Do not use "critical assert_return" in libsystemd or libudev
Previously, when compiled in developer mode, a call into libsystemd with
invalid parameters would result in an abort. This means that it's effectively
impossible to install such libsystemd in a normal system, since various
third-party programs may now abort. A shared library should generally never
abort or exit the calling program.
In python-systemd, the test suite calls into libsystemd, to check if the proper
return values are received and propagated through the Python wrappers.
Obviously with libsystemd compiled from git, the test suite now fails
in a nasty way.
So rework the code to set assert_return_is_critical similarly to how we handle
mempool enablement: the function that returns true is declared as a week
symbol, and we "opt in" by linking a file that provides the function in
libsystemd-shared. Effectively, libsystemd and libudev always have
assert_return_is_critical==false, and our binaries and modules enable it
conditionally.
The function internally does caching which means that the result must
always be the same, the definition of a pure function. The compiler might
be able to optimize some repeated calls to the function.
Daniel Foster [Thu, 17 Jul 2025 23:59:14 +0000 (09:59 +1000)]
tree-wide: extend $LISTEN_FDS protocol with $LISTEN_PIDFDID
Although extremely unlikely, there is a race present in solely checking the
$LISTEN_PID environment variable, due to PID recycling. Fix that by introducing
$LISTEN_PIDFDID, which contains the 64-bit ID of a pidfd for the child process
that is not subject to recycling.
Yu Watanabe [Sun, 19 Oct 2025 04:16:19 +0000 (13:16 +0900)]
ci/oss-fuzz: switch to Ubuntu 24.04
With
https://github.com/google/oss-fuzz/pull/14112 and
https://github.com/google/oss-fuzz/pull/14128,
we can now use Ubuntu 24.04. Let's bump the image version.
Note, the i386 build failure mentioned in the removed comment is related to
https://bugs.launchpad.net/ubuntu/+source/linux-signed-azure/+bug/2071445
https://github.com/actions/runner-images/issues/9977
and has been already fixed.
Yu Watanabe [Sun, 19 Oct 2025 03:38:35 +0000 (12:38 +0900)]
TEST-75-RESOLVED: stop socket units before stopping the main service
Fixes the following warning:
TEST-75-RESOLVED.sh[2251]: ++ restart_resolved
TEST-75-RESOLVED.sh[2251]: ++ systemctl stop systemd-resolved.service
TEST-75-RESOLVED.sh[2271]: Stopping 'systemd-resolved.service', but its triggering units are still active:
TEST-75-RESOLVED.sh[2271]: systemd-resolved-monitor.socket, systemd-resolved-varlink.socket
Hans de Goede [Mon, 20 Oct 2025 18:52:00 +0000 (20:52 +0200)]
hwdb: Add V64x_V65xAU to list of Clevo models where scancode f7+f8 get mapped to touchpad-toggle
Fn + F1 which is the shortcut for toggling the touchpad on/off sends
atkbd scancodes f7 (first press) + f8 (second press) just like on various
other Clevo models. Add the V64x_V65xAU model to the list of models where
these scancodes are mapped to touchpad-toggle.
networkd: call networkd a "network management" rather "network configuration" tool
This has irked me for a while. For me network configuration is the stuff
we store on disk in configuration file. And networkd then *applies* the
configuration. But the units so far claimed that networkd was the
"configuration" itself. Which I guess might make sense to some, but to
me sounds a bit unprecise. Let's clean this up, and call what networkd
is doing "Network Management".
Yu Watanabe [Sun, 19 Oct 2025 07:44:44 +0000 (16:44 +0900)]
sd-dhcp-server: fix conditions for checking if static address is assigned to another host
Even if a static lease may be configured for a host, another address may
be previously assigned to the host. Let's not refuse to assign the
static lease to the host even in that case.
Fixes an issue reported at
https://github.com/systemd/systemd/issues/35781#issuecomment-3369545753.
jouyouyun [Mon, 20 Oct 2025 08:56:02 +0000 (16:56 +0800)]
gitignore: add aider
Aider is an open-source AI coding assistant. When used, it generates history,
cache, and other files in the project. To prevent these files from being committed, you need to add .aider* to your .gitignore file
By giving priority to --background= we prevent users from opting
out of coloring if an explicit color is chosen by a tool wrapping
one of our own tools. Instead, let's give priority to the environment
variable, so that even if our tools are wrapped by another tool with
a different background, users can still opt out of coloring just by
setting the environment variable, which has a high chance of being
forwarded to the invocation of our own tools which makes it easy to
use to disable color tinting globally if requested by the user.
dns-rr: when decoding an RR from json, make class optional
The DNS RR class is a weird thing, and IRL always set to IN (i.e. 0x1).
Let's hence make it something that can be specified optionally, and
imply IN if not specified.
