Update 60-sensor.hwdb

Removed the blank

.mkosi/mkosi.arch

@@ -39,7 +39,6 @@ BuildPackages=
         libidn2
         libmicrohttpd
         libseccomp
-        libtool
         libutil-linux
         libxkbcommon
         libxslt

.mkosi/mkosi.debian

@@ -48,7 +48,6 @@ BuildPackages=
         libqrencode-dev
         libseccomp-dev
         libsmartcols-dev
-        libtool
         libxkbcommon-dev
         libzstd-dev
         m4

.mkosi/mkosi.fedora

@@ -53,6 +53,7 @@ BuildPackages=
         lz4-devel
         m4
         meson
+        ninja-build
         openssl-devel
         p11-kit-devel
         pam-devel

.mkosi/mkosi.ubuntu

@@ -50,7 +50,6 @@ BuildPackages=
         libqrencode-dev
         libseccomp-dev
         libsmartcols-dev
-        libtool
         libxkbcommon-dev
         libxtables-dev
         libzstd-dev

hwdb.d/60-sensor.hwdb

@@ -255,6 +255,10 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:svnCube:pnI15-TC:*
 sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni8-T:*
  ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
 
+# Cube KNote 5
+sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni1102:*
+ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
+
 #########################################
 # Cytrix (Mytrix)
 #########################################

man/org.freedesktop.systemd1.xml

@@ -5524,12 +5524,12 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       <para>In addition to these properties there are the following:</para>
 
       <para><varname>NAccepted</varname> contains the accumulated number of connections ever accepted on this
-      socket. This only applies to sockets with <varname>Accept</varname> set to <literal>true</literal>,
+      socket. This only applies to sockets with <varname>Accept</varname> set to <literal>yes</literal>,
       i.e. those where systemd is responsible for accepted connections. </para>
 
       <para>Similarly <varname>NConnections</varname> contains the number of currently open connections on
       this socket. It only applies only to socket units with <varname>Accept</varname> set to
-      <literal>true</literal>.</para>
+      <literal>yes</literal>.</para>
 
       <para><varname>Result</varname> encodes the reason why a socket unit failed if it is in the
       <literal>failed</literal> state (see <varname>ActiveState</varname> above). The values

man/systemd.socket.xml

@@ -389,14 +389,14 @@
 
       <varlistentry>
         <term><varname>Accept=</varname></term>
-        <listitem><para>Takes a boolean argument. If true, a service
+        <listitem><para>Takes a boolean argument. If yes, a service
         instance is spawned for each incoming connection and only the
-        connection socket is passed to it. If false, all listening
+        connection socket is passed to it. If no, all listening
         sockets themselves are passed to the started service unit, and
         only one service unit is spawned for all connections (also see
         above). This value is ignored for datagram sockets and FIFOs
         where a single service unit unconditionally handles all
-        incoming traffic. Defaults to <option>false</option>. For
+        incoming traffic. Defaults to <option>no</option>. For
         performance reasons, it is recommended to write new daemons
         only in a way that is suitable for
         <option>Accept=no</option>. A daemon listening on an
@@ -632,7 +632,7 @@
          the value of the <varname>SELinuxContext=</varname> option.
          This configuration option only affects sockets with
          <varname>Accept=</varname> mode set to
-         <literal>true</literal>. Also note that this option is useful
+         <literal>yes</literal>. Also note that this option is useful
          only when MLS/MCS SELinux policy is deployed. Defaults to
          <literal>false</literal>. </para></listitem>
       </varlistentry>

src/dissect/dissect.c

@@ -369,11 +369,11 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
         r = dissected_image_acquire_metadata(m);
         if (r == -ENXIO)
                 return log_error_errno(r, "No root partition discovered.");
-        if (r == -EMEDIUMTYPE)
-                return log_error_errno(r, "Not a valid OS image, no os-release file included.");
         if (r == -EUCLEAN)
                 return log_error_errno(r, "File system check of image failed.");
-        if (r == -EUNATCH)
+        if (r == -EMEDIUMTYPE)
+                log_warning_errno(r, "Not a valid OS image, no os-release file included. Proceeding anyway.");
+        else if (r == -EUNATCH)
                 log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata.");
         else if (r == -EBUSY)
                 log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata.");
@@ -403,9 +403,13 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
                                        p == m->os_release ? "OS Release:" : "           ",
                                        *p, *q);
                 }
-        }
 
