Dylan M. Taylor [Fri, 6 Mar 2026 12:27:10 +0000 (07:27 -0500)]
time-util: extract parse_calendar_date() from sysupdate
Move the YYYY-MM-DD date parsing and validation logic from
sysupdate-resource.c into a shared parse_calendar_date() function
in time-util, so it can be reused by other subsystems.
Daan De Meyer [Wed, 18 Mar 2026 11:55:45 +0000 (12:55 +0100)]
ci: Stop using subagents in claude-review workflow
As it seems impossible to prevent claude from receiving notifications
about subagents finishing after it has produced structured output, which
breaks the structured output as it has to be the final reply, let's stop
using subagents and background tasks completely to avoid the issue.
Vitaly Kuznetsov [Fri, 13 Mar 2026 12:02:51 +0000 (13:02 +0100)]
measure: make tpm_log_tagged_event() measure CC as well
tpm_log_tagged_event() only measures the event to the TPM while
tpm_log_ipl_event() measures the event both to the TPM and CC. Fix the
inconsistency.
Note, this is a potentially breaking change for TDX guests as systemd will
now measure more stuff to the MRTD/RTMRs, reference values for attestation may
need to be adjusted.
Luca Boccassi [Wed, 18 Mar 2026 12:33:58 +0000 (12:33 +0000)]
sd-dlopen: make macros to generate .notes.dlopen sections public API (#41047)
If this new scheme of adding dependencies is supposed to be used more
widely we need to start making it easy to add them. So add a new
self-contained header that projects can simply include without the need
to link against libsystemd itself. This will allow them to generate
`.notes.dlopen` sections:
```
> readelf -p .note.dlopen ./l2md
String dump of section '.note.dlopen':
[ a] |@FDO
[ 10] [{"feature":"manifest-json","description":"Manifest-based change detection via gzip and JSON parsing","priority":"suggested","soname":["libz.so.1","libsystemd.so.0"]}]
[ c2] |@FDO
[ c8] [{"feature":"manifest-http","description":"HTTP transport for lore.kernel.org manifest fetch","priority":"suggested","soname":["libcurl.so.4"]}]
```
ansi-color: fix SYSTEMD_COLORS=true regression when output is piped
The SYSTEMD_COLORS=true/1/yes no longer forced colors
when stdout was not a TTY (e.g. piped), because the COLOR_TRUE bypass
of the terminal_is_dumb() check was accidentally dropped.
Restore the old behavior by guarding the TTY check with
`m != COLOR_TRUE`, so an explicit boolean "true" value continues to
unconditionally force color output regardless of whether stdout is a TTY
or whether $NO_COLOR is set.
Daan De Meyer [Wed, 18 Mar 2026 10:46:01 +0000 (11:46 +0100)]
ci: Bump number of turns for claude and mention turns in prompt
claude keeps failing by its subagents completing after it has already
written the review for large prs. It seems to run out of turns, tries
to get the subagents to post partial reviews but doesn't seem to stop
them.
Let's insist that it waits for background tasks to stop but let's also
increase the max turns a bit so it doesn't run out as quickly.
Daan De Meyer [Wed, 18 Mar 2026 10:28:55 +0000 (11:28 +0100)]
ci: Enable network isolation for claude and allow most tools
claude wants to use python to access the JSON context so let's allow
it. Since python3 basically allows you to reimplement every other tool,
let's just enable all tools except the web related ones but enable network
isolation so it can't try to exfiltrate anything via python.
repart: add --grain-size= option for partition alignment
Add a --grain-size= CLI option to override the default 4 KiB partition
alignment grain. Setting --grain-size=1M matches the alignment used by
fdisk/parted and fixes misaligned partitions after small fixed-size
partitions like the 16 KiB verity-sig partition.
Also fix context_place_partitions() to re-align the start offset after
each partition, not just once per free area. Without this, a small
partition would cause all subsequent partitions in the same free area
to start at an unaligned offset.
ci: reeanble compilation test with clang -O2, disable -Wmaybe-uninitialized for old gcc
In CI we get spurious failures about unitialized variables with gcc
versions older then (depending on the case) 12, 13, or 14. Let's only
try to do this check with newer gcc which returns more useful results.
At the same time, do compile with both gcc and clang at -O2, just
disable the warning.
