Merge pull request #28919 from fbuihuu/custom-config-file-install-path

Custom config file install path

diff --git a/docs/FILE_DESCRIPTOR_STORE.md b/docs/FILE_DESCRIPTOR_STORE.md
index c14ae23051c84f7d032f800c8306a7ad387bb8c0..6cd6e1d3bd99180346ca9504b55573c7a7c3d746 100644 (file)
--- a/docs/FILE_DESCRIPTOR_STORE.md
+++ b/docs/FILE_DESCRIPTOR_STORE.md
@@ -1,5 +1,5 @@
 ---
-title: The File Descriptor Store
+title: File Descriptor Store
 category: Interfaces
 layout: default
 SPDX-License-Identifier: LGPL-2.1-or-later
@@ -8,9 +8,9 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 # The File Descriptor Store
 
 *TL;DR: The systemd service manager may optionally maintain a set of file
-descriptors for each service, that are under control of the service and that
-help making service restarts without losing connectivity or context easier to
-implement.*
+descriptors for each service. Those file descriptors are under control of the
+service. Storing file descriptors in the manager makes is easier to restart
+services without dropping connections or losing state.*
 
 Since its inception `systemd` has supported the *socket* *activation*
 mechanism: the service manager creates and listens on some sockets (and similar
@@ -32,12 +32,12 @@ maintains a duplicate of it (in the sense of UNIX
 also in possession of the service itself, and it may (and is expected to)
 invoke any operations on it that it likes.
 
-The primary use case of this logic is to permit services to restart seamlessly
+The primary use-case of this logic is to permit services to restart seamlessly
 (for example to update them to a newer version), without losing execution
 context, dropping pinned resources, terminating established connections or even
 just momentarily losing connectivity. In fact, as the file descriptors can be
-uploaded freely at any time during the service runtime, this can even be used to
-implement services that robustly handle abnormal termination and can recover
+uploaded freely at any time during the service runtime, this can even be used
+to implement services that robustly handle abnormal termination and can recover
 from that without losing pinned resources.
 
 Note that Linux supports the
@@ -58,7 +58,7 @@ permit the service to upload to the service manager to keep simultaneously.
 If set to values > 0, the fdstore is enabled. When invoked the service may now
 (asynchronously) upload file descriptors to the fdstore via the
 [`sd_pid_notify_with_fds()`](https://www.freedesktop.org/software/systemd/man/sd_pid_notify_with_fds.html)
-API call (or an equivalent reimplementation). When uploading the fds it is
+API call (or an equivalent re-implementation). When uploading the fds it is
 necessary to set the `FDSTORE=1` field in the message, to indicate what the fd
 is intended for. It's recommended to also set the `FDNAME=…` field to any
 string of choice, which may be used to identify the fd later.
@@ -98,20 +98,20 @@ updates, hence leaving two version of the service running at the same time is
 generally problematic. It also collides with the systemd service manager's
 general principle of guaranteeing a pristine execution environment, a pristine
 security context, and a pristine resource management context for freshly
-started services, without uncontrolled "left-overs" from previous runs. For
+started services, without uncontrolled "leftovers" from previous runs. For
 example: leaving processes from previous runs generally negatively affects
-lifecycle management (i.e. `KillMode=none` must be set), which disables large
+life-cycle management (i.e. `KillMode=none` must be set), which disables large
 parts of the service managers state tracking, resource management (as resource
 counters cannot start at zero during service activation anymore, since the old
 processes remaining skew them), security policies (as processes with possibly
 out-of-date security policies – SElinux, AppArmor, any LSM, seccomp, BPF — in
 effect remain), and similar.
 
-# File Descriptor Store Lifecycle
+# File Descriptor Store Life-cycle
 
 By default any file descriptor stored in the fdstore for which a `POLLHUP` or
 `POLLERR` is seen is automatically closed and removed from the fdstore. This
-behaviour can be turned off, by setting the `FDPOLL=0` field when uploading the
+behavior can be turned off, by setting the `FDPOLL=0` field when uploading the
 fd via `sd_notify_with_fds()`.
 
 The fdstore is automatically closed whenever the service is fully deactivated
@@ -119,7 +119,7 @@ and no jobs are queued for it anymore. This means that a restart job for a
 service will leave the fdstore intact, but a separate stop and start job for
 it — executed synchronously one after the other — will likely not.
 
-This behaviour can be modified via the
+This behavior can be modified via the
 [`FileDescriptorStorePreserve=`](https://www.freedesktop.org/software/systemd/man/systemd.service.html#FileDescriptorStorePreserve=)
 setting in service unit files. If set to `yes` the fdstore will be kept as long
 as the service definition is loaded into memory by the service manager, i.e. as
@@ -141,12 +141,12 @@ received, to make the service robust for code updates: if an old version
 uploaded an fd that the new version doesn't recognize anymore it's good idea to
 close it both in the service and in the fdstore.
 
-Note that storing a duplicate of an fd in the fdstore means the fd remains
-pinned even if the service closes it. This in particular means that peers on a
-connection socket uploaded this way will not receive an automatic `POLLHUP`
-event anymore if the service code issues `close()` on the socket. It must
-accompany it with an `FDSTOREREMOVE=1` notification to the service manager, so
-that the fd is comprehensively closed.
+Note that storing a duplicate of an fd in the fdstore means the resource pinned
+by the fd remains pinned even if the service closes its duplicate of the
+fd. This in particular means that peers on a connection socket uploaded this
+way will not receive an automatic `POLLHUP` event anymore if the service code
+issues `close()` on the socket. It must accompany it with an `FDSTOREREMOVE=1`
+notification to the service manager, so that the fd is comprehensively closed.
 
 # Access Control
 
@@ -175,9 +175,28 @@ interrupting connectivity or established connections and similar.
 This mechanism can be enabled either by making sure the service survives until
 the very end (i.e. by setting `DefaultDependencies=no` so that it keeps running
 for the whole system lifetime without being regularly deactivated at shutdown)
-or by setting `FileDescriptorStorePresever=yes` (and referencing the unit
+or by setting `FileDescriptorStorePreserve=yes` (and referencing the unit
 continuously).
 
+For further details see [Resource
+Pass-Through](https://www.freedesktop.org/software/systemd/man/systemd-soft-reboot.service.html#Resource%20Pass-Through).
+
+# initrd Transitions
+
+The fdstore may also be used to hand over file descriptor to resources from the
+initrd context to the main system. This is important as code running off the
+initrd should generally not continue to run after the initrd to host
+transition, since it pins the backing files from the initrd, and might run a
+slightly different version of things than the host.
+
+Any service that still runs during the initrd→host transition will have its
+fdstore passed over the transition, where it will be passed back to any queued
+services of the same name.
+
+The soft reboot cycle transition and the initrd→host transition are
+semantically very similar, hence similar rules apply, and in both cases it is
+recommended to use the fdstore if pinned resources shall be passed over.
+
 # Debugging
 
 The

diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb
index 48858a11d34c36e59cd35780882d384126b074d5..f208cb90559a184b04e4ffa5bcbb957811c18381 100644 (file)
--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@@ -173,6 +173,10 @@ evdev:atkbd:dmi:*:svnPackardBell:pndots:*:rvnPackardBell:rnSJE01_CT:*
  KEYBOARD_KEY_ce=unknown  # Brightness Up, also emitted by acpi-video, ignore
  KEYBOARD_KEY_ef=unknown  # Brightness Down, also emitted by acpi-video, ignore
 
