Fiber

.clang-tidy

@@ -70,6 +70,7 @@ CheckOptions:
     ^getmntent$,mnt_table_next_fs(),libmount parser should be used instead
 '
   misc-header-include-cycle.IgnoredFilesList: 'glib-2.0'
+RemovedArgs: ['-fwide-exec-charset=UCS2', '-maccumulate-outgoing-args']
 WarningsAsErrors: '*'
 ExcludeHeaderFilterRegex: 'blkid\.h|gmessages\.h|gstring\.h'
 HeaderFileExtensions:

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -82,6 +82,7 @@ body:
         - 'homectl'
         - 'hostnamectl'
         - 'hardware database files'
+        - 'importctl'
         - 'journalctl'
         - 'kernel-install'
         - 'loginctl'
@@ -112,7 +113,7 @@ body:
         - 'systemd-homed'
         - 'systemd-hostnamed'
         - 'systemd-hwdb'
-        - 'systemd-import'
+        - 'systemd-importd'
         - 'systemd-journal-gatewayd'
         - 'systemd-journal-remote'
         - 'systemd-journal-upload'

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -21,6 +21,7 @@ body:
         - 'homectl'
         - 'hostnamectl'
         - 'hardware database files'
+        - 'importctl'
         - 'journalctl'
         - 'kernel-install'
         - 'loginctl'
@@ -51,7 +52,7 @@ body:
         - 'systemd-homed'
         - 'systemd-hostnamed'
         - 'systemd-hwdb'
-        - 'systemd-import'
+        - 'systemd-importd'
         - 'systemd-journal-gatewayd'
         - 'systemd-journal-remote'
         - 'systemd-journal-upload'

.github/advanced-issue-labeler.yml

@@ -53,7 +53,7 @@ policy:
             keys: ['systemd-hwdb', 'hardware database files']
 
           - name: import
-            keys: ['systemd-import']
+            keys: ['systemd-importd', 'importctl']
 
           - name: journal
             keys: ['systemd-journald', 'journalctl']

.github/workflows/cifuzz.yml

@@ -67,7 +67,7 @@ jobs:
           path: ./out/artifacts
       - name: Upload Sarif
         if: always() && steps.build.outcome == 'success'
-        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: cifuzz-sarif/results.sarif

.github/workflows/claude-review.yml

@@ -67,7 +67,7 @@ jobs:
 
       - name: Fetch PR context and create tracking comment
         id: context
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
         with:
           script: |
             const owner = context.repo.owner;
@@ -179,7 +179,7 @@ jobs:
           sudo apt-get update && sudo apt-get install -y bubblewrap socat
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
           role-session-name: GitHubActions-Claude-${{ github.run_id }}
@@ -417,7 +417,7 @@ jobs:
           name: review-result.json
 
       - name: Post review comments
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
         env:
           REVIEW_RESULT: ${{ needs.review.result }}
           PR_NUMBER: ${{ needs.setup.outputs.pr_number }}

.github/workflows/coverage.yml

@@ -27,7 +27,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           persist-credentials: false
-      - uses: systemd/mkosi@66d51024b7149f40be4702e84275c936373ace97
+      - uses: systemd/mkosi@9a28ad20bbea61894ea7b971d318a71f4374cf3b
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location

.github/workflows/gather-pr-metadata.yml

@@ -22,7 +22,7 @@ jobs:
 
       - id: metadata
         name: Gather Pull Request Metadata
-        uses: redhat-plumbers-in-action/gather-pull-request-metadata@b86d1eaf7038cf88a56b26ba3e504f10e07b0ce5
+        uses: redhat-plumbers-in-action/gather-pull-request-metadata@62fc85c7acd15db62a0bdf007c8dbeda86eaf3b6
 
       - name: Upload Pull Request Metadata artifact
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f

.github/workflows/labeler.yml

@@ -44,7 +44,7 @@ jobs:
         sync-labels: false
 
     - name: Set or remove labels based on systemd development workflow
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+      uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
       if: startsWith(github.event_name, 'pull_request') && github.event.action != 'closed' && !github.event.pull_request.draft
       with:
         script: |
@@ -85,7 +85,7 @@ jobs:
           }
 
     - name: Add please-review label on command in issue comment
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+      uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
       if: github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/please-review')
       with:
         script: |
@@ -97,7 +97,7 @@ jobs:
           })
 
