initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>

SOURCES/0001-logind-set-RemoveIPC-to-false-by-default.patch

@@ -0,0 +1,52 @@
+From 5a66d993a5be88524d9952193b053eac607a5c17 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 1 Aug 2018 10:58:28 +0200
+Subject: [PATCH] logind: set RemoveIPC to false by default
+
+RHEL-only
+
+Resolves: #1959836
+---
+ man/logind.conf.xml      | 2 +-
+ src/login/logind-core.c  | 2 +-
+ src/login/logind.conf.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/logind.conf.xml b/man/logind.conf.xml
+index 3045c1b9ba..96fa076239 100644
+--- a/man/logind.conf.xml
++++ b/man/logind.conf.xml
+@@ -354,7 +354,7 @@
+         user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
+         last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
+         well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
+-        are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
++        are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
+       </varlistentry>
+ 
+     </variablelist>
+diff --git a/src/login/logind-core.c b/src/login/logind-core.c
+index 254a1a69fb..616c08132a 100644
+--- a/src/login/logind-core.c
++++ b/src/login/logind-core.c
+@@ -34,7 +34,7 @@ void manager_reset_config(Manager *m) {
+ 
+         m->n_autovts = 6;
+         m->reserve_vt = 6;
+-        m->remove_ipc = true;
++        m->remove_ipc = false;
+         m->inhibit_delay_max = 5 * USEC_PER_SEC;
+         m->user_stop_delay = 10 * USEC_PER_SEC;
+ 
+diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
+index 2d084e134d..79d685b3de 100644
+--- a/src/login/logind.conf.in
++++ b/src/login/logind.conf.in
+@@ -40,6 +40,6 @@
+ #IdleActionSec=30min
+ #RuntimeDirectorySize=10%
+ #RuntimeDirectoryInodes=400k
+-#RemoveIPC=yes
++#RemoveIPC=no
+ #InhibitorsMax=8192
+ #SessionsMax=8192

SOURCES/0002-tmpfiles-don-t-create-resolv.conf-stub-resolv.conf-s.patch

@@ -0,0 +1,43 @@
+From 92b6ae2097ae90355775217529d2fd55f7b84e31 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 5 Aug 2021 17:11:47 +0200
+Subject: [PATCH] tmpfiles: don't create resolv.conf -> stub-resolv.conf
+ symlink
+
+RHEL-only
+
+Resolves: #1989472
+---
+ tmpfiles.d/meson.build          |  1 -
+ tmpfiles.d/systemd-resolve.conf | 10 ----------
+ 2 files changed, 11 deletions(-)
+ delete mode 100644 tmpfiles.d/systemd-resolve.conf
+
+diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
+index b8d3919025..6ae9e3e0b8 100644
+--- a/tmpfiles.d/meson.build
++++ b/tmpfiles.d/meson.build
+@@ -7,7 +7,6 @@ files = [['README',               ''],
+          ['journal-nocow.conf',   ''],
+          ['systemd-nologin.conf', 'HAVE_PAM'],
+          ['systemd-nspawn.conf',  'ENABLE_MACHINED'],
+-         ['systemd-resolve.conf', 'ENABLE_RESOLVE'],
+          ['systemd-tmp.conf',     ''],
+          ['portables.conf',       'ENABLE_PORTABLED'],
+          ['systemd-pstore.conf',  'ENABLE_PSTORE'],
+diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
+deleted file mode 100644
+index cb1c56d6a6..0000000000
+--- a/tmpfiles.d/systemd-resolve.conf
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#  This file is part of systemd.
+-#
+-#  systemd is free software; you can redistribute it and/or modify it
+-#  under the terms of the GNU Lesser General Public License as published by
+-#  the Free Software Foundation; either version 2.1 of the License, or
+-#  (at your option) any later version.
+-
+-# See tmpfiles.d(5) for details
+-
+-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

SOURCES/0003-Copy-40-redhat.rules-from-RHEL-8.patch

@@ -0,0 +1,78 @@
+From 24f033a2a5c03848ae518278c8025e13130146af Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Fri, 2 Jul 2021 13:25:51 +0200
+Subject: [PATCH] Copy 40-redhat.rules from RHEL-8
+
+RHEL-only
+
+Resolves: #1978639
+---
+ rules.d/40-redhat.rules | 46 +++++++++++++++++++++++++++++++++++++++++
+ rules.d/meson.build     |  1 +
+ 2 files changed, 47 insertions(+)
+ create mode 100644 rules.d/40-redhat.rules
+
+diff --git a/rules.d/40-redhat.rules b/rules.d/40-redhat.rules
+new file mode 100644
+index 0000000000..3c95cd2df0
+--- /dev/null
++++ b/rules.d/40-redhat.rules
+@@ -0,0 +1,46 @@
++# do not edit this file, it will be overwritten on update
++
++# CPU hotadd request
++SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
++
++# Memory hotadd request
++SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
++ACTION!="add", GOTO="memory_hotplug_end"
++CONST{arch}=="s390*", GOTO="memory_hotplug_end"
++CONST{arch}=="ppc64*", GOTO="memory_hotplug_end"
++
++ENV{.state}="online"
++CONST{virt}=="none", ENV{.state}="online_movable"
++ATTR{state}=="offline", ATTR{state}="$env{.state}"
++
++LABEL="memory_hotplug_end"
++
++# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
++ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
++
++# load SCSI generic (sg) driver
++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
++SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg"
++
++# Rule for prandom character device node permissions
++KERNEL=="prandom", MODE="0644"
++
++# Rules for creating the ID_PATH for SCSI devices based on the CCW bus
++# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN>
++#
++ACTION=="remove", GOTO="zfcp_scsi_device_end"
++
++#
++# Set environment variable "ID_ZFCP_BUS" to "1" if the devices
++# (both disk and partition) are SCSI devices based on FCP devices
++#
++KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1"
++
++# For SCSI disks
++KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}"
++
++
++# For partitions on a SCSI disk
++KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n"
++
++LABEL="zfcp_scsi_device_end"
+diff --git a/rules.d/meson.build b/rules.d/meson.build
+index 5cecddb34f..c5c3590b29 100644
+--- a/rules.d/meson.build
++++ b/rules.d/meson.build
+@@ -5,6 +5,7 @@ install_data(
+         install_dir : udevrulesdir)
+ 
+ rules = files('''
++        40-redhat.rules
+         60-autosuspend.rules
+         60-block.rules
+         60-cdrom_id.rules

SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch

@@ -0,0 +1,45 @@
+From c9ca30a1debbdf24ab6fcbe1aa1ec7ac5f222cb4 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 15 May 2018 09:24:20 +0200
+Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will
+
+Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
+adds an After relationship.
+
+RHEL-only
+
+Resolves: #1959826
+---
+ src/core/unit.c    | 7 +------
+ units/basic.target | 3 ++-
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index b1f1f5c82c..3a8251e2b8 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1280,12 +1280,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
+         }
+ 
+         if (c->private_tmp) {
+-
+-                /* FIXME: for now we make a special case for /tmp and add a weak dependency on
+-                 * tmp.mount so /tmp being masked is supported. However there's no reason to treat
+-                 * /tmp specifically and masking other mount units should be handled more
+-                 * gracefully too, see PR#16894. */
+-                r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
++                r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
+                 if (r < 0)
+                         return r;
+ 
+diff --git a/units/basic.target b/units/basic.target
+index d8cdd5ac14..9eae0782a2 100644
+--- a/units/basic.target
++++ b/units/basic.target
+@@ -19,4 +19,5 @@ After=sysinit.target sockets.target paths.target slices.target tmp.mount
+ # require /var and /var/tmp, but only add a Wants= type dependency on /tmp, as
+ # we support that unit being masked, and this should not be considered an error.
+ RequiresMountsFor=/var /var/tmp
+-Wants=tmp.mount
++# RHEL-only: Disable /tmp on tmpfs.
++#Wants=tmp.mount

SOURCES/0005-unit-don-t-add-Requires-for-tmp.mount.patch

@@ -0,0 +1,38 @@
+From ba6b7f1b4409b337b5b4ffc47259ad5c43c436c4 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Mon, 5 Sep 2016 12:47:09 +0200
+Subject: [PATCH] unit: don't add Requires for tmp.mount
+
+rhel-only
+Resolves: #1619292
+---
+ src/core/mount.c | 2 +-
+ src/core/unit.c  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 0170406351..4d407ca4e5 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -335,7 +335,7 @@ static int mount_add_mount_dependencies(Mount *m) {
+                 if (r < 0)
+                         return r;
+ 
+-                if (UNIT(m)->fragment_path) {
++                if (UNIT(m)->fragment_path && !streq(UNIT(m)->id, "tmp.mount")) {
+                         /* If we have fragment configuration, then make this dependency required */
+                         r = unit_add_dependency(other, UNIT_REQUIRES, UNIT(m), true, UNIT_DEPENDENCY_PATH);
+                         if (r < 0)
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 3a8251e2b8..d2adb447b6 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1520,7 +1520,7 @@ static int unit_add_mount_dependencies(Unit *u) {
+                         if (r < 0)
+                                 return r;
+ 
+-                        if (m->fragment_path) {
++                        if (m->fragment_path && !streq(m->id, "tmp.mount")) {
+                                 r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
+                                 if (r < 0)
+                                         return r;

SOURCES/0006-units-add-Install-section-to-tmp.mount.patch

@@ -0,0 +1,24 @@
+From 0e4d18011e394d83c5e6ce045c05b03619fe7145 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 22 Jan 2019 10:28:42 +0100
+Subject: [PATCH] units: add [Install] section to tmp.mount
+
+RHEL-only
+
+Related: #1959826
+---
+ units/tmp.mount | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/units/tmp.mount b/units/tmp.mount
+index 4e1bb8de24..4874e8daff 100644
+--- a/units/tmp.mount
++++ b/units/tmp.mount
+@@ -23,3 +23,7 @@ What=tmpfs
+ Where=/tmp
+ Type=tmpfs
+ Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m
++
++# Make 'systemctl enable tmp.mount' work:
++[Install]
++WantedBy=local-fs.target

SOURCES/0007-rc-local-order-after-network-online.target.patch

@@ -0,0 +1,29 @@
+From 6dc2d5628fded20609561ca3c63517b3dc381042 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 11 Mar 2021 15:48:23 +0100
+Subject: [PATCH] rc-local: order after network-online.target
+
+I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
+just network-online.target didn't exist back then.
+
+RHEL-only
+
+Resolves: #1954429
+---
+ units/rc-local.service.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/units/rc-local.service.in b/units/rc-local.service.in
+index 55e83dfe00..0eee722154 100644
+--- a/units/rc-local.service.in
++++ b/units/rc-local.service.in
+@@ -13,7 +13,8 @@
+ Description={{RC_LOCAL_PATH}} Compatibility
+ Documentation=man:systemd-rc-local-generator(8)
+ ConditionFileIsExecutable={{RC_LOCAL_PATH}}
+-After=network.target
++After=network-online.target
++Wants=network-online.target
+ 
+ [Service]
+ Type=forking