+# Predator PT314-52s
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnPredator*PT314-52s:pvr*
+ KEYBOARD_KEY_66=micmute                                # Microphone mute button
+
 # Predator PH 315-52
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnPredator*PH*315-52:*
  KEYBOARD_KEY_ef=kbdillumup                             # Fn+F10

diff --git a/man/org.freedesktop.hostname1.xml b/man/org.freedesktop.hostname1.xml
index 9eb2f69c3bcf96dd00fcbe256bd66036a1148566..a079837a67eae611fbd1c44cee79f4b489e62701 100644 (file)
--- a/man/org.freedesktop.hostname1.xml
+++ b/man/org.freedesktop.hostname1.xml
@@ -418,4 +418,16 @@ node /org/freedesktop/hostname1 {
     <para>David Zeuthen's original Fedora
     <ulink url="https://fedoraproject.org/wiki/Features/BetterHostname">Feature page about xdg-hostname</ulink></para>
   </refsect1>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>The D-Bus API</title>
+      <para><varname>FirmwareVersion</varname> and
+      <function>GetHardwareSerial()</function> were added in version 251.</para>
+      <para><varname>OperatingSystemSupportEnd</varname>,
+      <varname>FirmwareVendor</varname>, and
+      <varname>FirmwareDate</varname> were added in version 253.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/man/org.freedesktop.login1.xml b/man/org.freedesktop.login1.xml
index 5f7b711aaab734bfb80ae7410a70344f135bdaa9..4a94656f6625d921c3090b253755684fb4cce60c 100644 (file)
--- a/man/org.freedesktop.login1.xml
+++ b/man/org.freedesktop.login1.xml
@@ -1505,4 +1505,23 @@ node /org/freedesktop/login1/session/1 {
   </refsect1>
 
   <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>The Manager Object</title>
+      <para><varname>HandlePowerKeyLongPress</varname>,
+      <varname>HandleRebootKey</varname>,
+      <varname>HandleRebootKeyLongPress</varname>,
+      <varname>HandleSuspendKeyLongPress</varname>, and
+      <varname>HandleHibernateKeyLongPress</varname> were added in version 251.</para>
+      <para><varname>StopIdleSessionUSec</varname> was added in version 252.</para>
+      <para><function>PrepareForShutdownWithMetadata</function> was added in version 255.</para>
+    </refsect2>
+    <refsect2>
+      <title>Session Objects</title>
+      <para><function>SetDisplay()</function> was added in version 252.</para>
+      <para><function>SetTTY()</function> was added in version 254.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/man/org.freedesktop.machine1.xml b/man/org.freedesktop.machine1.xml
index c366c1b19a2ab6287383228007d5e3e744064ba1..1af77e003504911228af30528426a8a847a39ba2 100644 (file)
--- a/man/org.freedesktop.machine1.xml
+++ b/man/org.freedesktop.machine1.xml
@@ -670,4 +670,18 @@ $ gdbus introspect --system \
   </refsect1>
 
   <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>The Manager Object</title>
+      <para><function>CopyFromMachineWithFlags()</function> and
+      <function>CopyToMachineWithFlags()</function> were added in version 252.</para>
+    </refsect2>
+    <refsect2>
+      <title>Machine Objects</title>
+      <para><function>CopyFromWithFlags()</function> and
+      <function>CopyToWithFlags()</function> were added in version 252.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/man/org.freedesktop.network1.xml b/man/org.freedesktop.network1.xml
index f022463310e5e3ea5ad46742d2b4624564f28dc0..02013c57bbd5805263abd3c14de3b6ad68857459 100644 (file)
--- a/man/org.freedesktop.network1.xml
+++ b/man/org.freedesktop.network1.xml
@@ -573,4 +573,16 @@ $ gdbus introspect --system \
   </refsect1>
 
   <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>DHCPv4 Client Object</title>
+      <para><varname>State</varname> was added in version 255.</para>
+    </refsect2>
+    <refsect2>
+      <title>DHCPv6 Client Object</title>
+      <para><varname>State</varname> was added in version 255.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/man/org.freedesktop.oom1.xml b/man/org.freedesktop.oom1.xml
index c6b8c7fb3d65fea3d156e370cfbc149d0f129c75..8339e63873e8a458ea97c6792efd9ff9d7483626 100644 (file)
--- a/man/org.freedesktop.oom1.xml
+++ b/man/org.freedesktop.oom1.xml
@@ -95,4 +95,12 @@ node /org/freedesktop/oom1 {
   </refsect1>
 
   <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>The Manager Object</title>
+      <para><function>Killed</function> was added in version 252.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml
index 3b28f1dbfa007717b024b47b0cd0dcddc581a308..e5902a032894963a7ede32b29c265e39be4240fb 100644 (file)
--- a/man/org.freedesktop.portable1.xml
+++ b/man/org.freedesktop.portable1.xml
@@ -566,4 +566,17 @@ node /org/freedesktop/portable1 {
   </refsect1>
 
   <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>The Manager Object</title>
+      <para><function>GetImageStateWithExtensions()</function> was added in version 251.</para>
+    </refsect2>
+    <refsect2>
+      <title>The Image Object</title>
+      <para><function>GetStateWithExtensions()</function> was added in version 251.</para>
+      <para><function>ReattachWithExtensions()</function> was added in version 254.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 47d4b4828b43e5d9535f9b22815977bc3641b480..85feae089ebf90abf5c7c003841f9f6324bf6aa8 100644 (file)
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -11502,4 +11502,168 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
   </refsect1>
 
