]> git.ipfire.org Git - thirdparty/systemd.git/log
thirdparty/systemd.git
2 days agoelf2efi: modernize typing annotations 40755/head
Zbigniew Jędrzejewski-Szmek [Thu, 19 Feb 2026 13:22:18 +0000 (14:22 +0100)] 
elf2efi: modernize typing annotations

We still need Union and Optional as long as compat with Python 3.9
is needed.

2 days agoelf2efi: make mypy-clean
Zbigniew Jędrzejewski-Szmek [Thu, 19 Feb 2026 13:17:29 +0000 (14:17 +0100)] 
elf2efi: make mypy-clean

2 days agoelf2efi: import whole module, not individual symbols
Zbigniew Jędrzejewski-Szmek [Thu, 19 Feb 2026 12:32:31 +0000 (13:32 +0100)] 
elf2efi: import whole module, not individual symbols

When reading the code, it was hard to figure out if the given name was
imported or a local class. And the renaming of imports also made it
harder to look things up online. Arguably, the deeply nested import
structure and inconsistent naming in elftools is partially to blame:
there is just no good way to make this look nice. But anyway, let's use
the usual style of importing the module and using names prefixed with
the module path so that the origin of imported names is clear.

elfutils.elf.elffile is importered separately, because a) it needs to be
imported separately anyway bxecause the module does lazy imports
internally, a) the name already indicates the origin, c) is used in
quite a few places so the shorter name is nice.

2 days agogenerate-sym-test: skip everything that is not a file
Zbigniew Jędrzejewski-Szmek [Thu, 19 Feb 2026 12:01:01 +0000 (13:01 +0100)] 
generate-sym-test: skip everything that is not a file

The generator looks for files in the filesystem, and it sometimes fails
on emacs "lock files" which are a symlink. Ignore those.

2 days agoNEWS: mention python requirement bump
Yu Watanabe [Thu, 19 Feb 2026 13:23:04 +0000 (22:23 +0900)] 
NEWS: mention python requirement bump

2 days agoopenssl-util: pass the UI callback for interactive PIN prompts
Kai Lüke [Thu, 19 Feb 2026 07:01:06 +0000 (16:01 +0900)] 
openssl-util: pass the UI callback for interactive PIN prompts

Observed with the tpm2 provider and the tpm2tss engine was that the
auth process failed because the provider/engine could not ask for the
PIN through the callback, resulting in:
  "Failed to load private key from ...: Input/output error"
Apparently the default UI method is not enough and the key setup
functions expect an explicit method.
Pass the existing UI method through as callback for the key setup.

2 days agoxorg/50-systemd-user: import XAUTHORITY only if set
Dmytro Bagrii [Thu, 19 Feb 2026 00:27:47 +0000 (02:27 +0200)] 
xorg/50-systemd-user: import XAUTHORITY only if set

The warning will still be reported if XAUTHORITY is set but not exported.
However, such scenario is unlikely for xinitrc.d scripts environment.

Fixes #40745

Signed-off-by: Dmytro Bagrii <dimich.dmb@gmail.com>
3 days agope-binary: wrap remaining LE fields with byte-swap macros
Oblivionsage [Wed, 18 Feb 2026 17:22:48 +0000 (18:22 +0100)] 
pe-binary: wrap remaining LE fields with byte-swap macros

Follow-up to 02cab70acf5ca67e838d0d34860baacbf9fc3b6c. pe_hash(),
section_offset_cmp() and uki_hash() still had a bunch of raw accesses
to LE fields (e_lfanew, SizeOfHeaders, PointerToRawData, SizeOfRawData,
VirtualSize, certificate_table->Size) without le32toh(), so they'd
produce garbage on big-endian.

Also wrap VirtualSize in bootspec.c for consistency.

3 days agovpick: Make suffix a single string again instead of a strv
Daan De Meyer [Wed, 18 Feb 2026 20:27:45 +0000 (21:27 +0100)] 
vpick: Make suffix a single string again instead of a strv

This was made a strv to handle either directories or raw images but
since we now handle that via multiple PickFilter instances, we don't
need suffixes to be a strv anymore.

3 days agoudev: rules: integration add spi bus for input dev
David Santamaría Rogado [Wed, 18 Feb 2026 20:24:16 +0000 (21:24 +0100)] 
udev: rules: integration add spi bus for input dev

This bus is used for internal input devices let's set the ID_BUS
property accordingly to tag devices over SPI as internal.

Follow-up for a4381cae8bfacb1160967ac499c2919da7ff8c2b.

