]> git.ipfire.org Git - thirdparty/systemd.git/log
thirdparty/systemd.git
3 days agoptyfwd: avoid touching forwarder after exit drain 42802/head
Luca Boccassi [Mon, 29 Jun 2026 17:07:01 +0000 (18:07 +0100)] 
ptyfwd: avoid touching forwarder after exit drain

on_exit_event() can synchronously drain buffered data through
shovel_force(). If that completes the drain, pty_forward_done() runs
the hangup handler and may free the forwarder, so do not call
pty_forward_done() again afterwards.

[   25.052879] TEST-74-AUX-UTILS.sh[909]: ==909==ERROR: AddressSanitizer: heap-use-after-free on address 0x7ccc8a5e0b41 at pc 0x7efc8cde106e bp 0x7ffd668629b0 sp 0x7ffd668629a8
[   25.053136] TEST-74-AUX-UTILS.sh[909]: READ of size 1 at 0x7ccc8a5e0b41 thread T0
[   25.092784] TEST-74-AUX-UTILS.sh[909]:     #0 0x7efc8cde106d in pty_forward_done ../src/src/shared/ptyfwd.c:187
[   25.093920] TEST-74-AUX-UTILS.sh[909]:     #1 0x7efc8cdedba1 in on_exit_event ../src/src/shared/ptyfwd.c:904
[   25.094148] TEST-74-AUX-UTILS.sh[909]:     #2 0x7efc8d375eff in source_dispatch ../src/src/libsystemd/sd-event/sd-event.c:4301
[   25.095074] TEST-74-AUX-UTILS.sh[909]:     #3 0x7efc8d378032 in dispatch_exit ../src/src/libsystemd/sd-event/sd-event.c:4431
[   25.095295] TEST-74-AUX-UTILS.sh[909]:     #4 0x7efc8d37e932 in sd_event_dispatch ../src/src/libsystemd/sd-event/sd-event.c:4896
[   25.095467] TEST-74-AUX-UTILS.sh[909]:     #5 0x7efc8d37fc8c in sd_event_run ../src/src/libsystemd/sd-event/sd-event.c:4971
[   25.095647] TEST-74-AUX-UTILS.sh[909]:     #6 0x7efc8d3800ad in sd_event_loop ../src/src/libsystemd/sd-event/sd-event.c:4992
[   25.097174] TEST-74-AUX-UTILS.sh[909]:     #7 0x56049b541aba in start_transient_service ../src/src/run/run.c:2479
[   25.097403] TEST-74-AUX-UTILS.sh[909]:     #8 0x56049b552a65 in run ../src/src/run/run.c:3288
[   25.097569] TEST-74-AUX-UTILS.sh[909]:     #9 0x56049b552cb0 in main ../src/src/run/run.c:3291
[   25.097780] TEST-74-AUX-UTILS.sh[909]:     #10 0x7efc8b882300 in __libc_start_call_main (/lib64/libc.so.6+0x7d300) (BuildId: 830c94f480c13d9b01dc65a1035310882136094a)
[   25.097952] TEST-74-AUX-UTILS.sh[909]:     #11 0x7efc8b882417 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x7d417) (BuildId: 830c94f480c13d9b01dc65a1035310882136094a)
[   25.098139] TEST-74-AUX-UTILS.sh[909]:     #12 0x56049b51cf54 in _start (/usr/bin/systemd-run+0x19f54) (BuildId: 0daacdb9f20151f3517312ee99e489a9b8f4989c)
[   25.098316] TEST-74-AUX-UTILS.sh[909]: 0x7ccc8a5e0b41 is located 193 bytes inside of 2384-byte region [0x7ccc8a5e0a80,0x7ccc8a5e13d0)
[   25.099202] TEST-74-AUX-UTILS.sh[909]: freed by thread T0 here:
[   25.099410] TEST-74-AUX-UTILS.sh[909]:     #0 0x7efc8e76420f in free.part.0 (/lib64/libasan.so.8+0x16420f) (BuildId: 173395e60f171589489dde2b7a156d0ae380734b)
[   25.099557] TEST-74-AUX-UTILS.sh[909]:     #1 0x7efc8cdf14d1 in pty_forward_free ../src/src/shared/ptyfwd.c:1122
[   25.099691] TEST-74-AUX-UTILS.sh[909]:     #2 0x56049b535328 in pty_forward_handler ../src/src/run/run.c:1952
[   25.100063] TEST-74-AUX-UTILS.sh[909]:     #3 0x7efc8cde138c in pty_forward_done ../src/src/shared/ptyfwd.c:196
[   25.100197] TEST-74-AUX-UTILS.sh[909]:     #4 0x7efc8cdec757 in shovel ../src/src/shared/ptyfwd.c:813
[   25.101144] TEST-74-AUX-UTILS.sh[909]:     #5 0x7efc8cdecc1f in shovel_force ../src/src/shared/ptyfwd.c:828
[   25.102273] TEST-74-AUX-UTILS.sh[909]:     #6 0x7efc8cdedb82 in on_exit_event ../src/src/shared/ptyfwd.c:899
[   25.103564] TEST-74-AUX-UTILS.sh[909]:     #7 0x7efc8d375eff in source_dispatch ../src/src/libsystemd/sd-event/sd-event.c:4301
[   25.103712] TEST-74-AUX-UTILS.sh[909]:     #8 0x7efc8d378032 in dispatch_exit ../src/src/libsystemd/sd-event/sd-event.c:4431
[   25.104081] TEST-74-AUX-UTILS.sh[909]:     #9 0x7efc8d37e932 in sd_event_dispatch ../src/src/libsystemd/sd-event/sd-event.c:4896
[   25.104954] TEST-74-AUX-UTILS.sh[909]:     #10 0x7efc8d37fc8c in sd_event_run ../src/src/libsystemd/sd-event/sd-event.c:4971
[   25.105160] TEST-74-AUX-UTILS.sh[909]:     #11 0x7efc8d3800ad in sd_event_loop ../src/src/libsystemd/sd-event/sd-event.c:4992
[   25.105310] TEST-74-AUX-UTILS.sh[909]:     #12 0x56049b541aba in start_transient_service ../src/src/run/run.c:2479
[   25.105454] TEST-74-AUX-UTILS.sh[909]:     #13 0x56049b552a65 in run ../src/src/run/run.c:3288
[   25.105572] TEST-74-AUX-UTILS.sh[909]:     #14 0x56049b552cb0 in main ../src/src/run/run.c:3291
[   25.106136] TEST-74-AUX-UTILS.sh[909]:     #15 0x7efc8b882300 in __libc_start_call_main (/lib64/libc.so.6+0x7d300) (BuildId: 830c94f480c13d9b01dc65a1035310882136094a)
[   25.106263] TEST-74-AUX-UTILS.sh[909]:     #16 0x7efc8b882417 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x7d417) (BuildId: 830c94f480c13d9b01dc65a1035310882136094a)
[   25.106385] TEST-74-AUX-UTILS.sh[909]:     #17 0x56049b51cf54 in _start (/usr/bin/systemd-run+0x19f54) (BuildId: 0daacdb9f20151f3517312ee99e489a9b8f4989c)
[   25.106792] TEST-74-AUX-UTILS.sh[909]: previously allocated by thread T0 here:
[   25.106957] TEST-74-AUX-UTILS.sh[909]:     #0 0x7efc8e76515f in malloc (/lib64/libasan.so.8+0x16515f) (BuildId: 173395e60f171589489dde2b7a156d0ae380734b)
[   25.108013] TEST-74-AUX-UTILS.sh[909]:     #1 0x7efc8cddebed in malloc_multiply ../src/src/basic/alloc-util.h:92
[   25.108188] TEST-74-AUX-UTILS.sh[909]:     #2 0x7efc8cdee47b in pty_forward_new ../src/src/shared/ptyfwd.c:955
[   25.108324] TEST-74-AUX-UTILS.sh[909]:     #3 0x56049b538700 in run_context_setup_ptyfwd ../src/src/run/run.c:2130
[   25.108472] TEST-74-AUX-UTILS.sh[909]:     #4 0x56049b5419f9 in start_transient_service ../src/src/run/run.c:2465
[   25.109152] TEST-74-AUX-UTILS.sh[909]:     #5 0x56049b552a65 in run ../src/src/run/run.c:3288
[   25.109311] TEST-74-AUX-UTILS.sh[909]:     #6 0x56049b552cb0 in main ../src/src/run/run.c:3291
[   25.109450] TEST-74-AUX-UTILS.sh[909]:     #7 0x7efc8b882300 in __libc_start_call_main (/lib64/libc.so.6+0x7d300) (BuildId: 830c94f480c13d9b01dc65a1035310882136094a)
[   25.109847] TEST-74-AUX-UTILS.sh[909]:     #8 0x7efc8b882417 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x7d417) (BuildId: 830c94f480c13d9b01dc65a1035310882136094a)
[   25.110760] TEST-74-AUX-UTILS.sh[909]:     #9 0x56049b51cf54 in _start (/usr/bin/systemd-run+0x19f54) (BuildId: 0daacdb9f20151f3517312ee99e489a9b8f4989c)
[   25.110911] TEST-74-AUX-UTILS.sh[909]: SUMMARY: AddressSanitizer: heap-use-after-free ../src/src/shared/ptyfwd.c:187 in pty_forward_done
[   25.111054] TEST-74-AUX-UTILS.sh[909]: Shadow bytes around the buggy address:
[   25.111213] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[   25.111378] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[   25.111520] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[   25.112210] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[   25.112399] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[   25.112767] TEST-74-AUX-UTILS.sh[909]: =>0x7ccc8a5e0b00: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
[   25.112901] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[   25.113789] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[   25.113906] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[   25.114046] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[   25.114159] TEST-74-AUX-UTILS.sh[909]:   0x7ccc8a5e0d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[   25.114278] TEST-74-AUX-UTILS.sh[909]: Shadow byte legend (one shadow byte represents 8 application bytes):
[   25.114400] TEST-74-AUX-UTILS.sh[909]:   Addressable:           00
[   25.115099] TEST-74-AUX-UTILS.sh[909]:   Partially addressable: 01 02 03 04 05 06 07
[   25.115246] TEST-74-AUX-UTILS.sh[909]:   Heap left redzone:       fa
[   25.115365] TEST-74-AUX-UTILS.sh[909]:   Freed heap region:       fd
[   25.115483] TEST-74-AUX-UTILS.sh[909]:   Stack left redzone:      f1
[   25.115618] TEST-74-AUX-UTILS.sh[909]:   Stack mid redzone:       f2
[   25.115882] TEST-74-AUX-UTILS.sh[909]:   Stack right redzone:     f3
[   25.116735] TEST-74-AUX-UTILS.sh[909]:   Stack after return:      f5
[   25.116857] TEST-74-AUX-UTILS.sh[909]:   Stack use after scope:   f8
[   25.116974] TEST-74-AUX-UTILS.sh[909]:   Global redzone:          f9
[   25.117108] TEST-74-AUX-UTILS.sh[909]:   Global init order:       f6
[   25.117257] TEST-74-AUX-UTILS.sh[909]:   Poisoned by user:        f7
[   25.118128] TEST-74-AUX-UTILS.sh[909]:   Container overflow:      fc
[   25.118288] TEST-74-AUX-UTILS.sh[909]:   Array cookie:            ac
[   25.118433] TEST-74-AUX-UTILS.sh[909]:   Intra object redzone:    bb
[   25.118546] TEST-74-AUX-UTILS.sh[909]:   ASan internal:           fe
[   25.118684] TEST-74-AUX-UTILS.sh[909]:   Left alloca redzone:     ca
[   25.118792] TEST-74-AUX-UTILS.sh[909]:   Right alloca redzone:    cb
[   25.119282] TEST-74-AUX-UTILS.sh[909]: Command: systemd-run --quiet --pty -- bash -c echo PTY_FORWARD_READY; exec sleep 60
[   25.119395] TEST-74-AUX-UTILS.sh[909]: ==909==ABORTING

