Daan De Meyer [Fri, 6 Mar 2026 14:06:36 +0000 (15:06 +0100)]
ci: Make claude action review PRs only and fix the instructions
Turns out the claude code action has issues reviewing PRs from forks
(https://github.com/anthropics/claude-code-action/issues/939). Let's
reuse the approach from https://github.com/pzmarzly/demo--claude-bot-reviews
instead (which I've explicitly asked permission for to reuse).
Unlike the linked demo, we still insist on a comment by a maintainer
before claude reviews the PR.
Daan De Meyer [Fri, 6 Mar 2026 09:17:01 +0000 (10:17 +0100)]
agent: Minimize the amount of instructions in AGENTS.md
Let's only keep instructions for stuff that we've seen the AI
mess up in practice rather than having a bunch of AI generated
text that it can figure out for itself these days (given it was
trained on systemd's source code in the first place).
Also add a rule to use git worktrees and check out PRs locally when
reviewing them, since I've seen it mess that up in practice.
This will allow maintainers to mention claude in comments on issues and
prs to do stuff like review something or try to reproduce a bug or other
stuff. Let's give it a try and see whether we like it or not.
Daan De Meyer [Fri, 6 Mar 2026 07:54:33 +0000 (08:54 +0100)]
Move AI instructions to AGENTS.md
This seems to be what all the tools are standardizing on, except
claude (https://github.com/anthropics/claude-code/issues/6235) so
add a symlink from CLAUDE.md to AGENTS.md for now until they support
it as well.
Luca Boccassi [Fri, 6 Mar 2026 00:29:03 +0000 (00:29 +0000)]
Translations update from Fedora Weblate (#40968)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
Ronan Pigott [Thu, 5 Mar 2026 22:42:30 +0000 (15:42 -0700)]
zsh: fixup some recent zsh completers
These two completers are written in a stacked _arguments style, and some
generic options are valid before or after the verb. If the toplevel
_arguments is permitted to match options after the verb, it will halt
completion prematurely, so stop toplevel matching after the verb.
This corrects the following error:
$ userdbctl --output=class user <TAB> # completes users
$ userdbctl user --output=class <TAB> # completes nothing
Daan De Meyer [Thu, 5 Mar 2026 20:39:14 +0000 (21:39 +0100)]
ci: Add claude code github action
This will allow maintainers to mention claude in comments on issues
and prs to do stuff like review something or try to reproduce a bug
or other stuff. Let's give it a try and see whether we like it or
not.
Suppress warnings like the following from clang tidy:
```
../src/boot/addon.c:11:19: error: function 'efi_main' can be made static to enforce internal linkage [misc-use-internal-linkage,-warnings-as-errors]
11 | EFIAPI EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *system_table);
| ^
```
Some warnings are suppressed simply by setting comments to ignore the warning,
some are by making global variables static, or include a suitable header.
Luca Boccassi [Thu, 5 Mar 2026 17:19:19 +0000 (17:19 +0000)]
libcrypt: also try to dlopen libcrypt.so.1.1
On top of libcrypt.so.2 and libcrypt.so.1, also try libcrypt.so.1.1
as a third fallback. This is used on debian alpha, and it was
reported that it is intended to ship like that, with a different
SONAME than other architectures:
Fergus Dall [Sun, 30 Nov 2025 05:38:49 +0000 (16:08 +1030)]
pcrlock: Record predictions at start of component range
Currently pcrlock won't predict PCR values that would be present at the start
of the requested location range (unless there are no events for that PCR in the
location range). This means predictions for the default range 760:940, which is
intended to start just after entering the initrd, are not actually possible to
fulfill until after the initrd is exited (or possibly even later, depending on
what other events are recorded).
Fix this by recording predictions immediately prior to processing components
after the start point.
Hans de Goede [Thu, 5 Mar 2026 13:20:06 +0000 (14:20 +0100)]
boot: Make missing CHID DTB match a debug message instead of an error
With distributions like Ubuntu and Fedora using systemd-stub to auto load
DTB's on Windows on ARM laptops, the CHID DTB match failing is expected
when that same UKI is instead booted on an ARM SystemReady system where
no DTB is necessary.
In the ARM SystemReady case showing a big red error message is undesirable
and leads to confused users and bug-reports. Lower the message to debug
level when the status is EFI_NOT_FOUND to avoid these false positive error
messages.
Michal Sekletar [Wed, 25 Feb 2026 18:45:55 +0000 (19:45 +0100)]
core: cleanup unit's dropin directories from global cache
When user creates dropin files via API (e.g. systemctl set-property ...)
we put the dropin directory path into unit_path_cache. Drop those
directories from the cache in unit_free() and prevent memory leak.
Currently, parsing zlib.h on Fedora (and possibly others) causes spatch
to fail with an assertion. Let's work around that by defining two extra
macros in our Coccinelle parsing hacks.
Luca Boccassi [Wed, 4 Mar 2026 20:11:59 +0000 (20:11 +0000)]
Translations update from Fedora Weblate (#40952)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
test: don't register short-living containers with machined, again
Otherwise we might try to register the same scope again before the
previous instance gets a chance to be cleaned up:
[ 54.378392] systemd-nspawn[2554]: ░ Spawning container TEST-13-NSPAWN.defaultinaccessiblepaths.nxs on /var/lib/machines/TEST-13-NSPAWN.default_inaccessible_paths.nxs.
[ 54.382202] systemd-nspawn[2554]: Failed to allocate scope: Unit TEST-13-NSPAWN.defaultinaccessiblepaths.nxs.scope was already loaded or has a fragment file.
