Merge systemd-selinux 257.1-1 update

Merge AUR commit 94eb39c:
https://aur.archlinux.org/cgit/aur.git/commit/?h=systemd-selinux&id=94eb39cb44fdb71982836385b258cb4fe1f52810

Author: fishilico

systemd-selinux/.SRCINFO

@@ -1,5 +1,5 @@
 pkgbase = systemd-selinux
-	pkgver = 256.7
+	pkgver = 257.1
 	pkgrel = 1
 	url = https://www.github.com/systemd/systemd
 	arch = x86_64
@@ -57,7 +57,7 @@ pkgbase = systemd-selinux
 	makedepends = linux-headers
 	makedepends = libselinux
 	conflicts = mkinitcpio<38-1
-	source = git+https://github.com/systemd/systemd#tag=v256.7?signed
+	source = git+https://github.com/systemd/systemd#tag=v257.1?signed
 	source = 0001-Use-Arch-Linux-device-access-groups.patch
 	source = arch.conf
 	source = loader.conf
@@ -70,6 +70,7 @@ pkgbase = systemd-selinux
 	source = 30-systemd-daemon-reload-system.hook
 	source = 30-systemd-daemon-reload-user.hook
 	source = 30-systemd-hwdb.hook
+	source = 30-systemd-restart-marked.hook
 	source = 30-systemd-sysctl.hook
 	source = 30-systemd-tmpfiles.hook
 	source = 30-systemd-udev-reload.hook
@@ -78,19 +79,20 @@ pkgbase = systemd-selinux
 	validpgpkeys = A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E
 	validpgpkeys = 9A774DB5DB996C154EBBFBFDA0099A18E29326E1
 	validpgpkeys = 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E
-	sha512sums = 468f772b3dfa83483da75516499c50159206dc5f8e26d7a62fc08437c93a4e536c0b27ee7fa5ac11fb1bc27a9c0e41315261751e5cc7428629a30849aeb23386
-	sha512sums = 3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e
+	sha512sums = 53b14cfadf301a44fdfcaa2fe4b9d2371c85581544093b88e5afcee4e45c5bd8668aaae9dd6663363c24f3b610f9b0d6eb61f00df71d588bce8f6264424203e4
+	sha512sums = 78065bde708118b7d6e4ed492e096c763e4679a1c54bd98750d5d609d8cc2f1373023f308880f14fc923ae7f9fea34824917ef884c0f996b1f43d08ef022c0fb
 	sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648
 	sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5
 	sha512sums = 5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75
 	sha512sums = b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19
-	sha512sums = 9835dbb46a3942e89774dd26f295af30ed9eb2cf7ba574e3016b0b4357536a102eb58d72b3add0ea7fd2a56d46b097f273dd02f68840b7a0211c9dbd2b0b7c29
+	sha512sums = 81baa1ae439b0f4d1f09371a82c02db06a97a4fc35545fc2654f7905b4422fc8cf085f70304919a4323f39e662df1e05aa8d977d1dde73507527abe3072c386b
 	sha512sums = 299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5
 	sha512sums = 0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7
 	sha512sums = 2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc
 	sha512sums = a436d3f5126c6c0d6b58c6865e7bd38dbfbfb7babe017eeecb5e9d162c21902cbf4e0a68cf3ac2f99815106f9fa003b075bd2b4eb5d16333fa913df6e2f3e32a
 	sha512sums = 190112e38d5a5c0ca91b89cd58f95595262a551530a16546e1d84700fc9644aa2ca677953ffff655261e8a7bff6e6af4e431424df5f13c00bc90b77c421bc32d
 	sha512sums = a1661ab946c6cd7d3c6251a2a9fd68afe231db58ce33c92c42594aedb5629be8f299ba08a34713327b373a3badd1554a150343d8d3e5dfb102999c281bd49154
+	sha512sums = f6b154fdc612916d7788720cf703e34255b43ba2d19413de5f3f63f07508f4ce561ca138f987c2118c7128e1dfb01976b0ac7d5efee4d9ebaadd180e70fa013e
 	sha512sums = 9426829605bbb9e65002437e02ed54e35c20fdf94706770a3dc1049da634147906d6b98bf7f5e7516c84068396a12c6feaf72f92b51bdf19715e0f64620319de
 	sha512sums = da7a97d5d3701c70dd5388b0440da39006ee4991ce174777931fea2aa8c90846a622b2b911f02ae4d5fffb92680d9a7e211c308f0f99c04896278e2ee0d9a4dc
 	sha512sums = a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3
@@ -103,7 +105,7 @@ pkgname = systemd-selinux
 	license = CC0-1.0
 	license = GPL-2.0-or-later
 	license = MIT-0
-	depends = systemd-libs-selinux=256.7
+	depends = systemd-libs-selinux=257.1
 	depends = acl
 	depends = libacl.so
 	depends = bash
@@ -151,9 +153,9 @@ pkgname = systemd-selinux
 	optdepends = libp11-kit: support PKCS#11
 	optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2
 	provides = nss-myhostname
-	provides = systemd-tools=256.7
-	provides = udev=256.7
-	provides = systemd=256.7-1
+	provides = systemd-tools=257.1
+	provides = udev=257.1
+	provides = systemd=257.1-1
 	conflicts = nss-myhostname
 	conflicts = systemd-tools
 	conflicts = udev
@@ -194,37 +196,37 @@ pkgname = systemd-libs-selinux
 	provides = libsystemd.so
 	provides = libudev.so
 	provides = libsystemd-selinux
-	provides = systemd-libs=256.7-1
+	provides = systemd-libs=257.1-1
 	conflicts = libsystemd
 	conflicts = libsystemd-selinux
 	conflicts = systemd-libs
 	replaces = libsystemd-selinux
 