Follow-up for d3218c4c80c99583d3e7a31ff2f509ffb097568e

3 days agoenv-util: ensure NUL termination of the replace_env_argv() output array
Luca Boccassi [Mon, 29 Jun 2026 14:05:51 +0000 (15:05 +0100)] 
env-util: ensure NUL termination of the replace_env_argv() output array

The output array is allocated with new() and left uninitialized, but a
bare unset "$VAR" token expands to nothing and writes no terminator.
When such a token leads or is the only word, the returned strv is left
without a trailing NULL.

Follow-up for f331434d13488425ccd8485327085d15f8f92aea

3 days agofido2: reject zero-length HMAC secret
Luca Boccassi [Mon, 29 Jun 2026 13:01:08 +0000 (14:01 +0100)] 
fido2: reject zero-length HMAC secret

The CTAP2 HMAC-SECRET output should never be zero length, so enforce
that at both retrieval sites.

Follow-up for 1c0c4a43c6118aa4057222789e4b777b61e4bb27

4 days agolocale-util: drop libintl dependency
Yu Watanabe [Sun, 28 Jun 2026 12:40:07 +0000 (21:40 +0900)] 
locale-util: drop libintl dependency

Both glibc and musl provides dgettext(). Hence it is not necessary to
use libintl.so provided by gettext.

This partially reverts 590e22643722cf1268bd24f9056c7115ab0c1cf2,
fully reverts commit e6e65dc26157207a6b720fccc49632ac77236384 and
bd19ffd9cb618b15cbd74110aeca2abab745fe9e.

Then, introduce minimal libintl.h for musl build, to avoid using
libintl.h by gettext, which is typically installed on musl-based
build systems.

4 days agotest: make TEST-07-PID1.issue-14566 more robust (#42798)
Luca Boccassi [Mon, 29 Jun 2026 14:16:39 +0000 (15:16 +0100)] 
test: make TEST-07-PID1.issue-14566 more robust (#42798)

e.g.:
https://artifacts.dev.testing-farm.io/f5150e83-eccf-4d84-aa8b-ff25cd7a3cb4/

4 days agoshared/varlink: fix license of varlink-io.systemd.Udev.c
Luca Boccassi [Fri, 26 Jun 2026 20:28:27 +0000 (21:28 +0100)] 
shared/varlink: fix license of varlink-io.systemd.Udev.c

Sources in src/shared need to be licensed LGPL-2.1-or-later, not
GPL-2.0-or-later, which is the license for src/udev. Fix it.

