Daan De Meyer [Fri, 20 Mar 2026 20:52:00 +0000 (21:52 +0100)]
reboot-util: Make clang-tidy happy if xenctrl is not installed
xenctrl is another library that's not widely available across distributions.
Let's make sure clang-tidy is happy with reboot-util.c if it is not
available.
Daan De Meyer [Fri, 20 Mar 2026 20:38:27 +0000 (21:38 +0100)]
selinux-util: Make clang-tidy happy if selinux is not available
Most of our libraries are available on all distributions so we don't
bother with making clang-tidy happy if the library is not available.
The one exception is selinux which isn't available on Arch. Let's
conditionalize the includes in selinux-util.c so that clang-tidy is
still happy on Arch where we can't install libselinux.
Daan De Meyer [Fri, 20 Mar 2026 13:14:28 +0000 (14:14 +0100)]
mountfsd: Add CAP_SYS_PTRACE and CAP_SYS_CHROOT
CAP_SYS_PTRACE for making sure we can open mount namespaces of
peers via /proc/<pid>/ns and CAP_SYS_CHROOT for making sure we can
join those mount namespaces.
David Tardon [Fri, 27 Feb 2026 12:29:44 +0000 (13:29 +0100)]
integritysetup: regularize conversion of integrity alg.
The number of integrity algorithms we handle whose names differ between
integritysetup and dm-integrity continually increases, so let's drop the
ad hoc conversion and use string tables.
In one of the reviews one of the LLMs noticed that the pragma is set but
never unset, so it remains in effect for the rest of the translation
unit. From the comment, it's not clear how old those "old compilers"
were, so let's try if things work without this workaround.
sd-json: when parsing optionally insist top-level variant is object or array
Typically, the top-level JSON object has to be an object, in any json
document we parse, hence let's add a simple way to enforce that.
Make use of this in various places.
(Note, various other JSON parsers insist on this logic right from the
beginning, but I actually thinking making this insisting optional like
this patch does it is the cleaner approach)
Also, in general we prefer variables that are always defined over
checking with #ifdef, so #if defined(HAVE_NO_STACK_PROTECTOR_ATTRIBUTE)
is something that we want to avoid.
When Clang is used (which sets CONFIG_PAHOLE_HAS_BTF_TAG), btf_type_tag
support is enabled. As a result, an rcu type tag is added to
task_struct::cred:
meson: disable __attribute__((__retain__)) on old compilers
This attribute was introduced in gcc 11, and our baseline is currently
8.4. So let's allow using _retain_ everywhere, but make it into a noop
if not supported.
Using __has_attribute was suggested, but with gcc-11.5.0-14.el9.x86_64,
__has__attribute(__retain__) is true, but we get a warning when the
attribute is actually used.
Luca Boccassi [Fri, 20 Mar 2026 00:43:26 +0000 (00:43 +0000)]
test: skip D-Bus FD truncation test with dbus-daemon
dbus-daemon intentionally disconnects peers when FDs get
truncated. Detect it and skip it in that case, as the purpose
of the test is not to exercise the D-Bus implementation, but
our library.
When running with dbus-broker (Fedora, etc) we'll get full
coverage.
firstboot: permit setting the static hostname via a system credential
For the IMDS case there's value in being able to set the static
hostname, instead of just the transient one. Let's introduce
firstboot.hostname, which only applies to first boot, and write the
static hostname. This is different from system.hostname which applies to
any boot, and writes the transient hostname.
udev: tag DMI id device with "systemd", so that we can order units after it
For various usecases it is useful to read relevant data from the DMI
udev device, but this means we need a way to wait for it for this to be
probed to be race-free. Hence tag it with "systemd", so that
sys-devices-virtual-dmi-id.device can be used as synchronization point.
This is very similar to write_string_file_atomic(), but is intentionally
kept separate (after long consideration). It focusses on arbitrary
struct iovec data, not just strings, and hence also doesn't do stdio at
all. It's hence a lot more low-level.
We might want to consider moving write_string_file*() on top of
write_data_file_atomic_at(), but for now don't.