SOURCES/0008-ci-drop-CIs-irrelevant-for-downstream.patch

@@ -0,0 +1,298 @@
+From b9c7cd794733257a17b2eb9eadc716007e509ca9 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Sun, 18 Apr 2021 20:46:06 +0200
+Subject: [PATCH] ci: drop CIs irrelevant for downstream
+
+  * CIFuzz would need a separate project in oss-fuzz
+  * Coverity would also need a separate project
+  * the Labeler action is superfluous, since we already have a bot for
+    that
+  * mkosi testing on other distros is irrelevant for downstream RHEL
+    repo
+
+Resolves: #1960703
+rhel-only
+---
+ .github/labeler.yml            | 40 -----------------
+ .github/workflows/cifuzz.yml   | 55 -----------------------
+ .github/workflows/coverity.yml | 43 ------------------
+ .github/workflows/labeler.yml  | 23 ----------
+ .github/workflows/mkosi.yml    | 80 ----------------------------------
+ 5 files changed, 241 deletions(-)
+ delete mode 100644 .github/labeler.yml
+ delete mode 100644 .github/workflows/cifuzz.yml
+ delete mode 100644 .github/workflows/coverity.yml
+ delete mode 100644 .github/workflows/labeler.yml
+ delete mode 100644 .github/workflows/mkosi.yml
+
+diff --git a/.github/labeler.yml b/.github/labeler.yml
+deleted file mode 100644
+index 7d128f42d6..0000000000
+--- a/.github/labeler.yml
++++ /dev/null
+@@ -1,40 +0,0 @@
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-
+-hwdb:
+-  - hwdb.d/**/*
+-units:
+-  - units/**/*
+-documentation:
+-  - NEWS
+-  - docs/*
+-network:
+-  - src/libsystemd-network/**/*
+-  - src/network/**/*
+-udev:
+-  - src/udev/**/*
+-  - src/libudev/*
+-selinux:
+-  - '**/*selinux*'
+-apparmor:
+-  - '**/*apparmor*'
+-meson:
+-  - meson_option.txt
+-mkosi:
+-  - .mkosi/*
+-  - mkosi.build
+-busctl:
+-  - src/busctl/*
+-systemctl:
+-  - src/systemctl/*
+-journal:
+-  - src/journal/*
+-journal-remote:
+-  - src/journal-remote/*
+-portable:
+-  - src/portable/**/*
+-resolve:
+-  - src/resolve/*
+-timedate:
+-  - src/timedate/*
+-timesync:
+-  - src/timesync/*
+diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
+deleted file mode 100644
+index 11ea788a47..0000000000
+--- a/.github/workflows/cifuzz.yml
++++ /dev/null
+@@ -1,55 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+-
+-name: CIFuzz
+-
+-permissions:
+-  contents: read
+-
+-on:
+-  pull_request:
+-    paths:
+-      - '**/meson.build'
+-      - '.github/workflows/**'
+-      - 'meson_options.txt'
+-      - 'src/**'
+-      - 'test/fuzz/**'
+-      - 'tools/oss-fuzz.sh'
+-  push:
+-    branches:
+-      - main
+-jobs:
+-  Fuzzing:
+-    runs-on: ubuntu-latest
+-    if: github.repository == 'systemd/systemd'
+-    concurrency:
+-      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+-      cancel-in-progress: true
+-    strategy:
+-      fail-fast: false
+-      matrix:
+-        sanitizer: [address, undefined, memory]
+-    steps:
+-      - name: Build Fuzzers (${{ matrix.sanitizer }})
+-        id: build
+-        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+-        with:
+-          oss-fuzz-project-name: 'systemd'
+-          dry-run: false
+-          allowed-broken-targets-percentage: 0
+-          sanitizer: ${{ matrix.sanitizer }}
+-      - name: Run Fuzzers (${{ matrix.sanitizer }})
+-        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+-        with:
+-          oss-fuzz-project-name: 'systemd'
+-          fuzz-seconds: 600
+-          dry-run: false
+-          sanitizer: ${{ matrix.sanitizer }}
+-      - name: Upload Crash
+-        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2
+-        if: failure() && steps.build.outcome == 'success'
+-        with:
+-          name: ${{ matrix.sanitizer }}-artifacts
+-          path: ./out/artifacts
+diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
+deleted file mode 100644
+index a164d16fbf..0000000000
+--- a/.github/workflows/coverity.yml
++++ /dev/null
+@@ -1,43 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-#
+-name: Coverity
+-
+-on:
+-  schedule:
+-    # Run Coverity daily at midnight
+-    - cron:  '0 0 * * *'
+-
+-permissions:
+-  contents: read
+-
+-jobs:
+-  build:
+-    runs-on: ubuntu-20.04
+-    if: github.repository == 'systemd/systemd'
+-    env:
+-      COVERITY_SCAN_BRANCH_PATTERN:     "${{ github.ref}}"
+-      COVERITY_SCAN_NOTIFICATION_EMAIL: ""
+-      COVERITY_SCAN_PROJECT_NAME:       "${{ github.repository }}"
+-      # Set in repo settings -> secrets -> repository secrets
+-      COVERITY_SCAN_TOKEN:              "${{ secrets.COVERITY_SCAN_TOKEN }}"
+-      CURRENT_REF:                      "${{ github.ref }}"
+-    steps:
+-      - name: Repository checkout
+-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+-      # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+-      - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
+-        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
+-      - name: Install Coverity tools
+-        run: tools/get-coverity.sh
+-      # Reuse the setup phase of the unit test script to avoid code duplication
+-      - name: Install build dependencies
+-        run: sudo -E .github/workflows/unit_tests.sh SETUP
+-      # Preconfigure with meson to prevent Coverity from capturing meson metadata
+-      - name: Preconfigure the build directory
+-        run: meson cov-build -Dman=false
+-      - name: Build
+-        run: tools/coverity.sh build
+-      - name: Upload the results
+-        run: tools/coverity.sh upload
+diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
+deleted file mode 100644
+index 34d9d63d42..0000000000
+--- a/.github/workflows/labeler.yml
++++ /dev/null
+@@ -1,23 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-#
+-name: "Pull Request Labeler"
+-
+-on:
+-- pull_request_target
+-
+-permissions:
+-  contents: read
+-
+-jobs:
+-  triage:
+-    runs-on: ubuntu-latest
+-    permissions:
+-      pull-requests: write
+-    steps:
+-    - uses: actions/labeler@69da01b8e0929f147b8943611bee75ee4175a49e
+-      with:
+-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+-        configuration-path: .github/labeler.yml
+-        sync-labels: "" # This is a workaround for issue 18671
+diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
+deleted file mode 100644
+index 8fd6c72e26..0000000000
+--- a/.github/workflows/mkosi.yml
++++ /dev/null
+@@ -1,80 +0,0 @@
+----
+-# vi: ts=2 sw=2 et:
+-# SPDX-License-Identifier: LGPL-2.1-or-later
+-# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/.
+-name: mkosi
+-
+-on:
+-  push:
+-    branches:
+-      - main
+-      - v[0-9]+-stable
+-  pull_request:
+-    branches:
+-      - main
+-      - v[0-9]+-stable
+-
+-permissions:
+-  contents: read
+-
+-env:
+-  # Enable debug logging in systemd, but keep udev's log level to info,
+-  # since it's _very_ verbose in the QEMU task
+-  KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console"
+-
+-jobs:
+-  ci:
+-    runs-on: ubuntu-20.04
+-    concurrency:
+-      group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }}
+-      cancel-in-progress: true
+-    strategy:
+-      fail-fast: false
+-      matrix:
+-        distro:
+-          - arch
+-          - debian
+-          - ubuntu
+-          - fedora
+-          - opensuse
+-
+-    steps:
+-    - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+-    - uses: systemd/mkosi@4d64fc8134f93d87ac584183e7762ac1d0efa0e5
+-
+-    - name: Install
+-      run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
+-
+-    - name: Configure
+-      run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default
+-
+-    # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
+-    # required, since current Arch's glibc implements faccessat() via faccessat2().
+-    - name: Update systemd-nspawn
+-      if: ${{ matrix.distro == 'arch' }}
+-      run: |
+-        echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
+-        sudo apt update
+-        sudo apt build-dep systemd
+-        meson build
+-        ninja -C build
+-        sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
+-        systemd-nspawn --version
+-
+-    - name: Build ${{ matrix.distro }}
+-      run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build
+-
+-    - name: Show ${{ matrix.distro }} image summary
+-      run: ./.github/workflows/run_mkosi.sh summary
+-
+-    - name: Boot ${{ matrix.distro }} systemd-nspawn
+-      run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }}
+-
+-    - name: Check ${{ matrix.distro }} systemd-nspawn
+-      run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
+-
+-    - name: Boot ${{ matrix.distro }} QEMU
+-      run: ./.github/workflows/run_mkosi.sh qemu
+-
+-    - name: Check ${{ matrix.distro }} QEMU
+-      run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"

SOURCES/0009-ci-reconfigure-Packit-for-RHEL-9.patch

@@ -0,0 +1,61 @@
+From d931821a263e34805f825cf12a0a0fcde9beda99 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 9 Jun 2021 15:23:59 +0200
+Subject: [PATCH] ci: reconfigure Packit for RHEL 9
+
+Resolves: #1960703
+rhel-only
+---
+ .packit.yml | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 962c77913e..3461bccbc5 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -16,14 +16,12 @@ upstream_tag_template: "v{version}"
+ 
+ actions:
+   post-upstream-clone:
+-    # Use the Fedora Rawhide specfile
+-    - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
++    # Use the CentOS Stream specfile
++    - "git clone https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
+     # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
+     - "rm -fv .packit_rpm/sources"
+-    # Drop backported patches from the specfile, but keep the downstream-only ones
+-    # - Patch0000-0499: backported patches from upstream
+-    # - Patch0500-9999: downstream-only patches
+-    - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
++    # Drop all patches, since they're already included in the tarball
++    - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
+     # Build the RPM with --werror. Even though --werror doesn't work in all
+     # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
+     # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
+@@ -32,12 +30,22 @@ actions:
+     # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
+     - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
+ 
++# Available targets can be listed via `copr-cli list-chroots`
+ jobs:
++# Build test
+ - job: copr_build
+   trigger: pull_request
+   metadata:
+     targets:
+-    - fedora-rawhide-aarch64
+-    - fedora-rawhide-i386
+-    - fedora-rawhide-ppc64le
+-    - fedora-rawhide-x86_64
++      # FIXME: change to CentOS 9 once it's available
++      - fedora-34-x86_64
++      - fedora-34-aarch64
++
++# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
++# Run tests (via testing farm)
++#- job: tests
++#  trigger: pull_request
++#  metadata:
++#    targets:
++#      # FIXME: change to CentOS 9 once it's available
++#      - fedora-34-x86_64

SOURCES/0010-ci-run-unit-tests-on-z-stream-branches-as-well.patch

@@ -0,0 +1,28 @@
+From 785b53d7b16c6c56638029e8b4f59c436f1394b8 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Thu, 15 Jul 2021 12:23:27 +0200
+Subject: [PATCH] ci: run unit tests on z-stream branches as well
+
+Resolves: #1960703
+rhel-only
+---
+ .github/workflows/unit_tests.yml | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
+index d4a4f3c723..2afde5d59d 100644
+--- a/.github/workflows/unit_tests.yml
++++ b/.github/workflows/unit_tests.yml
+@@ -3,11 +3,7 @@
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+ #
+ name: Unit tests
+-on:
+-  pull_request:
+-    branches:
+-      - main
+-      - v[0-9]+-stable
++on: [pull_request]
+ 
+ permissions:
+   contents: read

SOURCES/0011-random-util-increase-random-seed-size-to-1024.patch

@@ -0,0 +1,25 @@
+From c1555a7d38235cca32492c4606e30028dc008b35 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 15 Jul 2021 11:15:17 +0200
+Subject: [PATCH] random-util: increase random seed size to 1024
+
+RHEL-only
+
+Resolves: #1982603
+---
+ src/basic/random-util.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.h b/src/basic/random-util.h
+index e6528ddc7f..fda78552f6 100644
+--- a/src/basic/random-util.h
++++ b/src/basic/random-util.h
+@@ -34,7 +34,7 @@ static inline uint32_t random_u32(void) {
+ int rdrand(unsigned long *ret);
+ 
+ /* Some limits on the pool sizes when we deal with the kernel random pool */
+-#define RANDOM_POOL_SIZE_MIN 512U
++#define RANDOM_POOL_SIZE_MIN 1024U
+ #define RANDOM_POOL_SIZE_MAX (10U*1024U*1024U)
+ 
+ size_t random_pool_size(void);

SOURCES/0012-journal-don-t-enable-systemd-journald-audit.socket-b.patch

@@ -0,0 +1,41 @@
+From f1d66259bcff8333d7dd495bbeef274206f7300d Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Thu, 2 May 2019 14:11:54 +0200
+Subject: [PATCH] journal: don't enable systemd-journald-audit.socket by
+ default
+
+RHEL-only
+
+Resolves: #1973856
+---
+ units/meson.build                 | 3 +--
+ units/systemd-journald.service.in | 2 +-
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/units/meson.build b/units/meson.build
+index a9bf28f6d9..69d53f4259 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -124,8 +124,7 @@ units = [
+          'sysinit.target.wants/'],
+         ['systemd-journal-gatewayd.socket',     'ENABLE_REMOTE HAVE_MICROHTTPD'],
+         ['systemd-journal-remote.socket',       'ENABLE_REMOTE HAVE_MICROHTTPD'],
+-        ['systemd-journald-audit.socket',       '',
+-         'sockets.target.wants/'],
++        ['systemd-journald-audit.socket',       ''],
+         ['systemd-journald-dev-log.socket',     '',
+          'sockets.target.wants/'],
+         ['systemd-journald.socket',             '',
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index cd17b6b4e7..d981273b07 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -12,7 +12,7 @@ Description=Journal Service
+ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+ DefaultDependencies=no
+ Requires=systemd-journald.socket
+-After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket
++After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
+ Before=sysinit.target
+ 
+ [Service]

SOURCES/0013-journald.conf-don-t-touch-current-audit-settings.patch

@@ -0,0 +1,22 @@
+From 56d9b62ce456e8c0e520bda3447db38864983173 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 5 Aug 2021 15:26:13 +0200
+Subject: [PATCH] journald.conf: don't touch current audit settings
+
+RHEL-only
+
+Related: #1973856
+---
+ src/journal/journald.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/journal/journald.conf b/src/journal/journald.conf
+index 5a60a9d39c..3544da2112 100644
+--- a/src/journal/journald.conf
++++ b/src/journal/journald.conf
+@@ -44,4 +44,4 @@
+ #MaxLevelWall=emerg
+ #LineMax=48K
+ #ReadKMsg=yes
+-#Audit=yes
++Audit=

