]> git.ipfire.org Git - thirdparty/systemd.git/log
thirdparty/systemd.git
2 days agosd-json: also skip assert_cc in VS Code parser 40676/head
Luca Boccassi [Fri, 13 Feb 2026 19:34:09 +0000 (19:34 +0000)] 
sd-json: also skip assert_cc in VS Code parser

For some reason the VS Code parser thinks sd_json_variant is still 48 bytes,
so skip the assert when running in that parser too

Follow-up for 337712e777bff389f53e26d5b378d2ceba7d98a8

2 days agosd-json: update comment regarding struct size
Luca Boccassi [Fri, 13 Feb 2026 19:32:37 +0000 (19:32 +0000)] 
sd-json: update comment regarding struct size

The assert at the bottom was updated when the size changed, but
the comment wasn't:

assert_cc(sizeof(sd_json_variant) == 40U);

Follow-up for 337712e777bff389f53e26d5b378d2ceba7d98a8

2 days agovarlinkctl: add pluggable protocol support to sd-varlink
Michael Vogt [Wed, 11 Feb 2026 15:01:18 +0000 (16:01 +0100)] 
varlinkctl: add pluggable protocol support to sd-varlink

When sd_varlink_connect_url() gets an unknown URL we now
check if there is a `$LIBEXECDIR/varlink-bridges/$scheme`
binary and execute it (with the url as the first arguments).

This makes varlink more flexible as it provides a way to
dynamically add "bridges" in LIBEXECDIR/varlink-bridges/. This is
conceptually similar to the libvarlink `varlink --bridge` command
and allows to e.g. call varlink over http{,s} via e.g. the new
varlink-http-bridge.

With a running varlink-http-bridge [0] one can do:
```console
$ varlinkctl call http://localhost:8080/ws/sockets/io.systemd.Hostname \
    io.systemd.Hostname.Describe {}
{
        "Hostname" : "top",
...
```

Closes: https://github.com/systemd/systemd/issues/40640
[0] https://github.com/mvo5/varlink-http-bridge/pull/1

2 days agodissect: Various cleanups and fixes
Daan De Meyer [Fri, 13 Feb 2026 13:13:28 +0000 (14:13 +0100)] 
dissect: Various cleanups and fixes

- Only call have_effective_cap() if needed
- Fix comments and logging

Follow up for #40212

2 days agokmod-setup: fix loading virtio modules, and load other vsock transport modules (...
Zbigniew Jędrzejewski-Szmek [Fri, 13 Feb 2026 15:56:59 +0000 (16:56 +0100)] 
kmod-setup: fix loading virtio modules, and load other vsock transport modules (#40557)

Fixes #40161.
Fixes #40503.

2 days agoudevadm: do not explicitly set white color
Yu Watanabe [Fri, 13 Feb 2026 05:31:54 +0000 (14:31 +0900)] 
udevadm: do not explicitly set white color

Otherwise, output on black-on-white terminals is not visible.

Follow-up for 13005c8f2c7f0169728fef804f164c3574b8e0f7.
Fixes #40629.

2 days agoAssorted minor follow-ups (#40673)
Mike Yuan [Fri, 13 Feb 2026 15:30:57 +0000 (16:30 +0100)] 
Assorted minor follow-ups (#40673)

3 days agocore/service: correct desc for first-level credential refreshing process 40673/head
Mike Yuan [Fri, 13 Feb 2026 10:14:51 +0000 (11:14 +0100)] 
core/service: correct desc for first-level credential refreshing process

It doesn't join the unit namespace. It would fork again to do so
if needed.

3 days agocore/service: fix typo
Mike Yuan [Fri, 13 Feb 2026 10:16:47 +0000 (11:16 +0100)] 
core/service: fix typo

Addresses https://github.com/systemd/systemd/pull/40093#discussion_r2803104490

3 days agologin/meson.build: pkgsysconfdir cannot be 'no'
Mike Yuan [Fri, 6 Feb 2026 16:13:38 +0000 (17:13 +0100)] 
login/meson.build: pkgsysconfdir cannot be 'no'

Whether to install example configs to sysconfdir should be
(solely) controlled via install_sysconfdir_samples, as done
everywhere else.