Michael Vogt [Wed, 18 Mar 2026 10:38:48 +0000 (11:38 +0100)]
shared: extract `socket_forward_new()` helper from socket-proxyd
This commit extracts the socket forwarding code from the existing
socket-proxyd into a new shared helper that will be used by the
varlinkctl protocol upgrade support code and is used as is in
the socket-proxyd.c.
It tries to keep the changes as small as possible, its mostly
renaming like:
* connection_create_pipes -> socket_forward_create_pipes
* connection_shovel -> socket_forward_shovel
* connection_enable_event_sources -> socket_forward_enable_event_sources
* traffic_cb -> socket_forward_traffic_cb
and a new socket_forward_new() that creates/starts the forwarding.
All log_error_errno() got downgraded to log_debug_errno().
Michael Vogt [Thu, 19 Mar 2026 15:05:52 +0000 (16:05 +0100)]
units: allow io.systemd.Hostname to be available earlier
Currently the varlink interface for hostname is only available
after sysinit. This means it is not available until systemd-firstboot
is finished. But there is information like the boot-id in there that
is useful to get early.
My use-case is to query the system early via the varlink-http-bridge
and currently I can't get data from io.systemd.Hostname until
systemd-firstboot is completed which is a bit limiting.
So to fix it this commit sets DefaultDependencies=no on both the socket
and service units.
It also changes hostnamed.c to use
bus_open_system_watch_bind_with_description() which means we will
reconnect once dbus is available. This mimics what resolved-bus.c
is doing (and which was originally introduced in d7afd945b).
tests: drop _weak_ from the SYSTEMD_TEST_TABLE definition
This will cause test binaries that reference SYSTEMD_TEST_TABLE,
e.g. by trying to iterate over the test list, to fail if no tests are
defined. I think this is the correct thing to do, as the lack of tests
indicates some kind of mistake.
This file was a bit strange… It was shoehorning a manual test into
the intro block and not using the rest of the TEST machinery. Let's
convert it into a normal executable with a run function as we do
in other similar cases.
systemd-timesyncd always runs as an unprivileged user via the service
file, so the code to resolve the systemd-timesync user, drop privileges
adjust file ownership/permissions, or even create the directory cannot
do anything useful and is unnecessary.
With the planned extraction of the socket-forward code its useful
to have a basic way to validate the functionality. So add a basic
test that ensures at least base functionality is intact.
test-time-util: restore relaxation of check is special timezones
Fixup for 514fa9d39ae9935ef1e014a3dd48dd5856007df2. We are now getting
failures in CI i386 builds in Fedora rawhide:
TZ=Europe/Lisbon, tzname[0]=WET, tzname[1]=WEST
@212545617716594 → Sun 1976-09-26 00:26:57 WET → @212542017000000 → Sun 1976-09-26 00:26:57 CET
src/test/test-time-util.c:450: Assertion failed: Expected "ignore" to be true
Restore the conditionalization for CAT, EAT, WET that was removed
in the refactoring.
Chris Down [Thu, 19 Mar 2026 13:15:44 +0000 (21:15 +0800)]
dissect-image: Consolidate verity validation and setup
The verity consistency checks and verity setup code also have parallel
blocks for root and usr that do basically identical work. Let's
consolidate them and reduce the footprint for bugs or deviance to
manifest.
Chris Down [Thu, 19 Mar 2026 13:10:21 +0000 (21:10 +0800)]
dissect-image: Merge partition handler code
dissect-image has six(!) different branches with basically the same
code. Let's avoid that and reduce the spaces for bugs or differing
behaviour to subtly creep in.
In one of the reviews one of the LLMs noticed that the pragma is set but
never unset, so it remains in effect for the rest of the translation
unit. From the comment, it's not clear how old those "old compilers" were,
so let's try if things work without this workaround.
Daan De Meyer [Thu, 19 Mar 2026 10:34:25 +0000 (11:34 +0100)]
ci: Update prompt to reduce time spent re-checking comments
I noticed looking at the logs that claude spends a lot of time re-checking
existing comments, so let's update the prompt to hopefully reduce
the amount of comments that it re-checks.