SOURCES/0014-Revert-udev-remove-WAIT_FOR-key.patch

@@ -0,0 +1,137 @@
+From 2843766767452a69dade1ef8ab2d1d3e5e68a1d3 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 10 Aug 2021 14:46:16 +0200
+Subject: [PATCH] Revert "udev: remove WAIT_FOR key"
+
+This reverts commit f2b8052fb648b788936dd3e85be6a9aca90fbb2f.
+
+RHEL-only
+
+Resolves: #1982666
+---
+ man/udev.xml              |  9 +++++++
+ src/udev/udev-rules.c     | 56 +++++++++++++++++++++++++++++++++++++++
+ test/rule-syntax-check.py |  2 +-
+ 3 files changed, 66 insertions(+), 1 deletion(-)
+
+diff --git a/man/udev.xml b/man/udev.xml
+index f6ea2abc12..ce96e201e4 100644
+--- a/man/udev.xml
++++ b/man/udev.xml
+@@ -592,6 +592,15 @@
+             </listitem>
+           </varlistentry>
+ 
++          <varlistentry>
++            <term><varname>WAIT_FOR</varname></term>
++            <listitem>
++              <para>Wait for a file to become available or until a timeout of
++              10 seconds expires. The path is relative to the sysfs device;
++              if no path is specified, this waits for an attribute to appear.</para>
++            </listitem>
++          </varlistentry>
++
+           <varlistentry>
+             <term><varname>OPTIONS</varname></term>
+             <listitem>
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 1a384d6b38..243a792662 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -79,6 +79,7 @@ typedef enum {
+         TK_M_TAG,                           /* strv, sd_device_get_tag_first(), sd_device_get_tag_next() */
+         TK_M_SUBSYSTEM,                     /* string, sd_device_get_subsystem() */
+         TK_M_DRIVER,                        /* string, sd_device_get_driver() */
++        TK_M_WAITFOR,
+         TK_M_ATTR,                          /* string, takes filename through attribute, sd_device_get_sysattr_value(), udev_resolve_subsys_kernel(), etc. */
+         TK_M_SYSCTL,                        /* string, takes kernel parameter through attribute */
+ 
+@@ -416,6 +417,47 @@ static void rule_line_append_token(UdevRuleLine *rule_line, UdevRuleToken *token
+         rule_line->current_token = token;
+ }
+ 
++#define WAIT_LOOP_PER_SECOND                50
++static int wait_for_file(sd_device *dev, const char *file, int timeout) {
++        char filepath[UDEV_PATH_SIZE];
++        char devicepath[UDEV_PATH_SIZE];
++        struct stat stats;
++        int loop = timeout * WAIT_LOOP_PER_SECOND;
++
++        /* a relative path is a device attribute */
++        devicepath[0] = '\0';
++        if (file[0] != '/') {
++                const char *val;
++                int r;
++
++                r = sd_device_get_syspath(dev, &val);
++                if (r < 0)
++                    return r;
++                strscpyl(devicepath, sizeof(devicepath), val, NULL);
++                strscpyl(filepath, sizeof(filepath), devicepath, "/", file, NULL);
++                file = filepath;
++        }
++
++        while (--loop) {
++                const struct timespec duration = { 0, 1000 * 1000 * 1000 / WAIT_LOOP_PER_SECOND };
++
++                /* lookup file */
++                if (stat(file, &stats) == 0) {
++                        log_debug("file '%s' appeared after %i loops", file, (timeout * WAIT_LOOP_PER_SECOND) - loop-1);
++                        return 0;
++                }
++                /* make sure, the device did not disappear in the meantime */
++                if (devicepath[0] != '\0' && stat(devicepath, &stats) != 0) {
++                        log_debug("device disappeared while waiting for '%s'", file);
++                        return -2;
++                }
++                log_debug("wait for '%s' for %i mseconds", file, 1000 / WAIT_LOOP_PER_SECOND);
++                nanosleep(&duration, NULL);
++        }
++        log_debug("waiting for '%s' failed", file);
++        return -1;
++}
++
+ static int rule_line_add_token(UdevRuleLine *rule_line, UdevRuleTokenType type, UdevRuleOperatorType op, char *value, void *data) {
+         UdevRuleToken *token;
+         UdevRuleMatchType match_type = _MATCH_TYPE_INVALID;
+@@ -958,6 +1000,12 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
+                         r = rule_line_add_token(rule_line, TK_A_RUN_BUILTIN, op, value, UDEV_BUILTIN_CMD_TO_PTR(cmd));
+                 } else
+                         return log_token_invalid_attr(rules, key);
++        } else if (streq(key, "WAIT_FOR") || streq(key, "WAIT_FOR_SYSFS")) {
++                if (op == OP_REMOVE)
++                        return log_token_invalid_op(rules, key);
++
++                rule_line_add_token(rule_line, TK_M_WAITFOR, 0, value, NULL);
++                return 1;
+         } else if (streq(key, "GOTO")) {
+                 if (attr)
+                         return log_token_invalid_attr(rules, key);
+@@ -1643,6 +1691,14 @@ static int udev_rule_apply_token_to_event(
+ 
+                 return token_match_string(token, val);
+         }
++        case TK_M_WAITFOR: {
++                char filename[UDEV_PATH_SIZE];
++                int found;
++
++                udev_event_apply_format(event, token->value, filename, sizeof(filename), false);
++                found = (wait_for_file(event->dev, filename, 10) == 0);
++                return found || (token->op == OP_NOMATCH);
++        }
+         case TK_M_ATTR:
+         case TK_M_PARENTS_ATTR:
+                 return token_match_attr(token, dev, event);
+diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
+index 9a9e4d1658..0649bcf58e 100755
+--- a/test/rule-syntax-check.py
++++ b/test/rule-syntax-check.py
+@@ -20,7 +20,7 @@ no_args_tests = re.compile(r'(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|D
+ # PROGRAM can also be specified as an assignment.
+ program_assign = re.compile(r'PROGRAM\s*=\s*' + quoted_string_re + '$')
+ args_tests = re.compile(r'(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*' + quoted_string_re + '$')
+-no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
++no_args_assign = re.compile(r'(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*' + quoted_string_re + '$')
+ args_assign = re.compile(r'(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*' + quoted_string_re + '$')
+ # Find comma-separated groups, but allow commas that are inside quoted strings.
+ # Using quoted_string_re + '?' so that strings missing the last double quote

SOURCES/0015-Really-don-t-enable-systemd-journald-audit.socket.patch

@@ -0,0 +1,25 @@
+From 9a0acc0b292d283b4507c6b749396c019af7e4ab Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 25 Aug 2021 16:03:04 +0200
+Subject: [PATCH] Really don't enable systemd-journald-audit.socket
+
+RHEL-only
+
+Resolves: #1973856
+---
+ units/systemd-journald.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index d981273b07..f190dff5fb 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -33,7 +33,7 @@ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
+ RuntimeDirectory=systemd/journal
+ RuntimeDirectoryPreserve=yes
+-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
++Sockets=systemd-journald.socket systemd-journald-dev-log.socket
+ StandardOutput=null
+ SystemCallArchitectures=native
+ SystemCallErrorNumber=EPERM

SOURCES/0016-rules-add-elevator-kernel-command-line-parameter.patch

@@ -0,0 +1,56 @@
+From 1e423276a24d7c895d196f9f10bf8c0b9155c633 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Tue, 12 Feb 2019 16:58:16 +0100
+Subject: [PATCH] rules: add elevator= kernel command line parameter
+
+Kernel removed the elevator= option, so let's reintroduce
+it for rhel8 via udev rule.
+
+RHEL-only
+
+Resolves: #2003002
+---
+ rules.d/40-elevator.rules | 20 ++++++++++++++++++++
+ rules.d/meson.build       |  1 +
+ 2 files changed, 21 insertions(+)
+ create mode 100644 rules.d/40-elevator.rules
+
+diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules
+new file mode 100644
+index 0000000000..dbe8fc81a4
+--- /dev/null
++++ b/rules.d/40-elevator.rules
+@@ -0,0 +1,20 @@
++# We aren't adding devices skip the elevator check
++ACTION!="add", GOTO="sched_out"
++
++SUBSYSTEM!="block", GOTO="sched_out"
++ENV{DEVTYPE}!="disk", GOTO="sched_out"
++
++# Technically, dm-multipath can be configured to use an I/O scheduler.
++# However, there are races between the 'add' uevent and the linking in
++# of the queue/scheduler sysfs file.  For now, just skip dm- devices.
++KERNEL=="dm-*|md*", GOTO="sched_out"
++
++# Skip bio-based devices, which don't support an I/O scheduler.
++ATTR{queue/scheduler}=="none", GOTO="sched_out"
++
++# If elevator= is specified on the kernel command line, change the
++# scheduler to the one specified.
++IMPORT{cmdline}="elevator"
++ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}"
++
++LABEL="sched_out"
+\ No newline at end of file
+diff --git a/rules.d/meson.build b/rules.d/meson.build
+index c5c3590b29..7e0bd89200 100644
+--- a/rules.d/meson.build
++++ b/rules.d/meson.build
+@@ -5,6 +5,7 @@ install_data(
+         install_dir : udevrulesdir)
+ 
+ rules = files('''
++        40-elevator.rules
+         40-redhat.rules
+         60-autosuspend.rules
+         60-block.rules

SOURCES/0017-units-don-t-enable-tmp.mount-statically-in-local-fs..patch

@@ -0,0 +1,26 @@
+From 41ccc595538752f04f88c80fe7a9e283d4ef12c4 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 22 Sep 2021 14:38:00 +0200
+Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
+
+RHEL-only
+
+Related: #2000927
+---
+ units/meson.build | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/units/meson.build b/units/meson.build
+index 69d53f4259..9eb535858a 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -159,8 +159,7 @@ units = [
+         ['time-set.target',                     ''],
+         ['time-sync.target',                    ''],
+         ['timers.target',                       ''],
+-        ['tmp.mount',                           '',
+-         'local-fs.target.wants/'],
++        ['tmp.mount',                           ''],
+         ['umount.target',                       ''],
+         ['usb-gadget.target',                   ''],
+         ['user.slice',                          ''],

SOURCES/0018-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch

@@ -0,0 +1,59 @@
+From 4ec48c87803916e90a8f30afae6c8bdee5bb9ba5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 1 Aug 2018 13:19:39 +0200
+Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
+
+This should be hopefully high enough even for the very big deployments.
+
+RHEL-only
+
+Resolves: #2003031
+---
+ man/systemd-system.conf.xml | 4 ++--
+ src/core/main.c             | 2 +-
+ src/core/system.conf.in     | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
+index 3805a010e2..b8e2b65625 100644
+--- a/man/systemd-system.conf.xml
++++ b/man/systemd-system.conf.xml
+@@ -404,10 +404,10 @@
+         <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
+         <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+         for details. This setting applies to all unit types that support resource control settings, with the exception
+-        of slice units. Defaults to 15% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
++        of slice units. Defaults to 80% of the minimum of <varname>kernel.pid_max=</varname>, <varname>kernel.threads-max=</varname>
+         and root cgroup <varname>pids.max</varname>.
+         Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
+-        For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
++        For example with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 26214,
+         but might be greater in other systems or smaller in OS containers.</para></listitem>
+       </varlistentry>
+ 
+diff --git a/src/core/main.c b/src/core/main.c
+index 57aedb9b93..7ea848ebeb 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -98,7 +98,7 @@
+ #include <sanitizer/lsan_interface.h>
+ #endif
+ 
+-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
++#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
+ 
+ static enum {
+         ACTION_RUN,
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index 96fb64d2c1..c0dc6a7e17 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -54,7 +54,7 @@
+ #DefaultBlockIOAccounting=no
+ #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
+ #DefaultTasksAccounting=yes
+-#DefaultTasksMax=15%
++#DefaultTasksMax=80%
+ #DefaultLimitCPU=
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=

SOURCES/0019-set-core-ulimit-to-0-like-on-RHEL-7.patch

@@ -0,0 +1,25 @@
+From 7344cdfb2792f67e50848f87eced21cded226d4a Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Mon, 25 Jan 2021 16:19:56 +0100
+Subject: [PATCH] set core ulimit to 0 like on RHEL-7
+
+RHEL-only
+
+Resolves: #1998509
+---
+ src/core/system.conf.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index c0dc6a7e17..5913b5b0e4 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -59,7 +59,7 @@
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
+ #DefaultLimitSTACK=
+-#DefaultLimitCORE=
++DefaultLimitCORE=0:infinity
+ #DefaultLimitRSS=
+ #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}}
+ #DefaultLimitAS=

SOURCES/0020-ci-use-C9S-chroots-in-Packit.patch

@@ -0,0 +1,27 @@
+From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Thu, 4 Nov 2021 12:31:32 +0100
+Subject: [PATCH] ci: use C9S chroots in Packit
+
+rhel-only
+Related: #2017035
+---
+ .packit.yml | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 3461bccbc5..ce8782aae2 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -37,9 +37,8 @@ jobs:
+   trigger: pull_request
+   metadata:
+     targets:
+-      # FIXME: change to CentOS 9 once it's available
+-      - fedora-34-x86_64
+-      - fedora-34-aarch64
++      - centos-stream-9-x86_64
++      - centos-stream-9-aarch64
+ 
+ # TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
+ # Run tests (via testing farm)