3 days agotest: skip dnf signature checks in TEST-88-UPGRADE
Luca Boccassi [Wed, 18 Feb 2026 19:55:41 +0000 (19:55 +0000)] 
test: skip dnf signature checks in TEST-88-UPGRADE

Fixes failure on Rawhide:

TEST-88-UPGRADE.sh[512]: Transaction failed: Rpm transaction failed.
TEST-88-UPGRADE.sh[512]: Warning: skipped OpenPGP checks for 15 packages from repository: @commandline
TEST-88-UPGRADE.sh[512]:   - package systemd-shared-260~devel-20260218150812.fc45.x86_64 does not verify: no signature

3 days agotest: assorted fixes for integration tests (#40737)
Luca Boccassi [Wed, 18 Feb 2026 20:42:15 +0000 (20:42 +0000)] 
test: assorted fixes for integration tests (#40737)

3 days agomachined: Skip root user namespace check for user managers
Daan De Meyer [Wed, 18 Feb 2026 14:58:39 +0000 (15:58 +0100)] 
machined: Skip root user namespace check for user managers

You can register whatever process you want in the user machined instance
that is running in the same namespace as pid 1 as machined won't be allowed
to do anything privileged anyway that could be dangerous when running as a user
instance.

We have to skip the check as we user machined instances don't have
privileges to inspect pid1's user namespaces.

3 days agopcrextend: fix memory leak
Lennart Poettering [Wed, 18 Feb 2026 15:54:58 +0000 (16:54 +0100)] 
pcrextend: fix memory leak

Follow-up for: #40648
Addresses: https://github.com/systemd/systemd/pull/40648#issuecomment-3917469644

3 days agoTag accel devices for uaccess-render
Mario Limonciello (AMD) [Sun, 15 Feb 2026 13:28:47 +0000 (07:28 -0600)] 
Tag accel devices for uaccess-render

accel devices are used for things like NPUs and should be tagged
for the logged in user just like GPUs are.

3 days agotest: cover both verity verification mechanisms in TEST-70-TPM2-nvpcr 40737/head
Luca Boccassi [Wed, 18 Feb 2026 16:20:33 +0000 (16:20 +0000)] 
test: cover both verity verification mechanisms in TEST-70-TPM2-nvpcr

Follow-up for 521a523ce0cdcf0d529bd566f3d64ae93f10419d

3 days agotest: move check for verity kernel keyring support to util.sh
Luca Boccassi [Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)] 
test: move check for verity kernel keyring support to util.sh

3 days agotest: do not fail TEST-86-MULTI-PROFILE-UKI if full TPM2 support not available
Luca Boccassi [Wed, 18 Feb 2026 15:39:11 +0000 (15:39 +0000)] 
test: do not fail TEST-86-MULTI-PROFILE-UKI if full TPM2 support not available

On a mkosi run on GHA:

[    9.547863] TEST-86-MULTI-PROFILE-UKI.sh[458]: + /usr/lib/systemd/systemd-measure --current
[    9.552790] TEST-86-MULTI-PROFILE-UKI.sh[463]: Measuring boot phases: enter-initrd, enter-initrd:leave-initrd, enter-initrd:leave-initrd:sysinit, enter-initrd:leave-initrd:sysinit:ready
[    9.553086] TEST-86-MULTI-PROFILE-UKI.sh[463]: Found container virtualization none.
[    9.553308] TEST-86-MULTI-PROFILE-UKI.sh[463]: Reading EFI variable /sys/firmware/efi/efivars/LoaderTpm2ActivePcrBanks-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f.
[    9.553486] TEST-86-MULTI-PROFILE-UKI.sh[463]: Loaded shared library 'libtss2-esys.so.0' via dlopen().
[    9.553676] TEST-86-MULTI-PROFILE-UKI.sh[463]: Loaded shared library 'libtss2-rc.so.0' via dlopen().
[    9.553867] TEST-86-MULTI-PROFILE-UKI.sh[463]: Loaded shared library 'libtss2-mu.so.0' via dlopen().
[    9.554050] TEST-86-MULTI-PROFILE-UKI.sh[463]: Sorry, system lacks full TPM2 support.
[FAILED] Failed to start TEST-86-MULTI-PROFILE-UKI.service - TEST-86-MULTI-PROFILE-UKI.

3 days agostub: more hardening against malformed images
Luca Boccassi [Wed, 18 Feb 2026 15:05:44 +0000 (15:05 +0000)] 
stub: more hardening against malformed images

Avoid issues with malformed images.

Reported on various yeswehack.com reports

YWH-PGM9780-73
YWH-PGM9780-68
YWH-PGM9780-67
YWH-PGM9780-87

3 days agovmspawn: Don't keep tpmstate around in auto mode if ephemeral
Daan De Meyer [Wed, 18 Feb 2026 13:02:53 +0000 (14:02 +0100)] 
vmspawn: Don't keep tpmstate around in auto mode if ephemeral

3 days agoBump minimum version of python to 3.9 (#40711)
Zbigniew Jędrzejewski-Szmek [Wed, 18 Feb 2026 12:33:29 +0000 (13:33 +0100)] 
Bump minimum version of python to 3.9 (#40711)

3 days agobash completion: various machinectl/portablectl fixes (#40719)
Luca Boccassi [Wed, 18 Feb 2026 11:08:29 +0000 (11:08 +0000)] 
bash completion: various machinectl/portablectl fixes (#40719)

3 days agobuild(deps): bump super-linter/super-linter in the actions group
dependabot[bot] [Wed, 18 Feb 2026 10:42:50 +0000 (10:42 +0000)] 
build(deps): bump super-linter/super-linter in the actions group

Bumps the actions group with 1 update: [super-linter/super-linter](https://github.com/super-linter/super-linter).