[ 54.411211] systemd[1]: TEST-13-NSPAWN.service: Main process exited, code=exited, status=1/FAILURE
[ 54.411413] systemd[1]: TEST-13-NSPAWN.service: Failed with result 'exit-code'.
[ 54.411885] systemd[1]: Failed to start TEST-13-NSPAWN.service - TEST-13-NSPAWN.
network: Rename ModemManager .network section WRT tech, not project...
and use dedicated knobs for every option used in
former SimpleConnectProperties.
New section is [MobileNetwork] with the following configuration options:
portable: Add ExtensionImages drop-in for any extension (#40911)
The diff seems big, but it's just removing and if and deleting the
indentation. With `git show -w` you can see clearly that is just one
line. In the files tab, in github, you can click "hide whitespaces" and
it is clear too.
I don't know if there is some better way, but when using a portable
service with an extension image that just overlays files I need to
manually add the `ExtensionImages=`. And that is added automatically for
other extension images that provide a service unit.
So, this patch just makes sure we add the `ExtensionImages=` for any
extension.
Any thoughts?
Below the commit msg for more details:
---
Before this patch, when running:
portablectl attach --extension ext.raw ./base.raw
No drop-in is added for the "ExtensionImages" if there aren't units from
the extension loaded.
But the extension can just overlay files, as in my case. So before this
patch, I also need to manually add a drop-in with "ExtensionImages=" for
it to really be loaded.
Let's just always add the drop-in for extensions. This way, it works for
extensions that just overlay files too.
Please note this commit just removes the if (simpler to view the diff
with git show -w). Also, the if checked for m->image_path being not
NULL, but removing it shouldn't cause a NULL pointer dereference.
Because
m->image_path is not used inside the if (it was needed just for the if
itself) and image_path is asserted at the beginning of the function to
be non-NULL too.
This was like this since the beginning of time in 907952bbc9
("portabled: add --extension parameter for layered images support")
tpm2-setup: don't fail service on two more types of failures
Let's bubble up failures all the way until they reach the services, but
then let's carefully gracefully handle some of them, that are about
issues not immediately actionable to the admin, even if they are
potentially quite problematic.
tpm2-util: also load libtss2-tcti-device.so.0 in dlopen_tpm2()
This TCTI module is the one we need to actually access a Linux TPM
device, we'll hence pretty much always need it if we do TPM at all.
Given that we nowadays turn off dlopen() after fork() in the child,
let's explicitly load it as part of dlopen_tpm2() so that it is
available whenever TPM2 is used.
Mike Yuan [Sun, 1 Mar 2026 13:20:53 +0000 (14:20 +0100)]
ansi-color: in 256 mode, always set the fallback color first
Linux console is very weird when it comes to ANSI color sequences.
Not only that it isn't aware of ':' separator (c.f.
https://github.com/systemd/systemd/pull/40878#issuecomment-3979826739),
it even skips the whole CSI-m sequence if it contains parts it cannot
parse. Hence when color mode is set to 256 (i.e. default when no
extra info is available) let's always emit two distinct CSI-m sequences,
and set the fallback 16 color first in case the terminal doesn't have
complete support for the 256 one.
usb hubs tend to expose removable attribute as unknown. This makes some
problems like a hub for external usb ports in pogo pins is unknown and
also soldered hubs in laptops for keyboard+touchpad.
Let's set internal when the device removable attribute is fixed and
external when removable, but when it's unknown lets check the parent
ports (not the host devpath!=0) attribute to decide.
This makes us to missdetect pogo ping connected external usb hubs but
let us to correctly detect laptop internal keyboards and touchpads that
are wired through hubs instead directly.
This behaviour is more desirable, as actually there are a bunch of
laptops with this setup.
Closes #40877. As requested, --extra-drive=path[:format] is changed
to --extra-drive=[format:]path, so that the parsing is less ambiguous.
(In the original request, it was requested that the empty format can be
used also, but that was dropped in the second version of the patch.)
NEWS: move interesting items closer to top and mention PrivateTmp changes
In https://bugzilla.redhat.com/show_bug.cgi?id=2443620 it was
reported that the changes to unit ordering were surprising. Let's
add a note about the PrivateTmp= handling changes.
Follow-up for https://github.com/systemd/systemd/pull/39790.
systemctl: rename enqueue-marked-jobs to enqueue-marked (#40930)
Closes #40883. As described in the issue, it's not "jobs" that are
marked, and also the name is unnecessarilly long.
I think we don't need any compatibility measures here. At least in the
rpm world, package upgrade scripts go through the helper which is part
of the package so the new systemctl and the new helper are upgraded
together.
systemctl: rename enqueue-marked-jobs to enqueue-marked
Closes #40883. As described in the issue, it's not "jobs" that are
marked, and also the name is unnecessarilly long.
I think we don't need any compatibility measures here. At least in the
rpm world, package upgrade scripts go through the helper which is part
of the package so the new systemctl and the new helper are upgraded
together.
NEWS: mention the sd_varlink_field_type_t breakage
Follow-up for 93d768e0f36a62afed7ebbf3abe3385cfd186480. The commit with
the fix didn't mention this, but the reported reproducer was:
> Install openSUSE Tumbleweed with account-utils and systemd v258.
> Compile and install systemd v260. Run "varlinkctl list-methods
> /run/account/newidmapd-socket" -> the newidmap service crashes in
> varlink_idl_format_all_fields(). Recompile newidmap with systemd v260
> headers -> varlinkctl list-methods works again.
Other people might hit the same issue, so let's mention that this was
fixed.
projects / thirdparty / systemd.git / log