Follow-up for 2f0aa9a80445ef18086260a60fad71920ad9486c

4 days agotest: drop ASAN workaround in TEST-07-PID1.issue-14566 42798/head
Luca Boccassi [Mon, 29 Jun 2026 11:06:28 +0000 (12:06 +0100)] 
test: drop ASAN workaround in TEST-07-PID1.issue-14566

https://bugzilla.redhat.com/show_bug.cgi?id=2098125 was marked as
fixed some years ago, so it should be safe to run this test again
now.

Follow-up for 11562ee585d5f2e42cb583f06aa01c7383d85f55

4 days agotest: use /run/ for temporary files in TEST-07-PID1.issue-14566
Luca Boccassi [Mon, 29 Jun 2026 11:02:41 +0000 (12:02 +0100)] 
test: use /run/ for temporary files in TEST-07-PID1.issue-14566

And delete the file before starting, to be safe against reruns

Follow-up for c1566ef0d22ed786b9ecf4c476e53b8a91e67578

4 days agotest: make TEST-07-PID1.issue-14566 more robust
Luca Boccassi [Mon, 29 Jun 2026 10:56:30 +0000 (11:56 +0100)] 
test: make TEST-07-PID1.issue-14566 more robust

The test slept a fixed 4s after starting the service, then read the
child PID from /leakedtestpid. On a loaded host the executor had not
exec'd the script yet:

[ 1571.079978] TEST-07-PID1.sh[17329]: + systemctl start issue14566-repro
[ 1571.079978] TEST-07-PID1.sh[17329]: + sleep 4
[ 1571.079978] TEST-07-PID1.sh[17329]: + systemctl status issue14566-repro
[ 1562.350438] systemd[1]: init.scope: Child 17296 belongs to init.scope.
[ 1571.081084] TEST-07-PID1.sh[17333]: ● issue14566-repro.service - Issue 14566 Repro
[ 1571.081084] TEST-07-PID1.sh[17333]:      Loaded: loaded (/usr/lib/systemd/tests/testdata/TEST-07-PID1.units/issue14566-repro.service; static)
[ 1571.081084] TEST-07-PID1.sh[17333]:     Drop-In: /usr/lib/systemd/system/service.d
[ 1571.081084] TEST-07-PID1.sh[17333]:              └─10-timeout-abort.conf
[ 1571.081084] TEST-07-PID1.sh[17333]:      Active: active (running) since Mon 2026-06-29 06:19:07 UTC; 4s ago
[ 1571.081084] TEST-07-PID1.sh[17333]:  Invocation: b3356aa5fff24eee85e302250ecb06b1
[ 1571.081084] TEST-07-PID1.sh[17333]:    Main PID: 17331 (9)
[ 1571.081084] TEST-07-PID1.sh[17333]:       Tasks: 1 (limit: 4468)
[ 1571.081084] TEST-07-PID1.sh[17333]:      Memory: 768K (peak: 768K)
[ 1571.081084] TEST-07-PID1.sh[17333]:         CPU: 1ms
[ 1571.081084] TEST-07-PID1.sh[17333]:      CGroup: /system.slice/issue14566-repro.service
[ 1571.081084] TEST-07-PID1.sh[17333]:              └─17331 systemd-executor --deserialize 66 --log-level debug,console:info --log-target journal
[ 1562.350492] systemd[1]: Child 17297 ((sd-close)) died (code=exited, status=0/SUCCESS)
[ 1571.082379] TEST-07-PID1.sh[17334]: ++ cat /leakedtestpid
[ 1571.082379] TEST-07-PID1.sh[17334]: cat: /leakedtestpid: No such file or directory

Make the service Type=notify and notify readiness after writing the PID
file, and wait for the service to go inactive in a timeout loop instead
of fixed sleeps.

Follow-up for c1566ef0d22ed786b9ecf4c476e53b8a91e67578

4 days agomkosi: fix license of mkosi.finalize
Luca Boccassi [Mon, 29 Jun 2026 10:42:27 +0000 (11:42 +0100)] 
mkosi: fix license of mkosi.finalize

Every mkosi file/script is LGPL-2.1-or-later, but this one is CC-0,
fix it

Follow-up for 858e59c82c2246d34d84bd495f46c971d9303dba

4 days agoshell-completion: add missing commands and options to timedatectl zsh
wangzhaohui [Wed, 24 Jun 2026 03:10:56 +0000 (11:10 +0800)] 
shell-completion: add missing commands and options to timedatectl zsh

The zsh completion for timedatectl was missing three commands ('show',
'ntp-servers', 'revert') and five options (--monitor, -p/--property=,
-a/--all, --value, -P) that are already present in the bash completion,
documented in the man page, and implemented in the binary.

Fixes #16507

5 days agologind: fix typo in reboot-to-boot-loader-entry path
dongshengyuan [Mon, 29 Jun 2026 06:54:51 +0000 (14:54 +0800)] 
logind: fix typo in reboot-to-boot-loader-entry path

SetRebootToBootLoaderEntry on non-EFI systems wrote the boot loader
entry name to /run/systemd/reboot-boot-to-loader-entry (wrong order),
while the getter and unlink both use the correct path
/run/systemd/reboot-to-boot-loader-entry.

The written value was never read back, silently breaking the feature
on non-EFI systems.

Signed-off-by: dongshengyuan <dongshengyuan@uniontech.com>
5 days agojournal-verify: fix offset reported for tail hash mismatch
dongshengyuan [Mon, 29 Jun 2026 06:53:35 +0000 (14:53 +0800)] 
journal-verify: fix offset reported for tail hash mismatch

After walking a hash chain, the loop exits with p == 0. The error()
call for a tail_hash_offset mismatch passed p as the file offset,
printing 0000000000000000 instead of the actual last data object.

Pass 'last' instead, which holds the offset of the final chain entry.

Signed-off-by: dongshengyuan <dongshengyuan@uniontech.com>
5 days agopo: Translated using Weblate (Indonesian)
Arif Budiman [Mon, 29 Jun 2026 06:17:54 +0000 (06:17 +0000)] 
po: Translated using Weblate (Indonesian)

Currently translated at 100.0% (286 of 286 strings)

Co-authored-by: Arif Budiman <arifpedia@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/id/
Translation: systemd/main

5 days agoRevert "mkosi: Grow the root partition on boot"
Yu Watanabe [Sun, 28 Jun 2026 04:28:17 +0000 (13:28 +0900)] 
Revert "mkosi: Grow the root partition on boot"

This reverts commit 7f33ee8bb42a905f5c71bc0b49e946b527b3135a.

The file is located outside mkosi/ subdirectory, hence currently unused.
If this is moved to mkosi/ subdirectory, the config conflicts with
TEST-58-REPART. Let's remove it at least now, and reintroduce it later
at correct place with test adjustment if this is really useful.

6 days agocryptenroll: add interactive mode and Varlink IPC API (#42380)
Lennart Poettering [Sun, 28 Jun 2026 06:47:27 +0000 (08:47 +0200)] 
cryptenroll: add interactive mode and Varlink IPC API (#42380)

Replaces: #31096
Fixes: #36298
6 days agorun: make custom slice imply XDG_SESSION_CLASS=none
Ronan Pigott [Wed, 17 Jun 2026 19:36:16 +0000 (12:36 -0700)] 
run: make custom slice imply XDG_SESSION_CLASS=none

--slice and --slice-inherit are intended to make the new service unit
part of a specific slice. Logind is incompatible with that goal, as a
session of any kind will prompt logind to immediately yoink the new
command from the service unit into a new session scope, which does not
inherit from run0's own slice. The use can still explicitly request a
session with --setenv=XDG_SESSION_CLASS=<class>.