Updates `super-linter/super-linter` from 8.4.0 to 8.5.0
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e...61abc07d755095a68f4987d1c2c3d1d64408f1f9)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
3 days agobash completion: add --user/--system to portablectl 40719/head
Luca Boccassi [Tue, 17 Feb 2026 21:53:14 +0000 (21:53 +0000)] 
bash completion: add --user/--system to portablectl

3 days agobash completion: add missing machinectl parameters
Luca Boccassi [Tue, 17 Feb 2026 21:50:59 +0000 (21:50 +0000)] 
bash completion: add missing machinectl parameters

3 days agobash completion: fix machinectl completion when mixing machines and files
Luca Boccassi [Tue, 17 Feb 2026 20:56:16 +0000 (20:56 +0000)] 
bash completion: fix machinectl completion when mixing machines and files

3 days agobash completion: add --system/--user to machinectl
Luca Boccassi [Tue, 17 Feb 2026 20:59:50 +0000 (20:59 +0000)] 
bash completion: add --system/--user to machinectl

3 days agoci: set dependabot cooldown period, disable persisting credentials for actions/checko...
Luca Boccassi [Wed, 18 Feb 2026 10:39:11 +0000 (10:39 +0000)] 
ci: set dependabot cooldown period, disable persisting credentials for actions/checkout (#40728)

github/dependabot: set cooldown period
github/workflows: disable persisting credentials for actions/checkout

3 days agometrics: add networkd related metrics (#40619)
Yu Watanabe [Wed, 18 Feb 2026 10:26:55 +0000 (19:26 +0900)] 
metrics: add networkd related metrics (#40619)

This adds support for networkd related metrics. The output looks like this:
```
{
"name" : "io.systemd.Network.addressState",
"object" : "lo",
"value" : "off"
}
{
"name" : "io.systemd.Network.adminState",
"object" : "lo",
"value" : "unmanaged"
}
{
"name" : "io.systemd.Network.carrierState",
"object" : "lo",
"value" : "carrier"
}
{
"name" : "io.systemd.Network.ipv4AddressState",
"object" : "lo",
"value" : "off"
}
{
"name" : "io.systemd.Network.ipv6AddressState",
"object" : "lo",
"value" : "off"
}
{
"name" : "io.systemd.Network.managedInterfaces",
"value" : 0
}
{
"name" : "io.systemd.Network.operationalState",
"object" : "lo",
"value" : "carrier"
}
```

3 days agoRevert "check-os-release.py compatible with Python < 3.8" 40711/head
Yu Watanabe [Tue, 17 Feb 2026 11:40:55 +0000 (20:40 +0900)] 
Revert "check-os-release.py compatible with Python < 3.8"

This reverts commit ce0a056abc41168e1b45537505ca9f65bf6f5c30.

3 days agoRevert "tools: make update-dbus-docs compatible with Python 3.7"
Yu Watanabe [Tue, 17 Feb 2026 11:40:24 +0000 (20:40 +0900)] 
Revert "tools: make update-dbus-docs compatible with Python 3.7"

This reverts commit 668b3a42fe9e250912bd3efa4460ed691452d9bf.

Now we require Python 3.9 or newer.

3 days agoRevert "generate-bpf-delegate-configs: fix compatibility with Python 3.7"
Yu Watanabe [Tue, 17 Feb 2026 11:33:54 +0000 (20:33 +0900)] 
Revert "generate-bpf-delegate-configs: fix compatibility with Python 3.7"

This reverts commit dee77ac201741709b2323cae73aeeaff60fd8521.

Now we require Python 3.9 or newer.

3 days agoRevert "meson: fix compatibility with Python 3.7"
Yu Watanabe [Tue, 17 Feb 2026 11:31:10 +0000 (20:31 +0900)] 
Revert "meson: fix compatibility with Python 3.7"

This reverts commit 2793d6acf063ae8fe506a1684e5a24ce83267e6d.

Now we require Python 3.9 or newer.

3 days agoBump minimum version of python to 3.9
Jörg Behrmann [Tue, 17 Feb 2026 09:20:05 +0000 (10:20 +0100)] 
Bump minimum version of python to 3.9

This was announced in fd8c62075197e4f4702bb6e4537116a64cb539b7 and every
still-supported distributo release provides at least 3.9, as tracked by #38608.

3 days agomeson: ukify unconditionally requires pefile module
Yu Watanabe [Tue, 17 Feb 2026 12:07:27 +0000 (21:07 +0900)] 
meson: ukify unconditionally requires pefile module

Follow-up for 3fc5eed47091363247012454df458e1a3303bf12.