The old logic seems to have been confused. We compile with -Wall, at
least in some cases, which includes -Wmaybe-unitialized. So if we
_don't_ want it, we need to explicitly disable it.
tree-wide: extend verbs functions with extra per-verb data parameter
We often have a pattern where the same verb function is used for
multiple actions. This leads to an antipattern where we figure out what
action needs to be taken from argv[0] multiple times: often once in
parse_argv() to figure out what options are allowed, then once again
implicitly in dispatch_verb(), and then again in the action verb itself.
Let's allow passing a parameter into the verb to simplify this.
This matches a pattern we have in conf-parser.h, where we have both
void *userdata (more global) and void *data (per-config item). Here,
I opted for uintptr_t userdata. It seems that most of the time we'll
want to just pass an enum value. This works OK with no casts. I also
tried a void* and union. In both cases, much more boilerplate is needed:
either a cast or a macro to help avoid compiler warnings. uintptr_t
seems generic enough to cover foreseeable usecases with no fuss.
This is a noop refactoring. See next commit for an example.
This series of renaming patches has a few overlapping motivations:
- when functions are named uniformly, it code is more obvious
- I want to add a parameter to all verb functions
- in #40880 uniform naming of verb functions will be necessary too.
So let's do this cleanup. Some tools had a mix of functions w/ and
w/o "verb_", which looked messy.
Relicense sd-dlopen.h from LGPL-2.1-or-later to MIT-0 so that
downstream projects can copy/paste the macros directly without
introducing a build dependency on the systemd headers.
Acked-by: Lennart Poettering <lennart@amutable.com> Acked-by: Luca Boccassi <luca.boccassi@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org>
man: add sd-dlopen(3) and SD_ELF_NOTE_DLOPEN(3) man pages
Document the new public sd-dlopen.h header and SD_ELF_NOTE_DLOPEN()
macro with associated constants. Includes usage examples for single
and multiple soname annotations.
Signed-off-by: Christian Brauner <brauner@kernel.org>
dlfcn-util: migrate to public SD_ELF_NOTE_DLOPEN() API
Switch all internal callers from the private ELF_NOTE_DLOPEN() macro to
the new public SD_ELF_NOTE_DLOPEN() API from sd-dlopen.h, and remove
the now-redundant macro definitions from dlfcn-util.h.
Signed-off-by: Christian Brauner <brauner@kernel.org>
sd-dlopen: add header-only public API for FDO .note.dlopen ELF metadata
Expose ELF note dlopen annotation macros as a public header-only API in
sd-dlopen.h. This allows any project to embed .note.dlopen metadata in
their ELF binaries by simply including the header - no runtime linkage
against libsystemd is required.
The header provides SD_ELF_NOTE_DLOPEN() and associated macros/constants
implementing the ELF dlopen metadata specification for declaring optional
shared library dependencies loaded via dlopen() at runtime.
Signed-off-by: Christian Brauner <brauner@kernel.org>
noxiouz [Fri, 13 Mar 2026 00:36:08 +0000 (00:36 +0000)]
coredump: capture crashing thread ID and name
Add %I (TID in initial PID namespace) to the core_pattern, so the
kernel passes the crashing thread's TID to systemd-coredump. Use it
to read the thread's comm name from /proc/<tid>/comm and log both as
new journal fields:
COREDUMP_TID= — TID of the crashing thread
COREDUMP_THREAD_NAME= — comm name of the crashing thread
These fields are also stored as xattrs on external coredump files
(user.coredump.tid, user.coredump.thread_name) and displayed by
coredumpctl info alongside the PID line.
For single-threaded processes the TID equals the PID and thread_name
equals comm; for multi-threaded programs with named worker threads
(pthread_setname_np / PR_SET_NAME) this identifies which thread
crashed without needing to open the coredump file itself.
The new fields are optional in the socket forwarding path, so older
systemd-coredump senders are handled gracefully.
find-esp: introduce _full() flavour of ESP/XBOOTLDR discovery functions
These functions take so many return paramaters, and in many of our cases
we don't actually needt them. Hence introduce _full() flavours of the
funcs, and hide the params by default.
Daan De Meyer [Wed, 18 Mar 2026 07:59:48 +0000 (08:59 +0100)]
ci: Enable users without write action to the repo to access claude review
The labelling approach introduced in 6089075265765b43e6666e4d5978292a32501496
means contributors can now trigger the workflow on their own when the label
is added by a maintainer and they update the PR. Hence we need to allow all
users to access the claude code action. This is safe because we already gate
the workflow ourselves to only the contributors that we want to allow.
