2026-03-19 03:24:45 +01:00
29 changed files with 68 additions and 143 deletions
--- a/14
+++ b/14
@ -61,8 +61,8 @@ CHANGES WITH 249 in spe:
          included in the image. For example, a disk image that contains a
          root, /home/, and /var/ partitions, may set MakeDirectories=yes to
          create /home/ and /var/ as empty directories in the root file system
-          on its creation, so that the resulting image can be mounted
+          on its creation, so that the resulting image can mounted immediately,
-          immediately, even in read-only mode.
+          even in read-only mode.
        * systemd-repart's CopyBlocks= setting gained support for the special
          value "auto". If used, a suitable matching partition on the booted OS
@ -134,7 +134,7 @@ CHANGES WITH 249 in spe:
        * The native Journal protocol has been documented. Clients may talk
          this as alternative to the classic BSD syslog protocol for locally
          delivering log records to the Journal. The protocol has been stable
-          for a long time and in fact been implemented already in a variety
+          since a long time and in fact been implemented already in a variety
          of alternative client libraries. This documentation makes the support
          for that official:
@ -226,10 +226,10 @@ CHANGES WITH 249 in spe:
          that matters most, to the point where this is defined.
        * The Discoverable Partition Specification has been updated with a new
-          GPT partition flag "grow-file-system" defined for its partition
+          GPT partition flag "growsfs" defined for its partition types.
-          types. Whenever partitions with this flag set are automatically
+          Whenever partitions with this flag set are automatically mounted
-          mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
+          (i.e. via systemd-gpt-auto-generator or the --image= switch of
-          of systemd-nspawn or other tools; and as opposed to explicit mounting
+          systemd-nspawn or other tools; and as opposed to explicit mounting
          via /etc/fstab), the file system within the partition is
          automatically grown to the full size of the partition. If the file
          system size already matches the partition size this flag has no
--- a/5
+++ b/5
@ -26,11 +26,6 @@ Janitorial Clean-ups:
 Features:
 * firstboot: allow provisioning of /etc/hosts entries, so that we can via the
  credentials logic insert host name to resolve into containers/hosts. Usecase:
  fork a container, and make it ping some specific address which is defined by
  the host on invocation
 * in sd-id128: also parse UUIDs in RFC4122 URN syntax (i.e. chop off urn:uuid: prefix)
 * ability to insert trusted configuration and secrets into the boot parameters
--- a/meson.build
+++ b/meson.build
@ -793,37 +793,12 @@ endif
 conf.set_quoted('NOBODY_USER_NAME', nobody_user)
 conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
-static_ugids = []
+tty_gid = get_option('tty-gid')
-foreach option : ['adm-gid',
+conf.set('TTY_GID', tty_gid)
                  'audio-gid',
                  'cdrom-gid',
                  'dialout-gid',
                  'disk-gid',
                  'input-gid',
                  'kmem-gid',
                  'kvm-gid',
                  'lp-gid',
                  'render-gid',
                  'sgx-gid',
                  'tape-gid',
                  'tty-gid',
                  'users-gid',
                  'utmp-gid',
                  'video-gid',
                  'wheel-gid',
                  'systemd-journal-gid',
                  'systemd-network-uid',
                  'systemd-resolve-uid',
                  'systemd-timesync-uid']
        name = option.underscorify().to_upper()
        val = get_option(option)
-        # Ensure provided GID argument is numeric, otherwise fall back to default assignment
+# Ensure provided GID argument is numeric, otherwise fall back to default assignment
-        conf.set(name, val >= 0 ? val : '-')
+users_gid = get_option('users-gid')
-        if val >= 0
+conf.set('USERS_GID', users_gid < 0 ? '-' : users_gid)
                static_ugids += '@0@:@1@'.format(option, val)
        endif
 endforeach
 conf.set10('ENABLE_ADM_GROUP', get_option('adm-group'))
 conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group'))
@ -3738,13 +3713,14 @@ status = [
        'extra start script:                @0@'.format(get_option('rc-local')),
        'debug shell:                       @0@ @ @1@'.format(get_option('debug-shell'),
                                                              get_option('debug-tty')),
        'TTY GID:                           @0@'.format(tty_gid),
        'users GID:                         @0@'.format(conf.get('USERS_GID')),
        'system UIDs:                       <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_UID_MAX'),
                                                                        conf.get('SYSTEM_ALLOC_UID_MIN')),
        'system GIDs:                       <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_GID_MAX'),
