16 systemd-logind[2140]: Got message type=method_call ... member=CreateSessionWithPIDFD ...
+(snip)
+Dec 13 07:04:16 systemd-logind[2140]: New session 16 of user logind-test-user.
+Dec 13 07:04:16 systemd-logind[2140]: Electing new display for user logind-test-user
+Dec 13 07:04:16 systemd-logind[2140]: Ignoring session 16
+===
+Let's track only session for the user with tty, which we explicitly created.
+
+Fixes #35597.
+
+(cherry picked from commit 26f65dc0c76f59eb3896014346652885c493ae71)
+---
+ test/units/TEST-35-LOGIN.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/units/TEST-35-LOGIN.sh b/test/units/TEST-35-LOGIN.sh
+index ac3836b816..80320e32e1 100755
+--- a/test/units/TEST-35-LOGIN.sh
++++ b/test/units/TEST-35-LOGIN.sh
+@@ -639,7 +639,7 @@ EOF
+
+ journalctl --sync
+ assert_eq "$(journalctl -b -u systemd-logind.service --since="$ts" --grep "Session \"$id\" of user \"logind-test-user\" is idle, stopping." | wc -l)" 1
+- assert_eq "$(loginctl --no-legend | grep -v manager | grep -c "logind-test-user")" 0
++ assert_eq "$(loginctl --no-legend | grep -v manager | grep tty | grep -c "logind-test-user")" 0
+ }
+
+ testcase_ambient_caps() {
diff --git a/SOURCES/0043-test-README-Environment-setting-for-mkosi-should-be-.patch b/SOURCES/0043-test-README-Environment-setting-for-mkosi-should-be-.patch
new file mode 100644
index 0000000..65f8adf
--- /dev/null
+++ b/SOURCES/0043-test-README-Environment-setting-for-mkosi-should-be-.patch
@@ -0,0 +1,28 @@
+From ddda27b8c449150ad2d6c07bc569d85a88809d06 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 16 Dec 2024 02:02:30 +0900
+Subject: [PATCH] test/README: Environment= setting for mkosi should be in
+ [Build] section
+
+Otherwise, we get the following warning:
+
+mkosi.local.conf: Setting Environment should be configured in [Build], not [Content].
+
+(cherry picked from commit 78ef3959474a760679e50eb57b52563cb6f9b66d)
+---
+ test/README.testsuite | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/README.testsuite b/test/README.testsuite
+index 5546fcf8b1..fc1c9f136d 100644
+--- a/test/README.testsuite
++++ b/test/README.testsuite
+@@ -18,7 +18,7 @@ To make sure `mkosi` doesn't try to build systemd from source during the image b
+ process, you can add the following to `mkosi.local.conf`:
+
+ ```
+-[Content]
++[Build]
+ Environment=NO_BUILD=1
+ ```
+
diff --git a/SOURCES/0044-mkosi-temporarily-disable-panic_on_warn.patch b/SOURCES/0044-mkosi-temporarily-disable-panic_on_warn.patch
new file mode 100644
index 0000000..ea14130
--- /dev/null
+++ b/SOURCES/0044-mkosi-temporarily-disable-panic_on_warn.patch
@@ -0,0 +1,31 @@
+From 72ef5ac211b1d578dfd7630301d8c2bb73439819 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Mon, 16 Dec 2024 17:13:08 +0000
+Subject: [PATCH] mkosi: temporarily disable panic_on_warn
+
+Due to a BTRFS issue in kernel 6.12 (and backported in Ubuntu to 6.8)
+there's a warning triggered by some tests, and it then causes a panic.
+
+The BTRFS issue has a patch but it is not available in any distro yet,
+so disable panic_on_warn until it reaches Arch and Ubuntu Noble. Bugs
+have been filed.
+
+(cherry picked from commit 930d65ccca8193a8cb635099c55852b677f5d58a)
+---
+ mkosi.conf | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/mkosi.conf b/mkosi.conf
+index a5d4eab23b..5622667078 100644
+--- a/mkosi.conf
++++ b/mkosi.conf
+@@ -74,7 +74,8 @@ KernelCommandLine=
+ oops=panic
+ panic=-1
+ softlockup_panic=1
+- panic_on_warn=1
++ # Disabled due to BTRFS issue, waiting for the fix to become available
++ panic_on_warn=0
+ psi=1
+
+ KernelModulesInitrdExclude=.*
diff --git a/SOURCES/0045-networkd-show-wireguard-private-key-read-error-numbe.patch b/SOURCES/0045-networkd-show-wireguard-private-key-read-error-numbe.patch
new file mode 100644
index 0000000..3bcd2b3
--- /dev/null
+++ b/SOURCES/0045-networkd-show-wireguard-private-key-read-error-numbe.patch
@@ -0,0 +1,25 @@
+From b5dc1922f9bd0a64cf17be8c503baba58bf5ba82 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 16 Dec 2024 17:19:59 +0100
+Subject: [PATCH] networkd: show wireguard private key read error number
+
+Noticed while looking at #35641
+
+(cherry picked from commit 0543b02cf8211353c0bb1065e09614f551944a41)
+---
+ src/network/netdev/wireguard.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
+index 8d1dddf828..5a58e1082c 100644
+--- a/src/network/netdev/wireguard.c
++++ b/src/network/netdev/wireguard.c
+@@ -1198,7 +1198,7 @@ static int wireguard_verify(NetDev *netdev, const char *filename) {
+ r = wireguard_read_key_file(w->private_key_file, w->private_key);
+ if (r < 0)
+ return log_netdev_error_errno(netdev, r,
+- "Failed to read private key from %s. Ignoring network device.",
++ "Failed to read private key from '%s', ignoring network device: %m",
+ w->private_key_file);
+
+ if (eqzero(w->private_key)) {
diff --git a/SOURCES/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch b/SOURCES/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch
new file mode 100644
index 0000000..16f06c7
--- /dev/null
+++ b/SOURCES/0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch
@@ -0,0 +1,59 @@
+From 48b404d546e6cb6d32d9cb346bbd43760311790b Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 16 Dec 2024 12:37:17 +0900
+Subject: [PATCH] systemctl-edit: ignore ENOENT from unit_is_masked()
+
+If a specified unit does not exist, then it is definitely not masked.
+
+Fixes #35632.
+
+(cherry picked from commit b58b00e4c33474505009c8118d6cfdf29a2c6cb1)
+---
+ src/systemctl/systemctl-edit.c | 4 ++--
+ test/units/TEST-26-SYSTEMCTL.sh | 11 +++++++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c
+index c42a31153d..7165fa1cf7 100644
+--- a/src/systemctl/systemctl-edit.c
++++ b/src/systemctl/systemctl-edit.c
+@@ -349,8 +349,8 @@ int verb_edit(int argc, char *argv[], void *userdata) {
+
+ STRV_FOREACH(tmp, names) {
+ r = unit_is_masked(bus, *tmp);
+- if (r < 0)
+- return r;
++ if (r < 0 && r != -ENOENT)
++ return log_error_errno(r, "Failed to check if unit %s is masked: %m", *tmp);
+ if (r > 0)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit %s: unit is masked.", *tmp);
+ }
+diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh
+index ed7b9f64bf..8e895aa9ae 100755
+--- a/test/units/TEST-26-SYSTEMCTL.sh
++++ b/test/units/TEST-26-SYSTEMCTL.sh
+@@ -21,6 +21,7 @@ at_exit() {
+ # the 'revert' verb as well
+ export UNIT_NAME="systemctl-test-$RANDOM.service"
+ export UNIT_NAME2="systemctl-test-$RANDOM.service"
++export UNIT_NAME_TEMPLATE="systemctl-test-${RANDOM}@.service"
+
+ cat >"/usr/lib/systemd/system/$UNIT_NAME" <<\EOF
+ [Unit]
+@@ -65,6 +66,16 @@ EOF
+ printf '%s\n' '[Unit]' 'Description=spectacular' '# this comment should remain' | \
+ cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
+
++# Edit nonexistent template unit, see issue #35632.
++systemctl edit "$UNIT_NAME_TEMPLATE" --stdin --runtime --force --full <<EOF
++[Unit]
++Description=template unit test
++# this comment should remain
++
++EOF
++printf '%s\n' '[Unit]' 'Description=template unit test' '# this comment should remain' | \
++ cmp - "/run/systemd/system/$UNIT_NAME_TEMPLATE"
++
+ # Test simultaneous editing of two units and creation of drop-in for a nonexistent unit
+ systemctl edit "$UNIT_NAME" "$UNIT_NAME2" --stdin --force --drop-in=override2.conf <<<'[X-Section]'
+ printf '%s\n' '[X-Section]' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
diff --git a/SOURCES/0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch b/SOURCES/0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch
new file mode 100644
index 0000000..2ff38d5
--- /dev/null
+++ b/SOURCES/0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch
@@ -0,0 +1,23 @@
+From d3b3c83b27f372987b68ea3ec029eb37869cb07f Mon Sep 17 00:00:00 2001
+From: Nick Rosbrook <enr0n@ubuntu.com>
+Date: Tue, 17 Dec 2024 11:10:42 -0500
+Subject: [PATCH] test: skip TEST-69-SHUTDOWN on ubuntu too
+
+(cherry picked from commit 96c4d9d94d06c6c0a8b68be376505f8d8b5eba2b)
+---
+ test/units/TEST-69-SHUTDOWN.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/units/TEST-69-SHUTDOWN.py b/test/units/TEST-69-SHUTDOWN.py
+index d044164135..4e554702ab 100755
+--- a/test/units/TEST-69-SHUTDOWN.py
++++ b/test/units/TEST-69-SHUTDOWN.py
+@@ -13,7 +13,7 @@ def main():
+ with open("/usr/lib/os-release") as f:
+ for line in f:
+ if line.startswith("ID="):
+- if "debian" in line:
++ if "debian" in line or "ubuntu" in line:
+ sys.exit(77)
+
+ logger = logging.getLogger("test-shutdown")
diff --git a/SOURCES/0048-mkosi-Fix-tools-image-package-name.patch b/SOURCES/0048-mkosi-Fix-tools-image-package-name.patch
new file mode 100644
index 0000000..586efb0
--- /dev/null
+++ b/SOURCES/0048-mkosi-Fix-tools-image-package-name.patch
@@ -0,0 +1,23 @@
+From 7ce53569dfe00f22d3da397be7b9f0f858cd9f4f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
+Date: Wed, 18 Dec 2024 10:36:55 +0100
+Subject: [PATCH] mkosi: Fix tools image package name
+
+(cherry picked from commit 4c9f242a54ced16897857a80867758557829f0c3)
+---
+ mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+index 9c56164f32..c065a52cf3 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+@@ -15,7 +15,7 @@ ToolsTreePackages=
+ pkgconfig(libmicrohttpd)
+ pkgconfig(mount)
+ python3-ruff
+- tss2-devel
++ tpm2-0-tss-devel
+ python3-jinja2
+ python3-pytest
+ ShellCheck
diff --git a/SOURCES/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch b/SOURCES/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch
new file mode 100644
index 0000000..2a70642
--- /dev/null
+++ b/SOURCES/0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch
@@ -0,0 +1,42 @@
+From 9258e27f4a1ddf2834d0cadd66770ad65e55e066 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fvogt@suse.de>
+Date: Mon, 16 Dec 2024 19:08:13 +0100
+Subject: [PATCH] tpm2-util: Also retry unsealing after policy_pcr returns
+ PCR_CHANGED
+
+It's not just Esys_Unseal that may fail due to PCR changes during the
+session, but also Esys_PolicyPCR. Perform a retry in that case as well.
+
+Fixes #35490
+
+(cherry picked from commit e61032bf47e6a7e572643a0060c6dd610635c854)
+---
+ src/shared/tpm2-util.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
+index 36a0f906da..5b6b3ea93c 100644
+--- a/src/shared/tpm2-util.c
++++ b/src/shared/tpm2-util.c
+@@ -4015,6 +4015,9 @@ int tpm2_policy_pcr(
+ ESYS_TR_NONE,
+ NULL,
+ pcr_selection);
++ if (rc == TPM2_RC_PCR_CHANGED)
++ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
++ "Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
+ if (rc != TSS2_RC_SUCCESS)
+ return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
+@@ -5810,6 +5813,11 @@ int tpm2_unseal(Tpm2Context *c,
+ !!pin,
+ (shard == 1 || !iovec_is_set(pubkey)) ? pcrlock_policy : NULL,
+ &policy_digest);
++ if (r == -EUCLEAN && i > 0) {
++ log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
++ retry = true;
++ break;
++ }
+ if (r < 0)
+ return r;
+
diff --git a/SOURCES/0050-resolved-if-one-transaction-completes-expect-other-t.patch b/SOURCES/0050-resolved-if-one-transaction-completes-expect-other-t.patch
new file mode 100644
index 0000000..3d40f58
--- /dev/null
+++ b/SOURCES/0050-resolved-if-one-transaction-completes-expect-other-t.patch
@@ -0,0 +1,261 @@
+From 1748265915e09120d75766baaa4516b2779140eb Mon Sep 17 00:00:00 2001
+From: Morten Hauke Solvang <mhs@emlogic.no>
+Date: Thu, 12 Dec 2024 14:26:31 +0100
+Subject: [PATCH] resolved: if one transaction completes, expect other
+ transactions within candidate to succeed quickly
+
+Fixes #22575, as suggested by poettering in #35514.
+
+Intended as a workaround for some buggy routers, which refuse to send empty
+replies. If systemd-resolved starts two DnsTransactions, one for A and one
+for AAAA, and the domain in question has no AAAA entry, then the server will
+send a reply for A and no reply for AAAA. Correct behavior for the server would
+be to send an empty reply for AAAA.
+
+systemd-resolved would previously keep retrying the AAAA transaction, and
+eventually timeout the whole query, returning an error to the caller.
+
+Now, if the server replies to one query and not another, we cut short the
+timeout and return the partial result. Returning the partial result allows
+the rest of the system to keep working. It matches how e.g. glibc libnss_dns
+behaves.
+
+(cherry picked from commit 0da73fab56506ff1e4f8e59c167d27961f0fbf33)
+---
+ src/resolve/resolved-dns-query.c | 46 +++++++++++++++++++++++++-
+ src/resolve/resolved-dns-query.h | 1 +
+ src/resolve/resolved-dns-scope.c | 1 +
+ src/resolve/resolved-dns-transaction.c | 10 ++----
+ src/resolve/resolved-dns-transaction.h | 21 ------------
+ src/resolve/resolved-timeouts.h | 39 ++++++++++++++++++++++
+ 6 files changed, 88 insertions(+), 30 deletions(-)
+ create mode 100644 src/resolve/resolved-timeouts.h
+
+diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
+index 47788e3216..700c40a8ae 100644
+--- a/src/resolve/resolved-dns-query.c
++++ b/src/resolve/resolved-dns-query.c
+@@ -10,6 +10,7 @@
+ #include "resolved-dns-query.h"
+ #include "resolved-dns-synthesize.h"
+ #include "resolved-etc-hosts.h"
++#include "resolved-timeouts.h"
+ #include "string-util.h"
+
+ #define QUERIES_MAX 2048
+@@ -48,6 +49,8 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
+
+ assert(c);
+
++ (void) event_source_disable(c->timeout_event_source);
++
+ /* Detach all the DnsTransactions attached to this query */
+
+ while ((t = set_steal_first(c->transactions))) {
+@@ -62,6 +65,8 @@ static void dns_query_candidate_abandon(DnsQueryCandidate *c) {
+
+ assert(c);
+
++ (void) event_source_disable(c->timeout_event_source);
++
+ /* Abandon all the DnsTransactions attached to this query */
+
+ while ((t = set_steal_first(c->transactions))) {
+@@ -94,6 +99,8 @@ static DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
+ if (!c)
+ return NULL;
+
++ c->timeout_event_source = sd_event_source_disable_unref(c->timeout_event_source);
++
+ dns_query_candidate_stop(c);
+ dns_query_candidate_unlink(c);
+
+@@ -312,6 +319,30 @@ fail:
+ return r;
+ }
+
++static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c);
++
++static int on_candidate_timeout(sd_event_source *s, usec_t usec, void *userdata) {
++ DnsQueryCandidate *c = userdata;
++
++ assert(s);
++ assert(c);
++
++ log_debug("Accepting incomplete query candidate after expedited timeout on partial success.");
++ dns_query_accept(c->query, c);
++
++ return 0;
++}
++
++static bool dns_query_candidate_has_partially_succeeded(DnsQueryCandidate *c) {
++ DnsTransaction *t;
++
++ SET_FOREACH(t, c->transactions)
++ if (t->state == DNS_TRANSACTION_SUCCESS)
++ return true;
++
++ return false;
++}
++
+ void dns_query_candidate_notify(DnsQueryCandidate *c) {
+ DnsTransactionState state;
+ int r;
+@@ -323,11 +354,24 @@ void dns_query_candidate_notify(DnsQueryCandidate *c) {
+
+ state = dns_query_candidate_state(c);
+
+- if (DNS_TRANSACTION_IS_LIVE(state))
++ if (DNS_TRANSACTION_IS_LIVE(state)) {
++ if (dns_query_candidate_has_partially_succeeded(c))
++ (void) event_reset_time_relative(
++ c->query->manager->event,
++ &c->timeout_event_source,
++ CLOCK_BOOTTIME,
++ CANDIDATE_EXPEDITED_TIMEOUT_USEC, /* accuracy_usec= */ 0,
++ on_candidate_timeout, c,
++ /* priority= */ 0, "candidate-timeout",
++ /* force_reset= */ false);
++
+ return;
++ }
+
+ if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
+
++ (void) event_source_disable(c->timeout_event_source);
++
+ r = dns_query_candidate_next_search_domain(c);
+ if (r < 0)
+ goto fail;
+diff --git a/src/resolve/resolved-dns-query.h b/src/resolve/resolved-dns-query.h
+index 6bbebcac93..1097e90dc0 100644
+--- a/src/resolve/resolved-dns-query.h
++++ b/src/resolve/resolved-dns-query.h
+@@ -25,6 +25,7 @@ struct DnsQueryCandidate {
+ DnsSearchDomain *search_domain;
+
+ Set *transactions;
++ sd_event_source *timeout_event_source;
+
+ LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
+ LIST_FIELDS(DnsQueryCandidate, candidates_by_scope);
+diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
+index cd16d2475e..3f137468cc 100644
+--- a/src/resolve/resolved-dns-scope.c
++++ b/src/resolve/resolved-dns-scope.c
+@@ -16,6 +16,7 @@
+ #include "resolved-dns-zone.h"
+ #include "resolved-llmnr.h"
+ #include "resolved-mdns.h"
++#include "resolved-timeouts.h"
+ #include "socket-util.h"
+ #include "strv.h"
+
+diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
+index a162a91a03..9e539a54f3 100644
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -14,13 +14,10 @@
+ #include "resolved-dns-transaction.h"
+ #include "resolved-dnstls.h"
+ #include "resolved-llmnr.h"
++#include "resolved-timeouts.h"
+ #include "string-table.h"
+
+ #define TRANSACTIONS_MAX 4096
+-#define TRANSACTION_TCP_TIMEOUT_USEC (10U*USEC_PER_SEC)
+-
+-/* After how much time to repeat classic DNS requests */
+-#define DNS_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
+
+ static void dns_transaction_reset_answer(DnsTransaction *t) {
+ assert(t);
+@@ -1632,13 +1629,10 @@ static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
+
+ case DNS_PROTOCOL_DNS:
+
+- /* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly
+- * resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that
+- * needlessly. */
+ if (t->stream)
+ return TRANSACTION_TCP_TIMEOUT_USEC;
+
+- return DNS_TIMEOUT_USEC;
++ return TRANSACTION_UDP_TIMEOUT_USEC;
+
+ case DNS_PROTOCOL_MDNS:
+ if (t->probing)
+diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
+index 30d2167d64..cea0a890db 100644
+--- a/src/resolve/resolved-dns-transaction.h
++++ b/src/resolve/resolved-dns-transaction.h
+@@ -203,24 +203,3 @@ DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
+
+ const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
+ DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
+-
+-/* LLMNR Jitter interval, see RFC 4795 Section 7 */
+-#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
+-
+-/* mDNS probing interval, see RFC 6762 Section 8.1 */
+-#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
+-
+-/* Maximum attempts to send DNS requests, across all DNS servers */
+-#define DNS_TRANSACTION_ATTEMPTS_MAX 24
+-
+-/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
+-#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
+-
+-/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
+-#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
+-
+-#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? \
+- LLMNR_TRANSACTION_ATTEMPTS_MAX : \
+- (p) == DNS_PROTOCOL_MDNS ? \
+- MDNS_TRANSACTION_ATTEMPTS_MAX : \
+- DNS_TRANSACTION_ATTEMPTS_MAX)
+diff --git a/src/resolve/resolved-timeouts.h b/src/resolve/resolved-timeouts.h
+new file mode 100644
+index 0000000000..e17fe30175
+--- /dev/null
++++ b/src/resolve/resolved-timeouts.h
+@@ -0,0 +1,39 @@
++/* SPDX-License-Identifier: LGPL-2.1-or-later */
++#pragma once
++
++#include "time-util.h"
++#include "resolved-def.h"
++
++/* LLMNR Jitter interval, see RFC 4795 Section 7 */
++#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
++
++/* mDNS probing interval, see RFC 6762 Section 8.1 */
++#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
++
++/* Maximum attempts to send DNS requests, across all DNS servers */
++#define DNS_TRANSACTION_ATTEMPTS_MAX 24
++
++/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
++#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
++
++/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
++#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
++
++#define TRANSACTION_ATTEMPTS_MAX(p) (\
++ (p) == DNS_PROTOCOL_LLMNR ? \
++ LLMNR_TRANSACTION_ATTEMPTS_MAX : \
++ (p) == DNS_PROTOCOL_MDNS ? \
++ MDNS_TRANSACTION_ATTEMPTS_MAX : \
++ DNS_TRANSACTION_ATTEMPTS_MAX)
++
++/* After how much time to repeat classic DNS requests */
++#define TRANSACTION_UDP_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
++
++/* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly
++ * resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that
++ * needlessly. */
++#define TRANSACTION_TCP_TIMEOUT_USEC (10 * USEC_PER_SEC)
++
++/* Should be longer than transaction timeout for a single UDP transaction, so we get at least
++ * one transaction retry before timeouting the whole candidate */
++#define CANDIDATE_EXPEDITED_TIMEOUT_USEC (TRANSACTION_UDP_TIMEOUT_USEC + 1 * USEC_PER_SEC)
diff --git a/SOURCES/0051-man-Document-generator-sandbox-environment.patch b/SOURCES/0051-man-Document-generator-sandbox-environment.patch
new file mode 100644
index 0000000..1a1c15e
--- /dev/null
+++ b/SOURCES/0051-man-Document-generator-sandbox-environment.patch
@@ -0,0 +1,25 @@
+From 0acc4cd05efab53c1d25b2dff47ed6103b0ddf0e Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Wed, 18 Dec 2024 12:32:59 +0100
+Subject: [PATCH] man: Document generator sandbox environment
+
+(cherry picked from commit a48803fd8464e56747f0e145af61bd746351c7d6)
+---
+ man/systemd.generator.xml | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/man/systemd.generator.xml b/man/systemd.generator.xml
+index 1a9b5d1653..ce09a6648f 100644
+--- a/man/systemd.generator.xml
++++ b/man/systemd.generator.xml
+@@ -64,6 +64,10 @@
+ override existing definitions. For tests, generators may be called with just one argument; the generator
+ should assume that all three paths are the same in that case.</para>
+
++ <para>Generators executed by the system manager are invoked in a sandbox with a private writable
++ <filename>/tmp/</filename> directory and where most of the file system is read-only except for the
++ generator output directories.</para>
++
+ <para>Directory paths for generator output differ by priority: <filename>…/generator.early</filename> has
+ priority higher than the admin configuration in <filename>/etc/</filename>, while
+ <filename>…/generator</filename> has lower priority than <filename>/etc/</filename> but higher than
diff --git a/SOURCES/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch b/SOURCES/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch
new file mode 100644
index 0000000..85421e1
--- /dev/null
+++ b/SOURCES/0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch
@@ -0,0 +1,46 @@
+From 82d97eb8fa19a6753dafcb2b623cb8277213804f Mon Sep 17 00:00:00 2001
+From: Thomas Hebb <tommyhebb@gmail.com>
+Date: Wed, 18 Dec 2024 11:08:17 -0500
+Subject: [PATCH] ukify: Fix regression in --no-sign-kernel flag
+
+The man page says that --sign-kernel and --no-sign-kernel "override the
+detection of whether to sign the Linux binary", so we should only
+autodetect if neither are specified. But as of commit 02eabaffe98c
+("ukify: Add a unified interface for signing tools"), we autodetect even
+when --no-sign-kernel is passed, which makes the flag useless.
+
+The sign_kernel option is parsed using argparse.BooleanOptionalAction,
+which sets it to either True, False, or None. commit 02eabaffe98c
+replaced `sign_kernel is None` with `not sign_kernel`. These are not the
+same in Python, as the latter accepts False as well as None.
+
+Restore the original check and fix type annotations accordingly.
+
+Fixes: 02eabaffe98c ("ukify: Add a unified interface for signing tools")
+(cherry picked from commit 32c3e1379dce563a7e686c99045549ac74cce142)
+---
+ src/ukify/ukify.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
+index e661dfe548..3f36aa7af6 100755
+--- a/src/ukify/ukify.py
++++ b/src/ukify/ukify.py
+@@ -264,7 +264,7 @@ class UkifyConfig:
+ sbat: Optional[list[str]]
+ sections: list['Section']
+ sections_by_name: dict[str, 'Section']
+- sign_kernel: bool
++ sign_kernel: Optional[bool]
+ signing_engine: Optional[str]
+ signing_provider: Optional[str]
+ certificate_provider: Optional[str]
+@@ -1108,7 +1108,7 @@ def make_uki(opts: UkifyConfig) -> None:
+ assert opts.signtool is not None
+ signtool = SignTool.from_string(opts.signtool)
+
+- if not sign_kernel:
++ if sign_kernel is None:
+ # figure out if we should sign the kernel
+ sign_kernel = signtool.verify(opts)
+
diff --git a/SOURCES/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch b/SOURCES/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch
new file mode 100644
index 0000000..ad2f52f
--- /dev/null
+++ b/SOURCES/0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch
@@ -0,0 +1,25 @@
+From 7eba6cdd2f1cf507c3308d4ea9f6d89e67faf35f Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 19 Dec 2024 11:45:43 +0000
+Subject: [PATCH] mkosi: switch debian/ubuntu to ci/v257-stable branch
+
+Packaging has diverged from main due to new files
+---
+ mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+index 6914a9ed59..321dc5422f 100644
+--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+@@ -8,8 +8,8 @@ Distribution=|ubuntu
+ Environment=
+ GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
+ GIT_SUBDIR=debian
+- GIT_BRANCH=debian/master
+- GIT_COMMIT=e8b7c9a4dda2888fec41ac020e1194cfdf57eb5d
++ GIT_BRANCH=ci/v257-stable
++ GIT_COMMIT=20150867b7123aa825e3320227aed642e6cc9a08
+ PKG_SUBDIR=debian
+
+ [Content]
diff --git a/SOURCES/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch b/SOURCES/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch
new file mode 100644
index 0000000..fb0a32d
--- /dev/null
+++ b/SOURCES/0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch
@@ -0,0 +1,23 @@
+From 9c8559bccfe266b7f1a36f337cbd868121e0c372 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 19 Dec 2024 11:46:50 +0000
+Subject: [PATCH] semaphore: switch debian/ubuntu to ci/v257-stable branch
+
+Packaging has diverged from main due to new files
+---
+ .semaphore/semaphore-runner.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
+index e903ced70d..74fc0ab36c 100755
+--- a/.semaphore/semaphore-runner.sh
++++ b/.semaphore/semaphore-runner.sh
+@@ -8,7 +8,7 @@ set -o pipefail
+ DISTRO="${DISTRO:-debian}"
+ RELEASE="${RELEASE:-bookworm}"
+ SALSA_URL="${SALSA_URL:-https://salsa.debian.org/systemd-team/systemd.git}"
+-BRANCH="${BRANCH:-debian/master}"
++BRANCH="${BRANCH:-ci/v257-stable}"
+ ARCH="${ARCH:-amd64}"
+ CONTAINER="${RELEASE}-${ARCH}"
+ CACHE_DIR=/var/tmp
diff --git a/SOURCES/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch b/SOURCES/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch
new file mode 100644
index 0000000..8b49378
--- /dev/null
+++ b/SOURCES/0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch
@@ -0,0 +1,172 @@
+From 2b379aa0cbce5c4ddee5ca118387503023b5474c Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 19 Dec 2024 12:26:36 +0000
+Subject: [PATCH] Revert "terminal-util: unify code that resets /dev/console in
+ common helper"
+
+This reverts commit 2736295ddb78a457796f24805e7b98c3f5304848.