-        if (arg_json) {
+                if (m->hostname ||
+                    !sd_id128_is_null(m->machine_id) ||
+                    !strv_isempty(m->machine_info) ||
+                    !strv_isempty(m->os_release))
+                        putc('\n', stdout);
+        } else {
                 _cleanup_(json_variant_unrefp) JsonVariant *mi = NULL, *osr = NULL;
 
                 if (!strv_isempty(m->machine_info)) {
@@ -431,9 +435,6 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
                         return log_oom();
         }
 
-        if (!arg_json)
-                putc('\n', stdout);
-
         t = table_new("rw", "designator", "partition uuid", "fstype", "architecture", "verity", "node", "partno");
         if (!t)
                 return log_oom();

src/network/networkd-manager.h

@@ -69,7 +69,8 @@ struct Manager {
         usec_t speed_meter_usec_new;
         usec_t speed_meter_usec_old;
 
-        bool dhcp4_prefix_root_cannot_set_table;
+        bool dhcp4_prefix_root_cannot_set_table:1;
+        bool bridge_mdb_on_master_not_supported:1;
 };
 
 int manager_new(Manager **ret);

src/network/networkd-mdb.c

@@ -103,7 +103,13 @@ static int set_mdb_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link)
                 return 1;
 
         r = sd_netlink_message_get_errno(m);
-        if (r < 0 && r != -EEXIST) {
+        if (r == -EINVAL && streq_ptr(link->kind, "bridge") && (!link->network || !link->network->bridge)) {
+                /* To configure bridge MDB entries on bridge master, 1bc844ee0faa1b92e3ede00bdd948021c78d7088 (v5.4) is required. */
+                if (!link->manager->bridge_mdb_on_master_not_supported) {
+                        log_link_warning_errno(link, r, "Kernel seems not to support configuring bridge MDB entries on bridge master, ignoring: %m");
+                        link->manager->bridge_mdb_on_master_not_supported = true;
+                }
+        } else if (r < 0 && r != -EEXIST) {
                 log_link_message_warning_errno(link, m, r, "Could not add MDB entry");
                 link_enter_failed(link);
                 return 1;
@@ -117,11 +123,23 @@ static int set_mdb_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link)
         return 1;
 }
 
+static int link_get_bridge_master_ifindex(Link *link) {
+        assert(link);
+
+        if (link->network && link->network->bridge)
+                return link->network->bridge->ifindex;
+
+        if (streq_ptr(link->kind, "bridge"))
+                return link->ifindex;
+
+        return 0;
+}
+
 /* send a request to the kernel to add an MDB entry */
 static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
         _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
         struct br_mdb_entry entry;
-        int r;
+        int master, r;
 
         assert(link);
         assert(link->network);
@@ -136,14 +154,20 @@ static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
                                strna(a), mdb_entry->vlan_id);
         }
 
+        master = link_get_bridge_master_ifindex(link);
+        if (master <= 0)
+                return log_link_error_errno(link, SYNTHETIC_ERRNO(EINVAL), "Invalid bridge master ifindex %i", master);
+
         entry = (struct br_mdb_entry) {
-                .state = MDB_PERMANENT,
+                /* If MDB entry is added on bridge master, then the state must be MDB_TEMPORARY.
+                 * See br_mdb_add_group() in net/bridge/br_mdb.c of kernel. */
+                .state = master == link->ifindex ? MDB_TEMPORARY : MDB_PERMANENT,
                 .ifindex = link->ifindex,
                 .vid = mdb_entry->vlan_id,
         };
 
