For meson options, say '-Dfoo=' to make them visually different.
Adjust grammar and punctuation in various places.
Break very long lines where feasible.
We require at least crypt_r() exists, and it is provided since glibc-2.0
(and dropped in glibc-2.39) or by libxcrypt, and the function is
provided in crypt.h regardless it is provided by glibc or libxcrypt.
Hence, we cannot fallback to unistd.h.
This makes the condition about crypt.h more strict, and stop compilation
earlier when crypt.h does not exist.
stub: restore compatibility for shim (< 16.0) -> UKI case
It is possible to boot directly a UKI from shim, and Fedora Cloud Base UKI
does exactly this.
This used to work fine until https://github.com/systemd/systemd/pull/37372
which broke compatibility when shim < 16.0 (no loader protocol override) is
used. Shim 15.8 is still in use in several distributions, and will be for
a long time.
Restore a part of the previous implementation, and if running with secure
boot enabled, and with shim but < 16.0, apply a security override.
Yaping Li [Tue, 22 Jul 2025 22:23:48 +0000 (15:23 -0700)]
test-user-record.c: Migrate to new assertion MACROs
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
getty-generator: add support for fine-grained control of execution modes
This makes the systemd.getty_auto= kernel command line option and the
$SYSTEMD_GETTY_AUTO environment variable takes the list of classes of
services: credential, container, console, builtin.
This also add getty.auto credential that can take the same value as the
kernel command line option.
getty-generator: show original path in the log message
This fixes the following log message:
Before:
```
Invalid container tty device specified, ignoring: (null)
```
After:
```
Invalid container tty device specified, ignoring: /dev/tty0
```
If a non-pts device path is passed to add_container_getty(), we call
add_getty_impl() with NULL tty, so previously (null) was logged.
Let's log the original path when an invalid tty is specified.
networkd/dhcp6: Add support for IPv6 SIP servers (#38269)
This pull-request adds support for IPv6 SIP servers, which can be
obtained from DHCPv6 options.
[RFC3319](https://www.rfc-editor.org/rfc/rfc3319.html) defines two
options for this: option 21 (SIP Servers Domain Name List) and option 22
(SIP Servers IPv6 Address List).
systemd-networkd currently only supports IPv4 SIP servers, but ISPs like
NTT EAST provide IPv6 SIP servers. Exposing this in the D-Bus API would
allow other programs, such as downstream DHCPv6 servers, to utilize it.
Usage:
```
[DHCPv6]
UseSIP=yes
```
Partial output of `run0 systemd-networkd-tests.py
NetworkdDHCPClientTests.test_dhcp_client_use_sip`:
```console
> networkctl status veth99
● 17: veth99
NetDev File: /run/systemd/network/25-veth.netdev
Link File: /usr/lib/systemd/network/99-default.link
Network File: /run/systemd/network/25-dhcp-client.network
└─/run/systemd/network/25-dhcp-client.network.d/override.conf
State: routable (configured)
Online state: online
Type: ether
Kind: veth
Driver: veth
Hardware Address: 12:34:56:78:9a:bc
MTU: 1500 (min: 68, max: 65535)
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Number of Queues (Tx/Rx): 2/2
Auto negotiation: no
Speed: 10Gbps
Duplex: full
Port: tp
Address: 192.168.5.181 (DHCPv4 via 192.168.5.1)
2600::15
fe80::1034:56ff:fe78:9abc
Gateway: 192.168.5.1
fe80::1034:56ff:fe78:9abd
SIP: 192.168.5.1
2600::1
foo.example.com
Activation Policy: up
Required For Online: yes
DHCPv4 Client ID: IAID:0x7ec6b6c/DUID
DHCPv6 Client IAID: 0x7ec6b6c
DHCPv6 Client DUID: DUID-EN/Vendor:0000ab11617740de1342c3a2
```
Mike Yuan [Sat, 19 Jul 2025 09:11:31 +0000 (11:11 +0200)]
units/ssh-access.target: enable StopWhenUnneeded=
This combines nicely with the X_SYSTEMD_UNIT_INACTIVE= notification
we send out, to ensure when all sshd units go down the actual
status is always reflected on the target.
To avoid the following error:
```
test_sd_device_one(/sys/devices/virtual/block/dm-9)
src/libsystemd/sd-device/test-sd-device.c:104: Assertion failed: Expected "sd_device_new_from_syspath(&dev, syspath)" to succeed, but got error: -19/ENODEV
```
This also updates outdates comment about CentOS CI.
