morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
83,364 Commits 1 Branch 0 Tags
b15ff659b49eef0d256ac901af625f72febcaee3
Commit Graph

83364 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Bruy
b15ff659b4 hwdb: map FN key on TongFang X4SP4NAL laptops 2025-08-19 13:05:56 +01:00
Luca Boccassi
b1cd38e893 test: also edit /etc/os-release if it's not a symlink when patching /usr/lib/os-release (#38628) 
mkosi patches up /etc/os-release to add local IDs and fixup certain
issues, so when tests patch /usr/lib/ on the fly, copy to the version in
/etc/ too to avoid test failures when querying

6370s 10/98 systemd:integration-tests / TEST-07-PID1 FAIL 31.03s exit
status 1
6370s 25/98 systemd:integration-tests / TEST-29-PORTABLE FAIL 12.76s
exit status 1
6370s 33/98 systemd:integration-tests / TEST-43-PRIVATEUSER-UNPRIV FAIL
6.57s exit status 1
6370s 37/98 systemd:integration-tests / TEST-50-DISSECT FAIL 16.97s exit
status 1

This is particularly an issue when running these tests on debian unstable,
where mkosi has to fixup os-release to make it valid and avoid further
breakages:

https://github.com/systemd/mkosi/blob/main/mkosi/distributions/debian.py#L234
 2025-08-19 12:32:00 +01:00
Lennart Poettering
265386ba35 importd: accept a single space as SHA256SUMS separator 
The SHA256SUMS files provided by https://images.linuxcontainers.org/
are slightly non-conforming, insted of using " *" or "  " as separator
between hash and file name they use " ". Let's accept that too, in the
interest of maximizing compatibility.
 2025-08-19 11:49:19 +01:00
Lennart Poettering
de9e6428b5 mountfsd: include polkit allowInteractiveAuthorization field in IDL 
Otherwise this option can never be actually used, as the IDL checker
will refuse any attempts to pass it.

Follow-up for: 0261fe571b
 2025-08-19 11:48:14 +01:00
Lennart Poettering
a294cc182d dissect-image: fix two log messages in mountfsd_mount_directory_fd() 
Let's fix some copypasta and make the log messages actually match what
they are about.
 2025-08-19 11:47:49 +01:00
Américo Monteiro
16758c2650 po: Translated using Weblate (Portuguese) 
Currently translated at 100.0% (264 of 264 strings)

Co-authored-by: Américo Monteiro <a_monteiro@gmx.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pt/
Translation: systemd/main
 2025-08-19 17:20:42 +09:00
Fco. Javier F. Serrador
e5487d1742 po: Translated using Weblate (Spanish) 
Currently translated at 100.0% (264 of 264 strings)

Co-authored-by: Fco. Javier F. Serrador <fserrador@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/es/
Translation: systemd/main
 2025-08-19 17:20:42 +09:00
Li Tian
776991a3f3 ukify: rstrip and escape binary null characters from 'inspect' output (#38607) 
SBAT section of UKI may contain \u000 null characters. Rstrip them, and if there's anything left in the middle,
escape them so they are displayed as text.

Fixes #38606
 2025-08-18 22:43:41 +01:00
Lennart Poettering
c24f405ace tree-wide: don't play games with alignment around file_handle 
The payload of a file_handle structure is not 64bit aligned. So far used
_alignas_() to align it to 64bit as a whole, which by accident has the
side-effect that the payload ends up being aligned to 64bit too, but
this is ugly, because it's really just an accident...

Let's do this properly, and just use proper unaligned 64bit reads to
access the field, and do not assume aligning the structure as a whole
also aligns the payload part of it.