SOURCES/0021-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch

@@ -0,0 +1,136 @@
+From 68199fe69a2c46e498bc7e9528d54922deecc553 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 17:58:03 +0200
+Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1803070
+
+I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
+than the one we get from /proc/self/fdinfo/. This only matters when both statx and
+name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
+
+(gdb) !uname -r
+5.6.19-200.fc31.ppc64le
+
+(gdb) !cat /proc/self/mountinfo
+697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
+701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
+702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
+703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
+704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
+705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
+706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
+722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
+725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
+614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
+615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+
+The test process does
+name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
+openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
+read(open("/proc/self/fdinfo/4", ...)) which gives
+"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
+
+and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
+
+We could either drop the fallback path (and fail name_to_handle_at() is not
+avaliable) or ignore the error in the test. Not sure what is better. I think
+this issue only occurs sometimes and with older kernels, so probably continuing
+with the current flaky implementation is better than ripping out the fallback.
+
+Another strace:
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
+) = 28
+name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
+) = 20
+name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
+) = 30
+name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
+) = 23
+name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
+openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
+openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
+read(5</proc/20/fdinfo/4>, "", 1024)    = 0
+close(5</proc/20/fdinfo/4>)             = 0
+close(4</proc/filesystems>)             = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
+) = 42
+writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
+) = 39
+writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
+) = 109
+rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
+rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
+getpid()                                = 20
+gettid()                                = 20
+tgkill(20, 20, SIGABRT)                 = 0
+rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
+
+RHEL notes: af918c4 should mitigate this issue, but in some build
+systems (Copr, brew, etc.) we don't have enough privileges to create a
+new mount namespace
+
+Cherry-picked manually from https://github.com/systemd/systemd/pull/17050.
+
+rhel-only
+Related: #2017035
+---
+ src/test/test-mountpoint-util.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index d11edf502a..9515d8cf7b 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -101,8 +101,12 @@ TEST(mnt_id) {
+                 /* The ids don't match? If so, then there are two mounts on the same path, let's check if
+                  * that's really the case */
+                 char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
+-                log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
+-                assert_se(path_equal(p, t));
++                log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
++
++                if (!path_equal(p, t))
++                        /* Apparent kernel bug in /proc/self/fdinfo */
++                        log_warning("Bad mount id given for %s: %d, should be %d",
++                                    p, mnt_id2, mnt_id);
+         }
+ }
+ 

SOURCES/0022-Treat-EPERM-as-not-available-too.patch

@@ -0,0 +1,30 @@
+From 3c54c67a7fc65dc5b49b2452739c19b94eeb98a9 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Tue, 21 Dec 2021 10:46:17 +0100
+Subject: [PATCH] Treat EPERM as "not available" too
+
+We need to do this because idmapped mounts habe been disabled in RHEL-9
+kernel: https://bugzilla.redhat.com/show_bug.cgi?id=2018141 .
+
+RHEL-only
+
+Fixes #55
+
+Related: #2017035
+---
+ src/nspawn/nspawn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index 8f17ab8810..9225c8f162 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -3780,7 +3780,7 @@ static int outer_child(
+             arg_uid_shift != 0) {
+ 
+                 r = remount_idmap(directory, arg_uid_shift, arg_uid_range);
+-                if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
++                if (IN_SET(r, -EINVAL, -EPERM) || ERRNO_IS_NOT_SUPPORTED(r)) {
+                         /* This might fail because the kernel or file system doesn't support idmapping. We
+                          * can't really distinguish this nicely, nor do we have any guarantees about the
+                          * error codes we see, could be EOPNOTSUPP or EINVAL. */

SOURCES/0023-test-copy-portable-profiles-into-the-image-if-they-d.patch

@@ -0,0 +1,39 @@
+From 324d99159e1e64d78a580073626f5b645f1c3639 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Mon, 31 Jan 2022 14:19:09 +0100
+Subject: [PATCH] test: copy portable profiles into the image if they don't
+ exist there
+
+If we're built with `-Dportable=false`, the portable profiles won't get
+installed into the image. Since we need only the profile files and
+nothing else, let's copy them into the image explicitly in such case.
+
+(cherry picked from commit 6f73ef8b30803ac1be1b2607aec1a89d778caa9a)
+
+Related: #2017035
+---
+ test/test-functions | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/test/test-functions b/test/test-functions
+index 218d0e6888..35d8f074a9 100644
+--- a/test/test-functions
++++ b/test/test-functions
+@@ -1151,6 +1151,17 @@ install_systemd() {
+         mkdir -p "$initdir/etc/systemd/system/service.d/"
+         echo -e "[Service]\nProtectSystem=no\nProtectHome=no\n" >"$initdir/etc/systemd/system/service.d/gcov-override.conf"
+     fi
++
++    # If we're built with -Dportabled=false, tests with systemd-analyze
++    # --profile will fail. Since we need just the profile (text) files, let's
++    # copy them into the image if they don't exist there.
++    local portable_dir="${initdir:?}${ROOTLIBDIR:?}/portable"
++    if [[ ! -d "$portable_dir/profile/strict" ]]; then
++        dinfo "Couldn't find portable profiles in the test image"
++        dinfo "Copying them directly from the source tree"
++        mkdir -p "$portable_dir"
++        cp -frv "${SOURCE_DIR:?}/src/portable/profile" "$portable_dir"
++    fi
+ }
+ 
+ get_ldpath() {

SOURCES/0024-test-introduce-get_cgroup_hierarchy-helper.patch

@@ -0,0 +1,43 @@
+From 16908e1ec833d857cb418712c382c6f604426b36 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Tue, 1 Feb 2022 20:18:29 +0100
+Subject: [PATCH] test: introduce `get_cgroup_hierarchy() helper
+
+which returns the host's cgroup hierarchy (unified, hybrid, or legacy).
+
+(cherry picked from commit f723740871bd3eb89d16a526a1ff77c04bb3787a)
+
+Related: #2047768
+---
+ test/test-functions | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/test/test-functions b/test/test-functions
+index 35d8f074a9..4827b6bedf 100644
+--- a/test/test-functions
++++ b/test/test-functions
+@@ -1996,6 +1996,24 @@ import_initdir() {
+     export initdir
+ }
+ 
++get_cgroup_hierarchy() {
++    case "$(stat -c '%T' -f /sys/fs/cgroup)" in
++        cgroup2fs)
++            echo "unified"
++            ;;
++        tmpfs)
++            if [[ -d /sys/fs/cgroup/unified && "$(stat -c '%T' -f /sys/fs/cgroup/unified)" == cgroup2fs ]]; then
++                echo "hybrid"
++            else
++                echo "legacy"
++            fi
++            ;;
++        *)
++            dfatal "Failed to determine host's cgroup hierarchy"
++            exit 1
++    esac
++}
++
+ ## @brief Converts numeric logging level to the first letter of level name.
+ #
+ # @param lvl Numeric logging level in range from 1 to 6.

SOURCES/0025-test-require-unified-cgroup-hierarchy-for-TEST-56.patch

@@ -0,0 +1,30 @@
+From 523e72e97d7c945114b54b726eaab0d379fb35fb Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Tue, 1 Feb 2022 20:25:00 +0100
+Subject: [PATCH] test: require unified cgroup hierarchy for TEST-56
+
+since cgroup empty notifications are unreliable in legacy cgroups.
+
+See: systemd/systemd#22320
+Complements: systemd/systemd#22344
+(cherry picked from commit e2620820188428de7086f5e8ac41305177f70954)
+
+Related: #2047768
+---
+ test/TEST-56-EXIT-TYPE/test.sh | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/test/TEST-56-EXIT-TYPE/test.sh b/test/TEST-56-EXIT-TYPE/test.sh
+index 0f84dca1ba..37475e817e 100755
+--- a/test/TEST-56-EXIT-TYPE/test.sh
++++ b/test/TEST-56-EXIT-TYPE/test.sh
+@@ -6,4 +6,9 @@ TEST_DESCRIPTION="test ExitType=cgroup"
+ # shellcheck source=test/test-functions
+ . "${TEST_BASE_DIR:?}/test-functions"
+ 
++if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
++    echo "This test requires unified cgroup hierarchy, skipping..."
++    exit 0
++fi
++
+ do_test "$@"

