Mike Yuan [Fri, 16 Jan 2026 19:53:47 +0000 (20:53 +0100)]
core/unit: several cleanups for unit_queue_job_check_and_collapse_type()
* Rename to _mangle_type() - it turned out this one doesn't collapse
anything, but rather mangles the type if reload_if_possible is set.
Hence name accordingly.
* Use -ELIBEXEC rather than -EUNATCH to denote dependency only units.
* Add a comment about the JOB_STOP and load state check.
socket: turn of loud logging when setting up sockopts in container fails due to privs
Various socktops will fail if we run in a container, due to lack of
privs (for example SO_RECVFORCE as used by the journald sockets). That's
typically not a big issue. Hence downgrade the log level.
Michael Vogt [Fri, 16 Jan 2026 15:25:19 +0000 (16:25 +0100)]
boot: change some `log_error` -> `log_warning` where appropriate
This is a small followup for
https://github.com/systemd/systemd/pull/40344#discussion_r2695031041
(thanks Daan and Lennart!).
There are quite a few places in the code that currently log a
`log_error()` when a `log_warning()` is more appropriate because
the error is ignored. This commit now shows those as warnings.
Luca Boccassi [Fri, 16 Jan 2026 14:55:02 +0000 (14:55 +0000)]
dissect: support mount options when going through mountfsd, requiring privileges via polkit (#39394)
RootImageOptions=/ExtensionImages=/MountImages= all support custom
mount options, but mountfsd does not support it. Add varlink
parameters to allow callers to specify mount options so that
those directives can work as expected. Require additional privs via
polkit.
Yu Watanabe [Tue, 13 Jan 2026 06:48:56 +0000 (15:48 +0900)]
udevadm: gracefully handle when a maked file is specified to udevadm verify/cat
Previously, since 7cb4508c5af465ab1be1b103e6c2b613eb58e63c, if a masked
file is specified, the commands failed.
Let's warn that the file is masked and ignore the file.
gvenugo3 [Sat, 10 Jan 2026 19:46:18 +0000 (19:46 +0000)]
test: add test case for masked files in cat_files()
Add a test case to verify that cat_files() correctly handles symlinks
to /dev/null (masked configuration files) and returns success (0)
instead of failing.
Yu Watanabe [Tue, 13 Jan 2026 06:39:39 +0000 (15:39 +0900)]
pretty-print: do not fail when cat_files() tries to show a masked file
Before 661b5bfd216e383ac7836261eea9671875e6709b, cat_files() does not
check if a file is regular. If the file is a symlink to /dev/null, then
cat_files() simply shows an empty contents for the file.
With the offending commit, as the CHASE_MUST_BE_REGULAR flag is set,
hence when we found a masked file, the function fails.
Franck Bui [Wed, 14 Jan 2026 09:40:46 +0000 (10:40 +0100)]
core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
Previously, when `systemctl reload-or-restart --marked` failed the following
error was shown:
Failed to start jobs: Failed to enqueue some jobs, see logs for details: Invalid argument
but no details were actually logged.
This change records failure reasons in the journal to help users identify root causes:
# journalctl -b -e
[...]
systemd[1]: Queuing reload/restart jobs for marked units…
systemd[1]: Operation refused, unit klogd.service may be requested by dependency only (it is configured to refuse manual start/stop).
Daan De Meyer [Wed, 26 Nov 2025 11:55:18 +0000 (12:55 +0100)]
sd-varlink: Add SD_VARLINK_ANY
This allows representing fields that can be either an integer or
a string, like the "value" field we'll be adding in
https://github.com/systemd/systemd/pull/39202.
Split up the giant switch statement in homectl's parse_argv (#40059)
This is in preparation for later changes. The 1500+ line switch statement was very
hard to work with and had quite a bit of duplicated code. This is a rework that
splits outs parts into functions. I split this up into a bunch of commits so that it
can be reasonably reviewed. When viewed as one giant commit, diff just shows
a giant block of removed code and a giant block of added code.
In some cases I wasn't sure why one or the other of the identity arrays is used…
I preserved existing behaviour in all cases.