This makes it a bit nicer to put together suitable json resource record
keys from the command line.
Yu Watanabe [Mon, 20 Oct 2025 06:04:27 +0000 (15:04 +0900)]
Don't tag i2c mice as pointing sticks (#39264)
There are no real i2c mice but there are i2c `FooBar Mouse` devices that
are an artifact of how the HID kernel drivers split up event nodes.
These nodes will be seen for some i2c keyboards and touchpads, depending
on the HID report descriptor.
Peter Hutterer [Thu, 9 Oct 2025 00:56:54 +0000 (10:56 +1000)]
hwdb: don't tag a named Mouse device as pointingstick
The generic kernel hid drivers split up devices based on the application
collection, appending a suffix for each collection (e.g. Touchpad,
Mouse, ...). Many i2c touchpads get a "... Mouse" event node which is
mislabelled as pointingstick by the input_id builtin, see commit 3d7ac1c655ec40f3829543072494dcdfb92dbc6b.
Peter Hutterer [Thu, 9 Oct 2025 00:55:16 +0000 (10:55 +1000)]
rules: extend 60-input-id.rules to allow for bus/vid/pid/name matches
Same approach as used in 70-mouse.rules, allow for a name-based match
optionally combined with bus/vid/pid (which the existing modalias rule
would already allow us anyway). Note that ID_BUS isn't assigned until
after this rule has run so we need to use the id/bustype attribute
directly.
Related to https://github.com/systemd/systemd/issues/36677
Marien Zwart [Sun, 19 Oct 2025 13:41:08 +0000 (00:41 +1100)]
docs: fix conversion / calculation errors
0x1770 is 6000, not 60000. It looks like 60000 is intended (the next
range starts at 60000 in both decimal and hex), so use that.
1000 to 60000 is 59001 users, as the range is inclusive on both sides.
Similar off-by-one for one of the "unused" ranges. After these changes,
the sizes of the ranges up to and including the "-1" ID sum up to 65536,
as expected.
I'm not sure where the size of the unused range after the container UID
range came from, but it is not correct (the "Container UID" and this
reserved range combined would be larger than the "HIC SVNT LEONES" 2^31
to 2^32-2 range...). Fix it.
It is unfortunate that the first half of this table makes more sense in
decimal while the second half makes more sense in hex (which would also
make the size in 65536 chunks easy to obtain): I'm tempted to add a
"sizes in hex" column...
Luca Boccassi [Fri, 17 Oct 2025 10:27:55 +0000 (11:27 +0100)]
log: add underflow assert guard
We often use ssize_t in log_error macros, but typically return int
which confuses coverity, as technically there is no guarantee that
int and ssize_t have the same range. Add an assert to enforce it.
Luca Boccassi [Fri, 17 Oct 2025 13:00:23 +0000 (14:00 +0100)]
ci: re-enable bpf-framework option for build and unit test jobs
Use the same trickery we do in the package build and search for
the actual bpftool binary. For the CI job any one we find is
good enough.
When we switch all jobs to 26.04 we can drop all of this.
Frantisek Sumsal [Thu, 16 Oct 2025 11:06:51 +0000 (13:06 +0200)]
test: let kernel OOM-kill a child process instead of the main one
This test occasionally fails due to a race where systemd processes
kernel's SIGKILL before the OOM notification, so the test service dies
with Result=signal instead of the expected Result=oom-kill:
To mitigate this, let's spawn a child process and move it to the
subcgroup to get killed instead of the main process, so systemd has more
time to react to the OOM notification and terminate the service with the
expected oom-kill result.
Daan De Meyer [Fri, 17 Oct 2025 08:49:53 +0000 (10:49 +0200)]
tree-wide: Various forward header cleanups
- Make sure forward headers have the iwyu pragma to always keep them
- Make sure we always include the daemon specific forward header
instead of shared-forward.h
- Remove shared-forward.h include where the daemon specific forward
header is already included
Luca Boccassi [Thu, 16 Oct 2025 18:43:45 +0000 (19:43 +0100)]
dissect: add support for verity-protected bare filesystems via mountfsd (#39325)
Needed to implement support for RootHashSignature=/RootVerity=/RootHash=
and friends when going through mountfsd, for example with user units,
so that system and user units provide the same features at the same
level
I now get a warning like this with python3-pyparsing-3.1.2-8.fc42:
hwdb.d/parse_hwdb.py:208: UserWarning: warn_multiple_tokens_in_named_alternation:
setting results name 'VALUE' on Or expression will return a list of all parsed
tokens in an And alternative, in prior versions only the first token was returned;
enclose contained argument in Group
('!' ^ (Optional('!') - Word(alphanums + '_')))('VALUE')
kmod-setup: don't load unix.ko as a module anymore
Building unix.ko as a module always has been a really bad idea, from day
1. Debian used to do this, but has long been fixed. Kernel developers
saw the light too, and removed support for it in 6.5
(97154bcf4d1b7cabefec8a72cff5fbb91d5afb7b). Let's hence drop support for
this here too, and delete some old cruft. AF_UNIX is simply our most
basic IPC system and supporting systems without it being around is just
not realistic.