SOURCES/0026-tests-rework-test-macros-to-not-take-code-as-paramet.patch

@@ -0,0 +1,671 @@
+From 845417e653b42b8f3928c68955bd6416f2fa4509 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 1 Feb 2022 12:06:59 +0100
+Subject: [PATCH] tests: rework test macros to not take code as parameters
+
+C macros are nasty. We use them, but we try to be conservative with
+them. In particular passing literal, complex code blocks as argument is
+icky, because of "," handling of C, and also because it's quite a
+challange for most code highlighters and similar. Hence, let's avoid
+that. Using macros for genreating functions is OK but if so, the
+parameters should be simple words, not full code blocks.
+
+hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead
+of code block as argument.
+
+As side-effect this also fixes a bunch of cases where we might end up
+returning a negative value from main().
+
+Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the
+main() functions, these are replaced by static variables, and their
+destructors by the static destructor logic.
+
+This doesn't fix any bugs or so, it's just supposed to make the code
+easier to work with and improve it easthetically.
+
+Or in other words: let's use macros where it really makes sense, but
+let's not go overboard with it.
+
+(And yes, FOREACH_DIRENT() is another one of those macros that take
+code, and I dislike that too and regret I ever added that.)
+
+(cherry picked from commit 99839c7ebd4b83a5b0d5982d669cfe10d1252e1f)
+
+Related: #2017035
+---
+ src/shared/tests.h              | 25 +++++++++++++-----
+ src/test/test-barrier.c         | 46 +++++++++++++++++----------------
+ src/test/test-cgroup-setup.c    | 15 ++++++-----
+ src/test/test-chown-rec.c       | 15 ++++++-----
+ src/test/test-format-table.c    | 14 +++++-----
+ src/test/test-fs-util.c         |  7 ++++-
+ src/test/test-hashmap.c         | 16 +++++++++---
+ src/test/test-install-root.c    | 14 +++++++---
+ src/test/test-load-fragment.c   | 21 ++++++++-------
+ src/test/test-mountpoint-util.c | 30 +++++++++++----------
+ src/test/test-namespace.c       | 15 ++++++-----
+ src/test/test-proc-cmdline.c    | 15 ++++++-----
+ src/test/test-process-util.c    |  7 ++++-
+ src/test/test-sd-hwdb.c         | 21 ++++++++-------
+ src/test/test-serialize.c       | 16 ++++++------
+ src/test/test-sleep.c           | 15 ++++++-----
+ src/test/test-stat-util.c       |  7 ++++-
+ src/test/test-time-util.c       |  6 +++--
+ src/test/test-unit-file.c       |  7 ++++-
+ src/test/test-unit-name.c       | 21 ++++++++-------
+ src/test/test-unit-serialize.c  | 21 ++++++++-------
+ src/test/test-utf8.c            |  7 ++++-
+ 22 files changed, 215 insertions(+), 146 deletions(-)
+
+diff --git a/src/shared/tests.h b/src/shared/tests.h
+index 3b93aab498..59448f38f6 100644
+--- a/src/shared/tests.h
++++ b/src/shared/tests.h
+@@ -6,6 +6,7 @@
+ #include "sd-daemon.h"
+ 
+ #include "macro.h"
++#include "static-destruct.h"
+ #include "util.h"
+ 
+ static inline bool manager_errno_skip_test(int r) {
+@@ -109,15 +110,27 @@ static inline int run_test_table(void) {
+         return r;
+ }
+ 
++static inline int test_nop(void) {
++        return EXIT_SUCCESS;
++}
++
+ #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
+         int main(int argc, char *argv[]) {               \
+-                int _r = EXIT_SUCCESS;                   \
++                int _r, _q;                              \
+                 test_setup_logging(log_level);           \
+                 save_argc_argv(argc, argv);              \
+-                intro;                                   \
+-                _r = run_test_table();                   \
+-                outro;                                   \
+-                return _r;                               \
++                _r = intro();                            \
++                if (_r == EXIT_SUCCESS)                  \
++                        _r = run_test_table();           \
++                _q = outro();                            \
++                static_destruct();                       \
++                if (_r < 0)                              \
++                        return EXIT_FAILURE;             \
++                if (_r != EXIT_SUCCESS)                  \
++                        return _r;                       \
++                if (_q < 0)                              \
++                        return EXIT_FAILURE;             \
++                return _q;                               \
+         }
+ 
+-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , )
++#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
+diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
+index 8998282afb..b87538806a 100644
+--- a/src/test/test-barrier.c
++++ b/src/test/test-barrier.c
+@@ -421,25 +421,27 @@ TEST_BARRIER(barrier_pending_exit,
+         }),
+         TEST_BARRIER_WAIT_SUCCESS(pid2));
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
+-        ({
+-                if (!slow_tests_enabled())
+-                        return log_tests_skipped("slow tests are disabled");
+-
+-                /*
+-                * This test uses real-time alarms and sleeps to test for CPU races
+-                * explicitly. This is highly fragile if your system is under load. We
+-                * already increased the BASE_TIME value to make the tests more robust,
+-                * but that just makes the test take significantly longer. Given the recent
+-                * issues when running the test in a virtualized environments, limit it
+-                * to bare metal machines only, to minimize false-positives in CIs.
+-                */
+-                int v = detect_virtualization();
+-                if (IN_SET(v, -EPERM, -EACCES))
+-                        return log_tests_skipped("Cannot detect virtualization");
+-
+-                if (v != VIRTUALIZATION_NONE)
+-                        return log_tests_skipped("This test requires a baremetal machine");
+-        }),
+-        /* no outro */);
++
++static int intro(void) {
++        if (!slow_tests_enabled())
++                return log_tests_skipped("slow tests are disabled");
++
++        /*
++         * This test uses real-time alarms and sleeps to test for CPU races explicitly. This is highly
++         * fragile if your system is under load. We already increased the BASE_TIME value to make the tests
++         * more robust, but that just makes the test take significantly longer. Given the recent issues when
++         * running the test in a virtualized environments, limit it to bare metal machines only, to minimize
++         * false-positives in CIs.
++         */
++
++        int v = detect_virtualization();
++        if (IN_SET(v, -EPERM, -EACCES))
++                return log_tests_skipped("Cannot detect virtualization");
++
++        if (v != VIRTUALIZATION_NONE)
++                return log_tests_skipped("This test requires a baremetal machine");
++
++        return EXIT_SUCCESS;
++ }
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
+index 018992f96d..6f93647685 100644
+--- a/src/test/test-cgroup-setup.c
++++ b/src/test/test-cgroup-setup.c
+@@ -64,10 +64,11 @@ TEST(is_wanted) {
+         test_is_wanted_print_one(false);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_DEBUG,
+-        ({
+-                if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
+-                        return log_tests_skipped("can't read /proc/cmdline");
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
++                return log_tests_skipped("can't read /proc/cmdline");
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
+index 53d44566d5..691cfe767f 100644
+--- a/src/test/test-chown-rec.c
++++ b/src/test/test-chown-rec.c
+@@ -149,10 +149,11 @@ TEST(chown_recursive) {
+         assert_se(!has_xattr(p));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_DEBUG,
+-        ({
+-                if (geteuid() != 0)
+-                        return log_tests_skipped("not running as root");
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        if (geteuid() != 0)
++                return log_tests_skipped("not running as root");
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
+index a3b29ca337..7515a74c12 100644
+--- a/src/test/test-format-table.c
++++ b/src/test/test-format-table.c
+@@ -529,10 +529,10 @@ TEST(table) {
+                                 "5min              5min              \n"));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
+-        ({
+-                assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
+-                assert_se(setenv("COLUMNS", "40", 1) >= 0);
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
++        assert_se(setenv("COLUMNS", "40", 1) >= 0);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index 0e0d91d04e..da5a16b4bc 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -968,4 +968,9 @@ TEST(open_mkdir_at) {
+         assert_se(subsubdir_fd >= 0);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, arg_test_dir = argv[1], /* no outro */);
++static int intro(void) {
++        arg_test_dir = saved_argv[1];
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
+index cba0c33a8a..4dc155d818 100644
+--- a/src/test/test-hashmap.c
++++ b/src/test/test-hashmap.c
+@@ -158,7 +158,15 @@ TEST(hashmap_put_strdup_null) {
+ /* This variable allows us to assert that the tests from different compilation units were actually run. */
+ int n_extern_tests_run = 0;
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
+-        assert_se(n_extern_tests_run == 0),
+-        assert_se(n_extern_tests_run == 2)); /* Ensure hashmap and ordered_hashmap were tested. */
++static int intro(void) {
++        assert_se(n_extern_tests_run == 0);
++        return EXIT_SUCCESS;
++}
++
++static int outro(void) {
++        /* Ensure hashmap and ordered_hashmap were tested. */
++        assert_se(n_extern_tests_run == 2);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
+diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
+index ba715e6d7e..f540a832bd 100644
+--- a/src/test/test-install-root.c
++++ b/src/test/test-install-root.c
+@@ -11,8 +11,11 @@
+ #include "special.h"
+ #include "string-util.h"
+ #include "tests.h"
++#include "tmpfile-util.h"
+ 
+-static char root[] = "/tmp/rootXXXXXX";
++static char *root = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(root, rm_rf_physical_and_freep);
+ 
+ TEST(basic_mask_and_enable) {
+         const char *p;
+@@ -1239,10 +1242,10 @@ TEST(verify_alias) {
+         verify_one(&di_inst_template, "goo.target.conf/plain.service", -EXDEV, NULL);
+ }
+ 
+-static void setup_root(void) {
++static int intro(void) {
+         const char *p;
+ 
+-        assert_se(mkdtemp(root));
++        assert_se(mkdtemp_malloc("/tmp/rootXXXXXX", &root) >= 0);
+ 
+         p = strjoina(root, "/usr/lib/systemd/system/");
+         assert_se(mkdir_p(p, 0755) >= 0);
+@@ -1264,6 +1267,9 @@ static void setup_root(void) {
+ 
+         p = strjoina(root, "/usr/lib/systemd/system/graphical.target");
+         assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
++
++        return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_root(), assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0));
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
+index e878979a89..2e105df56a 100644
+--- a/src/test/test-load-fragment.c
++++ b/src/test/test-load-fragment.c
+@@ -30,6 +30,10 @@
+ /* Nontrivial value serves as a placeholder to check that parsing function (didn't) change it */
+ #define CGROUP_LIMIT_DUMMY      3
+ 
++static char *runtime_dir = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
++
+ TEST_RET(unit_file_get_set) {
+         int r;
+         Hashmap *h;
+@@ -894,15 +898,12 @@ TEST(unit_is_recursive_template_dependency) {
+         assert_se(unit_is_likely_recursive_template_dependency(u, "foobar@foobar@123.mount", "foobar@%n.mount") == 0);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
++static int intro(void) {
++        if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
++                return log_tests_skipped("cgroupfs not available");
+ 
+-        _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
+-        ({
+-                if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+-                        return log_tests_skipped("cgroupfs not available");
+-
+-                assert_se(runtime_dir = setup_fake_runtime_dir());
+-        }),
++        assert_se(runtime_dir = setup_fake_runtime_dir());
++        return EXIT_SUCCESS;
++}
+ 
+-        /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 9515d8cf7b..102d2850bf 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -298,17 +298,19 @@ TEST(fd_is_mount_point) {
+         assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_DEBUG,
+-        ({
+-                /* let's move into our own mount namespace with all propagation from the host turned off, so
+-                 * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
+-                if (unshare(CLONE_NEWNS) < 0) {
+-                        if (!ERRNO_IS_PRIVILEGE(errno))
+-                                return log_error_errno(errno, "Failed to detach mount namespace: %m");
+-
+-                        log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
+-                } else
+-                        assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        /* let's move into our own mount namespace with all propagation from the host turned off, so
++         * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
++
++        if (unshare(CLONE_NEWNS) < 0) {
++                if (!ERRNO_IS_PRIVILEGE(errno))
++                        return log_error_errno(errno, "Failed to detach mount namespace: %m");
++
++                log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
++        } else
++                assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index 8df5533d6e..f9e34f3bfa 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -220,10 +220,11 @@ TEST(protect_kernel_logs) {
+         assert_se(wait_for_terminate_and_check("ns-kernellogs", pid, WAIT_LOG) == EXIT_SUCCESS);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
+-        ({
+-                if (!have_namespaces())
+-                        return log_tests_skipped("Don't have namespace support");
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        if (!have_namespaces())
++                return log_tests_skipped("Don't have namespace support");
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
+index 1c8c9b80b7..064b4d838f 100644
+--- a/src/test/test-proc-cmdline.c
++++ b/src/test/test-proc-cmdline.c
+@@ -247,10 +247,11 @@ TEST(proc_cmdline_key_startswith) {
+         assert_se(!proc_cmdline_key_startswith("foo-bar", "foo_xx"));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
+-        ({
+-                if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
+-                        return log_tests_skipped("can't read /proc/cmdline");
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
++                return log_tests_skipped("can't read /proc/cmdline");
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index 06a640b1cc..8661934929 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -895,4 +895,9 @@ TEST(set_oom_score_adjust) {
+         assert_se(b == a);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
++static int intro(void) {
++        log_show_color(true);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
+index 7961c17c4a..88992a6c2b 100644
+--- a/src/test/test-sd-hwdb.c
++++ b/src/test/test-sd-hwdb.c
+@@ -52,12 +52,15 @@ TEST(basic_enumerate) {
+         assert_se(len1 == len2);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_DEBUG,
+-        ({
+-                _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+-                int r = sd_hwdb_new(&hwdb);
+-                if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
+-                        return log_tests_skipped_errno(r, "cannot open hwdb");
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
++        int r;
++
++        r = sd_hwdb_new(&hwdb);
++        if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
++                return log_tests_skipped_errno(r, "cannot open hwdb");
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
+index fb04b3e7fa..9aeb6c5920 100644
+--- a/src/test/test-serialize.c
++++ b/src/test/test-serialize.c
+@@ -10,7 +10,7 @@
+ #include "tests.h"
+ #include "tmpfile-util.h"
+ 
+-char long_string[LONG_LINE_MAX+1];
++static char long_string[LONG_LINE_MAX+1];
+ 
+ TEST(serialize_item) {
+         _cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-serialize.XXXXXX";
+@@ -189,10 +189,10 @@ TEST(serialize_environment) {
+         assert_se(strv_equal(env, env2));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
+-        ({
+-                memset(long_string, 'x', sizeof(long_string)-1);
+-                char_array_0(long_string);
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        memset(long_string, 'x', sizeof(long_string)-1);
++        char_array_0(long_string);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
+index 183ad4f7b7..f56e7e0167 100644
+--- a/src/test/test-sleep.c
++++ b/src/test/test-sleep.c
+@@ -118,10 +118,11 @@ TEST(sleep) {
+         log_info("Suspend-then-Hibernate configured and possible: %s", r >= 0 ? yes_no(r) : strerror_safe(r));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_DEBUG,
+-        ({
+-                if (getuid() != 0)
+-                        log_warning("This program is unlikely to work for unprivileged users");
+-        }),
+-        /* no outro */);
++static int intro(void) {
++        if (getuid() != 0)
++                log_warning("This program is unlikely to work for unprivileged users");
++
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
+index 0f7b3ca3ce..2965ee679f 100644
+--- a/src/test/test-stat-util.c
++++ b/src/test/test-stat-util.c
+@@ -236,4 +236,9 @@ TEST(dir_is_empty) {
+         assert_se(dir_is_empty_at(AT_FDCWD, empty_dir) > 0);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
++static int intro(void) {
++        log_show_color(true);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index 4d0131827e..f21d8b7794 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -588,7 +588,7 @@ TEST(map_clock_usec) {
+         }
+ }
+ 
+-static void setup_test(void) {
++static int intro(void) {
+         log_info("realtime=" USEC_FMT "\n"
+                  "monotonic=" USEC_FMT "\n"
+                  "boottime=" USEC_FMT "\n",
+@@ -603,6 +603,8 @@ static void setup_test(void) {
+         uintmax_t x = TIME_T_MAX;
+         x++;
+         assert_se((time_t) x < 0);
++
++        return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_test(), /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
+index 0f8c25c218..6c9f245c7e 100644
+--- a/src/test/test-unit-file.c
++++ b/src/test/test-unit-file.c
+@@ -102,4 +102,9 @@ TEST(runlevel_to_target) {
+         assert_se(streq_ptr(runlevel_to_target("rd.rescue"), SPECIAL_RESCUE_TARGET));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, log_show_color(true), /* no outro */);
++static int intro(void) {
++        log_show_color(true);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
+index 6bde9e090d..1f65407e5f 100644
+--- a/src/test/test-unit-name.c
++++ b/src/test/test-unit-name.c
+@@ -23,6 +23,10 @@
+ #include "user-util.h"
+ #include "util.h"
+ 
++static char *runtime_dir = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
++
+ static void test_unit_name_is_valid_one(const char *name, UnitNameFlags flags, bool expected) {
+         log_info("%s ( %s%s%s ): %s",
+                  name,
+@@ -844,15 +848,12 @@ TEST(unit_name_prefix_equal) {
+         assert_se(!unit_name_prefix_equal("a", "a"));
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_INFO,
++static int intro(void) {
++        if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
++                return log_tests_skipped("cgroupfs not available");
+ 
+-        _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
+-        ({
+-                if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+-                        return log_tests_skipped("cgroupfs not available");
+-
+-                assert_se(runtime_dir = setup_fake_runtime_dir());
+-        }),
++        assert_se(runtime_dir = setup_fake_runtime_dir());
++        return EXIT_SUCCESS;
++}
+ 
+-        /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
+index 899fdc000c..5d39176db2 100644
+--- a/src/test/test-unit-serialize.c
++++ b/src/test/test-unit-serialize.c
+@@ -4,6 +4,10 @@
+ #include "service.h"
+ #include "tests.h"
+ 
++static char *runtime_dir = NULL;
++
++STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
++
+ #define EXEC_START_ABSOLUTE \
+         "ExecStart 0 /bin/sh \"sh\" \"-e\" \"-x\" \"-c\" \"systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok\""
+ #define EXEC_START_RELATIVE \
+@@ -48,15 +52,12 @@ TEST(deserialize_exec_command) {
+         test_deserialize_exec_command_one(m, "control-command", "ExecWhat 11 /a/b c d e", -EINVAL);
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(
+-        LOG_DEBUG,
++static int intro(void) {
++        if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
++                return log_tests_skipped("cgroupfs not available");
+ 
+-        _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
+-        ({
+-                if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+-                        return log_tests_skipped("cgroupfs not available");
+-
+-                assert_se(runtime_dir = setup_fake_runtime_dir());
+-        }),
++        assert_se(runtime_dir = setup_fake_runtime_dir());
++        return EXIT_SUCCESS;
++}
+ 
+-        /* no outro */);
++DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
+index a21fcd6fd2..1b31d1f852 100644
+--- a/src/test/test-utf8.c
++++ b/src/test/test-utf8.c
+@@ -231,4 +231,9 @@ TEST(utf8_to_utf16) {
+         }
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
++static int intro(void) {
++        log_show_color(true);
++        return EXIT_SUCCESS;
++}
++
++DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);