3 days agometrics: add networkd related metrics 40619/head
Yaping Li [Tue, 10 Feb 2026 01:08:01 +0000 (17:08 -0800)] 
metrics: add networkd related metrics

3 days agonetwork: use higher log level when we cannot bind resolve hook varlink socket
Yu Watanabe [Wed, 18 Feb 2026 08:53:35 +0000 (17:53 +0900)] 
network: use higher log level when we cannot bind resolve hook varlink socket

3 days agomeson,test: sort unit files
Yu Watanabe [Wed, 18 Feb 2026 03:10:50 +0000 (12:10 +0900)] 
meson,test: sort unit files

3 days agogithub/workflows: disable persisting credentials for actions/checkout 40728/head
Dmitry V. Levin [Wed, 18 Feb 2026 08:00:00 +0000 (08:00 +0000)] 
github/workflows: disable persisting credentials for actions/checkout

Set `persist-credentials: false` for actions/checkout.

By default, using `actions/checkout` causes a credential to be persisted on
disk.  Subsequent steps may accidentally publicly persist the credential, e.g.
by including it in a publicly accessible artifact via actions/upload-artifact.
However, even without this, persisting the credential on disk is non-ideal
unless actually needed.

Link: https://docs.zizmor.sh/audits/#artipacked
3 days agogithub/dependabot: set cooldown period
Dmitry V. Levin [Wed, 18 Feb 2026 08:00:00 +0000 (08:00 +0000)] 
github/dependabot: set cooldown period

By default, Dependabot does not perform any cooldown on dependency updates.
In other words, a regularly scheduled Dependabot run may perform an update
on a dependency that was just released moments before the run began.
This presents both stability and supply-chain security risks.

To mitigate these risks, explicitly set Dependabot cooldown period to 7 days.

Link: https://docs.zizmor.sh/audits/#dependabot-cooldown
3 days agobootspec: add missing else
Yu Watanabe [Wed, 18 Feb 2026 01:53:57 +0000 (10:53 +0900)] 
bootspec: add missing else

Otherwise, OOM error will never checked, and the "preferred" setting
always emits warning that the field is unknown.

Follow-up for 450e0dce02d754d7af599dd99ab40b9363072760.
Fixes CID#1645063.

3 days agoudev: rules: integration fix
David Santamaría Rogado [Tue, 17 Feb 2026 22:57:49 +0000 (23:57 +0100)] 
udev: rules: integration fix

ID_INTEGRATION is not being updated with hwdb entries, asign the new
value to it when hwdb has been imported.

We still need the 65-integration.rule assignment for devices that aren't
in hwdb.

While at it remove unneeded check in 70-touchpad.rules, as it was not
added for 70-joystick.rules with the statement if ID_INPUT_* is set and
ID_INPUT not, there is a bug elsewhere. And remove unneeded gotos in
both files.

Follow-up for a4381cae8bfacb1160967ac499c2919da7ff8c2b.

3 days agosysupdate: Use partition types for pending/partial partitions
Daan De Meyer [Tue, 17 Feb 2026 19:57:01 +0000 (20:57 +0100)] 
sysupdate: Use partition types for pending/partial partitions

Fixes #40658

3 days agoREADME: mention about musl requirements
Yu Watanabe [Wed, 18 Feb 2026 02:03:18 +0000 (11:03 +0900)] 
README: mention about musl requirements

3 days agope-binary: fix missing le16toh() on NumberOfSections in pe_hash/uki_hash
Oblivionsage [Tue, 17 Feb 2026 18:39:05 +0000 (19:39 +0100)] 
pe-binary: fix missing le16toh() on NumberOfSections in pe_hash/uki_hash

pe_hash() and uki_hash() pass pe_header->pe.NumberOfSections directly
to typesafe_qsort() and FOREACH_ARRAY() without le16toh(). On
big-endian (s390x), NumberOfSections=3 gets read as 0x0300 (768),
while pe_load_sections() correctly converts it and only allocates 3
sections. This makes qsort process 768 elements on a 3-element
buffer, causing a heap-buffer-overflow (confirmed with ASAN on
native s390x).

Wrap all three raw usages with le16toh() to match pe_load_sections().

3 days agoverity: measure all root hashes as we activate to a new NvPCR (#40648)
Lennart Poettering [Tue, 17 Feb 2026 22:44:46 +0000 (23:44 +0100)] 
verity: measure all root hashes as we activate to a new NvPCR (#40648)

4 days agoupdate TODO 40648/head
Lennart Poettering [Wed, 11 Feb 2026 17:27:42 +0000 (18:27 +0100)] 
update TODO

4 days agoci: add simple test that ensures the verity nvpcr measurements are made
Lennart Poettering [Tue, 17 Feb 2026 20:59:30 +0000 (21:59 +0100)] 
ci: add simple test that ensures the verity nvpcr measurements are made

4 days agogpt-auto-generator: enable nvpcr logic by default
Lennart Poettering [Wed, 11 Feb 2026 15:29:59 +0000 (16:29 +0100)] 
gpt-auto-generator: enable nvpcr logic by default

Let's enable this kind of measurement by default if people buy into UKIs
and stuff, just like volume key measurement is now enabled by default.