+---
+ src/basic/terminal-util.c | 53 ++++++++++++++++-----------------------
+ src/basic/terminal-util.h | 3 ++-
+ src/core/main.c | 30 ++++++++++++++++------
+ 3 files changed, 45 insertions(+), 41 deletions(-)
+
+diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
+index 878c1ec06a..409f2abb45 100644
+--- a/src/basic/terminal-util.c
++++ b/src/basic/terminal-util.c
+@@ -577,7 +577,7 @@ static int vt_reset_keyboard(int fd) {
+ return RET_NERRNO(ioctl(fd, KDSKBMODE, kb));
+ }
+
+-static int terminal_reset_ioctl(int fd, bool switch_to_text) {
++int terminal_reset_ioctl(int fd, bool switch_to_text) {
+ struct termios termios;
+ int r;
+
+@@ -645,7 +645,7 @@ finish:
+ return r;
+ }
+
+-static int terminal_reset_ansi_seq(int fd) {
++int terminal_reset_ansi_seq(int fd) {
+ int r, k;
+
+ assert(fd >= 0);
+@@ -675,35 +675,6 @@ static int terminal_reset_ansi_seq(int fd) {
+ return k < 0 ? k : r;
+ }
+
+-void reset_dev_console_fd(int fd, bool switch_to_text) {
+- int r;
+-
+- assert(fd >= 0);
+-
+- _cleanup_close_ int lock_fd = lock_dev_console();
+- if (lock_fd < 0)
+- log_debug_errno(lock_fd, "Failed to lock /dev/console, ignoring: %m");
+-
+- r = terminal_reset_ioctl(fd, switch_to_text);
+- if (r < 0)
+- log_warning_errno(r, "Failed to reset /dev/console, ignoring: %m");
+-
+- unsigned rows, cols;
+- r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
+- if (r < 0)
+- log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m");
+- else if (r > 0) {
+- r = terminal_set_size_fd(fd, NULL, rows, cols);
+- if (r < 0)
+- log_warning_errno(r, "Failed to set configured terminal size on /dev/console, ignoring: %m");
+- } else
+- (void) terminal_fix_size(fd, fd);
+-
+- r = terminal_reset_ansi_seq(fd);
+- if (r < 0)
+- log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m");
+-}
+-
+ int lock_dev_console(void) {
+ _cleanup_close_ int fd = -EBADF;
+ int r;
+@@ -737,7 +708,25 @@ int make_console_stdio(void) {
+ return log_error_errno(r, "Failed to make /dev/null stdin/stdout/stderr: %m");
+
+ } else {
+- reset_dev_console_fd(fd, /* switch_to_text= */ true);
++ unsigned rows, cols;
++
++ r = terminal_reset_ioctl(fd, /* switch_to_text= */ true);
++ if (r < 0)
++ log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
++
++ r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
++ if (r < 0)
++ log_warning_errno(r, "Failed to get terminal size, ignoring: %m");
++ else if (r > 0) {
++ r = terminal_set_size_fd(fd, NULL, rows, cols);
++ if (r < 0)
++ log_warning_errno(r, "Failed to set configured terminal size, ignoring: %m");
++ } else
++ (void) terminal_fix_size(fd, fd);
++
++ r = terminal_reset_ansi_seq(fd);
++ if (r < 0)
++ log_warning_errno(r, "Failed to reset terminal using ANSI sequences, ignoring: %m");
+
+ r = rearrange_stdio(fd, fd, fd); /* This invalidates 'fd' both on success and on failure. */
+ if (r < 0)
+diff --git a/src/basic/terminal-util.h b/src/basic/terminal-util.h
+index c30faf168c..90662e2e66 100644
+--- a/src/basic/terminal-util.h
++++ b/src/basic/terminal-util.h
+@@ -39,6 +39,8 @@
+
+ bool isatty_safe(int fd);
+
++int terminal_reset_ioctl(int fd, bool switch_to_text);
++int terminal_reset_ansi_seq(int fd);
+ int terminal_reset_defensive(int fd, bool switch_to_text);
+ int terminal_reset_defensive_locked(int fd, bool switch_to_text);
+
+@@ -101,7 +103,6 @@ bool tty_is_console(const char *tty) _pure_;
+ int vtnr_from_tty(const char *tty);
+ const char* default_term_for_tty(const char *tty);
+
+-void reset_dev_console_fd(int fd, bool switch_to_text);
+ int lock_dev_console(void);
+ int make_console_stdio(void);
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 172742c769..4bd2d8df75 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -245,18 +245,32 @@ unset:
+ }
+
+ static int console_setup(void) {
+-
+- if (getpid_cached() != 1)
+- return 0;
+-
+ _cleanup_close_ int tty_fd = -EBADF;
++ unsigned rows, cols;
++ int r;
+
+- tty_fd = open_terminal("/dev/console", O_RDWR|O_NOCTTY|O_CLOEXEC);
++ tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
+ if (tty_fd < 0)
+ return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
+
+- /* We don't want to force text mode. Plymouth may be showing pictures already from initrd. */
+- reset_dev_console_fd(tty_fd, /* switch_to_text= */ false);
++ /* We don't want to force text mode. plymouth may be showing
++ * pictures already from initrd. */
++ r = terminal_reset_ioctl(tty_fd, false);
++ if (r < 0)
++ return log_error_errno(r, "Failed to reset /dev/console: %m");
++
++ r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
++ if (r < 0)
++ log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m");
++ else {
++ r = terminal_set_size_fd(tty_fd, NULL, rows, cols);
++ if (r < 0)
++ log_warning_errno(r, "Failed to set /dev/console size, ignoring: %m");
++ }
++
++ r = terminal_reset_ansi_seq(tty_fd);
++ if (r < 0)
++ log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m");
+
+ save_console_winsize_in_environment(tty_fd);
+
+@@ -2977,7 +2991,7 @@ static void setup_console_terminal(bool skip_setup) {
+ (void) release_terminal();
+
+ /* Reset the console, but only if this is really init and we are freshly booted */
+- if (!skip_setup)
++ if (getpid_cached() == 1 && !skip_setup)
+ (void) console_setup();
+ }
+
diff --git a/SOURCES/0056-mkosi-move-config-options.patch b/SOURCES/0056-mkosi-move-config-options.patch
new file mode 100644
index 0000000..af6e807
--- /dev/null
+++ b/SOURCES/0056-mkosi-move-config-options.patch
@@ -0,0 +1,80 @@
+From b90f896880817da5ef41a08681426090edf2f25d Mon Sep 17 00:00:00 2001
+From: Matteo Croce <teknoraver@meta.com>
+Date: Thu, 19 Dec 2024 19:51:42 +0100
+Subject: [PATCH] mkosi: move config options
+
+Move some config option in the right section, fixes the following warning:
+```
+mkosi.conf: Setting Credentials should be configured in [Runtime], not [Host].
+mkosi.conf: Setting RuntimeBuildSources should be configured in [Runtime], not [Host].
+mkosi.conf: Setting RuntimeScratch should be configured in [Runtime], not [Host].
+mkosi.conf: Setting QemuSmp should be configured in [Runtime], not [Host].
+mkosi.conf: Setting QemuSwtpm should be configured in [Runtime], not [Host].
+mkosi.conf: Setting QemuVsock should be configured in [Runtime], not [Host].
+mkosi.conf: Setting QemuKvm should be configured in [Runtime], not [Host].
+```
+
+(cherry picked from commit 77d4a263c14ffbb6133382bc18319b6a54a8eaae)
+---
+ .github/workflows/coverage.yml | 4 ++--
+ .github/workflows/mkosi.yml | 4 ++--
+ mkosi.conf | 2 +-
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
+index 73409e53ef..410f77dc5e 100644
+--- a/.github/workflows/coverage.yml
++++ b/.github/workflows/coverage.yml
+@@ -16,7 +16,7 @@ jobs:
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+- - uses: systemd/mkosi@07ef37c4c0dad5dfc6cec86c967a7600df1cd88c
++ - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
+
+ # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
+ # immediately, we remove the files in the background. However, we first move them to a different location
+@@ -64,7 +64,7 @@ jobs:
+ MESON_OPTIONS=--werror
+ COVERAGE=1
+
+- [Host]
++ [Runtime]
+ QemuMem=4G
+ EOF
+
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index e7575fb6bb..3a10d116eb 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -113,7 +113,7 @@ jobs:
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+- - uses: systemd/mkosi@c4bbf3b71a3e2cf947995caedf10f69da3c4957a
++ - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
+
+ # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
+ # immediately, we remove the files in the background. However, we first move them to a different location
+@@ -171,7 +171,7 @@ jobs:
+ [Content]
+ SELinuxRelabel=${{ matrix.relabel }}
+
+- [Host]
++ [Runtime]
+ QemuMem=4G
+ EOF
+
+diff --git a/mkosi.conf b/mkosi.conf
+index 5622667078..3da4e07a87 100644
+--- a/mkosi.conf
++++ b/mkosi.conf
+@@ -130,7 +130,7 @@ Packages=
+ zsh
+ zstd
+
+-[Host]
++[Runtime]
+ Credentials=
+ journal.storage=persistent
+ tty.serial.hvc0.agetty.autologin=root
diff --git a/SOURCES/0057-mkosi-Update-to-latest.patch b/SOURCES/0057-mkosi-Update-to-latest.patch
new file mode 100644
index 0000000..e8a21b0
--- /dev/null
+++ b/SOURCES/0057-mkosi-Update-to-latest.patch
@@ -0,0 +1,37 @@
+From e48a63bf774bd184093c2279c62f299fe69cdf18 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 13:54:13 +0100
+Subject: [PATCH] mkosi: Update to latest
+
+(cherry picked from commit 1dd345b00d3c0e29abd661094f1cc58173a266e0)
+---
+ .github/workflows/coverage.yml | 2 +-
+ .github/workflows/mkosi.yml | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
+index 410f77dc5e..7850c2c514 100644
+--- a/.github/workflows/coverage.yml
++++ b/.github/workflows/coverage.yml
+@@ -16,7 +16,7 @@ jobs:
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+- - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
++ - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
+
+ # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
+ # immediately, we remove the files in the background. However, we first move them to a different location
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index 3a10d116eb..c9d4b012a2 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -113,7 +113,7 @@ jobs:
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+- - uses: systemd/mkosi@7d45366395f29fdb2b534a850c09d23d29b78fa9
++ - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
+
+ # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
+ # immediately, we remove the files in the background. However, we first move them to a different location
diff --git a/SOURCES/0058-mkosi-Add-gdb-to-tools-tree.patch b/SOURCES/0058-mkosi-Add-gdb-to-tools-tree.patch
new file mode 100644
index 0000000..a3b9ce1
--- /dev/null
+++ b/SOURCES/0058-mkosi-Add-gdb-to-tools-tree.patch
@@ -0,0 +1,22 @@
+From f91dab598b7b897c90868eecb308820c60e2d663 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 11:32:51 +0100
+Subject: [PATCH] mkosi: Add gdb to tools tree
+
+(cherry picked from commit 7337f4b1972a099714d596a5d0e7e26f7f2dab48)
+---
+ mkosi.conf.d/05-tools/mkosi.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf b/mkosi.conf.d/05-tools/mkosi.conf
+index 15c336a304..322851b627 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf
+@@ -3,6 +3,7 @@
+ [Build]
+ ToolsTreePackages=
+ gcc
++ gdb
+ gperf
+ lcov
+ llvm
diff --git a/SOURCES/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch b/SOURCES/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch
new file mode 100644
index 0000000..0672520
--- /dev/null
+++ b/SOURCES/0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch
@@ -0,0 +1,24 @@
+From 0257f4ba228582112e1c38dc79d8ac3887f023c1 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 14:43:48 +0100
+Subject: [PATCH] mkosi: Add libz1 to opensuse tools tree
+
+Without meson fails to configure properly.
+
+(cherry picked from commit d4dda34854c3bcb44ab5929ad32d0793e4debb9f)
+---
+ mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+index c065a52cf3..468f56856f 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+@@ -5,6 +5,7 @@ ToolsTreeDistribution=opensuse
+
+ [Build]
+ ToolsTreePackages=
++ libz1
+ gh
+ mypy
+ pkgconfig(blkid)
diff --git a/SOURCES/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch b/SOURCES/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch
new file mode 100644
index 0000000..ce92330
--- /dev/null
+++ b/SOURCES/0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch
@@ -0,0 +1,30 @@
+From a3cf3df23a71d8497287f4ef23ca19332d0b77bb Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 16:49:59 +0100
+Subject: [PATCH] mkosi: Enable EPEL for CentOS Stream tools tree
+
+We need packages from EPEL to be able to build CentOS Stream images
+with a CentOS Stream tools tree so enable it. This is broken on CentOS
+Stream 10 but given using a CentOS Stream tools tree is broken without
+EPEL as well, we might as well enable it and just wait until the packages
+are added to EPEL 10.
+
+(cherry picked from commit ac1a711d9a237eea36b053d43c0c35af7ac40b1f)
+---
+ mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf | 7 +++++++
+ 1 file changed, 7 insertions(+)
+ create mode 100644 mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
+
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
+new file mode 100644
+index 0000000000..737fec3a3d
+--- /dev/null
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos.conf
+@@ -0,0 +1,7 @@
++# SPDX-License-Identifier: LGPL-2.1-or-later
++
++[Match]
++ToolsTreeDistribution=centos
++
++[Build]
++ToolsTreeRepositories=epel,epel-next
diff --git a/SOURCES/0061-mkosi-Use-tools-tree-by-default.patch b/SOURCES/0061-mkosi-Use-tools-tree-by-default.patch
new file mode 100644
index 0000000..3ac3cd8
--- /dev/null
+++ b/SOURCES/0061-mkosi-Use-tools-tree-by-default.patch
@@ -0,0 +1,52 @@
+From e0bc5a219af218b8d201d93bc5369a9b361d6312 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 11:41:40 +0100
+Subject: [PATCH] mkosi: Use tools tree by default
+
+Let's enable usage of a tools tree by default to simplify the setup
+for new contributors and save them from having to install or upgrade
+a bunch of extra tools to get mkosi working as expected.
+
+(cherry picked from commit 1995084a9e01b53cf012a54fe69e35016c235151)
+---
+ .github/workflows/coverage.yml | 1 -
+ .github/workflows/mkosi.yml | 1 -
+ mkosi.conf | 1 +
+ 3 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
+index 7850c2c514..a1587e62e9 100644
+--- a/.github/workflows/coverage.yml
++++ b/.github/workflows/coverage.yml
+@@ -49,7 +49,6 @@ jobs:
+ Distribution=arch
+
+ [Build]
+- ToolsTree=default
+ ToolsTreeDistribution=arch
+ UseSubvolumes=yes
+ WithTests=no
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index c9d4b012a2..4d128822fb 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -152,7 +152,6 @@ jobs:
+
+ [Build]
+ UseSubvolumes=yes
+- ToolsTree=default
+ ToolsTreeDistribution=fedora
+ ToolsTreeRelease=rawhide
+
+diff --git a/mkosi.conf b/mkosi.conf
+index 3da4e07a87..ab8a6a1372 100644
+--- a/mkosi.conf
++++ b/mkosi.conf
+@@ -29,6 +29,7 @@ RepartDirectories=mkosi.repart
+ OutputDirectory=build/mkosi.output
+
+ [Build]
++ToolsTree=default
+ BuildDirectory=build/mkosi.builddir
+ CacheDirectory=build/mkosi.cache
+ BuildSourcesEphemeral=yes
diff --git a/SOURCES/0062-mkosi-Use-build-as-extra-search-path-by-default.patch b/SOURCES/0062-mkosi-Use-build-as-extra-search-path-by-default.patch
new file mode 100644
index 0000000..d47744d
--- /dev/null
+++ b/SOURCES/0062-mkosi-Use-build-as-extra-search-path-by-default.patch
@@ -0,0 +1,30 @@
+From b24ade737cbc163b5b11b45ee81498b01db32688 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 11:43:01 +0100
+Subject: [PATCH] mkosi: Use build/ as extra search path by default
+
+Building systemd with mkosi generally requires a very recent version
+of systemd which might not be installed on the host. Let's configure
+mkosi to look for extra executables in the build/ directory by default
+so that we prefer systemd executables from the build directory over those
+on the host as those on the host are likely to be too old.
+
+(cherry picked from commit 8c5b4df5435ff9e49421ef8db0ca6de06c856b04)
+---
+ mkosi.conf.d/20-extra-search-path.conf | 7 +++++++
+ 1 file changed, 7 insertions(+)
+ create mode 100644 mkosi.conf.d/20-extra-search-path.conf
+
+diff --git a/mkosi.conf.d/20-extra-search-path.conf b/mkosi.conf.d/20-extra-search-path.conf
+new file mode 100644
+index 0000000000..b7308f7f21
+--- /dev/null
++++ b/mkosi.conf.d/20-extra-search-path.conf
+@@ -0,0 +1,7 @@
++# SPDX-License-Identifier: LGPL-2.1-or-later
++
++[Match]
++PathExists=build/
++
++[Build]
++ExtraSearchPaths=build/
diff --git a/SOURCES/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch b/SOURCES/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch
new file mode 100644
index 0000000..31d9cc0
--- /dev/null
+++ b/SOURCES/0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch
@@ -0,0 +1,24 @@
+From debe1f7f56d8123c9953cd2ca068d39156a4b964 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 15:05:33 +0100
+Subject: [PATCH] mkosi.clangd: Don't pass --host if we're not using
+ flatpak-spawn
+
+(cherry picked from commit b133f57544cb6cce244bb8566fbacc952db76d73)
+---
+ mkosi.clangd | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkosi.clangd b/mkosi.clangd
+index 7cd447c4ee..10c44a70d8 100755
+--- a/mkosi.clangd
++++ b/mkosi.clangd
+@@ -7,7 +7,7 @@ else
+ SPAWN=()
+ fi
+
+-MKOSI_CONFIG="$("${SPAWN[@]}" --host mkosi --json summary | jq -r .Images[-1])"
++MKOSI_CONFIG="$("${SPAWN[@]}" mkosi --json summary | jq -r .Images[-1])"
+ DISTRIBUTION="$(jq -r .Distribution <<< "$MKOSI_CONFIG")"
+ RELEASE="$(jq -r .Release <<< "$MKOSI_CONFIG")"
+ ARCH="$(jq -r .Architecture <<< "$MKOSI_CONFIG")"
diff --git a/SOURCES/0064-mkosi.clangd-Fail-on-command-errors.patch b/SOURCES/0064-mkosi.clangd-Fail-on-command-errors.patch
new file mode 100644
index 0000000..6354c94
--- /dev/null
+++ b/SOURCES/0064-mkosi.clangd-Fail-on-command-errors.patch
@@ -0,0 +1,21 @@
+From 51a31ac6e5fbc00066f669aa410d8b5ebb893faf Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 15:05:51 +0100
+Subject: [PATCH] mkosi.clangd: Fail on command errors
+
+(cherry picked from commit ba3f148307e551d1be3e92383c8d37a9cc5b7a95)
+---
+ mkosi.clangd | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mkosi.clangd b/mkosi.clangd
+index 10c44a70d8..23251baf63 100755
+--- a/mkosi.clangd
++++ b/mkosi.clangd
+@@ -1,5 +1,6 @@
+ #!/bin/bash
+ # SPDX-License-Identifier: LGPL-2.1-or-later
++set -e
+
+ if command -v flatpak-spawn >/dev/null; then
+ SPAWN=(flatpak-spawn --host)
diff --git a/SOURCES/0065-docs-Simplify-hacking-documentation.patch b/SOURCES/0065-docs-Simplify-hacking-documentation.patch
new file mode 100644
index 0000000..59bfc21
--- /dev/null
+++ b/SOURCES/0065-docs-Simplify-hacking-documentation.patch
@@ -0,0 +1,210 @@
+From c96a642764e3ceb23c43eff0a49d132caf58bee7 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 19 Dec 2024 11:45:01 +0100
+Subject: [PATCH] docs: Simplify hacking documentation
+
+Let's use "mkosi sandbox" in the docs so that users can build systemd
+without having to install anything except mkosi. Using mkosi sandbox
+will use tools and dependencies from the tools tree which is also used
+in CI and thus has a higher chance of working from the first try compared
+to whatever tools might be installed on the host system of a new contributor.
+
+(cherry picked from commit 34b5a27b0bfd1b0b35bf67c70d1f8bf5c6795b7d)
+---
+ docs/HACKING.md | 153 +++++++++++++++++++++---------------------------
+ 1 file changed, 68 insertions(+), 85 deletions(-)
+
+diff --git a/docs/HACKING.md b/docs/HACKING.md
+index cedf35fef0..2203c32640 100644
+--- a/docs/HACKING.md
++++ b/docs/HACKING.md
+@@ -7,94 +7,97 @@ SPDX-License-Identifier: LGPL-2.1-or-later
+
+ # Hacking on systemd
+
+-We welcome all contributions to systemd.
+-If you notice a bug or a missing feature, please feel invited to fix it, and submit your work as a
++We welcome all contributions to systemd. If you notice a bug or a missing
++feature, please feel invited to fix it, and submit your work as a
+ [GitHub Pull Request (PR)](https://github.com/systemd/systemd/pull/new).
+
+-Please make sure to follow our [Coding Style](/CODING_STYLE) when submitting patches.
+-Also have a look at our [Contribution Guidelines](/CONTRIBUTING).
+-
+-When adding new functionality, tests should be added.
+-For shared functionality (in `src/basic/` and `src/shared/`) unit tests should be sufficient.
+-The general policy is to keep tests in matching files underneath `src/test/`,
+-e.g. `src/test/test-path-util.c` contains tests for any functions in `src/basic/path-util.c`.
+-If adding a new source file, consider adding a matching test executable.
+-For features at a higher level, tests in `src/test/` are very strongly recommended.
+-If that is not possible, integration tests in `test/` are encouraged.
+-
+-Please always test your work before submitting a PR.
+-For many of the components of systemd testing is straightforward as you can simply compile systemd and run the relevant tool from the build directory.
+-
+-For some components (most importantly, systemd/PID 1 itself) this is not possible, however.
+-In order to simplify testing for cases like this we provide a set of `mkosi` config files directly in the source tree.
+-[mkosi](https://mkosi.systemd.io/)
+-is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project in the local working directory.
+-To make use of this, please install `mkosi` from the [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
+-`mkosi` will build an image for the host distro by default.
+-First, run `mkosi genkey` to generate a key and certificate to be used for secure boot and verity signing.
+-After that is done, it is sufficient to type `mkosi` in the systemd project directory to generate a disk image you can boot either in `systemd-nspawn` or in a UEFI-capable VM:
++Please make sure to follow our [Coding Style](/CODING_STYLE) when submitting
++patches. Also have a look at our [Contribution Guidelines](/CONTRIBUTING).
++
++When adding new functionality, tests should be added. For shared functionality
++(in `src/basic/` and `src/shared/`) unit tests should be sufficient. The general
++policy is to keep tests in matching files underneath `src/test/`, e.g.
++`src/test/test-path-util.c` contains tests for any functions in
++`src/basic/path-util.c`. If adding a new source file, consider adding a matching
++test executable. For features at a higher level, tests in `src/test/` are very
++strongly recommended. If that is not possible, integration tests in `test/` are
++encouraged. Please always test your work before submitting a PR.
++
++## Hacking on systemd with mkosi
++
++[mkosi](https://mkosi.systemd.io/) is our swiss army knife for hacking on
++systemd. It makes sure all necessary dependencies are available to build systemd
++and allows building and booting an OS image with the latest systemd installed
++for testing purposes.
++
++First, install `mkosi` from the
++[GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
++Note that it's not possible to use your distribution's packaged version of mkosi
++as mkosi has to be installed outside of `/usr` for the following steps to work.
++
++Then, you can build and run systemd executables as follows:
+
+ ```sh
+-$ sudo mkosi boot # nspawn still needs sudo for now
++$ mkosi -f sandbox meson setup build
++$ mkosi -f sandbox ninja -C build
++$ mkosi -f sandbox build/systemctl --version
+ ```
+
+-or:
++To build and boot an OS image with the latest systemd installed:
+
+ ```sh
+-$ mkosi qemu
++$ mkosi -f genkey # Generate signing keys once.
++$ mkosi -f sandbox ninja -C build mkosi # (re-)build the OS image
++$ sudo mkosi boot # Boot the image with systemd-nspawn.
++$ mkosi qemu # Boot the image with qemu.
+ ```
+
+-By default, the tools from your host system are used to build the image.
+-Sometimes we start using mkosi features that rely on functionality in systemd
+-tools that's not in an official release yet. In that case, you'll need to build
+-systemd from source on the host and configure mkosi to use the tools from the
+-systemd build directory.
+-
+-To do a local build, most distributions provide very simple and convenient ways
+-to install most development packages necessary to build systemd:
++Putting this all together, here's a series of commands for preparing a patch for
++systemd:
+
+ ```sh
+-# Fedora
+-$ sudo dnf builddep systemd
+-# Debian/Ubuntu
+-$ sudo apt-get build-dep systemd
+-# Arch
+-$ sudo pacman -S devtools
+-$ pkgctl repo clone --protocol=https systemd
++$ git clone https://github.com/systemd/mkosi.git
++$ ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH.
++$ git clone https://github.com/systemd/systemd.git
+ $ cd systemd
+-$ makepkg -seoc
++$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
++$ $EDITOR src/core/main.c # or wherever you'd like to make your changes
++$ mkosi -f sandbox meson setup build # Set up meson
++$ mkosi -f genkey # Generate signing keys once.
++$ mkosi -f sandbox ninja -C build mkosi # (re-)build the test image
++$ mkosi qemu # Boot the image in qemu
++$ git add -p # interactively put together your patch
++$ git commit # commit it
++$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
+ ```
+
+-After installing the development packages, systemd can be built from source as follows:
++And after that, head over to your repo on GitHub and click "Compare & pull
++request"
+
+-```sh
+-$ meson setup build <options>
+-$ ninja -C build
+-$ meson test -C build
+-```
++Happy hacking!
+
+-To have `mkosi` use the systemd tools from the `build/` directory, add the
+-following to `mkosi.local.conf`:
++The following sections contain advanced topics on how to speed up development or
++streamline debugging. Feel free to read them if you're interested but they're
++not required to write basic patches.