 pkgname = systemd-resolvconf-selinux
 	pkgdesc = systemd resolvconf replacement with SELinux support (for use with systemd-resolved)
-	depends = systemd-selinux=256.7
+	depends = systemd-selinux=257.1
 	provides = openresolv
 	provides = resolvconf
-	provides = systemd-resolvconf=256.7-1
+	provides = systemd-resolvconf=257.1-1
 	conflicts = resolvconf
-	conflicts = systemd-resolvconf=256.7-1
+	conflicts = systemd-resolvconf=257.1-1
 
 pkgname = systemd-sysvcompat-selinux
 	pkgdesc = sysvinit compat for systemd with SELinux support
-	depends = systemd-selinux=256.7
-	provides = systemd-sysvcompat=256.7-1
-	provides = selinux-systemd-sysvcompat=256.7-1
+	depends = systemd-selinux=257.1
+	provides = systemd-sysvcompat=257.1-1
+	provides = selinux-systemd-sysvcompat=257.1-1
 	conflicts = sysvinit
 	conflicts = systemd-sysvcompat
 	conflicts = selinux-systemd-sysvcompat
 
 pkgname = systemd-ukify-selinux
 	pkgdesc = Combine kernel and initrd into a signed Unified Kernel Image with SELinux support
-	depends = systemd-selinux=256.7
+	depends = systemd-selinux=257.1
 	depends = binutils
 	depends = python-cryptography
 	depends = python-pefile
 	optdepends = python-pillow: Show the size of splash image
 	optdepends = sbsigntools: Sign the embedded kernel
 	provides = ukify
-	provides = systemd-ukify=256.7-1
+	provides = systemd-ukify=257.1-1

systemd-selinux/0001-Use-Arch-Linux-device-access-groups.patch

@@ -1,10 +1,7 @@
-From 0e8c18bc2639da328274d02d9222ee2c1f6bf696 Mon Sep 17 00:00:00 2001
+From dfdd57b81916ac4c9a69b4c4400a9145d9746e9f Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <[email protected]>
 Date: Tue, 6 Mar 2018 23:39:47 +0100
 Subject: [PATCH] Use Arch Linux' device access groups
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
 
   cdrom   → optical
   dialout → uucp
@@ -17,10 +14,10 @@ Content-Transfer-Encoding: 8bit
  4 files changed, 19 insertions(+), 19 deletions(-)
 