   <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
+
+  <refsect1>
+    <title>History</title>
+    <refsect2>
+      <title>The Manager Object</title>
+      <para><varname>RuntimeWatchdogPreUSec</varname> and
+      <varname>RuntimeWatchdogPreGovernor</varname> were added in version 251.</para>
+      <para><varname>WatchdogDevice</varname>,
+      <varname>WatchdogLastPingTimestamp</varname>,
+      <varname>WatchdogLastPingTimestampMonotonic</varname>,
+      <varname>DefaultDeviceTimeoutUSec</varname>,
+      <function>DumpUnitsMatchingPatterns()</function>, and
+      <function>DumpUnitsMatchingPatternsByFileDescriptor()</function> were added in version 252.</para>
+      <para><function>GetUnitByPIDFD()</function> and
+      <function>DisableUnitFilesWithFlagsAndInstallInfo()</function> were added in version 253.</para>
+      <para><varname>ConfidentialVirtualization</varname>,
+      <varname>DefaultIOAccounting</varname>,
+      <varname>DefaultIPAccounting</varname>,
+      <varname>DefaultMemoryPressureThresholdUSec</varname>,
+      <varname>DefaultMemoryPressureWatch</varname>,
+      <function>QueueSignalUnit()</function>,
+      <function>SoftReboot()</function>, and
+      <function>DumpUnitFileDescriptorStore()</function> were added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Unit Objects</title>
+      <para><varname>Upholds</varname> and
+      <varname>UpheldBy</varname> were added in version 251.</para>
+      <para><varname>AccessSELinuxContext</varname> and
+      <varname>ActivationDetails</varname> were added in version 252.</para>
+      <para><function>QueueSignal()</function> was added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Service Unit Objects</title>
+      <para><varname>ControlGroupId</varname> and
+      <varname>ExtensionDirectories</varname> were added in version 251.</para>
+      <para><varname>OpenFile</varname>,
+      <varname>ReloadSignal</varname>,
+      <varname>MemoryZSwapMax</varname>, and
+      <varname>LogFilterPatterns</varname> were added in version 253.</para>
+      <para><varname>RestartMode</varname>,
+      <varname>RestartSteps</varname>,
+      <varname>RestartMaxDelayUSec</varname>,
+      <varname>RestartUSecNext</varname>,
+      <varname>FileDescriptorStorePreserve</varname>,
+      <function>DumpFileDescriptorStore()</function>,
+      <varname>DelegateSubgroup</varname>,
+      <varname>DefaultStartupMemoryLow</varname>,
+      <varname>StartupMemoryLow</varname>,
+      <varname>StartupMemoryHigh</varname>,
+      <varname>StartupMemoryMax</varname>,
+      <varname>StartupMemorySwapMax</varname>,
+      <varname>StartupMemoryZSwapMax</varname>,
+      <varname>MemoryPressureWatch</varname>,
+      <varname>MemoryPressureThresholdUSec</varname>,
+      <varname>RootEphemeral</varname>,
+      <varname>ImportCredential</varname>,
+      <varname>MemoryKSM</varname>,
+      <varname>RootImagePolicy</varname>,
+      <varname>MountImagePolicy</varname>, and
+      <varname>ExtensionImagePolicy</varname> were added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Socket Unit Objects</title>
+      <para><varname>ControlGroupId</varname> and
+      <varname>ExtensionDirectories</varname> were added in version 251.</para>
+      <para><varname>MemoryZSwapMax</varname> and
+      <varname>LogFilterPatterns</varname> were added in version 253.</para>
+      <para><varname>DelegateSubgroup</varname>,
+      <varname>DefaultStartupMemoryLow</varname>,
+      <varname>StartupMemoryLow</varname>,
+      <varname>StartupMemoryHigh</varname>,
+      <varname>StartupMemoryMax</varname>,
+      <varname>StartupMemorySwapMax</varname>,
+      <varname>StartupMemoryZSwapMax</varname>,
+      <varname>MemoryPressureWatch</varname>,
+      <varname>MemoryPressureThresholdUSec</varname>,
+      <varname>RootEphemeral</varname>,
+      <varname>ImportCredential</varname>,
+      <varname>MemoryKSM</varname>,
+      <varname>RootImagePolicy</varname>,
+      <varname>MountImagePolicy</varname>, and
+      <varname>ExtensionImagePolicy</varname> were added in version 254.</para>
+      <para><varname>PollLimitIntervalUSec</varname> and
+      <varname>PollLimitBurst</varname> were added in version 255.</para>
+    </refsect2>
+    <refsect2>
+      <title>Mount Unit Objects</title>
+      <para><varname>ControlGroupId</varname> and
+      <varname>ExtensionDirectories</varname> were added in version 251.</para>
+      <para><varname>MemoryZSwapMax</varname> and
+      <varname>LogFilterPatterns</varname> were added in version 253.</para>
+      <para><varname>DelegateSubgroup</varname>,
+      <varname>DefaultStartupMemoryLow</varname>,
+      <varname>StartupMemoryLow</varname>,
+      <varname>StartupMemoryHigh</varname>,
+      <varname>StartupMemoryMax</varname>,
+      <varname>StartupMemorySwapMax</varname>,
+      <varname>StartupMemoryZSwapMax</varname>,
+      <varname>MemoryPressureWatch</varname>,
+      <varname>MemoryPressureThresholdUSec</varname>,
+      <varname>RootEphemeral</varname>,
+      <varname>ImportCredential</varname>,
+      <varname>MemoryKSM</varname>,
+      <varname>RootImagePolicy</varname>,
+      <varname>MountImagePolicy</varname>, and
+      <varname>ExtensionImagePolicy</varname> were added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Swap Unit Objects</title>
+      <para><varname>ControlGroupId</varname> and
+      <varname>ExtensionDirectories</varname> were added in version 251.</para>
+      <para><varname>MemoryZSwapMax</varname> and
+      <varname>LogFilterPatterns</varname> were added in version 253.</para>
+      <para><varname>DelegateSubgroup</varname>,
+      <varname>DefaultStartupMemoryLow</varname>,
+      <varname>StartupMemoryLow</varname>,
+      <varname>StartupMemoryHigh</varname>,
+      <varname>StartupMemoryMax</varname>,
+      <varname>StartupMemorySwapMax</varname>,
+      <varname>StartupMemoryZSwapMax</varname>,
+      <varname>MemoryPressureWatch</varname>,
+      <varname>MemoryPressureThresholdUSec</varname>,
+      <varname>RootEphemeral</varname>,
+      <varname>ImportCredential</varname>,
+      <varname>MemoryKSM</varname>,
+      <varname>RootImagePolicy</varname>,
+      <varname>MountImagePolicy</varname>, and
+      <varname>ExtensionImagePolicy</varname> were added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Slice Unit Objects</title>
+      <para><varname>ControlGroupId</varname> was added in version 251.</para>
+      <para><varname>MemoryZSwapMax</varname> was added in version 253.</para>
+      <para><varname>DelegateSubgroup</varname>,
+      <varname>DefaultStartupMemoryLow</varname>,
+      <varname>StartupMemoryLow</varname>,
+      <varname>StartupMemoryHigh</varname>,
+      <varname>StartupMemoryMax</varname>,
+      <varname>StartupMemorySwapMax</varname>,
+      <varname>StartupMemoryZSwapMax</varname>,
+      <varname>MemoryPressureWatch</varname>, and
+      <varname>MemoryPressureThresholdUSec</varname> were added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Scope Unit Objects</title>
+      <para><varname>ControlGroupId</varname> was added in version 251.</para>
+      <para><varname>OOMPolicy</varname> and
+      <varname>MemoryZSwapMax</varname> were added in version 253.</para>
+      <para><varname>DelegateSubgroup</varname>,
+      <varname>DefaultStartupMemoryLow</varname>,
+      <varname>StartupMemoryLow</varname>,
+      <varname>StartupMemoryHigh</varname>,
+      <varname>StartupMemoryMax</varname>,
+      <varname>StartupMemorySwapMax</varname>,
+      <varname>StartupMemoryZSwapMax</varname>,
+      <varname>MemoryPressureWatch</varname>, and
+      <varname>MemoryPressureThresholdUSec</varname> were added in version 254.</para>
+    </refsect2>
+    <refsect2>
+      <title>Job Objects</title>
+      <para><varname>ActivationDetails</varname> was added in version 252.</para>
+    </refsect2>
+  </refsect1>
 </refentry>

diff --git a/po/cs.po b/po/cs.po
index aabdc7c343847cf58bbd8b327c3471e6c0ef770c..8637881e530baa749439d85016850340af5ab512 100644 (file)
--- a/po/cs.po
+++ b/po/cs.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2023-07-14 10:32+0100\n"
-"PO-Revision-Date: 2023-07-22 16:21+0000\n"
+"PO-Revision-Date: 2023-09-19 14:35+0000\n"
 "Last-Translator: Daniel Rusek <mail@asciiwolf.com>\n"
 "Language-Team: Czech <https://translate.fedoraproject.org/projects/systemd/"
 "master/cs/>\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2);\n"
-"X-Generator: Weblate 4.18.2\n"
+"X-Generator: Weblate 5.0.2\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -120,11 +120,13 @@ msgstr "Pro změnu hesla domovského adresáře uživatele je vyžadováno ově
 #, c-format
 msgid "Home of user %s is currently absent, please plug in the necessary storage device or backing file system."
 msgstr ""
+"Domovská složka uživatele %s v tuto chvíli není dostupná, připojte prosím "
+"potřebné úložné zařízení nebo záložní souborový systém."
 
 #: src/home/pam_systemd_home.c:292
 #, c-format
 msgid "Too frequent login attempts for user %s, try again later."
-msgstr ""
+msgstr "Příliš časté pokusy o přihlášení uživatele %s, zkuste to znovu později."
 
 #: src/home/pam_systemd_home.c:304
 msgid "Password: "
@@ -147,6 +149,8 @@ msgstr "Obnovovací klíč: "
 #, c-format
 msgid "Password/recovery key incorrect or not sufficient for authentication of user %s."
 msgstr ""
+"Heslo/obnovovací klíč jsou nesprávné nebo nedostatečné pro ověření uživatele "
+"%s."
 
 #: src/home/pam_systemd_home.c:332
 msgid "Sorry, reenter recovery key: "
@@ -155,59 +159,67 @@ msgstr "Je nám líto, zadejte obnovovací klíč znovu: "
 #: src/home/pam_systemd_home.c:352
 #, c-format
 msgid "Security token of user %s not inserted."
-msgstr ""
+msgstr "Bezpečnostní token uživatele %s není vložen."
 
