Yaping Li [Wed, 23 Jul 2025 21:16:03 +0000 (14:16 -0700)]
test-memstream-util.c: Migrate to new assertion macros
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
Also move the description of IPv4DuplicateAddressDetectionTimeoutSec=
to the section about systemd-networkd. The change of the timeout doesn't
have to be described as "incompatible". It's more of a bugfix, the previous
timeout was just strangely large and hopefully nobody relied on this detail
of implementation.
Also, reword to say that MPLSRouting= just controls enablement, nothing more.
Yaping Li [Wed, 23 Jul 2025 00:30:35 +0000 (17:30 -0700)]
test-unit-serialize.c: Migrate to new assertion macros
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
meson: Detect ELF ABI version for bpf build on ppc64 (#38307)
On 64-bit POWER, there are multiple versions of the ELF ABI in use.
- little-endian powerpc64 is ELFv2
- big-endian powerpc64 is
- ELFv2 when using musl
- either ELFv1 or ELFv2 when using glibc
Previously, the BPF build was hard-coding `-D_CALL_ELF=2`, which is
ELFv2. This makes the build fail on ELFv1, similarly to the original
issue that necessitated the addition of this flag on powerpc64le.
To fix this:
1. Use ELFv1 as the default (when `_CALL_ELF` is not defined, this is
the assumption that should be made about the ABI version).
2. Check if the C compiler has `_CALL_ELF` defined, and if it does,
override the default with that.
That's technically not the *correct* compiler in this situation, but I'm
unsure how to get a compiler object for the BPF one from Meson to do the
`*_define('_CALL_ELF')` checks with, and they *should* both be targeting
the same ABI version anyway.
3. Add the ABI version to the `_CALL_ELF` definition for the BPF
compiler flags.
This makes a BPF-enabled build succeed on powerpc64 w/ ELFv1 glibc.
For meson options, say '-Dfoo=' to make them visually different.
Adjust grammar and punctuation in various places.
Break very long lines where feasible.
We require at least crypt_r() exists, and it is provided since glibc-2.0
(and dropped in glibc-2.39) or by libxcrypt, and the function is
provided in crypt.h regardless it is provided by glibc or libxcrypt.
Hence, we cannot fallback to unistd.h.
This makes the condition about crypt.h more strict, and stop compilation
earlier when crypt.h does not exist.
stub: restore compatibility for shim (< 16.0) -> UKI case
It is possible to boot directly a UKI from shim, and Fedora Cloud Base UKI
does exactly this.
This used to work fine until https://github.com/systemd/systemd/pull/37372
which broke compatibility when shim < 16.0 (no loader protocol override) is
used. Shim 15.8 is still in use in several distributions, and will be for
a long time.
Restore a part of the previous implementation, and if running with secure
boot enabled, and with shim but < 16.0, apply a security override.
Yaping Li [Tue, 22 Jul 2025 22:23:48 +0000 (15:23 -0700)]
test-user-record.c: Migrate to new assertion MACROs
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
getty-generator: add support for fine-grained control of execution modes
This makes the systemd.getty_auto= kernel command line option and the
$SYSTEMD_GETTY_AUTO environment variable takes the list of classes of
services: credential, container, console, builtin.
This also add getty.auto credential that can take the same value as the
kernel command line option.
getty-generator: show original path in the log message
This fixes the following log message:
Before:
```
Invalid container tty device specified, ignoring: (null)
```
After:
```
Invalid container tty device specified, ignoring: /dev/tty0
```
If a non-pts device path is passed to add_container_getty(), we call
add_getty_impl() with NULL tty, so previously (null) was logged.
Let's log the original path when an invalid tty is specified.
networkd/dhcp6: Add support for IPv6 SIP servers (#38269)
This pull-request adds support for IPv6 SIP servers, which can be
obtained from DHCPv6 options.
[RFC3319](https://www.rfc-editor.org/rfc/rfc3319.html) defines two
options for this: option 21 (SIP Servers Domain Name List) and option 22
(SIP Servers IPv6 Address List).
systemd-networkd currently only supports IPv4 SIP servers, but ISPs like
NTT EAST provide IPv6 SIP servers. Exposing this in the D-Bus API would
allow other programs, such as downstream DHCPv6 servers, to utilize it.