Follow-up for: fd51a7d8b5
 2025-08-18 21:50:55 +09:00
Yu Watanabe
73c4350fda ptyfwd: do not try to read from PTYForward.input_fd when read-only mode 
Fixes the following error message (the last line):
```
[FAILED] Failed to start TEST-60-MOUNT-RATELIMIT.service.
Sending SIGTERM to remaining processes...
Sending SIGKILL to remaining processes...
All filesystems, swaps, loop devices, MD devices and DM devices detached.
Exiting container.
Failed to read from pty input fd: Bad file descriptor
```

Follow-up for b823809bca and
cf89e48028.
 2025-08-18 13:05:12 +01:00
Lennart Poettering
b5be05a106 cryptsetup: reference right variable 
Fixes: #38576
 2025-08-18 13:03:18 +01:00
Antonio Alvarez Feijoo
a83ba27b89 test-nss-hosts: do not call seccomp functions if HAVE_SECCOMP is not set 
Otherwise, the build fails:

```
  Features
...
    disabled                                 : ACL, SECCOMP, ...
...
[1592/2115] Compiling C object test-nss-hosts.p/src_test_test-nss-hosts.c.o
FAILED: test-nss-hosts.p/src_test_test-nss-hosts.c.o
...
In file included from ../src/test/test-nss-hosts.c:27:
../src/test/test-nss-hosts.c: In function ‘run’:
../src/test/test-nss-hosts.c:497:43: error: implicit declaration of function ‘seccomp_filter_set_add_by_name’ [-Werror=implicit-function-declaration]
  497 |                                 ASSERT_OK(seccomp_filter_set_add_by_name(filter, /* add = */ true, s));
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:497:43: warning: nested extern declaration of ‘seccomp_filter_set_add_by_name’ [-Wnested-externs]
  497 |                                 ASSERT_OK(seccomp_filter_set_add_by_name(filter, /* add = */ true, s));
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:498:35: error: implicit declaration of function ‘seccomp_load_syscall_filter_set_raw’ [-Werror=implicit-function-declaration]
  498 |                         ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), /* log_missing = */ true));
      |                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:498:35: warning: nested extern declaration of ‘seccomp_load_syscall_filter_set_raw’ [-Wnested-externs]
  498 |                         ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), /* log_missing = */ true));
      |                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:498:71: error: ‘SCMP_ACT_ALLOW’ undeclared (first use in this function)
  498 |                         ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), /* log_missing = */ true));
      |                                                                       ^~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:498:71: note: each undeclared identifier is reported only once for each function it appears in
  498 |                         ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), /* log_missing = */ true));
      |                                                                       ^~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:498:95: error: implicit declaration of function ‘SCMP_ACT_ERRNO’ [-Werror=implicit-function-declaration]
  498 |                         ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), /* log_missing = */ true));
      |                                                                                               ^~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
../src/test/test-nss-hosts.c:498:95: warning: nested extern declaration of ‘SCMP_ACT_ERRNO’ [-Wnested-externs]
  498 |                         ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), /* log_missing = */ true));
      |                                                                                               ^~~~~~~~~~~~~~
../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’
  181 |                 typeof(expr) _result = (expr);                                                                  \
      |                        ^~~~
cc1: some warnings being treated as errors
```

Fixes 788b3e030e
 2025-08-18 13:02:21 +01:00
Luca Boccassi
d9c23bcfc4 vmspawn: fix --smbios 
The file used to pass credentials gets created and then immediately deleted:

$ systemd-vmspawn -i image.raw -s "io.systemd.credential.binary:tty.serial.hvc0.agetty.autologin=cm9vdA=="
░ Spawning VM opensuse-2025081621.1 on /tmp/image.raw.
░ Press Ctrl-] three times within 1s to kill VM.
Not overwriting existing state file.
Listening on /run/user/1000/systemd/vmspawn.1c00857c6a3dc2c7/tpm.sock as 3.
qemu-system-x86_64: -smbios type=11,path=/var/tmp/vmspawn-smbios-Hizb4A/.#smbios11e5a842e77d7b4b68: Could not open '/var/tmp/vmspawn-smbios-Hizb4A/.#smbios11e5a842e77d7b4b68': No such file or directory

Follow-up for a79e94aa58
 2025-08-18 15:37:43 +09:00
Salim B
d92990c783 docs: fix typo 2025-08-18 04:43:44 +09:00
Rostislav Lastochkin
e196be154e hwdb: Add Accelerometer mount matrix for Irbis TW43 2025-08-18 01:56:34 +09:00
Yu Watanabe
d1e0f603d1 README: drop one FIXME comment 
Most compat glue has been already removed, except for several cgroup v1
specific codes. It is too late to remove the remaining things before v258.
Let's remove them after v258.
 2025-08-18 01:17:53 +09:00
Yu Watanabe
fb4aabf443 cryptsetup: HAVE_CRYPT_SET_KEYRING_TO_LINK is always defined 
Follow-up for c5daf14c88 (v256).
 2025-08-17 15:39:43 +01:00
Yu Watanabe
04ade57a42 TEST-17-UDEV: rotate journal after pending journal entries in buffer before flushed 
Then, expected journal entries should be in the archived journal, hence
hopefully we can safely get them.