Also make --slice and --slice-inherit conflict with --lightweight and
--area, which depend on logind to be effective.

6 days agonuma: add support for preferred-many and weighted-interleave policies
dongshengyuan [Mon, 22 Jun 2026 02:55:13 +0000 (10:55 +0800)] 
numa: add support for preferred-many and weighted-interleave policies

Add support for two newer NUMA memory policies:

- MPOL_PREFERRED_MANY (Linux 5.15): like MPOL_PREFERRED but accepts
  a set of nodes instead of a single node, falling back to all nodes
  if preferred nodes cannot satisfy the allocation.

- MPOL_WEIGHTED_INTERLEAVE (Linux 6.9): like MPOL_INTERLEAVE but
  distributes pages across nodes proportionally to per-node weights
  configured via /sys/kernel/mm/mempolicy/weighted_interleave/.

On kernels that do not support the requested policy, set_mempolicy()
returns EINVAL. We convert EINVAL to EOPNOTSUPP only for the two new
policies (MPOL_PREFERRED_MANY, MPOL_WEIGHTED_INTERLEAVE), so that a
bad NUMAMask= for already-supported policies still fails the service
rather than being silently ignored.

The NUMA subsystem being absent (ENOSYS) continues to be handled
silently at debug level, as before.

Varlink serialization uses json_underscorify() on an owned copy of
the policy name string to convert hyphenated names to the underscore
form declared in the IDL enum, avoiding mutation of the read-only
static string table.

Signed-off-by: dongshengyuan <dongshengyuan@uniontech.com>
6 days agoCorrect allocation size computation in xescape_full
Jouke Witteveen [Sun, 21 Jun 2026 12:28:45 +0000 (14:28 +0200)] 
Correct allocation size computation in xescape_full

Amends 17260a9 (#42524).

Since there is no return path with an incomplete write, the effect of
the memset block was unobservable, so drop it.

6 days agovmspawn: complain loudly if we can't prepare a unix socket for virtiofsd
Frantisek Sumsal [Sat, 27 Jun 2026 17:08:06 +0000 (19:08 +0200)] 
vmspawn: complain loudly if we can't prepare a unix socket for virtiofsd

I couldn't convince vmspawn to start a VM on a Fedora image I just
downloaded, and it was pretty light on any useful details:

$ build/systemd-vmspawn --image ~/Downloads/Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x86_64.qcow2 --image-format=qcow2 --bind-ro=/tmp/bar; echo $?
░ Spawning VM Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x8664.qcow2 on /home/mrc0mmand/Downloads/Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x86_64.qcow2.
░ Press Ctrl-] three times within 1s to kill VM.
1

Turns out that the unix socket path vmspawn generates for the virtiofsd
socket is too long. Let's relay this information to the user as well to
make debugging this a little less painful:

$ build/systemd-vmspawn --image ~/Downloads/Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x86_64.qcow2 --image-format=qcow2 --bind-ro=/tmp/bar
░ Spawning VM Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x8664.qcow2 on /home/mrc0mmand/Downloads/Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x86_64.qcow2.
░ Press Ctrl-] three times within 1s to kill VM.
Failed to prepare unix socket '/run/user/1000/systemd/vmspawn/Fedora-Server-Guest-Generic-Rawhide-20260627.n.0.x8664.qcow2/sock-9594581dcf598992': File name too long

6 days agojournal: replace libgcrypt with openssl (#42695)
Yu Watanabe [Sat, 27 Jun 2026 18:45:22 +0000 (03:45 +0900)] 
journal: replace libgcrypt with openssl (#42695)

6 days agoupdate TODO 42380/head
Lennart Poettering [Fri, 29 May 2026 10:40:47 +0000 (12:40 +0200)] 
update TODO

6 days agoshell-completion: catch up with cryptenroll command line
Lennart Poettering [Wed, 24 Jun 2026 09:01:43 +0000 (11:01 +0200)] 
shell-completion: catch up with cryptenroll command line

6 days agotest: cover the io.systemd.CryptEnroll Varlink interface
Lennart Poettering [Thu, 28 May 2026 12:23:04 +0000 (14:23 +0200)] 
test: cover the io.systemd.CryptEnroll Varlink interface

Extend the existing systemd-cryptenroll test with varlinkctl invocations
equivalent to the command line ones: enrolling a recovery key and passwords
(unlocking via a key file by path and via a passed file descriptor), listing
slots, combining enrollment with a type-based wipe, and the negative cases
(ListSlots without 'more', and the pkcs11/tpm2 mechanisms that are not part of
the EnrollMechanism allowlist).

6 days agocryptenroll: refuse reading a key longer than 4 MiB
Lennart Poettering [Mon, 22 Jun 2026 12:27:02 +0000 (14:27 +0200)] 
cryptenroll: refuse reading a key longer than 4 MiB

If we open this up to external processes let's tighten rules and refuse
reading more than 4 MiB as key, after all this is locked memory.

6 days agocryptenroll: add interactive --firstboot enrollment wizard
Lennart Poettering [Thu, 28 May 2026 12:15:56 +0000 (14:15 +0200)] 
cryptenroll: add interactive --firstboot enrollment wizard

Add a --firstboot mode that interactively walks the user through enrolling a
passphrase, a recovery key, or a FIDO2 token, with one menu entry per suitable
token currently plugged in (driven by a new fido2_enumerate_devices() helper).
Pressing enter at the top-level menu leaves the volume unchanged; for each
already-enrolled credential type the wizard offers to wipe it as part of the
operation. It populates the same EnrollContext the command line and Varlink
paths use, so the actual enrollment goes through the shared enroll_now() path.

A companion --prompt-suppress= option takes a list of slot types: if a slot of
any listed type already exists, the wizard does nothing and exits successfully.
This lets it be hooked into the boot process while staying quiet once the
system has been set up.

The accompanying systemd-cryptenroll-firstboot.service runs this from the
initrd, after systemd-repart has created the encrypted volume but before we
transition to the host, suppressing itself once a password, recovery key or
FIDO2 token is enrolled. To make that work, determine_default_node() now looks
below /sysroot/ when running in the initrd, since the host file systems aren't
at their final location yet.

While the wizard is active it draws the same installer-style chrome (blue bars
at the top and bottom of the terminal) as systemd-sysinstall, using the shared
prompt_loop_yes_no() helper for its wipe confirmations.

Honours the systemd.firstboot= kernel command line option.

Fixes: #36298
6 days agocryptenroll: add --unlock-headless as a new pseudo-unlock mechanism
Lennart Poettering [Fri, 29 May 2026 09:37:48 +0000 (11:37 +0200)] 
cryptenroll: add --unlock-headless as a new pseudo-unlock mechanism

THis simply tries TPM2 if available, and falls back to empty password.

6 days agocryptenroll: add --unlock-empty to unlock via an empty password
Lennart Poettering [Fri, 29 May 2026 09:29:32 +0000 (11:29 +0200)] 
cryptenroll: add --unlock-empty to unlock via an empty password

6 days agocryptenroll: move load_volume_key_keyfile() to cryptenroll-password.c
Lennart Poettering [Fri, 29 May 2026 10:19:34 +0000 (12:19 +0200)] 
cryptenroll: move load_volume_key_keyfile() to cryptenroll-password.c

Conceptually a keyfile and a password are pretty much the same thing,
hence put them in the same file.