Additionally, the claude code job has no permissions anymore except read access
to the repository and can execute very limited tools, so this should be safe.
Daan De Meyer [Wed, 18 Mar 2026 08:11:09 +0000 (09:11 +0100)]
ci: Fix artifact name in claude-review workflow
The name doesn't actually matter, it gets replaced with the name
of the file when not archiving. So stop passing a name and pass in
the filename as the name when downloading the artifact.
Daan De Meyer [Tue, 17 Mar 2026 21:14:15 +0000 (22:14 +0100)]
ci: Fetch context for claude-review job in setup job
Rather than have claude fetch the context itself, let's fetch the
context for it in the setup job. This has the following advantages:
- We can reduce the permissions granted to the claude job
- claude has less opportunity to mess up trying to fetch the context
itself. Specifically, it keeps spawsning a background task to fetch
the PR branch which messes up the structured output at the end, causing
the review job to fail. By pre-fetching the context it won't have to
spawn the background task. Additionally, we limit the git commands it
can execute to local ones to ensure it doesn't try to fetch the PR branch.
Finally, we fetch the branch ourselves as pr-review so claude can look at it
to review the PR.
huchangzai [Tue, 17 Mar 2026 02:01:42 +0000 (10:01 +0800)]
hwdb: fix ABS_PRESSURE axis range for Goodix GXTP5100 touchpad
The Goodix GXTP5100 touchpad (HID bus 0x0018, vendor 0x27C6, product
0x01E9), found in the Lenovo ThinkBook 16 G7+ IAH and ThinkPad X9 15
Gen 1, has a kernel driver bug where ABS_PRESSURE (axis 24 / 0x18) is
reported with min=0, max=0.
This invalid axis range causes libinput to reject the device with:
"kernel bug: ABS_PRESSURE has min == max (both 0)"
The touchpad hardware itself is functional and reports valid ranges for
all other axes:
ABS_X: min=0, max=4149, resolution=31
ABS_Y: min=0, max=2147, resolution=27
ABS_MT_POSITION_X/Y: valid ranges
Root cause: the kernel hid-multitouch driver applies a "GT7868Q report
descriptor fixup" to this device (the HID descriptor is malformed and
fails hid-generic probe with EINVAL). The fixup corrects most axes but
leaves ABS_PRESSURE with an invalid 0:0 range.
This hwdb entry overrides ABS_PRESSURE to a valid 0:255 range, allowing
libinput to accept and initialize the device.
Daan De Meyer [Tue, 17 Mar 2026 18:47:35 +0000 (19:47 +0100)]
ci: Allow attaching claude-review label to PRs for automatic review
- If a pr is labeled with claude-review, review it immediately
- If a pr labeled with claude-review is updated, review it regardless
of the author
- If a pr is opened by a maintainer, review it and add the claude-review
label. If the claude-review label is later removed, the pr won't be
auto-reviewed anymore.
Daan De Meyer [Tue, 17 Mar 2026 18:46:31 +0000 (19:46 +0100)]
ci: Fix allowed tools in claude-review
Bash(gh:api *) wasn't actually working. Turns out the colon syntax
is deprecated and unnecessary. Let's stop using it which also fixes
the bug so that gh api calls are allowed now.
Daan De Meyer [Mon, 16 Mar 2026 19:44:28 +0000 (20:44 +0100)]
ci: Add automatic review thread resolution to claude-review workflow
Claude now identifies which existing review comment threads should be
resolved (because the issue was addressed or someone disagreed) and
returns their REST API IDs in a new `resolve` array in the structured
output. The post job uses GraphQL to map comment IDs to threads and
resolve them.
Also switches all GitHub data fetching from MCP tools to `gh api` calls,
since the MCP tool strips comment IDs during its GraphQL-to-minimal
conversion and cannot be used for thread resolution.
The thread resolution GraphQL pagination is wrapped in a try/catch so
that a failure to fetch threads degrades gracefully instead of aborting
the entire post job. Unmatched comment IDs are logged for debuggability.
