Luca Boccassi [Tue, 2 Dec 2025 14:16:27 +0000 (14:16 +0000)]
cryptsetup: downgrade dlopen not compiled message to debug
Every other log in this function is debug level, so downgrade this too.
Otherwise compiling without libcryptsetup means sd-executor logs at
error level when starting any service, regardless of whether it is
needed or not.
machined: in --user mode, restrict register access to our own UID, and that's it
This is a follow-up for 119d332d9c2cf1974b235c8d9e4e3ad821cf436a and
ensures the check only is applied to the system instance of machined. It
doesn't really apply to the per-user instance, because we never want to
permit differently privileged clients access anyway.
(The process_is_owned_by_uid() call might fail if invoked unpriv, hence
there's value in not calling it if machined runs in --user mode, it's
what makes machined actually work)
Previously, we looked for scripts in the tools/ directory ad hoc,
wherever they were needed. Let's do those checks in one place.
The main meson.build file is shrunk somewhat, which is always nice.
meson: add source dir to include_directories automatically
Quite often we need to specify include_directories('.'). Normally, meson
does this automatically, but we specify implicit_include_directories : false,
see 30d20907bddfe064cc3437a888dd8f00d14929e4 for an explanation.
Passing the include_directories argument through the template layers was rather
cumbersome. Let's simplify things by always including the directory of the
first source file. This makes the definitions simpler, at the cost of having an
unnecessary include directory in the list in some cases.
(Tests are excluded from this change, because they happen to not need this, but
also because some tests have source[0] which is a custom target, and we'd need
newer meson to support that.)
Currently translated at 100.0% (264 of 264 strings)
Co-authored-by: Fco. Javier F. Serrador <fserrador@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/es/
Translation: systemd/main
Yu Watanabe [Wed, 26 Nov 2025 18:10:29 +0000 (03:10 +0900)]
Pull in recent changes from Weblate (#39920)
One of the pending commits in Weblate causes conflicts due to an
unfortunate timing with 9e929e4aa78a38f822be7aa3da9c11994ad94c07, so
let's pull the changes into the main tree manually (and resolve the
conflicts).
ci: split out nvpcr test, so that it runs before rest of pcrextend (#39915)
in pcrextend we destroy pcr 11, and if we are booted in a kernel that
has pcr11 sigs, we cannot use that signature anymore. hence, let's do
the nvpcr test first, before doing the pcrextend stuff.
Daan De Meyer [Tue, 25 Nov 2025 12:33:25 +0000 (13:33 +0100)]
import: Make naming consistent
Always abbreviate import/pull/export structs with their first letter
instead of only doing it in some places and using the wrong letter in
other places.
Daan De Meyer [Tue, 25 Nov 2025 11:09:34 +0000 (12:09 +0100)]
fsprg: Drop const from gcry_mpi_t arguments
gcry_mpi_t is defined as "typedef struct gcry_mpi *gcry_mpi_t;".
When const is applied to this type, it resolves to
"struct gcry_mpi *const" instead of what we expect ("const struct gcry_mpi *").
So we end up with a const pointer to a mutable object instead of a mutable
pointer to a const object. Since the pointer passed to the function
is copied regardless, making it const has zero benefit.
You'd think we could instead stop using gcry_mpi_t and replace it with
"const struct gcry_mpi *", except that gcrypt leaked this mess into its
api, so it expects const pointers to mutable objects as well, which means
we can't take pointers to const objects as arguments, as we'd discard the qualifier
when calling a gcrypt function.
To avoid confusion, let's drop the const qualifiers from the gcry_mpi_t arguments.
This alignes with some other optional modules in shraed/,
and it allows dlopen_libmount() to be optimized out entirely.
Let's avoid emitting pointless symbols.
Since we now consider this a supported senario, let's hook up
libmount loading with the high-level unit_type_supported() machinery
and gracefully skip the whole unit accordingly.
Mike Yuan [Tue, 25 Nov 2025 17:42:11 +0000 (18:42 +0100)]
run: merge privileged_execution() into become_root()
This got split in 5cabeed80b30972babc7a082ca794c6b197e72ab
to accommodate --empower, and later --empower received
dedicated handling again (c36942916b7409109687d693c04b039def9c5b79).