6 days agocryptenroll: expose enrollment as an io.systemd.CryptEnroll Varlink service
Lennart Poettering [Thu, 28 May 2026 11:32:13 +0000 (13:32 +0200)] 
cryptenroll: expose enrollment as an io.systemd.CryptEnroll Varlink service

Add a Varlink interface for systemd-cryptenroll, building on the EnrollContext
introduced previously. A single Enroll method covers password, recovery-key and
FIDO2 enrollment; PKCS#11 and TPM2 are not exposed for now (they are not
part of the EnrollMechanism allowlist, so the generic InvalidParameter error
applies). A ListSlots method enumerates the currently enrolled keyslots.

The dispatcher populates the same EnrollContext the command line uses and then
runs the shared enroll_now()/prepare_luks()/wipe_slots() paths, so both
front-ends behave identically. FIDO2 enrollment that requires user presence
reports an imminent touch via a non-terminating "state":"touch" reply when the
caller passes 'more'. Credential material (password, FIDO2 PIN, recovery key)
is handled as sensitive, and key files may be passed either by path or as an
fd index.

The server is allocated root-only plus caller's-own-UID, with the listening
socket created in 0644 mode.

Replaces: #31096

6 days agocryptenroll: add an "unlock_password" field to ExecContext
Lennart Poettering [Wed, 24 Jun 2026 09:23:19 +0000 (11:23 +0200)] 
cryptenroll: add an "unlock_password" field to ExecContext

This is preparation for the Varlinkification, as then we want to pass
the password in via IPC instead of prompting the user.

Note that this only adds the field, and applies it, but never actually
sets it. That's for the varlinkification later.

6 days agocryptenroll: collect all enrollment parameters in an EnrollContext
Lennart Poettering [Thu, 28 May 2026 10:35:21 +0000 (12:35 +0200)] 
cryptenroll: collect all enrollment parameters in an EnrollContext

Introduce an EnrollContext structure that carries everything the enrollment
and unlocking helpers need, and route all enroll_*()/load_volume_key_*()/
wipe_slots() calls through it. The command line still populates the existing
arg_* globals as before; once parsing is complete they are copied into a
self-contained EnrollContext (which owns its strings/arrays) and the rest of
the code only ever reads from the context.

This is preparation for the upcoming varlinkification of systemd-cryptenroll:
a Varlink dispatcher (and later an interactive first-boot wizard) can populate
the very same EnrollContext without going through the arg_* parsing layer.

To support non-interactive (e.g. Varlink) callers, the context carries an
'interactive' flag: when false, every credential prompt is disabled and the
helpers fail with -ENOPKG (the established "querying disabled via headless"
code) instead of blocking on a tty. Passwords, FIDO2 PINs and PKCS#11 PINs are
all covered, and an optional FIDO2 PIN can be supplied directly via the
context. enroll_recovery() additionally grows a quiet mode that returns the
recovery key instead of printing it.

This also adds one new field to EnrollContext which didn't exist before:
the unlock_password is useful for the Varlink hookup later.

No change in command line behaviour.

6 days agomute-console: allow NULL being passed
Lennart Poettering [Tue, 16 Jun 2026 12:21:36 +0000 (14:21 +0200)] 
mute-console: allow NULL being passed

6 days agoshared: add a generic prompt_loop_yes_no() helper
Lennart Poettering [Thu, 28 May 2026 13:33:49 +0000 (15:33 +0200)] 
shared: add a generic prompt_loop_yes_no() helper

Factor a yes/no variant of prompt_loop() out into prompt-util.[ch], so the
various interactive tools can share a single implementation, and convert
systemd-sysinstall's installation confirmation question over to it.

6 days agogcrypt-util: drop several unused definitions 42695/head
Yu Watanabe [Tue, 23 Jun 2026 16:04:02 +0000 (01:04 +0900)] 
gcrypt-util: drop several unused definitions

6 days agotree-wide: drop gcrypt dependency from all binaries except for unit tests
Yu Watanabe [Mon, 22 Jun 2026 10:32:01 +0000 (19:32 +0900)] 
tree-wide: drop gcrypt dependency from all binaries except for unit tests

With this change, gcrypt dependency is not mandatory. Hence, allow to build
systemd even when -D gcrypt=enabled but gcrypt devel package is not installed.

6 days agojournal: replace gcrypt with openssl
Yu Watanabe [Mon, 22 Jun 2026 07:34:35 +0000 (16:34 +0900)] 
journal: replace gcrypt with openssl

6 days agofsprg-openssl: rewrite fsprg with OpenSSL
Yu Watanabe [Fri, 19 Jun 2026 18:29:47 +0000 (03:29 +0900)] 
fsprg-openssl: rewrite fsprg with OpenSSL

This introduce OpenSSL port of fsprg, which is implemented by using libgcrypt.

6 days agocrypto-util: load several more functions from libcrypto.so
Yu Watanabe [Thu, 25 Jun 2026 12:10:05 +0000 (21:10 +0900)] 
crypto-util: load several more functions from libcrypto.so

They will be used in later commits.

6 days agocrypto-util: sort symbols
Yu Watanabe [Thu, 25 Jun 2026 11:51:34 +0000 (20:51 +0900)] 
crypto-util: sort symbols

6 days agotest-fsprg: add unit test for FSPRG
Yu Watanabe [Fri, 19 Jun 2026 17:42:13 +0000 (02:42 +0900)] 
test-fsprg: add unit test for FSPRG

6 days agotest-journal-verify: replace HAVE_GCRYPT ifdef with journal_auth_supported()
Yu Watanabe [Sat, 27 Jun 2026 06:49:31 +0000 (15:49 +0900)] 
test-journal-verify: replace HAVE_GCRYPT ifdef with journal_auth_supported()

6 days agosd-journal: allow to verify sealed journals even when sealing support is disabled
Yu Watanabe [Sat, 27 Jun 2026 06:20:27 +0000 (15:20 +0900)] 
sd-journal: allow to verify sealed journals even when sealing support is disabled

Of course, if disabled, seal tags cannot be verified, hence the check is skipped.

6 days agosd-journal: allow to read sealed journal files when sealing is not supported
Yu Watanabe [Sat, 27 Jun 2026 06:04:24 +0000 (15:04 +0900)] 
sd-journal: allow to read sealed journal files when sealing is not supported

6 days agosd-journal: drop libgcrypt dependency from libsystemd
Yu Watanabe [Thu, 25 Jun 2026 14:38:16 +0000 (23:38 +0900)] 
sd-journal: drop libgcrypt dependency from libsystemd

This introduce a vtable for journal tagging feature in sd-journal,
and makes libgcrypt dependent features loaded by users (journald,
journalctl, journal-remote, and unit tests) when necessary.

6 days agojournal-authenticate: save mmaped size rather than file size field in the file
Yu Watanabe [Sat, 27 Jun 2026 05:24:52 +0000 (14:24 +0900)] 
journal-authenticate: save mmaped size rather than file size field in the file

6 days agosd-journal: introduce JournalAuthContext
Yu Watanabe [Thu, 25 Jun 2026 16:26:21 +0000 (01:26 +0900)] 
sd-journal: introduce JournalAuthContext

Then, move several components for journal tagging in JournalFile
to JournalAuthContext.
This also introduces wrapper functions that checks gcrypt support.