 #: src/home/pam_systemd_home.c:353 src/home/pam_systemd_home.c:356
 msgid "Try again with password: "
-msgstr ""
+msgstr "Zkuste znovu s heslem: "
 
 #: src/home/pam_systemd_home.c:355
 #, c-format
 msgid "Password incorrect or not sufficient, and configured security token of user %s not inserted."
 msgstr ""
+"Nesprávné nebo nedostatečné heslo a není vložen nakonfigurovaný bezpečnostní "
+"token uživatele %s."
 
 #: src/home/pam_systemd_home.c:376
 msgid "Security token PIN: "
-msgstr ""
+msgstr "PIN bezpečnostního tokenu: "
 
 #: src/home/pam_systemd_home.c:393
 #, c-format
 msgid "Please authenticate physically on security token of user %s."
-msgstr ""
+msgstr "Ověřte se prosím fyzicky na bezpečnostním tokenu uživatele %s."
 
 #: src/home/pam_systemd_home.c:404
 #, c-format
 msgid "Please confirm presence on security token of user %s."
-msgstr ""
+msgstr "Potvrďte prosím přítomnost na bezpečnostním tokenu uživatele %s."
 
 #: src/home/pam_systemd_home.c:415
 #, c-format
 msgid "Please verify user on security token of user %s."
-msgstr ""
+msgstr "Ověřte prosím uživatele na bezpečnostním tokenu uživatele %s."
 
 #: src/home/pam_systemd_home.c:424
 msgid "Security token PIN is locked, please unlock it first. (Hint: Removal and re-insertion might suffice.)"
 msgstr ""
+"PIN bezpečnostního tokenu je uzamčen, nejprve jej prosím odemkněte. (Tip: "
+"Vyjmutí a opětovné vložení může stačit.)"
 
 #: src/home/pam_systemd_home.c:432
 #, c-format
 msgid "Security token PIN incorrect for user %s."
-msgstr ""
+msgstr "Nesprávný PIN bezpečnostního tokenu pro uživatele %s."
 
 #: src/home/pam_systemd_home.c:433 src/home/pam_systemd_home.c:452
 #: src/home/pam_systemd_home.c:471
 msgid "Sorry, retry security token PIN: "
-msgstr ""
+msgstr "Je nám líto, zkuste PIN bezpečnostního tokenu znovu: "
 
 #: src/home/pam_systemd_home.c:451
 #, c-format
 msgid "Security token PIN of user %s incorrect (only a few tries left!)"
 msgstr ""
+"PIN bezpečnostního tokenu uživatele %s je nesprávný (zbývá jen několik "
+"pokusů!)"
 
 #: src/home/pam_systemd_home.c:470
 #, c-format
 msgid "Security token PIN of user %s incorrect (only one try left!)"
 msgstr ""
+"PIN bezpečnostního tokenu uživatele %s je nesprávný (zbývá pouze jeden "
+"pokus!)"
 
 #: src/home/pam_systemd_home.c:616
 #, c-format

diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index b2b0ddd1907b3272f4772a7db41e7c4e2a53114e..92caccfcd476e9c282097ae417e1cc0aa2a7c1ba 100644 (file)
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -39,12 +39,12 @@
 #include "user-util.h"
 #include "xattr-util.h"
 
-static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) {
+static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
         _cleanup_free_ char *fs = NULL;
         FILE *f;
         int r;
 
-        assert(_f);
+        assert(ret);
 
         r = cg_get_path(controller, path, item, &fs);
         if (r < 0)
@@ -54,36 +54,39 @@ static int cg_enumerate_items(const char *controller, const char *path, FILE **_
         if (!f)
                 return -errno;
 
-        *_f = f;
+        *ret = f;
         return 0;
 }
 
-int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
-        return cg_enumerate_items(controller, path, _f, "cgroup.procs");
+int cg_enumerate_processes(const char *controller, const char *path, FILE **ret) {
+        return cg_enumerate_items(controller, path, ret, "cgroup.procs");
 }
 
-int cg_read_pid(FILE *f, pid_t *_pid) {
+int cg_read_pid(FILE *f, pid_t *ret) {
         unsigned long ul;
 
-        /* Note that the cgroup.procs might contain duplicates! See
-         * cgroups.txt for details. */
+        /* Note that the cgroup.procs might contain duplicates! See cgroups.txt for details. */
 
         assert(f);
-        assert(_pid);
+        assert(ret);
 
         errno = 0;
         if (fscanf(f, "%lu", &ul) != 1) {
 
-                if (feof(f))
+                if (feof(f)) {
+                        *ret = 0;
                         return 0;
+                }
 
                 return errno_or_else(EIO);
         }
 
         if (ul <= 0)
                 return -EIO;
+        if (ul > PID_T_MAX)
+                return -EIO;
 
-        *_pid = (pid_t) ul;
+        *ret = (pid_t) ul;
         return 1;
 }
 
@@ -178,12 +181,12 @@ bool cg_kill_supported(void) {
         return supported;
 }
 
-int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) {
+int cg_enumerate_subgroups(const char *controller, const char *path, DIR **ret) {
         _cleanup_free_ char *fs = NULL;
-        int r;
         DIR *d;
+        int r;
 
-        assert(_d);
+        assert(ret);
 
         /* This is not recursive! */
 
@@ -195,13 +198,13 @@ int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) {
         if (!d)
                 return -errno;
 
-        *_d = d;
+        *ret = d;
         return 0;
 }
 
-int cg_read_subgroup(DIR *d, char **fn) {
+int cg_read_subgroup(DIR *d, char **ret) {
         assert(d);
-        assert(fn);
+        assert(ret);
 
         FOREACH_DIRENT_ALL(de, d, return -errno) {
                 char *b;
@@ -216,10 +219,11 @@ int cg_read_subgroup(DIR *d, char **fn) {
                 if (!b)
                         return -ENOMEM;
 
-                *fn = b;
+                *ret = b;
                 return 1;
         }
 
+        *ret = NULL;
         return 0;
 }
 

diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index 9b30ae03960aca4bab6f2d03ed6a8a8e3deb8a8d..6e7845345ae88eec44b1aff6b3967f9e35a6cf7e 100644 (file)
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -176,13 +176,12 @@ typedef enum CGroupUnified {
  * generate paths with multiple adjacent / removed.
  */
 
-int cg_enumerate_processes(const char *controller, const char *path, FILE **_f);
-int cg_read_pid(FILE *f, pid_t *_pid);
-int cg_read_event(const char *controller, const char *path, const char *event,
-                  char **val);
+int cg_enumerate_processes(const char *controller, const char *path, FILE **ret);
+int cg_read_pid(FILE *f, pid_t *ret);
+int cg_read_event(const char *controller, const char *path, const char *event, char **ret);
 
-int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d);
-int cg_read_subgroup(DIR *d, char **fn);
+int cg_enumerate_subgroups(const char *controller, const char *path, DIR **ret);
+int cg_read_subgroup(DIR *d, char **ret);
 
 typedef enum CGroupFlags {
         CGROUP_SIGCONT     = 1 << 0,

diff --git a/src/basic/pidref.h b/src/basic/pidref.h
index 65c771993808874a5745cdcfd7795b9d3671392f..84f3dee12980f4145c9c2e0ed80fe765d1afb22a 100644 (file)
--- a/src/basic/pidref.h
+++ b/src/basic/pidref.h
@@ -15,6 +15,18 @@ static inline bool pidref_is_set(const PidRef *pidref) {
         return pidref && pidref->pid > 0;
 }
 