3 days agobasic/meson.build: realign table header
Mike Yuan [Fri, 6 Feb 2026 22:34:20 +0000 (23:34 +0100)] 
basic/meson.build: realign table header

3 days agotest-capability-util: Migrate to new test framework and macros
Daan De Meyer [Fri, 13 Feb 2026 12:04:58 +0000 (13:04 +0100)] 
test-capability-util: Migrate to new test framework and macros

3 days agoresolve: refuse traffic from the local host only for queries
Carlos Peón Costa [Wed, 11 Feb 2026 08:19:26 +0000 (09:19 +0100)] 
resolve: refuse traffic from the local host only for queries

3 days agoportable: /run/systemd/portables => /run/portables
Daan De Meyer [Fri, 13 Feb 2026 09:24:11 +0000 (10:24 +0100)] 
portable: /run/systemd/portables => /run/portables

3 days agossh-proxy: Fix runtime directory
Daan De Meyer [Fri, 13 Feb 2026 08:20:48 +0000 (09:20 +0100)] 
ssh-proxy: Fix runtime directory

3 days agoFollow-ups for the metrics/report tool (#40642)
Daan De Meyer [Fri, 13 Feb 2026 10:37:34 +0000 (11:37 +0100)] 
Follow-ups for the metrics/report tool (#40642)

/cc @YapingLi04

3 days agocore/service: support credentials refreshing on reload (#40093)
Daan De Meyer [Fri, 13 Feb 2026 09:21:44 +0000 (10:21 +0100)] 
core/service: support credentials refreshing on reload (#40093)

Closes https://github.com/systemd/systemd/issues/21099
Closes https://github.com/systemd/systemd/issues/35227

3 days agometrics: fixing casing
Yaping Li [Wed, 11 Feb 2026 23:08:44 +0000 (15:08 -0800)] 
metrics: fixing casing

3 days agoTwo portabled fixes (#40664)
Yu Watanabe [Fri, 13 Feb 2026 07:53:29 +0000 (16:53 +0900)] 
Two portabled fixes (#40664)

3 days agorepart: set r/o GPT flag on verity sig partition too
Luca Boccassi [Fri, 13 Feb 2026 00:21:06 +0000 (00:21 +0000)] 
repart: set r/o GPT flag on verity sig partition too

The default image policy for the verity sig partition expects
the r/o flag to be set, but repart so far did not add it by
default if unset, like it does for the verity partition

3 days agokmod-setup: also load other vsock transport modules 40557/head
Yu Watanabe [Wed, 4 Feb 2026 07:11:38 +0000 (16:11 +0900)] 
kmod-setup: also load other vsock transport modules

Fixes #40161.

3 days agokmod-setup: fix loading virtio related drivers
Yu Watanabe [Tue, 3 Feb 2026 07:59:49 +0000 (16:59 +0900)] 
kmod-setup: fix loading virtio related drivers

It seems the device with modalias e.g. virtio:d00000013v, only appears
after the relevant module is loaded. So, we cannot use the string to
determine if we should load the module.

Fixes #40503.

3 days agopo: Added translation using Weblate (Kazakh)
Baurzhan Muftakhidinov [Thu, 12 Feb 2026 17:18:33 +0000 (17:18 +0000)] 
po: Added translation using Weblate (Kazakh)

Co-authored-by: Baurzhan Muftakhidinov <baurthefirst@gmail.com>
3 days agoTEST-72-SYSUPDATE: Use some very long partition names
Daan De Meyer [Thu, 12 Feb 2026 19:34:27 +0000 (20:34 +0100)] 
TEST-72-SYSUPDATE: Use some very long partition names

To catch issues like https://github.com/systemd/systemd/issues/40658.
The commit that fixes that issue can make the name even longer to ensure
we don't regress again in this regard.

3 days agosysupdate: Compute temporary paths before vacuuming
Daan De Meyer [Thu, 12 Feb 2026 15:17:36 +0000 (16:17 +0100)] 
sysupdate: Compute temporary paths before vacuuming

We don't want to vacuum anything if we're just going to fail just
afterwards because a GPT partition label exceeds the maximum size
so let's compute the temporary paths for all transfers before we do
any vacuuming or acquiring.

3 days agoRevert "hwdb: fix arrow keys on HP Elite Dragonfly G3"
Han Sol Jin [Mon, 9 Feb 2026 10:23:03 +0000 (02:23 -0800)] 
Revert "hwdb: fix arrow keys on HP Elite Dragonfly G3"

Prior to this commit, the behaviour looked like this:

| Keypress | Result       |
| -------- | ------------ |
| Up       | KEY_PAGEUP   |
| Down     | KEY_PAGEDOWN |
| Left     | KEY_LEFT     |
| Right    | KEY_RIGHT    |
| Fn+Up    | KEY_UP       |
| Fn+Down  | KEY_DOWN     |
| Fn+Left  | KEY_HOME     |
| Fn+Right | KEY_END      |

This commit would fix it so that PGUP/PGDN would also require the Fn
key so that the arrow keys behave identically depending on whether Fn
was pressed.

Presumably after a BIOS update, HP seems to have fixed the order. This
now means this commit is now behaving exactly as the table above.

