From 3efb597b074f6e5293195bf598e0e22e61cab997 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 23 Mar 2024 00:49:45 +0800
Subject: [PATCH 1/4] analyze-security: use FOREACH_ARRAY

---
 src/analyze/analyze-security.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index c1b35ba852..486143b7f0 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -1756,15 +1756,14 @@ static int assess(const SecurityInfo *info,
                         (void) table_set_display(details_table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3, (size_t) 7);
         }
 
-        for (i = 0; i < ELEMENTSOF(security_assessor_table); i++) {
-                const struct security_assessor *a = security_assessor_table + i;
+        FOREACH_ARRAY(a, security_assessor_table, ELEMENTSOF(security_assessor_table)) {
                 _cleanup_free_ char *d = NULL;
                 uint64_t badness;
                 void *data;
                 uint64_t weight = access_weight(a, policy);
                 uint64_t range = access_range(a, policy);
 
-                data = (uint8_t *) info + a->offset;
+                data = (uint8_t*) info + a->offset;
 
                 if (a->default_dependencies_only && !info->default_dependencies) {
                         badness = UINT64_MAX;

From de91848c3aeb9268b5b2762d1b29a56538f0b53a Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 23 Mar 2024 00:34:53 +0800
Subject: [PATCH 2/4] analyze-dot: minor modernization

---
 src/analyze/analyze-dot.c | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/analyze/analyze-dot.c b/src/analyze/analyze-dot.c
index bf8aa8148f..abb594ad0a 100644
--- a/src/analyze/analyze-dot.c
+++ b/src/analyze/analyze-dot.c
@@ -13,14 +13,15 @@ static int graph_one_property(
                 const UnitInfo *u,
                 const char *prop,
                 const char *color,
-                char *patterns[],
-                char *from_patterns[],
-                char *to_patterns[]) {
+                char **patterns,
+                char **from_patterns,
+                char **to_patterns) {
 
         _cleanup_strv_free_ char **units = NULL;
         bool match_patterns;
         int r;
 
+        assert(bus);
         assert(u);
         assert(prop);
         assert(color);
@@ -51,7 +52,13 @@ static int graph_one_property(
         return 0;
 }
 
-static int graph_one(sd_bus *bus, const UnitInfo *u, char *patterns[], char *from_patterns[], char *to_patterns[]) {
+static int graph_one(
+                sd_bus *bus,
+                const UnitInfo *u,
+                char **patterns,
+                char **from_patterns,
+                char **to_patterns) {
+
         int r;
 
         assert(bus);
@@ -67,12 +74,15 @@ static int graph_one(sd_bus *bus, const UnitInfo *u, char *patterns[], char *fro
                 r = graph_one_property(bus, u, "Requires", "black", patterns, from_patterns, to_patterns);
                 if (r < 0)
                         return r;
+
                 r = graph_one_property(bus, u, "Requisite", "darkblue", patterns, from_patterns, to_patterns);
                 if (r < 0)
                         return r;
+
                 r = graph_one_property(bus, u, "Wants", "grey66", patterns, from_patterns, to_patterns);
                 if (r < 0)
                         return r;
+
                 r = graph_one_property(bus, u, "Conflicts", "red", patterns, from_patterns, to_patterns);
                 if (r < 0)
                         return r;
@@ -85,6 +95,9 @@ static int expand_patterns(sd_bus *bus, char **patterns, char ***ret) {
         _cleanup_strv_free_ char **expanded_patterns = NULL;
         int r;
 
+        assert(bus);
+        assert(ret);
+
         STRV_FOREACH(pattern, patterns) {
                 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
                 _cleanup_free_ char *unit = NULL, *unit_id = NULL;
@@ -110,10 +123,9 @@ static int expand_patterns(sd_bus *bus, char **patterns, char ***ret) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to get ID: %s", bus_error_message(&error, r));
 
-                if (!streq(*pattern, unit_id)) {
+                if (!streq(*pattern, unit_id))
                         if (strv_extend(&expanded_patterns, unit_id) < 0)
                                 return log_oom();
-                }
         }
 