         /* create new RTM message */
-        r = sd_rtnl_message_new_mdb(link->manager->rtnl, &req, RTM_NEWMDB, link->network->bridge->ifindex);
+        r = sd_rtnl_message_new_mdb(link->manager->rtnl, &req, RTM_NEWMDB, master);
         if (r < 0)
                 return log_link_error_errno(link, r, "Could not create RTM_NEWMDB message: %m");
 
@@ -178,24 +202,25 @@ static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
 
 int link_set_bridge_mdb(Link *link) {
         MdbEntry *mdb_entry;
-        Link *master;
         int r;
 
         assert(link);
+        assert(link->manager);
 
         link->bridge_mdb_configured = false;
 
         if (!link->network)
                 return 0;
 
-        if (!link->network->bridge) {
-                link->bridge_mdb_configured = true;
-                return 0;
-        }
+        if (LIST_IS_EMPTY(link->network->static_mdb_entries))
+                goto finish;
 
         if (!link_has_carrier(link))
                 return log_link_debug(link, "Link does not have carrier yet, setting MDB entries later.");
 
+        if (link->network->bridge) {
+                Link *master;
+
                 r = link_get(link->manager, link->network->bridge->ifindex, &master);
                 if (r < 0)
                         return log_link_error_errno(link, r, "Failed to get Link object for Bridge=%s", link->network->bridge->ifname);
@@ -203,6 +228,14 @@ int link_set_bridge_mdb(Link *link) {
                 if (!link_has_carrier(master))
                         return log_link_debug(link, "Bridge interface %s does not have carrier yet, setting MDB entries later.", link->network->bridge->ifname);
 
+        } else if (!streq_ptr(link->kind, "bridge")) {
+                log_link_warning(link, "Link is neither a bridge master nor a bridge port, ignoring [BridgeMDB] sections.");
+                goto finish;
+        } else if (link->manager->bridge_mdb_on_master_not_supported) {
+                log_link_debug(link, "Kernel seems not to support configuring bridge MDB entries on bridge master, ignoring [BridgeMDB] sections.");
+                goto finish;
+        }
+
         LIST_FOREACH(static_mdb_entries, mdb_entry, link->network->static_mdb_entries) {
                 r = mdb_entry_configure(link, mdb_entry);
                 if (r < 0)
@@ -211,6 +244,7 @@ int link_set_bridge_mdb(Link *link) {
                 link->bridge_mdb_messages++;
         }
 
+finish:
         if (link->bridge_mdb_messages == 0) {
                 link->bridge_mdb_configured = true;
                 link_check_ready(link);

src/network/networkd-network.c

@@ -306,14 +306,6 @@ int network_verify(Network *network) {
                 if (section_is_invalid(fdb->section))
                         fdb_entry_free(fdb);
 
-        if (!LIST_IS_EMPTY(network->static_mdb_entries) && !network->bridge) {
-                log_warning("%s: Cannot configure MDB entries on non-bridge port, ignoring [BridgeMDB] sections.",
-                            network->filename);
-
-                while ((mdb = network->static_mdb_entries))
-                        mdb_entry_free(mdb);
-        }
-
         LIST_FOREACH_SAFE(static_mdb_entries, mdb, mdb_next, network->static_mdb_entries)
                 if (mdb_entry_verify(mdb) < 0)
                         mdb_entry_free(mdb);

src/shared/dissect-image.c

@@ -793,7 +793,12 @@ int dissect_image(
                 }
         }
 
-        if (!m->partitions[PARTITION_ROOT].found) {
+        if (m->partitions[PARTITION_ROOT].found) {
+                /* If we found the primary arch, then invalidate the secondary arch to avoid any ambiguities,
+                 * since we never want to mount the secondary arch in this case. */
+                m->partitions[PARTITION_ROOT_SECONDARY].found = false;
+                m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false;
+        } else {
                 /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
                  * either, then check if there's a single generic one, and use that. */
 
@@ -848,12 +853,6 @@ int dissect_image(
                 if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
                         return -EADDRNOTAVAIL;
 
