ci: reeanble compilation test with clang -O2, disable -Wmaybe-uninitialized for old gcc
In CI we get spurious failures about unitialized variables with gcc
versions older then (depending on the case) 12, 13, or 14. Let's only
try to do this check with newer gcc which returns more useful results.
At the same time, do compile with both gcc and clang at -O2, just
disable the warning.
The old logic seems to have been confused. We compile with -Wall, at
least in some cases, which includes -Wmaybe-unitialized. So if we
_don't_ want it, we need to explicitly disable it.
tree-wide: extend verbs functions with extra per-verb data parameter
We often have a pattern where the same verb function is used for
multiple actions. This leads to an antipattern where we figure out what
action needs to be taken from argv[0] multiple times: often once in
parse_argv() to figure out what options are allowed, then once again
implicitly in dispatch_verb(), and then again in the action verb itself.
Let's allow passing a parameter into the verb to simplify this.
This matches a pattern we have in conf-parser.h, where we have both
void *userdata (more global) and void *data (per-config item). Here,
I opted for uintptr_t userdata. It seems that most of the time we'll
want to just pass an enum value. This works OK with no casts. I also
tried a void* and union. In both cases, much more boilerplate is needed:
either a cast or a macro to help avoid compiler warnings. uintptr_t
seems generic enough to cover foreseeable usecases with no fuss.
This is a noop refactoring. See next commit for an example.
This series of renaming patches has a few overlapping motivations:
- when functions are named uniformly, it code is more obvious
- I want to add a parameter to all verb functions
- in #40880 uniform naming of verb functions will be necessary too.
So let's do this cleanup. Some tools had a mix of functions w/ and
w/o "verb_", which looked messy.
noxiouz [Fri, 13 Mar 2026 00:36:08 +0000 (00:36 +0000)]
coredump: capture crashing thread ID and name
Add %I (TID in initial PID namespace) to the core_pattern, so the
kernel passes the crashing thread's TID to systemd-coredump. Use it
to read the thread's comm name from /proc/<tid>/comm and log both as
new journal fields:
COREDUMP_TID= — TID of the crashing thread
COREDUMP_THREAD_NAME= — comm name of the crashing thread
These fields are also stored as xattrs on external coredump files
(user.coredump.tid, user.coredump.thread_name) and displayed by
coredumpctl info alongside the PID line.
For single-threaded processes the TID equals the PID and thread_name
equals comm; for multi-threaded programs with named worker threads
(pthread_setname_np / PR_SET_NAME) this identifies which thread
crashed without needing to open the coredump file itself.
The new fields are optional in the socket forwarding path, so older
systemd-coredump senders are handled gracefully.
find-esp: introduce _full() flavour of ESP/XBOOTLDR discovery functions
These functions take so many return paramaters, and in many of our cases
we don't actually needt them. Hence introduce _full() flavours of the
funcs, and hide the params by default.
Daan De Meyer [Wed, 18 Mar 2026 07:59:48 +0000 (08:59 +0100)]
ci: Enable users without write action to the repo to access claude review
The labelling approach introduced in 6089075265765b43e6666e4d5978292a32501496
means contributors can now trigger the workflow on their own when the label
is added by a maintainer and they update the PR. Hence we need to allow all
users to access the claude code action. This is safe because we already gate
the workflow ourselves to only the contributors that we want to allow.
Additionally, the claude code job has no permissions anymore except read access
to the repository and can execute very limited tools, so this should be safe.
Daan De Meyer [Wed, 18 Mar 2026 08:11:09 +0000 (09:11 +0100)]
ci: Fix artifact name in claude-review workflow
The name doesn't actually matter, it gets replaced with the name
of the file when not archiving. So stop passing a name and pass in
the filename as the name when downloading the artifact.
Daan De Meyer [Tue, 17 Mar 2026 21:14:15 +0000 (22:14 +0100)]
ci: Fetch context for claude-review job in setup job
Rather than have claude fetch the context itself, let's fetch the
context for it in the setup job. This has the following advantages:
- We can reduce the permissions granted to the claude job
- claude has less opportunity to mess up trying to fetch the context
itself. Specifically, it keeps spawsning a background task to fetch
the PR branch which messes up the structured output at the end, causing
the review job to fail. By pre-fetching the context it won't have to
spawn the background task. Additionally, we limit the git commands it
can execute to local ones to ensure it doesn't try to fetch the PR branch.