Revert the commit to restore the intended behaviour:

| Keypress | Result       |
| -------- | ------------ |
| Up       | KEY_UP       |
| Down     | KEY_DOWN     |
| Left     | KEY_LEFT     |
| Right    | KEY_RIGHT    |
| Fn+Up    | KEY_PAGEUP   |
| Fn+Down  | KEY_PAGEDOWN |
| Fn+Left  | KEY_HOME     |
| Fn+Right | KEY_END      |

This reverts commit 4fd7c712dcba3c4ed7183ba327d0b88d9b0be9bb.

Signed-off-by: Han Sol Jin <hansol@hansol.ca>
3 days agoportable: do not apply extension image policy if not attaching image 40664/head
Luca Boccassi [Thu, 12 Feb 2026 21:59:29 +0000 (21:59 +0000)] 
portable: do not apply extension image policy if not attaching image

Image policy is only for images, so skip for other types

Follow-up for d05961549277f15399a45cdf42d4d5f3e5ed8097

3 days agoportable: fix --force flag combination with directory extension
Luca Boccassi [Thu, 12 Feb 2026 21:57:26 +0000 (21:57 +0000)] 
portable: fix --force flag combination with directory extension

The check for image type uses the wrong variable, so it's applied
when it shouldn't.

Follow-up for 06768b90a32ac0d36252ebc5f426ad471bf29fce

3 days agoudev: rules: fix camera comparison
David Santamaría Rogado [Thu, 12 Feb 2026 16:29:12 +0000 (17:29 +0100)] 
udev: rules: fix camera comparison

actually that is intended to be a comparison

3 days agoquirks: sensor: squash toshiba tablets
David Santamaría Rogado [Thu, 12 Feb 2026 16:24:46 +0000 (17:24 +0100)] 
quirks: sensor: squash toshiba tablets

actually all of them have the same accel mount matrix.

3 days agoSwitch back to 'http' in SVG files (#40661)
Tabis Kabis [Thu, 12 Feb 2026 17:49:19 +0000 (18:49 +0100)] 
Switch back to 'http' in SVG files (#40661)

Firefox & Chrome don't render images because of 'https' being used in the SVG.
Switch back to 'http'.

Follow-up for 0922f62126297e59c03bc9e1b1f4bd6c362604ba

3 days agoCODING_STYLE: add a brief log msg style guide
Lennart Poettering [Tue, 10 Feb 2026 14:12:49 +0000 (15:12 +0100)] 
CODING_STYLE: add a brief log msg style guide

4 days agoAdd sensor entry for Toshiba Encore WT10A-108
Betacentury [Thu, 12 Feb 2026 09:20:14 +0000 (10:20 +0100)] 
Add sensor entry for Toshiba Encore WT10A-108

Added sensor configuration for Toshiba Encore WT10A-108 tablet.

4 days agodissect: Various fixes and improvements (#40212)
Daan De Meyer [Thu, 12 Feb 2026 10:26:18 +0000 (11:26 +0100)] 
dissect: Various fixes and improvements (#40212)

4 days agodissect: Use must_be_root() 40212/head
Daan De Meyer [Thu, 12 Feb 2026 08:44:29 +0000 (09:44 +0100)] 
dissect: Use must_be_root()

4 days agoshift-uid: Add debug logging
Daan De Meyer [Thu, 5 Feb 2026 20:42:48 +0000 (21:42 +0100)] 
shift-uid: Add debug logging

4 days agodissect: Allow --shift for users with CAP_CHOWN
Daan De Meyer [Thu, 5 Feb 2026 20:42:27 +0000 (21:42 +0100)] 
dissect: Allow --shift for users with CAP_CHOWN

4 days agodissect: Introduce --copy-ownership= to configure chown behavior
DaanDeMeyer [Sat, 27 Dec 2025 19:37:02 +0000 (20:37 +0100)] 
dissect: Introduce --copy-ownership= to configure chown behavior

Currently, if we're copying a file, we won't copy the owner UID/GID
from the source. If we're copying a directory, we will copy the owner
UID/GID from the source. Let's give users a bit more control over this
behavior by introducing --copy-ownership= which will default to the
current behavior but allows users to explicitly enable/disable copying
of ownership.

4 days agodissect: Make --mount/--unmount/--with work unprivileged
DaanDeMeyer [Fri, 26 Dec 2025 21:18:29 +0000 (22:18 +0100)] 
dissect: Make --mount/--unmount/--with work unprivileged

Let's check for CAP_SYS_ADMIN instead of root for these, and make
unmounting more graceful if we can't access the backing loop device
because of permission issues. This allows mounting and unmounting images
from an unprvileged mount namespace. The actual files in the image will
end up owned by nobody:nobody because we'll be in an unprivileged user
namespace, but assuming the directory permissions are not too strict, this
still allows interacting with the image in useful ways.