4 days agoveritysetup: optionally measure Verity once we activated it
Lennart Poettering [Wed, 11 Feb 2026 12:13:21 +0000 (13:13 +0100)] 
veritysetup: optionally measure Verity once we activated it

As in the previous commit, also enable the measurement logic when
activating Verity via veritsetup rather than the dissection logic.

The logic stays close to the interface of cryptsetup for measuring the
volume key.

4 days agodissect-image: measure Verity before making use of them
Lennart Poettering [Wed, 11 Feb 2026 12:12:26 +0000 (13:12 +0100)] 
dissect-image: measure Verity before making use of them

Let's hook up the dissection logic with the new measurement infra, and
issue the measurement after successfully unlock an image, but before
returning to the caller.

Note that ideally we'd do this measurement in the kernel, so that we can
place it after authenticating the root hash, but before activating the
medium. One day we should be able to do that via eBPF based on userspace
policies, but for now, this would require too much kernel rework.

Let's however make sure our measurements only contain data that the
kernel could know too, so that we hopefully can move these measurements
to the kernel without changing their formatting.

4 days agopcrextend-util: add helpers for measuring roothash/signature of Verity volumes
Lennart Poettering [Wed, 11 Feb 2026 12:11:38 +0000 (13:11 +0100)] 
pcrextend-util: add helpers for measuring roothash/signature of Verity volumes

This adds infrastructure for measuring Verity root hashes from
userspace, along with he issuer/serial of the signatures used to unlock
them.

We measure the triplet of volume name, root hash and issuer/serial. if
confext/sysext use different signing keys then this ensures the event
log carry information about the type of image measures.

4 days agopkcs7-util: add helpers for extracting signer info from PKCS7 signatures
Lennart Poettering [Wed, 11 Feb 2026 12:10:47 +0000 (13:10 +0100)] 
pkcs7-util: add helpers for extracting signer info from PKCS7 signatures

Once we start measuring Verity volumes as we activate them we want to
include information about the signature keys used, so that we can have
distinct ones for confext and for sysext and ther purposes and thus have
a cryptograpically protected hint about the kind of image we have
activated in the event log.

Ideally we'd measure a fingerprint of the signing certificate here, but
we don't have that here typically (as PKCS7 signatures used here
typically do not embed that), hence use the next best thing: the issuer
name and the serial number.

4 days agotpm2-setup: introduce nvpcr for measuring Verity images
Lennart Poettering [Wed, 11 Feb 2026 12:13:00 +0000 (13:13 +0100)] 
tpm2-setup: introduce nvpcr for measuring Verity images

I thnk it's crucial we start to measure Verity images as we activate
them, so that the event log has a full trace of the compisition of the
system. hence let's introduce a new NvPCR for this purpse, under the
name "verity".

4 days agocryptsetup: extend HAVE_TPM2 conditioning to cover more
Lennart Poettering [Wed, 11 Feb 2026 12:10:05 +0000 (13:10 +0100)] 
cryptsetup: extend HAVE_TPM2 conditioning to cover more

If TPM2 support is off, any check for TPM2 support will fail, hence we
can just suppress it.

4 days agopcrextend: allow access to the userspace event type field when measuring something
Lennart Poettering [Wed, 11 Feb 2026 13:28:02 +0000 (14:28 +0100)] 
pcrextend: allow access to the userspace event type field when measuring something

It think we should move most measurements out of the individual tools
requesting them and into the pcrextend service via Varlink, so that
fewer components require access to the TPM.

This only works however, if we can actually write full-blown event log
records via this mechanism, and for that we still were missing access to
the userspace event type we insert into the event log. Add that.

4 days agocryptsetup: move default choice of nvpcr for keyslots from generator into cryptsetup
Lennart Poettering [Wed, 11 Feb 2026 15:29:19 +0000 (16:29 +0100)] 
cryptsetup: move default choice of nvpcr for keyslots from generator into cryptsetup

Let's pick the default NvPCR name to use inside of cryptsetup itself, instead
of in the generator. I think this is the better choice, since it means
the default can also be used if the regular verittab generator is used
instead of the gpt-auto generator.

4 days agosystemd-boot: add a preferred setting that's similar to default but avoids booting...
r-vdp [Sun, 11 Jan 2026 18:49:34 +0000 (19:49 +0100)] 
systemd-boot: add a preferred setting that's similar to default but avoids booting known-bad entries

Motivation:
Currently, when setting the default boot pattern, boot assessment status
is not taken into account. This means that with boot assessment enabled,
when an explicit boot entry is configured as the default entry using an
EFI var, as is common for instance in A/B boot schemes, the configured
entry will be booted indefinitly, regardless of the entry's boot
assessment status.
In order to allow for this use case in combination with boot assessment,
we introduce a new `preferred` keyword, both in the config file and in the
bootctl CLI, that acts very similar to the existing `default` keyword but
takes boot assessment into account and never selects any entries that
have been marked as bad.
If the preferred pattern does not resolve to any bootable entry, and a
default pattern is also specified, then the default pattern will be
considered next, and we may then still select a known-bad entry to be
booted.