Follow-up for 5e4115e59e.
 2025-08-17 11:16:57 +01:00
Luca Boccassi
c1c931307e core: fix crash on audit callback 
When check_access() was added, the callback data parameter
was changed from a pointer to a double pointer, resulting
in a crash when it is accessed when logging an error:

 #0  __internal_syscall_cancel (a1=a1@entry=0, a2=a2@entry=0,
a3=a3@entry=140726176497168, a4=a4@entry=4, a5=a5@entry=0,
a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:44
 #1  0x00007f5d0ec996ad in __syscall_cancel (a1=a1@entry=0,
a2=a2@entry=0, a3=a3@entry=140726176497168, a4=a4@entry=4,
a5=a5@entry=0, a6=a6@entry=0, nr=247) at ./nptl/cancellation.c:75
 #2  0x00007f5d0ed047ab in __waitid (idtype=idtype@entry=P_ALL,
id=id@entry=0, infop=infop@entry=0x7ffd5dc2be10,
options=options@entry=4) at ../sysdeps/unix/sysv/linux/waitid.c:29
 #3  0x00007f5d0f044412 in freeze () at ../src/basic/process-util.c:2039
 #4  0x00005568f181bc2a in freeze_or_exit_or_reboot () at
../src/core/crash-handler.c:55
 #5  0x00005568f181be82 in crash (sig=<optimized out>, siginfo=<optimized
out>, context=<optimized out>) at ../src/core/crash-handler.c:184
 #6  <signal handler called>
 #7  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
 #8  0x00007f5d0ec6e300 in __printf_buffer (buf=buf@entry=0x7ffd5dc2ca90,
format=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m",
ap=0x7ffd5dc2d3d0, mode_flags=2) at
./stdio-common/vfprintf-process-arg.c:435
 #9  0x00007f5d0ec91daf in __vsnprintf_internal
(string=string@entry=0x7ffd5dc2cb70 "", maxlen=maxlen@entry=2048,
format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials:
%m", args=args@entry=0x7ffd5dc2d3d0, mode_flags=mode_flags@entry=2)
    at ./libio/vsnprintf.c:96
 #10 0x00007f5d0ed27044 in ___vsnprintf_chk (s=s@entry=0x7ffd5dc2cb70 "",
maxlen=maxlen@entry=2048, flag=flag@entry=1, slen=slen@entry=2048,
format=format@entry=0x7f5d0f196e60 "%s: Failed to acquire credentials:
%m", ap=ap@entry=0x7ffd5dc2d3d0)
    at ./debug/vsnprintf_chk.c:34
 #11 0x00007f5d0f02de59 in vsnprintf (__s=0x7ffd5dc2cb70 "", __n=2048,
__fmt=0x7f5d0f196e60 "%s: Failed to acquire credentials: %m",
__ap=0x7ffd5dc2d3d0) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:100
 #12 log_internalv (level=7, error=-9, file=0x7f5d0f196643
"src/libsystemd/sd-varlink/sd-varlink.c", line=2853, func=0x7f5d0f1d5ca0
<__func__.62> "sd_varlink_get_peer_uid", format=0x7f5d0f196e60 "%s:
Failed to acquire credentials: %m",
    ap=0x7ffd5dc2d3d0) at ../src/basic/log.c:865
 #13 0x00007f5d0f02ded5 in log_internalv (level=<optimized out>,
error=<optimized out>, file=<optimized out>, line=<optimized out>,
func=<optimized out>, format=<optimized out>, ap=0x7ffd5dc2d3d0) at
../src/basic/log.c:868
 #14 0x00007f5d0f02df67 in log_internal (level=<optimized out>,
error=<optimized out>, file=<optimized out>, line=<optimized out>,
func=<optimized out>, format=<optimized out>) at ../src/basic/log.c:882
 #15 0x00007f5d0f10a135 in sd_varlink_get_peer_uid (v=0x7f5d0f5ab110
<__func__.44>, ret=ret@entry=0x7ffd5dc2d4f0) at
../src/libsystemd/sd-varlink/sd-varlink.c:2853
 #16 0x00007f5d0f50c29e in audit_callback (auditdata=0x7ffd5dc2d698,
cls=<optimized out>, msgbuf=0x55692366e77d "", msgbufsize=995) at
../src/core/selinux-access.c:65
 #17 0x00007f5d0f716079 in avc_suppl_audit (ptr=0x7ffd5dc2d698, class=95,
buf=<optimized out>, len=<optimized out>) at ./src/avc_internal.h:101
 #18 avc_audit (ssid=0x5569237f2890, tsid=0x556922d7f4b0,
tclass=<optimized out>, requested=<optimized out>, avd=<optimized out>,
