test: support coreutils built with --enable-single-binary=symlinks
Alpine/postmarketOS build coreutils with --enable-single-binary=symlinks.
In that case, all commands provided by coreutils are symlink to
/usr/bin/coreutils, and it calls prctl(PR_SET_NAME, argv[0]), hence the comm
will be the path to the symlink.
This also makes not kill sleep command with SIGKILL in TEST-17-UDEV, that is
totally unnecessary.
Yu Watanabe [Mon, 24 Nov 2025 15:48:16 +0000 (00:48 +0900)]
TEST-75-RESOLVED: move test cases for NFTSet= to TEST-07-PID1
The test cases are not related to systemd-resolved.
While moving the test cases, now userdbctl is used for obtaining UID/GID
for the dynamic user, as musl does not support nss module, hence getent
does not provide information about the dynamic user.
Yu Watanabe [Wed, 26 Nov 2025 13:44:14 +0000 (22:44 +0900)]
TEST-35-LOGIN: fix bus path when the session does not have corresponding audit session
If there is no corresponding audit session, then the session ID is
prefixed with 'c', and in that case the session ID should be used as is
in bus path.
Yu Watanabe [Mon, 24 Nov 2025 04:37:04 +0000 (13:37 +0900)]
test: always use bash
If sh is not bash, some builtin command behave slightly differently.
E.g. if sh is provided by busybox, its builtin test command does not check if
the path is a mount point or not, and 'test -w' only checks the access mode of
the inode. So, even if a readonly filesystem is mounted on a directory,
the test command may succeed.
To avoid such confusion, let's unconditionally use bash.
Yu Watanabe [Sat, 6 Dec 2025 00:24:55 +0000 (09:24 +0900)]
Add 82-net-auto-link-local.{hwdb,rules} to build system and add BMC USB-to-USB links to hwdb (#40006)
Using systems with ADLINK COM-HPC-ALT, ASRock Rack ALTRAD8UD-1L2T and
AMPONED8-2T/BCM boards, there's an issue due to the internal network
connection between the BMC and host, which runs over USB (i.e. Linux
running on the BMC configures a USB gadget ethernet device, with a link
local address).
With the default configuration on Ubuntu (I'm using 25.10),
NetworkManager repeatedly tries to get an address for the interface
using DHCP, resulting in an "Activation of network connection failed"
notification every minute or two.
Add 82-net-auto-link-local.hwdb and 82-net-auto-link-local.rules to the
build system and update 82-net-auto-link-local.hwdb to add the USB
device vendor/product pairs I've seen on the various systems I have with
Ampere Altra and AmpereOne CPUs.
Rebecca Cran [Fri, 5 Dec 2025 18:25:15 +0000 (11:25 -0700)]
hwdb: Add BMC USB-to-USB link devices to 82-net-auto-link-local.hwdb
Add BMC USB-to-USB Ethernet gadget devices found on ASRock Rack and
ADLINK boards containing Ampere Altra and AmpereOne CPUs to
82-net-auto-link-local.hwdb. Update 20-usb-vendor-model.hwdb with
devices which were missing.
Rebecca Cran [Fri, 5 Dec 2025 18:20:05 +0000 (11:20 -0700)]
hwdb,rules: add 82-net-auto-link-local.{hwdb,rules} to build
Update hwdb.d/meson.build and rules.d/meson.build to add the
82-net-auto-link-local.{hwdb,rules} files into the build. Commit ec541c569bd19bbb81791139371111a9a7f1a3d8 in 2023 added the files
but didn't add them to the build system.
David Tardon [Fri, 5 Dec 2025 14:17:13 +0000 (15:17 +0100)]
udev-rules: use the right variable
We carefully prepare a copy of a local buffer to save in device cache
and then save the buffer there instead... This leads to abort in free()
on exit (also, copied is leaked).
Luca Boccassi [Fri, 5 Dec 2025 11:58:34 +0000 (11:58 +0000)]
pid1: do not fail if dlopen of libmount fails because it is not compiled in
It is now possible to build and run without libmount. But if support
is compiled in, then we need to be able to load it. Hence gracefully
skip it when support is not compiled in, but fail otherwise.
Luca Boccassi [Fri, 5 Dec 2025 11:54:27 +0000 (11:54 +0000)]
Reapply "pid1: pull in libmount unconditionally"
It was actually intended to load libmount very early, as it is
needed by more than just mount units, such as umount_recursive(),
bind_remount_recursive(), get_sub_mounts(), etc.