     - name: Remove specific labels when PR is closed or merged
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+      uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
       if: startsWith(github.event_name, 'pull_request') && github.event.action == 'closed'
       with:
         script: |

.github/workflows/linter.yml

@@ -30,7 +30,7 @@ jobs:
           persist-credentials: false
 
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9
+        uses: super-linter/super-linter/slim@9e863354e3ff62e0727d37183162c4a88873df41
         env:
           DEFAULT_BRANCH: main
           MULTI_STATUS: false
@@ -40,7 +40,7 @@ jobs:
           GITHUB_ACTIONS_CONFIG_FILE: actionlint.yml
           ENABLE_GITHUB_PULL_REQUEST_SUMMARY_COMMENT: false
 
-      - uses: systemd/mkosi@66d51024b7149f40be4702e84275c936373ace97
+      - uses: systemd/mkosi@9a28ad20bbea61894ea7b971d318a71f4374cf3b
 
       - name: Check that tabs are not used in Python code
         run: sh -c '! git grep -P "\\t" -- src/core/generate-bpf-delegate-configs.py src/boot/generate-hwids-section.py src/ukify/ukify.py test/integration-tests/integration-test-wrapper.py'

.github/workflows/make-release.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
         with:
           prerelease: ${{ contains(github.ref_name, '-rc') }}
           draft: ${{ github.repository == 'systemd/systemd' }}

.github/workflows/mkosi.yml

@@ -169,7 +169,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           persist-credentials: false
-      - uses: systemd/mkosi@66d51024b7149f40be4702e84275c936373ace97
+      - uses: systemd/mkosi@9a28ad20bbea61894ea7b971d318a71f4374cf3b
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location

.github/workflows/requirements.txt

@@ -1,6 +1,5 @@
-meson==1.10.2 \
-    --hash=sha256:5f84ef186e6e788d9154db63620fc61b3ece69f643b94b43c8b9203c43d89b36 \
-    --hash=sha256:7890287d911dd4ee1ebd0efb61ed0321bfcd87c725df923a837cf90c6508f96b
+meson==1.11.1 \
+    --hash=sha256:9b3a023657e393dbc5335b95c561337d49b7a458f5541e47ec44f2cc566e0d80
 ninja==1.13.0 \
     --hash=sha256:11be2d22027bde06f14c343f01d31446747dbb51e72d00decca2eb99be911e2f \
     --hash=sha256:1c97223cdda0417f414bf864cfb73b72d8777e57ebb279c5f6de368de0062988 \

.semaphore/semaphore-runner.sh

@@ -68,8 +68,8 @@ EOF
 for phase in "${PHASES[@]}"; do
     case "$phase" in
         SETUP)
-            # remove semaphore repos, some of them don't work and cause error messages
-            sudo rm -rf /etc/apt/sources.list.d/*
+            # remove chrome repo, we don't need it
+            sudo rm -rf /etc/apt/sources.list.d/google-chrome.sources
 
             # enable backports for latest LXC
             echo "deb http://archive.ubuntu.com/ubuntu $UBUNTU_RELEASE-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list.d/backports.list

NEWS

@@ -63,6 +63,12 @@ CHANGES WITH 261 in spe:
           require direct IMDS access. The new meson option "-Dimds-network="
           can be used to change the default mode to "locked" at build-time.
 
+        * The manager exposes a new ReloadCount property on its D-Bus and
+          Varlink interfaces (org.freedesktop.systemd1.Manager and
+          io.systemd.Manager respectively). The counter increments after
+          each successfully completed daemon-reload. It is not preserved
+          across daemon-reexec.
+
         Changes in systemd-sysext/systemd-confext:
 
         * New initrd services systemd-sysext-sysroot.service and
@@ -3427,7 +3433,7 @@ CHANGES WITH 257:
 
         systemd-importd:
 
-        * A new generator sytemd-import-generator has been added to synthesize
+        * A new generator systemd-import-generator has been added to synthesize
           image download jobs. This provides functionality similar to
           importctl, but is configured via the kernel command line and system
           credentials. It may be used to automatically download sysext,
@@ -4604,7 +4610,7 @@ CHANGES WITH 256:
           OpenSSH 9.4 or newer.
 