result=0, a=0x7ffd5dc2d698) at ./src/avc.c:721
 #19 0x00007f5d0f716367 in avc_has_perm (ssid=0x5569237f2890,
tsid=0x556922d7f4b0, tclass=tclass@entry=95, requested=4,
aeref=aeref@entry=0x0, auditdata=auditdata@entry=0x7ffd5dc2d698) at
./src/avc.c:836
 #20 0x00007f5d0f718b0a in selinux_check_access
(scon=scon@entry=0x55692384cbc0 "system_u:system_r:policykit_t:s0",
tcon=tcon@entry=0x556922c98a20
"system_u:object_r:systemd_networkd_unit_t:s0",
class=class@entry=0x7f5d0f580b9e "service",
    perm=perm@entry=0x7f5d0f580cc0 "status",
aux=aux@entry=0x7ffd5dc2d698) at ./src/checkAccess.c:64
 #21 0x00007f5d0f50bf7e in check_access (scon=0x55692384cbc0
"system_u:system_r:policykit_t:s0", tcon=0x556922c98a20
"system_u:object_r:systemd_networkd_unit_t:s0", tclass=0x7f5d0f580b9e
"service", permission=permission@entry=0x7f5d0f580cc0 "status",
    audit_info=<optimized out>, audit_info@entry=0x7ffd5dc2d720,
error=error@entry=0x7ffd5dc2d880) at ../src/core/selinux-access.c:229
 #22 0x00007f5d0f5100a1 in mac_selinux_access_check_bus_internal
(message=<optimized out>, unit=<optimized out>,
permission=0x7f5d0f580cc0 "status", function=0x7f5d0f5ab110
<__func__.44> "method_get_unit_by_pidfd", error=0x7ffd5dc2d880)
    at ../src/core/selinux-access.c:329
 #23 0x00007f5d0f4a024b in method_get_unit_by_pidfd
(message=0x5569236d9010, userdata=<optimized out>, error=0x7ffd5dc2d880)
at ../src/core/dbus-manager.c:657
 #24 0x00007f5d0f0c9bd0 in method_callbacks_run (bus=0x5569238684e0,
m=0x5569236d9010, c=<optimized out>, require_fallback=false,
found_object=0x7ffd5dc2d947) at ../src/libsystemd/sd-bus/bus-objects.c:413
 #25 object_find_and_run (bus=bus@entry=0x5569238684e0,
m=m@entry=0x5569236d9010, p=<optimized out>,
require_fallback=require_fallback@entry=false,
found_object=found_object@entry=0x7ffd5dc2d947) at
../src/libsystemd/sd-bus/bus-objects.c:1323
 #26 0x00007f5d0f0cafa2 in bus_process_object (bus=0x5569238684e0,
m=0x5569236d9010) at ../src/libsystemd/sd-bus/bus-objects.c:1443
 #27 0x00007f5d0f0d8c3e in process_message (bus=0x5569238684e0,
m=0x5569236d9010) at ../src/libsystemd/sd-bus/sd-bus.c:3006
 #28 process_running (bus=0x5569238684e0, ret=0x0) at
../src/libsystemd/sd-bus/sd-bus.c:3048
 #29 bus_process_internal (bus=bus@entry=0x5569238684e0,
ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3275
 #30 0x00007f5d0f0d9099 in sd_bus_process (bus=bus@entry=0x5569238684e0,
ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3302
 #31 0x00007f5d0f0db3ec in io_callback (s=<optimized out>, fd=<optimized
out>, revents=<optimized out>, userdata=0x5569238684e0) at
../src/libsystemd/sd-bus/sd-bus.c:3643
 #32 0x00007f5d0f0a53d9 in source_dispatch (s=s@entry=0x5569236dea60) at
../src/libsystemd/sd-event/sd-event.c:4163
 #33 0x00007f5d0f0a563d in sd_event_dispatch (e=<optimized out>,
e@entry=0x5569232f6c00) at ../src/libsystemd/sd-event/sd-event.c:4782
 #34 0x00007f5d0f0a6d38 in sd_event_run (e=<optimized out>,
timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:4843
 #35 0x00007f5d0f4f7871 in manager_loop (m=m@entry=0x5569232f8250) at
../src/core/manager.c:3310
 #36 0x00005568f181517d in invoke_main_loop (m=0x5569232f8250,
saved_rlimit_nofile=0x7ffd5dc2dcb0, saved_rlimit_memlock=0x7ffd5dc2dca0,
ret_retval=<synthetic pointer>, ret_fds=0x7ffd5dc2dc78,
ret_switch_root_dir=<synthetic pointer>,
    ret_switch_root_init=<synthetic pointer>,
ret_error_message=0x7ffd5dc2dc90) at ../src/core/main.c:2140
 #37 main (argc=<optimized out>, argv=0x7ffd5dc2dfe8) at
../src/core/main.c:3351