6 days agojournal-authenticate: initialize hmac when necessary 42772/head
Yu Watanabe [Fri, 26 Jun 2026 19:59:08 +0000 (04:59 +0900)] 
journal-authenticate: initialize hmac when necessary

6 days agojournal-authenticate: several trivial cleanups
Yu Watanabe [Thu, 25 Jun 2026 15:31:22 +0000 (00:31 +0900)] 
journal-authenticate: several trivial cleanups

- adds several overflow check,
- adds missing assertion,
- drop unnecessary conditions,
- declare variables when necessary.

6 days agojournal-authenticate: check overflow
Yu Watanabe [Thu, 25 Jun 2026 16:23:46 +0000 (01:23 +0900)] 
journal-authenticate: check overflow

6 days agojournal-authenticate: merge several functions into journal_file_maybe_append_tag()
Yu Watanabe [Thu, 25 Jun 2026 16:08:10 +0000 (01:08 +0900)] 
journal-authenticate: merge several functions into journal_file_maybe_append_tag()

6 days agojournal-authenticate: move several more functions
Yu Watanabe [Thu, 25 Jun 2026 15:53:35 +0000 (00:53 +0900)] 
journal-authenticate: move several more functions

6 days agojournal-authenticate: move one more function
Yu Watanabe [Thu, 25 Jun 2026 15:47:33 +0000 (00:47 +0900)] 
journal-authenticate: move one more function

6 days agojournal-authenticate: move functions
Yu Watanabe [Thu, 25 Jun 2026 15:30:37 +0000 (00:30 +0900)] 
journal-authenticate: move functions

6 days agomkosi: update debian commit ref and install new split-out packages (#42769)
Luca Boccassi [Sat, 27 Jun 2026 14:33:38 +0000 (15:33 +0100)] 
mkosi: update debian commit ref and install new split-out packages (#42769)

6 days agojournal: several cleanups for journal sealing feature (#42770)
Yu Watanabe [Sat, 27 Jun 2026 14:01:09 +0000 (23:01 +0900)] 
journal: several cleanups for journal sealing feature (#42770)

6 days agojournal: drop journal_file_tag_seqnum() and embed into journal_file_append_tag() 42770/head
Yu Watanabe [Thu, 25 Jun 2026 15:13:58 +0000 (00:13 +0900)] 
journal: drop journal_file_tag_seqnum() and embed into journal_file_append_tag()

6 days agojournal: use FSS_HEADER_SIGNATURE at one more place
Yu Watanabe [Thu, 25 Jun 2026 15:08:41 +0000 (00:08 +0900)] 
journal: use FSS_HEADER_SIGNATURE at one more place

6 days agojournalctl-misc: several cleanups
Yu Watanabe [Thu, 25 Jun 2026 07:56:56 +0000 (16:56 +0900)] 
journalctl-misc: several cleanups

- honor -ENOKEY from journal_file_verify(),
- use RET_GATHER(),
- use usec_sub_unsigned(),
- reduce indentation,
- tighten variable scope.

6 days agojournal-verify: coding style fixlets
Yu Watanabe [Thu, 25 Jun 2026 07:51:14 +0000 (16:51 +0900)] 
journal-verify: coding style fixlets

6 days agojournal-authenticate: refuse invalid start and interval parameters
Yu Watanabe [Sat, 27 Jun 2026 05:08:03 +0000 (14:08 +0900)] 
journal-authenticate: refuse invalid start and interval parameters

We have already checked that in journal_file_fss_load().
Let's also check the same in loading user provided key.

6 days agomkosi: pull new split-out packages for deb/ubuntu 42769/head
Luca Boccassi [Sat, 27 Jun 2026 09:16:24 +0000 (10:16 +0100)] 
mkosi: pull new split-out packages for deb/ubuntu

6 days agomkosi: update debian commit reference to 0b390d268323a49191a9a3bcc07a46b573c1e464
Luca Boccassi [Sat, 27 Jun 2026 09:12:58 +0000 (10:12 +0100)] 
mkosi: update debian commit reference to 0b390d268323a49191a9a3bcc07a46b573c1e464

0b390d2683 One more fixup for d/copyright
91d3dadcb5 Update changelog for 261.1-1 release
3c287e1f86 d/copyright: update to add new licenses
a82117f9a3 Install new files for upstream build
020caeb149 Override new Lintian false positive
d55b67b66e d/control: demote libnss-{myhostname,resolve} to Suggests for systemd-resolved
1c537705ec Update changelog for 261-2 release
6235897bbc Note new package split in NEWS
a440cb2c4a Install new files for upstream build
7eaa21ad05 Split tpm tools into new systemd-tpm package
52b28b74f3 Split metrics reporting tools into new systemd-report package
de2f367f22 Split imds tools into new systemd-imds package
2d0a07f5ae d/t/control: do not install xserver-xorg-video-dummy on loong64
c886c3efc8 Install new files for upstream build
0efa66b4af Update changelog for 261-1 release
e36cf82a1d lintian-overrides: override error about derivative.ubuntu build profile
fbd38c36ea d/control: do not build systemd-boot-efi-*-signed-template on ubuntu

7 days agojournal: use recognizable error code
Yu Watanabe [Thu, 25 Jun 2026 07:43:13 +0000 (16:43 +0900)] 
journal: use recognizable error code

EINVAL is too generic and widely used. Let's use more specific error code.

7 days agosd-journal: use iovec for fsprg state and friends
Yu Watanabe [Tue, 23 Jun 2026 13:15:17 +0000 (22:15 +0900)] 
sd-journal: use iovec for fsprg state and friends

This also makes them erased before freed.

7 days agojournalctl: use iovec for fsprg state and friends
Yu Watanabe [Tue, 23 Jun 2026 12:57:24 +0000 (21:57 +0900)] 
journalctl: use iovec for fsprg state and friends

This also makes them erased on exit.

7 days agoiovec-util: introduce several helper functions
Yu Watanabe [Tue, 23 Jun 2026 13:37:37 +0000 (22:37 +0900)] 
iovec-util: introduce several helper functions

7 days agojournal-importer: avoid false maybe-uninitialized warning
Yu Watanabe [Tue, 23 Jun 2026 15:32:16 +0000 (00:32 +0900)] 
journal-importer: avoid false maybe-uninitialized warning

Observerd on Ubuntu 24.04 with GCC 13 on arm64 architecture.
```
../src/shared/journal-importer.c: In function ‘journal_importer_process_data’:
../src/shared/journal-importer.c:344:30: error: ‘line’ may be used uninitialized [-Werror=maybe-uninitialized]
  344 |                         if (!journal_field_valid(line, n - 1, true)) {
      |                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/journal-importer.c:295:23: note: ‘line’ was declared here
  295 |                 char *line, *sep;
      |                       ^~~~
cc1: all warnings being treated as errors
```

7 days agoresolvectl: use more varlink (#41840)
Yu Watanabe [Sat, 27 Jun 2026 03:21:19 +0000 (12:21 +0900)] 
resolvectl: use more varlink (#41840)

There are already varlink methods for `ResolveHostname`,
`ResolveAddress`, and `ResolveRecord`. Use those in `resolvectl` instead
of the dbus equivalents.