+static inline bool pidref_equal(const PidRef *a, const PidRef *b) {
+
+        if (pidref_is_set(a)) {
+                if (!pidref_is_set(b))
+                        return false;
+
+                return a->pid == b->pid;
+        }
+
+        return !pidref_is_set(b);
+}
+
 int pidref_set_pid(PidRef *pidref, pid_t pid);
 int pidref_set_pidstr(PidRef *pidref, const char *pid);
 int pidref_set_pidfd(PidRef *pidref, int fd);

diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 83cdd87afc15ee05efad255250973fe19f97f1b0..39b1c9abdbad16c709625d621673684130eb8582 100644 (file)
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -17,6 +17,7 @@
 #include "proto/device-path.h"
 #include "proto/simple-text-io.h"
 #include "random-seed.h"
+#include "sbat.h"
 #include "secure-boot.h"
 #include "shim.h"
 #include "ticks.h"
@@ -34,6 +35,8 @@ _used_ _section_(".osrel") static const char osrel[] =
         "VERSION=\"" GIT_VERSION "\"\n"
         "NAME=\"systemd-boot " GIT_VERSION "\"\n";
 
+DECLARE_SBAT(SBAT_BOOT_SECTION_TEXT);
+
 typedef enum LoaderType {
         LOADER_UNDEFINED,
         LOADER_AUTO,
@@ -2388,7 +2391,9 @@ static EFI_STATUS image_start(
         if (err != EFI_SUCCESS)
                 return log_error_status(err, "Error loading %ls: %m", entry->loader);
 
-        if (entry->devicetree) {
+        /* DTBs are loaded by the kernel before ExitBootServices, and they can be used to map and assign
+         * arbitrary memory ranges, so skip it when secure boot is enabled as the DTB here is unverified. */
+        if (entry->devicetree && !secure_boot_enabled()) {
                 err = devicetree_install(&dtstate, image_root, entry->devicetree);
                 if (err != EFI_SUCCESS)
                         return log_error_status(err, "Error loading %ls: %m", entry->devicetree);

diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
index 3a80712fe0631af15792b3f883972021c591e4a8..f6776af917825b274142a40f268a6d2537419564 100644 (file)
--- a/src/boot/efi/secure-boot.c
+++ b/src/boot/efi/secure-boot.c
@@ -2,7 +2,6 @@
 
 #include "console.h"
 #include "proto/security-arch.h"
-#include "sbat.h"
 #include "secure-boot.h"
 #include "util.h"
 #include "vmm.h"
@@ -33,10 +32,6 @@ SecureBootMode secure_boot_mode(void) {
         return decode_secure_boot_mode(secure, audit, deployed, setup);
 }
 
-#ifdef SBAT_DISTRO
-static const char sbat[] _used_ _section_(".sbat") = SBAT_SECTION_TEXT;
-#endif
-
 EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path, bool force) {
         assert(root_dir);
         assert(path);

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index e34fc77faa563ca0af437bed4ecb269215a91dae..6cd5ccb5d4470ae88cbd8b8cce33835ba3987bcb 100644 (file)
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -10,6 +10,7 @@
 #include "pe.h"
 #include "proto/shell-parameters.h"
 #include "random-seed.h"
+#include "sbat.h"
 #include "secure-boot.h"
 #include "shim.h"
 #include "splash.h"
@@ -22,6 +23,8 @@
 /* magic string to find in the binary image */
 _used_ _section_(".sdmagic") static const char magic[] = "#### LoaderInfo: systemd-stub " GIT_VERSION " ####";
 
+DECLARE_SBAT(SBAT_STUB_SECTION_TEXT);
+
 static EFI_STATUS combine_initrd(
                 EFI_PHYSICAL_ADDRESS initrd_base, size_t initrd_size,
                 const void * const extra_initrds[], const size_t extra_initrd_sizes[], size_t n_extra_initrds,

diff --git a/src/core/scope.c b/src/core/scope.c
index eb3ffba084dcdaadaeb91ab0699e28dbed660cda..1664d49c94b54a90554b007bdc604e1c1e8b0af2 100644 (file)
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -29,7 +29,7 @@ static const UnitActiveState state_translation_table[_SCOPE_STATE_MAX] = {
         [SCOPE_ABANDONED] = UNIT_ACTIVE,
         [SCOPE_STOP_SIGTERM] = UNIT_DEACTIVATING,
         [SCOPE_STOP_SIGKILL] = UNIT_DEACTIVATING,
-        [SCOPE_FAILED] = UNIT_FAILED
+        [SCOPE_FAILED] = UNIT_FAILED,
 };
 
 static int scope_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
@@ -119,7 +119,7 @@ static void scope_set_state(Scope *s, ScopeState state) {
         if (!IN_SET(state, SCOPE_STOP_SIGTERM, SCOPE_STOP_SIGKILL, SCOPE_START_CHOWN, SCOPE_RUNNING))
                 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
 
-        if (IN_SET(state, SCOPE_DEAD, SCOPE_FAILED)) {
+        if (!IN_SET(old_state, SCOPE_DEAD, SCOPE_FAILED) && IN_SET(state, SCOPE_DEAD, SCOPE_FAILED)) {
                 unit_unwatch_all_pids(UNIT(s));
                 unit_dequeue_rewatch_pids(UNIT(s));
         }
@@ -449,13 +449,11 @@ static int scope_enter_running(Scope *s) {
         r = unit_attach_pids_to_cgroup(u, u->pids, NULL);
         if (r < 0) {
                 log_unit_warning_errno(u, r, "Failed to add PIDs to scope's control group: %m");
-                scope_enter_dead(s, SCOPE_FAILURE_RESOURCES);
-                return r;
+                goto fail;
         }
         if (r == 0) {
-                log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing.");
-                scope_enter_dead(s, SCOPE_FAILURE_RESOURCES);
-                return -ECHILD;
+                r = log_unit_warning_errno(u, SYNTHETIC_ERRNO(ECHILD), "No PIDs left to attach to the scope's control group, refusing.");
+                goto fail;
         }
         log_unit_debug(u, "%i %s added to scope's control group.", r, r == 1 ? "process" : "processes");
 
@@ -475,6 +473,10 @@ static int scope_enter_running(Scope *s) {
         /* Start watching the PIDs currently in the scope (legacy hierarchy only) */
         (void) unit_enqueue_rewatch_pids(u);
         return 1;
+
+fail:
+        scope_enter_dead(s, SCOPE_FAILURE_RESOURCES);
+        return r;
 }
 
 static int scope_start(Unit *u) {

diff --git a/src/core/service.c b/src/core/service.c
index 05a2bb6ddf1a58ce6bc9620ae6acb0c49219e35e..65278dae4aeea082182ae604d47f7d07dd1df714 100644 (file)
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -193,12 +193,12 @@ static int service_set_main_pidref(Service *s, PidRef *pidref) {
         if (pidref->pid == getpid_cached())
                 return -EINVAL;
 
-        if (s->main_pid.pid == pidref->pid && s->main_pid_known) {
+        if (pidref_equal(&s->main_pid, pidref) && s->main_pid_known) {
                 pidref_done(pidref);
                 return 0;
         }
 
-        if (s->main_pid.pid != pidref->pid) {
+        if (!pidref_equal(&s->main_pid, pidref)) {
                 service_unwatch_main_pid(s);
                 exec_status_start(&s->main_exec_status, pidref->pid);
         }

diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index 1d49765fce910a06f3bab8e9806607364f53f1cd..7367bcb4117696a52e5d73aba3e7aa274e2bb2fe 100644 (file)
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -395,3 +395,10 @@ static inline size_t ALIGN_TO(size_t l, size_t ali) {
                 dummy_t __empty__ ## name;             \
                 type name[];                           \
         }
+
+#ifdef SBAT_DISTRO
+        #define DECLARE_SBAT(text) \
+                static const char sbat[] _used_ _section_(".sbat") = (text)
+#else
+        #define DECLARE_SBAT(text)
+#endif

diff --git a/src/fundamental/sbat.h b/src/fundamental/sbat.h
index e3198287ba7438b7f14bf7e57a94cfcbcd380539..9288e058125e7124846774838194961aabe74151 100644 (file)
--- a/src/fundamental/sbat.h
+++ b/src/fundamental/sbat.h
@@ -2,8 +2,13 @@
 