 diff --git a/meson.build b/meson.build
-index 76ad51d3fb..5cf679b088 100644
+index d392610625..ab8689da68 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -915,19 +915,19 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
+@@ -940,19 +940,19 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
  static_ugids = []
  foreach option : ['adm-gid',
                    'audio-gid',
@@ -44,10 +41,10 @@ index 76ad51d3fb..5cf679b088 100644
                    'wheel-gid',
                    'systemd-journal-gid',
 diff --git a/meson_options.txt b/meson_options.txt
-index 814f340840..253a77ecb3 100644
+index 78ec25bfa3..0ac81db762 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
-@@ -257,10 +257,6 @@ option('adm-gid', type : 'integer', value : 0,
+@@ -287,10 +287,6 @@ option('adm-gid', type : 'integer', value : 0,
         description : 'soft-static allocation for the "adm" group')
  option('audio-gid', type : 'integer', value : 0,
         description : 'soft-static allocation for the "audio" group')
@@ -58,7 +55,7 @@ index 814f340840..253a77ecb3 100644
  option('disk-gid', type : 'integer', value : 0,
         description : 'soft-static allocation for the "disk" group')
  option('input-gid', type : 'integer', value : 0,
-@@ -271,18 +267,22 @@ option('kvm-gid', type : 'integer', value : 0,
+@@ -301,18 +297,22 @@ option('kvm-gid', type : 'integer', value : 0,
         description : 'soft-static allocation for the "kvm" group')
  option('lp-gid', type : 'integer', value : 0,
         description : 'soft-static allocation for the "lp" group')
@@ -84,19 +81,19 @@ index 814f340840..253a77ecb3 100644
         description : 'soft-static allocation for the "video" group')
  option('wheel-gid', type : 'integer', value : 0,
 diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
-index 843bdaf9ce..a192f091df 100644
+index 6f80feeecf..40c1bf3dbc 100644
 --- a/rules.d/50-udev-default.rules.in
 +++ b/rules.d/50-udev-default.rules.in
-@@ -26,7 +26,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620"
- SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
- SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
+@@ -39,7 +39,7 @@ SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
+ SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666"
+ SUBSYSTEM=="tty", KERNEL=="tty[0-9]*|hvc[0-9]*|sclp_line[0-9]*|ttysclp[0-9]*|3270/tty[0-9]*", GROUP="tty", MODE="0620"
  SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
 -KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
 +KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp"
 
  SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
 
-@@ -72,13 +72,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp"
+@@ -86,13 +86,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp"
  SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
 
  SUBSYSTEM=="block", GROUP="disk"
@@ -117,10 +114,10 @@ index 843bdaf9ce..a192f091df 100644
  KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk"
  KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control"
 diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in
-index a602b872e4..8d38febb6a 100644
+index 992af346ca..86e622e5dd 100644
 --- a/sysusers.d/basic.conf.in
 +++ b/sysusers.d/basic.conf.in
-@@ -23,17 +23,17 @@ g utmp    {{UTMP_GID   }}     -            -
+@@ -24,17 +24,17 @@ g utmp    {{UTMP_GID   }}     -            -
 
  # Physical and virtual hardware access groups
  g audio   {{AUDIO_GID  }}     -            -
@@ -141,41 +138,3 @@ index a602b872e4..8d38febb6a 100644
  g video   {{VIDEO_GID  }}     -            -
 
  # Default group for normal users
-
-From 9e2987a7b4d09d7b554141e9ef2c911cb3fda570 Mon Sep 17 00:00:00 2001
-From: Christian Hesse <[email protected]>
-Date: Mon, 27 Dec 2021 23:32:42 +0100
-Subject: [PATCH] generate tmpfiles.d/legacy.conf
-
----
- tmpfiles.d/legacy.conf.in | 3 ---
- tmpfiles.d/meson.build    | 2 +-
- 2 files changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in
-index 4f2c0d7c43..62e2ae0986 100644
---- a/tmpfiles.d/legacy.conf.in
-+++ b/tmpfiles.d/legacy.conf.in
-@@ -12,9 +12,6 @@
- 
- d /run/lock 0755 root root -
- L /var/lock - - - - ../run/lock
--{% if CREATE_LOG_DIRS %}
--L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
--{% endif %}
- 
- # /run/lock/subsys is used for serializing SysV service execution, and
- # hence without use on SysV-less systems.
-diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
-index ca1abbf3fe..25e2b53402 100644
---- a/tmpfiles.d/meson.build
-+++ b/tmpfiles.d/meson.build
-@@ -29,7 +29,7 @@ foreach pair : files
- endforeach
- 
- in_files = [['etc.conf',                      ''],
--            ['legacy.conf',                   'HAVE_SYSV_COMPAT'],
-+            ['legacy.conf',                   ''],
-             ['static-nodes-permissions.conf', ''],
-             ['systemd.conf',                  ''],
-             ['var.conf',                      ''],