7 days agosysupdate: Address review feedback on CheckNew varlink scaffolding
Lennart Poettering [Fri, 26 Jun 2026 15:40:20 +0000 (17:40 +0200)] 
sysupdate: Address review feedback on CheckNew varlink scaffolding

Follow-up to #42422:

 - Rename process_image() to context_process_image(), since it now
   operates on a Context object.
 - Use IN_SET() in image_type_can_sysupdate() instead of a switch.
 - Name the return parameters of context_list_components() ret_xyz, per
   our coding style.
 - Drop a redundant "else" after a return in vl_method_check_new().

7 days agoresolvectl: use varlink instead of dbus for ResolveService 41840/head
Nick Rosbrook [Fri, 19 Jun 2026 19:01:03 +0000 (15:01 -0400)] 
resolvectl: use varlink instead of dbus for ResolveService

7 days agonss-resolve: use resolve-varlink-util.h helpers
Nick Rosbrook [Fri, 19 Jun 2026 19:01:02 +0000 (15:01 -0400)] 
nss-resolve: use resolve-varlink-util.h helpers

Re-factor using the shared code introduced for resolvectl.

7 days agotest: relax grep for DNS query refusal
Nick Rosbrook [Fri, 19 Jun 2026 19:01:02 +0000 (15:01 -0400)] 
test: relax grep for DNS query refusal

The punctuation is not strictly important for the error.

7 days agoresolvectl: use varlink instead of dbus for ResolveRecord
Nick Rosbrook [Fri, 19 Jun 2026 19:01:01 +0000 (15:01 -0400)] 
resolvectl: use varlink instead of dbus for ResolveRecord

7 days agoresolvectl: use varlink instead of dbus for ResolveAddress
Nick Rosbrook [Fri, 19 Jun 2026 19:01:01 +0000 (15:01 -0400)] 
resolvectl: use varlink instead of dbus for ResolveAddress

7 days agoresolvectl: use varlink instead of dbus for ResolveHostname
Nick Rosbrook [Fri, 19 Jun 2026 19:01:00 +0000 (15:01 -0400)] 
resolvectl: use varlink instead of dbus for ResolveHostname

7 days agomkosi: add postmarketOS (#39823)
Yu Watanabe [Fri, 26 Jun 2026 18:54:39 +0000 (03:54 +0900)] 
mkosi: add postmarketOS (#39823)

7 days agosysupdate: Add a stub varlink interface and implement CheckNew (#42422)
Lennart Poettering [Fri, 26 Jun 2026 15:31:30 +0000 (17:31 +0200)] 
sysupdate: Add a stub varlink interface and implement CheckNew (#42422)

This puts the scaffolding in place for a varlink interface, but so far
it only adds a `io.systemd.Sysupdate.CheckNew()` method. Varlinkifying
the other verbs on `systemd-sysupdate` will happen in follow-up PRs, but
I thought I’d try and land this one early to:
 * Get review of the overall varlinkification scaffolding
* Lower the chance of big merge conflicts with others’ work by getting
the more invasive changes out of the way
* Get the scaffolding in place so others can start to build on it if
they wish (although I am currently working on porting the other existing
verbs)

It rearranges how the `Context` struct is allocated so that it’ll be
easier to add per-method/verb context structs which contain it in
future. It also changes all the `sysupdate.c` code to use arguments from
`Context` rather than `arg_*` globals, allowing them to be specified as
varlink parameters in future.

It also moves the existing `systemd-sysupdate.{timer,service}` units
(which periodically run `systemd-sysupdate update`) to
`systemd-sysupdate-update.{timer,service}` to clear space for a
`systemd-sysupdate@.service` and `systemd-sysupdate.socket` to act as a
varlink entry point.

/cc @AdrianVovk

7 days agohwdb: add touchpad toggle mapping for MSI Katana GF66 12UD
dirhamtriyadi [Fri, 26 Jun 2026 14:20:20 +0000 (21:20 +0700)] 
hwdb: add touchpad toggle mapping for MSI Katana GF66 12UD

7 days agoci/mkosi: add postmarketos job 39823/head
Yu Watanabe [Sun, 28 Sep 2025 08:02:19 +0000 (17:02 +0900)] 
ci/mkosi: add postmarketos job

Currently, TEST-92-TPM2-SWTPM is skipped as it requires the following:
https://github.com/systemd/systemd/pull/42760
https://gitlab.alpinelinux.org/alpine/aports/-/work_items/18293

7 days agomkosi: add postmarketos support
Yu Watanabe [Sun, 14 Sep 2025 03:16:03 +0000 (12:16 +0900)] 
mkosi: add postmarketos support

postmarketOS image can be built with for example the following mkosi.local.conf:
```
[Distribution]
Distribution=postmarketos

[Output]
Format=disk

[Build]
UseSubvolumes=yes

[Runtime]
Firmware=uefi
```

7 days agoresolve: add query string field to io.systemd.Resolve.DNSError
Nick Rosbrook [Fri, 19 Jun 2026 19:01:00 +0000 (15:01 -0400)] 
resolve: add query string field to io.systemd.Resolve.DNSError

This is preparation for using varlink methods more in resolvectl. In
particular, this is helpful for proving more accurate error messages,
and maintaining compatibility with existing error messages from the
DBus API.

7 days agojson-util: introduce json_dispatch_in_addr_data
Nick Rosbrook [Tue, 23 Jun 2026 16:02:19 +0000 (12:02 -0400)] 
json-util: introduce json_dispatch_in_addr_data

Generalize json_dispatch_address from nss-resolve, and add support for
strings to be compatible with the existing json_dispatch_{in,in6}_addr
helpers. This will be used in a later commit.

7 days agojson-util: generalize json_dispatch_address_family
Nick Rosbrook [Fri, 19 Jun 2026 19:00:59 +0000 (15:00 -0400)] 
json-util: generalize json_dispatch_address_family

There are several places where address family is dispatched from JSON,
so take json_dispatch_address_family from networkd and put it in
json-util.c.

Update the all instances in the tree to use this new function, adding
SD_JSON_RELAX to the dispatch flags if AF_UNSPEC should be allowed
in that case.

7 days agosysupdate: Fix some clang-tidy lint warnings for argument names 42422/head
Philip Withnall [Fri, 26 Jun 2026 11:07:15 +0000 (12:07 +0100)] 
sysupdate: Fix some clang-tidy lint warnings for argument names

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
7 days agotest: Test error handling for non-existent targets in sysupdate
Philip Withnall [Thu, 18 Jun 2026 12:57:35 +0000 (13:57 +0100)] 
test: Test error handling for non-existent targets in sysupdate

Primarily I want to test the new varlink error, but this will also test
the `systemd-sysupdate` CLI behaviour too.

7 days agosysupdate: Add varlink CheckNew() method
Philip Withnall [Fri, 29 May 2026 14:34:56 +0000 (15:34 +0100)] 
sysupdate: Add varlink CheckNew() method

This is the first varlink method added to sysupdate. The D-Bus interface
(via sysupdated) will remain for now; the varlink interface will exist
in parallel.