Daan De Meyer [Sat, 20 Dec 2025 20:38:09 +0000 (21:38 +0100)]
vpick: Fix pick_filter_image_any
Currently, pick_filter_image_any matches any image
with any suffix, which is way more than it should
be doing. It should only be matching images with
the .raw suffix.
Let's address this shortcoming by allowing to pass
multiple filters to path_pick(), and define
pick_filter_image_any as the combination of the
raw and directory image filters.
Michal Sekletar [Fri, 9 Jan 2026 16:18:41 +0000 (17:18 +0100)]
core: only activate transaction that contain useful jobs
If no real jobs were added to the transaction, do not activate it.
The JOB_NOP anchor does not perform any useful work and activating
such transaction only wastes resources.
Michael Vogt [Wed, 14 Jan 2026 08:01:46 +0000 (09:01 +0100)]
man: fix copy/paste issue in systemd-vmspawn.xml
The systemd-vmspawn man page has a note that the `--notify-ready`
defaults to "true" and then says that this is unlike "systemd-vmspawn"
where it defaults to "false". This appears to be a copy/paste issue
and here we want "unlike systemd-nspawn".
homectl: fix confusion between "FOO" and "RLIMIT_FOO" as json keys
We parse RLIMIT_FOO, FOO, and LimitFOO all the same. But the keys in the
JSON dict are supposed to be "RLIMIT_FOO". We were creating such keys,
but then filtering them using "FOO", i.e. the filtering was not effective.
Using strjoina since both strings are under our control.
calm329 [Mon, 12 Jan 2026 18:20:22 +0000 (10:20 -0800)]
basic: move BPF_JMP_A to override/linux/bpf_insn.h
Move the BPF_JMP_A macro from override/linux/bpf.h to
override/linux/bpf_insn.h. The bpf.h override conflicts with libbpf's
-I/usr/include/bpf/uapi include path. Since bpf_insn.h is not typically
installed at /usr/include/linux/ or /usr/include/bpf/uapi/linux/, the
override works without conflicts.
Yu Watanabe [Mon, 5 Jan 2026 04:24:27 +0000 (13:24 +0900)]
random-util: assume getrandom(GRND_INSECURE) works
GRND_INSECURE was added in kernel 5.6, and our baseline on kernel is
5.10. Let's assume it always works. Even if it does not work, we have
further fallback logics. So, this should be safe.
Yu Watanabe [Mon, 5 Jan 2026 04:24:21 +0000 (13:24 +0900)]
Bump required minimum kernel version to 5.10 and the recommended baseline to 5.14.
The previous minimum required version 5.4 will be EOL on 2025-12.
Let's bump the required minimum kernel version to the next LTS release 5.10
(released on 2020-12-13, EOL on 2026-12, CIP support until 2031-01).
The new recommended baseline 5.14 is the version that CentOS 9 uses.
CentOS 9 will EOL on 2027-05.
units: Fix the missing dependency in systemd-pcrproduct
NvPCR need to read from /var/lib/nvpcr and the current unit file is
executed before /var is mounted. This adds the dep back so its always
runs after /var is mounted like systemd-tpm2-setup.service
ZauberNerd [Sun, 11 Jan 2026 14:32:33 +0000 (15:32 +0100)]
mkfs-util: set hash_seed to seed derived value for reproducibility
When creating ext2/ext3/ext4 filesystems, mke2fs generates a random
hash_seed for htree directory indexing. This causes non-reproducible
images even when SOURCE_DATE_EPOCH is set and the same filesystem UUID
is used.
Set the hash_seed explicitly to match the filesystem UUID, ensuring
that repeated builds with the same seed produce bit-for-bit identical
images.
Also add a test case in TEST-58-REPART to verify ext4 reproducibility
by creating the same partition twice and comparing the results.
See https://vdwaa.nl/mkosi-reproducible-arch-images.html
homectl: split out parser parse_ssh_authorized_keys
The idea is to split out helpers to make parse_argv() itself more
manageable. If possible, the helpers will be reused in many places. But
even if not, as in this case, it seems good to split out the code for a
specific option. Always, the sd_json_variant** pointer or pointers that
are operated on are selected in the caller. This way it is easier to see
which of the identity variables is used and if two different ones are
used.
projects / thirdparty / systemd.git / log