         * systemd-sysext gained support for enabling system extensions in
-          mutable fashion, where a writeable upperdir is stored under
+          mutable fashion, where a writable upperdir is stored under
           /var/lib/extensions.mutable/, and a new --mutable= option to
           configure this behaviour. An "ephemeral" mode is not also supported
           where the mutable layer is configured to be a tmpfs that is
@@ -15306,7 +15312,7 @@ CHANGES WITH 231:
 
         * The InaccessableDirectories=, ReadOnlyDirectories= and
           ReadWriteDirectories= unit file settings have been renamed to
-          InaccessablePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
+          InaccessiblePaths=, ReadOnlyPaths= and ReadWritePaths= and may now be
           applied to all kinds of file nodes, and not just directories, with
           the exception of symlinks. Specifically these settings may now be
           used on block and character device nodes, UNIX sockets and FIFOS as
@@ -20917,7 +20923,7 @@ CHANGES WITH 189:
           udev_device_new_from_device_id() call.
 
         * The logic for file system namespace (ReadOnlyDirectory=,
-          ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
+          ReadWriteDirectories=, PrivateTmp=) has been reworked not to
           require pivot_root() anymore. This means fewer temporary
           directories are created below /tmp for this feature.
 

README

@@ -264,9 +264,9 @@ REQUIREMENTS:
         During runtime, you need the following additional
         dependencies:
 
-        util-linux >= v2.27.1 required (including but not limited to: mount,
-                                        umount, swapon, swapoff, sulogin,
-                                        agetty, fsck)
+        util-linux >= v2.42 required (including but not limited to: mount,
+                                      umount, swapon, swapoff, sulogin,
+                                      agetty, fsck, more)
         dbus >= 1.4.0 (strictly speaking optional, but recommended)
                 NOTE: If using dbus < 1.9.18, you should override the default
                 policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).

TODO.md

@@ -128,6 +128,40 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 
 ## Features
 
+- bootctl link + sysupdate integration
+  - make sysupdate call out to a special varlink dir on completion
+  - bind bootctl link socket in there, which when invoked goes to new dir in
+    /var/ where downloaded kernels+confext+sysext are dropped in (place in
+    .v/) and then does "bootctl link" on them.
+
+- a tool that can prep credentials, put them in the ESP, for provisioning
+  systems for SBC. Should be doing what sysinstall does with the credentials,
+  and maybe even *be* sysinstall.
+
+- make sure we always pass O_NOFOLLOW on O_CREAT
+
+- xopenat(): maybe imply O_NOFOLLOW on O_CREAT
+
+- StorageProvider interface + storagectl
+  - hook-up in systemd-nspawn
+  - hook-up in service manager (BindVolume=)
+  - introduce a locking concept: right now all access to volumes is fully
+    shared. Let's add a basic locking concept: supporting backends can take an
+    additional locking flag (which has to be combined with Varlink's "more"),
+    in which case access would only be handed out to one client at a time, with
+    the lock's lifetime synced up with the Varlink connection lifetime.
+  - introduce a volume lifecycle concept: optionally support volumes whose
+    whole lifecycle is associated with the varlink connections they are tied
+    to: when the last varlink connection that acquired them goes away, the
+    volume is auto-destroyed. Would be exposed via a new flag on the Acquire
+    call, similar to the locking logic above.
+
+- clean up credential naming a bit: let's say encrypted creds always should
+  carry .cred suffix, and unencrypted should not.
+
+- clean up naming of sidecar files in sd-stub: let's put global ones strictly
+  into /loader/extras/
+
 - a small tool that can do basic btrfs raid policy mgmt. i.e. gets started as
   part of the initial transaction for some btrfs raid fs, waits for some time,
   then puts message on screen (plymouth, console) that some devices apparently
@@ -161,6 +195,17 @@ SPDX-License-Identifier: LGPL-2.1-or-later
   use as additional search condition. Use case: images that combined a sysext
   partition with a portable service partition in one.
 
+- **systemd-sysinstall:**
+  - make systemd-sysinstall itself a varlink service
+  - read installation definition from json file
+  - polkit support in sysinstall
+  - sysinstall: permit driving installer via credentials
+  - add --offline=no mode where we talk to socket based services rather than forking off
+  - if a user doesn't pick a locale during boot into installer, don't ask again after install, because we suppressed credential propagation
+
+- repart: add MatchLabel= which matches against partition label, so that we
+  truly can install different images in parallel
+
 - add "systemctl wait" or so, which does what "systemd-run --wait" does, but
   for all units. It should be both a way to pin units into memory as well as a
   wait to retrieve their exit data.
@@ -186,8 +231,8 @@ SPDX-License-Identifier: LGPL-2.1-or-later
   - download list + report updates in motd – but do not auto update
   - download list + download new version – but do not apply it
   - download list + download new version + apply it – but do not reboot
-  - download list + donwload new version + apply it + reboot
-  Other things the policy shoudl contain is when to place the reboot.
+  - download list + download new version + apply it + reboot
+  Other things the policy should contain is when to place the reboot.
   This would all decouple the updating of the package list from the application
   of it. Which is great for "countme" style stuff.
 
