Previously, ordered_set_put_strdupv() and friends returns the number of
pushed entries, but that is potentially larger than INT_MAX (of course,
realistically, OOM is triggered in that case).
No caller uses the number of the new entries. Let's return 1 when at
least one element is added.
meson: use files() not find_program() for helper scripts
We went back and forth between 'prog.sh', files('prog.sh'), and
find_program('prog.sh'). We want to use files() or find_program() so that we
get a good error message if the file is missing. Behaviour of meson changed
over time, and in the past not all forms could be used in all places. For
example 0f4c4f3824891aea6a76b2e861f38a6045b2a246 added find_program() in many
places to avoid repeated messages. But it seems that all recent meson versions
work fine with files().
find_program prints silly messages:
Program tools/make-man-index.py found: YES
(/home/zbyszek/src/systemd/tools/make-man-index.py)
Program tools/meson-render-jinja2.py found: YES
(/home/zbyszek/src/systemd/tools/meson-render-jinja2.py)
...
We know that those files will be found, they are part of the git checkout.
With files() this is gone and the meson output is easier to read.
All those files are standalone programs that can be executed directly.
Some .py files were marked executable, others weren't, probably accidentally.
Mark them all as executable in preparation for subsequent changes.
Some files were using that, others weren't. Since those are user-facing
docs, we should use the nice clean form, not the workaround for strange
systems that we use in other places.
Before 7d247d3cb875e1778e6cc81dbf255b13092b29e0, we needed the file name
twice. But now we only need it once, so no need to overcomplicate things
by defining a variable with a single use.
When a variable is used, it's also easier to make a mistake and e.g.
accidentally reuse the variable later.
- use DEFINE_TEST_MAIN() macro,
- use ASSERT_OK() and friends,
- drop restriction that the test must run as root,
- replace sleep(2) with loop of shorter sleep and cg_is_empty(),
- applied several coding style cleanups.
TEST-10-MOUNT: wait for userspace mount options being loaded
When a device is mounted with userspace options such as _netdev, even when the mount event source is
triggered, only /proc/self/mountinfo may be updated, and /run/mount/utab may not be updated yet.
Hence, the mount unit may be created/updated without the userspace options. In that case, the mount
event source will be retriggered when /run/mount/utab is updated, and the mount unit will be updated
again with the userspace options. Typically, the window between the two calls is very short, but when
the mount event source is ratelimited after the first event, processing the second event may be delayed
about 1 secound. Hence, here we need to wait for a while.
By adding a debugging logs in mount_setup_unit(), the userspace mount is
not obtained in the first event, and the second event is delayed by the ratelimit.
```
[ 20.023086] H TEST-10-MOUNT.sh[446]: + mount -t ext4 -o _netdev /dev/loop1p1 /tmp/deptest
[ 20.026255] H kernel: EXT4-fs (loop1p1): mounted filesystem c1fa00ea-2ba8-46b2-9002-2ac997f4cda9 r/w with ordered data mode. Quota mode: none.
[ 20.026537] H TEST-10-MOUNT.sh[446]: + timeout 10 bash -c 'until systemctl -q is-active tmp-deptest.mount; do sleep .1; done'
[ 20.032293] H systemd[1]: tmp-deptest.mount: mount_setup_unit: proc: yes, netdev: no
[ 20.035978] H systemd[1]: Unit blockdev@dev-loop1p1.target has alias blockdev@.target.
[ 20.039765] H systemd[1]: tmp-deptest.mount: Changed dead -> mounted
[ 20.046598] H systemd[1]: Event source 0x7c73093e05e0 (mount-monitor-dispatch) entered rate limit state.
```
test: move testcase_dependencies() to TEST-10-MOUNT
TEST-60-MOUNT_RATELIMIT is run on nspawn by default, and currently run
on vm only on arch mkosi. Let's move the test case to new TEST-10-MOUNT,
which always run on vm.
tpm2-clear: build only if bootloader/openssl are enabled
The tpm2-clear units are only installed if tpm/bootloader/ssl are
enabled. The tpm2-setup binary/units are built and installed only
if tpm/bootloader/ssl are enabled.
