diff --git a/systemd.changes b/systemd.changes
index ee783f13..4172a984 100644
--- a/systemd.changes
+++ b/systemd.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Jul 22 11:53:27 UTC 2024 - Franck Bui <fbui@suse.com>
+
+- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
+
+  Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
+  inside comments unescaped leading to unpredictable behavior. Now why rpm
+  expands rpm macros inside comments is the question...
+
 -------------------------------------------------------------------
 Tue Jul 16 14:29:24 UTC 2024 - Franck Bui <fbui@suse.com>
 
diff --git a/systemd.spec b/systemd.spec
index c2947753..6214ac35 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -36,7 +36,7 @@
 %define _testsuitedir %{_systemd_util_dir}/tests
 %define xinitconfdir  %{?_distconfdir}%{!?_distconfdir:%{_sysconfdir}}/X11/xinit
 
-# Similar to %%with but return true/false. The value when the condition is
+# Similar to 'with' macro but return true/false. The value when the condition is
 # verified can be redefined when a second parameter is passed.
 %define __when_1() %{expand:%%{?with_%{1}:true}%%{!?with_%{1}:false}}
 %define __when_2() %{expand:%%{?with_%{1}:%{2}}%%{!?with_%{1}:false}}
@@ -124,7 +124,8 @@ BuildRequires:  pam-devel
 BuildRequires:  python3-Jinja2
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(blkid) >= 2.26
-# The following packages are only required by the execution of the unit tests during %%check
+# The following packages are only required by the execution of the unit tests
+# during the 'check' section.
 BuildRequires:  acl
 BuildRequires:  distribution-release
 BuildRequires:  python3-pefile
@@ -1069,9 +1070,10 @@ rm -f %{buildroot}%{_unitdir}/systemd-nspawn@.service
 rm -f %{buildroot}%{_systemd_util_dir}/systemd-ssh-proxy
 %endif
 
-# Don't drop %%pre section even if it becomes empty: the build process of
-# installation images uses a hardcoded list of packages with a %%pre that needs
-# to be run during the build and complains if it can't find one.
+# Don't drop the following 'pre' section even if it becomes empty: the build
+# process of installation images uses a hardcoded list of packages with a 'pre'
+# section that needs to be run during the build and complains if it can't find
+# one.
 %pre
 # We don't really need to enable these units explicitely since during
 # installation `systemctl preset-all` is executed at the end of the install
@@ -1124,7 +1126,8 @@ systemd-tmpfiles --create || :
 journalctl --update-catalog || :
 %endif
 
-# See the comment in %%pre about why we need to call %%systemd_pre.
+# See the comment in the 'pre' section about why we need to call 'systemd_pre'
+# macro.
 %systemd_post remote-fs.target
 %systemd_post getty@.service
 %systemd_post systemd-journald-audit.socket