This method can be called via:
```
varlinkctl call ./path/to/systemd-sysupdate \
  io.systemd.SysUpdate.CheckNew \
  '{"target":{"class":"host"}}'
SYSTEMD_SYSUPDATE_NO_VERIFY=1 \
varlinkctl call ./path/to/systemd-sysupdate \
  io.systemd.SysUpdate.CheckNew \
  '{"target":{"class":"component","name":"some-component"}}'
```

This includes some changes to run the integration tests again using the
varlink interface rather than running `systemd-sysupdate` directly, to
test the new interface.

7 days agosysupdate: Add basic varlink interface scaffolding
Philip Withnall [Fri, 29 May 2026 12:37:16 +0000 (13:37 +0100)] 
sysupdate: Add basic varlink interface scaffolding

This adds the scaffolding for being able to call sysupdate via varlink,
but it doesn’t yet define or implement any methods. Those will come in
following commits.

The existing `systemd-sysupdate.service` and `systemd-sysupdate.timer`
(which periodically ran `systemd-sysupdate update`) have been renamed
to `systemd-sysupdate-update.{service,timer}` to make way for a new
`systemd-sysupdate@.service` and `systemd-sysupdate.socket` file to
handle varlink activation.

Compatibility symlinks have been added for them.

7 days agotest: Factor out check-new calls in sysupdate integration tests
Philip Withnall [Mon, 1 Jun 2026 12:14:29 +0000 (13:14 +0100)] 
test: Factor out check-new calls in sysupdate integration tests

This introduces no functional changes. In a following commit we’ll use
this to check for updates via varlink as well.

7 days agosd-json: Fix validation of optional fields within a mandatory struct
Philip Withnall [Thu, 4 Jun 2026 15:47:37 +0000 (16:47 +0100)] 
sd-json: Fix validation of optional fields within a mandatory struct

If a varlink method takes a struct/object as a parameter, and it’s
marked as `SD_JSON_MANDATORY`, and it has an optional field inside it
which is *not* marked as `SD_JSON_MANDATORY`, we want to not require
that field to be set.

Previously, due to using the `merged_flags` from both the mandatory
struct and the optional field, `SD_JSON_MANDATORY` was effectively
always set on the optional field even if we didn’t want it. This
resulted in an error being emitted if the mandatory struct was provided
in a varlink call, but without the optional field.

Fix that by validating the field’s presence only against its own flags
and not also the flags of its parent.

Adds a unit test to prevent regressions.

7 days agosysupdate: Factor some Target handling code out of sysupdated
Philip Withnall [Thu, 4 Jun 2026 15:06:15 +0000 (16:06 +0100)] 
sysupdate: Factor some Target handling code out of sysupdated

This will be used in upcoming commits to varlinkify `systemd-sysupdate`;
it will need a way to identify targets over varlink, and the existing
way with a `Target` over D-Bus seems to work quite well.

7 days agosysupdate: Factor out core of `components` verb
Philip Withnall [Tue, 2 Jun 2026 14:54:47 +0000 (15:54 +0100)] 
sysupdate: Factor out core of `components` verb

This will be used in the following commit to add a varlink method for
it.

This introduces no functional changes.

7 days agosysupdate: Minor fix to a cleanup function on an error path
Philip Withnall [Tue, 2 Jun 2026 11:59:04 +0000 (12:59 +0100)] 
sysupdate: Minor fix to a cleanup function on an error path

`process_image()` has historically used `umount_and_freep` to clean up
the mounted directory locally, but callers to it have used
`umount_and_rmdir_and_freep`.

No directory is created after any of the error return paths in
`process_image()`, so it should probably be using
`umount_and_rmdir_and_freep` too.

7 days agosysupdate: Move global arg_* variables into Context
Philip Withnall [Fri, 29 May 2026 13:40:08 +0000 (14:40 +0100)] 
sysupdate: Move global arg_* variables into Context

This is another step towards varlinkifying the program, as it means the
various verb implementations are no longer relying on global state from
the command line.

As part of this, move init of the `Context` struct into a new
`context_from_cmdline()` function.

Additionally pass some context into config parsing `userdata` arguments,
as various config parsers were using `arg_root` via a sneaky `extern`.

This introduces no functional changes.

7 days agoshared: Add a image_policy_copy() helper method
Philip Withnall [Fri, 29 May 2026 12:29:07 +0000 (13:29 +0100)] 
shared: Add a image_policy_copy() helper method

This will be used in an upcoming commit to move global command line
argument variables in sysupdate into its `Context` struct.

7 days agosysupdate: Change Context to be stack allocated
Philip Withnall [Fri, 29 May 2026 12:26:47 +0000 (13:26 +0100)] 
sysupdate: Change Context to be stack allocated

There’s no need for it to be heap allocated — there’s only ever one
instance of it, and it’s allocated for the lifetime of a `verb_*()`
function.

Simplify things a bit by making it stack allocated. This will also help
with upcoming commits where we introduce derived context structs to help
with varlinkifying sysupdate. By allowing `Context` to be stack
allocated we can include it in the derived context structs.

As part of this, rename `context_make_{offline,online}()` to
`context_load_{offline,online}()` for clarity (since they no longer init
the struct).

This introduces no functional changes.

7 days agosysupdate: Factor process_image() into context_make_{offline,online}()
Philip Withnall [Fri, 29 May 2026 11:59:54 +0000 (12:59 +0100)] 
sysupdate: Factor process_image() into context_make_{offline,online}()

`process_image()` is always called immediately before (almost) every
`context_make_online()` or `context_make_offline()`, and the structures
it allocates have the same lifetime as `Context`, so we might as well
factor them all together to reduce duplication.

This will also simplify the following commit, which changes heap
allocation of `Context`s, and simplify upcoming changes to factor out
`arg_*` handling.

The call in `verb_pending_or_reboot()` is safe because it already
validates that `arg_image` is `NULL`, hence `process_image()` will bail
out early.

This introduces no functional changes.

7 days agosysupdate: Factor context creation out of installdb_cleanup_component()
Philip Withnall [Tue, 23 Jun 2026 15:23:54 +0000 (16:23 +0100)] 
sysupdate: Factor context creation out of installdb_cleanup_component()

This makes it like all the other verbs and therefore easier to refactor.

At the same time, remove the separate `component` argument and instead
use the `component` set on the `Context`. This guards against bugs, as
various parts of the `Context` state depend on the component (for
example, `installdb_fd`) and overriding the component without also
overriding its dependent variables will lead to bugs.

7 days agosysupdate: Fix an early return path return value
Philip Withnall [Wed, 24 Jun 2026 12:10:35 +0000 (13:10 +0100)] 
sysupdate: Fix an early return path return value

If the FD has already been opened, return 1 as if opening was
successful, rather than returning 0 as if it gave `ENOENT`.

This fixes doing multiple installdb operations on a single `Context`.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
7 days agoman: fix first argument in Environment= expansion example
Wang Yu [Fri, 26 Jun 2026 04:07:12 +0000 (12:07 +0800)] 
man: fix first argument in Environment= expansion example

The example states that the first /bin/echo invocation (using ${ONE})
receives the argument 'one' (with literal single quotes). However,
Environment=ONE='one' strips the syntactic single quotes during
unquoting — see systemd.syntax(7), "Quotes themselves are removed" —
so ONE holds the value one, and ${ONE} (exact-value substitution,
always a single argument) yields the argument one without quotes.

Fixes #42442

Signed-off-by: Wang Yu <wangyu@uniontech.com>