+
+-```conf
+-[Host]
+-ExtraSearchPaths=build/
+-```
++## Building the OS image without a tools tree
+
+-And if you want `mkosi` to build a tools image and use the tools from there
+-instead of looking for tools on the host, add the following to
+-`mkosi.local.conf`:
++By default, `mkosi` will first build a tools tree and use it build the image and
++provide the environment for `mkosi sandbox`. To disable the tools tree and use
++binaries from your host instead, write the following to `mkosi.local.conf`:
+
+ ```conf
+-[Host]
+-ToolsTree=default
++[Build]
++ToolsTree=
+ ```
+
+-Every time you rerun the `mkosi` command a fresh image is built, incorporating
+-all current changes you made to the project tree. To build the latest changes
+-and re-install after booting the image, run one of the following commands in
+-another terminal on your host (choose the right one depending on the
+-distribution of the container or virtual machine):
++## Rebuilding systemd without rebuilding the OS image
++
++Every time the `mkosi` target is built, a fresh image is built. To build the
++latest changes and re-install systemd without rebuilding the image, run one of
++the following commands in another terminal on your host after booting the image
++(choose the right one depending on the distribution of the container or virtual
++machine):
+
+ ```sh
+ mkosi -t none && mkosi ssh dnf upgrade --disablerepo="*" --assumeyes "/work/build/*.rpm" # CentOS/Fedora
+@@ -107,26 +110,6 @@ and optionally restart the daemon(s) you're working on using
+ `systemctl restart <units>` or `systemctl daemon-reexec` if you're working on
+ pid1 or `systemctl soft-reboot` to restart everything.
+
+-Putting this all together, here's a series of commands for preparing a patch for systemd:
+-
+-```sh
+-$ git clone https://github.com/systemd/mkosi.git
+-$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi
+-$ git clone https://github.com/systemd/systemd.git
+-$ cd systemd
+-$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
+-$ vim src/core/main.c # or wherever you'd like to make your changes
+-$ mkosi -f qemu # (re-)build and boot up the test image in qemu
+-$ mkosi -t none # Build new packages without rebuilding the image
+-$ git add -p # interactively put together your patch
+-$ git commit # commit it
+-$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
+-```
+-
+-And after that, head over to your repo on GitHub and click "Compare & pull request"
+-
+-Happy hacking!
+-
+ ## Building distribution packages with mkosi
+
+ To build distribution packages for a specific distribution and release without
diff --git a/SOURCES/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch b/SOURCES/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch
new file mode 100644
index 0000000..5d31c19
--- /dev/null
+++ b/SOURCES/0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch
@@ -0,0 +1,27 @@
+From 586b56f2fe741303af241f00c00c088dd2acadca Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Sat, 21 Dec 2024 19:10:42 +0100
+Subject: [PATCH] mkosi: Fix authselect systemd-homed feature name
+
+The feature name is with-systemd-homed, not with-homed.
+
+(cherry picked from commit 5495b11360d649dc8810d59b096231ba596e9436)
+---
+ mkosi.postinst.chroot | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mkosi.postinst.chroot b/mkosi.postinst.chroot
+index 0f9e361488..310a26fa14 100755
+--- a/mkosi.postinst.chroot
++++ b/mkosi.postinst.chroot
+@@ -24,8 +24,8 @@ if command -v authselect >/dev/null; then
+
+ authselect select "$PROFILE"
+
+- if authselect list-features "$PROFILE" | grep -q "with-homed"; then
+- authselect enable-feature with-homed
++ if authselect list-features "$PROFILE" | grep -q "with-systemd-homed"; then
++ authselect enable-feature with-systemd-homed
+ fi
+ fi
+
diff --git a/SOURCES/0067-docs-Use-meson-compile-instead-of-ninja.patch b/SOURCES/0067-docs-Use-meson-compile-instead-of-ninja.patch
new file mode 100644
index 0000000..7b1ec96
--- /dev/null
+++ b/SOURCES/0067-docs-Use-meson-compile-instead-of-ninja.patch
@@ -0,0 +1,68 @@
+From 5f0d736f448973e8a8e68d6bbf9625061dfbc2ab Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 24 Dec 2024 09:53:53 +0100
+Subject: [PATCH] docs: Use meson compile instead of ninja
+
+"ninja -C build mkosi" doesn't actually work and fails because ninja
+thinks the mkosi target does not exist. "meson compile -C build mkosi"
+dpes work so let's use that instead.
+
+Fixes #35741
+
+(cherry picked from commit ece81f339ff41113876bf7a9a2c1ad317c2eb258)
+---
+ docs/HACKING.md | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/docs/HACKING.md b/docs/HACKING.md
+index 2203c32640..d1202dee4e 100644
+--- a/docs/HACKING.md
++++ b/docs/HACKING.md
+@@ -39,17 +39,17 @@ Then, you can build and run systemd executables as follows:
+
+ ```sh
+ $ mkosi -f sandbox meson setup build
+-$ mkosi -f sandbox ninja -C build
++$ mkosi -f sandbox meson compile -C build
+ $ mkosi -f sandbox build/systemctl --version
+ ```
+
+ To build and boot an OS image with the latest systemd installed:
+
+ ```sh
+-$ mkosi -f genkey # Generate signing keys once.
+-$ mkosi -f sandbox ninja -C build mkosi # (re-)build the OS image
+-$ sudo mkosi boot # Boot the image with systemd-nspawn.
+-$ mkosi qemu # Boot the image with qemu.
++$ mkosi -f genkey # Generate signing keys once.
++$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image
++$ sudo mkosi boot # Boot the image with systemd-nspawn.
++$ mkosi qemu # Boot the image with qemu.
+ ```
+
+ Putting this all together, here's a series of commands for preparing a patch for
+@@ -60,15 +60,15 @@ $ git clone https://github.com/systemd/mkosi.git
+ $ ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH.
+ $ git clone https://github.com/systemd/systemd.git
+ $ cd systemd
+-$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
+-$ $EDITOR src/core/main.c # or wherever you'd like to make your changes
+-$ mkosi -f sandbox meson setup build # Set up meson
+-$ mkosi -f genkey # Generate signing keys once.
+-$ mkosi -f sandbox ninja -C build mkosi # (re-)build the test image
+-$ mkosi qemu # Boot the image in qemu
+-$ git add -p # interactively put together your patch
+-$ git commit # commit it
+-$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
++$ git checkout -b <BRANCH> # where BRANCH is the name of the branch
++$ $EDITOR src/core/main.c # or wherever you'd like to make your changes
++$ mkosi -f sandbox meson setup build # Set up meson
++$ mkosi -f genkey # Generate signing keys once.
++$ mkosi -f sandbox meson compile -C build mkosi # (re-)build the test image
++$ mkosi qemu # Boot the image in qemu
++$ git add -p # interactively put together your patch
++$ git commit # commit it
++$ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
+ ```
+
+ And after that, head over to your repo on GitHub and click "Compare & pull
diff --git a/SOURCES/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch b/SOURCES/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch
new file mode 100644
index 0000000..9ca7c30
--- /dev/null
+++ b/SOURCES/0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch
@@ -0,0 +1,26 @@
+From bcda7cc1b1121594ea34e3ccf7074a4386407f7b Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 23 Dec 2024 21:30:32 +0100
+Subject: [PATCH] docs: Explicitly mention ~/.local/bin in section on
+ installing mkosi
+
+(cherry picked from commit 54b4ec887066b12fe97ac28d7ed5108a23f262de)
+---
+ docs/HACKING.md | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/docs/HACKING.md b/docs/HACKING.md
+index d1202dee4e..de3f66dd55 100644
+--- a/docs/HACKING.md
++++ b/docs/HACKING.md
+@@ -33,7 +33,9 @@ for testing purposes.
+ First, install `mkosi` from the
+ [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository).
+ Note that it's not possible to use your distribution's packaged version of mkosi
+-as mkosi has to be installed outside of `/usr` for the following steps to work.
++as mkosi has to be installed outside of `/usr` for the following steps to work. When
++installing mkosi from the github repository, make sure to symlink it to `~/.local/bin`
++instead of `/usr/local/bin` if you want to add it to your `$PATH`.
+
+ Then, you can build and run systemd executables as follows:
+
diff --git a/SOURCES/0069-mkosi-update-opensuse-spec-repo-commit.patch b/SOURCES/0069-mkosi-update-opensuse-spec-repo-commit.patch
new file mode 100644
index 0000000..795ddf1
--- /dev/null
+++ b/SOURCES/0069-mkosi-update-opensuse-spec-repo-commit.patch
@@ -0,0 +1,23 @@
+From 3e998a517ebc4b3fca069ada0f0adb35b3158a75 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Thu, 26 Dec 2024 12:08:34 +0000
+Subject: [PATCH] mkosi: update opensuse spec repo commit
+
+(cherry picked from commit 4db0252c7fd53dc5388db458ad93ce7ef433e704)
+---
+ mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+index 991d610bb8..972b12c56f 100644
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+@@ -7,7 +7,7 @@ Distribution=opensuse
+ Environment=
+ GIT_URL=https://src.opensuse.org/pool/systemd
+ GIT_BRANCH=devel
+- GIT_COMMIT=35e7ce86d092dd1f4a85c51b0c6dc07769235f0fafc0b7072cffbbe79976d6ec
++ GIT_COMMIT=34e937066081c33841b53ff69130ac843100b68f2dc5bca5e21b30699385998e
+ PKG_SUBDIR=opensuse
+
+ [Content]
diff --git a/SOURCES/0070-mkosi-update-openSUSE-commit-reference.patch b/SOURCES/0070-mkosi-update-openSUSE-commit-reference.patch
new file mode 100644
index 0000000..e4f183d
--- /dev/null
+++ b/SOURCES/0070-mkosi-update-openSUSE-commit-reference.patch
@@ -0,0 +1,25 @@
+From 869964c1eecad09dfe38cff5a6b7b25343cbc8f4 Mon Sep 17 00:00:00 2001
+From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+Date: Mon, 30 Dec 2024 11:00:07 +0100
+Subject: [PATCH] mkosi: update openSUSE commit reference
+
+Force-pushed as usual, now HEAD is v257.1.
+
+(cherry picked from commit 37c2be73e7238a99bc114f85c7af5c4702f15046)
+---
+ mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+index 972b12c56f..4e83002c91 100644
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+@@ -7,7 +7,7 @@ Distribution=opensuse
+ Environment=
+ GIT_URL=https://src.opensuse.org/pool/systemd
+ GIT_BRANCH=devel
+- GIT_COMMIT=34e937066081c33841b53ff69130ac843100b68f2dc5bca5e21b30699385998e
++ GIT_COMMIT=cfdec97b3a3d459b1a74a6be33372fed9558fe6d5bef4ece4d7fb94905057c75
+ PKG_SUBDIR=opensuse
+
+ [Content]
diff --git a/SOURCES/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch b/SOURCES/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch
new file mode 100644
index 0000000..6650f93
--- /dev/null
+++ b/SOURCES/0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch
@@ -0,0 +1,53 @@
+From e28aa452ce82ff34d2bf29d1f00ee7aa3df780ae Mon Sep 17 00:00:00 2001
+From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+Date: Mon, 30 Dec 2024 17:38:36 +0100
+Subject: [PATCH] mkosi: add libopenssl devel package to openSUSE tools tree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Otherwise, the build fails with:
+
+```
+INFO: autodetecting backend as ninja
+INFO: calculating backend command to run: /usr/bin/ninja -C /mnt/work/src/systemd/upstream-fork/main/build-mkosi
+ninja: Entering directory `/mnt/work/src/systemd/upstream-fork/main/build-mkosi'
+[463/2561] Compiling C object src/shared/libsystemd-shared-258.a.p/openssl-util.c.o
+FAILED: src/shared/libsystemd-shared-258.a.p/openssl-util.c.o
+cc -Isrc/shared/libsystemd-shared-258.a.p -Isrc/shared -I../src/shared -Isrc/basic -I../src/basic -Isrc/fundamental -I../src/fundamental -Isrc/systemd -I../src/systemd -I. -I.. -I../src/libsystemd/sd-bus -I../src/libsystemd/sd-device -I../src/libsystemd/sd-event -I../src/libsystemd/sd-hwdb -I../src/libsystemd/sd-id128 -I../src/libsystemd/sd-journal -I../src/libsystemd/sd-json -I../src/libsystemd/sd-netlink -I../src/libsystemd/sd-network -I../src/libsystemd/sd-path -I../src/libsystemd/sd-resolve -I../src/libsystemd/sd-varlink -I/usr/include/blkid -I/usr/include/libmount -I/usr/include/p11-kit-1 -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 -O0 -g -Wno-missing-field-initializers -Wno-unused-parameter -Wno-nonnull-compare -Warray-bounds -Warray-bounds=2 -Wdate-time -Wendif-labels -Werror=format=2 -Werror=format-signedness -Werror=implicit-function-declaration -Werror=implicit-int -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=missing-declarations -Werror=missing-prototypes -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=strict-flex-arrays -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wzero-length-bounds -fdiagnostics-show-option -fno-common -fstack-protector -fstack-protector-strong -fstrict-flex-arrays=3 --param=ssp-buffer-size=4 -Wno-unused-result -Werror=shadow -fPIC -fno-strict-aliasing -fstrict-flex-arrays=1 -fvisibility=hidden -fno-omit-frame-pointer -include config.h -pthread -fvisibility=default -MD -MQ src/shared/libsystemd-shared-258.a.p/openssl-util.c.o -MF src/shared/libsystemd-shared-258.a.p/openssl-util.c.o.d -o src/shared/libsystemd-shared-258.a.p/openssl-util.c.o -c ../src/shared/openssl-util.c
+../src/shared/openssl-util.c: In function ‘openssl_ask_password_ui_read’:
+../src/shared/openssl-util.c:1395:65: error: implicit declaration of function ‘UI_method_get_ex_data’; did you mean ‘UI_method_get_reader’? [-Wimplicit-function-declaration]
+ 1395 | AskPasswordRequest *req = (AskPasswordRequest*) UI_method_get_ex_data(UI_get_method(ui), 0);
+ | ^~~~~~~~~~~~~~~~~~~~~
+ | UI_method_get_reader
+../src/shared/openssl-util.c:1395:65: warning: nested extern declaration of ‘UI_method_get_ex_data’ [-Wnested-externs]
+../src/shared/openssl-util.c:1395:43: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
+ 1395 | AskPasswordRequest *req = (AskPasswordRequest*) UI_method_get_ex_data(UI_get_method(ui), 0);
+ | ^
+../src/shared/openssl-util.c: In function ‘openssl_ask_password_ui_new’:
+../src/shared/openssl-util.c:1479:13: error: implicit declaration of function ‘UI_method_set_ex_data’; did you mean ‘UI_method_set_reader’? [-Wimplicit-function-declaration]
+ 1479 | if (UI_method_set_ex_data(ui->method, 0, &ui->request) == 0)
+ | ^~~~~~~~~~~~~~~~~~~~~
+ | UI_method_set_reader
+../src/shared/openssl-util.c:1479:13: warning: nested extern declaration of ‘UI_method_set_ex_data’ [-Wnested-externs]
+[480/2561] Compiling C object src/shared/libsystemd-shared-258.a.p/pkcs11-util.c.o
+ninja: build stopped: subcommand failed.
+```
+
+(cherry picked from commit 8a6ad7c8376b5dab1d3502a39cead9c63152293d)
+---
+ mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+index 468f56856f..d486875fab 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+@@ -15,6 +15,7 @@ ToolsTreePackages=
+ pkgconfig(fdisk)
+ pkgconfig(libmicrohttpd)
+ pkgconfig(mount)
++ pkgconfig(libopenssl)
+ python3-ruff
+ tpm2-0-tss-devel
+ python3-jinja2
diff --git a/SOURCES/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch b/SOURCES/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch
new file mode 100644
index 0000000..da22186
--- /dev/null
+++ b/SOURCES/0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch
@@ -0,0 +1,144 @@
+From dd5c8cacbdc9ce7e5f678a963c92d68e9fe88879 Mon Sep 17 00:00:00 2001
+From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+Date: Mon, 30 Dec 2024 17:39:16 +0100
+Subject: [PATCH] mkosi: switch to github mirror of openSUSE sources from
+ build.opensuse.org
+
+The current src.opensuse.org is very unstable and commit hashes are reset (or
+even removed) every now and then. While the official repo is not fixed, let's
+move to a more stable source, the github mirror of code.opensuse.org, maintained
+since 2019.
+
+(cherry picked from commit 07638ce2a46c99300e21d7b54e9404fdce488d53)
+---
+ .../mkosi.conf.d/opensuse/mkosi.build.chroot | 16 ++++++++--------
+ .../build/mkosi.conf.d/opensuse/mkosi.conf | 7 ++++---
+ .../build/mkosi.conf.d/opensuse/mkosi.prepare | 14 +++++++-------
+ 3 files changed, 19 insertions(+), 18 deletions(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+index c9089b78c4..8c4fb9bd6f 100755
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+@@ -4,8 +4,8 @@ set -e
+
+ . mkosi.functions
+
+-if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
+- echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
++if [[ ! -f "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" ]]; then
++ echo "spec not found at pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+ exit 1
+ fi
+
+@@ -14,7 +14,7 @@ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
+ # The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we
+ # disable manpage compression as the files cannot be found. Fix the issue by removing the compression
+ # extension.
+-find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
++find "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
+
+ if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then
+ # Fix the %install override so debuginfo packages are generated.
+@@ -58,10 +58,10 @@ if ((COVERAGE)); then
+ fi
+
+ # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
+-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
++sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+
+ # TODO: Drop when the opensuse spec uses README.md instead of README.testsuite.
+-sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec"
++sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+
+ build() {
+ IFS=
+@@ -81,7 +81,7 @@ build() {
+ --with upstream \
+ $( ((WITH_TESTS)) || echo "--nocheck") \
+ --define "_topdir /var/tmp" \
+- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \
++ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \
+ --define "_rpmdir $BUILDDIR" \
+ ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+@@ -103,7 +103,7 @@ build() {
+ --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \
+ --noclean \
+ "$@" \
+- "pkg/$PKG_SUBDIR/systemd.spec"
++ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+
+ EXIT_STATUS=$?
+
+@@ -127,7 +127,7 @@ if ! build; then
+ # warnings.
+ rm systemd.lang
+
+- grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd"
++ grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/files.systemd"
+ build --noprep --nocheck
+ fi
+
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+index 4e83002c91..a374207e4d 100644
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+@@ -5,9 +5,10 @@ Distribution=opensuse
+
+ [Build]
+ Environment=
+- GIT_URL=https://src.opensuse.org/pool/systemd
+- GIT_BRANCH=devel
+- GIT_COMMIT=cfdec97b3a3d459b1a74a6be33372fed9558fe6d5bef4ece4d7fb94905057c75
++ GIT_URL=https://github.com/bmwiedemann/openSUSE
++ GIT_SUBDIR=packages/s/systemd
++ GIT_BRANCH=master
++ GIT_COMMIT=1477f2646dd26ee3b166f26bd380a173fb649939
+ PKG_SUBDIR=opensuse
+
+ [Content]
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
+index c4a9580715..de736a570f 100755
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
+@@ -6,13 +6,13 @@ if [[ "$1" == "build" ]]; then
+ exit 0
+ fi
+
+-if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then
+- echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
++if [[ ! -f "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" ]]; then
++ echo "spec not found at pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+ exit 1
+ fi
+
+ # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
+-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
++sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+
+ mkosi-chroot \
+ rpmspec \
+@@ -20,8 +20,8 @@ mkosi-chroot \
+ --query \
+ --buildrequires \
+ --define "_topdir /var/tmp" \
+- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \
+- "pkg/$PKG_SUBDIR/systemd.spec" |
++ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \
++ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
+ sort --unique |
+ tee /tmp/buildrequires |
+@@ -34,9 +34,9 @@ until mkosi-chroot \
+ --build-in-place \
+ --with upstream \
+ --define "_topdir /var/tmp" \
+- --define "_sourcedir $PWD/pkg/$PKG_SUBDIR" \
++ --define "_sourcedir $PWD/pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+- "pkg/$PKG_SUBDIR/systemd.spec"
++ "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+ do
+ EXIT_STATUS=$?
+ if [[ $EXIT_STATUS -ne 11 ]]; then
diff --git a/SOURCES/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch b/SOURCES/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch
new file mode 100644
index 0000000..48121b9
--- /dev/null
+++ b/SOURCES/0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch
@@ -0,0 +1,65 @@
+From 04dc2fab4c1aa8cc1cf54c61d73f38185f8074f6 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 2 Jan 2025 13:11:48 +0100
+Subject: [PATCH] mkosi: Allow disabling vcs-tag via environment variable
+
+(cherry picked from commit 76d80cc34331b0cefd354ea9de70e9bbb46550a0)
+---
+ mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot | 2 +-
+ .../build/mkosi.conf.d/centos-fedora/mkosi.build.chroot | 2 +-
+ .../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 2 +-
+ mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
+index 83c4960ac8..202646f0ad 100755
+--- a/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot
+@@ -28,7 +28,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
+ fi
+
+-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+ if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
+ MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
+ fi
+diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
+index 1de1578e20..e41b9b1189 100755
+--- a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot
+@@ -48,7 +48,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
+ fi
+
+-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+ if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
+ MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
+ fi
+diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+index 5f3e53ff53..b17483a03f 100755
+--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+@@ -44,7 +44,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
+ MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
+ fi
+
+-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+ if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
+ MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
+ fi
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+index 8c4fb9bd6f..72115c2c5b 100755
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+@@ -48,7 +48,7 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then
+ MKOSI_LDFLAGS="%{nil}"
+ fi
+
+-MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}"
++MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+ if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
+ MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
+ fi
diff --git a/SOURCES/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch b/SOURCES/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch
new file mode 100644
index 0000000..eab05ee
--- /dev/null
+++ b/SOURCES/0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch
@@ -0,0 +1,81 @@
+From 194f7bbe9a12051f19dcff16eaa297261b657e86 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 2 Jan 2025 16:17:53 +0100
+Subject: [PATCH] docs: Use mkosi sandbox in test documentation as well
+
+Same change as in HACKING.md, but for running the integration tests.
+
+(cherry picked from commit 8a652636503ee99dd484e2ae051cc1f1bdfc18ab)
+---
+ test/README.testsuite | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/test/README.testsuite b/test/README.testsuite
+index fc1c9f136d..25b44912e9 100644
+--- a/test/README.testsuite
++++ b/test/README.testsuite
+@@ -11,7 +11,7 @@ reconfiguring meson to make sure it is picked up properly.
+ We also need to make sure the required meson options are enabled:
+
+ ```shell
+-$ meson setup --reconfigure build -Dremote=enabled
++$ mkosi -f sandbox meson setup --reconfigure build -Dremote=enabled
+ ```
+
+ To make sure `mkosi` doesn't try to build systemd from source during the image build
+@@ -31,7 +31,7 @@ to /etc which is used when building the image instead.
+ Next, we can build the integration test image with meson:
+
+ ```shell
+-$ meson compile -C build mkosi
++$ mkosi -f sandbox meson compile -C build mkosi
+ ```
+
+ By default, the `mkosi` meson target which builds the integration test image depends on
+@@ -52,24 +52,24 @@ directory (`OutputDirectory=`) to point to the other directory using `mkosi.loca
+ After the image has been built, the integration tests can be run with:
+
+ ```shell
+-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
++$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))"
+ ```
+
+ As usual, specific tests can be run in meson by appending the name of the test
+ which is usually the name of the directory e.g.
+
+ ```shell
+-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
++$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -v TEST-01-BASIC
+ ```
+
+-See `meson introspect build --tests` for a list of tests.
++See `mkosi -f sandbox meson introspect build --tests` for a list of tests.
+
+ To interactively debug a failing integration test, the `--interactive` option
+ (`-i`) for `meson test` can be used. Note that this requires meson v1.5.0 or
+ newer:
+
+ ```shell
+-$ env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC
++$ env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -i TEST-01-BASIC
+ ```
+
+ Due to limitations in meson, the integration tests do not yet depend on the
+@@ -78,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the
+ following command can be used:
+
+ ```shell
+-$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC
++$ mkosi -f sandbox meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 mkosi -f sandbox meson test -C build --no-rebuild -v TEST-01-BASIC
+ ```
+
+ The integration tests use the same mkosi configuration that's used when you run
+@@ -92,7 +92,7 @@ To iterate on an integration test, let's first get a shell in the integration te
+ the following:
+
+ ```shell
+-$ meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 meson test -C build --no-rebuild -i TEST-01-BASIC
++$ mkosi -f sandbox meson compile -C build mkosi && env SYSTEMD_INTEGRATION_TESTS=1 TEST_SHELL=1 mkosi -f sandbox meson test -C build --no-rebuild -i TEST-01-BASIC
+ ```
+
+ This will get us a shell in the integration test environment after booting the machine without running the
diff --git a/SOURCES/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch b/SOURCES/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch
new file mode 100644
index 0000000..6232a5d
--- /dev/null
+++ b/SOURCES/0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch
@@ -0,0 +1,83 @@
+From 20b0b2d7973049d918a69025c5d6b6cbe00f5f41 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 2 Jan 2025 16:21:42 +0000
+Subject: [PATCH] test: update README's Ubuntu CI section for mkosi changes
+
+(cherry picked from commit 01829580471eb1958bc5c43caa871b243edb1055)
+---
+ test/README.testsuite | 30 ++++++------------------------
+ 1 file changed, 6 insertions(+), 24 deletions(-)
+
+diff --git a/test/README.testsuite b/test/README.testsuite
+index 25b44912e9..da2d17a6db 100644
+--- a/test/README.testsuite
++++ b/test/README.testsuite
+@@ -155,23 +155,7 @@ that make use of `run_testcases`.
+
+ New PRs submitted to the project are run through regression tests, and one set
+ of those is the 'autopkgtest' runs for several different architectures, called
+-'Ubuntu CI'. Part of that testing is to run all these tests. Sometimes these
+-tests are temporarily deny-listed from running in the 'autopkgtest' tests while
+-debugging a flaky test; that is done by creating a file in the test directory
+-named 'deny-list-ubuntu-ci', for example to prevent the TEST-01-BASIC test from
+-running in the 'autopkgtest' runs, create the file
+-'TEST-01-BASIC/deny-list-ubuntu-ci'.
+-
+-The tests may be disabled only for specific archs, by creating a deny-list file
+-with the arch name at the end, e.g.
+-'TEST-01-BASIC/deny-list-ubuntu-ci-arm64' to disable the TEST-01-BASIC test
+-only on test runs for the 'arm64' architecture.
+-
+-Note the arch naming is not from 'uname -m', it is Debian arch names:
+-https://wiki.debian.org/ArchitectureSpecificsMemo
+-
+-For PRs that fix a currently deny-listed test, the PR should include removal
+-of the deny-list file.
++'Ubuntu CI'. Part of that testing is to run all these tests.
+
+ In case a test fails, the full set of artifacts, including the journal of the
+ failed run, can be downloaded from the artifacts.tar.gz archive which will be
+@@ -268,7 +252,7 @@ the PR (set by the `$UPSTREAM_PULL_REQUEST` env variable) you'd like to debug:
+ ```shell
+ $ git clone https://salsa.debian.org/systemd-team/systemd.git
+ $ cd systemd
+-$ git checkout upstream-ci
++$ git checkout ci/v<XYZ>-stable
+ $ TEST_UPSTREAM=1 UPSTREAM_PULL_REQUEST=12345 ./debian/extra/checkout-upstream
+ ```
+
+@@ -278,22 +262,20 @@ Now install necessary build & test dependencies:
+ # PPA with some newer Ubuntu packages required by upstream systemd
+ $ add-apt-repository -y --enable-source ppa:upstream-systemd-ci/systemd-ci
+ $ apt build-dep -y systemd
+-$ apt install -y autopkgtest debhelper genisoimage git qemu-system-x86 \
+- libcurl4-openssl-dev libfdisk-dev libtss2-dev libfido2-dev \
+- libssl-dev python3-pefile
++$ apt install -y autopkgtest fakemachine qemu-system-x86
+ ```
+
+ Build systemd deb packages with debug info:
+
+ ```shell
+-$ TEST_UPSTREAM=1 DEB_BUILD_OPTIONS="nocheck nostrip noopt" dpkg-buildpackage -us -uc
++$ TEST_UPSTREAM=1 DEB_BUILD_OPTIONS="nocheck nostrip noopt pkg.systemd.upstream" dpkg-buildpackage -us -uc -b
+ $ cd ..