Usage:
```
[DHCPv6]
UseSIP=yes
```
Partial output of `run0 systemd-networkd-tests.py
NetworkdDHCPClientTests.test_dhcp_client_use_sip`:
```console
> networkctl status veth99
● 17: veth99
NetDev File: /run/systemd/network/25-veth.netdev
Link File: /usr/lib/systemd/network/99-default.link
Network File: /run/systemd/network/25-dhcp-client.network
└─/run/systemd/network/25-dhcp-client.network.d/override.conf
State: routable (configured)
Online state: online
Type: ether
Kind: veth
Driver: veth
Hardware Address: 12:34:56:78:9a:bc
MTU: 1500 (min: 68, max: 65535)
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Number of Queues (Tx/Rx): 2/2
Auto negotiation: no
Speed: 10Gbps
Duplex: full
Port: tp
Address: 192.168.5.181 (DHCPv4 via 192.168.5.1)
2600::15
fe80::1034:56ff:fe78:9abc
Gateway: 192.168.5.1
fe80::1034:56ff:fe78:9abd
SIP: 192.168.5.1
2600::1
foo.example.com
Activation Policy: up
Required For Online: yes
DHCPv4 Client ID: IAID:0x7ec6b6c/DUID
DHCPv6 Client IAID: 0x7ec6b6c
DHCPv6 Client DUID: DUID-EN/Vendor:0000ab11617740de1342c3a2
```
Mike Yuan [Sat, 19 Jul 2025 09:11:31 +0000 (11:11 +0200)]
units/ssh-access.target: enable StopWhenUnneeded=
This combines nicely with the X_SYSTEMD_UNIT_INACTIVE= notification
we send out, to ensure when all sshd units go down the actual
status is always reflected on the target.
To avoid the following error:
```
test_sd_device_one(/sys/devices/virtual/block/dm-9)
src/libsystemd/sd-device/test-sd-device.c:104: Assertion failed: Expected "sd_device_new_from_syspath(&dev, syspath)" to succeed, but got error: -19/ENODEV
```
This also updates outdates comment about CentOS CI.
Yu Watanabe [Wed, 19 Jun 2024 07:11:23 +0000 (16:11 +0900)]
bootctl: do not fail when the same file is updated multiple times
In the second or later trial, copy_file_with_version_check() -> version_check()
fails with -ESRCH. Let's ignore the failure.
This also adds missing assertions in update_efi_boot_binaries(), and
drop redundant version check in update_efi_boot_binaries(), as version
will be anyway checked later.
sd-event: drop inotify event from buffer when no event source is triggered
Even when we receive an inotify event, there is no relevant event source
exists. In that case, we need to drop the event from the buffer,
otherwise we cannot escape from the loop.
This does not change anything, as poll.h is a one-line wrapper of sys/poll.h.
Note that man pages e.g. poll(2) indicate to include poll.h rather than sys/poll.h.
So, let's use poll.h.
Yaping Li [Thu, 17 Jul 2025 01:48:58 +0000 (18:48 -0700)]
test-web-util.c: Migrate to new assertion MACROs
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
core/exec-invoke: negative errno needs to be passed to report_errno_and_exit()
Hence, we cannot pass errno as is to report_errno_and_exit().
This splits out bpffs_helper(), which returns negative errno on failure,
and 0 on success. And make the returned value passed to report_errno_and_exit().
resolved: Implement continuous mDNS querying as per RFC6762 5.2 (#22532)
Allow for mDNS service/domain/types browsing.
A client can connect to the backend via varlink and receive updates as
the requested service becomes available.
The interval between the first two queries MUST be at least one second,
the intervals between successive queries MUST increase by at least a
factor of two.
When the interval between queries reaches or exceeds 60 minutes, a
querier MAY cap the interval to a maximum of 60 minutes, and perform
subsequent queries at a steady-state rate of one query per hour.
Cache maintenance performed by issuing queries at 80, 85, 90, 95% of the
TTL, and updating/removing the records depending on replies.
TODO:
Improve the DNS transaction logic when multiple clients subscribe to the
same service, ensuring that continuous queries are optimized.
journald-manager: rework reopening journal files on reload
Previous implementations had several issues:
- user journals were not updated,
- transition from volatile -> persistent storage transition was not
handled.
Let's make all journal files closed when at least one journal file
related configurations are changed, and reopen necessary journals with
requested settings.
The previous logic was completely broken:
- the access mode comparison is broken,
- flushing kmsg did not work, as the configuration is already disabled,
- seqnum file is not opened when previously disabled,
- failure in reopening /dev/kmsg should not be critical.
journald: move all config entries from Manager to JournalConfig
Previously, only config entries controlled by multiple sources were located in
JournalConfig, and still other config entries were in Manager.
That's hard to maintain. Let's move all config entries to JournalConfig.
This also makes JournalConfig.forward_to_kmsg and friends tristate.
Otherwise, even if a higher precedence config source disables the
feature, it may be enabled by a lower precedence config.
projects / thirdparty / systemd.git / log