4 days agodissect: Fix wrong errno passed to log message
DaanDeMeyer [Fri, 26 Dec 2025 21:36:39 +0000 (22:36 +0100)] 
dissect: Fix wrong errno passed to log message

4 days agodissect: Fix segmentation fault if loop device is not provided
DaanDeMeyer [Fri, 26 Dec 2025 21:36:21 +0000 (22:36 +0100)] 
dissect: Fix segmentation fault if loop device is not provided

4 days agodissect: Fix logging in (with)
DaanDeMeyer [Fri, 26 Dec 2025 21:36:08 +0000 (22:36 +0100)] 
dissect: Fix logging in (with)

4 days agodissect: Don't use private userns for --copy-to/--copy-from
DaanDeMeyer [Fri, 26 Dec 2025 20:51:00 +0000 (21:51 +0100)] 
dissect: Don't use private userns for --copy-to/--copy-from

These actions interact with the host. The former needs privileges to
write into the image, the latter needs privileges to write on the host.
Neither will have the privileges required if the image is attached under
a private userns, hence, don't use one.

5 days agoreport: simplify error propagation 40642/head
Zbigniew Jędrzejewski-Szmek [Mon, 9 Feb 2026 11:15:56 +0000 (12:15 +0100)] 
report: simplify error propagation

Returning EXIT_* from an inner function is unusual and better
avoided. Let's just return a negative value and let the caller
do the conversion.

5 days agosd-varlink: Allow using sd_varlink_reply() in streaming methods (#40546)
Daan De Meyer [Wed, 11 Feb 2026 13:58:12 +0000 (14:58 +0100)] 
sd-varlink: Allow using sd_varlink_reply() in streaming methods (#40546)

5 days agobootctl: Drop SD_VARLINK_NULLABLE from ListBootEntries IDL 40546/head
Daan De Meyer [Sun, 8 Feb 2026 21:16:52 +0000 (22:16 +0100)] 
bootctl: Drop SD_VARLINK_NULLABLE from ListBootEntries IDL

9e10f3a7e800ad67be8d8b14ae158a27438814f0 changed the implementation
to report an error instead of an empty object but the IDL was not
adjusted. Let's fix that.

5 days agotree-wide: Migrate to varlink_set_sentinel()
Daan De Meyer [Tue, 3 Feb 2026 11:51:46 +0000 (12:51 +0100)] 
tree-wide: Migrate to varlink_set_sentinel()

5 days agoresolve: Make sure we free varlink subscription sets
Daan De Meyer [Tue, 3 Feb 2026 08:42:15 +0000 (09:42 +0100)] 
resolve: Make sure we free varlink subscription sets

5 days agosd-varlink: Introduce varlink_set_sentinel()
Daan De Meyer [Mon, 2 Feb 2026 13:23:40 +0000 (14:23 +0100)] 
sd-varlink: Introduce varlink_set_sentinel()

Streaming methods which are not used as a continuous subscription but
instead only send a series of objects all end up with the same workaround
to be able to figure out when to send sd_varlink_reply() or sd_varlink_notify().
Let's generalize this in sd-varlink itself.

Let's introduce the concept of a sentinel, which is a reply that will be sent
by sd-varlink if no other reply was queued by a method callback. The sentinel
is configured with varlink_set_sentinel(). If a sentinel is configured,
sd_varlink_reply() can be used more than once in streaming methods to queue
multiple values to stream to the client. The last queued reply is not sent
until the callback finishes. When the callback finishes, the last reply is
sent without "continues: more". If no reply was queued, the sentinel is sent.

This always using only sd_varlink_reply() in such streaming methods and
leaves sd_varlink_notify() available solely for continuous subscription
streaming methods, where we never use sd_varlink_reply() and instead disconnect
when the server exits.

5 days agosd-varlink: Move code around
Daan De Meyer [Mon, 2 Feb 2026 11:59:06 +0000 (12:59 +0100)] 
sd-varlink: Move code around

Preparation for next commits

5 days agovarlink-unit: Coding style cleanups
Daan De Meyer [Wed, 11 Feb 2026 08:39:04 +0000 (09:39 +0100)] 
varlink-unit: Coding style cleanups

5 days agoreport: fix hang when we start skipping metrics
Zbigniew Jędrzejewski-Szmek [Wed, 11 Feb 2026 11:44:13 +0000 (12:44 +0100)] 
report: fix hang when we start skipping metrics

Fixup for 0ec663a41fc49a3e4ec592c4e0037f4bc7e8f6fc.