Luca Boccassi [Tue, 14 Oct 2025 22:32:54 +0000 (23:32 +0100)]
dissect: add support for verity-protected bare filesystems via mountfsd
Needed to implement support for RootHashSignature=/RootVerity=/RootHash=
and friends when going through mountfsd, for example with user units,
so that system and user units provide the same features at the same
level
Govind Venugopal [Thu, 16 Oct 2025 15:06:17 +0000 (08:06 -0700)]
varlink: omit empty parameters field in JSON messages (#38922)
When varlink parameters are empty, omit the "parameters" field entirely
rather than sending "parameters":{}. This reduces message size and
follows varlink specification which allows parameters to be omitted.
The implementation supports three equivalent representations for empty
parameters: field omission, JSON null, and empty object {}. All three
are accepted on input for backward compatibility.
Daan De Meyer [Thu, 16 Oct 2025 13:20:36 +0000 (15:20 +0200)]
tree-wide: Introduce sd-forward.h and shared-forward.h headers
Let's not leak details from src/shared and src/libsystemd into
src/basic, even though you can't actually do anything useful with
just forward declarations from src/shared.
The sd-forward.h header is put in src/libsystemd/sd-common as we
don't have a directory for shared internal headers for libsystemd
yet.
Let's also rename forward.h to basic-forward.h to keep things
self-explanatory.
Luca Boccassi [Wed, 15 Oct 2025 19:05:03 +0000 (20:05 +0100)]
core: also enable PrivateUsers= for user services when using images via mountfsd
RootDirectory= and other options already implicitly enable PrivateUsers=
since 6ef721cbc7dadee4ae878ecf0076d87e57233908 if they are set in user
units, so that they can work out of the box.
Now with mountfsd support we can do the same for the images settings,
so enable them and document them.
Frantisek Sumsal [Wed, 15 Oct 2025 11:26:44 +0000 (13:26 +0200)]
test: wait for signed.test's zone DS records to get pushed to the parent zone
It looks like the 4 second sleep might not be enough on some slower
machines (like the ARM GH Actions nodes) which can lead to the DS RRs
propagation to clash with the manual test zone edit, and the
signed.test zone then might end up not properly signed:
TEST-75-RESOLVED.sh[749]: + : '--- ZONE: signed.test (static DNSSEC) ---'
TEST-75-RESOLVED.sh[749]: + run_delv @ns1.unsigned.test signed.test
TEST-75-RESOLVED.sh[749]: + run delv -a /etc/bind.keys @ns1.unsigned.test signed.test
TEST-75-RESOLVED.sh[778]: + delv -a /etc/bind.keys @ns1.unsigned.test signed.test
TEST-75-RESOLVED.sh[779]: + tee /tmp/tmp.2KOIiyrgth
TEST-75-RESOLVED.sh[779]: ;; /etc/bind.keys:1: option 'managed-keys' is deprecated
TEST-75-RESOLVED.sh[779]: ;; validating signed.test/DS: no valid signature found
TEST-75-RESOLVED.sh[779]: ;; validating signed.test/A: no valid signature found
TEST-75-RESOLVED.sh[779]: ; unsigned answer
TEST-75-RESOLVED.sh[779]: signed.test. 86400 IN A 10.0.0.10
TEST-75-RESOLVED.sh[779]: signed.test. 86400 IN RRSIG A 13 2 86400 2025102811435620251014101356 39330 signed.test. oo3ca8WPusbBPRhzsEKw3bsBBqFtI8i4bckoMVNzt7lY+udGW6PlaSYj OjpQGgY9oglowVM9bteNtwJKHUbvtw==
TEST-75-RESOLVED.sh[749]: + grep -qF '; fully validated' /tmp/tmp.2KOIiyrgth
[FAILED] Failed to start TEST-75-RESOLVED.service - TEST-75-RESOLVED.
Let's explicitly wait for the DS records propagation to finish before we
start editing the test zone to avoid this.
I'm still not completely sure if this is the root cause, but it's the
best shot I currently have, so I'll let the CIs decide.
Daan De Meyer [Thu, 16 Oct 2025 06:45:46 +0000 (08:45 +0200)]
test: fixes for debian unstable and TEST-50-DISSECT (#39331)
Test failed in a weird way, turns out we don't use pipefail and an
intermediate command was moved to a different package so it wasn't in
the minimal image anymore. Add it, and use pipefail so in the future
it's easier to spot.
projects / thirdparty / systemd.git / log