Fixes: https://github.com/systemd/systemd/issues/31215
Fixes: https://github.com/systemd/systemd/issues/40192
4 days agoboot: Fix UKI boot for kernels with non-zero ImageBase (#40429)
Yu Watanabe [Tue, 17 Feb 2026 18:27:41 +0000 (03:27 +0900)] 
boot: Fix UKI boot for kernels with non-zero ImageBase (#40429)

The current code incorrectly subtracts ImageBase from section
VirtualAddress values when loading sections into memory. This is based
on a misunderstanding of the PE specification.

VirtualAddress in section headers is the address of the first byte of
the section relative to the image base when the section is loaded into
memory. In other words, VirtualAddress is already an RVA measured from
the image base, it is definitely NOT an absolute address that needs to
be adjusted.

So when loading a PE image into a newly allocated buffer, sections
should be copied to buffer + VirtualAddress, regardless of what
ImageBase says. The ImageBase field merely indicates the *preferred*
load address, it does not affect how section RVAs are interpreted.

This happens to not cause issues when ImageBase was 0 (since
VirtualAddress - 0 = VirtualAddress), which is why this bug went
undetected on modern kernels. However, it fails with kernels that have
non-zero ImageBase values.

So let's remove the nonsensical VirtualAddress < ImageBase check, and
remove the ImageBase subtractions from section loading offsets. This
lets all kernel UKIs work properly again.

Fixes: #40342
4 days agosd-bus: Make sure we can connect to user machines as well (#40698)
Daan De Meyer [Tue, 17 Feb 2026 18:13:40 +0000 (19:13 +0100)] 
sd-bus: Make sure we can connect to user machines as well (#40698)

Don't unconditionally look into /run/systemd/machines. If we're a
connected to a session bus, look at the machines for the current user
instead.

4 days agoinclude: update kernel headers from v6.19
Yu Watanabe [Tue, 17 Feb 2026 17:45:58 +0000 (02:45 +0900)] 
include: update kernel headers from v6.19

4 days agoboot: drop now-unused image_base param 40429/head
Zbigniew Jędrzejewski-Szmek [Tue, 17 Feb 2026 17:21:45 +0000 (18:21 +0100)] 
boot: drop now-unused image_base param

4 days agodbus/varlink: do not skip privilege check when polkit support is disabled
Luca Boccassi [Tue, 17 Feb 2026 14:37:43 +0000 (14:37 +0000)] 
dbus/varlink: do not skip privilege check when polkit support is disabled

There's not going to be any query if polkit support is
disabled at build time, so always check the peer's privileges
in that case

Follow-up for f5a12ceaedf4d490a9dc82e9460dd6fd97acc942

4 days agosd-bus: Don't fork unnecessarily to connect to container 40698/head
Daan De Meyer [Mon, 16 Feb 2026 12:14:58 +0000 (13:14 +0100)] 
sd-bus: Don't fork unnecessarily to connect to container

Let's check if we're already in the right namespaces and call connect()
directly if that's the case. This can easily happen when the machine is
specified as .host or so.

4 days agosd-bus: Make sure we can connect to user machines as well
Daan De Meyer [Mon, 16 Feb 2026 10:27:21 +0000 (11:27 +0100)] 
sd-bus: Make sure we can connect to user machines as well

Don't unconditionally look into /run/systemd/machines. If we're a
connected to a session bus, look at the machines for the current user
instead.

4 days agonamespace-util: Do is_our_namespace() checks first in namespace_enter()
Daan De Meyer [Tue, 17 Feb 2026 14:36:00 +0000 (15:36 +0100)] 
namespace-util: Do is_our_namespace() checks first in namespace_enter()

These checks may rely on /proc on older kernels which we could lose access
to by joining namespaces so let's do all the checks first and then join
namespaces.

4 days agoxaccess: Rework from boolean into a list of tags (#40645)
Yu Watanabe [Tue, 17 Feb 2026 16:24:59 +0000 (01:24 +0900)] 
xaccess: Rework from boolean into a list of tags (#40645)

Fixes: #40634
4 days agoNEWS: clarify the change for non-system accounts in v260 vs. v259
Zbigniew Jędrzejewski-Szmek [Tue, 17 Feb 2026 16:13:11 +0000 (17:13 +0100)] 
NEWS: clarify the change for non-system accounts in v260 vs. v259

In 5c05a339c6665e3a35f6000a46dcd1da80fcdced I retroactively changed the NEWS
entry for v259. But this is very confusing, because it looks like the original
change never happened and it's not clear what is being reverted.

Let's restore the original text, and just add a short note, but then move
the new text to the section for v260.

4 days agoman: fix typo
Yu Watanabe [Tue, 17 Feb 2026 16:01:11 +0000 (16:01 +0000)] 
man: fix typo

4 days agoNEWS,man: mark systemd-report as experimental
Zbigniew Jędrzejewski-Szmek [Tue, 17 Feb 2026 14:41:24 +0000 (15:41 +0100)] 
NEWS,man: mark systemd-report as experimental

I expect that we'll need to make incompatible changes to
all of this, so let's mark things appropriately.