+ ```
+
+ Prepare a testbed image for autopkgtest (tweak the release as necessary):
+
+ ```shell
+-$ autopkgtest-buildvm-ubuntu-cloud --ram-size 1024 -v -a amd64 -r jammy
++$ autopkgtest-buildvm-ubuntu-cloud --ram-size 1024 -v -a amd64 -r noble
+ ```
+
+ And finally run the autopkgtest itself:
+@@ -304,7 +286,7 @@ $ autopkgtest -o logs *.deb systemd/ \
+ --timeout-factor=3 \
+ --test-name=boot-and-services \
+ --shell-fail \
+- -- autopkgtest-virt-qemu --cpus 4 --ram-size 2048 autopkgtest-jammy-amd64.img
++ -- autopkgtest-virt-qemu --cpus 4 --ram-size 2048 autopkgtest-noble-amd64.img
+ ```
+
+ where `--test-name=` is the name of the test you want to run/debug. The
diff --git a/SOURCES/0076-mkosi-Add-docbook-tools.patch b/SOURCES/0076-mkosi-Add-docbook-tools.patch
new file mode 100644
index 0000000..410f17f
--- /dev/null
+++ b/SOURCES/0076-mkosi-Add-docbook-tools.patch
@@ -0,0 +1,67 @@
+From 3bf84a14d22f7e259b4adf4cc88895af0cdd1ccc Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Thu, 2 Jan 2025 15:48:54 +0100
+Subject: [PATCH] mkosi: Add docbook tools
+
+(cherry picked from commit fd3ee47d8d1cac09acf034cdbe53071ee6fdde74)
+---
+ mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf | 2 ++
+ mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf | 3 +++
+ mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf | 2 ++
+ mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf | 2 ++
+ 4 files changed, 9 insertions(+)
+
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
+index 5787aa8f44..c6ec83a6b0 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/arch.conf
+@@ -9,9 +9,11 @@ ToolsTreePackages=
+ github-cli
+ libcap
+ libmicrohttpd
++ libxslt
+ mypy
+ perl-json-xs
+ python-jinja
++ python-lxml
+ python-pytest
+ ruff
+ shellcheck
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
+index 23731f7376..21d3741504 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/centos-fedora.conf
+@@ -15,6 +15,9 @@ ToolsTreePackages=
+ pkgconfig(mount)
+ tpm2-tss-devel
+ python3-jinja2
++ python3-lxml
+ python3-mypy
+ python3-pytest
+ shellcheck
++ xsltproc
++ docbook-style-xsl
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
+index 46204fe8f6..106072f541 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/debian-ubuntu.conf
+@@ -17,5 +17,7 @@ ToolsTreePackages=
+ libtss2-dev
+ mypy
+ python3-jinja2
++ python3-lxml
+ python3-pytest
+ shellcheck
++ xsltproc
+diff --git a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+index d486875fab..8a659360fa 100644
+--- a/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
++++ b/mkosi.conf.d/05-tools/mkosi.conf.d/opensuse.conf
+@@ -19,5 +19,7 @@ ToolsTreePackages=
+ python3-ruff
+ tpm2-0-tss-devel
+ python3-jinja2
++ python3-lxml
+ python3-pytest
++ xsltproc
+ ShellCheck
diff --git a/SOURCES/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch b/SOURCES/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch
new file mode 100644
index 0000000..db664ab
--- /dev/null
+++ b/SOURCES/0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch
@@ -0,0 +1,31 @@
+From 472239d4301d25eb3c7c69eb7e8f13542ef2769f Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Fri, 3 Jan 2025 10:20:45 +0100
+Subject: [PATCH] mkosi: Handle directories in debian/not-installed correctly
+
+If a directory is specified without a glob pattern, we have to exclude
+all files in that directory, so add a recursive glob to every directory
+and enable the bash globstar feature when globbing to '**/*' matches all
+files and directories beneath the given directory.
+
+(cherry picked from commit d304b95beb76fd62ea249357df526fb211426edc)
+---
+ .../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+index b17483a03f..569bf64499 100755
+--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+@@ -111,8 +111,9 @@ if ! build; then
+ if [[ -f debian/not-installed ]]; then
+ pushd debian/tmp
+ grep --invert-match "^#" ../not-installed |
+- xargs -I {} bash -O nullglob -c "printf '%s\n' {}" |
+- sed "/^$/d" |
++ xargs -I {} sh -c "test -d '{}' && echo '{}/**/*' || echo '{}'" |
++ xargs -I {} bash -O nullglob -O globstar -c "printf '%s\n' {}" |
++ sed --expression "/^$/d" --expression "s#//*#/#g" |
+ xargs -I {} sh -c "test -f '{}' && echo '{}' || true" >>/tmp/packaged-files
+ popd
+ fi
diff --git a/SOURCES/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch b/SOURCES/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch
new file mode 100644
index 0000000..4c9b556
--- /dev/null
+++ b/SOURCES/0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch
@@ -0,0 +1,23 @@
+From 4bc36b7d57b0210bdaf765fce3d8f9e23444c957 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Fri, 3 Jan 2025 11:42:47 +0100
+Subject: [PATCH] mkosi: Warn on unpackaged files in the debian package build
+
+(cherry picked from commit e965430f57834d641b0b1327617622c20aa23b70)
+---
+ .../build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+index 569bf64499..9717286586 100755
+--- a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot
+@@ -128,6 +128,8 @@ if ! build; then
+ exit 1
+ fi
+
++ echo -e "::warning title=UNPACKAGED-FILES::The following files were not picked up by the package, please update the packaging recipe to include: $(tr '\n' ' ' </tmp/unpackaged-files)"
++
+ # Otherwise, we append the unpackaged files to the filelist for the systemd package and retry the build.
+ cat /tmp/unpackaged-files >>debian/systemd.install
+ build
diff --git a/SOURCES/0079-mkosi-Update-to-latest.patch b/SOURCES/0079-mkosi-Update-to-latest.patch
new file mode 100644
index 0000000..f64624a
--- /dev/null
+++ b/SOURCES/0079-mkosi-Update-to-latest.patch
@@ -0,0 +1,205 @@
+From 3484ab94b94216de0db23ad1f1567641d21a8ad7 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Fri, 3 Jan 2025 23:25:23 +0100
+Subject: [PATCH] mkosi: Update to latest
+
+(cherry picked from commit c008b703701e676a88e16de4c867b9fc4818070d)
+---
+ .github/workflows/coverage.yml | 2 +-
+ .github/workflows/mkosi.yml | 2 +-
+ test/TEST-64-UDEV-STORAGE/btrfs_basic.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/lvm_basic.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/mdadm_basic.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/nvme_basic.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/simultaneous_events.configure | 2 +-
+ test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure | 2 +-
+ .../virtio_scsi_identically_named_partitions.configure | 2 +-
+ 14 files changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
+index a1587e62e9..cea1e84af2 100644
+--- a/.github/workflows/coverage.yml
++++ b/.github/workflows/coverage.yml
+@@ -16,7 +16,7 @@ jobs:
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+- - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
++ - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78
+
+ # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
+ # immediately, we remove the files in the background. However, we first move them to a different location
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index 4d128822fb..873ed589b6 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -113,7 +113,7 @@ jobs:
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+- - uses: systemd/mkosi@ba07d53000b6c560ad0b9f07550aca93c0284e88
++ - uses: systemd/mkosi@7051715d8541d4d077a218f7445976225ec74d78
+
+ # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
+ # immediately, we remove the files in the background. However, we first move them to a different location
+diff --git a/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure b/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure
+index 8ef58a9fdd..85ec983fc3 100755
+--- a/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure
++++ b/test/TEST-64-UDEV-STORAGE/btrfs_basic.configure
+@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
+
+ for i in range(4):
+ id = f"drivebtrfsbasic{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "350M" if i == 0 else "128M",
+diff --git a/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure b/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure
+index ca23e33858..1d7a0c5b9a 100755
+--- a/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure
++++ b/test/TEST-64-UDEV-STORAGE/iscsi_lvm.configure
+@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
+
+ for i in range(4):
+ id = f"driveiscsibasic{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "150M" if i == 0 else "70M",
+diff --git a/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure b/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure
+index 02e2ac4daa..a920171add 100755
+--- a/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure
++++ b/test/TEST-64-UDEV-STORAGE/long_sysfs_path.configure
+@@ -7,7 +7,7 @@ import sys
+
+ config = json.load(sys.stdin)
+
+-config["QemuDrives"] += [
++config["Drives"] += [
+ {
+ "Id": "drive0",
+ "Size": "64M",
+diff --git a/test/TEST-64-UDEV-STORAGE/lvm_basic.configure b/test/TEST-64-UDEV-STORAGE/lvm_basic.configure
+index 9387b8377c..c4074becb4 100755
+--- a/test/TEST-64-UDEV-STORAGE/lvm_basic.configure
++++ b/test/TEST-64-UDEV-STORAGE/lvm_basic.configure
+@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
+
+ for i in range(4):
+ id = f"drivelvmbasic{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "32M",
+diff --git a/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure b/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure
+index 3f00afa955..d722e081e2 100755
+--- a/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure
++++ b/test/TEST-64-UDEV-STORAGE/mdadm_basic.configure
+@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
+
+ for i in range(5):
+ id = f"drivemdadmbasic{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "64M",
+diff --git a/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure b/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure
+index b7661d9e81..d669895925 100755
+--- a/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure
++++ b/test/TEST-64-UDEV-STORAGE/mdadm_lvm.configure
+@@ -11,7 +11,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0"]
+
+ for i in range(5):
+ id = f"drivemdadmlvm{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "64M",
+diff --git a/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure b/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure
+index 5f323b8a8b..a59927c3b7 100755
+--- a/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure
++++ b/test/TEST-64-UDEV-STORAGE/multipath_basic_failover.configure
+@@ -18,7 +18,7 @@ for ndisk in range(16):
+
+ for nback in range(4):
+ id = f"drive{ndisk}x{nback}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": size,
+diff --git a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
+index b740c096c4..948003e4de 100755
+--- a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
++++ b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure
+@@ -18,7 +18,7 @@ if 'name "nvme"' not in result.stdout:
+ def add_drive(i: int, serial: str) -> None:
+ global config
+ id = f"nvme{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "1M",
+diff --git a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
+index 3d7900773c..029d4360ba 100755
+--- a/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
++++ b/test/TEST-64-UDEV-STORAGE/nvme_subsystem.configure
+@@ -16,7 +16,7 @@ if 'name "nvme"' not in result.stdout:
+ exit(77)
+
+ for id in ("nvme0", "nvme1"):
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "1M",
+diff --git a/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure b/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure
+index a0edb01cc1..668f3e2aa0 100755
+--- a/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure
++++ b/test/TEST-64-UDEV-STORAGE/simultaneous_events.configure
+@@ -9,7 +9,7 @@ config = json.load(sys.stdin)
+
+ for i in range(10):
+ id = f"drivesimultaneousevents{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "128M",
+diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure
+index ab8d530a3e..91e1fe14e5 100755
+--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure
++++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_basic.configure
+@@ -12,7 +12,7 @@ for i in range(4):
+
+ for i in range(128):
+ id = f"drive{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "1M",
+diff --git a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
+index edc5138ce8..dce6b1503f 100755
+--- a/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
++++ b/test/TEST-64-UDEV-STORAGE/virtio_scsi_identically_named_partitions.configure
+@@ -21,7 +21,7 @@ config["QemuArgs"] += ["-device", "virtio-scsi-pci,id=scsi0,num_queues=4"]
+
+ for i in range(0, num_disk):
+ id = f"drive{i}"
+- config["QemuDrives"] += [
++ config["Drives"] += [
+ {
+ "Id": id,
+ "Size": "40M",
diff --git a/SOURCES/0080-mkosi-Make-path-exclude-more-generic.patch b/SOURCES/0080-mkosi-Make-path-exclude-more-generic.patch
new file mode 100644
index 0000000..78c5612
--- /dev/null
+++ b/SOURCES/0080-mkosi-Make-path-exclude-more-generic.patch
@@ -0,0 +1,33 @@
+From ef6f0afb544c38e71824412012f657aeb5780d1a Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Sun, 5 Jan 2025 23:19:44 +0100
+Subject: [PATCH] mkosi: Make path exclude more generic
+
+The systemd rpms we try to install in packit have /usr/bin/bash and
+/usr/bin/python3 as dependencies which breaks dnf5 because mkosi
+doesn't download filelists metadata and
+https://bugzilla.redhat.com/show_bug.cgi?id=2263771 is still not fixed
+almost a year after being reported.
+
+(cherry picked from commit 8a9b989cba75810406b0c881bcabe03c27fa47e5)
+---
+ mkosi.conf.d/10-centos-fedora/mkosi.prepare | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare
+index 9aca0096d5..1e5bd21995 100755
+--- a/mkosi.conf.d/10-centos-fedora/mkosi.prepare
++++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare
+@@ -12,8 +12,11 @@ for DEPS in --requires --recommends --suggests; do
+ # We need --latest-limit=1 to only consider the newest version of the packages.
+ # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
+ # are not considered on x86-64.
++ # Because mkosi does not download the filelists repository metadata, we have to exclude all path based
++ # dependencies, (even those within /usr and /bin because of
++ # https://bugzilla.redhat.com/show_bug.cgi?id=2263771).
+ dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE,noarch" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" |
+- grep --extended-regexp --invert-match --regexp "$(IFS=\| ; echo "${PACKAGES[*]}")" --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal |
++ grep --extended-regexp --invert-match --regexp "$(IFS=\| ; echo "${PACKAGES[*]}")" --regexp /bin --regexp /usr --regexp grubby --regexp sdubby --regexp libcurl-minimal |
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
+ done
diff --git a/SOURCES/0081-packit-Move-fmf-metadata-into-upstream.patch b/SOURCES/0081-packit-Move-fmf-metadata-into-upstream.patch
new file mode 100644
index 0000000..f4bec27
--- /dev/null
+++ b/SOURCES/0081-packit-Move-fmf-metadata-into-upstream.patch
@@ -0,0 +1,183 @@
+From 3fd7ff599719852113fee64b2dc124493c3b53dc Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Fri, 20 Dec 2024 15:34:13 +0100
+Subject: [PATCH] packit: Move fmf metadata into upstream
+
+This moves https://src.fedoraproject.org/tests/systemd into upstream
+so it's one less moving piece that we need to remember. While we're at
+it, do various cleanups as well:
+
+- Remove non-packit logic
+- Set NO_BUILD in mkosi.local.conf as it's not picked up from the
+ process environment
+- Don't set unused environment variables
+- Remove workdir logic as we run in an ephemeral VM already
+- Drop --verbose from meson test to reduce noise
+ from passed tests
+- Use mkosi sandbox and drop duplicated deps from metadata file
+- Stop running the unit tests as they already run as part of the rpm
+ build and as part of the integration tests.
+- Various style fixes
+
+(cherry picked from commit b0b88f18b3237704d1f6d5b3dcb533367816ce23)
+---
+ .packit.yml | 3 +-
+ test/fmf/.fmf/version | 1 +
+ test/fmf/integration-tests/main.fmf | 10 ++++
+ test/fmf/integration-tests/test.sh | 88 +++++++++++++++++++++++++++++
+ test/fmf/plans/ci.fmf | 12 ++++
+ 5 files changed, 112 insertions(+), 2 deletions(-)
+ create mode 100644 test/fmf/.fmf/version
+ create mode 100644 test/fmf/integration-tests/main.fmf
+ create mode 100755 test/fmf/integration-tests/test.sh
+ create mode 100644 test/fmf/plans/ci.fmf
+
+diff --git a/.packit.yml b/.packit.yml
+index 2dcc9e86ca..eef6e48fcf 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -57,8 +57,7 @@ jobs:
+
+ - job: tests
+ trigger: pull_request
+- fmf_url: https://src.fedoraproject.org/tests/systemd
+- fmf_ref: main
++ fmf_path: test/fmf
+ tmt_plan: ci
+ targets:
+ - fedora-rawhide-x86_64
+diff --git a/test/fmf/.fmf/version b/test/fmf/.fmf/version
+new file mode 100644
+index 0000000000..d00491fd7e
+--- /dev/null
++++ b/test/fmf/.fmf/version
+@@ -0,0 +1 @@
++1
+diff --git a/test/fmf/integration-tests/main.fmf b/test/fmf/integration-tests/main.fmf
+new file mode 100644
+index 0000000000..a1686c09c3
+--- /dev/null
++++ b/test/fmf/integration-tests/main.fmf
+@@ -0,0 +1,10 @@
++# SPDX-License-Identifier: LGPL-2.1-or-later
++
++summary: Run the upstream integration test suite
++test: ./test.sh
++duration: 2h
++require:
++ - coreutils
++ - distribution-gpg-keys
++ - dnf
++ - git-core
+diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
+new file mode 100755
+index 0000000000..51cbab6ec9
+--- /dev/null
++++ b/test/fmf/integration-tests/test.sh
+@@ -0,0 +1,88 @@
++#!/bin/bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++
++set -eux
++set -o pipefail
++
++# Switch SELinux to permissive, since the tests don't set proper contexts
++setenforce 0
++
++# Prepare systemd source tree
++git clone "$PACKIT_TARGET_URL" systemd
++pushd systemd
++# If we're running in a pull request job, merge the remote branch into the current main
++if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
++ git remote add pr "${PACKIT_SOURCE_URL:?}"
++ git fetch pr "${PACKIT_SOURCE_BRANCH:?}"
++ git merge "pr/$PACKIT_SOURCE_BRANCH"
++fi
++git log --oneline -5
++popd
++
++# Now prepare mkosi, possibly at the same version required by the systemd repo
++git clone https://github.com/systemd/mkosi
++# If we have it, pin the mkosi version to the same one used by Github Actions, to ensure consistency
++if [ -f .github/workflows/mkosi.yml ]; then
++ mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")"
++ git -C mkosi checkout "$mkosi_hash"
++fi
++
++export PATH="$PWD/mkosi/bin:$PATH"
++
++pushd systemd
++
++# shellcheck source=/dev/null
++. /etc/os-release || . /usr/lib/os-release
++
++tee mkosi.local.conf <<EOF
++[Distribution]
++Release=${VERSION_ID:-rawhide}
++
++[Build]
++ToolsTreeDistribution=$ID
++ToolsTreeRelease=${VERSION_ID:-rawhide}
++ToolsTreeSandboxTrees=
++ /etc/yum.repos.d/:/etc/yum.repos.d/
++ /var/share/test-artifacts/:/var/share/test-artifacts/
++SandboxTrees=
++ /etc/yum.repos.d/:/etc/yum.repos.d/
++ /var/share/test-artifacts/:/var/share/test-artifacts/
++Environment=NO_BUILD=1
++EOF
++
++cat /etc/dnf/dnf.conf
++cat /etc/yum.repos.d/*
++
++# Ensure packages built for this test have highest priority
++echo -e "\npriority=1" >> /etc/yum.repos.d/copr_build*
++
++# Disable mkosi's own repository logic
++touch /etc/yum.repos.d/mkosi.repo
++
++# TODO: drop once BTRFS regression is fixed in kernel 6.13
++sed -i "s/Format=btrfs/Format=ext4/" mkosi.repart/10-root.conf
++
++# If we don't have KVM, skip running in qemu, as it's too slow. But try to load the module first.
++modprobe kvm || true
++if [[ ! -e /dev/kvm ]]; then
++ export TEST_NO_QEMU=1
++fi
++
++# Create missing mountpoint for mkosi sandbox.
++mkdir -p /etc/pacman.d/gnupg
++
++mkosi summary
++mkosi -f sandbox true
++mkosi -f sandbox meson setup --buildtype=debugoptimized -Dintegration-tests=true build
++mkosi genkey
++mkosi -f sandbox meson compile -C build mkosi
++mkosi -f sandbox \
++ meson test \
++ -C build \
++ --no-rebuild \
++ --suite integration-tests \
++ --print-errorlogs \
++ --no-stdsplit \
++ --num-processes "$(($(nproc) - 1))"
++
++popd
+diff --git a/test/fmf/plans/ci.fmf b/test/fmf/plans/ci.fmf
+new file mode 100644
+index 0000000000..3e2a16bc89
+--- /dev/null
++++ b/test/fmf/plans/ci.fmf
+@@ -0,0 +1,12 @@
++# SPDX-License-Identifier: LGPL-2.1-or-later
++
++summary: systemd Fedora test suite
++discover:
++ how: fmf
++prepare:
++ - name: systemd
++ how: install
++ exclude:
++ - systemd-standalone-.*
++execute:
++ how: tmt
diff --git a/SOURCES/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch b/SOURCES/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch
new file mode 100644
index 0000000..5a6dc0d
--- /dev/null
+++ b/SOURCES/0082-mkosi-replace-deprecated-settings-and-command-with-n.patch
@@ -0,0 +1,66 @@
+From a1f6747606484c47581172b36aa70aa73a13ab6a Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 6 Jan 2025 16:30:26 +0900
+Subject: [PATCH] mkosi: replace deprecated settings and command with new ones
+
+Follow-up for c008b703701e676a88e16de4c867b9fc4818070d.
+
+These settings and command were deprecated by the following commit.
+https://github.com/systemd/mkosi/commit/ebcd2efa03af5c04de91434634f2e4a956f7e53c
+
+(cherry picked from commit d5cdcba928823faf5ddcca267e3866ab5d5fc729)
+---
+ docs/HACKING.md | 6 +++---
+ mkosi.conf | 8 ++++----
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/docs/HACKING.md b/docs/HACKING.md
+index de3f66dd55..b6aeff11c3 100644
+--- a/docs/HACKING.md
++++ b/docs/HACKING.md
+@@ -51,7 +51,7 @@ To build and boot an OS image with the latest systemd installed:
+ $ mkosi -f genkey # Generate signing keys once.
+ $ mkosi -f sandbox meson compile -C build mkosi # (re-)build the OS image
+ $ sudo mkosi boot # Boot the image with systemd-nspawn.
+-$ mkosi qemu # Boot the image with qemu.
++$ mkosi vm # Boot the image with qemu.
+ ```
+
+ Putting this all together, here's a series of commands for preparing a patch for
+@@ -67,7 +67,7 @@ $ $EDITOR src/core/main.c # or wherever you'd like to make
+ $ mkosi -f sandbox meson setup build # Set up meson
+ $ mkosi -f genkey # Generate signing keys once.
+ $ mkosi -f sandbox meson compile -C build mkosi # (re-)build the test image
+-$ mkosi qemu # Boot the image in qemu
++$ mkosi vm # Boot the image in qemu
+ $ git add -p # interactively put together your patch
+ $ git commit # commit it
+ $ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub
+@@ -275,7 +275,7 @@ To simplify debugging systemd when testing changes using mkosi, we're going to s
+
+ To allow VSCode's debugger to attach to systemd running in a mkosi image,
+ we have to make sure it can access the virtual machine spawned by mkosi where systemd is running.
+-After booting the image with `mkosi qemu`,
++After booting the image with `mkosi vm`,
+ you should now be able to connect to it by running `mkosi ssh` from the same directory in another terminal window.
+
+ Now we need to configure VSCode.
+diff --git a/mkosi.conf b/mkosi.conf
+index ab8a6a1372..2517aba518 100644
+--- a/mkosi.conf
++++ b/mkosi.conf
+@@ -140,10 +140,10 @@ Credentials=
+ tty.console.login.noauth=yes
+ RuntimeBuildSources=yes
+ RuntimeScratch=no
+-QemuSmp=2
+-QemuSwtpm=yes
+-QemuVsock=yes
+-QemuKvm=yes
++CPUs=2
++TPM=yes
++VSock=yes
++KVM=yes
+
+ [Include]
+ Include=%D/mkosi.sanitizers
diff --git a/SOURCES/0083-mkosi-Migrate-more-deprecated-options.patch b/SOURCES/0083-mkosi-Migrate-more-deprecated-options.patch
new file mode 100644
index 0000000..ab11afe
--- /dev/null
+++ b/SOURCES/0083-mkosi-Migrate-more-deprecated-options.patch
@@ -0,0 +1,63 @@
+From d9bf9ede93027aaeb2726b359b12838e0b617528 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 6 Jan 2025 12:07:53 +0100
+Subject: [PATCH] mkosi: Migrate more deprecated options
+
+(cherry picked from commit 28baef47a3098bd82b27c0a629df6c5f885693e7)
+---
+ .github/workflows/coverage.yml | 2 +-
+ .github/workflows/mkosi.yml | 2 +-
+ test/integration-test-wrapper.py | 7 +++----
+ 3 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
+index cea1e84af2..e678283143 100644
+--- a/.github/workflows/coverage.yml
++++ b/.github/workflows/coverage.yml
+@@ -64,7 +64,7 @@ jobs:
+ COVERAGE=1
+
+ [Runtime]
+- QemuMem=4G
++ RAM=4G
+ EOF
+
+ - name: Generate secure boot key
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index 873ed589b6..d4b37f72b0 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -171,7 +171,7 @@ jobs:
+ SELinuxRelabel=${{ matrix.relabel }}
+
+ [Runtime]
+- QemuMem=4G
++ RAM=4G
+ EOF
+
+ - name: Generate secure boot key
+diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
+index d44e8f8bd6..ef6df8840f 100755
+--- a/test/integration-test-wrapper.py
++++ b/test/integration-test-wrapper.py
+@@ -479,9 +479,8 @@ def main() -> None:
+ '--runtime-network=none',
+ '--runtime-scratch=no',
+ *args.mkosi_args,
+- '--qemu-firmware',
+- args.firmware,
+- *(['--qemu-kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []),
++ '--firmware', args.firmware,
++ *(['--kvm', 'no'] if int(os.getenv('TEST_NO_KVM', '0')) else []),
+ '--kernel-command-line-extra',
+ ' '.join(
+ [
+@@ -504,7 +503,7 @@ def main() -> None:
+ ),
+ '--credential', f"journal.storage={'persistent' if sys.stderr.isatty() else args.storage}",
+ *(['--runtime-build-sources=no'] if not sys.stderr.isatty() else []),
+- 'qemu' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot',
++ 'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot',
+ ] # fmt: skip
+
+ result = subprocess.run(cmd)
diff --git a/SOURCES/0084-ci-Rename-qemu-variable-to-vm.patch b/SOURCES/0084-ci-Rename-qemu-variable-to-vm.patch
new file mode 100644
index 0000000..c1765b2
--- /dev/null
+++ b/SOURCES/0084-ci-Rename-qemu-variable-to-vm.patch
@@ -0,0 +1,88 @@
+From 9db018d9baf17460b9105915b2b92bee63f48912 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 6 Jan 2025 12:08:33 +0100
+Subject: [PATCH] ci: Rename qemu variable to vm
+
+(cherry picked from commit c5981510e9744b9646088717aeef1ea71f74b1a6)
+---
+ .github/workflows/mkosi.yml | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+index d4b37f72b0..a043022ce0 100644
+--- a/.github/workflows/mkosi.yml
++++ b/.github/workflows/mkosi.yml
+@@ -60,56 +60,56 @@ jobs:
+ llvm: 0
+ cflags: "-O2 -D_FORTIFY_SOURCE=3"
+ relabel: no
+- qemu: 1
++ vm: 1
+ - distro: debian
+ release: testing
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: no
+- qemu: 0
++ vm: 0
+ - distro: ubuntu
+ release: noble
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: no
+- qemu: 0
++ vm: 0
+ - distro: fedora
+ release: "41"
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: yes
+- qemu: 0
++ vm: 0
+ - distro: fedora
+ release: rawhide
+ sanitizers: address,undefined
+ llvm: 1
+ cflags: "-Og"
+ relabel: yes
+- qemu: 0
++ vm: 0
+ - distro: opensuse
+ release: tumbleweed
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: no
+- qemu: 0
++ vm: 0
+ - distro: centos
+ release: "9"
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: yes
+- qemu: 0
++ vm: 0
+ - distro: centos
+ release: "10"
+ sanitizers: ""
+ llvm: 0
+ cflags: "-Og"
+ relabel: yes
+- qemu: 0
++ vm: 0
+
+ steps:
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+@@ -194,7 +194,7 @@ jobs:
+ sudo --preserve-env \
+ mkosi sandbox \
+ env \
+- TEST_PREFER_QEMU=${{ matrix.qemu }} \
++ TEST_PREFER_QEMU=${{ matrix.vm }} \
+ meson test \
+ -C build \
+ --no-rebuild \
diff --git a/SOURCES/0085-fmf-Insist-on-mkosi-sha-being-available.patch b/SOURCES/0085-fmf-Insist-on-mkosi-sha-being-available.patch
new file mode 100644
index 0000000..26a8009
--- /dev/null
+++ b/SOURCES/0085-fmf-Insist-on-mkosi-sha-being-available.patch
@@ -0,0 +1,43 @@
+From 80b0e03a8e38618a59ba36a4e96ea572613e6b62 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 6 Jan 2025 16:28:39 +0100
+Subject: [PATCH] fmf: Insist on mkosi sha being available
+
+Let's assume the workflow file containing the mkosi always being
+available.