 #ifdef SBAT_DISTRO
 #  include "version.h"
-#  define SBAT_SECTION_TEXT \
-        "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md\n" \
-        SBAT_PROJECT ",1,The systemd Developers," SBAT_PROJECT "," PROJECT_VERSION "," PROJECT_URL "\n" \
-        SBAT_PROJECT "." SBAT_DISTRO "," STRINGIFY(SBAT_DISTRO_GENERATION) "," SBAT_DISTRO_SUMMARY "," SBAT_DISTRO_PKGNAME "," SBAT_DISTRO_VERSION "," SBAT_DISTRO_URL "\n"
+#  define SBAT_MAGIC "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md\n"
+#  define SBAT_BOOT_SECTION_TEXT \
+        SBAT_MAGIC \
+        SBAT_PROJECT "-boot" ",1,The systemd Developers," SBAT_PROJECT "," PROJECT_VERSION "," PROJECT_URL "\n" \
+        SBAT_PROJECT "-boot" "." SBAT_DISTRO "," STRINGIFY(SBAT_DISTRO_GENERATION) "," SBAT_DISTRO_SUMMARY "," SBAT_DISTRO_PKGNAME "," SBAT_DISTRO_VERSION "," SBAT_DISTRO_URL "\n"
+#  define SBAT_STUB_SECTION_TEXT \
+        SBAT_MAGIC \
+        SBAT_PROJECT "-stub" ",1,The systemd Developers," SBAT_PROJECT "," PROJECT_VERSION "," PROJECT_URL "\n" \
+        SBAT_PROJECT "-stub" "." SBAT_DISTRO "," STRINGIFY(SBAT_DISTRO_GENERATION) "," SBAT_DISTRO_SUMMARY "," SBAT_DISTRO_PKGNAME "," SBAT_DISTRO_VERSION "," SBAT_DISTRO_URL "\n"
 #endif

diff --git a/src/locale/localed-util.c b/src/locale/localed-util.c
index 02fac9786b27f5140805e34f19b142a6dfc1524c..eba13a2ac3be4f18a096abbcc5cb4da026b34dc3 100644 (file)
--- a/src/locale/localed-util.c
+++ b/src/locale/localed-util.c
@@ -803,21 +803,35 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
                         /* If we got an exact match, this is the best */
                         matching = 10;
                 else {
-                        /* We have multiple X layouts, look for an
-                         * entry that matches our key with everything
-                         * but the first layout stripped off. */
-                        if (startswith_comma(xc->layout, a[1]))
-                                matching = 5;
+                        /* see if we get an exact match with the order reversed */
+                        _cleanup_strv_free_ char **b = NULL;
+                        _cleanup_free_ char *c = NULL;
+                        r = strv_split_full(&b, a[1], ",", 0);
+                        if (r < 0)
+                                return r;
+                        strv_reverse(b);
+                        c = strv_join(b, ",");
+                        if (!c)
+                                return log_oom();
+                        if (streq(xc->layout, c))
+                                matching = 9;
                         else {
-                                _cleanup_free_ char *x = NULL;
-
-                                /* If that didn't work, strip off the
-                                 * other layouts from the entry, too */
-                                x = strdupcspn(a[1], ",");
-                                if (!x)
-                                        return -ENOMEM;
-                                if (startswith_comma(xc->layout, x))
-                                        matching = 1;
+                                /* We have multiple X layouts, look for an
+                                 * entry that matches our key with everything
+                                 * but the first layout stripped off. */
+                                if (startswith_comma(xc->layout, a[1]))
+                                        matching = 5;
+                                else {
+                                        _cleanup_free_ char *x = NULL;
+
+                                        /* If that didn't work, strip off the
+                                         * other layouts from the entry, too */
+                                        x = strdupcspn(a[1], ",");
+                                        if (!x)
+                                                return -ENOMEM;
+                                        if (startswith_comma(xc->layout, x))
+                                                matching = 1;
+                                }
                         }
                 }
 
@@ -825,7 +839,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
                         if (isempty(xc->model) || streq_ptr(xc->model, a[2])) {
                                 matching++;
 
-                                if (streq_ptr(xc->variant, a[3])) {
+                                if (streq_ptr(xc->variant, a[3]) || (isempty(xc->variant) && streq(a[3], "-"))) {
                                         matching++;
 
                                         if (streq_ptr(xc->options, a[4]))
@@ -848,7 +862,7 @@ int find_legacy_keymap(const X11Context *xc, char **ret) {
                 }
         }
 
-        if (best_matching < 10 && !isempty(xc->layout)) {
+        if (best_matching < 9 && !isempty(xc->layout)) {
                 _cleanup_free_ char *l = NULL, *v = NULL, *converted = NULL;
 
                 /* The best match is only the first part of the X11

diff --git a/src/locale/test-localed-util.c b/src/locale/test-localed-util.c
index cb66dffd4888c128f1d9c7ae5db4bcc105a20449..f702ff29b092d87887c2e7c77781dc226d6642b1 100644 (file)
--- a/src/locale/test-localed-util.c
+++ b/src/locale/test-localed-util.c
@@ -173,6 +173,18 @@ TEST(x11_convert_to_vconsole) {
         assert_se(streq(vc.keymap, "es-dvorak"));
         vc_context_clear(&vc);
 
+        /* es no-variant test is not very good as the desired match
+        comes first in the list so will win if both candidates score
+        the same. in this case the desired match comes second so will
+        not win unless we correctly give the no-variant match a bonus
+        */
+        log_info("/* test without variant, desired match second (bg,us:) */");
+        assert_se(free_and_strdup(&xc.layout, "bg,us") >= 0);
+        assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
+        assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
+        assert_se(streq(vc.keymap, "bg_bds-utf8"));
+        vc_context_clear(&vc);
+
         log_info("/* test with old mapping (fr:latin9) */");
         assert_se(free_and_strdup(&xc.layout, "fr") >= 0);
         assert_se(free_and_strdup(&xc.variant, "latin9") >= 0);
@@ -180,11 +192,14 @@ TEST(x11_convert_to_vconsole) {
         assert_se(streq(vc.keymap, "fr-latin9"));
         vc_context_clear(&vc);
 
+        /* https://bugzilla.redhat.com/show_bug.cgi?id=1039185 */
+        /* us,ru is the x config users want, but they still want ru
+        as the console layout in this case */
         log_info("/* test with a compound mapping (us,ru:) */");
         assert_se(free_and_strdup(&xc.layout, "us,ru") >= 0);
         assert_se(free_and_strdup(&xc.variant, NULL) >= 0);
         assert_se(x11_convert_to_vconsole(&xc, &vc) >= 0);
-        assert_se(streq(vc.keymap, "us"));
+        assert_se(streq(vc.keymap, "ru"));
         vc_context_clear(&vc);
 
         log_info("/* test with a compound mapping (ru,us:) */");

diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index c43655f57aaee564a910b754c4c421992bb5de16..b94e0d3af0b7743f19df7feffe9547c41945e0b8 100644 (file)
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -337,18 +337,21 @@ static bool address_is_static_null(const Address *address) {
         return true;
 }
 
-static uint32_t address_prefix(const Address *a) {
+static int address_ipv4_prefix(const Address *a, struct in_addr *ret) {
+        struct in_addr p;
+        int r;
+
         assert(a);
+        assert(a->family == AF_INET);
+        assert(ret);
 