SOURCES/0027-test-allow-to-set-NULL-to-intro-or-outro.patch

@@ -0,0 +1,300 @@
+From 0be677fb6663ab6bfd02eae6ad32e7f031cfde0f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 2 Feb 2022 11:06:41 +0900
+Subject: [PATCH] test: allow to set NULL to intro or outro
+
+Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033.
+
+(cherry picked from commit e85fdacc8ad7d91f140a135aaa3fd5372d3fa47c)
+
+Related: #2017035
+---
+ src/shared/tests.h              | 45 +++++++++++++++++----------------
+ src/test/test-barrier.c         |  2 +-
+ src/test/test-cgroup-setup.c    |  2 +-
+ src/test/test-chown-rec.c       |  2 +-
+ src/test/test-format-table.c    |  2 +-
+ src/test/test-fs-util.c         |  2 +-
+ src/test/test-hashmap.c         |  2 +-
+ src/test/test-install-root.c    |  2 +-
+ src/test/test-load-fragment.c   |  2 +-
+ src/test/test-mountpoint-util.c |  2 +-
+ src/test/test-namespace.c       |  2 +-
+ src/test/test-proc-cmdline.c    |  2 +-
+ src/test/test-process-util.c    |  2 +-
+ src/test/test-sd-hwdb.c         |  2 +-
+ src/test/test-serialize.c       |  2 +-
+ src/test/test-sleep.c           |  2 +-
+ src/test/test-stat-util.c       |  2 +-
+ src/test/test-time-util.c       |  2 +-
+ src/test/test-unit-file.c       |  2 +-
+ src/test/test-unit-name.c       |  2 +-
+ src/test/test-unit-serialize.c  |  2 +-
+ src/test/test-utf8.c            |  2 +-
+ 22 files changed, 44 insertions(+), 43 deletions(-)
+
+diff --git a/src/shared/tests.h b/src/shared/tests.h
+index 59448f38f6..ef6acd368e 100644
+--- a/src/shared/tests.h
++++ b/src/shared/tests.h
+@@ -110,27 +110,28 @@ static inline int run_test_table(void) {
+         return r;
+ }
+ 
+-static inline int test_nop(void) {
+-        return EXIT_SUCCESS;
+-}
+-
+-#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
+-        int main(int argc, char *argv[]) {               \
+-                int _r, _q;                              \
+-                test_setup_logging(log_level);           \
+-                save_argc_argv(argc, argv);              \
+-                _r = intro();                            \
+-                if (_r == EXIT_SUCCESS)                  \
+-                        _r = run_test_table();           \
+-                _q = outro();                            \
+-                static_destruct();                       \
+-                if (_r < 0)                              \
+-                        return EXIT_FAILURE;             \
+-                if (_r != EXIT_SUCCESS)                  \
+-                        return _r;                       \
+-                if (_q < 0)                              \
+-                        return EXIT_FAILURE;             \
+-                return _q;                               \
++#define DEFINE_TEST_MAIN_FULL(log_level, intro, outro)    \
++        int main(int argc, char *argv[]) {                \
++                int (*_intro)(void) = intro;              \
++                int (*_outro)(void) = outro;              \
++                int _r, _q;                               \
++                test_setup_logging(log_level);            \
++                save_argc_argv(argc, argv);               \
++                _r = _intro ? _intro() : EXIT_SUCCESS;    \
++                if (_r == EXIT_SUCCESS)                   \
++                        _r = run_test_table();            \
++                _q = _outro ? _outro() : EXIT_SUCCESS;    \
++                static_destruct();                        \
++                if (_r < 0)                               \
++                        return EXIT_FAILURE;              \
++                if (_r != EXIT_SUCCESS)                   \
++                        return _r;                        \
++                if (_q < 0)                               \
++                        return EXIT_FAILURE;              \
++                return _q;                                \
+         }
+ 
+-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
++#define DEFINE_TEST_MAIN_WITH_INTRO(log_level, intro)   \
++        DEFINE_TEST_MAIN_FULL(log_level, intro, NULL)
++#define DEFINE_TEST_MAIN(log_level)                     \
++        DEFINE_TEST_MAIN_FULL(log_level, NULL, NULL)
+diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
+index b87538806a..bbd7e2bddb 100644
+--- a/src/test/test-barrier.c
++++ b/src/test/test-barrier.c
+@@ -444,4 +444,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+  }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
+index 6f93647685..c377ff0a00 100644
+--- a/src/test/test-cgroup-setup.c
++++ b/src/test/test-cgroup-setup.c
+@@ -71,4 +71,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
+index 691cfe767f..97711f58b0 100644
+--- a/src/test/test-chown-rec.c
++++ b/src/test/test-chown-rec.c
+@@ -156,4 +156,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
+index 7515a74c12..1b4963d928 100644
+--- a/src/test/test-format-table.c
++++ b/src/test/test-format-table.c
+@@ -535,4 +535,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index da5a16b4bc..602ce75f98 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -973,4 +973,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
+index 4dc155d818..dbf762cc0b 100644
+--- a/src/test/test-hashmap.c
++++ b/src/test/test-hashmap.c
+@@ -169,4 +169,4 @@ static int outro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
++DEFINE_TEST_MAIN_FULL(LOG_INFO, intro, outro);
+diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
+index f540a832bd..f718689c3a 100644
+--- a/src/test/test-install-root.c
++++ b/src/test/test-install-root.c
+@@ -1272,4 +1272,4 @@ static int intro(void) {
+ }
+ 
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
+index 2e105df56a..1bd68c7e0a 100644
+--- a/src/test/test-load-fragment.c
++++ b/src/test/test-load-fragment.c
+@@ -906,4 +906,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 102d2850bf..4d140c42b6 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -313,4 +313,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
+index f9e34f3bfa..7a634adca9 100644
+--- a/src/test/test-namespace.c
++++ b/src/test/test-namespace.c
+@@ -227,4 +227,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
+index 064b4d838f..1f43bb3eb0 100644
+--- a/src/test/test-proc-cmdline.c
++++ b/src/test/test-proc-cmdline.c
+@@ -254,4 +254,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index 8661934929..7a8adad50c 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -900,4 +900,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
+index 88992a6c2b..4251e2a809 100644
+--- a/src/test/test-sd-hwdb.c
++++ b/src/test/test-sd-hwdb.c
+@@ -63,4 +63,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
+index 9aeb6c5920..bcf2e843b0 100644
+--- a/src/test/test-serialize.c
++++ b/src/test/test-serialize.c
+@@ -195,4 +195,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
+index f56e7e0167..5aebcdd935 100644
+--- a/src/test/test-sleep.c
++++ b/src/test/test-sleep.c
+@@ -125,4 +125,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
+index 2965ee679f..7f633ab259 100644
+--- a/src/test/test-stat-util.c
++++ b/src/test/test-stat-util.c
+@@ -241,4 +241,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index f21d8b7794..554693834b 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -607,4 +607,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
+index 6c9f245c7e..cc08a4ae4b 100644
+--- a/src/test/test-unit-file.c
++++ b/src/test/test-unit-file.c
+@@ -107,4 +107,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
+index 1f65407e5f..8cd0e0b4a1 100644
+--- a/src/test/test-unit-name.c
++++ b/src/test/test-unit-name.c
+@@ -856,4 +856,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
+diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
+index 5d39176db2..3ef15f3b1e 100644
+--- a/src/test/test-unit-serialize.c
++++ b/src/test/test-unit-serialize.c
+@@ -60,4 +60,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
+diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
+index 1b31d1f852..7337b81227 100644
+--- a/src/test/test-utf8.c
++++ b/src/test/test-utf8.c
+@@ -236,4 +236,4 @@ static int intro(void) {
+         return EXIT_SUCCESS;
+ }
+ 
+-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
++DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);

SOURCES/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch

@@ -0,0 +1,53 @@
+From f00cbfd1cf67f28a92863c74ef64a1aedfacabc6 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 21 Sep 2021 15:01:19 +0200
+Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
+ "none"
+
+While stable MAC address for interface types that don't have the
+address provided by HW could be useful it also breaks LACP based bonds.
+Let's err on the side of caution and don't change the MAC address from
+udev.
+
+RHEL-only
+
+Resolves: #2009237
+---
+ man/systemd.link.xml                       | 2 +-
+ network/99-default.link                    | 2 +-
+ test/fuzz/fuzz-link-parser/99-default.link | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/systemd.link.xml b/man/systemd.link.xml
+index 45cabbccf7..0033e4c28f 100644
+--- a/man/systemd.link.xml
++++ b/man/systemd.link.xml
+@@ -961,7 +961,7 @@
+ 
+       <programlisting>[Link]
+ NamePolicy=kernel database onboard slot path
+-MACAddressPolicy=persistent</programlisting>
++MACAddressPolicy=none</programlisting>
+     </example>
+ 
+     <example>
+diff --git a/network/99-default.link b/network/99-default.link
+index bca660ac28..31aee37e75 100644
+--- a/network/99-default.link
++++ b/network/99-default.link
+@@ -13,4 +13,4 @@ OriginalName=*
+ [Link]
+ NamePolicy=keep kernel database onboard slot path
+ AlternativeNamesPolicy=database onboard slot path
+-MACAddressPolicy=persistent
++MACAddressPolicy=none
+diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
+index feb5b1fbb0..3d755898b4 100644
+--- a/test/fuzz/fuzz-link-parser/99-default.link
++++ b/test/fuzz/fuzz-link-parser/99-default.link
+@@ -9,4 +9,4 @@
+ 
+ [Link]
+ NamePolicy=keep kernel database onboard slot path
+-MACAddressPolicy=persistent
++MACAddressPolicy=none

SOURCES/0029-man-mention-System-Administrator-s-Guide-in-systemct.patch

@@ -0,0 +1,35 @@
+From 17a3bad51a7efefd6dc63249c49ddaabda6cbd19 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Thu, 28 Aug 2014 15:12:10 +0200
+Subject: [PATCH] man: mention System Administrator's Guide in systemctl
+ manpage
+
+RHEL-only
+
+Resolves: #1982596
+---
+ man/systemctl.xml | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/man/systemctl.xml b/man/systemctl.xml
+index 1c14909523..3b3d709ab3 100644
+--- a/man/systemctl.xml
++++ b/man/systemctl.xml
+@@ -2455,6 +2455,17 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
+     <xi:include href="common-variables.xml" xpointer="urlify"/>
+   </refsect1>
+ 
++  <refsect1>
++    <title>Examples</title>
++    <para>
++            For examples how to use systemctl in comparsion
++            with old service and chkconfig command please see:
++            <ulink url="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/managing-system-services-with-systemctl_configuring-basic-system-settings">
++                    Managing System Services
++            </ulink>
++    </para>
++  </refsect1>
++
+   <refsect1>
+     <title>See Also</title>
+     <para>