-                /* If we found the primary root with the hash, then we definitely want to suppress any secondary root
-                 * (which would be weird, after all the root hash should only be assigned to one pair of
-                 * partitions... */
-                m->partitions[PARTITION_ROOT_SECONDARY].found = false;
-                m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false;
-
                 /* If we found a verity setup, then the root partition is necessarily read-only. */
                 m->partitions[PARTITION_ROOT].rw = false;
 
@@ -1034,7 +1033,7 @@ static int mount_partition(
         /* If requested, turn on discard support. */
         if (fstype_can_discard(fstype) &&
             ((flags & DISSECT_IMAGE_DISCARD) ||
-             ((flags & DISSECT_IMAGE_DISCARD_ON_LOOP) && is_loop_device(m->node)))) {
+             ((flags & DISSECT_IMAGE_DISCARD_ON_LOOP) && is_loop_device(m->node) > 0))) {
                 options = strdup("discard");
                 if (!options)
                         return -ENOMEM;
@@ -1322,9 +1321,10 @@ static int decrypt_partition(
                 return r == -EPERM ? -EKEYREJECTED : r;
         }
 
-        d->decrypted[d->n_decrypted].name = TAKE_PTR(name);
-        d->decrypted[d->n_decrypted].device = TAKE_PTR(cd);
-        d->n_decrypted++;
+        d->decrypted[d->n_decrypted++] = (DecryptedPartition) {
+                .name = TAKE_PTR(name),
+                .device = TAKE_PTR(cd),
+        };
 
         m->decrypted_node = TAKE_PTR(node);
 
@@ -1466,7 +1466,8 @@ static int verity_partition(
                                         verity->root_hash_sig_size,
                                         CRYPT_ACTIVATE_READONLY);
 #else
-                        r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()");
+                        r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                            "Activation of verity device with signature requested, but not supported by %s due to missing crypt_activate_by_signed_key().", program_invocation_short_name);
 #endif
                 } else
                         r = sym_crypt_activate_by_volume_key(
@@ -1540,9 +1541,10 @@ static int verity_partition(
         /* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */
         restore_deferred_remove = mfree(restore_deferred_remove);
 
-        d->decrypted[d->n_decrypted].name = TAKE_PTR(name);
-        d->decrypted[d->n_decrypted].device = TAKE_PTR(cd);
-        d->n_decrypted++;
+        d->decrypted[d->n_decrypted++] = (DecryptedPartition) {
+                .name = TAKE_PTR(name),
+                .device = TAKE_PTR(cd),
+        };
 
         m->decrypted_node = TAKE_PTR(node);
 
@@ -1588,7 +1590,7 @@ int dissected_image_decrypt(
 
         for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
                 DissectedPartition *p = m->partitions + i;
-                int k;
+                PartitionDesignator k;
 
                 if (!p->found)
                         continue;

src/test/test-execute.c

@@ -595,6 +595,10 @@ static void test_exec_dynamicuser(Manager *m) {
         (void) rm_rf("/var/lib/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);
         (void) rm_rf("/var/lib/private/test-dynamicuser-migrate", REMOVE_ROOT|REMOVE_PHYSICAL);
         (void) rm_rf("/var/lib/private/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);
+
+        test(__func__, m, "exec-dynamicuser-runtimedirectory1.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
+        test(__func__, m, "exec-dynamicuser-runtimedirectory2.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
+        test(__func__, m, "exec-dynamicuser-runtimedirectory3.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
 }
 
 static void test_exec_environment(Manager *m) {

test/mkosi.default.networkd-test

@@ -1,11 +1,14 @@
 # Puts together an nspawn container and runs networkd-test.py in it, inside a
-# network namespace and everything. Run this with "mkosi
-# --default=mkosi.default.networkd-test boot". This will start the test and
-# eventually exit with success in case the test succeeded.
+# network namespace and everything. Run this with
+#
+#   mkosi -C test --default=mkosi.default.networkd-test boot
+#
+# This will start the test and eventually exit with success in case the test
+# succeeded.
 