@@ -323,7 +368,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 
 - add bus API to retrieve current unit file contents (i.e. implement "systemctl cat" on the bus only)
 
-- Add ConditionDirectoryNotEmpty= handle non-absoute paths as a search path or add
+- Add ConditionDirectoryNotEmpty= handle non-absolute paths as a search path or add
   ConditionConfigSearchPathNotEmpty= or different syntax? See the discussion starting at
   https://github.com/systemd/systemd/pull/15109#issuecomment-607740136.
 
@@ -1175,14 +1220,6 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 
 - introduce a new group to own TPM devices
 
-- introduce a small "systemd-installer" tool or so, that glues
-  systemd-repart-as-installer and bootctl-install into one. Would just
-  interactively ask user for target disk (with completion and so on), and then do
-  two varlink calls to the the two tools with the right parameters. To support
-  "offline" operation, optionally invoke the two tools directly as child
-  processes with varlink communication over socketpair(). This all should be
-  useful as blueprint for graphical installers which should do the same.
-
 - introduce an option (or replacement) for "systemctl show" that outputs all
   properties as JSON, similar to busctl's new JSON output. In contrast to that
   it should skip the variant type string though.
@@ -1518,7 +1555,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later
   and stick around for the whole system runtime (i.e. root fs storage daemons,
   the bpf loader daemon discussed above, and such) are placed. maybe
   protected.slice or so? Then write docs that suggest that services like this
-  set Slice=protected.sice, RefuseManualStart=yes, RefuseManualStop=yes and a
+  set Slice=protected.slice, RefuseManualStart=yes, RefuseManualStop=yes and a
   couple of other things.
 
 - maybe add call sd_journal_set_block_timeout() or so to set SO_SNDTIMEO for
@@ -1812,7 +1849,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 
 - oci: add support for "importctl import-oci" which implements the "OCI layout"
   spec (i.e. acquiring via local fs access), as opposed to the current
-  "importctl pull-oci" which focusses on the "OCI image spec", i.e. downloads
+  "importctl pull-oci" which focuses on the "OCI image spec", i.e. downloads
   from the web (i.e. acquiring via URLs).
 
 - oci: add support for blake hashes for layers
@@ -2148,10 +2185,6 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 
 - run0: maybe enable utmp for run0 sessions, so that they are easily visible.
 
-- sd-boot/sd-stub: install a uefi "handle" to a sidecar dir of bls type #1
-  entries with an "uki" or "uki-url" stanza, and make sd-stub look for
-  that. That way we can parameterize type #1 entries nicely.
-
 - **sd-boot:**
   - do something useful if we find exactly zero entries (ignoring items
     such as reboot/poweroff/factory reset). Show a help text or so.
@@ -2470,10 +2503,6 @@ SPDX-License-Identifier: LGPL-2.1-or-later
     that we can sanely copy ESP contents, /usr/ images, and then set up btrfs
     raid for the root fs to extend/mirror the existing install. This would be
     very similar to the concept of live-install-through-btrfs-migration.
-  - add --installer or so, that will interactively ask for a
-    target disk, maybe ask for confirmation, and install something on disk. Then,
-    hook that into installer.target or so, so that it can be used to
-    install/replicate installs
   - should probably enable btrfs' "temp_fsid" feature for all file
     systems it creates, as we have no interest in RAID for repart, and it should
     make sure that we can mount them trivially everywhere.
@@ -2545,8 +2574,9 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 - systemd-tpm2-support: add a some logic that detects if system is in DA
   lockout mode, and queries the user for TPM recovery PIN then.
 
-- systemd: add storage API via varlink, where everyone can drop a socket in a
-  dir, similar, do the same thing for networking
+- add a networking provider API, inspired by the StorageProvider. Make networkd
+  a provider that exposes interfaces for adding tap, tun, veth via the api,
+  base this on .netdev logic somehow.
 
 - $SYSTEMD_EXECPID that the service manager sets should
   be augmented with $SYSTEMD_EXECPIDFD (and similar for