SOURCES/0030-Net-naming-scheme-for-RHEL-9.0.patch

@@ -0,0 +1,56 @@
+From 464a8fc4e0b218793105431cc71bf98b0dc97fb5 Mon Sep 17 00:00:00 2001
+From: Jacek Migacz <jmigacz@redhat.com>
+Date: Thu, 3 Feb 2022 23:46:09 +0100
+Subject: [PATCH] Net naming scheme for RHEL-9.0
+
+RHEL-only
+
+Resolves: #2052106
+---
+ man/systemd.net-naming-scheme.xml | 7 +++++++
+ src/shared/netif-naming-scheme.c  | 1 +
+ src/shared/netif-naming-scheme.h  | 1 +
+ 3 files changed, 9 insertions(+)
+
+diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
+index 41408411fc..942ef572ff 100644
+--- a/man/systemd.net-naming-scheme.xml
++++ b/man/systemd.net-naming-scheme.xml
+@@ -403,6 +403,13 @@
+           </listitem>
+         </varlistentry>
+ 
++        <varlistentry>
++          <term><constant>rhel-9.0</constant></term>
++
++          <listitem><para>Same as naming scheme <constant>v250</constant>.</para>
++          </listitem>
++        </varlistentry>
++
+       </variablelist>
+ 
+     <para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
+diff --git a/src/shared/netif-naming-scheme.c b/src/shared/netif-naming-scheme.c
+index 245466c4cb..44d011a9b7 100644
+--- a/src/shared/netif-naming-scheme.c
++++ b/src/shared/netif-naming-scheme.c
+@@ -23,6 +23,7 @@ static const NamingScheme naming_schemes[] = {
+         { "v247", NAMING_V247 },
+         { "v249", NAMING_V249 },
+         { "v250", NAMING_V250 },
++        { "rhel-9.0", NAMING_RHEL_9_0 },
+         /* … add more schemes here, as the logic to name devices is updated … */
+ 
+         EXTRA_NET_NAMING_MAP
+diff --git a/src/shared/netif-naming-scheme.h b/src/shared/netif-naming-scheme.h
+index 16b304ce10..f765db6ef2 100644
+--- a/src/shared/netif-naming-scheme.h
++++ b/src/shared/netif-naming-scheme.h
+@@ -47,6 +47,7 @@ typedef enum NamingSchemeFlags {
+         NAMING_V247 = NAMING_V245 | NAMING_BRIDGE_NO_SLOT,
+         NAMING_V249 = NAMING_V247 | NAMING_SLOT_FUNCTION_ID | NAMING_16BIT_INDEX | NAMING_REPLACE_STRICTLY,
+         NAMING_V250 = NAMING_V249 | NAMING_XEN_VIF,
++        NAMING_RHEL_9_0 = NAMING_V250,
+ 
+         EXTRA_NET_NAMING_SCHEMES
+ 

SOURCES/0031-core-decrease-log-level-of-messages-about-use-of-Kil.patch

@@ -0,0 +1,40 @@
+From 16c4a3c3a826d03f60db83c8d6d809d59e6f38ad Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 22 Feb 2022 13:24:11 +0100
+Subject: [PATCH] core: decrease log level of messages about use of
+ KillMode=none
+
+RHEL-only
+
+Resolves: #2013213
+---
+ src/core/load-fragment.c | 2 +-
+ src/core/unit.c          | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index 92a52819e2..ad5a0912fc 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -816,7 +816,7 @@ int config_parse_kill_mode(
+         }
+ 
+         if (m == KILL_NONE)
+-                log_syntax(unit, LOG_WARNING, filename, line, 0,
++                log_syntax(unit, LOG_DEBUG, filename, line, 0,
+                            "Unit configured to use KillMode=none. "
+                            "This is unsafe, as it disables systemd's process lifecycle management for the service. "
+                            "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
+diff --git a/src/core/unit.c b/src/core/unit.c
+index d2adb447b6..9cbed08987 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -5458,7 +5458,7 @@ int unit_log_leftover_process_start(pid_t pid, int sig, void *userdata) {
+ 
+         /* During start we print a warning */
+ 
+-        log_unit_warning(userdata,
++        log_unit_debug(userdata,
+                          "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
+                          "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
+                          pid, strna(comm));

SOURCES/0032-ci-replace-apt-key-with-signed-by.patch

@@ -0,0 +1,34 @@
+From be021c2328550a9d5b987cb206eda5df90b45acd Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Sun, 26 Dec 2021 01:11:00 +0000
+Subject: [PATCH] ci: replace apt-key with signed-by
+
+to limit the scope of the key to apt.llvm.org only.
+
+This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/
+
+(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da)
+
+Related: #2013213
+---
+ .github/workflows/build_test.sh | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
+index 5b18784461..549e59b2c9 100755
+--- a/.github/workflows/build_test.sh
++++ b/.github/workflows/build_test.sh
+@@ -80,9 +80,10 @@ if [[ "$COMPILER" == clang ]]; then
+     # llvm package if available in such cases to avoid that.
+     if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
+         # Latest LLVM stack deb packages provided by https://apt.llvm.org/
+-        # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
+-        wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+-        add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/   llvm-toolchain-$RELEASE-$COMPILER_VERSION  main"
++        # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
++        wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
++        printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/   llvm-toolchain-%s-%s  main\n" \
++		"$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
+         PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
+     fi
+ elif [[ "$COMPILER" == gcc ]]; then

SOURCES/0033-ci-fix-clang-13-installation.patch

@@ -0,0 +1,54 @@
+From b9b1f92cdc74beb8487c87aa2b5c2806e100d1aa Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Tue, 22 Feb 2022 14:43:40 +0100
+Subject: [PATCH] ci: fix clang-13 installation
+
+For some reason Ubuntu Focal repositories now have `llvm-13` virtual
+package which can't be installed, but successfully fools our check,
+resulting in no clang/llvm being installed...
+
+```
+$ apt show llvm-13
+Package: llvm-13
+State: not a real package (virtual)
+N: Can't select candidate version from package llvm-13 as it has no candidate
+N: Can't select versions from package 'llvm-13' as it is purely virtual
+N: No packages found
+
+$ apt install --dry-run llvm-13
+Reading package lists... Done
+Building dependency tree
+Reading state information... Done
+Package llvm-13 is not available, but is referred to by another package.
+This may mean that the package is missing, has been obsoleted, or
+is only available from another source
+
+E: Package 'llvm-13' has no installation candidate
+```
+
+(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077)
+
+Related: #2013213
+---
+ .github/workflows/build_test.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
+index 549e59b2c9..5a173a18d5 100755
+--- a/.github/workflows/build_test.sh
++++ b/.github/workflows/build_test.sh
+@@ -78,12 +78,12 @@ if [[ "$COMPILER" == clang ]]; then
+     # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
+     # provided by the apt.llvm.org repositories. Let's use the system
+     # llvm package if available in such cases to avoid that.
+-    if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
++    if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
+         # Latest LLVM stack deb packages provided by https://apt.llvm.org/
+         # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
+         wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
+         printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/   llvm-toolchain-%s-%s  main\n" \
+-		"$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
++               "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
+         PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
+     fi
+ elif [[ "$COMPILER" == gcc ]]; then

SOURCES/10-oomd-defaults.conf

@@ -0,0 +1,2 @@
+[OOM]
+DefaultMemoryPressureDurationSec=20s

SOURCES/10-oomd-root-slice-defaults.conf

@@ -0,0 +1,2 @@
+[Slice]
+ManagedOOMSwap=kill

SOURCES/10-oomd-user-service-defaults.conf

@@ -0,0 +1,3 @@
+[Service]
+ManagedOOMMemoryPressure=kill
+ManagedOOMMemoryPressureLimit=50%

SOURCES/20-grubby.install

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+if [[ ! -x /sbin/new-kernel-pkg ]]; then
+    exit 0
+fi
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+BOOT_DIR_ABS="$3"
+KERNEL_IMAGE="$4"
+
+KERNEL_DIR="${KERNEL_IMAGE%/*}"
+[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
+case "$COMMAND" in
+    add)
+        if [[ "${KERNEL_DIR}" != "/boot" ]]; then
+            for i in \
+                "$KERNEL_IMAGE" \
+                    "$KERNEL_DIR"/System.map \
+                    "$KERNEL_DIR"/config \
+                    "$KERNEL_DIR"/zImage.stub \
+                    "$KERNEL_DIR"/dtb \
+                ; do
+                [[ -e "$i" ]] || continue
+                cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
+                command -v restorecon &>/dev/null && \
+                    restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
+            done
+            # hmac is .vmlinuz-<version>.hmac so needs a special treatment
+            i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
+            if [[ -e "$i" ]]; then
+                cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+                command -v restorecon &>/dev/null && \
+                    restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
+            fi
+        fi
+        /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
+        /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
+        /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
+        ;;
+    remove)
+        /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
+        ;;
+    *)
+        ;;
+esac
+
+# skip other installation plugins, if we can't find a boot loader spec conforming setup
+if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
+    exit 77
+fi

SOURCES/20-yama-ptrace.conf

@@ -0,0 +1,42 @@
+# The ptrace system call is used for interprocess services,
+# communication and introspection (like synchronisation, signaling,
+# debugging, tracing and profiling) of processes.
+#
+# Usage of ptrace is restricted by normal user permissions. Normal
+# unprivileged processes cannot use ptrace on processes that they
+# cannot send signals to or processes that are running set-uid or
+# set-gid. Nevertheless, processes running under the same uid will
+# usually be able to ptrace one another.
+#
+# Fedora enables the Yama security mechanism which restricts ptrace
+# even further. Sysctl setting kernel.yama.ptrace_scope can have one
+# of the following values:
+#
+# 0 - Normal ptrace security permissions.
+# 1 - Restricted ptrace. Only child processes plus normal permissions.
+# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
+# 3 - No attach. No process may call ptrace at all. Irrevocable.
+#
+# For more information see Documentation/security/Yama.txt in the
+# kernel sources.
+#
+# The default is 1., which allows tracing of child processes, but
+# forbids tracing of arbitrary processes. This allows programs like
+# gdb or strace to work when the most common way of having the
+# debugger start the debuggee is used:
+#    gdb /path/to/program ...
+# Attaching to already running programs is NOT allowed:
+#    gdb -p ...
+# This default setting is suitable for the common case, because it
+# reduces the risk that one hacked process can be used to attack other
+# processes. (For example, a hacked firefox process in a user session
+# will not be able to ptrace the keyring process and extract passwords
+# stored only in memory.)
+#
+# Developers and administrators might want to disable those protections
+# to be able to attach debuggers to existing processes. Use
+#   sysctl kernel.yama.ptrace_scope=0
+# for change the setting temporarily, or copy this file to
+# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
+
+kernel.yama.ptrace_scope = 0

SOURCES/inittab

@@ -0,0 +1,16 @@
+# inittab is no longer used.
+#
+# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
+#
+# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
+#
+# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
+#
+# multi-user.target: analogous to runlevel 3
+# graphical.target: analogous to runlevel 5
+#
+# To view current default target, run:
+# systemctl get-default
+#
+# To set a default target, run:
+# systemctl set-default TARGET.target

SOURCES/libsystemd-shared.abignore

@@ -0,0 +1,3 @@
+[suppress_file]
+# This shared object is private to systemd
+file_name_regexp=libsystemd-shared-.*.so

SOURCES/macros.sysusers

@@ -0,0 +1,10 @@
+# RPM macros for packages creating system accounts
+#
+# Turn a sysusers.d file into macros specified by
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
+
+%sysusers_requires_compat Requires(pre): shadow-utils
+
+%sysusers_create_compat() \
+%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
+%{nil}

SOURCES/purge-nobody-user

@@ -0,0 +1,101 @@
+#!/bin/bash -eu
+
+if [ $UID -ne 0 ]; then
+    echo "WARNING: This script needs to run as root to be effective"
+    exit 1
+fi
+
+export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
+
+if [ "${1:-}" = "--ignore-journal" ]; then
+    shift
+    ignore_journal=1
+else
+    ignore_journal=0
+fi
+
+echo "Checking processes..."
+if ps h -u 99 | grep .; then
+    echo "ERROR: ps reports processes with UID 99!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking UTMP..."
+if w -h 199 | grep . ; then
+    echo "ERROR: w reports UID 99 as active!"
+    exit 2
+fi
+if w -h nobody | grep . ; then
+    echo "ERROR: w reports user nobody as active!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking the journal..."
+if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
+    echo "ERROR: journalctl reports messages from UID 99 in current boot!"
+    exit 2
+fi
+echo "... not found"
+
+echo "Looking for files in /etc, /run, /tmp, and /var..."
+if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
+    echo "ERROR: found files belonging to UID 99"
+    exit 2
+fi
+echo "... not found"
+
+echo "Checking if nobody is defined correctly..."
+if getent passwd nobody |
+	grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
+then
+    echo "OK, nothing to do."
+    exit 0
+else
+    echo "NOTICE: User nobody is not defined correctly"
+fi
+
+echo "Checking if nfsnobody or something else is using the uid..."
+if getent passwd 65534 | grep . ; then
+    echo "NOTICE: will have to remove this user"
+else
+    echo "... not found"
+fi
+
+if [ "${1:-}" = "-x" ]; then
+    if getent passwd nobody >/dev/null; then
+	# this will remove both the user and the group.
+	( set -x
+   	  userdel nobody
+	)
+    fi
+
+    if getent passwd 65534 >/dev/null; then
+	# Make sure the uid is unused. This should free gid too.
+	name="$(getent passwd 65534 | cut -d: -f1)"
+	( set -x
+	  userdel "$name"
+	)
+    fi
+
+    if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
+	echo "Sleeping, so sss can catch up"
+	sleep 3
+    fi
+
+    if getent group 65534; then
+	# Make sure the gid is unused, even if uid wasn't.
+	name="$(getent group 65534 | cut -d: -f1)"
+	( set -x
+	  groupdel "$name"
+	)
+    fi
+
+    # systemd-sysusers uses the same gid and uid
+    ( set -x
+      systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
+    )
+else
+    echo "Pass '-x' to perform changes"
+fi