Finally, we fetch the branch ourselves as pr-review so claude can look at it
to review the PR.
huchangzai [Tue, 17 Mar 2026 02:01:42 +0000 (10:01 +0800)]
hwdb: fix ABS_PRESSURE axis range for Goodix GXTP5100 touchpad
The Goodix GXTP5100 touchpad (HID bus 0x0018, vendor 0x27C6, product
0x01E9), found in the Lenovo ThinkBook 16 G7+ IAH and ThinkPad X9 15
Gen 1, has a kernel driver bug where ABS_PRESSURE (axis 24 / 0x18) is
reported with min=0, max=0.
This invalid axis range causes libinput to reject the device with:
"kernel bug: ABS_PRESSURE has min == max (both 0)"
The touchpad hardware itself is functional and reports valid ranges for
all other axes:
ABS_X: min=0, max=4149, resolution=31
ABS_Y: min=0, max=2147, resolution=27
ABS_MT_POSITION_X/Y: valid ranges
Root cause: the kernel hid-multitouch driver applies a "GT7868Q report
descriptor fixup" to this device (the HID descriptor is malformed and
fails hid-generic probe with EINVAL). The fixup corrects most axes but
leaves ABS_PRESSURE with an invalid 0:0 range.
This hwdb entry overrides ABS_PRESSURE to a valid 0:255 range, allowing
libinput to accept and initialize the device.
Daan De Meyer [Tue, 17 Mar 2026 18:47:35 +0000 (19:47 +0100)]
ci: Allow attaching claude-review label to PRs for automatic review
- If a pr is labeled with claude-review, review it immediately
- If a pr labeled with claude-review is updated, review it regardless
of the author
- If a pr is opened by a maintainer, review it and add the claude-review
label. If the claude-review label is later removed, the pr won't be
auto-reviewed anymore.
Daan De Meyer [Tue, 17 Mar 2026 18:46:31 +0000 (19:46 +0100)]
ci: Fix allowed tools in claude-review
Bash(gh:api *) wasn't actually working. Turns out the colon syntax
is deprecated and unnecessary. Let's stop using it which also fixes
the bug so that gh api calls are allowed now.
Daan De Meyer [Mon, 16 Mar 2026 19:44:28 +0000 (20:44 +0100)]
ci: Add automatic review thread resolution to claude-review workflow
Claude now identifies which existing review comment threads should be
resolved (because the issue was addressed or someone disagreed) and
returns their REST API IDs in a new `resolve` array in the structured
output. The post job uses GraphQL to map comment IDs to threads and
resolve them.
Also switches all GitHub data fetching from MCP tools to `gh api` calls,
since the MCP tool strips comment IDs during its GraphQL-to-minimal
conversion and cannot be used for thread resolution.
The thread resolution GraphQL pagination is wrapped in a try/catch so
that a failure to fetch threads degrades gracefully instead of aborting
the entire post job. Unmatched comment IDs are logged for debuggability.
Adds explicit instructions to complete all data fetching before starting
review and to cancel background tasks before returning structured output,
working around a claude-code-action issue where a late-completing
background task triggers a new conversation turn that overwrites the
structured JSON result.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Daan De Meyer [Mon, 16 Mar 2026 14:33:11 +0000 (15:33 +0100)]
ci: Review PRs per-commit and attach comments to correct commits
Switch claude-review from reviewing the entire PR diff at once to
reviewing each commit individually via subagents. Each commit review
subagent receives the PR context, preceding commit diffs, and its own
commit diff, then returns comments tagged with the commit SHA. This
ensures review comments are attached to the correct commit via the
GitHub API rather than all pointing at HEAD.
Also add Bash(gh:*) to allowed tools so subagents can fetch per-commit
diffs via `gh api` without needing local git objects, and remove CI
analysis (needs to be delayed until CI finishes to be useful).