5 days agoMetrics: Refactor to drop usage of strv
Yaping Li [Mon, 9 Feb 2026 14:47:27 +0000 (06:47 -0800)] 
Metrics: Refactor to drop usage of strv

This addresses Daan's feedback on #39202

5 days agoterminal-util: handle the case where no system console is active (#40630)
Mike Yuan [Tue, 10 Feb 2026 22:59:07 +0000 (23:59 +0100)] 
terminal-util: handle the case where no system console is active (#40630)

/dev/console might have no backing driver, in which case
/sys/class/tty/console/active is empty. Unlike get_kernel_consoles()
resolve_dev_console() currently proceeds with empty devnode, resulting
in setup_input() -> acquire_terminal() emitting -EISDIR as we're trying
to open /dev/. Let's catch this and report -ENXIO.

5 days agoTEST-54-CREDS: add test cases for credential refreshing 40093/head
Mike Yuan [Tue, 10 Feb 2026 07:13:39 +0000 (08:13 +0100)] 
TEST-54-CREDS: add test cases for credential refreshing

5 days agoterminal-util: also protect from empty /sys/class/tty/tty0/active 40630/head
Mike Yuan [Tue, 10 Feb 2026 21:21:25 +0000 (22:21 +0100)] 
terminal-util: also protect from empty /sys/class/tty/tty0/active

5 days agoterminal-util: handle the case where no system console is active
Mike Yuan [Fri, 6 Feb 2026 01:07:05 +0000 (02:07 +0100)] 
terminal-util: handle the case where no system console is active

/dev/console might have no backing driver, in which case
/sys/class/tty/console/active is empty. Unlike get_kernel_consoles()
resolve_dev_console() currently proceeds with empty devnode,
resulting in setup_input() -> acquire_terminal() emitting -EISDIR
as we're trying to open /dev/. Let's catch this and report -ENXIO.

5 days agotest-load-fragment: add unit test for RefreshOnReload= parser
Mike Yuan [Tue, 10 Feb 2026 06:34:57 +0000 (07:34 +0100)] 
test-load-fragment: add unit test for RefreshOnReload= parser

5 days agoman: document RefreshOnReload=
Mike Yuan [Mon, 15 Dec 2025 22:58:07 +0000 (23:58 +0100)] 
man: document RefreshOnReload=

5 days agocore/service: if RefreshOnReload= is explicitly enabled, allow reload even without...
Mike Yuan [Sun, 14 Dec 2025 16:55:04 +0000 (17:55 +0100)] 
core/service: if RefreshOnReload= is explicitly enabled, allow reload even without exec/notify-reload

This was originally brought up by @poettering. If the process
loads stuff on demand and flushes them out after each use,
or actively monitors file changes, they can be reloaded
by merely refreshing the resources.

5 days agocore/service: pass credentials to ExecReload*= if refreshed
Mike Yuan [Sun, 14 Dec 2025 13:47:20 +0000 (14:47 +0100)] 
core/service: pass credentials to ExecReload*= if refreshed

Closes #35227

5 days agocore/service: support credential refreshing on reload
Mike Yuan [Sun, 14 Dec 2025 13:46:57 +0000 (14:46 +0100)] 
core/service: support credential refreshing on reload

Closes #21099

5 days agomacro: add 22nd case for IN_SET
Mike Yuan [Mon, 15 Dec 2025 23:02:01 +0000 (00:02 +0100)] 
macro: add 22nd case for IN_SET

Dejavu moment ;)

5 days agocore/service: introduce RefreshOnReload= setting
Mike Yuan [Sun, 14 Dec 2025 17:20:36 +0000 (18:20 +0100)] 
core/service: introduce RefreshOnReload= setting

This allows controlling resources to be refreshed before performing
reload, with one extra benefit that in the future we can permit
"seemless reload"s, i.e. no active signaling is done to the main process
after refreshing get updated. This could come in handy for programs
that loads stuff on demand or watches changes via inotify.

5 days agocore/exec-credential: introduce unit_refresh_credentials()
Mike Yuan [Sun, 14 Dec 2025 13:31:30 +0000 (14:31 +0100)] 
core/exec-credential: introduce unit_refresh_credentials()

5 days agoprocess-util: teach namespace_fork() to optionally use namespace_enter_delegated()
Mike Yuan [Mon, 15 Dec 2025 18:46:59 +0000 (19:46 +0100)] 
process-util: teach namespace_fork() to optionally use namespace_enter_delegated()

5 days agonamespace-util: introduce namespace_enter_delegated()
Mike Yuan [Wed, 17 Dec 2025 11:32:14 +0000 (12:32 +0100)] 
namespace-util: introduce namespace_enter_delegated()

Typically when entering a namespace the userns is handled last,
because we assume our process is more privileged than the userns.
However, that assumption no longer holds for user managers, which
have no privilege over initial userns and all other namespaces
are actually owned by the userns unshared first (in executor).
Hence, let's add another flavor namespace_enter_delegated() to
accommodate that use case.