Follow-up for fe3f2ac073
 2025-08-17 16:03:04 +09:00
Yu Watanabe
bb20a240a1 meson: compile nss-util.c only when at least one nss module is enabled 
Follow-up for ea70753479.
 2025-08-16 23:22:00 +01:00
Yu Watanabe
0cf84c9a60 core/service: do not reset watchdong when unit is frozen 
Even watchdog for a service is stopped when freezing the unit is
requested, sd-notify message WATCHDOG=1 or friends may come after
that due to ordering of event priority. In that case,
service_reset_watchdog() is called for frozen unit and thus previously
watchdog was reenabled.

Follow-up for 25178aadb2.
Fixes #38551 (the second failure case).
 2025-08-17 05:19:26 +09:00
Yu Watanabe
e7d811d611 Avoid triggering assertions by nss modules when uname and/or sigprocmask are masked (#38586) 
Fixes #38582.
 2025-08-17 05:19:00 +09:00
Yu Watanabe
61226bd3e2 test: drop unnecessary service file 
Such test service unit is now generated automatically.

Follow-up for 7eb276dced.
 2025-08-16 19:22:43 +01:00
Yu Watanabe
40f597555a resolve: fix index of comments and rebreak comments 2025-08-17 02:06:42 +09:00
Yu Watanabe
788b3e030e test-nss-hosts: add test case for issue #38582 2025-08-17 00:16:12 +09:00
Yu Watanabe
4ca46971a0 signal-util: do not abort when sigprocmask() failed 
BLOCK_SIGNALS() is also used in nss modules. If an application is
running with a too strict seccomp loads our nss modules, then the
assertion may be triggered.

Fixes #38582.
 2025-08-17 00:14:42 +09:00
Yu Watanabe
ea70753479 nss: move definition of NSS_ENTRYPOINT_BEGIN to nss-util.h 
Then, also make nss modules parse $SYSTEMD_ASSERT_RETURN_IS_CRITICAL
environment variable.

This also moves nss-util.c and nss-util.h from src/basic/ to src/shared/,
as they are not used by libsystemd.
 2025-08-17 00:14:42 +09:00
Yu Watanabe
ed9c82095a assert-util: introduce log_set_assert_return_is_critical_from_env() 
It will be used for testing nss modules.
 2025-08-17 00:14:42 +09:00
Yu Watanabe
9bfcc81c32 assert-util: drop message argument of assert_log() 
As it is always equals to #expr.
 2025-08-17 00:14:42 +09:00
Yu Watanabe
45079ae1e6 hostname-setup: do not trigger assertion when uname() is prohibited by seccomp 
gethostname_full() is used in nss-myhostname, and hence random
application may indirectly call it. When an application with a too strict
seccomp filter loads the nss module, the application may trigger the
assertion.