Adds explicit instructions to complete all data fetching before starting
review and to cancel background tasks before returning structured output,
working around a claude-code-action issue where a late-completing
background task triggers a new conversation turn that overwrites the
structured JSON result.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Daan De Meyer [Mon, 16 Mar 2026 14:33:11 +0000 (15:33 +0100)]
ci: Review PRs per-commit and attach comments to correct commits
Switch claude-review from reviewing the entire PR diff at once to
reviewing each commit individually via subagents. Each commit review
subagent receives the PR context, preceding commit diffs, and its own
commit diff, then returns comments tagged with the commit SHA. This
ensures review comments are attached to the correct commit via the
GitHub API rather than all pointing at HEAD.
Also add Bash(gh:*) to allowed tools so subagents can fetch per-commit
diffs via `gh api` without needing local git objects, and remove CI
analysis (needs to be delayed until CI finishes to be useful).
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
Daan De Meyer [Mon, 16 Mar 2026 12:49:31 +0000 (13:49 +0100)]
ci: Fix several issues in claude-review workflow
Address feedback from facebook/bpfilter#472:
- Fix setFailed error message counting file-level comments (without
line numbers) that are intentionally skipped, use inlineComments.length
instead of comments.length
- Fix double severity prefix in inline comments: the prompt told Claude
to prefix body with **must-fix**/etc but the post job also prepended
"Claude: ", producing "Claude: **must-fix**: ...". Now the prompt says
not to prefix and the post job adds "Claude **severity**: " using the
structured severity field
- Move error tracking instructions to a top-level section after all phases
so they apply to all runs, not just the first run
- Clarify that line is optional: use "should be" instead of "must be"
and document that omitting line still surfaces the comment in the
tracking comment summary
- Distinguish cancelled vs failed in tracking comment message
- Add side: "RIGHT" and subject_type: "line" to createReviewComment
per GitHub API recommendations
- Downgrade partial inline comment posting failures to warnings; only
fail the job when no comments at all could be posted
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
ci: Fix several robustness issues in claude-review workflow (#41115)
- Use github.paginate() for listComments to handle PRs with 100+
comments
- Make line optional in review schema to allow file-level comments
- Skip createReviewComment for comments without a line number
- Fix failed count to exclude skipped file-level comments
- Pass review result via env var instead of expression injection
- Use core.warning() instead of console.log() for JSON parse failures
- Fix MARKER insertion for single-line summaries that have no newline
- Require "@claude review" instead of just "@claude" to trigger
Daan De Meyer [Sun, 15 Mar 2026 20:53:01 +0000 (21:53 +0100)]
ci: Fix several robustness issues in claude-review workflow
- Use github.paginate() for listComments to handle PRs with 100+ comments
- Make line optional in review schema to allow file-level comments
- Skip createReviewComment for comments without a line number
- Fix failed count to exclude skipped file-level comments
- Pass review result via env var instead of expression injection
- Use core.warning() instead of console.log() for JSON parse failures
- Fix MARKER insertion for single-line summaries that have no newline
- Require "@claude review" instead of just "@claude" to trigger
Frantisek Sumsal [Fri, 13 Mar 2026 16:09:40 +0000 (17:09 +0100)]
coccinelle: simplify file exclusions
Use Coccinelle's "depends on" directive to exclude files from certain
transformations. This should make them a bit simpler and possibly
faster, since we don't have to shell out to Python.
Unfortunately, this works only for file/directory exclusions. For
function and other more complex exclusions we still need to use Python,
at least for now.
Also, completely drop the file exclusion for man/ in the xsprintf
transformation, since we filter out everything under man/ before we even
run Coccinelle (in run-coccinelle.sh).
Luca Boccassi [Fri, 13 Mar 2026 11:10:47 +0000 (11:10 +0000)]
udev: fix review mixup
The previous version in the PR changed variable and sanitized it
in place. The second version switched to skip if CCs are in the
string instead, but didn't move back to the original variable.
Because it's an existing variable, no CI caught it.
Michael Vogt [Fri, 13 Mar 2026 10:33:25 +0000 (11:33 +0100)]
boot: check that `ret_version` is valid in tpm_log_tagged_event
In a project I'm working on I recently observed a boot failure
with the most recent version of systemd. It seems it is triggered
by bb19b61049 which fixed a bug that now leads to the function
being excuted differently. The code is missing a check if
`*ret_version` is actually valid in the `ret_measured = true`
case.
test-network: handle the case where dnsmasq is slow to start better
> read_dnsmasq_log_file() will raise FileNotFoundError if dnsmasq hasn’t created the
> log file yet (or if the file was just removed by stop_dnsmasq() before the restart).
> This would error the test instead of retrying.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
projects / thirdparty / systemd.git / log