5 days agocore/exec-credential: only pass needed bits of ExecParameters down in exec_setup_cred...
Mike Yuan [Sun, 14 Dec 2025 07:56:35 +0000 (08:56 +0100)] 
core/exec-credential: only pass needed bits of ExecParameters down in exec_setup_credentials()

No functional change, preparation for credential reloading support,
where we'd operate on Unit rather than ExecParameters.

5 days agocore/exec-credential: avoid duplicate call to hashmap_contains()
Mike Yuan [Sun, 18 Jan 2026 17:32:46 +0000 (18:32 +0100)] 
core/exec-credential: avoid duplicate call to hashmap_contains()

5 days agocore/exec-credential: stop removing empty credentials dir
Mike Yuan [Sat, 13 Dec 2025 16:37:26 +0000 (17:37 +0100)] 
core/exec-credential: stop removing empty credentials dir

Starting from cfbf7538d87023840c5574fa5b0452e5b0f42149 we'd always
install the credentials dir regardless of whether it's empty,
with the correct permissions. Hence the problem stated in the comment
should no longer be a concern. Moreover, this ensures later in
setup_namespace() the mountpoint would be in-place. This is important
for credential reloading as it saves the trouble of remounting
the upper tmpfs as rw again and create the mountpoint.

5 days agocore/exec-credential: treat credentials dir as populated if it's mounted
Mike Yuan [Sat, 13 Dec 2025 17:11:07 +0000 (18:11 +0100)] 
core/exec-credential: treat credentials dir as populated if it's mounted

We should only fall back to the dir_is_empty() check if
it's a plain dir, where we can't reasonably differentiate
populated yet empty vs not set up. Otherwise let's stick
to the existing mount if we're told to reuse it.

Yes, this is a minor compat break, but with the to-be-introduced
credential reloading support it should fulfill the goal of
keeping the passed set of credentials stable better, while
still allowing things to be refreshed when requested.

5 days agosd-daemon: escape special characters in notification logging text
Mike Yuan [Tue, 10 Feb 2026 14:58:06 +0000 (15:58 +0100)] 
sd-daemon: escape special characters in notification logging text

Follow-up for 21eb636aaad28707bd371bdfd721dea66277e1f5

Our sd_notify() protocol uses newline as separator, which
is not suitable for direct logging.

5 days agoshared-forward: sort definitions
Mike Yuan [Tue, 10 Feb 2026 20:53:02 +0000 (21:53 +0100)] 
shared-forward: sort definitions

5 days agobootctl: decouple "list", "unlink", "cleanup"
Lennart Poettering [Mon, 9 Feb 2026 13:20:27 +0000 (14:20 +0100)] 
bootctl: decouple "list", "unlink", "cleanup"

These operations to quite different things, they just share 2 common
funcs. Let's split them out into separate files.

This also splits up verb_list() into separate calls for the three
operations. This actually fixes issues, as for status/list we want
"unpriv" ESP discovery logic, but for the other two we really should
have privileged discovery logic.

This is preparation for adding "bootctl link" later, but this makes
sense either way, I am sure.

5 days agoTwo mkosi fixes (#40625)
Luca Boccassi [Tue, 10 Feb 2026 17:07:11 +0000 (17:07 +0000)] 
Two mkosi fixes (#40625)

5 days agomkosi: Grow the root partition on boot 40625/head
Daan De Meyer [Tue, 10 Feb 2026 15:32:05 +0000 (16:32 +0100)] 
mkosi: Grow the root partition on boot

Let's make sure the root partition takes up all the allocated space
on boot.

5 days agomkosi: Move generic disk partition before root partition
Daan De Meyer [Tue, 10 Feb 2026 15:31:22 +0000 (16:31 +0100)] 
mkosi: Move generic disk partition before root partition

Otherwise we can't grow the root partition.

6 days agoFix order of class/type in resolve man page
Christopher Head [Tue, 10 Feb 2026 01:22:12 +0000 (17:22 -0800)] 
Fix order of class/type in resolve man page

For each RR `ResolveRecord` returns, it returns the class before the
type, not after.

6 days agosysupdate: Split update into acquire and install verbs (#40236)
Luca Boccassi [Tue, 10 Feb 2026 13:11:52 +0000 (13:11 +0000)] 
sysupdate: Split update into acquire and install verbs (#40236)

Using roughly the approach described in
https://gitlab.gnome.org/GNOME/gnome-software/-/merge_requests/2004#note_2145880.
Basically, copying in-progress downloads to a file/partition with a
predictable prefix, and then moving to a predictable ‘pending’ prefix
when ready to install.