Partially fixes #38582.
 2025-08-17 00:14:42 +09:00
Yu Watanabe
b8c78d3331 seccomp-util: use consistent argument names 2025-08-17 00:14:42 +09:00
Yu Watanabe
75bb547629 mkosi: update mkosi ref and debian ref (#38597) 2025-08-16 23:41:20 +09:00
Luca Boccassi
f89480a0a7 mkosi: update mkosi commit reference to 5598b7f5793b6f63db5afaa39504a763fbaeb5cb 
* 5598b7f579 fedora: be more persistent when guessing what rawhide could be
* cdd2d1570e Use apt-ftparchive instead of reprepro
* eeb4ce6302 fix dead/404 link
* 30a487d183 mkosi-tools: Drop systemd-boot-efi package
* ad4b4d2cbe Add debug logging for version reported by systemd tools
* 95f5c77fb7 mkosi-tools: move systemd-boot package to conf file matching older releases
* 7da22f33e0 README: clarify that companion tools can also be enabled from the git repo
* ec3fe91532 Drop microsecond resolution for datetime.now()
* 9f7a53b687 mkosi-initrd: install raid rule with 70 prefix
* 32c3ff4677 ci: give a hint about possible fixes for failing reuse lints
* 489c5e9ecc build(deps): bump github/codeql-action from 3.29.2 to 3.29.5
 2025-08-16 12:13:20 +01:00
Luca Boccassi
ec9b149bb2 mkosi: update debian commit reference to 8ba719208ff28f36bc240328725eb10008838c39 
* 8ba719208f systemd-boot: install kernel hooks to /usr/share/
* c4d6093398 Update changelog for 258~rc2-2 release
* b21987b0f9 More NEWS updates about sysv support
* cd7d07f66b NEWS: fixlets and adjustments
* 34ef04cb45 Stop installing /var/lib/systemd in the package
* 08b77c5b7c Update changelog for 258~rc2-1 release
* 48b3ec2b9a systemd-container: update lintian overrides for more false positives
* 31547d827b systemd-boot: make efibootmgr a dependency
* 88a7261c00 d/t/control: prefer systemd-boot-tools if available
* 478ea8945f systemd-boot: fix registering/removing uncompressed kernels
* b072f60375 NEWS: fix typo
* 985a3c8d56 systemd-boot: register interest in systemd-boot-signed trigger
* f13b262bf6 d/rules: set debugoptimized for upstream builds
* 615f8851e8 Install usr/share/factory files and restore nsswitch.conf/pam.d/issue on factory reset
* 61792528f2 Update changelog for 258~rc1-1 release
* 116371a1df d/copyright: update paths
* 41437c9c54 Add a few more conflicts to packages providing the same files
* 0e5eea70fd Fix Lintian warning debian-news-entry-uses-asterisk
* 60595acb01 Update Lintian overrides
* b8662ba796 Update symbols file for 258~rc1
* 58553602ca NEWS: note removal of telinit/runlevel
* d78ade0842 Drop all workarounds that are obsolete after trixie
* 7ef47f9f6b Drop world-writable /run/lock debianism
* 9d6d3a4154 NEWS: note cgroupv1 removal
* ef2ef6f35d Enable sd-vmspawn
* ac2aec3b68 Add and remove files for 258~rc1
* 06582be4e6 d/watch: remove restriction to v257.x series
* 88ccb1552a salsa-ci: enable arm64 build
 2025-08-16 12:11:46 +01:00
Luca Boccassi
855b6b77e0 test: fix typo in comment 2025-08-16 10:53:07 +01:00
Luca Boccassi
fd51a7d8b5 pidfd-util: force alignment of file_handle union to avoid assert on 32bit 
On 32bit the union won't be aligned automatically, needs to be enforced:

Assertion '((uintptr_t) _p) % alignof(uint64_t) == 0' failed at src/basic/pidfd-util.c:251, function pidfd_get_inode_id_impl(). Aborting.