+
+Also fix the detection while we're at it by not leaving the systemd
+directory.
+
+(cherry picked from commit 9e76e9c9dc211440e79a7e27600593169597cc41)
+---
+ test/fmf/integration-tests/test.sh | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
+index 51cbab6ec9..f16bd84cba 100755
+--- a/test/fmf/integration-tests/test.sh
++++ b/test/fmf/integration-tests/test.sh
+@@ -17,20 +17,14 @@ if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
+ git merge "pr/$PACKIT_SOURCE_BRANCH"
+ fi
+ git log --oneline -5
+-popd
+
+ # Now prepare mkosi, possibly at the same version required by the systemd repo
+ git clone https://github.com/systemd/mkosi
+-# If we have it, pin the mkosi version to the same one used by Github Actions, to ensure consistency
+-if [ -f .github/workflows/mkosi.yml ]; then
+- mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")"
+- git -C mkosi checkout "$mkosi_hash"
+-fi
++mkosi_hash="$(grep systemd/mkosi@ .github/workflows/mkosi.yml | sed "s|.*systemd/mkosi@||g")"
++git -C mkosi checkout "$mkosi_hash"
+
+ export PATH="$PWD/mkosi/bin:$PATH"
+
+-pushd systemd
+-
+ # shellcheck source=/dev/null
+ . /etc/os-release || . /usr/lib/os-release
+
diff --git a/SOURCES/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch b/SOURCES/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch
new file mode 100644
index 0000000..860865d
--- /dev/null
+++ b/SOURCES/0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch
@@ -0,0 +1,75 @@
+From 54b90f783d45303c91a91300c2ef46c5dbd93220 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 6 Jan 2025 16:30:23 +0100
+Subject: [PATCH] fmf: Support being used downstream in dist-git tests
+
+We can use our upstream fmf definitions to run downstream tests in
+the Fedora systemd dist-git repository
+(https://src.fedoraproject.org/rpms/systemd). To have access to the
+dist-git sources when running the tests, we enable dist-git-source: true
+downstream which makes the sources available in $TMT_SOURCE_DIR so
+let's make sure we use those sources if they're available.
+
+(cherry picked from commit 0eb7e29dfb388f746797675cef1ebd7bc3568b6e)
+---
+ test/fmf/integration-tests/test.sh | 46 ++++++++++++++++++++++++------
+ 1 file changed, 37 insertions(+), 9 deletions(-)
+
+diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
+index f16bd84cba..690e07aa56 100755
+--- a/test/fmf/integration-tests/test.sh
++++ b/test/fmf/integration-tests/test.sh
+@@ -7,16 +7,44 @@ set -o pipefail
+ # Switch SELinux to permissive, since the tests don't set proper contexts
+ setenforce 0
+
+-# Prepare systemd source tree
+-git clone "$PACKIT_TARGET_URL" systemd
+-pushd systemd
+-# If we're running in a pull request job, merge the remote branch into the current main
+-if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
+- git remote add pr "${PACKIT_SOURCE_URL:?}"
+- git fetch pr "${PACKIT_SOURCE_BRANCH:?}"
+- git merge "pr/$PACKIT_SOURCE_BRANCH"
++# Allow running the integration tests downstream in dist-git with something like
++# the following snippet which makes the dist-git sources available in $TMT_SOURCE_DIR:
++#
++# summary: systemd Fedora test suite
++# discover:
++# how: fmf
++# url: https://github.com/systemd/systemd
++# ref: main
++# path: test/fmf
++# dist-git-source: true
++# dist-git-install-builddeps: false
++# prepare:
++# - name: systemd
++# how: install
++# exclude:
++# - systemd-standalone-.*
++# execute:
++# how: tmt
++
++if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then
++ pushd "$TMT_SOURCE_DIR/*/"
++elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then
++ # Prepare systemd source tree
++ git clone "$PACKIT_TARGET_URL" systemd
++ pushd systemd
++
++ # If we're running in a pull request job, merge the remote branch into the current main
++ if [[ -n "${PACKIT_SOURCE_URL:-}" ]]; then
++ git remote add pr "${PACKIT_SOURCE_URL:?}"
++ git fetch pr "${PACKIT_SOURCE_BRANCH:?}"
++ git merge "pr/$PACKIT_SOURCE_BRANCH"
++ fi
++
++ git log --oneline -5
++else
++ echo "Not running within packit or Fedora CI"
++ exit 1
+ fi
+-git log --oneline -5
+
+ # Now prepare mkosi, possibly at the same version required by the systemd repo
+ git clone https://github.com/systemd/mkosi
diff --git a/SOURCES/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch b/SOURCES/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch
new file mode 100644
index 0000000..aa9141f
--- /dev/null
+++ b/SOURCES/0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch
@@ -0,0 +1,35 @@
+From b6792202f31c4e83d23a944b845e1f17fc14f619 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Mon, 6 Jan 2025 18:16:29 +0000
+Subject: [PATCH] core: fix assert when AddDependencyUnitFiles is called with
+ invalid parameter
+
+unit_file_add_dependency() asserts, so check before calling it that the
+type is expected, or return EINVAL to the caller.
+
+root@localhost:~# busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager AddDependencyUnitFiles "asssbb" 0 uwhatm8 After 1 1
+
+Broadcast message from systemd-journald@localhost (Mon 2025-01-06 18:12:14 UTC):
+
+systemd[1]: Caught <ABRT>, from our own process.
+
+Fixes https://github.com/systemd/systemd/issues/35882
+
+(cherry picked from commit d87dc74e8f1a30d72a0f202e411400bab34ab55a)
+---
+ src/core/dbus-manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 20b05446b6..c4a7e2a20b 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -2760,7 +2760,7 @@ static int method_add_dependency_unit_files(sd_bus_message *message, void *userd
+ flags = unit_file_bools_to_flags(runtime, force);
+
+ dep = unit_dependency_from_string(type);
+- if (dep < 0)
++ if (dep < 0 || !IN_SET(dep, UNIT_WANTS, UNIT_REQUIRES))
+ return -EINVAL;
+
+ r = unit_file_add_dependency(m->runtime_scope, flags, NULL, l, target, dep, &changes, &n_changes);
diff --git a/SOURCES/0088-repart-Use-streq_ptr.patch b/SOURCES/0088-repart-Use-streq_ptr.patch
new file mode 100644
index 0000000..23779d6
--- /dev/null
+++ b/SOURCES/0088-repart-Use-streq_ptr.patch
@@ -0,0 +1,25 @@
+From 85a9b7cfd1d9fc6d2a82ee9585eccbef543c520f Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 6 Jan 2025 23:02:30 +0100
+Subject: [PATCH] repart: Use streq_ptr()
+
+p->format is not guaranteed to be initialized.
+
+(cherry picked from commit ffcdaec632d8b96b63499054ff3492b03b33e233)
+---
+ src/repart/repart.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/repart/repart.c b/src/repart/repart.c
+index 7e6fd2a29a..2ddff313fc 100644
+--- a/src/repart/repart.c
++++ b/src/repart/repart.c
+@@ -2311,7 +2311,7 @@ static int partition_finalize_fstype(Partition *p, const char *path) {
+ return log_oom();
+
+ const char *v = secure_getenv(e);
+- if (!v || streq(p->format, v))
++ if (!v || streq_ptr(p->format, v))
+ return 0;
+
+ log_syntax(NULL, LOG_NOTICE, path, 1, 0,
diff --git a/SOURCES/0089-sd-device-add-missing-debugging-log.patch b/SOURCES/0089-sd-device-add-missing-debugging-log.patch
new file mode 100644
index 0000000..969a383
--- /dev/null
+++ b/SOURCES/0089-sd-device-add-missing-debugging-log.patch
@@ -0,0 +1,25 @@
+From b3951fb0a8e1d0b1158602567dfc1cfb4ef50f49 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 5 Jan 2025 03:09:29 +0900
+Subject: [PATCH] sd-device: add missing debugging log
+
+It was unexpectedly dropped by 660087dc9c4a5c610da99e7b6b1772e371eb0a80.
+
+(cherry picked from commit 7e5238625ed4a879c2fe8ff7e457021d174bf083)
+---
+ src/libsystemd/sd-device/sd-device.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index 01fa90b1ff..94dfd2ef13 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -234,7 +234,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) {
+
+ r = path_simplify_alloc(_syspath, &syspath);
+ if (r < 0)
+- return r;
++ return log_oom_debug();
+ }
+
+ assert_se(devpath = startswith(syspath, "/sys"));
diff --git a/SOURCES/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch b/SOURCES/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch
new file mode 100644
index 0000000..80ebaba
--- /dev/null
+++ b/SOURCES/0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch
@@ -0,0 +1,67 @@
+From 47f9a9879a075505c03b394ed532f225689ec570 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 5 Jan 2025 03:52:05 +0900
+Subject: [PATCH] sd-device: fix validation for devices under /sys/firmware/ in
+ sd_device_new_from_subsystem_sysname()
+
+Devices under /sys/firmware/ do not have subsystems. Hence, the
+validation in sd_device_new_from_subsystem_sysname() ->
+device_new_from_path_join() always failed.
+
+Fixes a bug introduced by cd7c71154cd62d3f50c07ce387edd9c20aebd7bc (v257).
+Fixes #35861.
+
+(cherry picked from commit 3328d1e1816f408e6516c35991a89a8d21fd60b4)
+---
+ src/libsystemd/sd-device/sd-device.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index 94dfd2ef13..9e28159779 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -401,7 +401,6 @@ static int device_new_from_path_join(
+ int r;
+
+ assert(device);
+- assert(subsystem);
+ assert(sysname);
+
+ p = path_join(a, b, c, d);
+@@ -486,13 +485,13 @@ _public_ int sd_device_new_from_subsystem_sysname(
+
+ if (streq(subsystem, "subsystem")) {
+ FOREACH_STRING(s, "/sys/bus/", "/sys/class/") {
+- r = device_new_from_path_join(&device, subsystem, NULL, sysname, s, name, NULL, NULL);
++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, s, name, NULL, NULL);
+ if (r < 0)
+ return r;
+ }
+
+ } else if (streq(subsystem, "module")) {
+- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/module/", name, NULL, NULL);
++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/module/", name, NULL, NULL);
+ if (r < 0)
+ return r;
+
+@@ -514,15 +513,17 @@ _public_ int sd_device_new_from_subsystem_sysname(
+ }
+ }
+
+- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/bus/", subsystem, "/devices/", name);
++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/bus/", subsystem, "/devices/", name);
+ if (r < 0)
+ return r;
+
+- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/class/", subsystem, name, NULL);
++ r = device_new_from_path_join(&device, subsystem, /* driver_subsystem = */ NULL, sysname, "/sys/class/", subsystem, name, NULL);
+ if (r < 0)
+ return r;
+
+- r = device_new_from_path_join(&device, subsystem, NULL, sysname, "/sys/firmware/", subsystem, name, NULL);
++ /* Note that devices under /sys/firmware/ (e.g. /sys/firmware/devicetree/base/) do not have
++ * subsystem. Hence, pass NULL for subsystem. See issue #35861. */
++ r = device_new_from_path_join(&device, /* subsystem = */ NULL, /* driver_subsystem = */ NULL, sysname, "/sys/firmware/", subsystem, name, NULL);
+ if (r < 0)
+ return r;
+
diff --git a/SOURCES/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch b/SOURCES/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch
new file mode 100644
index 0000000..19e8590
--- /dev/null
+++ b/SOURCES/0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch
@@ -0,0 +1,73 @@
+From 331888d165b6c4171db4fac318e773248db2218a Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Thu, 2 Jan 2025 17:30:21 +0000
+Subject: [PATCH] resolved: stop mdns/lnrr when config changes to disabled on
+ reload
+
+Currently on reload mdns/lnrr are enabled if they were disabled,
+but not viceversa. Fix it.
+
+Follow-up for 14a52176798bc2d013297b503ac6fa49a64e2725
+
+(cherry picked from commit 2976730a4d34749bfb7a88da341464f1834ab1c6)
+---
+ mkosi.conf | 1 +
+ src/resolve/resolved-link.c | 7 +++++--
+ test/units/TEST-75-RESOLVED.sh | 2 ++
+ 3 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/mkosi.conf b/mkosi.conf
+index 2517aba518..559901dfff 100644
+--- a/mkosi.conf
++++ b/mkosi.conf
+@@ -103,6 +103,7 @@ Packages=
+ kmod
+ less
+ llvm
++ lsof
+ lvm2
+ man
+ mdadm
+diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
+index 928137b967..067a0813ec 100644
+--- a/src/resolve/resolved-link.c
++++ b/src/resolve/resolved-link.c
+@@ -651,13 +651,16 @@ int link_update(Link *l) {
+ r = manager_llmnr_start(l->manager);
+ if (r < 0)
+ return r;
+- }
++ } else
++ manager_llmnr_stop(l->manager);
++
+
+ if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) {
+ r = manager_mdns_start(l->manager);
+ if (r < 0)
+ return r;
+- }
++ } else
++ manager_mdns_stop(l->manager);
+
+ link_allocate_scopes(l);
+ link_add_rrs(l, false);
+diff --git a/test/units/TEST-75-RESOLVED.sh b/test/units/TEST-75-RESOLVED.sh
+index 576c04f87a..fd07fd898a 100755
+--- a/test/units/TEST-75-RESOLVED.sh
++++ b/test/units/TEST-75-RESOLVED.sh
+@@ -339,6 +339,7 @@ manual_testcase_02_mdns_llmnr() {
+ # defaults to yes (both the global and per-link settings are yes)
+ assert_in 'yes' "$(resolvectl mdns hoge)"
+ assert_in 'yes' "$(resolvectl llmnr hoge)"
++ lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353"
+ # set per-link setting
+ resolvectl mdns hoge yes
+ resolvectl llmnr hoge yes
+@@ -379,6 +380,7 @@ manual_testcase_02_mdns_llmnr() {
+ echo "LLMNR=no"
+ } >/run/systemd/resolved.conf.d/mdns-llmnr.conf
+ systemctl reload systemd-resolved.service
++ (! lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353")
+ # set per-link setting
+ resolvectl mdns hoge yes
+ resolvectl llmnr hoge yes
diff --git a/SOURCES/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch b/SOURCES/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch
new file mode 100644
index 0000000..c06ee9a
--- /dev/null
+++ b/SOURCES/0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch
@@ -0,0 +1,48 @@
+From 74d673d7ae13e561e4f72d0f16a35fb8f5f3f5be Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Thu, 2 Jan 2025 04:13:23 +0100
+Subject: [PATCH] shared/hibernate-util: don't attempt to fiemap fd if no
+ backing dev available
+
+Prompted by #35798
+
+Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
+(cherry picked from commit 6d3b2273b1e14d79548a018674ad6e5a5b8b8009)
+---
+ src/shared/hibernate-util.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
+index 1213fdc2c7..49ce787d02 100644
+--- a/src/shared/hibernate-util.c
++++ b/src/shared/hibernate-util.c
+@@ -235,6 +235,8 @@ static int swap_entry_get_resume_config(SwapEntry *swap) {
+ r = get_block_device_fd(fd, &swap->devno);
+ if (r < 0)
+ return r;
++ if (r == 0)
++ return -EMEDIUMTYPE;
+
+ r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
+ if (r < 0)
+@@ -362,14 +364,16 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_
+
+ FOREACH_ARRAY(swap, entries.swaps, entries.n_swaps) {
+ r = swap_entry_get_resume_config(swap);
+- if (r < 0)
+- return log_debug_errno(r, "Failed to get devno and offset for swap '%s': %m", swap->path);
+- if (swap->devno == 0) {
++ if (r == -EMEDIUMTYPE) {
+ assert(swap->swapfile);
+
+- log_debug("Swap file '%s' is not backed by block device, ignoring: %m", swap->path);
++ log_debug_errno(r, "Unable to acquire backing block device for swap file '%s' (maybe on a RAID btrfs?), ignoring.",
++ swap->path);
+ continue;
+ }
++ if (r < 0)
++ return log_debug_errno(r, "Failed to get devno and offset for swap '%s': %m", swap->path);
++ assert(swap->devno > 0);
+
+ if (resume_config_devno > 0) {
+ if (swap->devno == resume_config_devno &&
diff --git a/SOURCES/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch b/SOURCES/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch
new file mode 100644
index 0000000..378a1f8
--- /dev/null
+++ b/SOURCES/0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch
@@ -0,0 +1,45 @@
+From 01686c36cd564f8fd77386ae69808f498c32be83 Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Thu, 2 Jan 2025 04:17:47 +0100
+Subject: [PATCH] shared/hibernate-util: handle the case where no swap has
+ available backing dev
+
+This also makes find_suitable_hibernation_device() report
+more accurate error (ENOSPC -> ESTALE) if there's
+no swap space on the system at all but resume= is set.
+
+Fixes #35798
+Replaces #35801
+
+(cherry picked from commit bd3d361580715c7a6204c74df9185cc81d67f0c2)
+---
+ src/shared/hibernate-util.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c
+index 49ce787d02..25d742ed1f 100644
+--- a/src/shared/hibernate-util.c
++++ b/src/shared/hibernate-util.c
+@@ -359,8 +359,6 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_
+ r = read_swap_entries(&entries);
+ if (r < 0)
+ return r;
+- if (entries.n_swaps == 0)
+- return log_debug_errno(SYNTHETIC_ERRNO(ENOSPC), "No swap space available for hibernation.");
+
+ FOREACH_ARRAY(swap, entries.swaps, entries.n_swaps) {
+ r = swap_entry_get_resume_config(swap);
+@@ -396,9 +394,10 @@ int find_suitable_hibernation_device_full(HibernationDevice *ret_device, uint64_
+ }
+
+ if (!entry) {
+- /* No need to check n_swaps == 0, since it's rejected early */
+- assert(resume_config_devno > 0);
+- return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find swap entry corresponding to /sys/power/resume.");
++ if (resume_config_devno > 0)
++ return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Cannot find swap entry corresponding to /sys/power/resume.");
++
++ return log_debug_errno(SYNTHETIC_ERRNO(ENOSPC), "No swap space available for hibernation.");
+ }
+
+ if (ret_device) {
diff --git a/SOURCES/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch b/SOURCES/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch
new file mode 100644
index 0000000..b8bea18
--- /dev/null
+++ b/SOURCES/0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch
@@ -0,0 +1,30 @@
+From d00cc09bf0c23c9bb376e1280773f7996ab7820e Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 28 Dec 2024 15:07:31 +0900
+Subject: [PATCH] locale-setup: do not load locale from environemnt when
+ /etc/locale.conf is unchanged
+
+Previously, when /etc/locale.conf is unchanged, locales were loaded from
+possibly outdated environment variable.
+
+Fixes a bug introduced by 018befcff6b51f8a50ca232e1984d34526037241 (v253).
+Fixes #35717.
+
+(cherry picked from commit 80797bbb919b3ccde4e51b349f3ca70c1157053e)
+---
+ src/shared/locale-setup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/locale-setup.c b/src/shared/locale-setup.c
+index 4e7f486a23..5c4580cfff 100644
+--- a/src/shared/locale-setup.c
++++ b/src/shared/locale-setup.c
+@@ -75,7 +75,7 @@ static int locale_context_load_conf(LocaleContext *c, LocaleLoadFlag flag) {
+
+ /* If the file is not changed, then we do not need to re-read the file. */
+ if (stat_inode_unmodified(&c->st, &st))
+- return 0;
++ return 1; /* (already) loaded */
+
+ c->st = st;
+ locale_context_clear(c);
diff --git a/SOURCES/0095-machine-GC-machine-when-no-leader-PID-is-set.patch b/SOURCES/0095-machine-GC-machine-when-no-leader-PID-is-set.patch
new file mode 100644
index 0000000..f66620b
--- /dev/null
+++ b/SOURCES/0095-machine-GC-machine-when-no-leader-PID-is-set.patch
@@ -0,0 +1,36 @@
+From 962bdd1d02df80a6e846a6426709624009c7d9d8 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 28 Dec 2024 11:38:24 +0900
+Subject: [PATCH] machine: GC machine when no leader PID is set
+
+After d8854ff1aca4434db0d7d6dcaf9fcf2f38105fb4, if a serialized
+leader PID of a machine is already dead when deserialized, then the
+leader PID and PIDFD are unset for the machine, and subsequent
+machine_start() -> machine_watch_pidfd() will trigger an assertion.
+This makes a Machine object without leader PID GCed.
+
+Fixes a bug introduced by the combination of
+d8854ff1aca4434db0d7d6dcaf9fcf2f38105fb4 (v255) and
+1762c2c045d3a78d3cad54c6b1e5ee9624b32b00 (v257).
+
+Fixes #35602.
+
+(cherry picked from commit 51a0a3b0494d01c1622f6d0c3e2c31e01c18612f)
+---
+ src/machine/machine.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/machine/machine.c b/src/machine/machine.c
+index 587c2267b6..26ce1556a5 100644
+--- a/src/machine/machine.c
++++ b/src/machine/machine.c
+@@ -610,6 +610,9 @@ bool machine_may_gc(Machine *m, bool drop_not_started) {
+ if (m->class == MACHINE_HOST)
+ return false;
+
++ if (!pidref_is_set(&m->leader))
++ return true;
++
+ if (drop_not_started && !m->started)
+ return true;
+
diff --git a/SOURCES/0096-creds-fix-use-after-free-in-varlink-interface.patch b/SOURCES/0096-creds-fix-use-after-free-in-varlink-interface.patch
new file mode 100644
index 0000000..36ddf0a
--- /dev/null
+++ b/SOURCES/0096-creds-fix-use-after-free-in-varlink-interface.patch
@@ -0,0 +1,131 @@
+From b342fb52b09f9e6b2e027460831f9bc139c8b27e Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Fri, 27 Dec 2024 15:06:39 +0000
+Subject: [PATCH] creds: fix use-after-free in varlink interface
+
+All other usages of sd_varlink_call* do not free the json return parameter,
+and it is owned by the varlink object instead. Do the same here.