systemd-selinux/30-systemd-restart-marked.hook

@@ -0,0 +1,9 @@
+[Trigger]
+Type = Path
+Operation = Upgrade
+Target = usr/lib/systemd/system/*
+
+[Action]
+Description = Restarting marked services...
+When = PostTransaction
+Exec = /usr/share/libalpm/scripts/systemd-hook restart-marked

systemd-selinux/PKGBUILD

@@ -6,13 +6,21 @@
 # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux.
 # If you want to help keep it up to date, please open a Pull Request there.
 
+# ➡️ Pushing pre-releases to [core-testing] can cause havoc, especially
+#   as all [core] packages are built there, and may be moved before.
+#   Anyway, pre-release packages may be available in my personal testing
+#   repository. Brave souls add it with:
+#     [eworm-testing]
+#     SigLevel = Required
+#     Server = https://pkgbuild.com/~eworm/$repo/$arch/
+
 pkgbase=systemd-selinux
 pkgname=('systemd-selinux'
          'systemd-libs-selinux'
          'systemd-resolvconf-selinux'
          'systemd-sysvcompat-selinux'
          'systemd-ukify-selinux')
-_tag='256.7'
+_tag='257.1'
 # Upstream versioning is incompatible with pacman's version comparisons, one
 # way or another. So we replace dashes and tildes with the empty string to
 # make sure pacman's version comparing does the right thing for rc versions:
@@ -51,23 +59,25 @@ source=("git+https://github.com/systemd/systemd#tag=v${_tag}?signed"
         '30-systemd-daemon-reload-system.hook'
         '30-systemd-daemon-reload-user.hook'
         '30-systemd-hwdb.hook'
+        '30-systemd-restart-marked.hook'
         '30-systemd-sysctl.hook'
         '30-systemd-tmpfiles.hook'
         '30-systemd-udev-reload.hook'
         '30-systemd-update.hook')
-sha512sums=('468f772b3dfa83483da75516499c50159206dc5f8e26d7a62fc08437c93a4e536c0b27ee7fa5ac11fb1bc27a9c0e41315261751e5cc7428629a30849aeb23386'
-            '3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e'
+sha512sums=('53b14cfadf301a44fdfcaa2fe4b9d2371c85581544093b88e5afcee4e45c5bd8668aaae9dd6663363c24f3b610f9b0d6eb61f00df71d588bce8f6264424203e4'
+            '78065bde708118b7d6e4ed492e096c763e4679a1c54bd98750d5d609d8cc2f1373023f308880f14fc923ae7f9fea34824917ef884c0f996b1f43d08ef022c0fb'
             '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648'
             'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5'
             '5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75'
             'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19'
-            '9835dbb46a3942e89774dd26f295af30ed9eb2cf7ba574e3016b0b4357536a102eb58d72b3add0ea7fd2a56d46b097f273dd02f68840b7a0211c9dbd2b0b7c29'
+            '81baa1ae439b0f4d1f09371a82c02db06a97a4fc35545fc2654f7905b4422fc8cf085f70304919a4323f39e662df1e05aa8d977d1dde73507527abe3072c386b'
             '299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5'
             '0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7'
             '2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc'
             'a436d3f5126c6c0d6b58c6865e7bd38dbfbfb7babe017eeecb5e9d162c21902cbf4e0a68cf3ac2f99815106f9fa003b075bd2b4eb5d16333fa913df6e2f3e32a'
             '190112e38d5a5c0ca91b89cd58f95595262a551530a16546e1d84700fc9644aa2ca677953ffff655261e8a7bff6e6af4e431424df5f13c00bc90b77c421bc32d'
             'a1661ab946c6cd7d3c6251a2a9fd68afe231db58ce33c92c42594aedb5629be8f299ba08a34713327b373a3badd1554a150343d8d3e5dfb102999c281bd49154'
+            'f6b154fdc612916d7788720cf703e34255b43ba2d19413de5f3f63f07508f4ce561ca138f987c2118c7128e1dfb01976b0ac7d5efee4d9ebaadd180e70fa013e'
             '9426829605bbb9e65002437e02ed54e35c20fdf94706770a3dc1049da634147906d6b98bf7f5e7516c84068396a12c6feaf72f92b51bdf19715e0f64620319de'
             'da7a97d5d3701c70dd5388b0440da39006ee4991ce174777931fea2aa8c90846a622b2b911f02ae4d5fffb92680d9a7e211c308f0f99c04896278e2ee0d9a4dc'
             'a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3'
@@ -78,6 +88,7 @@ _meson_vcs_tag='false'
 _meson_mode='release'
 _meson_compile=()
 _meson_install=()
+_systemd_src_dir="${pkgbase/-selinux}"
 