Luca Boccassi [Fri, 5 Dec 2025 14:24:23 +0000 (14:24 +0000)]
Translations update from Fedora Weblate (#39998)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
machined: add description to varlink server, unify error messages
manager_varlink_init_resolve_hook and manager_varlink_init_userdb are very
similar, but one didn't set a description and the other one had an error
message which didn't print the offending path.
Define constants for the paths, and also change other similar constants
to have slightly shorter names. (It's an "address" and "path", but we don't
need to have both parts in the name, esp. that it makes the name very long.)
Yu Watanabe [Sun, 30 Nov 2025 02:10:02 +0000 (11:10 +0900)]
musl: introduce wrappers for getopt() and getopt_long()
musl's getopt_long() behaves something different in handling optional arguments:
```
$ journalctl _PID=1 _COMM=systemd --since 19:19:01 -n all --follow
Failed to add match 'all': Invalid argument
```
This introduces getopt_long_fix() that reorders the passed arguments to make
getopt_long() provided by musl works as what we expect.
Also, musl's getopt() always behaves POSIXLY_CORRECT mode, and stops parsing
arguments when a non-option string found. Let's always use getopt_long().
Yu Watanabe [Tue, 2 Dec 2025 10:27:56 +0000 (19:27 +0900)]
sd-netlink: also read the reply for NFNL_MSG_BATCH_BEGIN message
When we send a batch of nfnl messages, but e.g. without sufficient
privilege, the kernel may only return an error message for
NFNL_MSG_BATCH_BEGIN and ignore all later messages.
So, we need to read the response for the NFNL_MSG_BATCH_BEGIN,
and if it is an error ignore the replies for the rest.
Yu Watanabe [Tue, 2 Dec 2025 14:02:50 +0000 (23:02 +0900)]
sd-netlink: introduce sd_netlink_ignore_serial()
When we send a message with NLM_F_ACK, but if later we are not
interested in the reply and do not want to call sd_netlink_read(),
the reply will be stored in the rqueue forever.
Let's introduce a way to ignore received message without waiting reply.
Luca Boccassi [Tue, 2 Dec 2025 14:16:27 +0000 (14:16 +0000)]
cryptsetup: downgrade dlopen not compiled message to debug
Every other log in this function is debug level, so downgrade this too.
Otherwise compiling without libcryptsetup means sd-executor logs at
error level when starting any service, regardless of whether it is
needed or not.
machined: in --user mode, restrict register access to our own UID, and that's it
This is a follow-up for 119d332d9c2cf1974b235c8d9e4e3ad821cf436a and
ensures the check only is applied to the system instance of machined. It
doesn't really apply to the per-user instance, because we never want to
permit differently privileged clients access anyway.
(The process_is_owned_by_uid() call might fail if invoked unpriv, hence
there's value in not calling it if machined runs in --user mode, it's
what makes machined actually work)
Previously, we looked for scripts in the tools/ directory ad hoc,
wherever they were needed. Let's do those checks in one place.
The main meson.build file is shrunk somewhat, which is always nice.
meson: add source dir to include_directories automatically
Quite often we need to specify include_directories('.'). Normally, meson
does this automatically, but we specify implicit_include_directories : false,
see 30d20907bddfe064cc3437a888dd8f00d14929e4 for an explanation.
Passing the include_directories argument through the template layers was rather
cumbersome. Let's simplify things by always including the directory of the
first source file. This makes the definitions simpler, at the cost of having an
unnecessary include directory in the list in some cases.
(Tests are excluded from this change, because they happen to not need this, but
also because some tests have source[0] which is a custom target, and we'd need
newer meson to support that.)
Currently translated at 100.0% (264 of 264 strings)
Co-authored-by: Fco. Javier F. Serrador <fserrador@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/es/
Translation: systemd/main
sd-notify: print a debug message when sd_notify() succeds
… and also when it fails, in the few cases where this wasn't done already.
When I was debugging https://github.com/systemd/systemd/issues/39048, it
was quite confusing that we print copious information about D-Bus messages
and all other steps we're undertaking, but nothing about the sd-notify
messages which are much more important. Add some debug messages for the
cases where we didn't print anything. (The case where $NOTIFY_SOCKET is
not set in left unchanged. The variable is often left unset and we don't
need to spam logs in that trivial case.)
journal: send READY=1 also when --lines=0 is given
If --lines=0 is given, we'd skip the setup and not invoke sd_notify,
potentially blocking the caller. Change the condition for the callback
to also include that case. Since then the callback would always be
set, the 'if' statement is not necessary anymore.