+
+TEST-54-CREDS.sh[1074]: ==1074==ERROR: AddressSanitizer: heap-use-after-free on address 0x50c00000095a at pc 0x55cf8cd18a0f bp 0x7ffd7b9d4f10 sp 0x7ffd7b9d4f08
+TEST-54-CREDS.sh[1074]: READ of size 2 at 0x50c00000095a thread T0 ((sd-mkdcreds))
+TEST-54-CREDS.sh[1074]: #0 0x55cf8cd18a0e in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16
+TEST-54-CREDS.sh[1074]: #1 0x55cf8cd4cecb in varlink_clear_current /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:593:22
+TEST-54-CREDS.sh[1074]: #2 0x55cf8cd4975e in varlink_clear /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:614:9
+TEST-54-CREDS.sh[1074]: #3 0x55cf8cd3dc3c in varlink_destroy /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:651:9
+TEST-54-CREDS.sh[1074]: #4 0x55cf8cd3dc3c in sd_varlink_unref /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:657:1
+TEST-54-CREDS.sh[1074]: #5 0x55cf8cb47a82 in sd_varlink_unrefp /usr/src/debug/systemd/src/systemd/sd-varlink.h:279:1
+TEST-54-CREDS.sh[1074]: #6 0x55cf8cb47a82 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1
+TEST-54-CREDS.sh[1074]: #7 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29
+TEST-54-CREDS.sh[1074]: #8 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16
+TEST-54-CREDS.sh[1074]: #9 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29
+TEST-54-CREDS.sh[1074]: #10 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13
+TEST-54-CREDS.sh[1074]: #11 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21
+TEST-54-CREDS.sh[1074]: #12 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13
+TEST-54-CREDS.sh[1074]: #13 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13
+TEST-54-CREDS.sh[1074]: #14 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13
+TEST-54-CREDS.sh[1074]: #15 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
+TEST-54-CREDS.sh[1074]: #16 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
+TEST-54-CREDS.sh[1074]: #17 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222)
+TEST-54-CREDS.sh[1074]: 0x50c00000095a is located 26 bytes inside of 120-byte region [0x50c000000940,0x50c0000009b8)
+TEST-54-CREDS.sh[1074]: freed by thread T0 ((sd-mkdcreds)) here:
+TEST-54-CREDS.sh[1074]: #0 0x7f64b48d57ea in free (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd57ea) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e)
+TEST-54-CREDS.sh[1074]: #1 0x55cf8cd188ab in sd_json_variant_unref /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:895:25
+TEST-54-CREDS.sh[1074]: #2 0x55cf8cb47a4c in sd_json_variant_unrefp /usr/src/debug/systemd/src/systemd/sd-json.h:98:1
+TEST-54-CREDS.sh[1074]: #3 0x55cf8cb47a4c in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1660:1
+TEST-54-CREDS.sh[1074]: #4 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29
+TEST-54-CREDS.sh[1074]: #5 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16
+TEST-54-CREDS.sh[1074]: #6 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29
+TEST-54-CREDS.sh[1074]: #7 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13
+TEST-54-CREDS.sh[1074]: #8 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21
+TEST-54-CREDS.sh[1074]: #9 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13
+TEST-54-CREDS.sh[1074]: #10 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13
+TEST-54-CREDS.sh[1074]: #11 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13
+TEST-54-CREDS.sh[1074]: #12 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
+TEST-54-CREDS.sh[1074]: #13 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
+TEST-54-CREDS.sh[1074]: #14 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222)
+TEST-54-CREDS.sh[1074]: previously allocated by thread T0 ((sd-mkdcreds)) here:
+TEST-54-CREDS.sh[1074]: #0 0x7f64b48d5a83 in malloc (/usr/lib/clang/19/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0xd5a83) (BuildId: c59bbd28ceb74038a60373d4a8cd4c258bcf0b4e)
+TEST-54-CREDS.sh[1074]: #1 0x55cf8cd16bb7 in malloc_multiply /usr/src/debug/systemd/src/basic/alloc-util.h:119:16
+TEST-54-CREDS.sh[1074]: #2 0x55cf8cd16bb7 in sd_json_variant_new_object /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:737:13
+TEST-54-CREDS.sh[1074]: #3 0x55cf8cd32e58 in json_parse_internal /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3161:29
+TEST-54-CREDS.sh[1074]: #4 0x55cf8cd37326 in sd_json_parse_with_source /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3408:16
+TEST-54-CREDS.sh[1074]: #5 0x55cf8cd37326 in sd_json_parse /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:3437:16
+TEST-54-CREDS.sh[1074]: #6 0x55cf8cd3f753 in varlink_parse_message /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:962:13
+TEST-54-CREDS.sh[1074]: #7 0x55cf8cd3f753 in sd_varlink_process /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:1466:13
+TEST-54-CREDS.sh[1074]: #8 0x55cf8cd4c0a9 in sd_varlink_call_full /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2160:21
+TEST-54-CREDS.sh[1074]: #9 0x55cf8cd4d617 in sd_varlink_callb_ap /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2237:16
+TEST-54-CREDS.sh[1074]: #10 0x55cf8cd4da3c in sd_varlink_callb /usr/src/debug/systemd/src/libsystemd/sd-varlink/sd-varlink.c:2251:13
+TEST-54-CREDS.sh[1074]: #11 0x55cf8cb47686 in ipc_decrypt_credential /usr/src/debug/systemd/src/shared/creds-util.c:1623:13
+TEST-54-CREDS.sh[1074]: #12 0x55cf8caca99a in maybe_decrypt_and_write_credential /usr/src/debug/systemd/src/core/exec-credential.c:486:29
+TEST-54-CREDS.sh[1074]: #13 0x55cf8cac790b in load_credential /usr/src/debug/systemd/src/core/exec-credential.c:713:16
+TEST-54-CREDS.sh[1074]: #14 0x55cf8cac5403 in acquire_credentials /usr/src/debug/systemd/src/core/exec-credential.c:819:29
+TEST-54-CREDS.sh[1074]: #15 0x55cf8cac5403 in setup_credentials_internal /usr/src/debug/systemd/src/core/exec-credential.c:1023:13
+TEST-54-CREDS.sh[1074]: #16 0x55cf8cac42d4 in exec_setup_credentials /usr/src/debug/systemd/src/core/exec-credential.c:1168:21
+TEST-54-CREDS.sh[1074]: #17 0x55cf8ca59569 in exec_invoke /usr/src/debug/systemd/src/core/exec-invoke.c:4866:13
+TEST-54-CREDS.sh[1074]: #18 0x55cf8ca428d8 in run /usr/src/debug/systemd/src/core/executor.c:244:13
+TEST-54-CREDS.sh[1074]: #19 0x55cf8ca428d8 in main /usr/src/debug/systemd/src/core/executor.c:275:13
+TEST-54-CREDS.sh[1074]: #20 0x7f64b40110c7 in __libc_start_call_main (/lib64/libc.so.6+0x40c7) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
+TEST-54-CREDS.sh[1074]: #21 0x7f64b401118a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x418a) (BuildId: 159846287d47eef88f2a478f59803f6e8fc81d05)
+TEST-54-CREDS.sh[1074]: #22 0x55cf8ca41cb4 (/usr/lib/systemd/systemd-executor+0x124cb4) (BuildId: 24f2b1608c3aaee3226cdd14fa2b6e6741156222)
+TEST-54-CREDS.sh[1074]: SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/debug/systemd/src/libsystemd/sd-json/sd-json.c:887:16 in sd_json_variant_unref
+TEST-54-CREDS.sh[1074]: Shadow bytes around the buggy address:
+TEST-54-CREDS.sh[1074]: 0x50c000000680: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: 0x50c000000700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+TEST-54-CREDS.sh[1074]: 0x50c000000780: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
+TEST-54-CREDS.sh[1074]: 0x50c000000800: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: 0x50c000000880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
+TEST-54-CREDS.sh[1074]: =>0x50c000000900: fa fa fa fa fa fa fa fa fd fd fd[fd]fd fd fd fd
+TEST-54-CREDS.sh[1074]: 0x50c000000980: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: 0x50c000000a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: 0x50c000000a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: 0x50c000000b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: 0x50c000000b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+TEST-54-CREDS.sh[1074]: Shadow byte legend (one shadow byte represents 8 application bytes):
+TEST-54-CREDS.sh[1074]: Addressable: 00
+TEST-54-CREDS.sh[1074]: Partially addressable: 01 02 03 04 05 06 07
+TEST-54-CREDS.sh[1074]: Heap left redzone: fa
+TEST-54-CREDS.sh[1074]: Freed heap region: fd
+TEST-54-CREDS.sh[1074]: Stack left redzone: f1
+TEST-54-CREDS.sh[1074]: Stack mid redzone: f2
+TEST-54-CREDS.sh[1074]: Stack right redzone: f3
+TEST-54-CREDS.sh[1074]: Stack after return: f5
+TEST-54-CREDS.sh[1074]: Stack use after scope: f8
+TEST-54-CREDS.sh[1074]: Global redzone: f9
+TEST-54-CREDS.sh[1074]: Global init order: f6
+TEST-54-CREDS.sh[1074]: Poisoned by user: f7
+TEST-54-CREDS.sh[1074]: Container overflow: fc
+TEST-54-CREDS.sh[1074]: Array cookie: ac
+TEST-54-CREDS.sh[1074]: Intra object redzone: bb
+TEST-54-CREDS.sh[1074]: ASan internal: fe
+TEST-54-CREDS.sh[1074]: Left alloca redzone: ca
+TEST-54-CREDS.sh[1074]: Right alloca redzone: cb
+
+Follow-up for 2c3cbc5c018e05b3a3e5ec6c6a2da6f3c6c3fb09
+
+(cherry picked from commit 842a674d4f7fb69af28e67f447c1250383e50f41)
+---
+ src/shared/creds-util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
+index 6ee18838cc..5156c63fd3 100644
+--- a/src/shared/creds-util.c
++++ b/src/shared/creds-util.c
+@@ -1560,7 +1560,7 @@ int ipc_encrypt_credential(const char *name, usec_t timestamp, usec_t not_after,
+
+ sd_json_variant_sensitive(jinput);
+
+- _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;
++ sd_json_variant *reply = NULL;
+ const char *error_id = NULL;
+ r = sd_varlink_callbo(
+ vl,
+@@ -1618,7 +1618,7 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp,
+
+ sd_json_variant_sensitive(jinput);
+
+- _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;
++ sd_json_variant *reply = NULL;
+ const char *error_id = NULL;
+ r = sd_varlink_callbo(
+ vl,
diff --git a/SOURCES/0097-core-unit-serialize-fix-serialization-of-markers.patch b/SOURCES/0097-core-unit-serialize-fix-serialization-of-markers.patch
new file mode 100644
index 0000000..eee1713
--- /dev/null
+++ b/SOURCES/0097-core-unit-serialize-fix-serialization-of-markers.patch
@@ -0,0 +1,30 @@
+From 6f30e56bf3e5272e83cff11d153ae70c3ffb7624 Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Thu, 26 Dec 2024 21:15:44 +0100
+Subject: [PATCH] core/unit-serialize: fix serialization of markers
+
+Follow-up for ff68472a20c208121b69ea13586f3105a219bc14
+
+(cherry picked from commit 5ce8d7d83902e920a34488c4193d9bc4b5bb70ae)
+---
+ src/core/unit-serialize.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c
+index f196242eaf..82102c0c32 100644
+--- a/src/core/unit-serialize.c
++++ b/src/core/unit-serialize.c
+@@ -21,10 +21,12 @@ static int serialize_markers(FILE *f, unsigned markers) {
+ if (markers == 0)
+ return 0;
+
++ bool space = false;
++
+ fputs("markers=", f);
+ for (UnitMarker m = 0; m < _UNIT_MARKER_MAX; m++)
+ if (FLAGS_SET(markers, 1u << m))
+- fputs(unit_marker_to_string(m), f);
++ fputs_with_separator(f, unit_marker_to_string(m), /* separator = */ NULL, &space);
+ fputc('\n', f);
+ return 0;
+ }
diff --git a/SOURCES/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch b/SOURCES/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch
new file mode 100644
index 0000000..8e88473
--- /dev/null
+++ b/SOURCES/0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch
@@ -0,0 +1,84 @@
+From b2320ced3873981f1215eddb597cfa4aad5bd1b6 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Sun, 22 Dec 2024 13:31:36 +0000
+Subject: [PATCH] test: answer 2nd mdadm --create question for compat with new
+ version
+
+New version of mdadm now asks a second question, so send 'y' twice
+to it in the test scripts
+
+[ 5.253483] TEST-64-UDEV-STORAGE.sh[684]: + echo y
+[ 5.254412] TEST-64-UDEV-STORAGE.sh[685]: + mdadm --create /dev/md/mdmirror --name mdmirror --uuid aaaaaaaa:bbbbbbbb:cccccccc:00000001 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm0 /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm1 -v -f --level=1 --raid-devices=2
+[ 5.254759] TEST-64-UDEV-STORAGE.sh[685]: To optimalize recovery speed, it is recommended to enable write-indent bitmap, do you want to enable it now? [y/N]? mdadm: Note: this array has metadata at the start and
+[ 5.255085] TEST-64-UDEV-STORAGE.sh[685]: may not be suitable as a boot device. If you plan to
+[ 5.255418] TEST-64-UDEV-STORAGE.sh[685]: store '/boot' on this device please ensure that
+[ 5.255745] TEST-64-UDEV-STORAGE.sh[685]: your boot-loader understands md/v1.x metadata, or use
+[ 5.256285] TEST-64-UDEV-STORAGE.sh[685]: --metadata=0.90
+[ 5.256672] TEST-64-UDEV-STORAGE.sh[685]: mdadm: size set to 64512K
+[ 5.257063] TEST-64-UDEV-STORAGE.sh[685]: Continue creating array [y/N]? mdadm: create aborted.
+
+This is backward compatible with the older version that asks just one
+question
+
+(cherry picked from commit 16406420ea449b75e70a7dced05d7b98bc0f5376)
+---
+ test/units/TEST-64-UDEV-STORAGE.sh | 8 ++++----
+ test/units/TEST-74-AUX-UTILS.bootctl.sh | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/test/units/TEST-64-UDEV-STORAGE.sh b/test/units/TEST-64-UDEV-STORAGE.sh
+index 24c1adaeda..01c3dd68ea 100755
+--- a/test/units/TEST-64-UDEV-STORAGE.sh
++++ b/test/units/TEST-64-UDEV-STORAGE.sh
+@@ -1080,7 +1080,7 @@ testcase_mdadm_basic() {
+ "/dev/disk/by-label/$part_name" # ext4 partition
+ )
+ # Create a simple RAID 1 with an ext4 filesystem
+- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..1} -v -f --level=1 --raid-devices=2
++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..1} -v -f --level=1 --raid-devices=2
+ udevadm wait --settle --timeout=30 "$raid_dev"
+ # udevd does not lock md devices, hence we need to trigger uevent after creating filesystem.
+ mkfs.ext4 -L "$part_name" "$raid_dev"
+@@ -1111,7 +1111,7 @@ testcase_mdadm_basic() {
+ "/dev/disk/by-label/$part_name" # ext4 partition
+ )
+ # Create a simple RAID 5 with an ext4 filesystem
+- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..2} -v -f --level=5 --raid-devices=3
++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..2} -v -f --level=5 --raid-devices=3
+ udevadm wait --settle --timeout=30 "$raid_dev"
+ mkfs.ext4 -L "$part_name" "$raid_dev"
+ udevadm trigger --settle "$raid_dev"
+@@ -1152,7 +1152,7 @@ testcase_mdadm_basic() {
+ "/dev/disk/by-id/md-uuid-$uuid-part3"
+ )
+ # Create a simple RAID 10 with an ext4 filesystem
+- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..3} -v -f --level=10 --raid-devices=4
++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadm{0..3} -v -f --level=10 --raid-devices=4
+ udevadm wait --settle --timeout=30 "$raid_dev"
+ # Partition the raid device
+ # Here, 'udevadm lock' is meaningless, as udevd does not lock MD devices.
+@@ -1208,7 +1208,7 @@ testcase_mdadm_lvm() {
+ "/dev/disk/by-label/$part_name" # ext4 partition
+ )
+ # Create a RAID 10 with LVM + ext4
+- echo y | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadmlvm{0..3} -v -f --level=10 --raid-devices=4
++ printf 'y\ny\n' | mdadm --create "$raid_dev" --name "$raid_name" --uuid "$uuid" /dev/disk/by-id/scsi-0systemd_foobar_deadbeefmdadmlvm{0..3} -v -f --level=10 --raid-devices=4
+ udevadm wait --settle --timeout=30 "$raid_dev"
+ # Create an LVM on the MD
+ lvm pvcreate -y "$raid_dev"
+diff --git a/test/units/TEST-74-AUX-UTILS.bootctl.sh b/test/units/TEST-74-AUX-UTILS.bootctl.sh
+index 46fd5d1f2d..650c289aca 100755
+--- a/test/units/TEST-74-AUX-UTILS.bootctl.sh
++++ b/test/units/TEST-74-AUX-UTILS.bootctl.sh
+@@ -215,9 +215,9 @@ EOF
+
+ udevadm settle
+
+- echo y | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2
++ printf 'y\ny\n' | mdadm --create /dev/md/raid-esp --name "raid-esp" "${LOOPDEV1}p1" "${LOOPDEV2}p1" -v -f --level=1 --raid-devices=2
+ mkfs.vfat /dev/md/raid-esp
+- echo y | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2
++ printf 'y\ny\n' | mdadm --create /dev/md/raid-root --name "raid-root" "${LOOPDEV1}p2" "${LOOPDEV2}p2" -v -f --level=1 --raid-devices=2
+ mkfs.ext4 /dev/md/raid-root
+ mkfs.btrfs -f -M -d raid1 -m raid1 -L "raid-boot" "${LOOPDEV1}p3" "${LOOPDEV2}p3"
+
diff --git a/SOURCES/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch b/SOURCES/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch
new file mode 100644
index 0000000..7be23d6
--- /dev/null
+++ b/SOURCES/0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch
@@ -0,0 +1,38 @@
+From 685de97882c3e44569b0fd2268c3cc065d9c158e Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 21 Dec 2024 03:13:18 +0900
+Subject: [PATCH] hwdb: comment out the entry for Logitech MX Keys for Mac
+
+This effectively reverts the commit f70e5620b6ac319beac1d5ce26331bdc48d25daa,
+as the entry seems to match multiple models.
+
+Fixes #35691.
+
+(cherry picked from commit 52a2b049476b374dea2efa22d39c5a1944125c47)
+---
+ hwdb.d/60-keyboard.hwdb | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb
+index 6cc059123a..71221fdbfb 100644
+--- a/hwdb.d/60-keyboard.hwdb
++++ b/hwdb.d/60-keyboard.hwdb
+@@ -1438,10 +1438,15 @@ evdev:input:b0003v046DpC309*
+ KEYBOARD_KEY_c01b6=images # My Pictures (F11)
+ KEYBOARD_KEY_c01b7=audio # My Music (F12)
+
++# The wireless receiver b0003v046Dp4092* seems to be used by multiple models.
++# See issue #35691. Hence, the entry below cannot be enabled by default. If
++# you're using the model below, consider copying the entry to a custom hwdb
++# file to enable the setting.
++#
+ # Logitech MX Keys for Mac
+-evdev:input:b0003v046Dp4092*
+- KEYBOARD_KEY_70035=102nd # '<' key
+- KEYBOARD_KEY_70064=grave # '^' key
++#evdev:input:b0003v046Dp4092*
++# KEYBOARD_KEY_70035=102nd # '<' key
++# KEYBOARD_KEY_70064=grave # '^' key
+
+ ###########################################################
+ # Maxdata
diff --git a/SOURCES/0100-mkosi-Install-which-in-build-image.patch b/SOURCES/0100-mkosi-Install-which-in-build-image.patch
new file mode 100644
index 0000000..09070d1
--- /dev/null
+++ b/SOURCES/0100-mkosi-Install-which-in-build-image.patch
@@ -0,0 +1,22 @@
+From b23751d0d0abc53f62108e0b6e035955eed30af9 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 7 Jan 2025 12:23:09 +0100
+Subject: [PATCH] mkosi: Install which in build image
+
+Required by gdb-add-index to find gdb and not declared as a dependency
+of the package.
+
+(cherry picked from commit 414fe9629cebf1ca2dc4c38d82ad8872a5483e89)
+---
+ mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
+index 727e9bccd7..b81649feba 100644
+--- a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
++++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
+@@ -20,3 +20,4 @@ Packages=
+ libasan
+ libubsan
+ rpm-build
++ which
diff --git a/SOURCES/0101-packit-Simplify-configuration.patch b/SOURCES/0101-packit-Simplify-configuration.patch
new file mode 100644
index 0000000..f503c4a
--- /dev/null
+++ b/SOURCES/0101-packit-Simplify-configuration.patch
@@ -0,0 +1,62 @@
+From 177b7aae44151ee1ce2ac87883318d8edd81bbe4 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 6 Jan 2025 13:44:03 +0100
+Subject: [PATCH] packit: Simplify configuration
+
+(cherry picked from commit 86a6d7cc5a4798e614c50ed02c751e71f74637f9)
+---
+ .packit.yml | 29 ++++++-----------------------
+ 1 file changed, 6 insertions(+), 23 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index eef6e48fcf..697defd3e7 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -1,6 +1,5 @@
+ ---
+-# vi:ts=2 sw=2 et:
+-#
++# SPDX-License-Identifier: LGPL-2.1-or-later
+ # Docs: https://packit.dev/docs/
+
+ specfile_path: .packit_rpm/systemd.spec
+@@ -8,8 +7,6 @@ files_to_sync:
+ - .packit.yml
+ - src: .packit_rpm/systemd.spec
+ dest: systemd.spec
+-upstream_package_name: systemd
+-downstream_package_name: systemd
+ # `git describe` returns in systemd's case 'v245-xxx' which breaks RPM version
+ # detection (that expects 245-xxxx'). Let's tweak the version string accordingly
+ upstream_tag_template: "v{version}"
+@@ -25,25 +22,11 @@ actions:
+
+ post-upstream-clone:
+ # Use the Fedora Rawhide specfile
+- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
+- # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
+- - "rm -fv .packit_rpm/sources"
+- # Drop backported patches from the specfile, but keep the downstream-only ones
+- # - Patch(0000-0499): backported patches from upstream
+- # - Patch0500-9999: downstream-only patches
+- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec"
+- # Build the RPM with --werror. Even though --werror doesn't work in all
+- # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
+- # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
+- #
+- # [0] https://github.com/mesonbuild/meson/issues/7360
+- # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
+- - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+- # Ignore unpackaged standalone binaries
+- - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
+- # Temporarily add libarchive-devel build dep and libarchive runtime dep
+- # until the change propagates to Rawhide's specfile
+- - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
++ - git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1
++ - bash -c 'echo "%bcond upstream 1" > .packit_rpm/systemd.spec.new'
++ - bash -c 'echo "%define meson_extra_configure_options --werror" >> .packit_rpm/systemd.spec.new'
++ - bash -c 'cat .packit_rpm/systemd.spec >> .packit_rpm/systemd.spec.new'
++ - mv .packit_rpm/systemd.spec.new .packit_rpm/systemd.spec
+
+ jobs:
+ - job: copr_build
diff --git a/SOURCES/0102-fmf-Check-out-target-branch-in-packit.patch b/SOURCES/0102-fmf-Check-out-target-branch-in-packit.patch
new file mode 100644
index 0000000..1afffe9
--- /dev/null
+++ b/SOURCES/0102-fmf-Check-out-target-branch-in-packit.patch
@@ -0,0 +1,23 @@
+From cc599a20eff836cc92ad5c94953d55d408d3a6d7 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 7 Jan 2025 14:39:53 +0100
+Subject: [PATCH] fmf: Check out target branch in packit
+
+(cherry picked from commit 3c9ffd2e4b81e6bbc8cb28634432b6c9dccd661e)
+---
+ test/fmf/integration-tests/test.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh
+index 690e07aa56..4984fb119b 100755
+--- a/test/fmf/integration-tests/test.sh
++++ b/test/fmf/integration-tests/test.sh
+@@ -30,7 +30,7 @@ if [[ -n "${TMT_SOURCE_DIR:-}" ]]; then
+ pushd "$TMT_SOURCE_DIR/*/"
+ elif [[ -n "${PACKIT_TARGET_URL:-}" ]]; then
+ # Prepare systemd source tree
+- git clone "$PACKIT_TARGET_URL" systemd
++ git clone "$PACKIT_TARGET_URL" systemd --branch "$PACKIT_TARGET_BRANCH"
+ pushd systemd
+
+ # If we're running in a pull request job, merge the remote branch into the current main
diff --git a/SOURCES/0103-stdio-bridge-fix-polled-fds.patch b/SOURCES/0103-stdio-bridge-fix-polled-fds.patch
new file mode 100644
index 0000000..598c348
--- /dev/null
+++ b/SOURCES/0103-stdio-bridge-fix-polled-fds.patch
@@ -0,0 +1,33 @@
+From a398d18e797d5b4dec6d265e753f8b688ffcd570 Mon Sep 17 00:00:00 2001
+From: Jacob McNamee <jacob@jacobmcnamee.com>
+Date: Tue, 7 Jan 2025 03:29:31 -0800
+Subject: [PATCH] stdio-bridge: fix polled fds
+
+Poll fds associated with the bus instead of hardcoding stdin/stdout.
+
+This is consequential under socket activation, when the provided fd
+should be used instead of stdin/stdout.
+
+(cherry picked from commit 9d1c28b2d8422df700e7d94339ac6052a6755c6c)
+(cherry picked from commit 59f5a4323468befbdca2bae7907219eaf8852f9a)
+---
+ src/stdio-bridge/stdio-bridge.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c
+index 22570511cb..f48b7e574e 100644
+--- a/src/stdio-bridge/stdio-bridge.c
++++ b/src/stdio-bridge/stdio-bridge.c
+@@ -236,9 +236,9 @@ static int run(int argc, char *argv[]) {
+ t = usec_sub_unsigned(MIN(timeout_a, timeout_b), now(CLOCK_MONOTONIC));
+
+ struct pollfd p[3] = {
+- { .fd = fd, .events = events_a },
+- { .fd = STDIN_FILENO, .events = events_b & POLLIN },
+- { .fd = STDOUT_FILENO, .events = events_b & POLLOUT },
++ { .fd = fd, .events = events_a },
++ { .fd = in_fd, .events = events_b & POLLIN },
++ { .fd = out_fd, .events = events_b & POLLOUT },
+ };
+
+ r = ppoll_usec(p, ELEMENTSOF(p), t);
diff --git a/SOURCES/0104-Revert-mkosi-Fix-opensuse-build.patch b/SOURCES/0104-Revert-mkosi-Fix-opensuse-build.patch
new file mode 100644
index 0000000..12b6b85
--- /dev/null
+++ b/SOURCES/0104-Revert-mkosi-Fix-opensuse-build.patch
@@ -0,0 +1,28 @@
+From 253ee3c07f31c6938dacdca3e1bbfc3dbc17e403 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 7 Jan 2025 16:25:03 +0100
+Subject: [PATCH] Revert "mkosi: Fix opensuse build"
+
+The commit that changes the name from README.testsuite to README.md
+was never backported (and shouldn't as it would break opensuse's spec)
+so revert the corresponding change in the mkosi opensuse build script.
+
+This reverts commit 4162c331dd4fc6657d1f51c90a7a0223e9f4a30d.
+---
+ mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+index 72115c2c5b..d672c31647 100755
+--- a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
++++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot
+@@ -60,9 +60,6 @@ fi
+ # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
+ sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+
+-# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite.
+-sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}/systemd.spec"
+-
+ build() {
+ IFS=
+ # shellcheck disable=SC2046
diff --git a/SOURCES/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch b/SOURCES/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch
new file mode 100644
index 0000000..33babaf
--- /dev/null
+++ b/SOURCES/0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch
@@ -0,0 +1,33 @@
+From 986e51805b0b8af92742e9d67719f3353616e89b Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Mon, 6 Jan 2025 10:45:21 +0000
+Subject: [PATCH] CI: add OBS workflow integration to build packages on push to
+ main
+
+When main is updated, packages for Arch/Debian/Ubuntu/SUSE will be built and published
+on OBS:
+
+https://download.opensuse.org/repositories/home:/bluca:/systemd/
+https://build.opensuse.org/project/show/home:bluca:systemd
+(cherry picked from commit 0b5f9269398d1422bb7ff3f928a4ffe67332ff63)
+---
+ .obs/workflows.yml | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+ create mode 100644 .obs/workflows.yml
+
+diff --git a/.obs/workflows.yml b/.obs/workflows.yml
+new file mode 100644
+index 0000000000..5e417f9398
+--- /dev/null
++++ b/.obs/workflows.yml
+@@ -0,0 +1,10 @@
++rebuild:
++ steps:
++ - trigger_services:
++ project: home:bluca:systemd
++ package: systemd
++ filters:
++ event: push
++ branches:
++ only:
++ - main
diff --git a/SOURCES/0106-obs-also-trigger-Fedora-package-builds.patch b/SOURCES/0106-obs-also-trigger-Fedora-package-builds.patch
new file mode 100644
index 0000000..26e54ac
--- /dev/null
+++ b/SOURCES/0106-obs-also-trigger-Fedora-package-builds.patch
@@ -0,0 +1,29 @@
+From e3d0ccaa5a3d4eb637966ee581dc522cd51307e8 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Tue, 7 Jan 2025 00:40:02 +0000
+Subject: [PATCH] obs: also trigger Fedora package builds
+
+The package is logistically separated, as the rpm sources conflict from Fedora
+conflict with the rpm sources from SUSE (some files have the same name and
+location but different, incompatible content), so Fedora builds can't be
+triggered from the same package. The result is the same.
+
+(cherry picked from commit 5c4cb68390a4a3b60d2ca733e283c44fcc205df7)
+---
+ .obs/workflows.yml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/.obs/workflows.yml b/.obs/workflows.yml
+index 5e417f9398..92e0336b99 100644
+--- a/.obs/workflows.yml
++++ b/.obs/workflows.yml
+@@ -3,6 +3,9 @@ rebuild:
+ - trigger_services:
+ project: home:bluca:systemd
+ package: systemd
++ - trigger_services:
++ project: home:bluca:systemd
++ package: systemd-fedora
+ filters:
+ event: push
+ branches:
diff --git a/SOURCES/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch b/SOURCES/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch
new file mode 100644
index 0000000..fa5e660
--- /dev/null
+++ b/SOURCES/0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch
@@ -0,0 +1,31 @@
+From ec38b373c6c05021858873d99c5e42701933e409 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 28 Dec 2024 13:36:32 +0900
+Subject: [PATCH] systemctl: also ignore ENOENT in checking inhibitors
+
+Fixes a bug caused by 804874d26ac73e0af07c4c5d7165c95372f03f6d.
+Follow-up for a1417e5563acb73a0accdc12b3af91e4ec1c7f46.
+Fixes #35757.