Do the same for the tpm2-clear binary to keep it consistent.
test: various cleanups for TEST-04-JOURNAL.journal-reload.sh
- rename to TEST-04-JOURNAL.reload.sh,
- use trap to call cleanup(),
- use systemd-run to write journals, to make each journal entries to be
distinguished by the service name,
- greatly simplifies verify_journals(),
- drop unnecessary calls of sleep command, etc, etc.
TEST-04-JOURNAL: use bash to make builtin echo command used
When non-builtin echo command is used, then the command may exit before
journald find the source of the stream, and the log filtering may not be
applied.
Yaping Li [Wed, 23 Jul 2025 21:16:03 +0000 (14:16 -0700)]
test-memstream-util.c: Migrate to new assertion macros
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
I noticed similar warnings in many VM boots:
fedora (udev-worker)[475]: sr0: Failed to open device node: No medium found
This particular one is from src/udev/udev-builtin-uaccess.c:125, but I think the
same principle should be used in all places: if we are ignoring errors that the
device has been removed, we should also ignore ENOMEDIUM.
core/socket: shorten/reword message about restarted sockets
log_unit_warning() already prints the full unit name, so we don't need to say
that it is a socket unit. And in technical messages articles like "the" are
generally skipped to make the messages shorter. Use simpler tense and simpler
wording.
Example from log: fedora.local systemd[1]: systemd-initctl.socket: Socket unit
configuration has changed while unit has been running, no open socket file
descriptor left. The socket unit is not functional until restarted.
This is just too wordy and says "socket" four times.
Also move the description of IPv4DuplicateAddressDetectionTimeoutSec=
to the section about systemd-networkd. The change of the timeout doesn't
have to be described as "incompatible". It's more of a bugfix, the previous
timeout was just strangely large and hopefully nobody relied on this detail
of implementation.
Also, reword to say that MPLSRouting= just controls enablement, nothing more.
Yaping Li [Wed, 23 Jul 2025 00:30:35 +0000 (17:30 -0700)]
test-unit-serialize.c: Migrate to new assertion macros
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
meson: Detect ELF ABI version for bpf build on ppc64 (#38307)
On 64-bit POWER, there are multiple versions of the ELF ABI in use.
- little-endian powerpc64 is ELFv2
- big-endian powerpc64 is
- ELFv2 when using musl
- either ELFv1 or ELFv2 when using glibc
Previously, the BPF build was hard-coding `-D_CALL_ELF=2`, which is
ELFv2. This makes the build fail on ELFv1, similarly to the original
issue that necessitated the addition of this flag on powerpc64le.
To fix this:
1. Use ELFv1 as the default (when `_CALL_ELF` is not defined, this is
the assumption that should be made about the ABI version).
2. Check if the C compiler has `_CALL_ELF` defined, and if it does,
override the default with that.
That's technically not the *correct* compiler in this situation, but I'm
unsure how to get a compiler object for the BPF one from Meson to do the
`*_define('_CALL_ELF')` checks with, and they *should* both be targeting
the same ABI version anyway.
3. Add the ABI version to the `_CALL_ELF` definition for the BPF
compiler flags.
This makes a BPF-enabled build succeed on powerpc64 w/ ELFv1 glibc.
For meson options, say '-Dfoo=' to make them visually different.
Adjust grammar and punctuation in various places.
Break very long lines where feasible.
We require at least crypt_r() exists, and it is provided since glibc-2.0
(and dropped in glibc-2.39) or by libxcrypt, and the function is
provided in crypt.h regardless it is provided by glibc or libxcrypt.
Hence, we cannot fallback to unistd.h.