I think the new naming makes more sense - --empower is privileged
after all, just with uid left unchanged. Hence merge
privileged_execution back into it.
Special casing --area= rather than --empower makes the code
self-explanatory, as --area= is about alternative home dir
after all. On top of that this ensures when --area= and
--empower are specified in combination we honor the home dir
switch, too.
Daan De Meyer [Mon, 24 Nov 2025 18:52:40 +0000 (19:52 +0100)]
run: Don't make executable absolute when --root-directory= is used
Also, unless --same-root-dir was specified, don't make the executable
absolute if we're running in a chroot. Situations like this are still iffy,
but we might as well handle them a little more gracefully.
tree-wide: Fix constness issues with newer glibc (#39896)
Latest glibc uses _Generic to have strstr() and other functions return
const char* or char* based on whether the input is a const char* or a
char*. This causes build failures as we previously always expected a
char*.
Let's fix the compilation failures and add our own macros similar to
glibc's to have string functions that return a mutable or const pointer
depending on the input.
Daan De Meyer [Tue, 25 Nov 2025 15:46:04 +0000 (16:46 +0100)]
tree-wide: Fix constness issues with newer glibc
Latest glibc uses _Generic to have strstr() and other functions return
const char* or char* based on whether the input is a const char* or a
char*. This causes build failures as we previously always expected a char*.
Let's fix the compilation failures and add our own macros similar to glibc's
to have string functions that return a mutable or const pointer depending on
the input.
Daan De Meyer [Mon, 24 Nov 2025 18:48:49 +0000 (19:48 +0100)]
run0: Give --empower its own color, title and emoji
When in --empower mode, all created files will be owned by the current
user, which could be problematic when creating files outside of the
current user's home directory, as other processes running as the same
user would be able to edit those files.
While this is a bit of an edge case since users already have to go through
the effort of writing --empower to indicate they want a privileged session
as the current user, it's not unphatomable to think they could start an
empowered session which they later return to and continue using. Currently,
it's not easy to differentiate a regular run0 session and an empowered session
at a glance, so users might think they're using a regular run0 session when
they're actually using an empowered session.
To address this problem, let's give empowered session their own identify, by
making the background orange, using the pumpkin emoji as the shell prompt
prefix and giving them an orange circle as the PTY title.
mkosi: Rework how the pkgenv environment variables are set
Instead of including distribution specific files in the subimages,
let's have one common mkosi.pkgenv/ directory that handles all the
matching which is then included in the subimages.
This gives us more control on exactly how we do the matching.
* 10544812b3 Don't fix up vmlinuz locations if not required
* 9baf551923 Reduce amount of packages in default image
* 9e1a2f18b8 Add support for assert sections
* c7c6e2c0b1 ubuntu: Switch to devel as the default release
* 0822deb69c Improve logging when we can not extract kernel version from filename
* 1fd7ef3db7 Do not build default initrd if Initrds= is specified
* 611c8b46c8 Don't unconditionally sync when PackageCacheDirectory=/var
* ab37f24d38 README: add link to OBS docs for mkosi builds
* 02bf256ebb completion: add reuse ignore comments
* 10ccb0b04f Make sure not all subimages depend on default-initrd subimage
* 442e1ce0f1 mkosi-tools: systemd-boot-tools is now available for all arches
* 307fc1dba3 action: make it work when used as a submodule
* c37a55f91b config: serialize dataclass instances in our JSONEncoder
* f26cb34155 log: set terminal window title in complete_step while mkosi runs
* 280c78e681 Make sure inherited settings are applied for the default initrd
* ae4f2fd718 Fix typo
* 5644f3e83e build(deps): bump github/codeql-action from 3.29.7 to 3.30.5
* 7d7b26b8c9 build(deps): bump actions/checkout from 4.2.2 to 5.0.0
* e805253447 postmarketos: implement is_kernel_package
* dd51d2e019 postmarketos: provide missing i386-vars.fd
* e23e6de66b Do not relabel files when building extension image
* ab05ead5eb Bump various systemd version checks to 258
* 382cc8b450 preset: drop systemd-networkd-wait-online.service
* 477b6b2ed5 mkosi-initrd: install systemd-container in network profile
* 1d167c0b53 mkosi-initrd: add 89-ethernet.network for network profile
* b1e81dec3a mkosi-initrd: Install libseccomp explicitly
* 3c431a141c opensuse: repository non-oss-debug is invalid
* 62ab363149 ci: add an s390x build job for additional coverage
* 62765f2d07 mailmap: deduplicate Daan
* 47f963f40b Revert "ci: Disable PPC jobs temporarily"
* 6a48f83dda dnf: Always specify --best again
* 3702368616 sandbox: Make all relative paths absolute during argparsing
* a587af0bf7 dnf: Fix /var package cache directory check in package_subdirs()
* 56cdbc25b5 Always use repository metadata from /var package cache directory
* 669d4418a3 Add note on Encrypt=yes to Passphrase= docs
* caa129edae Drop BuildSourcesEphemeral=yes from default image config
* 7edca63478 Add devicetree-auto support for UKI
* 6cb1649074 Don't add ncdu for ppc64-le on Fedora
* e019d2d2a6 ci: Disable PPC jobs temporarily
Some of the functions were ignoring failure in cleanup, others weren't. If we
got a reply, it's better to use it, so ignore failures in cleanup everywhere.