 if ((_systemd_UPSTREAM)); then
   _meson_version="${pkgver}"
@@ -91,14 +102,24 @@ if ((_systemd_UPSTREAM)); then
   fi
 fi
 
+# Some heuristics to detect that we are building on OBS, with no network access. Skip
+# git verification, and use the OBS-provided tarball instead. The sources will be
+# unpacked by OBS in $package-$version/
+# SELinux package maintenance note: ignore this, as skipping any form of validation is dangerous
+#if [ -f /.build/build.dist ] && [ -d /usr/src/packages/SOURCES ] &&  [ -d /usr/src/packages/BUILD ] &&  [ -d /usr/src/packages/OTHER ]; then
+#  source[0]="${pkgbase}-${pkgver}.tar.gz"
+#  sha512sums[0]='SKIP'
+#  _systemd_src_dir="${pkgbase}-${pkgver}"
+#fi
+
 _backports=(
 )
 
 _reverts=(
 )
 
 prepare() {
-  cd "${pkgbase/-selinux}"
+  cd "${_systemd_src_dir}"
 
   local _c _l
   for _c in "${_backports[@]}"; do
@@ -176,7 +197,7 @@ build() {
     -Dsbat-distro-url="https://aur.archlinux.org/packages/${pkgname}/"
   )
 
-  arch-meson "${pkgbase/-selinux}" build "${_meson_options[@]}" $MESON_EXTRA_CONFIGURE_OPTIONS
+  arch-meson "${_systemd_src_dir}" build "${_meson_options[@]}" $MESON_EXTRA_CONFIGURE_OPTIONS
 
   meson compile -C build "${_meson_compile[@]}"
 }

systemd-selinux/systemd-hook

@@ -41,7 +41,7 @@ case "$op" in
     ;;
   daemon-reload-user)
     systemd_live
-    /usr/bin/systemctl kill --kill-whom='main' --signal='SIGHUP' 'user@*.service'
+    /usr/bin/systemctl reload 'user@*.service'
     ;;
   hwdb)
     /usr/bin/systemd-hwdb --usr update
@@ -68,6 +68,12 @@ case "$op" in
     fi
     ;;
 
+  # marked with 'systemctl set-property ... Markers=needs-restart'
+  restart-marked)
+    systemd_live
+    /usr/bin/systemctl reload-or-restart --marked
+    ;;
+
   # For use by other packages
   reload)
     systemd_live

systemd-selinux/systemd.install

@@ -33,8 +33,16 @@ post_upgrade() {
   post_common "$@"
 
   if sd_booted; then
+    # reexec systemd system instance
     systemctl --system daemon-reexec
-    systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
+
+    # reexec systemd user instances
+    systemctl reload 'user@*.service'
+
+    # mark systemd services for later restart
+    for UNIT in $(systemctl list-units --state=running --plain --quiet 'systemd-*.service' | cut -d' ' -f1 | grep -Ev '^systemd-(logind|networkd)\.service$'); do
+      systemctl set-property --runtime "${UNIT}" Markers=needs-restart
+    done
   fi
 
   # show for feature release: 255 -> 256 -> 257 -> ...