4 days agomemstream-util: fix doubled %m
Yu Watanabe [Tue, 17 Feb 2026 15:47:22 +0000 (00:47 +0900)] 
memstream-util: fix doubled %m

Follow-up for abe72100cfc292093153d48a132a5ab1b5f61dd5.

4 days agonamespace-util: Add extra debug logging
Daan De Meyer [Tue, 17 Feb 2026 14:35:30 +0000 (15:35 +0100)] 
namespace-util: Add extra debug logging

4 days agocoredump: Use error log level in coredump_send_to_container()
Daan De Meyer [Tue, 17 Feb 2026 14:38:01 +0000 (15:38 +0100)] 
coredump: Use error log level in coredump_send_to_container()

4 days agoNEWS: mention -Dcompat-sysv-interfaces=BOOL meson option
Yu Watanabe [Tue, 17 Feb 2026 15:35:29 +0000 (00:35 +0900)] 
NEWS: mention -Dcompat-sysv-interfaces=BOOL meson option

4 days agoNEWS: -Dlibiptc= meson option has been deprecated since v259
Yu Watanabe [Tue, 17 Feb 2026 15:35:13 +0000 (00:35 +0900)] 
NEWS: -Dlibiptc= meson option has been deprecated since v259

4 days agoNEWS: note new varlink method
Luca Boccassi [Tue, 17 Feb 2026 15:38:16 +0000 (15:38 +0000)] 
NEWS: note new varlink method

4 days agoNEWS: fix typo
Luca Boccassi [Tue, 17 Feb 2026 15:35:40 +0000 (15:35 +0000)] 
NEWS: fix typo

4 days agoNEWS: correct descriptions for bootctl/networkd's varlink interfaces
Mike Yuan [Tue, 17 Feb 2026 15:14:46 +0000 (16:14 +0100)] 
NEWS: correct descriptions for bootctl/networkd's varlink interfaces

4 days agoNEWS: two additions for pid1
Mike Yuan [Tue, 17 Feb 2026 15:09:45 +0000 (16:09 +0100)] 
NEWS: two additions for pid1

4 days agosd-json: fix doubled space
Mike Yuan [Tue, 17 Feb 2026 14:57:36 +0000 (15:57 +0100)] 
sd-json: fix doubled space

4 days agoresolved-dns-scope: fix typo
Mike Yuan [Tue, 17 Feb 2026 14:57:22 +0000 (15:57 +0100)] 
resolved-dns-scope: fix typo

4 days agoNEWS: fix typo
Yu Watanabe [Tue, 17 Feb 2026 15:20:55 +0000 (00:20 +0900)] 
NEWS: fix typo

4 days agonews: fix typos
Jörg Behrmann [Tue, 17 Feb 2026 15:19:35 +0000 (16:19 +0100)] 
news: fix typos

4 days agoNEWS: initial list of changes for v260
Zbigniew Jędrzejewski-Szmek [Tue, 17 Feb 2026 14:26:22 +0000 (15:26 +0100)] 
NEWS: initial list of changes for v260

4 days agoNEWS: corrections/rewordings
Zbigniew Jędrzejewski-Szmek [Tue, 17 Feb 2026 10:25:07 +0000 (11:25 +0100)] 
NEWS: corrections/rewordings

4 days agoudev: Tag GPU render nodes as xaccess-render 40645/head
Alessandro Astone [Wed, 11 Feb 2026 14:05:45 +0000 (15:05 +0100)] 
udev: Tag GPU render nodes as xaccess-render

4 days agoxaccess: Rework from boolean into a list of tags
Alessandro Astone [Wed, 11 Feb 2026 14:02:53 +0000 (15:02 +0100)] 
xaccess: Rework from boolean into a list of tags

XDG_SESSION_EXTRA_DEVICE_ACCESS will now take a colon-separated list of
identifiers. For every identifier $ID, the session is granted access to all
devices tagged as "xaccess-$ID" in udev.

Fixes: #40634
4 days agohwdb: add Vernier Go Direct sensors
AsciiWolf [Tue, 17 Feb 2026 14:04:38 +0000 (15:04 +0100)] 
hwdb: add Vernier Go Direct sensors

4 days agoFixes & improvments for using homed-luks on 4k disks (#35776)
Yu Watanabe [Tue, 17 Feb 2026 14:23:23 +0000 (23:23 +0900)] 
Fixes & improvments for using homed-luks on 4k disks (#35776)

Mostly consists of fixes to

- use the same sector_size as the fdisk context we are using, when
converting between sectors returned by libfdisk to bytes. Fixes #30394 ,
Fixes #30393
- Use the explicit sector size if specified in the home record when are
probing the image file using libblkid. Fixes #30393

Also contains some other improvements with using physical block devices.

- Automatically probe sector size of physical block device, if user does
not pass luks-sector-size explicitly.
- Assign partitions to 1 MiB boundaries, as it is the standard practice
followed by all tools, fdisk, gptfdisk, gnu parted etc.
- Avoid stacking of loop device on top of physical block device in
home_create_luks as it leads to degradation of discard operations, and
mkfs getting stuck.