-        /* make sure we don't try to shift by 32.
-         * See ISO/IEC 9899:TC3 § 6.5.7.3. */
-        if (a->prefixlen == 0)
-                return 0;
+        p = in4_addr_is_set(&a->in_addr_peer.in) ? a->in_addr_peer.in : a->in_addr.in;
+        r = in4_addr_mask(&p, a->prefixlen);
+        if (r < 0)
+                return r;
 
-        if (a->in_addr_peer.in.s_addr != 0)
-                return be32toh(a->in_addr_peer.in.s_addr) >> (32 - a->prefixlen);
-        else
-                return be32toh(a->in_addr.in.s_addr) >> (32 - a->prefixlen);
+        *ret = p;
+        return 0;
 }
 
 static void address_hash_func(const Address *a, struct siphash *state) {
@@ -357,16 +360,24 @@ static void address_hash_func(const Address *a, struct siphash *state) {
         siphash24_compress(&a->family, sizeof(a->family), state);
 
         switch (a->family) {
-        case AF_INET:
+        case AF_INET: {
+                struct in_addr prefix;
+
                 siphash24_compress(&a->prefixlen, sizeof(a->prefixlen), state);
 
-                uint32_t prefix = address_prefix(a);
+                assert_se(address_ipv4_prefix(a, &prefix) >= 0);
                 siphash24_compress(&prefix, sizeof(prefix), state);
 
-                _fallthrough_;
+                siphash24_compress(&a->in_addr.in, sizeof(a->in_addr.in), state);
+                break;
+        }
         case AF_INET6:
-                siphash24_compress(&a->in_addr, FAMILY_ADDRESS_SIZE(a->family), state);
+                siphash24_compress(&a->in_addr.in6, sizeof(a->in_addr.in6), state);
+
+                if (in6_addr_is_null(&a->in_addr.in6))
+                        siphash24_compress(&a->prefixlen, sizeof(a->prefixlen), state);
                 break;
+
         default:
                 /* treat any other address family as AF_UNSPEC */
                 break;
@@ -381,20 +392,35 @@ static int address_compare_func(const Address *a1, const Address *a2) {
                 return r;
 
         switch (a1->family) {
-        case AF_INET:
+        case AF_INET: {
+                struct in_addr p1, p2;
+
                 /* See kernel's find_matching_ifa() in net/ipv4/devinet.c */
                 r = CMP(a1->prefixlen, a2->prefixlen);
                 if (r != 0)
                         return r;
 
-                r = CMP(address_prefix(a1), address_prefix(a2));
+                assert_se(address_ipv4_prefix(a1, &p1) >= 0);
+                assert_se(address_ipv4_prefix(a2, &p2) >= 0);
+                r = memcmp(&p1, &p2, sizeof(p1));
                 if (r != 0)
                         return r;
 
-                _fallthrough_;
+                return memcmp(&a1->in_addr.in, &a2->in_addr.in, sizeof(a1->in_addr.in));
+        }
         case AF_INET6:
                 /* See kernel's ipv6_get_ifaddr() in net/ipv6/addrconf.c */
-                return memcmp(&a1->in_addr, &a2->in_addr, FAMILY_ADDRESS_SIZE(a1->family));
+                r = memcmp(&a1->in_addr.in6, &a2->in_addr.in6, sizeof(a1->in_addr.in6));
+                if (r != 0)
+                        return r;
+
+                /* To distinguish IPv6 null addresses with different prefixlen, e.g. ::48 vs ::64, let's
+                 * compare the prefix length. */
+                if (in6_addr_is_null(&a1->in_addr.in6))
+                        r = CMP(a1->prefixlen, a2->prefixlen);
+
+                return r;
+
         default:
                 /* treat any other address family as AF_UNSPEC */
                 return 0;

diff --git a/src/shared/mkfs-util.c b/src/shared/mkfs-util.c
index be831b0762298f5459fa421ba6fcf16bf442892a..89384d92df1ef47970658c4a21b1b7d9d1eebf44 100644 (file)
--- a/src/shared/mkfs-util.c
+++ b/src/shared/mkfs-util.c
@@ -334,6 +334,8 @@ int make_filesystem(
         _cleanup_(unlink_and_freep) char *protofile = NULL;
         char vol_id[CONST_MAX(SD_ID128_UUID_STRING_MAX, 8U + 1U)] = {};
         int stdio_fds[3] = { -EBADF, STDERR_FILENO, STDERR_FILENO};
+        ForkFlags flags = FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|
+                        FORK_CLOSE_ALL_FDS|FORK_REARRANGE_STDIO|FORK_REOPEN_LOG;
         int r;
 
         assert(node);
@@ -590,6 +592,16 @@ int make_filesystem(
         if (extra_mkfs_args && strv_extend_strv(&argv, extra_mkfs_args, false) < 0)
                 return log_oom();
 
+        if (streq(fstype, "btrfs")) {
+                struct stat st;
+
+                if (stat(node, &st) < 0)
+                        return log_error_errno(r, "Failed to stat '%s': %m", node);
+
+                if (S_ISBLK(st.st_mode))
+                        flags |= FORK_NEW_MOUNTNS;
+        }
+
         if (DEBUG_LOGGING) {
                 _cleanup_free_ char *j = NULL;
 
@@ -602,8 +614,7 @@ int make_filesystem(
                         stdio_fds,
                         /*except_fds=*/ NULL,
                         /*n_except_fds=*/ 0,
-                        FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|
-                        FORK_CLOSE_ALL_FDS|FORK_REARRANGE_STDIO|FORK_NEW_MOUNTNS|FORK_REOPEN_LOG,
+                        flags,
                         /*ret_pid=*/ NULL);
         if (r < 0)
                 return r;
@@ -620,7 +631,8 @@ int make_filesystem(
                  * on unformatted free space, so let's trick it and other mkfs tools into thinking no
                  * partitions are mounted. See https://github.com/kdave/btrfs-progs/issues/640 for more
                  ° information. */
-                (void) mount_nofollow_verbose(LOG_DEBUG, "/dev/null", "/proc/self/mounts", NULL, MS_BIND, NULL);
+                 if (flags & FORK_NEW_MOUNTNS)
+                        (void) mount_nofollow_verbose(LOG_DEBUG, "/dev/null", "/proc/self/mounts", NULL, MS_BIND, NULL);
 
                 execvp(mkfs, argv);
 

diff --git a/src/test/test-sbat.c b/src/test/test-sbat.c
index 1a905418d1daad248e6f85a00dc9e01d2dee0b27..0c4310015be7311f534860de31eeeb649bde7064 100644 (file)
--- a/src/test/test-sbat.c
+++ b/src/test/test-sbat.c
@@ -10,10 +10,12 @@
 
 TEST(sbat_section_text) {
         log_info("---SBAT-----------&<----------------------------------------\n"
+                 "%s"
                  "%s"
                  "------------------>&-----------------------------------------",
 #ifdef SBAT_DISTRO
-                 SBAT_SECTION_TEXT
+                 SBAT_BOOT_SECTION_TEXT,
+                 SBAT_STUB_SECTION_TEXT
 #else
                  "(not defined)"
 #endif

diff --git a/test/test-network/conf/25-address-null.network b/test/test-network/conf/25-address-null.network
deleted file mode 100644 (file)
index d192900..0000000
--- a/test/test-network/conf/25-address-null.network
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-[Match]
-Name=dummy98
-
-[Network]
-IPv6AcceptRA=no
-Address=0.0.0.0/16
-Address=0.0.0.0/30
-Address=::/64
-
-[Address]
-Address=0.0.0.0/24
-# The broadcast address will be ignored.
-Broadcast=192.168.0.255

diff --git a/test/test-network/conf/25-address-static.network b/test/test-network/conf/25-address-static.network
index 67ea6aa088bb03f342b03ab1fd75f9876f9c8c7d..21430b0d81f4ed44ca27662a9f5759c745fffda4 100644 (file)
--- a/test/test-network/conf/25-address-static.network
+++ b/test/test-network/conf/25-address-static.network
@@ -173,6 +173,9 @@ Label=subnet24
 [Address]
 Address=::/73
 