+
+(cherry picked from commit 084f361b509cbffe7ffd5ab6085469f76f799fe5)
+---
+ src/systemctl/systemctl-logind.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c
+index 1258852a01..d7b373ce0b 100644
+--- a/src/systemctl/systemctl-logind.c
++++ b/src/systemctl/systemctl-logind.c
+@@ -152,9 +152,9 @@ int logind_check_inhibitors(enum action a) {
+ return 0;
+
+ r = acquire_bus(BUS_FULL, &bus);
+- if (r == -ECONNREFUSED && geteuid() == 0)
+- return 0; /* When D-Bus is not running, allow root to force a shutdown. E.g. when running at
+- * the emergency console. */
++ if (ERRNO_IS_NEG_DISCONNECT(r) && geteuid() == 0)
++ return 0; /* When D-Bus is not running (ECONNREFUSED) or D-Bus socket is not created (ENOENT),
++ * allow root to force a shutdown. E.g. when running at the emergency console. */
+ if (r < 0)
+ return r;
+
diff --git a/SOURCES/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch b/SOURCES/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch
new file mode 100644
index 0000000..2e9c84e
--- /dev/null
+++ b/SOURCES/0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch
@@ -0,0 +1,33 @@
+From a65b5131829c7c80e657b4929a85746436c81b2b Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 2 Jan 2025 21:15:02 +0900
+Subject: [PATCH] systemctl: certainly ignore ENOENT in checking inhibitors
+
+Fixes a bug caused by 804874d26ac73e0af07c4c5d7165c95372f03f6d.
+
+Follow-up for 084f361b509cbffe7ffd5ab6085469f76f799fe5 and
+a1417e5563acb73a0accdc12b3af91e4ec1c7f46.
+
+Note, ERRNO_IS_NEG_DISCONNECT() includes ENONET rather than ENOENT...
+So, ENOENT needs to be handled explicitly.
+
+Fixes #35757 and #35806.
+
+(cherry picked from commit 66f379b63ddac8c72b9130df86a82b68ec42c119)
+---
+ src/systemctl/systemctl-logind.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c
+index d7b373ce0b..792529eaa0 100644
+--- a/src/systemctl/systemctl-logind.c
++++ b/src/systemctl/systemctl-logind.c
+@@ -152,7 +152,7 @@ int logind_check_inhibitors(enum action a) {
+ return 0;
+
+ r = acquire_bus(BUS_FULL, &bus);
+- if (ERRNO_IS_NEG_DISCONNECT(r) && geteuid() == 0)
++ if ((ERRNO_IS_NEG_DISCONNECT(r) || r == -ENOENT) && geteuid() == 0)
+ return 0; /* When D-Bus is not running (ECONNREFUSED) or D-Bus socket is not created (ENOENT),
+ * allow root to force a shutdown. E.g. when running at the emergency console. */
+ if (r < 0)
diff --git a/SOURCES/0109-journalctl-make-invocation-and-list-invocations-acce.patch b/SOURCES/0109-journalctl-make-invocation-and-list-invocations-acce.patch
new file mode 100644
index 0000000..a674291
--- /dev/null
+++ b/SOURCES/0109-journalctl-make-invocation-and-list-invocations-acce.patch
@@ -0,0 +1,113 @@
+From fe5b433e75df158a041553b6877080a1520ef1da Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 11 Dec 2024 09:05:34 +0900
+Subject: [PATCH] journalctl: make --invocation and --list-invocations accept
+ unit name without suffix
+
+Fixes #35538.
+
+(cherry picked from commit e8823b5e352711c68ab3282697a6ab1cfb06d25a)
+---
+ src/journal/journalctl-util.c | 21 +++++++++++++++++----
+ test/units/TEST-04-JOURNAL.invocation.sh | 9 ++++++++-
+ 2 files changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/src/journal/journalctl-util.c b/src/journal/journalctl-util.c
+index 1996bddf60..62d6ed7f32 100644
+--- a/src/journal/journalctl-util.c
++++ b/src/journal/journalctl-util.c
+@@ -10,6 +10,7 @@
+ #include "rlimit-util.h"
+ #include "strv.h"
+ #include "terminal-util.h"
++#include "unit-name.h"
+
+ char* format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
+ assert(buf);
+@@ -117,6 +118,7 @@ int journal_acquire_boot(sd_journal *j) {
+
+ int acquire_unit(const char *option_name, const char **ret_unit, LogIdType *ret_type) {
+ size_t n;
++ int r;
+
+ assert(option_name);
+ assert(ret_unit);
+@@ -132,15 +134,26 @@ int acquire_unit(const char *option_name, const char **ret_unit, LogIdType *ret_
+ "Using %s with multiple units is not supported.",
+ option_name);
+
++ LogIdType type;
++ char **units;
+ if (!strv_isempty(arg_system_units)) {
+- *ret_type = LOG_SYSTEM_UNIT_INVOCATION_ID;
+- *ret_unit = arg_system_units[0];
++ type = LOG_SYSTEM_UNIT_INVOCATION_ID;
++ units = arg_system_units;
+ } else {
+ assert(!strv_isempty(arg_user_units));
+- *ret_type = LOG_USER_UNIT_INVOCATION_ID;
+- *ret_unit = arg_user_units[0];
++ type = LOG_USER_UNIT_INVOCATION_ID;
++ units = arg_user_units;
+ }
+
++ _cleanup_free_ char *u = NULL;
++ r = unit_name_mangle(units[0], arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN, &u);
++ if (r < 0)
++ return log_error_errno(r, "Failed to mangle unit name '%s': %m", units[0]);
++
++ free_and_replace(units[0], u);
++
++ *ret_type = type;
++ *ret_unit = units[0];
+ return 0;
+ }
+
+diff --git a/test/units/TEST-04-JOURNAL.invocation.sh b/test/units/TEST-04-JOURNAL.invocation.sh
+index e7a6f547b4..3ac931e263 100755
+--- a/test/units/TEST-04-JOURNAL.invocation.sh
++++ b/test/units/TEST-04-JOURNAL.invocation.sh
+@@ -7,7 +7,8 @@ set -o pipefail
+ # shellcheck source=test/units/util.sh
+ . "$(dirname "$0")"/util.sh
+
+-SERVICE_NAME=invocation-id-test-"$RANDOM".service
++SERVICE_NAME_SHORT=invocation-id-test-"$RANDOM"
++SERVICE_NAME="$SERVICE_NAME_SHORT".service
+
+ TMP_DIR=$(mktemp -d)
+
+@@ -26,6 +27,7 @@ done
+ # systemd[1]: invocation-id-test-26448.service: Deactivated successfully.
+ journalctl --sync
+
++journalctl --list-invocation -u "$SERVICE_NAME_SHORT" | tee "$TMP_DIR"/short
+ journalctl --list-invocation -u "$SERVICE_NAME" | tee "$TMP_DIR"/10
+ journalctl --list-invocation -u "$SERVICE_NAME" --reverse | tee "$TMP_DIR"/10-r
+ journalctl --list-invocation -u "$SERVICE_NAME" -n +10 | tee "$TMP_DIR"/p10
+@@ -44,6 +46,7 @@ journalctl --list-invocation -u "$SERVICE_NAME" -n +5 --reverse | tee "$TMP_DIR"
+ [[ $(cat "$TMP_DIR"/p5 | wc -l) == 6 ]]
+ [[ $(cat "$TMP_DIR"/p5-r | wc -l) == 6 ]]
+
++diff "$TMP_DIR"/10 "$TMP_DIR"/short
+ diff <(tail -n 10 "$TMP_DIR"/10 | tac) <(tail -n 10 "$TMP_DIR"/10-r)
+ diff <(tail -n 5 "$TMP_DIR"/10) <(tail -n 5 "$TMP_DIR"/5)
+ diff <(tail -n 5 "$TMP_DIR"/10 | tac) <(tail -n 5 "$TMP_DIR"/5-r)
+@@ -54,6 +57,8 @@ diff <(tail -n 10 "$TMP_DIR"/p10 | head -n 5 | tac) <(tail -n 5 "$TMP_DIR"/p5-r)
+ tail -n 10 "$TMP_DIR"/10 |
+ while read -r idx invocation _; do
+ i="$(( idx + 10 ))"
++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME_SHORT")"
++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME_SHORT")"
+ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME")"
+ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME")"
+ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${invocation}")"
+@@ -62,6 +67,8 @@ tail -n 10 "$TMP_DIR"/10 |
+ tail -n 10 "$TMP_DIR"/p10 |
+ while read -r i invocation _; do
+ idx="$(( i - 10 ))"
++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME_SHORT")"
++ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME_SHORT")"
+ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${i}" -u "$SERVICE_NAME")"
+ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${idx}" -u "$SERVICE_NAME")"
+ assert_in "invocation ${i} ${invocation}" "$(journalctl --no-hostname -n 1 -t bash --invocation="${invocation}")"
diff --git a/SOURCES/0110-meson-bump-version-to-257.2.patch b/SOURCES/0110-meson-bump-version-to-257.2.patch
new file mode 100644
index 0000000..dfa502e
--- /dev/null
+++ b/SOURCES/0110-meson-bump-version-to-257.2.patch
@@ -0,0 +1,16 @@
+From 7fa3b5018bfffa176c77a2a5794dce792eebadcb Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Tue, 7 Jan 2025 20:45:53 +0000
+Subject: [PATCH] meson: bump version to 257.2
+
+---
+ meson.version | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.version b/meson.version
+index 97fb426c59..f813cadc5d 100644
+--- a/meson.version
++++ b/meson.version
+@@ -1 +1 @@
+-257.1
++257.2
diff --git a/SOURCES/0001-ci-update-workflows-to-run-on-source-git-setup.patch b/SOURCES/0111-ci-update-workflows-to-run-on-source-git-setup.patch
similarity index 97%
rename from SOURCES/0001-ci-update-workflows-to-run-on-source-git-setup.patch
rename to SOURCES/0111-ci-update-workflows-to-run-on-source-git-setup.patch
index 9df098c..22567aa 100644
--- a/SOURCES/0001-ci-update-workflows-to-run-on-source-git-setup.patch
+++ b/SOURCES/0111-ci-update-workflows-to-run-on-source-git-setup.patch
@@ -1,4 +1,4 @@
-From 3553500ea1d9dddeeb05e5fa3bed02a3c64b882f Mon Sep 17 00:00:00 2001
+From 5f07273cdf4b31f252ec05bf2eccd8c52f90bca0 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 May 2024 14:24:38 +0200
Subject: [PATCH] ci: update workflows to run on source-git setup
diff --git a/SOURCES/0002-ci-setup-source-git-automation.patch b/SOURCES/0112-ci-setup-source-git-automation.patch
similarity index 99%
rename from SOURCES/0002-ci-setup-source-git-automation.patch
rename to SOURCES/0112-ci-setup-source-git-automation.patch
index ac65cfe..4e31720 100644
--- a/SOURCES/0002-ci-setup-source-git-automation.patch
+++ b/SOURCES/0112-ci-setup-source-git-automation.patch
@@ -1,4 +1,4 @@
-From 952dfb240674f2afc334460d11e38ccccfb69d60 Mon Sep 17 00:00:00 2001
+From 3d94dd75b923d0bf1b0665baa292de6b4555aae9 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 16 May 2024 14:36:04 +0200
Subject: [PATCH] ci: setup source-git automation
diff --git a/SOURCES/0113-ci-reconfigure-Packit-for-RHEL-10.patch b/SOURCES/0113-ci-reconfigure-Packit-for-RHEL-10.patch
new file mode 100644
index 0000000..f937923
--- /dev/null
+++ b/SOURCES/0113-ci-reconfigure-Packit-for-RHEL-10.patch
@@ -0,0 +1,67 @@
+From d38b8b1f9484a2d9fdecd5f50b3b60425cb1943c Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Fri, 17 May 2024 13:55:40 +0200
+Subject: [PATCH] ci: reconfigure Packit for RHEL 10
+
+rhel-only: ci
+
+Related: RHEL-36636
+---
+ .packit.yml | 36 ++++++++++++++++++++++++------------
+ 1 file changed, 24 insertions(+), 12 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 697defd3e7..88d74d29af 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -21,26 +21,38 @@ actions:
+ - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'"
+
+ post-upstream-clone:
+- # Use the Fedora Rawhide specfile
+- - git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1
+- - bash -c 'echo "%bcond upstream 1" > .packit_rpm/systemd.spec.new'
+- - bash -c 'echo "%define meson_extra_configure_options --werror" >> .packit_rpm/systemd.spec.new'
+- - bash -c 'cat .packit_rpm/systemd.spec >> .packit_rpm/systemd.spec.new'
+- - mv .packit_rpm/systemd.spec.new .packit_rpm/systemd.spec
++ # Use the CentOS Stream 10 specfile
++ - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
++ # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
++ - "rm -fv .packit_rpm/sources"
++ # Drop all patches, since they're already included in the tarball
++ - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
++ # Build the RPM with --werror. Even though --werror doesn't work in all
++ # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
++ # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
++ #
++ # [0] https://github.com/mesonbuild/meson/issues/7360
++ # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
++ - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
++ # Ignore unpackaged standalone binaries
++ - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
++ # Temporarily add libarchive-devel build dep and libarchive runtime dep
++ # until the change propagates to Rawhide's specfile
++ - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
+
++# Available targets can be listed via `copr-cli list-chroots`
+ jobs:
+ - job: copr_build
+ trigger: pull_request
+ targets:
+- - fedora-rawhide-aarch64
+- - fedora-rawhide-i386
+- - fedora-rawhide-ppc64le
+- - fedora-rawhide-s390x
+- - fedora-rawhide-x86_64
++ - centos-stream-10-aarch64
++ - centos-stream-10-ppc64le
++ - centos-stream-10-s390x
++ - centos-stream-10-x86_64
+
+ - job: tests
+ trigger: pull_request
+ fmf_path: test/fmf
+ tmt_plan: ci
+ targets:
+- - fedora-rawhide-x86_64
++ - centos-stream-10-x86_64
diff --git a/SOURCES/0004-journal-again-create-user-journals-for-users-with-hi.patch b/SOURCES/0114-journal-again-create-user-journals-for-users-with-hi.patch
similarity index 97%
rename from SOURCES/0004-journal-again-create-user-journals-for-users-with-hi.patch
rename to SOURCES/0114-journal-again-create-user-journals-for-users-with-hi.patch
index f1a3949..4bf27bd 100644
--- a/SOURCES/0004-journal-again-create-user-journals-for-users-with-hi.patch
+++ b/SOURCES/0114-journal-again-create-user-journals-for-users-with-hi.patch
@@ -1,4 +1,4 @@
-From f37a654f54717a0f85abb14f82a980685169161a Mon Sep 17 00:00:00 2001
+From 6a3b583ca4b498e6d136a126ed69fc037538d0be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 9 Jan 2024 11:28:04 +0100
Subject: [PATCH] journal: again create user journals for users with high uids
diff --git a/SOURCES/0005-tmpfiles-make-purge-hard-to-mis-use.patch b/SOURCES/0115-tmpfiles-make-purge-hard-to-mis-use.patch
similarity index 97%
rename from SOURCES/0005-tmpfiles-make-purge-hard-to-mis-use.patch
rename to SOURCES/0115-tmpfiles-make-purge-hard-to-mis-use.patch
index f33fb5f..a9cee6b 100644
--- a/SOURCES/0005-tmpfiles-make-purge-hard-to-mis-use.patch
+++ b/SOURCES/0115-tmpfiles-make-purge-hard-to-mis-use.patch
@@ -1,4 +1,4 @@
-From dad955382c2e795e5f5d79ed89957d4af63880ca Mon Sep 17 00:00:00 2001
+From 15fbdad66bb68f17fc7b25a0ceaaf8fb62913a72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jun 2024 20:32:10 +0200
Subject: [PATCH] tmpfiles: make --purge hard to (mis-)use
diff --git a/SOURCES/0006-fedora-use-system-auth-in-pam-systemd-user.patch b/SOURCES/0116-fedora-use-system-auth-in-pam-systemd-user.patch
similarity index 93%
rename from SOURCES/0006-fedora-use-system-auth-in-pam-systemd-user.patch
rename to SOURCES/0116-fedora-use-system-auth-in-pam-systemd-user.patch
index f57c1da..b158e43 100644
--- a/SOURCES/0006-fedora-use-system-auth-in-pam-systemd-user.patch
+++ b/SOURCES/0116-fedora-use-system-auth-in-pam-systemd-user.patch
@@ -1,4 +1,4 @@
-From e3b9e1165b0cfc9267fb9c1f42a85b6e8cd39f71 Mon Sep 17 00:00:00 2001
+From f9d710d4e1b0039a4d1a12acbd4836153f9f819d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 14 Dec 2022 22:24:53 +0100
Subject: [PATCH] fedora: use system-auth in pam systemd-user
diff --git a/SOURCES/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch b/SOURCES/0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
similarity index 99%
rename from SOURCES/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
rename to SOURCES/0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
index ba472dc..7457f26 100644
--- a/SOURCES/0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
+++ b/SOURCES/0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
@@ -1,4 +1,4 @@
-From 2ffae8b36845e354c038c1619b78c205cd20cf09 Mon Sep 17 00:00:00 2001
+From f25ba3a80bd4893154a0d9d761bf2425ed73e5e6 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 25 Jun 2024 14:00:45 +0200
Subject: [PATCH] net-naming-scheme: start rhel10 naming and include rhel8 and
diff --git a/SOURCES/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch b/SOURCES/0118-rules-copy-40-redhat.rules-from-RHEL-9.patch
similarity index 98%
rename from SOURCES/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
rename to SOURCES/0118-rules-copy-40-redhat.rules-from-RHEL-9.patch
index 1e87c48..b5067dd 100644
--- a/SOURCES/0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
+++ b/SOURCES/0118-rules-copy-40-redhat.rules-from-RHEL-9.patch
@@ -1,4 +1,4 @@
-From 6d267290d76302f9770b2f400a7ed992b6dcb42c Mon Sep 17 00:00:00 2001
+From 681ceb94f6b351c8479ee068383f6aaa2248f63d Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 12 Jun 2024 14:23:30 +0200
Subject: [PATCH] rules: copy 40-redhat.rules from RHEL 9
diff --git a/SOURCES/0009-logind-set-RemoveIPC-to-false-by-default.patch b/SOURCES/0119-logind-set-RemoveIPC-to-false-by-default.patch
similarity index 96%
rename from SOURCES/0009-logind-set-RemoveIPC-to-false-by-default.patch
rename to SOURCES/0119-logind-set-RemoveIPC-to-false-by-default.patch
index ae363f5..5e71a6b 100644
--- a/SOURCES/0009-logind-set-RemoveIPC-to-false-by-default.patch
+++ b/SOURCES/0119-logind-set-RemoveIPC-to-false-by-default.patch
@@ -1,4 +1,4 @@
-From 138db841fbefdbb2fb293be06afe245b32cd95b1 Mon Sep 17 00:00:00 2001
+From ba26df987134fd5c38ba61f74aa02fa810dba0b1 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 10:58:28 +0200
Subject: [PATCH] logind: set RemoveIPC to false by default
diff --git a/SOURCES/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch b/SOURCES/0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
similarity index 95%
rename from SOURCES/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
rename to SOURCES/0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
index 24f297c..d9e5998 100644
--- a/SOURCES/0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
+++ b/SOURCES/0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
@@ -1,4 +1,4 @@
-From 2a735b1d1260278103a9c4fce2417b5e93a10b5f Mon Sep 17 00:00:00 2001
+From b3cb1c3f1f020475656bf50f18c4de8260f56777 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 5 Aug 2021 17:11:47 +0200
Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
diff --git a/SOURCES/0011-rc-local-order-after-network-online.target.patch b/SOURCES/0121-rc-local-order-after-network-online.target.patch
similarity index 92%
rename from SOURCES/0011-rc-local-order-after-network-online.target.patch
rename to SOURCES/0121-rc-local-order-after-network-online.target.patch
index 9a5e7ba..55d9aef 100644
--- a/SOURCES/0011-rc-local-order-after-network-online.target.patch
+++ b/SOURCES/0121-rc-local-order-after-network-online.target.patch
@@ -1,4 +1,4 @@
-From d477232d7330b512ef41ad75e9997c0aac900276 Mon Sep 17 00:00:00 2001
+From 5af11076817e70fe25dc3c467a5706a9cf865b05 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 11 Mar 2021 15:48:23 +0100
Subject: [PATCH] rc-local: order after network-online.target
diff --git a/SOURCES/0012-random-util-increase-random-seed-size-to-1024.patch b/SOURCES/0122-random-util-increase-random-seed-size-to-1024.patch
similarity index 91%
rename from SOURCES/0012-random-util-increase-random-seed-size-to-1024.patch
rename to SOURCES/0122-random-util-increase-random-seed-size-to-1024.patch
index 0f8dde3..cc53118 100644
--- a/SOURCES/0012-random-util-increase-random-seed-size-to-1024.patch
+++ b/SOURCES/0122-random-util-increase-random-seed-size-to-1024.patch
@@ -1,4 +1,4 @@
-From e7b0c09ce9340d8d996fb1801ba66b6513f38be5 Mon Sep 17 00:00:00 2001
+From 3a8330c2c2ede435f4f2dad03b939969f63565c0 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jul 2021 11:15:17 +0200
Subject: [PATCH] random-util: increase random seed size to 1024
diff --git a/SOURCES/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch b/SOURCES/0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch
similarity index 92%
rename from SOURCES/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
rename to SOURCES/0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch
index f97f6c5..c901ce1 100644
--- a/SOURCES/0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
+++ b/SOURCES/0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch
@@ -1,4 +1,4 @@
-From 407a281c19897303a3f0f730151fd6a59bdf0846 Mon Sep 17 00:00:00 2001
+From 7286e81cbc1ba8283b81c8c1e604b24347ae6b3a Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Thu, 2 May 2019 14:11:54 +0200
Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
diff --git a/SOURCES/0014-journald.conf-don-t-touch-current-audit-settings.patch b/SOURCES/0124-journald.conf-don-t-touch-current-audit-settings.patch
similarity index 89%
rename from SOURCES/0014-journald.conf-don-t-touch-current-audit-settings.patch
rename to SOURCES/0124-journald.conf-don-t-touch-current-audit-settings.patch
index 7c97e81..b7376f2 100644
--- a/SOURCES/0014-journald.conf-don-t-touch-current-audit-settings.patch
+++ b/SOURCES/0124-journald.conf-don-t-touch-current-audit-settings.patch
@@ -1,4 +1,4 @@
-From d556abba450e23e900eedece11305c48b77a248f Mon Sep 17 00:00:00 2001
+From 216a27427829c5a74798b0dd79f321b3b8b06d93 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 5 Aug 2021 15:26:13 +0200
Subject: [PATCH] journald.conf: don't touch current audit settings
diff --git a/SOURCES/0015-rules-add-elevator-kernel-command-line-parameter.patch b/SOURCES/0125-rules-add-elevator-kernel-command-line-parameter.patch
similarity index 96%
rename from SOURCES/0015-rules-add-elevator-kernel-command-line-parameter.patch
rename to SOURCES/0125-rules-add-elevator-kernel-command-line-parameter.patch
index 3e5de1e..e829ca6 100644
--- a/SOURCES/0015-rules-add-elevator-kernel-command-line-parameter.patch
+++ b/SOURCES/0125-rules-add-elevator-kernel-command-line-parameter.patch
@@ -1,4 +1,4 @@
-From 634847fd61e037e9e119b018ed50bd1997c24886 Mon Sep 17 00:00:00 2001
+From 37d6f0680f53cdb27878fd5a816fc7047335998c Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Tue, 12 Feb 2019 16:58:16 +0100
Subject: [PATCH] rules: add elevator= kernel command line parameter
diff --git a/SOURCES/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/SOURCES/0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
similarity index 97%
rename from SOURCES/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
rename to SOURCES/0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
index a2a48fe..dec25ee 100644
--- a/SOURCES/0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+++ b/SOURCES/0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
@@ -1,4 +1,4 @@
-From bfb8c22224948b56f3d8310572987dcd54bd59c6 Mon Sep 17 00:00:00 2001
+From c9679716cd09f98be12784c7aecaf1ab2e92f0e9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 1 Aug 2018 13:19:39 +0200
Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
diff --git a/SOURCES/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch b/SOURCES/0127-udev-net-setup-link-change-the-default-MACAddressPol.patch
similarity index 96%
rename from SOURCES/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
rename to SOURCES/0127-udev-net-setup-link-change-the-default-MACAddressPol.patch
index a20e089..725f9c4 100644
--- a/SOURCES/0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
+++ b/SOURCES/0127-udev-net-setup-link-change-the-default-MACAddressPol.patch
@@ -1,4 +1,4 @@
-From ec6d57d8ff39de440393955a8de88883a014a4b6 Mon Sep 17 00:00:00 2001
+From b9870ba2ba624c3519b98d7c8f04fc5e06eb8d45 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 21 Sep 2021 15:01:19 +0200
Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
diff --git a/SOURCES/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch b/SOURCES/0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch
similarity index 96%
rename from SOURCES/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
rename to SOURCES/0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch
index 95b73bf..00daca9 100644
--- a/SOURCES/0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
+++ b/SOURCES/0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch
@@ -1,4 +1,4 @@
-From ed6ec13adeea59d7534f694c03e08f403b2fe411 Mon Sep 17 00:00:00 2001
+From 614ad5860a7c76748ff7ccbbceae31b81c728c4a Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 22 Feb 2022 13:24:11 +0100
Subject: [PATCH] core: decrease log level of messages about use of
diff --git a/SOURCES/0019-taint-remove-unmerged-bin.patch b/SOURCES/0129-taint-remove-unmerged-bin.patch
similarity index 98%
rename from SOURCES/0019-taint-remove-unmerged-bin.patch
rename to SOURCES/0129-taint-remove-unmerged-bin.patch
index c6fe207..48f9222 100644
--- a/SOURCES/0019-taint-remove-unmerged-bin.patch
+++ b/SOURCES/0129-taint-remove-unmerged-bin.patch
@@ -1,4 +1,4 @@
-From 574ba06befc0a56ada6ee9b125f105573ee5f06a Mon Sep 17 00:00:00 2001
+From 26a2ea7c26c82d1afc0c601ac9319eb6b0735d57 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 8 Jul 2024 14:44:45 +0200
Subject: [PATCH] taint: remove unmerged-bin
diff --git a/SOURCES/0020-presets-remove-resolved.patch b/SOURCES/0130-presets-remove-resolved.patch
similarity index 93%
rename from SOURCES/0020-presets-remove-resolved.patch
rename to SOURCES/0130-presets-remove-resolved.patch
index b63a8de..24ab120 100644
--- a/SOURCES/0020-presets-remove-resolved.patch
+++ b/SOURCES/0130-presets-remove-resolved.patch
@@ -1,4 +1,4 @@
-From 1a3648b92c97ab60104a4a0023fd96711c7a256b Mon Sep 17 00:00:00 2001
+From e369893cf89ea214641894a0ef36399e4aba771d Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 8 Jul 2024 13:13:10 +0200
Subject: [PATCH] presets: remove resolved
diff --git a/SOURCES/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch b/SOURCES/0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
similarity index 89%
rename from SOURCES/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
rename to SOURCES/0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
index 4755d68..8ad19e0 100644