Helps: https://github.com/systemd/systemd/issues/34814

6 days agobootctl: install tweaks (#40622)
Luca Boccassi [Tue, 10 Feb 2026 13:04:48 +0000 (13:04 +0000)] 
bootctl: install tweaks (#40622)

6 days agorepart: Discard only once
Kai Lüke [Thu, 5 Feb 2026 17:51:07 +0000 (18:51 +0100)] 
repart: Discard only once

The indirect discard in mkfs.btrfs on the loop device mapped to the
region on disk can hang and fail the first-boot creation of the rootfs.
Since there already is a discard done we anyway don't need to do it
twice. This might help for most cases to avoid the failure in
mkfs.btrfs.
Keep track if the direct discard worked and then skip the mkfs.btrfs
discard if it did. This still leaves the case where mkfs.btrfs can hang
when the direct discard couldn't succeed and mkfs.btrfs tries again but
since the conditions are rather the same it might be that this case is
not easy to trigger. If the problem still shows up and the kernel won't
be fixed soon we can still disable the mkfs discard for at least btrfs.

6 days agoupdate TODO
Lennart Poettering [Tue, 10 Feb 2026 11:39:13 +0000 (12:39 +0100)] 
update TODO

6 days agobootctl: rearrange if branches in vl_method_install() 40622/head
Lennart Poettering [Tue, 10 Feb 2026 10:47:33 +0000 (11:47 +0100)] 
bootctl: rearrange if branches in vl_method_install()

6 days agobootctl: toughen fd validation in Install() handler
Lennart Poettering [Tue, 10 Feb 2026 10:46:58 +0000 (11:46 +0100)] 
bootctl: toughen fd validation in Install() handler

Let's also check the fd flags. Just in case.

6 days agobootctl: fix varlink IDL for rootDirectory field
Lennart Poettering [Tue, 10 Feb 2026 10:48:25 +0000 (11:48 +0100)] 
bootctl: fix varlink IDL for rootDirectory field

6 days agodiscover-image: restore compatibility with C9S and overlayfs directories (#40616)
Zbigniew Jędrzejewski-Szmek [Tue, 10 Feb 2026 06:56:48 +0000 (07:56 +0100)] 
discover-image: restore compatibility with C9S and overlayfs directories (#40616)

5817c73391b5f3599c50df2c0873b26ea426f848 broke compatibility with CentOS
9 and overlayfs directories, the following fails with -EOPTNOTSUPP:

mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay
portablectl attach --copy=symlink --now --runtime /tmp/overlay app1

name_to_handle_at() fails both with and without AT_HANDLE_MNT_ID_UNIQUE.

Restore the fallback to path_get_mnt_id_at() that was removed. Fixes
TEST-29-PORTABLE.directory

Follow-up for 5817c73391b5f3599c50df2c0873b26ea426f848

6 days agomkosi: isc-dhcp-server was dropped from debian testing/unstable 40616/head
Luca Boccassi [Mon, 9 Feb 2026 20:03:38 +0000 (20:03 +0000)] 
mkosi: isc-dhcp-server was dropped from debian testing/unstable

6 days agodiscover-image: restore compatibility with C9S and overlayfs directories
Luca Boccassi [Mon, 9 Feb 2026 19:19:27 +0000 (19:19 +0000)] 
discover-image: restore compatibility with C9S and overlayfs directories

5817c73391b5f3599c50df2c0873b26ea426f848 broke compatibility with
CentOS 9 and overlayfs directories, the following fails with -EOPTNOTSUPP:

mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay
portablectl attach --copy=symlink --now --runtime /tmp/overlay app1

name_to_handle_at() fails both with and without AT_HANDLE_MNT_ID_UNIQUE.

Restore the fallback to path_get_mnt_id_at() that was removed.
Fixes TEST-29-PORTABLE.directory

Follow-up for 5817c73391b5f3599c50df2c0873b26ea426f848

6 days agomeson: guard symlinks in sysconfdir behind install_sysconfidr
nikstur [Sun, 8 Feb 2026 13:22:28 +0000 (14:22 +0100)] 
meson: guard symlinks in sysconfdir behind install_sysconfidr

Symlinks to files inside sysconfdir are now only installed if
ìnstall_sysconfdir=true (which is the default).

If sshconfdir,sshdconfdir,shellprofiledir are not inside sysconfdir and
install_sysconfidr=false, these symlinks are still installed to the
configured directory.