+[Address]
+Address=::/74
+
 [Address]
 Address=10.10.1.1/24
 # just a random label which should exist

diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index 9d1b273f95af3fe28298ae77e537a227d55275e1..90a5d95d79456a7ea4038ea7f16ab6bc82b70778 100755 (executable)
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -2383,6 +2383,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
             flag2: str,
             flag3: str,
             flag4: str,
+            ip4_null_16: str,
+            ip4_null_24: str,
+            ip6_null_73: str,
+            ip6_null_74: str,
     ):
         output = check_output('ip address show dev dummy98')
         print(output)
@@ -2442,9 +2446,14 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         self.assertIn(f'inet6 2001:db8:0:f106::2/64 scope global{flag4}', output)
 
         # null address
-        self.assertRegex(output, r'inet [0-9]*.[0-9]*.0.1/16 brd [0-9]*.[0-9]*.255.255 scope global subnet16')
-        self.assertRegex(output, r'inet [0-9]*.[0-9]*.[0-9]*.1/24 brd [0-9]*.[0-9]*.[0-9]*.255 scope global subnet24')
-        self.assertRegex(output, r'inet6 [0-9a-f:]*:1/73 scope global')
+        self.assertTrue(ip4_null_16.endswith('.0.1'))
+        prefix16 = ip4_null_16[:-len('.0.1')]
+        self.assertTrue(ip4_null_24.endswith('.1'))
+        prefix24 = ip4_null_24[:-len('.1')]
+        self.assertIn(f'inet {ip4_null_16}/16 brd {prefix16}.255.255 scope global subnet16', output)
+        self.assertIn(f'inet {ip4_null_24}/24 brd {prefix24}.255 scope global subnet24', output)
+        self.assertIn(f'inet6 {ip6_null_73}/73 scope global', output)
+        self.assertIn(f'inet6 {ip6_null_74}/74 scope global', output)
 
         # invalid sections
         self.assertNotIn('10.4.4.1', output)
@@ -2469,6 +2478,29 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         self.setup_nftset('ifindex', 'iface_index')
 
         self.wait_online(['dummy98:routable'])
+
+        ip4_null_16 = None
+        ip4_null_24 = None
+        output = check_output('ip -4 --json address show dev dummy98')
+        for i in json.loads(output)[0]['addr_info']:
+            if i['label'] == 'subnet16':
+                ip4_null_16 = i['local']
+            elif i['label'] == 'subnet24':
+                ip4_null_24 = i['local']
+        self.assertTrue(ip4_null_16.endswith('.0.1'))
+        self.assertTrue(ip4_null_24.endswith('.1'))
+
+        ip6_null_73 = None
+        ip6_null_74 = None
+        output = check_output('ip -6 --json address show dev dummy98')
+        for i in json.loads(output)[0]['addr_info']:
+            if i['prefixlen'] == 73:
+                ip6_null_73 = i['local']
+            elif i['prefixlen'] == 74:
+                ip6_null_74 = i['local']
+        self.assertTrue(ip6_null_73.endswith(':1'))
+        self.assertTrue(ip6_null_74.endswith(':1'))
+
         self.verify_address_static(
             label1='label1',
             label2='label2',
@@ -2493,6 +2525,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
             flag2='',
             flag3=' noprefixroute',
             flag4=' home mngtmpaddr',
+            ip4_null_16=ip4_null_16,
+            ip4_null_24=ip4_null_24,
+            ip6_null_73=ip6_null_73,
+            ip6_null_74=ip6_null_74,
         )
         # nft set
         self.check_nftset('addr4', r'10\.10\.1\.1')
@@ -2528,6 +2564,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
             flag2=' noprefixroute',
             flag3=' home mngtmpaddr',
             flag4=' noprefixroute',
+            ip4_null_16=ip4_null_16,
+            ip4_null_24=ip4_null_24,
+            ip6_null_73=ip6_null_73,
+            ip6_null_74=ip6_null_74,
         )
 
         networkctl_reconfigure('dummy98')
@@ -2556,6 +2596,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
             flag2=' noprefixroute',
             flag3=' home mngtmpaddr',
             flag4=' noprefixroute',
+            ip4_null_16=ip4_null_16,
+            ip4_null_24=ip4_null_24,
+            ip6_null_73=ip6_null_73,
+            ip6_null_74=ip6_null_74,
         )
 
         # Tests for #20891.
@@ -2594,6 +2638,10 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
             flag2=' noprefixroute',
             flag3=' home mngtmpaddr',
             flag4=' noprefixroute',
+            ip4_null_16=ip4_null_16,
+            ip4_null_24=ip4_null_24,
+            ip6_null_73=ip6_null_73,
+            ip6_null_74=ip6_null_74,
         )
 
         # test for ENOBUFS issue #17012 (with reload)
@@ -2611,34 +2659,6 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
         for i in range(1, 254):
             self.assertIn(f'inet 10.3.3.{i}/16 brd 10.3.255.255', output)
 
-    def test_address_null(self):
-        copy_network_unit('25-address-null.network', '12-dummy.netdev')
-        start_networkd()
-
-        self.wait_online(['dummy98:routable'])
-
-        output = check_output('ip address show dev dummy98 scope global')
-        print(output)
-
-        ipv4_address_16 = re.findall(r'inet 172.[0-9]*.0.1/16 brd 172.[0-9]*.255.255', output)
-        self.assertEqual(len(ipv4_address_16), 1)
-        ipv4_address_24 = re.findall(r'inet 192.168.[0-9]*.1/24 brd 192.168.[0-9]*.255', output)
-        self.assertEqual(len(ipv4_address_24), 1)
-        ipv4_address_30 = re.findall(r'inet 192.168.[0-9]*.[0-9]*/30 brd 192.168.[0-9]*.[0-9]*', output)
-        self.assertEqual(len(ipv4_address_30), 1)
-        ipv6_address = re.findall(r'inet6 fd[0-9a-f:]*/64', output)
-        self.assertEqual(len(ipv6_address), 1)
-
-        networkctl_reconfigure('dummy98')
-        self.wait_online(['dummy98:routable'])
-
-        output = check_output('ip address show dev dummy98 scope global')
-        print(output)
-        self.assertIn(ipv4_address_16[0], output)
-        self.assertIn(ipv4_address_24[0], output)
-        self.assertIn(ipv4_address_30[0], output)
-        self.assertIn(ipv6_address[0], output)
-
     def test_address_ipv4acd(self):
         check_output('ip netns add ns99')
         check_output('ip link add veth99 type veth peer veth-peer')

diff --git a/tools/update-dbus-docs.py b/tools/update-dbus-docs.py
index d6438a5daf9253eb407749a139e281c76e5abced..b3466bc11086b871aa46ea78b1a9546f60fa1427 100755 (executable)
--- a/tools/update-dbus-docs.py
+++ b/tools/update-dbus-docs.py
@@ -141,10 +141,16 @@ def print_interface(iface, *, prefix, file, print_boring, only_interface, declar
         print(f'''{prefix}}};''', file=file)
 
 def document_has_elem_with_text(document, elem, item_repr):
-    predicate = f".//{elem}" # [text() = 'foo'] doesn't seem supported :(
+    predicate = f".//{elem}[. = '{item_repr}']"
+
+    # Ignore mentions in the History section
+    history = document.find(".//refsect1[title = 'History']")
+    history_mentions = history.findall(predicate) if history else []
+
     for loc in document.findall(predicate):
-        if loc.text == item_repr:
-            return True
+        if loc in history_mentions:
+            continue
+        return True
     return False
 
 def check_documented(document, declarations, stats):