Follow-up for 9c039ef5ff
 2025-08-15 12:36:20 +01:00
Luca Boccassi
57aeb4a403 mkosi: install util-linux-script on F44 
Once F41 is EOL we can just move this to the main list and
stop doing this dance every 6 months
 2025-08-14 18:18:27 +01:00
Yu Watanabe
4fd9b83c20 man: add missing comma 2025-08-14 23:33:39 +09:00
Mate Kukri
428cd7bfba Reuse the parent_image handle and parent_loaded_image 
- Reuse parent_image instead of allocating new ones. Firmware might cast
  EFI_LOADED_IMAGE_PROTOCOL * to a larger struct causing issues
- Remove loaded image protocol installation and uninstallation which are no
  longer required

Fixes a bug introduced by cab9c7b5a4.
Fixes #38567.

Co-authored-by: Tobias Heider <tobias.heider@canonical.com>
 2025-08-14 19:59:37 +09:00
Yu Watanabe
1a360ed196 condition: fix unexpected assertion triggered 
Follow-up for c154bb65ad.
Fixes oss-fuzz#438513119.
Fixes #38570.
 2025-08-14 10:31:03 +01:00
Lennart Poettering
b4beaafb24 update TODO 2025-08-14 08:35:15 +02:00
Luca Boccassi
4f9f0e5041 ukify: drop NX bit from UKI if kernel doesn't have it 
If the kernel is not NX_COMPAT ready (W^X memory compatible) then the
UKI should not be marked as NX_COMPAT ready either, as the kernel
section is the loadable code in the image.

https://microsoft.github.io/mu/WhatAndWhy/enhancedmemoryprotection/
https://www.kraxel.org/blog/2023/12/uefi-nx-linux-boot/

While the sd-stub EFI code itself is NX ready, it is more useful
to think of it as one unit of execution together with the kernel
it embeds, as that's what it is used for.

Fixes https://github.com/systemd/systemd/issues/38545
 2025-08-14 03:49:20 +09:00
Yu Watanabe
30f1d29f39 tree-wide: various terminal related fixlets (#38544) 
Fixes #38524.
Fixes #38527.
Fixes #38552.
 2025-08-14 03:40:44 +09:00
Yu Watanabe
660244a7fc core: do not start watchdog for frozen service on daemon-reload/-reexec (#38553) 
Fixes #38551.
 2025-08-14 01:18:50 +09:00
Yu Watanabe
53878b5b3e TEST-72-SYSUPDATE: fix indentation and drop space in blank line 2025-08-13 23:54:26 +09:00
Yu Watanabe
535539222d TEST-72-SYSUPDATE: make randomly generated image file not have compression header 
Otherwise, the generated image may be wrongly detected as compressed,
and importing the image may fail:
```
[   35.194578] TEST-72-SYSUPDATE.sh[411]: + dd if=/dev/urandom of=/var/tmp/test-72-N7uTeO/source/part1-v5.raw bs=4096 count=2048
[   35.236342] TEST-72-SYSUPDATE.sh[1075]: 2048+0 records in
[   35.236342] TEST-72-SYSUPDATE.sh[1075]: 2048+0 records out
[   35.236342] TEST-72-SYSUPDATE.sh[1075]: 8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.0408601 s, 205 MB/s
(snip)
[   35.948634] TEST-72-SYSUPDATE.sh[1085]: \ Acquiring /var/tmp/test-72-N7uTeO/source/part1-v5.raw → /proc/self/fd/3p2...
[   35.952878] TEST-72-SYSUPDATE.sh[1085]: Successfully forked off '(sd-import-raw)' as PID 1089.
[   35.958952] TEST-72-SYSUPDATE.sh[1089]: Importing '/var/tmp/test-72-N7uTeO/source/part1-v5.raw', saving at offset 9437184 in '/dev/loop0'.
[   35.959575] TEST-72-SYSUPDATE.sh[1089]: Failed to decode and write: Input/output error
[   35.959575] TEST-72-SYSUPDATE.sh[1089]: Exiting.
```