Yu Watanabe [Wed, 26 Nov 2025 18:10:29 +0000 (03:10 +0900)]
Pull in recent changes from Weblate (#39920)
One of the pending commits in Weblate causes conflicts due to an
unfortunate timing with 9e929e4aa78a38f822be7aa3da9c11994ad94c07, so
let's pull the changes into the main tree manually (and resolve the
conflicts).
ci: split out nvpcr test, so that it runs before rest of pcrextend (#39915)
in pcrextend we destroy pcr 11, and if we are booted in a kernel that
has pcr11 sigs, we cannot use that signature anymore. hence, let's do
the nvpcr test first, before doing the pcrextend stuff.
Daan De Meyer [Tue, 25 Nov 2025 12:33:25 +0000 (13:33 +0100)]
import: Make naming consistent
Always abbreviate import/pull/export structs with their first letter
instead of only doing it in some places and using the wrong letter in
other places.
Daan De Meyer [Tue, 25 Nov 2025 11:09:34 +0000 (12:09 +0100)]
fsprg: Drop const from gcry_mpi_t arguments
gcry_mpi_t is defined as "typedef struct gcry_mpi *gcry_mpi_t;".
When const is applied to this type, it resolves to
"struct gcry_mpi *const" instead of what we expect ("const struct gcry_mpi *").
So we end up with a const pointer to a mutable object instead of a mutable
pointer to a const object. Since the pointer passed to the function
is copied regardless, making it const has zero benefit.
You'd think we could instead stop using gcry_mpi_t and replace it with
"const struct gcry_mpi *", except that gcrypt leaked this mess into its
api, so it expects const pointers to mutable objects as well, which means
we can't take pointers to const objects as arguments, as we'd discard the qualifier
when calling a gcrypt function.
To avoid confusion, let's drop the const qualifiers from the gcry_mpi_t arguments.
This alignes with some other optional modules in shraed/,
and it allows dlopen_libmount() to be optimized out entirely.
Let's avoid emitting pointless symbols.
Since we now consider this a supported senario, let's hook up
libmount loading with the high-level unit_type_supported() machinery
and gracefully skip the whole unit accordingly.
Mike Yuan [Tue, 25 Nov 2025 17:42:11 +0000 (18:42 +0100)]
run: merge privileged_execution() into become_root()
This got split in 5cabeed80b30972babc7a082ca794c6b197e72ab
to accommodate --empower, and later --empower received
dedicated handling again (c36942916b7409109687d693c04b039def9c5b79).
I think the new naming makes more sense - --empower is privileged
after all, just with uid left unchanged. Hence merge
privileged_execution back into it.
Special casing --area= rather than --empower makes the code
self-explanatory, as --area= is about alternative home dir
after all. On top of that this ensures when --area= and
--empower are specified in combination we honor the home dir
switch, too.
Daan De Meyer [Mon, 24 Nov 2025 18:52:40 +0000 (19:52 +0100)]
run: Don't make executable absolute when --root-directory= is used
Also, unless --same-root-dir was specified, don't make the executable
absolute if we're running in a chroot. Situations like this are still iffy,
but we might as well handle them a little more gracefully.
tree-wide: Fix constness issues with newer glibc (#39896)
Latest glibc uses _Generic to have strstr() and other functions return
const char* or char* based on whether the input is a const char* or a
char*. This causes build failures as we previously always expected a
char*.
Let's fix the compilation failures and add our own macros similar to
glibc's to have string functions that return a mutable or const pointer
depending on the input.
Daan De Meyer [Tue, 25 Nov 2025 15:46:04 +0000 (16:46 +0100)]
tree-wide: Fix constness issues with newer glibc
Latest glibc uses _Generic to have strstr() and other functions return
const char* or char* based on whether the input is a const char* or a
char*. This causes build failures as we previously always expected a char*.
Let's fix the compilation failures and add our own macros similar to glibc's
to have string functions that return a mutable or const pointer depending on
the input.
Daan De Meyer [Mon, 24 Nov 2025 18:48:49 +0000 (19:48 +0100)]
run0: Give --empower its own color, title and emoji
When in --empower mode, all created files will be owned by the current
user, which could be problematic when creating files outside of the
current user's home directory, as other processes running as the same
user would be able to edit those files.
While this is a bit of an edge case since users already have to go through
the effort of writing --empower to indicate they want a privileged session
as the current user, it's not unphatomable to think they could start an
empowered session which they later return to and continue using. Currently,
it's not easy to differentiate a regular run0 session and an empowered session
at a glance, so users might think they're using a regular run0 session when
they're actually using an empowered session.
To address this problem, let's give empowered session their own identify, by
making the background orange, using the pumpkin emoji as the shell prompt
prefix and giving them an orange circle as the PTY title.
projects / thirdparty / systemd.git / log