This makes the condition about crypt.h more strict, and stop compilation
earlier when crypt.h does not exist.
stub: restore compatibility for shim (< 16.0) -> UKI case
It is possible to boot directly a UKI from shim, and Fedora Cloud Base UKI
does exactly this.
This used to work fine until https://github.com/systemd/systemd/pull/37372
which broke compatibility when shim < 16.0 (no loader protocol override) is
used. Shim 15.8 is still in use in several distributions, and will be for
a long time.
Restore a part of the previous implementation, and if running with secure
boot enabled, and with shim but < 16.0, apply a security override.
Yaping Li [Tue, 22 Jul 2025 22:23:48 +0000 (15:23 -0700)]
test-user-record.c: Migrate to new assertion MACROs
We recently added a new set of assertion macros such as ASSERT_GE, ASSERT_OK, ASSERT_EQ, ... which show not
only the expression that failed but also the values of the arguments of the expression. Let's use them.
getty-generator: add support for fine-grained control of execution modes
This makes the systemd.getty_auto= kernel command line option and the
$SYSTEMD_GETTY_AUTO environment variable takes the list of classes of
services: credential, container, console, builtin.
This also add getty.auto credential that can take the same value as the
kernel command line option.
getty-generator: show original path in the log message
This fixes the following log message:
Before:
```
Invalid container tty device specified, ignoring: (null)
```
After:
```
Invalid container tty device specified, ignoring: /dev/tty0
```
If a non-pts device path is passed to add_container_getty(), we call
add_getty_impl() with NULL tty, so previously (null) was logged.
Let's log the original path when an invalid tty is specified.
networkd/dhcp6: Add support for IPv6 SIP servers (#38269)
This pull-request adds support for IPv6 SIP servers, which can be
obtained from DHCPv6 options.
[RFC3319](https://www.rfc-editor.org/rfc/rfc3319.html) defines two
options for this: option 21 (SIP Servers Domain Name List) and option 22
(SIP Servers IPv6 Address List).
systemd-networkd currently only supports IPv4 SIP servers, but ISPs like
NTT EAST provide IPv6 SIP servers. Exposing this in the D-Bus API would
allow other programs, such as downstream DHCPv6 servers, to utilize it.
Usage:
```
[DHCPv6]
UseSIP=yes
```
Partial output of `run0 systemd-networkd-tests.py
NetworkdDHCPClientTests.test_dhcp_client_use_sip`:
```console
> networkctl status veth99
● 17: veth99
NetDev File: /run/systemd/network/25-veth.netdev
Link File: /usr/lib/systemd/network/99-default.link
Network File: /run/systemd/network/25-dhcp-client.network
└─/run/systemd/network/25-dhcp-client.network.d/override.conf
State: routable (configured)
Online state: online
Type: ether
Kind: veth
Driver: veth
Hardware Address: 12:34:56:78:9a:bc
MTU: 1500 (min: 68, max: 65535)
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Number of Queues (Tx/Rx): 2/2
Auto negotiation: no
Speed: 10Gbps
Duplex: full
Port: tp
Address: 192.168.5.181 (DHCPv4 via 192.168.5.1)
2600::15
fe80::1034:56ff:fe78:9abc
Gateway: 192.168.5.1
fe80::1034:56ff:fe78:9abd
SIP: 192.168.5.1
2600::1
foo.example.com
Activation Policy: up
Required For Online: yes
DHCPv4 Client ID: IAID:0x7ec6b6c/DUID
DHCPv6 Client IAID: 0x7ec6b6c
DHCPv6 Client DUID: DUID-EN/Vendor:0000ab11617740de1342c3a2
```
Mike Yuan [Sat, 19 Jul 2025 09:11:31 +0000 (11:11 +0200)]
units/ssh-access.target: enable StopWhenUnneeded=
This combines nicely with the X_SYSTEMD_UNIT_INACTIVE= notification
we send out, to ensure when all sshd units go down the actual
status is always reflected on the target.
projects / thirdparty / systemd.git / log