Yu Watanabe [Wed, 19 Jun 2024 07:11:23 +0000 (16:11 +0900)]
bootctl: do not fail when the same file is updated multiple times
In the second or later trial, copy_file_with_version_check() -> version_check()
fails with -ESRCH. Let's ignore the failure.
This also adds missing assertions in update_efi_boot_binaries(), and
drop redundant version check in update_efi_boot_binaries(), as version
will be anyway checked later.
sd-event: drop inotify event from buffer when no event source is triggered
Even when we receive an inotify event, there is no relevant event source
exists. In that case, we need to drop the event from the buffer,
otherwise we cannot escape from the loop.
This does not change anything, as poll.h is a one-line wrapper of sys/poll.h.
Note that man pages e.g. poll(2) indicate to include poll.h rather than sys/poll.h.
So, let's use poll.h.
Yaping Li [Thu, 17 Jul 2025 01:48:58 +0000 (18:48 -0700)]
test-web-util.c: Migrate to new assertion MACROs
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
core/exec-invoke: negative errno needs to be passed to report_errno_and_exit()
Hence, we cannot pass errno as is to report_errno_and_exit().
This splits out bpffs_helper(), which returns negative errno on failure,
and 0 on success. And make the returned value passed to report_errno_and_exit().
resolved: Implement continuous mDNS querying as per RFC6762 5.2 (#22532)
Allow for mDNS service/domain/types browsing.
A client can connect to the backend via varlink and receive updates as
the requested service becomes available.
The interval between the first two queries MUST be at least one second,
the intervals between successive queries MUST increase by at least a
factor of two.
When the interval between queries reaches or exceeds 60 minutes, a
querier MAY cap the interval to a maximum of 60 minutes, and perform
subsequent queries at a steady-state rate of one query per hour.
Cache maintenance performed by issuing queries at 80, 85, 90, 95% of the
TTL, and updating/removing the records depending on replies.
TODO:
Improve the DNS transaction logic when multiple clients subscribe to the
same service, ensuring that continuous queries are optimized.
journald-manager: rework reopening journal files on reload
Previous implementations had several issues:
- user journals were not updated,
- transition from volatile -> persistent storage transition was not
handled.
Let's make all journal files closed when at least one journal file
related configurations are changed, and reopen necessary journals with
requested settings.
The previous logic was completely broken:
- the access mode comparison is broken,
- flushing kmsg did not work, as the configuration is already disabled,
- seqnum file is not opened when previously disabled,
- failure in reopening /dev/kmsg should not be critical.
journald: move all config entries from Manager to JournalConfig
Previously, only config entries controlled by multiple sources were located in
JournalConfig, and still other config entries were in Manager.
That's hard to maintain. Let's move all config entries to JournalConfig.
This also makes JournalConfig.forward_to_kmsg and friends tristate.
Otherwise, even if a higher precedence config source disables the
feature, it may be enabled by a lower precedence config.
basic/socket-util: reserve more space for timeval/timespec messages
As reported in https://github.com/systemd/systemd/issues/38222, we get the
buffer size calculation wrong on 32-bit arm. The reporter suggested checking if
__TIMESIZE == 64, but I think it's better to just use the bigger size in all
cases. The code to guesstimate the buffer size was already tweaked a few times
and apparently it's not easy to get it right. Systemd and glibc might be
compiled with different combinations of __TIMESIZE, so the compile-time check
is not super reliable, and by using the bigger size, we don't depend on the
details of how glibc decided whether to duplicate the struct or not. The cost
is negligible, 16 bytes on stack, so let's do the easy and robust thing.
Solution based on the suggestion by UZver24.
While at it, drop the mock struct definitions. They are only used to calculate
the size, but since the types involved are 8-bit values, there are no alignment
issues and we can just calculate the size directly.
The comment in linux_exec() was based on Lennart's comment in
https://github.com/systemd/systemd/pull/37372#discussion_r2142340582, but
shortened. The original wording is more direct and at least for me easier to
grok, so adjust the comment to be more verbose again.
Also, move the comment from shim_loader_available() to the place where it used.
This function is for checking if the new thing is available, no need to describe
the old thing there.
projects / thirdparty / systemd.git / log