4 days agoSensor cleanup 1st pass (#40675)
Yu Watanabe [Tue, 17 Feb 2026 13:20:38 +0000 (22:20 +0900)] 
Sensor cleanup 1st pass (#40675)

This is a general cleanup of the sensors hwdb file divides into several
commits per brand.

I have merged the devices that use the same matrices, clean up a little
some clear dmi matches, and apply a inline comment with the device where
is certainly very clear way to display.

My idea is to do more cleanup steps but actually will require more
effort to achieve complete dmis, I can do it with little time, and some
consensus for comment styling.

About the comment styling actually I thing we could follow two rules at
the same time: inline comment when the dmi match is short and there is
no additional many information than just the model, and the other one
comment above the dmi match when is too long or there are need to add
more info.

4 days agoUse sectorsize for partition tables on block devs 35776/head
scarlet-storm [Sat, 28 Dec 2024 08:44:11 +0000 (14:14 +0530)] 
Use sectorsize for partition tables on block devs

Fix for specific case #30393 where 4k sector luks container is created
on a 512b device. In this case the partition table needs to be 512b,
else the kernel will not be able to find the partition, and we will
have to create a loop device to translate the partition table to 4k.

4 days agohomework: Ensure we don't stack block devices
scarlet-storm [Sat, 28 Dec 2024 07:55:25 +0000 (13:25 +0530)] 
homework: Ensure we don't stack block devices

Ensure we don't create a loop device on top of a physical block device.
This leads to huge performance degradation of discard operations if the
physical device does not support discard_on_zeroes.

- loop device historical semantics dictates that when the device is
  discarded, it needs to return zero data on read. This can be
  implemented easily on a filesystem. since fallocate zero-range
  would return immediately & the holes are handled at the filesystem
  level to return zero data on read.
- For a raw block device, the feature (discard_zeroes_data) depends on
  the capabilities of the physical device that is exposed to the
  block layer by the driver. This means that to guarantee that the loop
  device stacked on a block device returns zero on discarded data,
  it needs to convert discarded range into write_zero op on the block device.
  https://github.com/torvalds/linux/blob/63676eefb7a026d04b51dcb7aaf54f358517a2ec/drivers/block/loop.c#L773

For example on one of my local nvme I can see the following:
cat /sys/class/block/nvme1n1/queue/write_zeroes_max_bytes
131072
cat /sys/class/block/nvme0n1/queue/discard_max_hw_bytes
2199023255040

This means maximum size of a write_zero operation can be 128KiB &
maximum size of discard operation can be 2TiB on the block device.
So discarding for example 1TB of data, which would be a single block
device operation, gets split into 8.3 million block device operations
when issued on top of stacked loop device.

4 days agohomework: Use same sector size when probing the device
scarlet-storm [Sat, 28 Dec 2024 03:43:34 +0000 (09:13 +0530)] 
homework: Use same sector size when probing the device

If there is an explicit sector size specified in the user record,
use the same when probing the file using libblkid. The default
is 512 bytes, which will not be able to find the signatures, if the
partition table on regular file was created assuming 4k sectors

4 days agohomework: Align partitions to 1MiB
scarlet-storm [Fri, 27 Dec 2024 16:04:36 +0000 (21:34 +0530)] 
homework: Align partitions to 1MiB

Align partitions to 1MiB for consistency with regular partition tools
which use 1MiB alignment by default

4 days agohomework: Auto-probe luks sector size
scarlet-storm [Fri, 27 Dec 2024 11:49:34 +0000 (17:19 +0530)] 
homework: Auto-probe luks sector size

Auto-probe the luks sector size, if not explicitly
specified in the home record

4 days agohomework: Remove zeroing of PMBR
scarlet-storm [Fri, 27 Dec 2024 10:26:12 +0000 (15:56 +0530)] 
homework: Remove zeroing of PMBR

Remove zeroing of PMBR before writing out the new partition table.
There is no reason, to do this explicitly ?

4 days agohomework: Use same sector size as fdisk context
scarlet-storm [Fri, 27 Dec 2024 07:22:02 +0000 (12:52 +0530)] 
homework: Use same sector size as fdisk context

Ensure we use the same sector size as used in the created
fdisk context when converting between sectors and bytes.

4 days agohwdb: sensor: unknown add colon to sensor match 40675/head
David Santamaría Rogado [Tue, 17 Feb 2026 03:17:41 +0000 (04:17 +0100)] 
hwdb: sensor: unknown add colon to sensor match

4 days agohwdb: sensor: yours add comment
David Santamaría Rogado [Tue, 17 Feb 2026 03:11:59 +0000 (04:11 +0100)] 
hwdb: sensor: yours add comment

4 days agohwdb: sensor: wortmann in-line comment
David Santamaría Rogado [Tue, 17 Feb 2026 03:09:08 +0000 (04:09 +0100)] 
hwdb: sensor: wortmann in-line comment