6 days agotest: Add basic tests for path_split_prefix_filename()
Philip Withnall [Mon, 9 Feb 2026 12:13:51 +0000 (12:13 +0000)] 
test: Add basic tests for path_split_prefix_filename()

These aren’t anything comprehensive, but provide some basic assurances
that it’s working correctly. In particular, they test its behaviour when
*both* the prefix and filename components are requested.

Split out from the original version of this function which was part
of #40236.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
7 days agojournald: set a lower size limit for FDs from unpriv processes
Luca Boccassi [Thu, 5 Feb 2026 00:39:35 +0000 (00:39 +0000)] 
journald: set a lower size limit for FDs from unpriv processes

Unprivileged processes can send 768M in a FD-based message to journald,
which will be malloc'ed in one go, likely causing memory issues.
Set the limit for unprivileged users to 24M.

Allow coredumps as an exception, since we always allowed storing
up to the 768M max core files in the journal.

Reported on yeswehack.com as #YWH-PGM9780-48

7 days agotest: Expand sysupdate test to cover split acquire/install updates 40236/head
Philip Withnall [Mon, 12 Jan 2026 16:43:46 +0000 (16:43 +0000)] 
test: Expand sysupdate test to cover split acquire/install updates

This essentially means the sysupdate tests are now run twice: once with
a monolithic update (`sysupdate update`) and once with a split update
(`sysupdate acquire; sysupdate install`).

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
7 days agosysupdate: Add some more debug output
Philip Withnall [Mon, 12 Jan 2026 16:43:20 +0000 (16:43 +0000)] 
sysupdate: Add some more debug output

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
7 days agosysupdate: Add acquire and install verbs
Philip Withnall [Wed, 31 Dec 2025 00:48:54 +0000 (00:48 +0000)] 
sysupdate: Add acquire and install verbs

These expose the two parts of ‘update’, so that update sets can be
acquired (downloaded) and installed (applied) in separate actions at
different times. For example, this could allow a load of update sets to
be acquired when online, and later applied when offline.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814

7 days agosysupdate: Split the update verb into two parts internally
Philip Withnall [Wed, 31 Dec 2025 00:46:25 +0000 (00:46 +0000)] 
sysupdate: Split the update verb into two parts internally

An ‘acquire’ (download) part, and an ‘install’ (apply) part.

Following commits will expose these as separate verbs and D-Bus methods,
but this commit is the one which rearranges the internals.

If doing an ‘install’, a mirror version of the ‘acquire’ has to happen
first to make sure the transfer’s internal state is correct.

‘Acquire’ can require an internet connection, but ‘install’ will always
work with `--offline` specified.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814

7 days agosysupdate: Add partial/pending flags to UpdateSet
Philip Withnall [Wed, 31 Dec 2025 00:42:17 +0000 (00:42 +0000)] 
sysupdate: Add partial/pending flags to UpdateSet

This commit adds the flags and some basic formatting/printing of them.
Following commits will integrate them into the update/acquire/install
logic.

`UPDATE_PARTIAL` is set if any of the instances in the `UpdateSet` are
partial, i.e. have been partially downloaded.

`UPDATE_PENDING` is set if any of the instances in the `UpdateSet` are
pending, i.e. have been acquired (downloaded) but not yet installed.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814

7 days agosysupdate: Factor out temporary path computation for transfers
Philip Withnall [Wed, 31 Dec 2025 00:36:22 +0000 (00:36 +0000)] 
sysupdate: Factor out temporary path computation for transfers

This helper function will be reused in a following commit.

This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814

7 days agosysupdate: Vacuum partial/pending instances first
Philip Withnall [Wed, 31 Dec 2025 00:05:05 +0000 (00:05 +0000)] 
sysupdate: Vacuum partial/pending instances first

Modify the vacuum implementation to preferentially vacuum partial or
pending transfers first (unless protected) as they are meant to be
fairly transitory, and ones which are hanging around have probably been
forgotten about and/or are out of date.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814

7 days agosysupdate: Implement acquire and install steps for transfers
Philip Withnall [Wed, 31 Dec 2025 00:02:06 +0000 (00:02 +0000)] 
sysupdate: Implement acquire and install steps for transfers

Instead of using a random temporary path for file transfers, use a
predictable one which indicates whether the transfer is partially
complete or pending installation. Similarly for partitions.

This is another step towards being able to split the ‘update’ step into
‘acquire’ and ‘install’.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814

7 days agosysupdate: Factor out a vacuum helper function
Philip Withnall [Tue, 30 Dec 2025 23:56:22 +0000 (23:56 +0000)] 
sysupdate: Factor out a vacuum helper function

This will be reused in an upcoming commit.

This commit introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
Helps: https://github.com/systemd/systemd/issues/34814