         *ret = TAKE_PTR(expanded_patterns); /* do not free */
@@ -128,8 +140,8 @@ int verb_dot(int argc, char *argv[], void *userdata) {
         _cleanup_strv_free_ char **expanded_patterns = NULL;
         _cleanup_strv_free_ char **expanded_from_patterns = NULL;
         _cleanup_strv_free_ char **expanded_to_patterns = NULL;
-        int r;
         UnitInfo u;
+        int r;
 
         r = acquire_bus(&bus, NULL);
         if (r < 0)

From 147e7b44467f4deb2216ab7b1c1e2b89fa544d50 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 23 Mar 2024 03:18:42 +0800
Subject: [PATCH 3/4] analyze-dot: also show BindsTo= in --require

---
 man/systemd-analyze.xml   | 16 ++++++----------
 src/analyze/analyze-dot.c |  5 +++++
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 639a7231cb..ca108c5cf9 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -1018,16 +1018,12 @@ x86-64      native</programlisting>
         <term><option>--order</option></term>
         <term><option>--require</option></term>
 
-        <listitem><para>When used in conjunction with the
-        <command>dot</command> command (see above), selects which
-        dependencies are shown in the dependency graph. If
-        <option>--order</option> is passed, only dependencies of type
-        <varname>After=</varname> or <varname>Before=</varname> are
-        shown. If <option>--require</option> is passed, only
-        dependencies of type <varname>Requires=</varname>,
-        <varname>Requisite=</varname>,
-        <varname>Wants=</varname> and <varname>Conflicts=</varname>
-        are shown. If neither is passed, this shows dependencies of
+        <listitem><para>When used in conjunction with the <command>dot</command> command (see above),
+        selects which dependencies are shown in the dependency graph. If <option>--order</option> is passed,
+        only dependencies of type <varname>After=</varname> or <varname>Before=</varname> are shown.
+        If <option>--require</option> is passed, only dependencies of type <varname>Requires=</varname>,
+        <varname>Requisite=</varname>, <varname>BindsTo=</varname>, <varname>Wants=</varname>, and
+        <varname>Conflicts=</varname> are shown. If neither is passed, this shows dependencies of
         all these types.</para>
 
         <xi:include href="version-info.xml" xpointer="v198"/></listitem>
diff --git a/src/analyze/analyze-dot.c b/src/analyze/analyze-dot.c
index abb594ad0a..9e92d59bce 100644
--- a/src/analyze/analyze-dot.c
+++ b/src/analyze/analyze-dot.c
@@ -79,6 +79,10 @@ static int graph_one(
                 if (r < 0)
                         return r;
 
+                r = graph_one_property(bus, u, "BindsTo", "gold", patterns, from_patterns, to_patterns);
+                if (r < 0)
+                        return r;
+
                 r = graph_one_property(bus, u, "Wants", "grey66", patterns, from_patterns, to_patterns);
                 if (r < 0)
                         return r;
@@ -182,6 +186,7 @@ int verb_dot(int argc, char *argv[], void *userdata) {
 
         log_info("   Color legend: black     = Requires\n"
                  "                 dark blue = Requisite\n"
+                 "                 gold      = BindsTo\n"
                  "                 dark grey = Wants\n"
                  "                 red       = Conflicts\n"
                  "                 green     = After\n");

From ac97053618387ca1fa0d378cde7957aab8f0476c Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 23 Mar 2024 00:35:09 +0800
Subject: [PATCH 4/4] analyze: refuse --global dot/verify

I don't quite understand the rationale of making these
verbs work with --global back in the day. But realistically
they interact with/spawn manager, while there's no
--global runtime scope manager. And to verify/inspect user
units it's sufficient to just use --user.

Fixes #31911
---
 src/analyze/analyze.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index b449e538f3..cf4894a9d3 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -572,10 +572,9 @@ static int parse_argv(int argc, char *argv[]) {
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Option --threshold= is only supported for security right now.");
 
-        if (arg_runtime_scope == RUNTIME_SCOPE_GLOBAL &&
-            !STR_IN_SET(argv[optind] ?: "time", "dot", "unit-paths", "verify"))
+        if (arg_runtime_scope == RUNTIME_SCOPE_GLOBAL && !streq_ptr(argv[optind], "unit-paths"))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Option --global only makes sense with verbs dot, unit-paths, verify.");
+                                       "Option --global only makes sense with verb unit-paths.");
 
         if (streq_ptr(argv[optind], "cat-config") && arg_runtime_scope == RUNTIME_SCOPE_USER)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),