basic/terminal-util: operate on one fd in get_default_background_color()
This moves the open call earlier, so that we do any state-changing operations
if we actually managed to open the nonblocking fd. The code is easier to follow
this way and might be more robust.
Suprisingly, this fixes https://github.com/systemd/systemd/issues/39055: it
seems that run0 chowns /dev/stdin (in my case /dev/pts/0) to root:root, and the
second run0 can read and write stdin/stdout throught the already-open fds,
but fd_reopen fails.
```
==19541== 8 bytes in 1 blocks are still reachable in loss record 1 of 3
==19541== at 0x4841744: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19541== by 0x50125C9: strdup (strdup.c:42)
==19541== by 0x4C55925: getusername_malloc (user-util.c:154)
==19541== by 0x1121D6: parse_argv_sudo_mode (run.c:1098)
==19541== by 0x123B13: run (run.c:3032)
==19541== by 0x124198: main (run.c:3100)
==19541==
==19541== 11 bytes in 1 blocks are still reachable in loss record 2 of 3
==19541== at 0x4841744: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19541== by 0x50125C9: strdup (strdup.c:42)
==19541== by 0x112A9C: parse_argv_sudo_mode (run.c:1182)
==19541== by 0x123B13: run (run.c:3032)
==19541== by 0x124198: main (run.c:3100)
```
Daan De Meyer [Mon, 24 Nov 2025 14:33:26 +0000 (15:33 +0100)]
core: Make libmount optional
Instead of skipping libcore entirely when libmount is not available,
let's only compile out the pieces that need libmount. This makes the
meson logic much less complex and allows systemd-analyze to be built
when libmount is not available.
Daan De Meyer [Mon, 24 Nov 2025 13:05:29 +0000 (14:05 +0100)]
meson: Still build libshared even if libmount is disabled (#39871)
Currently, if the libmount feature is disabled, we don't build libshared
and as a result skip building every other executable as well. Among
other things, this makes our nodeps CI builds kind of pointless since
hardly any code will be compiled.
Let's improve on the situation by making libmount properly optional in
libshared. Then, we only skip building the executables that actually
need libmount.
Daan De Meyer [Mon, 24 Nov 2025 09:57:58 +0000 (10:57 +0100)]
meson: Still build libshared even if libmount is disabled
Currently, if the libmount feature is disabled, we don't build
libshared and as a result skip building every other executable as
well. Among other things, this makes our nodeps CI builds kind of
pointless since hardly any code will be compiled.
Let's improve on the situation by making libmount properly optional
in libshared. Then, we only skip building the executables that
actually need libmount.
Daan De Meyer [Mon, 24 Nov 2025 12:07:39 +0000 (13:07 +0100)]
tests: Assume we're running in a chroot if check fails
running_in_chroot() will fail when a test is executed as a non-root
user without CAP_DAC_READ_SEARCH as it won't be able to access
/proc/1/root.
Let's make things more robust by skipping tests if we can't detect
if we're in a chroot or not, since if we can't even detect if we're
in a chroot or not, chances are we're missing the required privileges
to execute the test anyway.
projects / thirdparty / systemd.git / log