Luca Boccassi [Wed, 18 Mar 2026 23:04:03 +0000 (23:04 +0000)]
userdb: add birthDate field to JSON user records (#40954)
Add an optional field that can be used to store a user's birth date.
userdb already stores personal metadata (`emailAddress`, `realName`,
`location`) so `birthDate` is a natural fit.
Dylan M. Taylor [Fri, 6 Mar 2026 12:34:57 +0000 (07:34 -0500)]
userdb: add birthDate field to JSON user records
Add a birthDate field to the JSON user record, stored internally as a
struct tm with INT_MIN/negative sentinels for unset fields. The field
is serialized as a YYYY-MM-DD string in JSON and validated via
parse_birth_date(), which shares its core logic with
parse_calendar_date() through a new parse_calendar_date_full()
function.
For birth dates, timegm() is called directly (rather than
mktime_or_timegm_usec) to support pre-epoch dates. The wday field is
used to distinguish timegm() failure from a valid (time_t) -1 return.
birthDate is excluded from user_record_self_modifiable_fields(), so
only administrators can set or change it via homectl. The field
remains in the regular (non-privileged) JSON section, keeping it
readable by the user and applications.
Luca Boccassi [Wed, 18 Mar 2026 20:42:46 +0000 (20:42 +0000)]
Translations update from Fedora Weblate (#41164)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
A S Alam [Wed, 18 Mar 2026 18:58:46 +0000 (18:58 +0000)]
po: Translated using Weblate (Punjabi)
Currently translated at 34.9% (93 of 266 strings)
Co-authored-by: A S Alam <aalam@users.noreply.translate.fedoraproject.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pa/
Translation: systemd/main
Daan De Meyer [Wed, 18 Mar 2026 13:32:21 +0000 (14:32 +0100)]
ci: Add back subagents and stop using --json-schema in claude-review
Let's stop using --json-schema and instead have claude write a JSON
file in the repo root which we pass around as an artifact similar to
how we pass around the input. This works around the bug where claude
receives task notifications after producing structured output which
breaks the structured output.
Rename verb functions for consistency and add per-verb constant parameter (#41003)
We often have a pattern where the same verb function is used for
multiple actions. This leads to an antipattern where we figure out what
action needs to be taken from argv[0] multiple times: often once in
arse_argv() to figure out what options are allowed, then once again
implicitly in dispatch_verb(), and then again in the action verb itself.
Let's allow passing a parameter into the verb to simplify this.
This option is exactly like the one in sysusers. (In fact the
implementation is copied too.) It is occasionally useful to be able to
specify and execute some tmpfiles config not through config files but
directly on the command line. This also makes it very easy to test
config with:
SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --dry-run --inline ...
Dylan M. Taylor [Fri, 6 Mar 2026 12:27:10 +0000 (07:27 -0500)]
time-util: extract parse_calendar_date() from sysupdate
Move the YYYY-MM-DD date parsing and validation logic from
sysupdate-resource.c into a shared parse_calendar_date() function
in time-util, so it can be reused by other subsystems.
Daan De Meyer [Wed, 18 Mar 2026 11:55:45 +0000 (12:55 +0100)]
ci: Stop using subagents in claude-review workflow
As it seems impossible to prevent claude from receiving notifications
about subagents finishing after it has produced structured output, which
breaks the structured output as it has to be the final reply, let's stop
using subagents and background tasks completely to avoid the issue.
Vitaly Kuznetsov [Fri, 13 Mar 2026 12:02:51 +0000 (13:02 +0100)]
measure: make tpm_log_tagged_event() measure CC as well
tpm_log_tagged_event() only measures the event to the TPM while
tpm_log_ipl_event() measures the event both to the TPM and CC. Fix the
inconsistency.
Note, this is a potentially breaking change for TDX guests as systemd will
now measure more stuff to the MRTD/RTMRs, reference values for attestation may
need to be adjusted.