 [Distribution]
 Distribution=fedora
-Release=29
+Release=32
 
 [Output]
 Format=raw_btrfs
@@ -45,13 +48,13 @@ BuildPackages=
         libmount-devel
         libseccomp-devel
         libselinux-devel
-        libtool
         libxkbcommon-devel
         libxslt
         lz4
         lz4-devel
         m4
         meson
+        ninja-build
         pam-devel
         pcre2-devel
         pkgconfig
@@ -59,7 +62,6 @@ BuildPackages=
         python3-lxml
         qrencode-devel
         tree
-        xz-devel
 
 Packages=
         dnsmasq
@@ -69,8 +71,8 @@ Packages=
         python3
 
 # Share caches with the top-level mkosi
-BuildDirectory=../mkosi.builddir
-Cache=../mkosi.cache
+BuildDirectory=../mkosi/mkosi.builddir
+Cache=../mkosi/mkosi.cache
 
 # Run our own script
 BuildScript=mkosi.build.networkd-test

test/test-execute/exec-dynamicuser-runtimedirectory1.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Test for RuntimeDirectory with RuntimeDirectoryPreserve=yes and DynamicUser=yes
+
+[Service]
+ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve'
+ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"'
+ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test'
+Type=oneshot
+RuntimeDirectory=test-exec_runtimedirectorypreserve
+RuntimeDirectoryPreserve=yes
+DynamicUser=yes

test/test-execute/exec-dynamicuser-runtimedirectory2.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Test for RuntimeDirectory with RuntimeDirectoryPreserve=yes and DynamicUser=yes 2nd trial
+
+[Service]
+ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve'
+ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"'
+ExecStart=/bin/sh -x -c 'test -f $$RUNTIME_DIRECTORY/test'
+ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test'
+Type=oneshot
+RuntimeDirectory=test-exec_runtimedirectorypreserve
+RuntimeDirectoryPreserve=yes
+DynamicUser=yes

test/test-execute/exec-dynamicuser-runtimedirectory3.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Test for RuntimeDirectory with DynamicUser=yes migrated from RuntimeDirectoryPreserve=yes
+
+[Service]
+ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve'
+ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"'
+ExecStart=/bin/sh -x -c 'test -f $$RUNTIME_DIRECTORY/test'
+ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test'
+Type=oneshot
+RuntimeDirectory=test-exec_runtimedirectorypreserve
+DynamicUser=yes

test/test-network/conf/26-bridge-mdb-master.network

@@ -3,3 +3,11 @@ Name=bridge99
 
 [Network]
 IPv6AcceptRA=false
+
+[BridgeMDB]
+VLANId=4066
+MulticastGroupAddress=ff02:aaaa:fee5:0000:0000:0000:0001:0004
+
+[BridgeMDB]
+VLANId=4067
+MulticastGroupAddress=224.0.1.2

test/test-network/systemd-networkd-tests.py

@@ -2969,6 +2969,11 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities):
         self.assertRegex(output, 'dev bridge99 port test1 grp ff02:aaaa:fee5::1:3 permanent *vid 4064')
         self.assertRegex(output, 'dev bridge99 port test1 grp 224.0.1.1 permanent *vid 4065')
 
+        # Old kernel may not support bridge MDB entries on bridge master
+        if call('bridge mdb add dev bridge99 port bridge99 grp 224.0.1.3 temp vid 4068', stderr=subprocess.DEVNULL) == 0:
+            self.assertRegex(output, 'dev bridge99 port bridge99 grp ff02:aaaa:fee5::1:4 temp *vid 4066')
+            self.assertRegex(output, 'dev bridge99 port bridge99 grp 224.0.1.2 temp *vid 4067')
+
     def test_bridge_property(self):
         copy_unit_to_networkd_unit_path('11-dummy.netdev', '12-dummy.netdev', '26-bridge.netdev',
                                         '26-bridge-slave-interface-1.network', '26-bridge-slave-interface-2.network',