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
Daan De Meyer [Mon, 16 Mar 2026 12:49:31 +0000 (13:49 +0100)]
ci: Fix several issues in claude-review workflow
Address feedback from facebook/bpfilter#472:
- Fix setFailed error message counting file-level comments (without
line numbers) that are intentionally skipped, use inlineComments.length
instead of comments.length
- Fix double severity prefix in inline comments: the prompt told Claude
to prefix body with **must-fix**/etc but the post job also prepended
"Claude: ", producing "Claude: **must-fix**: ...". Now the prompt says
not to prefix and the post job adds "Claude **severity**: " using the
structured severity field
- Move error tracking instructions to a top-level section after all phases
so they apply to all runs, not just the first run
- Clarify that line is optional: use "should be" instead of "must be"
and document that omitting line still surfaces the comment in the
tracking comment summary
- Distinguish cancelled vs failed in tracking comment message
- Add side: "RIGHT" and subject_type: "line" to createReviewComment
per GitHub API recommendations
- Downgrade partial inline comment posting failures to warnings; only
fail the job when no comments at all could be posted
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
ci: Fix several robustness issues in claude-review workflow (#41115)
- Use github.paginate() for listComments to handle PRs with 100+
comments
- Make line optional in review schema to allow file-level comments
- Skip createReviewComment for comments without a line number
- Fix failed count to exclude skipped file-level comments
- Pass review result via env var instead of expression injection
- Use core.warning() instead of console.log() for JSON parse failures
- Fix MARKER insertion for single-line summaries that have no newline
- Require "@claude review" instead of just "@claude" to trigger
Daan De Meyer [Sun, 15 Mar 2026 20:53:01 +0000 (21:53 +0100)]
ci: Fix several robustness issues in claude-review workflow
- Use github.paginate() for listComments to handle PRs with 100+ comments
- Make line optional in review schema to allow file-level comments
- Skip createReviewComment for comments without a line number
- Fix failed count to exclude skipped file-level comments
- Pass review result via env var instead of expression injection
- Use core.warning() instead of console.log() for JSON parse failures
- Fix MARKER insertion for single-line summaries that have no newline
- Require "@claude review" instead of just "@claude" to trigger
Frantisek Sumsal [Fri, 13 Mar 2026 16:09:40 +0000 (17:09 +0100)]
coccinelle: simplify file exclusions
Use Coccinelle's "depends on" directive to exclude files from certain
transformations. This should make them a bit simpler and possibly
faster, since we don't have to shell out to Python.
Unfortunately, this works only for file/directory exclusions. For
function and other more complex exclusions we still need to use Python,
at least for now.
Also, completely drop the file exclusion for man/ in the xsprintf
transformation, since we filter out everything under man/ before we even
run Coccinelle (in run-coccinelle.sh).
Luca Boccassi [Fri, 13 Mar 2026 11:10:47 +0000 (11:10 +0000)]
udev: fix review mixup
The previous version in the PR changed variable and sanitized it
in place. The second version switched to skip if CCs are in the
string instead, but didn't move back to the original variable.
Because it's an existing variable, no CI caught it.
Michael Vogt [Fri, 13 Mar 2026 10:33:25 +0000 (11:33 +0100)]
boot: check that `ret_version` is valid in tpm_log_tagged_event
In a project I'm working on I recently observed a boot failure
with the most recent version of systemd. It seems it is triggered
by bb19b61049 which fixed a bug that now leads to the function
being excuted differently. The code is missing a check if
`*ret_version` is actually valid in the `ret_measured = true`
case.
test-network: handle the case where dnsmasq is slow to start better
> read_dnsmasq_log_file() will raise FileNotFoundError if dnsmasq hasn’t created the
> log file yet (or if the file was just removed by stop_dnsmasq() before the restart).
> This would error the test instead of retrying.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Dan McGregor [Thu, 12 Mar 2026 00:26:05 +0000 (18:26 -0600)]
meson: use libfido2_cflags dependency
Add the libfido2 dependency to cryptenroll and cryptsetup's
meson files. If libfido2's not installed in the default path
the build wasn't finding its headers correctly.
Luca Boccassi [Thu, 12 Mar 2026 14:28:05 +0000 (14:28 +0000)]
Translations update from Fedora Weblate (#41073)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
pcrlock: don't accept PCRs > 23 from firmware event log
Let's harden ourselves against shitty firmware which might report an
invalid PCR.
(This is not really a security issue, more a robustness issue, after all
firmware generally comes with highest privileges and trust, even though
it might just be shit)
Ivan Kruglov [Thu, 12 Mar 2026 12:14:40 +0000 (05:14 -0700)]
test: use --nogpgcheck instead of --no-gpgchecks in TEST-88-UPGRADE
--no-gpgchecks was introduced in 920483872449 but is only available in
dnf5. Use --nogpgcheck instead, which is supported by both dnf4 and
dnf5 (where it is an alias for --no-gpgchecks).
Fixes test failure on distros still using dnf4 (e.g. CentOS/RHEL 9).
Fix text overflow for long URLs and inline code blocks (#41064)
## Summary
Long string URLs and inline code blocks can exceed page width and cause
horizontal scroll overflow that breaks page layouts on smaller screens.
This fix ensures those long strings can wrap down as needed to preserve
the layout. The only code blocks that are affected are those that are
inline span within text paragraphs and are effectively stylized text; it
does not affect `<pre>` code blocks where fidelity is prioritized and
contained horizontal scroll is preferred.
projects / thirdparty / systemd.git / log
