https://bugs.gentoo.org/911723
https://github.com/systemd/systemd/issues/28588
https://github.com/systemd/systemd/issues/28653
https://github.com/systemd/systemd/pull/28681

(Skipped first commit as it was a revert of https://github.com/systemd/systemd/commit/a3d610998ad3b4c88224fe89a048a84dbceb652b.patc
which wasn't in 254.)

From 31845ef554877525dc4ff4f25ad11ad805ebf81c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 5 Aug 2023 04:37:19 +0900
Subject: [PATCH 2/4] unit: make udev rules take precesence over tmpfiles

Without this change, there are no ordering between udevd and tmpfiles,
and if tmpfiles is invoked later it may discard the permission set by
udevd.

Fixes an issue introduced by b42482af904ae0b94a6e4501ec595448f0ba1c06.

Fixes #28588 and #28653.
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -12,6 +12,7 @@ Description=Rule-based Manager for Device Events and Files
 Documentation=man:systemd-udevd.service(8) man:udev(7)
 DefaultDependencies=no
 After=systemd-sysusers.service systemd-hwdb-update.service
+After=systemd-tmpfiles-setup-dev.service
 Before=sysinit.target
 ConditionPathIsReadWrite=/sys
 

From b768379e8b494b025f41946205944a6f3a1a553f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 5 Aug 2023 04:52:16 +0900
Subject: [PATCH 3/4] test: add short test for device node permission

--- /dev/null
+++ b/test/units/testsuite-17.00.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+# Tests for issue #28588 and #28653.
+
+assert_in "systemd-tmpfiles-setup-dev.service" "$(systemctl show --property After --value systemd-udevd.service)"
+assert_in "systemd-udevd.service" "$(systemctl show --property Before --value systemd-tmpfiles-setup-dev.service)"
+
+if [[ -f /dev/vfio/vfio ]]; then
+   assert_in "crw-rw-rw-" "$(stat --format=%A /dev/vfio/vfio)"
+fi
+
+exit 0

From 23acdb8d0b04d46ecdc88a45594135c321dbfd5b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 5 Aug 2023 05:03:16 +0900
Subject: [PATCH 4/4] test: shorten timeout for 'udevadm monitor'

The command should never finish, it is not necessary to wait so long.
--- a/test/units/testsuite-17.10.sh
+++ b/test/units/testsuite-17.10.sh
@@ -79,13 +79,13 @@ udevadm info -w /sys/class/net/$netdev
 udevadm info --wait-for-initialization=5 /sys/class/net/$netdev
 udevadm info -h
 
-assert_rc 124 timeout 5 udevadm monitor
-assert_rc 124 timeout 5 udevadm monitor -k
-assert_rc 124 timeout 5 udevadm monitor -u
-assert_rc 124 timeout 5 udevadm monitor -s net
-assert_rc 124 timeout 5 udevadm monitor --subsystem-match net/$netdev
-assert_rc 124 timeout 5 udevadm monitor -t systemd
-assert_rc 124 timeout 5 udevadm monitor --tag-match hello
+assert_rc 124 timeout 1 udevadm monitor
+assert_rc 124 timeout 1 udevadm monitor -k
+assert_rc 124 timeout 1 udevadm monitor -u
+assert_rc 124 timeout 1 udevadm monitor -s net
+assert_rc 124 timeout 1 udevadm monitor --subsystem-match net/$netdev
+assert_rc 124 timeout 1 udevadm monitor -t systemd
+assert_rc 124 timeout 1 udevadm monitor --tag-match hello
 udevadm monitor -h
 
 udevadm settle