Fixes #38524.
 2025-08-13 23:54:18 +09:00
Yu Watanabe
2633ed01ca import: add a debugging log of importing blob 
This should be helpful for debugging issue #38524.
 2025-08-13 23:44:58 +09:00
Yu Watanabe
defac931c0 import: align table 2025-08-13 23:44:58 +09:00
Yu Watanabe
00085ba6c2 import,sysupdate: make notify event processed before SIGCHLD of worker processes 
This fixes the following warning:
```
[    5.628796] TEST-13-NSPAWN.sh[299]: + importctl import-raw --class=confext /var/tmp/importtest
(snip)
[    5.638894] systemd-importd[302]: (transfer1) Operation completed successfully.
[    5.640760] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^MTotal:  40%
[    5.638902] systemd-importd[302]: (transfer1) Exiting.
[    5.638931] systemd-importd[302]: Got percentage from client: 40%
[    5.638956] systemd-importd[302]: Transfer process succeeded.
[    5.638988] systemd-importd[302]: Got notification datagram from unexpected peer, ignoring.
```
 2025-08-13 23:44:58 +09:00
Yu Watanabe
3796391497 pretty-print: show progress bar only when we are running on a TTY 
Otherwise, when a command is running with e.g. StandardError=journal+console,
journal contains [xxxB blob data]:
```
[    5.628796] TEST-13-NSPAWN.sh[299]: + importctl import-raw --class=confext /var/tmp/importtest
[    5.632350] systemd-importd[302]: Successfully forked off '(sd-transfer)' as PID 319.
[    5.633671] TEST-13-NSPAWN.sh[318]: [83B blob data]
[    5.632598] (sd-transfer)[319]: Calling: /usr/lib/systemd/systemd-import raw --class confext - importtest
[    5.637769] systemd-importd[302]: (transfer1) Importing '/var/tmp/importtest', saving as 'importtest'.
[    5.637947] TEST-13-NSPAWN.sh[318]: [82B blob data]
[    5.638313] TEST-13-NSPAWN.sh[318]: [75B blob data]
[    5.638151] systemd-importd[302]: (transfer1) Operating on image directory '/var/lib/confexts'.
[    5.638863] systemd-importd[302]: (transfer1) Imported 40%.
[    5.638882] systemd-importd[302]: (transfer1) Wrote 40K.
[    5.639653] TEST-13-NSPAWN.sh[318]: [39B blob data]
[    5.639653] TEST-13-NSPAWN.sh[318]: [36B blob data]
[    5.639653] TEST-13-NSPAWN.sh[318]: [59B blob data]
[    5.639653] TEST-13-NSPAWN.sh[318]: [34B blob data]
[    5.638894] systemd-importd[302]: (transfer1) Operation completed successfully.
[    5.640760] TEST-13-NSPAWN.sh[318]: [25B blob data]
[    5.638902] systemd-importd[302]: (transfer1) Exiting.
```
The blob data entries are something like the following:
```
[    5.628796] TEST-13-NSPAWN.sh[299]: + importctl import-raw --class=confext /var/tmp/importtest
[    5.632350] systemd-importd[302]: Successfully forked off '(sd-transfer)' as PID 319.
[    5.633671] TEST-13-NSPAWN.sh[318]: ^M           ^MEnqueued transfer job 1. Press C-c to continue download in background.
[    5.632598] (sd-transfer)[319]: Calling: /usr/lib/systemd/systemd-import raw --class confext - importtest
[    5.637769] systemd-importd[302]: (transfer1) Importing '/var/tmp/importtest', saving as 'importtest'.
[    5.637947] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MImporting '/var/tmp/importtest', saving as 'importtest'.
[    5.638313] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MOperating on image directory '/var/lib/confexts'.
[    5.638151] systemd-importd[302]: (transfer1) Operating on image directory '/var/lib/confexts'.
[    5.638863] systemd-importd[302]: (transfer1) Imported 40%.
[    5.638882] systemd-importd[302]: (transfer1) Wrote 40K.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MImported 40%.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MWrote 40K.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MOperation completed successfully.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MExiting.
[    5.638894] systemd-importd[302]: (transfer1) Operation completed successfully.
[    5.640760] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^MTotal:  40%
[    5.638902] systemd-importd[302]: (transfer1) Exiting.
```

Fixes #38552.
 2025-08-13 23:44:58 +09:00