SOURCES/rc.local

@@ -0,0 +1,14 @@
+#!/bin/bash
+# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
+#
+# It is highly advisable to create own systemd services or udev rules
+# to run scripts during boot instead of using this file.
+#
+# In contrast to previous versions due to parallel execution during boot
+# this script will NOT be run after all other services.
+#
+# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
+# that this script will be executed during boot.
+
+touch /var/lock/subsys/local
+

SOURCES/split-files.py

@@ -0,0 +1,163 @@
+import re, sys, os, collections
+
+buildroot = sys.argv[1]
+known_files = sys.stdin.read().splitlines()
+known_files = {line.split()[-1]:line for line in known_files}
+
+def files(root):
+    os.chdir(root)
+    todo = collections.deque(['.'])
+    while todo:
+        n = todo.pop()
+        files = os.scandir(n)
+        for file in files:
+            yield file
+            if file.is_dir() and not file.is_symlink():
+                todo.append(file)
+
+o_libs = open('.file-list-libs', 'w')
+o_udev = open('.file-list-udev', 'w')
+o_pam = open('.file-list-pam', 'w')
+o_rpm_macros = open('.file-list-rpm-macros', 'w')
+o_devel = open('.file-list-devel', 'w')
+o_container = open('.file-list-container', 'w')
+o_networkd = open('.file-list-networkd', 'w')
+o_resolved = open('.file-list-resolved', 'w')
+o_oomd = open('.file-list-oomd', 'w')
+o_remote = open('.file-list-remote', 'w')
+o_tests = open('.file-list-tests', 'w')
+o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
+o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
+o_rest = open('.file-list-rest', 'w')
+for file in files(buildroot):
+    n = file.path[1:]
+    if re.match(r'''/usr/(share|include)$|
+                    /usr/share/man(/man.|)$|
+                    /usr/share/zsh(/site-functions|)$|
+                    /usr/share/dbus-1$|
+                    /usr/share/dbus-1/system.d$|
+                    /usr/share/dbus-1/(system-|)services$|
+                    /usr/share/polkit-1(/actions|/rules.d|)$|
+                    /usr/share/pkgconfig$|
+                    /usr/share/bash-completion(/completions|)$|
+                    /usr(/lib|/lib64|/bin|/sbin|)$|
+                    /usr/lib.*/(security|pkgconfig)$|
+                    /usr/lib/rpm(/macros.d|)$|
+                    /usr/lib/firewalld(/services|)$|
+                    /usr/share/(locale|licenses|doc)|             # no $
+                    /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
+                    /etc/(dnf|dnf/protected.d)$|
+                    /usr/(src|lib/debug)|                         # no $
+                    /run$|
+                    /var(/cache|/log|/lib|/run|)$
+    ''', n, re.X):
+        continue
+    if '/security/pam_' in n or '/man8/pam_' in n:
+        o = o_pam
+    elif '/rpm/' in n:
+        o = o_rpm_macros
+    elif '/usr/lib/systemd/tests' in n:
+        o = o_tests
+    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
+        o = o_devel
+    elif re.search(r'''journal-(remote|gateway|upload)|
+                       systemd-remote\.conf|
+                       /usr/share/systemd/gatewayd|
+                       /var/log/journal/remote
+    ''', n, re.X):
+        o = o_remote
+    elif re.search(r'''mymachines|
+                       machinectl|
+                       systemd-nspawn|
+                       import-pubring.gpg|
+                       systemd-(machined|import|pull)|
+                       /machine.slice|
+                       /machines.target|
+                       var-lib-machines.mount|
+                       org.freedesktop.(import|machine)1
+    ''', n, re.X):
+        o = o_container
+    elif re.search(r'''/usr/lib/systemd/network/80-|
+                       networkd|
+                       networkctl|
+                       org.freedesktop.network1
+    ''', n, re.X):
+        o = o_networkd
+    elif re.search(r'''resolved|
+                       resolvectl|
+                       resolvconf|
+                       org.freedesktop.resolve1|
+                       systemd-resolve|
+                       nss-resolve
+    ''', n, re.X):
+        o = o_resolved
+    elif '.so.' in n:
+        o = o_libs
+    elif re.search(r'''udev(?!\.pc)|
+                       hwdb|
+                       bootctl|
+                       sd-boot|systemd-boot\.|loader.conf|
+                       bless-boot|
+                       boot-system-token|
+                       kernel-install|
+                       vconsole|
+                       backlight|
+                       rfkill|
+                       random-seed|
+                       modules-load|
+                       timesync|
+                       cryptenroll|
+                       cryptsetup|
+                       kmod|
+                       quota|
+                       pstore|
+                       sleep|suspend|hibernate|
+                       systemd-tmpfiles-setup-dev|
+                       network/99-default.link|
+                       growfs|makefs|makeswap|mkswap|
+                       fsck|
+                       repart|
+                       gpt-auto|
+                       volatile-root|
+                       verity-setup|
+                       remount-fs|
+                       /boot$|
+                       /boot/efi|
+                       /kernel/|
+                       /kernel$|
+                       /modprobe.d
+    ''', n, re.X):
+        o = o_udev
+    elif re.search(r'''10-oomd-.*defaults\.conf|
+                       oomd\.conf|
+                       oomctl|
+                       org.freedesktop.oom1|
+                       systemd-oomd
+    ''', n, re.X):
+        o = o_oomd
+    elif n.endswith('.standalone'):
+        if 'tmpfiles' in n:
+            o = o_standalone_tmpfiles
+        elif 'sysusers' in n:
+            o = o_standalone_sysusers
+        else:
+            assert False, 'Found .standalone not belonging to known packages'
+    else:
+        o = o_rest
+
+    if n in known_files:
+        prefix = ' '.join(known_files[n].split()[:-1])
+        if prefix:
+            prefix += ' '
+    elif file.is_dir() and not file.is_symlink():
+        prefix = '%dir '
+    elif 'README' in n:
+        prefix = '%doc '
+    elif n.startswith('/etc'):
+        prefix = '%config(noreplace) '
+    else:
+        prefix = ''
+
+    suffix = '*' if '/man/' in n else ''
+
+    print(f'{prefix}{n}{suffix}', file=o)

SOURCES/sysctl.conf.README

@@ -0,0 +1,10 @@
+# sysctl settings are defined through files in
+# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
+#
+# Vendors settings live in /usr/lib/sysctl.d/.
+# To override a whole file, create a new file with the same in
+# /etc/sysctl.d/ and put new settings there. To override
+# only specific settings, add a file with a lexically later
+# name in /etc/sysctl.d/ and put new settings there.
+#
+# For more information, see sysctl.conf(5) and sysctl.d(5).

SOURCES/systemd-journal-gatewayd.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>systemd-journal-gatewayd</short>
+  <description>Journal Gateway Service</description>
+  <port protocol="tcp" port="19531"/>
+</service>

SOURCES/systemd-journal-remote.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>systemd-journal-remote</short>
+  <description>Journal Remote Sink</description>
+  <port protocol="tcp" port="19532"/>
+</service>

SOURCES/systemd-udev-trigger-no-reload.conf

@@ -0,0 +1,3 @@
+[Unit]
+# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
+RefuseManualStop=true

SOURCES/systemd-user

@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+account  include system-auth
+
+session  required pam_selinux.so close
+session  required pam_selinux.so nottys open
+session  required pam_loginuid.so
+session  include system-auth

SOURCES/sysusers.attr

@@ -0,0 +1,2 @@
+%__sysusers_provides	%{_rpmconfigdir}/sysusers.prov
+%__sysusers_path	^%{_sysusersdir}/.*\\.conf$

SOURCES/sysusers.generate-pre.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# This script turns sysuser.d files into scriptlets mandated by Fedora
+# packaging guidelines. The general idea is to define users using the
+# declarative syntax but to turn this into traditional scriptlets.
+
+user() {
+    user="$1"
+    uid="$2"
+    desc="$3"
+    group="$4"
+    home="$5"
+    shell="$6"
+
+[ "$desc" = '-' ] && desc=
+[ "$home" = '-' -o "$home" = '' ] && home=/
+[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
+
+if [ "$uid" = '-' -o "$uid" = '' ]; then
+    cat <<EOF
+getent passwd '$user' >/dev/null || \\
+    useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
+EOF
+else
+    cat <<EOF
+if ! getent passwd '$user' >/dev/null ; then
+    if ! getent passwd '$uid' >/dev/null ; then
+        useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+    else
+        useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
+    fi
+fi
+
+EOF
+fi
+}
+
+group() {
+    group="$1"
+    gid="$2"
+if [ "$gid" = '-' ]; then
+    cat <<EOF
+getent group '$group' >/dev/null || groupadd -r '$group'
+EOF
+else
+    cat <<EOF
+getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
+EOF
+fi
+}
+
+parse() {
+    while read line || [ "$line" ]; do
+        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+        line="${line## *}"
+        [ -z "$line" ] && continue
+        eval arr=( $line )
+        case "${arr[0]}" in
+            ('u')
+                group "${arr[1]}" "${arr[2]}"
+                user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
+                # TODO: user:group support
+                ;;
+            ('g')
+                group "${arr[1]}" "${arr[2]}"
+                ;;
+            ('m')
+                group "${arr[2]}" "-"
+                user "${arr[1]}" "-" "" "${arr[2]}"
+                ;;
+        esac
+    done
+}
+
+for fn in "$@"; do
+    [ -e "$fn" ] || continue
+    echo "# generated from $(basename $fn)"
+    parse < "$fn"
+done

SOURCES/sysusers.prov

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+parse() {
+    while read line; do
+        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
+        line="${line## *}"
+        [ -z "$line" ] && continue
+        set -- $line
+        case "$1" in
+            ('u')
+                echo "user($2)"
+                echo "group($2)"
+                # TODO: user:group support
+                ;;
+            ('g')
+                echo "group($2)"
+                ;;
+            ('m')
+                echo "user($2)"
+                echo "group($3)"
+                ;;
+        esac
+    done
+}
+
+while read fn; do
+    parse < "$fn"
+done

SOURCES/triggers.systemd

@@ -0,0 +1,89 @@
+#  -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  Copyright 2018 Neal Gompa
+
+# The contents of this are an example to be copied into systemd.spec.
+#
+# Minimum rpm version supported: 4.14.0
+
+%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
+# This script will run after any package is initially installed or
+# upgraded. We care about the case where a package is initially
+# installed, because other cases are covered by the *un scriptlets,
+# so sometimes we will reload needlessly.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/systemctl daemon-reload || :
+  %{_bindir}/systemctl reload-or-restart --marked || :
+fi
+
+%transfiletriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
+# On removal, we need to run daemon-reload after any units have been
+# removed.
+# On upgrade, we need to run daemon-reload after any new unit files
+# have been installed, but before %postun scripts in packages get
+# executed.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/systemctl daemon-reload || :
+fi
+
+%transfiletriggerpostun -P 10000 -- /usr/lib/systemd/system /etc/systemd/system
+# We restart remaining services that should be restarted here.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/systemctl reload-or-restart --marked || :
+fi
+
+%transfiletriggerin -P 1000700 -- /usr/lib/sysusers.d
+# This script will process files installed in /usr/lib/sysusers.d to create
+# specified users automatically. The priority is set such that it
+# will run before the tmpfiles file trigger.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/systemd-sysusers || :
+fi
+
+%transfiletriggerin -P 1000700 udev -- /usr/lib/udev/hwdb.d
+# This script will automatically invoke hwdb update if files have been
+# installed or updated in /usr/lib/udev/hwdb.d.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/systemd-hwdb update || :
+fi
+
+%transfiletriggerin -P 1000700 -- /usr/lib/systemd/catalog
+# This script will automatically invoke journal catalog update if files
+# have been installed or updated in /usr/lib/systemd/catalog.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/journalctl --update-catalog || :
+fi
+
+%transfiletriggerin -P 1000700 -- /usr/lib/binfmt.d
+# This script will automatically apply binfmt rules if files have been
+# installed or updated in /usr/lib/binfmt.d.
+if test -d "/run/systemd/system"; then
+  # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
+  # during install
+  /usr/lib/systemd/systemd-binfmt || :
+fi
+
+%transfiletriggerin -P 1000600 -- /usr/lib/tmpfiles.d
+# This script will process files installed in /usr/lib/tmpfiles.d to create
+# tmpfiles automatically. The priority is set such that it will run
+# after the sysusers file trigger, but before any other triggers.
+if test -d "/run/systemd/system"; then
+  %{_bindir}/systemd-tmpfiles --create || :
+fi
+
+%transfiletriggerin -P 1000600 udev -- /usr/lib/udev/rules.d
+# This script will automatically update udev with new rules if files
+# have been installed or updated in /usr/lib/udev/rules.d.
+if test -e /run/udev/control; then
+  %{_bindir}/udevadm control --reload || :
+fi
+
+%transfiletriggerin -P 1000500 -- /usr/lib/sysctl.d
+# This script will automatically apply sysctl rules if files have been
+# installed or updated in /usr/lib/sysctl.d.
+if test -d "/run/systemd/system"; then
+  /usr/lib/systemd/systemd-sysctl || :
+fi

SOURCES/yum-protect-systemd.conf

@@ -0,0 +1,2 @@
+systemd
+systemd-udev