--- a/SOURCES/0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
+++ b/SOURCES/0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
@@ -1,4 +1,4 @@
-From e24597f722f9a6af3809704d76df8087d8f79c5a Mon Sep 17 00:00:00 2001
+From ce7432871f2a0fef665ae95b563b92715d6a6066 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Jul 2024 10:08:06 +0200
Subject: [PATCH] ci: run mkosi test only for Fedora and CentOS Stream
@@ -11,7 +11,7 @@ Related: RHEL-40924
1 file changed, 2 insertions(+), 30 deletions(-)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
-index e7575fb6bb..ee46b3544a 100644
+index a043022ce0..fa1c7cf118 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -8,7 +8,7 @@ on:
@@ -42,35 +42,35 @@ index e7575fb6bb..ee46b3544a 100644
- llvm: 0
- cflags: "-O2 -D_FORTIFY_SOURCE=3"
- relabel: no
-- qemu: 1
+- vm: 1
- - distro: debian
- release: testing
- sanitizers: ""
- llvm: 0
- cflags: "-Og"
- relabel: no
-- qemu: 0
+- vm: 0
- - distro: ubuntu
- release: noble
- sanitizers: ""
- llvm: 0
- cflags: "-Og"
- relabel: no
-- qemu: 0
+- vm: 0
- distro: fedora
release: "41"
sanitizers: ""
@@ -89,13 +68,6 @@ jobs:
cflags: "-Og"
relabel: yes
- qemu: 0
+ vm: 0
- - distro: opensuse
- release: tumbleweed
- sanitizers: ""
- llvm: 0
- cflags: "-Og"
- relabel: no
-- qemu: 0
+- vm: 0
- distro: centos
release: "9"
sanitizers: ""
diff --git a/SOURCES/0022-taint-remove-unused-variable-usr_sbin.patch b/SOURCES/0132-taint-remove-unused-variable-usr_sbin.patch
similarity index 93%
rename from SOURCES/0022-taint-remove-unused-variable-usr_sbin.patch
rename to SOURCES/0132-taint-remove-unused-variable-usr_sbin.patch
index aa61e00..b77b5f8 100644
--- a/SOURCES/0022-taint-remove-unused-variable-usr_sbin.patch
+++ b/SOURCES/0132-taint-remove-unused-variable-usr_sbin.patch
@@ -1,4 +1,4 @@
-From 5af7d3308ed778445a945688dcf339f940644d53 Mon Sep 17 00:00:00 2001
+From 6f7aba66f47ad4537d5c5ddefc1c35332fb00f56 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Jul 2024 10:09:23 +0200
Subject: [PATCH] taint: remove unused variable `usr_sbin`
diff --git a/SOURCES/0023-packit-drop-the-libarchive-workaround.patch b/SOURCES/0133-packit-drop-the-libarchive-workaround.patch
similarity index 87%
rename from SOURCES/0023-packit-drop-the-libarchive-workaround.patch
rename to SOURCES/0133-packit-drop-the-libarchive-workaround.patch
index ebb6c8d..058c3fa 100644
--- a/SOURCES/0023-packit-drop-the-libarchive-workaround.patch
+++ b/SOURCES/0133-packit-drop-the-libarchive-workaround.patch
@@ -1,4 +1,4 @@
-From 67fd26df5f6fbe2780b2ab308eb39088efc86844 Mon Sep 17 00:00:00 2001
+From 46360e32b6cb31acf26760778a0590bb06a4c2f0 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 17 Jul 2024 12:19:03 +0200
Subject: [PATCH] packit: drop the libarchive workaround
@@ -13,10 +13,10 @@ Related: RHEL-40924
1 file changed, 3 deletions(-)
diff --git a/.packit.yml b/.packit.yml
-index 340c6992ec..03b3aae7d5 100644
+index 88d74d29af..d16e630817 100644
--- a/.packit.yml
+++ b/.packit.yml
-@@ -39,9 +39,6 @@ actions:
+@@ -36,9 +36,6 @@ actions:
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
# Ignore unpackaged standalone binaries
- "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
diff --git a/SOURCES/0024-coredump-by-default-process-and-store-core-files-up-.patch b/SOURCES/0134-coredump-by-default-process-and-store-core-files-up-.patch
similarity index 92%
rename from SOURCES/0024-coredump-by-default-process-and-store-core-files-up-.patch
rename to SOURCES/0134-coredump-by-default-process-and-store-core-files-up-.patch
index 09687e0..72a46b5 100644
--- a/SOURCES/0024-coredump-by-default-process-and-store-core-files-up-.patch
+++ b/SOURCES/0134-coredump-by-default-process-and-store-core-files-up-.patch
@@ -1,4 +1,4 @@
-From 52243386bfc005ed52903c958e172fcb70a1236a Mon Sep 17 00:00:00 2001
+From 324b1d13153c2a0e6db4043a29b7233ad1bf782e Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 5 Apr 2024 15:56:58 +0200
Subject: [PATCH] coredump: by default process and store core files up to 1GiB
diff --git a/SOURCES/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/SOURCES/0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
similarity index 92%
rename from SOURCES/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
rename to SOURCES/0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
index 42099e3..13f31fc 100644
--- a/SOURCES/0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+++ b/SOURCES/0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
@@ -1,4 +1,4 @@
-From 12bef1e0622eeb1cb4b1ed2e3d63fb1d38b1527a Mon Sep 17 00:00:00 2001
+From cbb117130198501b8fd10c42b18b5afca8fda0f1 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 May 2018 09:24:20 +0200
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
diff --git a/SOURCES/0026-unit-don-t-add-Requires-for-tmp.mount.patch b/SOURCES/0136-unit-don-t-add-Requires-for-tmp.mount.patch
similarity index 96%
rename from SOURCES/0026-unit-don-t-add-Requires-for-tmp.mount.patch
rename to SOURCES/0136-unit-don-t-add-Requires-for-tmp.mount.patch
index 2c6de81..181bfbe 100644
--- a/SOURCES/0026-unit-don-t-add-Requires-for-tmp.mount.patch
+++ b/SOURCES/0136-unit-don-t-add-Requires-for-tmp.mount.patch
@@ -1,4 +1,4 @@
-From 4d152dcd8bad5d8049390aa98f408b14b536db16 Mon Sep 17 00:00:00 2001
+From 092547697b7e256ef7c91b2687920a01f8a0a6a4 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 5 Sep 2016 12:47:09 +0200
Subject: [PATCH] unit: don't add Requires for tmp.mount
diff --git a/SOURCES/0027-units-add-Install-section-to-tmp.mount.patch b/SOURCES/0137-units-add-Install-section-to-tmp.mount.patch
similarity index 90%
rename from SOURCES/0027-units-add-Install-section-to-tmp.mount.patch
rename to SOURCES/0137-units-add-Install-section-to-tmp.mount.patch
index 3eb620c..652ef15 100644
--- a/SOURCES/0027-units-add-Install-section-to-tmp.mount.patch
+++ b/SOURCES/0137-units-add-Install-section-to-tmp.mount.patch
@@ -1,4 +1,4 @@
-From 4aff4ef75b58b4fcc8cc02529feb6bdc2c564c9c Mon Sep 17 00:00:00 2001
+From 62753331bf0a5cd57b4146794504dee40f61c389 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 22 Jan 2019 10:28:42 +0100
Subject: [PATCH] units: add [Install] section to tmp.mount
diff --git a/SOURCES/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch b/SOURCES/0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
similarity index 92%
rename from SOURCES/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
rename to SOURCES/0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
index 332dc13..1d6551c 100644
--- a/SOURCES/0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+++ b/SOURCES/0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
@@ -1,4 +1,4 @@
-From 940c4cd0fc9245ac3c5530a6b902c0ec77f28d48 Mon Sep 17 00:00:00 2001
+From de9836fa622be725de079b68966ae392283ab050 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 22 Sep 2021 14:38:00 +0200
Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
diff --git a/SOURCES/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch b/SOURCES/0139-netif-naming-scheme-add-rhel-9.5-scheme.patch
similarity index 97%
rename from SOURCES/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
rename to SOURCES/0139-netif-naming-scheme-add-rhel-9.5-scheme.patch
index 2c435ac..f50fa24 100644
--- a/SOURCES/0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
+++ b/SOURCES/0139-netif-naming-scheme-add-rhel-9.5-scheme.patch
@@ -1,4 +1,4 @@
-From 7b31af5f75649e847cf3d19e1e6e44758237ce28 Mon Sep 17 00:00:00 2001
+From 5aaa5d1ee78bacae69e12a056db178bdceec11e8 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Thu, 8 Aug 2024 13:12:58 +0200
Subject: [PATCH] netif-naming-scheme: add rhel-9.5 scheme
diff --git a/SOURCES/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch b/SOURCES/0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
similarity index 97%
rename from SOURCES/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
rename to SOURCES/0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
index 6e6b4f7..c70bd33 100644
--- a/SOURCES/0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
+++ b/SOURCES/0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
@@ -1,4 +1,4 @@
-From c20009926d4d143bd8fc605695092ae8403d1a20 Mon Sep 17 00:00:00 2001
+From d2afe66feccb3abe53f4a745784481a28838a8b8 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:42:11 +0200
Subject: [PATCH] netif-naming-scheme: rename rhel-10.0 to rhel-10.0.beta
diff --git a/SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch b/SOURCES/0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
similarity index 94%
rename from SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
rename to SOURCES/0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
index 4319754..cc01b65 100644
--- a/SOURCES/0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
+++ b/SOURCES/0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
@@ -1,4 +1,4 @@
-From d4db6a9e9e139432fd78574458de4ff72d697843 Mon Sep 17 00:00:00 2001
+From 8ae633adfe6370fa4a1d737167f339d5b8424cdd Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 22 Aug 2024 13:47:56 +0200
Subject: [PATCH] net-naming-scheme: disable NAMING_FIRMWARE_NODE_SUN
diff --git a/SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch b/SOURCES/0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
similarity index 97%
rename from SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
rename to SOURCES/0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
index 06d5a84..2556714 100644
--- a/SOURCES/0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
+++ b/SOURCES/0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
@@ -1,4 +1,4 @@
-From 5d21d8fba63d27a563137304324f5a52f527cbef Mon Sep 17 00:00:00 2001
+From fadb75463f626c2a623538d3048ba7b3cc8e1f3f Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Mon, 16 Dec 2024 15:08:50 +0100
Subject: [PATCH] netif-naming-scheme: introduce rhel-10.0 scheme
diff --git a/SOURCES/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch b/SOURCES/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch
new file mode 100644
index 0000000..4839287
--- /dev/null
+++ b/SOURCES/0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch
@@ -0,0 +1,58 @@
+From 5021cbc27c56e62ec850e0d20c3942208fd9ec51 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Mon, 6 Jan 2025 09:09:11 +0100
+Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-9.6
+
+rhel-only: policy
+
+Resolves: RHEL-44417
+---
+ man/systemd.net-naming-scheme.xml | 9 +++++++++
+ src/shared/netif-naming-scheme.c | 1 +
+ src/shared/netif-naming-scheme.h | 1 +
+ 3 files changed, 11 insertions(+)
+
+diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
+index e23d1c5758..0b0bbbb2f1 100644
+--- a/man/systemd.net-naming-scheme.xml
++++ b/man/systemd.net-naming-scheme.xml
+@@ -632,6 +632,15 @@
+ <xi:include href="version-info.xml" xpointer="rhel-9.5"/>
+ </listitem>
+ </varlistentry>
++
++ <varlistentry>
++ <term><constant>rhel-9.6</constant></term>
++
++ <listitem><para>Same as naming scheme <constant>rhel-9.5</constant>.</para>
++
++ <xi:include href="version-info.xml" xpointer="rhel-9.6"/>
++ </listitem>
++ </varlistentry>
+ </variablelist>
+ </refsect2>
+
+diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
+index 42b0470a11..5211eebc22 100644
+--- a/src/shared/netif-naming-scheme.c
++++ b/src/shared/netif-naming-scheme.c
+@@ -42,6 +42,7 @@ static const NamingScheme naming_schemes[] = {
+ { "rhel-9.3", NAMING_RHEL_9_3 },
+ { "rhel-9.4", NAMING_RHEL_9_4 },
+ { "rhel-9.5", NAMING_RHEL_9_5 },
++ { "rhel-9.6", NAMING_RHEL_9_6 },
+ { "rhel-10.0-beta", NAMING_RHEL_10_0_BETA },
+ { "rhel-10.0", NAMING_RHEL_10_0 },
+ /* … add more schemes here, as the logic to name devices is updated … */
+diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
+index 780392a583..a82f2f04d3 100644
+--- a/src/shared/netif-naming-scheme.h
++++ b/src/shared/netif-naming-scheme.h
+@@ -84,6 +84,7 @@ typedef enum NamingSchemeFlags {
+ NAMING_RHEL_9_3 = NAMING_RHEL_9_0 | NAMING_SR_IOV_R,
+ NAMING_RHEL_9_4 = NAMING_RHEL_9_3,
+ NAMING_RHEL_9_5 = NAMING_RHEL_9_4 & ~NAMING_BRIDGE_MULTIFUNCTION_SLOT,
++ NAMING_RHEL_9_6 = NAMING_RHEL_9_5,
+
+ NAMING_RHEL_10_0_BETA = NAMING_V255,
+ NAMING_RHEL_10_0 = NAMING_V257,
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index 2aeb074..e389beb 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -48,7 +48,7 @@ Url: https://systemd.io
# Allow users to specify the version and release when building the rpm by
# setting the %%version_override and %%release_override macros.
Version: %{?version_override}%{!?version_override:257}
-Release: 2%{?dist}
+Release: 3%{?dist}
%global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?)
@@ -109,38 +109,149 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
# applying upstream pull requests.
# RHEL-specific
-Patch0001: 0001-ci-update-workflows-to-run-on-source-git-setup.patch
-Patch0002: 0002-ci-setup-source-git-automation.patch
-Patch0003: 0003-ci-reconfigure-Packit-for-RHEL-10.patch
-Patch0004: 0004-journal-again-create-user-journals-for-users-with-hi.patch
-Patch0005: 0005-tmpfiles-make-purge-hard-to-mis-use.patch
-Patch0006: 0006-fedora-use-system-auth-in-pam-systemd-user.patch
-Patch0007: 0007-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
-Patch0008: 0008-rules-copy-40-redhat.rules-from-RHEL-9.patch
-Patch0009: 0009-logind-set-RemoveIPC-to-false-by-default.patch
-Patch0010: 0010-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
-Patch0011: 0011-rc-local-order-after-network-online.target.patch
-Patch0012: 0012-random-util-increase-random-seed-size-to-1024.patch
-Patch0013: 0013-journal-don-t-enable-systemd-journald-audit.socket-b.patch
-Patch0014: 0014-journald.conf-don-t-touch-current-audit-settings.patch
-Patch0015: 0015-rules-add-elevator-kernel-command-line-parameter.patch
-Patch0016: 0016-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
-Patch0017: 0017-udev-net-setup-link-change-the-default-MACAddressPol.patch
-Patch0018: 0018-core-decrease-log-level-of-messages-about-use-of-Kil.patch
-Patch0019: 0019-taint-remove-unmerged-bin.patch
-Patch0020: 0020-presets-remove-resolved.patch
-Patch0021: 0021-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
-Patch0022: 0022-taint-remove-unused-variable-usr_sbin.patch
-Patch0023: 0023-packit-drop-the-libarchive-workaround.patch
-Patch0024: 0024-coredump-by-default-process-and-store-core-files-up-.patch
-Patch0025: 0025-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
-Patch0026: 0026-unit-don-t-add-Requires-for-tmp.mount.patch
-Patch0027: 0027-units-add-Install-section-to-tmp.mount.patch
-Patch0028: 0028-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
-Patch0029: 0029-netif-naming-scheme-add-rhel-9.5-scheme.patch
-Patch0030: 0030-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
-Patch0031: 0031-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
-Patch0032: 0032-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
+Patch0001: 0001-Create-CNAME.patch
+Patch0002: 0002-sd-json-sd-varlink-drop-unexported-functions-from-pu.patch
+Patch0003: 0003-test-modernize-generate-sym-test.py.patch
+Patch0004: 0004-test-also-generate-list-of-symbols-from-header-files.patch
+Patch0005: 0005-man-systemd-cryptenroll-sort-fido2-credential-algori.patch
+Patch0006: 0006-analyze-tab-fix.patch
+Patch0007: 0007-analyze-add-missing-mask-option-to-help-text.patch
+Patch0008: 0008-test-set-nsec3-salt-length-8-in-knot.conf.patch
+Patch0009: 0009-test-capability-CAP_LINUX_IMMUTABLE-is-not-available.patch
+Patch0010: 0010-test-fd-util-skip-test-when-lacking-privileges-to-cr.patch
+Patch0011: 0011-test-fd-util-compare-FDs-to-bin-sh-instead-of-dev-nu.patch
+Patch0012: 0012-mkosi-use-inetutils-package-instead-of-hostname-for-.patch
+Patch0013: 0013-man-document-unprivileged-is-not-for-reading-propert.patch
+Patch0014: 0014-profile.d-don-t-bail-if-SHELL_-variables-are-unset.patch
+Patch0015: 0015-Fixing-VLAN-ranges-in-man-systemd.network.patch
+Patch0016: 0016-test-bpf-restrict-fs-Migrate-to-new-assertion-macros.patch
+Patch0017: 0017-man-update-example-in-systemd-measure.xml-35506.patch
+Patch0018: 0018-systemd-cryptenroll.xml-fix-typo.patch
+Patch0019: 0019-semaphore-skip-some-tests.patch
+Patch0020: 0020-shell-completion-add-systemd-creds.patch
+Patch0021: 0021-core-fix-loading-verity-settings-for-MountImages.patch
+Patch0022: 0022-test-add-more-coverage-for-extensions-and-verity.patch
+Patch0023: 0023-README-drop-CentOS-CI-badges.patch
+Patch0024: 0024-meson.version-change-to-257.1.patch
+Patch0025: 0025-journalctl-honor-quiet-with-setup-keys.patch
+Patch0026: 0026-dbus-log-disconnect-on-api-and-system-busses.patch
+Patch0027: 0027-manager-add-list-of-subscribers-to-dump-info.patch
+Patch0028: 0028-exec-util-allow-to-invoke-polkit-ask-password-agent-.patch
+Patch0029: 0029-mkosi-Fix-opensuse-build.patch
+Patch0030: 0030-units-use-PrivateTmp-disconnected-instead-of-yes-if-.patch
+Patch0031: 0031-battery-check-parse-options-before-checking-for-kern.patch
+Patch0032: 0032-test-loop-block-return-77-on-skip-in-more-places.patch
+Patch0033: 0033-mkosi-update-debian-commit-reference.patch
+Patch0034: 0034-shell-completion-add-smbios11-verb-to-systemd-analyz.patch
+Patch0035: 0035-logind-let-system-wide-idle-begin-at-the-time-logind.patch
+Patch0036: 0036-tmpfiles-reduce-quoting-in-warning-message.patch
+Patch0037: 0037-semaphore-bump-timeout.patch
+Patch0038: 0038-Revert-semaphore-skip-some-tests.patch
+Patch0039: 0039-mkosi-fix-section-for-WithNetwork.patch
+Patch0040: 0040-test-time-util-fix-truncation-of-usec-to-sec.patch
+Patch0041: 0041-network-don-t-warn-with-no-NSID-assigned.patch
+Patch0042: 0042-TEST-35-LOGIN-check-only-tty-session.patch
+Patch0043: 0043-test-README-Environment-setting-for-mkosi-should-be-.patch
+Patch0044: 0044-mkosi-temporarily-disable-panic_on_warn.patch
+Patch0045: 0045-networkd-show-wireguard-private-key-read-error-numbe.patch
+Patch0046: 0046-systemctl-edit-ignore-ENOENT-from-unit_is_masked.patch
+Patch0047: 0047-test-skip-TEST-69-SHUTDOWN-on-ubuntu-too.patch
+Patch0048: 0048-mkosi-Fix-tools-image-package-name.patch
+Patch0049: 0049-tpm2-util-Also-retry-unsealing-after-policy_pcr-retu.patch
+Patch0050: 0050-resolved-if-one-transaction-completes-expect-other-t.patch
+Patch0051: 0051-man-Document-generator-sandbox-environment.patch
+Patch0052: 0052-ukify-Fix-regression-in-no-sign-kernel-flag.patch
+Patch0053: 0053-mkosi-switch-debian-ubuntu-to-ci-v257-stable-branch.patch
+Patch0054: 0054-semaphore-switch-debian-ubuntu-to-ci-v257-stable-bra.patch
+Patch0055: 0055-Revert-terminal-util-unify-code-that-resets-dev-cons.patch
+Patch0056: 0056-mkosi-move-config-options.patch
+Patch0057: 0057-mkosi-Update-to-latest.patch
+Patch0058: 0058-mkosi-Add-gdb-to-tools-tree.patch
+Patch0059: 0059-mkosi-Add-libz1-to-opensuse-tools-tree.patch
+Patch0060: 0060-mkosi-Enable-EPEL-for-CentOS-Stream-tools-tree.patch
+Patch0061: 0061-mkosi-Use-tools-tree-by-default.patch
+Patch0062: 0062-mkosi-Use-build-as-extra-search-path-by-default.patch
+Patch0063: 0063-mkosi.clangd-Don-t-pass-host-if-we-re-not-using-flat.patch
+Patch0064: 0064-mkosi.clangd-Fail-on-command-errors.patch
+Patch0065: 0065-docs-Simplify-hacking-documentation.patch
+Patch0066: 0066-mkosi-Fix-authselect-systemd-homed-feature-name.patch
+Patch0067: 0067-docs-Use-meson-compile-instead-of-ninja.patch
+Patch0068: 0068-docs-Explicitly-mention-.local-bin-in-section-on-ins.patch
+Patch0069: 0069-mkosi-update-opensuse-spec-repo-commit.patch
+Patch0070: 0070-mkosi-update-openSUSE-commit-reference.patch
+Patch0071: 0071-mkosi-add-libopenssl-devel-package-to-openSUSE-tools.patch
+Patch0072: 0072-mkosi-switch-to-github-mirror-of-openSUSE-sources-fr.patch
+Patch0073: 0073-mkosi-Allow-disabling-vcs-tag-via-environment-variab.patch
+Patch0074: 0074-docs-Use-mkosi-sandbox-in-test-documentation-as-well.patch
+Patch0075: 0075-test-update-README-s-Ubuntu-CI-section-for-mkosi-cha.patch
+Patch0076: 0076-mkosi-Add-docbook-tools.patch
+Patch0077: 0077-mkosi-Handle-directories-in-debian-not-installed-cor.patch
+Patch0078: 0078-mkosi-Warn-on-unpackaged-files-in-the-debian-package.patch
+Patch0079: 0079-mkosi-Update-to-latest.patch
+Patch0080: 0080-mkosi-Make-path-exclude-more-generic.patch
+Patch0081: 0081-packit-Move-fmf-metadata-into-upstream.patch
+Patch0082: 0082-mkosi-replace-deprecated-settings-and-command-with-n.patch
+Patch0083: 0083-mkosi-Migrate-more-deprecated-options.patch
+Patch0084: 0084-ci-Rename-qemu-variable-to-vm.patch
+Patch0085: 0085-fmf-Insist-on-mkosi-sha-being-available.patch
+Patch0086: 0086-fmf-Support-being-used-downstream-in-dist-git-tests.patch
+Patch0087: 0087-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch
+Patch0088: 0088-repart-Use-streq_ptr.patch
+Patch0089: 0089-sd-device-add-missing-debugging-log.patch
+Patch0090: 0090-sd-device-fix-validation-for-devices-under-sys-firmw.patch
+Patch0091: 0091-resolved-stop-mdns-lnrr-when-config-changes-to-disab.patch
+Patch0092: 0092-shared-hibernate-util-don-t-attempt-to-fiemap-fd-if-.patch
+Patch0093: 0093-shared-hibernate-util-handle-the-case-where-no-swap-.patch
+Patch0094: 0094-locale-setup-do-not-load-locale-from-environemnt-whe.patch
+Patch0095: 0095-machine-GC-machine-when-no-leader-PID-is-set.patch
+Patch0096: 0096-creds-fix-use-after-free-in-varlink-interface.patch
+Patch0097: 0097-core-unit-serialize-fix-serialization-of-markers.patch
+Patch0098: 0098-test-answer-2nd-mdadm-create-question-for-compat-wit.patch
+Patch0099: 0099-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch
+Patch0100: 0100-mkosi-Install-which-in-build-image.patch
+Patch0101: 0101-packit-Simplify-configuration.patch
+Patch0102: 0102-fmf-Check-out-target-branch-in-packit.patch
+Patch0103: 0103-stdio-bridge-fix-polled-fds.patch
+Patch0104: 0104-Revert-mkosi-Fix-opensuse-build.patch
+Patch0105: 0105-CI-add-OBS-workflow-integration-to-build-packages-on.patch
+Patch0106: 0106-obs-also-trigger-Fedora-package-builds.patch
+Patch0107: 0107-systemctl-also-ignore-ENOENT-in-checking-inhibitors.patch
+Patch0108: 0108-systemctl-certainly-ignore-ENOENT-in-checking-inhibi.patch
+Patch0109: 0109-journalctl-make-invocation-and-list-invocations-acce.patch
+Patch0110: 0110-meson-bump-version-to-257.2.patch
+Patch0111: 0111-ci-update-workflows-to-run-on-source-git-setup.patch
+Patch0112: 0112-ci-setup-source-git-automation.patch
+Patch0113: 0113-ci-reconfigure-Packit-for-RHEL-10.patch
+Patch0114: 0114-journal-again-create-user-journals-for-users-with-hi.patch
+Patch0115: 0115-tmpfiles-make-purge-hard-to-mis-use.patch
+Patch0116: 0116-fedora-use-system-auth-in-pam-systemd-user.patch
+Patch0117: 0117-net-naming-scheme-start-rhel10-naming-and-include-rh.patch
+Patch0118: 0118-rules-copy-40-redhat.rules-from-RHEL-9.patch
+Patch0119: 0119-logind-set-RemoveIPC-to-false-by-default.patch
+Patch0120: 0120-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch
+Patch0121: 0121-rc-local-order-after-network-online.target.patch
+Patch0122: 0122-random-util-increase-random-seed-size-to-1024.patch
+Patch0123: 0123-journal-don-t-enable-systemd-journald-audit.socket-b.patch
+Patch0124: 0124-journald.conf-don-t-touch-current-audit-settings.patch
+Patch0125: 0125-rules-add-elevator-kernel-command-line-parameter.patch
+Patch0126: 0126-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+Patch0127: 0127-udev-net-setup-link-change-the-default-MACAddressPol.patch
+Patch0128: 0128-core-decrease-log-level-of-messages-about-use-of-Kil.patch
+Patch0129: 0129-taint-remove-unmerged-bin.patch
+Patch0130: 0130-presets-remove-resolved.patch
+Patch0131: 0131-ci-run-mkosi-test-only-for-Fedora-and-CentOS-Stream.patch
+Patch0132: 0132-taint-remove-unused-variable-usr_sbin.patch
+Patch0133: 0133-packit-drop-the-libarchive-workaround.patch
+Patch0134: 0134-coredump-by-default-process-and-store-core-files-up-.patch
+Patch0135: 0135-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
+Patch0136: 0136-unit-don-t-add-Requires-for-tmp.mount.patch
+Patch0137: 0137-units-add-Install-section-to-tmp.mount.patch
+Patch0138: 0138-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+Patch0139: 0139-netif-naming-scheme-add-rhel-9.5-scheme.patch
+Patch0140: 0140-netif-naming-scheme-rename-rhel-10.0-to-rhel-10.0.be.patch
+Patch0141: 0141-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch
+Patch0142: 0142-netif-naming-scheme-introduce-rhel-10.0-scheme.patch
+Patch0143: 0143-udev-net_id-introduce-naming-scheme-for-RHEL-9.6.patch
# Downstream-only patches (9000–9999)
@@ -1071,6 +1182,10 @@ rm -f .file-list-*
rm -f %{name}.lang
%changelog
+* Wed Jan 08 2024 Jan Macku <jamacku@redhat.com> - 257-3
+- udev/net_id: introduce naming scheme for RHEL-9.6 (RHEL-44417)
+- Rebase to new upstream stable release v257.2 (RHEL-71409)
+
* Fri Dec 20 2024 Jan Macku <jamacku@redhat.com> - 257-2
- Rebase to new upstream stable release v257.1 (RHEL-71409)
--
GitLab