Luca Boccassi [Wed, 18 Mar 2026 12:33:58 +0000 (12:33 +0000)]
sd-dlopen: make macros to generate .notes.dlopen sections public API (#41047)
If this new scheme of adding dependencies is supposed to be used more
widely we need to start making it easy to add them. So add a new
self-contained header that projects can simply include without the need
to link against libsystemd itself. This will allow them to generate
`.notes.dlopen` sections:
```
> readelf -p .note.dlopen ./l2md
String dump of section '.note.dlopen':
[ a] |@FDO
[ 10] [{"feature":"manifest-json","description":"Manifest-based change detection via gzip and JSON parsing","priority":"suggested","soname":["libz.so.1","libsystemd.so.0"]}]
[ c2] |@FDO
[ c8] [{"feature":"manifest-http","description":"HTTP transport for lore.kernel.org manifest fetch","priority":"suggested","soname":["libcurl.so.4"]}]
```
ansi-color: fix SYSTEMD_COLORS=true regression when output is piped
The SYSTEMD_COLORS=true/1/yes no longer forced colors
when stdout was not a TTY (e.g. piped), because the COLOR_TRUE bypass
of the terminal_is_dumb() check was accidentally dropped.
Restore the old behavior by guarding the TTY check with
`m != COLOR_TRUE`, so an explicit boolean "true" value continues to
unconditionally force color output regardless of whether stdout is a TTY
or whether $NO_COLOR is set.
Daan De Meyer [Wed, 18 Mar 2026 10:46:01 +0000 (11:46 +0100)]
ci: Bump number of turns for claude and mention turns in prompt
claude keeps failing by its subagents completing after it has already
written the review for large prs. It seems to run out of turns, tries
to get the subagents to post partial reviews but doesn't seem to stop
them.
Let's insist that it waits for background tasks to stop but let's also
increase the max turns a bit so it doesn't run out as quickly.
Daan De Meyer [Wed, 18 Mar 2026 10:28:55 +0000 (11:28 +0100)]
ci: Enable network isolation for claude and allow most tools
claude wants to use python to access the JSON context so let's allow
it. Since python3 basically allows you to reimplement every other tool,
let's just enable all tools except the web related ones but enable network
isolation so it can't try to exfiltrate anything via python.
repart: add --grain-size= option for partition alignment
Add a --grain-size= CLI option to override the default 4 KiB partition
alignment grain. Setting --grain-size=1M matches the alignment used by
fdisk/parted and fixes misaligned partitions after small fixed-size
partitions like the 16 KiB verity-sig partition.
Also fix context_place_partitions() to re-align the start offset after
each partition, not just once per free area. Without this, a small
partition would cause all subsequent partitions in the same free area
to start at an unaligned offset.
ci: reeanble compilation test with clang -O2, disable -Wmaybe-uninitialized for old gcc
In CI we get spurious failures about unitialized variables with gcc
versions older then (depending on the case) 12, 13, or 14. Let's only
try to do this check with newer gcc which returns more useful results.
At the same time, do compile with both gcc and clang at -O2, just
disable the warning.
The old logic seems to have been confused. We compile with -Wall, at
least in some cases, which includes -Wmaybe-unitialized. So if we
_don't_ want it, we need to explicitly disable it.
tree-wide: extend verbs functions with extra per-verb data parameter
We often have a pattern where the same verb function is used for
multiple actions. This leads to an antipattern where we figure out what
action needs to be taken from argv[0] multiple times: often once in
parse_argv() to figure out what options are allowed, then once again
implicitly in dispatch_verb(), and then again in the action verb itself.
Let's allow passing a parameter into the verb to simplify this.
This matches a pattern we have in conf-parser.h, where we have both
void *userdata (more global) and void *data (per-config item). Here,
I opted for uintptr_t userdata. It seems that most of the time we'll
want to just pass an enum value. This works OK with no casts. I also
tried a void* and union. In both cases, much more boilerplate is needed:
either a cast or a macro to help avoid compiler warnings. uintptr_t
seems generic enough to cover foreseeable usecases with no fuss.
This is a noop refactoring. See next commit for an example.
projects / thirdparty / systemd.git / log