                                                                        conf.get('SYSTEM_ALLOC_GID_MIN')),
        'dynamic UIDs:                      @0@…@1@'.format(dynamic_uid_min, dynamic_uid_max),
        'container UID bases:               @0@…@1@'.format(container_uid_base_min, container_uid_base_max),
        'static UID/GID allocations:        @0@'.format(' '.join(static_ugids)),
        '/dev/kvm access mode:              @0@'.format(get_option('dev-kvm-mode')),
        'render group access mode:          @0@'.format(get_option('group-render-mode')),
        'certificate root directory:        @0@'.format(get_option('certificate-root')),
--- a/meson_options.txt
+++ b/meson_options.txt
@ -204,7 +204,6 @@ option('status-unit-format-default', type : 'combo',
       description : 'use unit name or description in messages by default')
 option('time-epoch', type : 'integer', value : '-1',
       description : 'time epoch for time clients')
 option('system-alloc-uid-min', type : 'integer', value : '-1',
       description : 'minimum system UID used when allocating')
 option('system-alloc-gid-min', type : 'integer', value : '-1',
@ -221,6 +220,10 @@ option('container-uid-base-min', type : 'integer', value : 0x00080000,
       description : 'minimum container UID base')
 option('container-uid-base-max', type : 'integer', value : 0x6FFF0000,
       description : 'maximum container UID base')
 option('tty-gid', type : 'integer', value : 5,
       description : 'the numeric GID of the "tty" group')
 option('users-gid', type : 'integer', value : '-1',
       description : 'the numeric GID of the "users" group')
 option('adm-group', type : 'boolean',
       description : 'the ACL for adm group should be added')
 option('wheel-group', type : 'boolean',
@ -231,49 +234,6 @@ option('nobody-user', type : 'string',
 option('nobody-group', type : 'string',
       description : 'The name of the nobody group (the one with GID 65534)',
       value : 'nobody')
 option('adm-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "adm" group')
 option('audio-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "audio" group')
 option('cdrom-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "cdrom" group')
 option('dialout-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "dialout" group')
 option('disk-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "disk" group')
 option('input-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "input" group')
 option('kmem-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "kmem" group')
 option('kvm-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "kvm" group')
 option('lp-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "lp" group')
 option('render-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "render" group')
 option('sgx-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "sgx" group')
 option('tape-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "tape" group')
 option('tty-gid', type : 'integer', value : 5,
       description : 'the numeric GID of the "tty" group')
 option('users-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "users" group')
 option('utmp-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "utmp" group')
 option('video-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "video" group')
 option('wheel-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the "wheel" group')
 option('systemd-journal-gid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the systemd-journal group')
 option('systemd-network-uid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the systemd-network user')
 option('systemd-resolve-uid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the systemd-resolve user')
 option('systemd-timesync-uid', type : 'integer', value : '-1',
       description : 'soft-static allocation for the systemd-timesync user')
 option('dev-kvm-mode', type : 'string', value : '0666',
       description : '/dev/kvm access mode')
 option('group-render-mode', type : 'string', value : '0666',
--- a/shell-completion/zsh/_bootctl
+++ b/shell-completion/zsh/_bootctl
@ -1,4 +1,4 @@
-#compdef bootctl
+#compdef bootctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 __bootctl() {
--- a/shell-completion/zsh/_busctl
+++ b/shell-completion/zsh/_busctl
@ -1,4 +1,4 @@
-#compdef busctl
+#compdef busctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 # busctl(1) completion                               -*- shell-script -*-
--- a/shell-completion/zsh/_coredumpctl
+++ b/shell-completion/zsh/_coredumpctl
@ -1,4 +1,4 @@
-#compdef coredumpctl
+#compdef coredumpctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_coredumpctl_commands] )) ||
--- a/shell-completion/zsh/_hostnamectl
+++ b/shell-completion/zsh/_hostnamectl
@ -1,4 +1,4 @@
-#compdef hostnamectl
+#compdef hostnamectl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_hostnamectl_hostname] )) ||
--- a/shell-completion/zsh/_journalctl
+++ b/shell-completion/zsh/_journalctl
@ -1,4 +1,4 @@
-#compdef journalctl
+#compdef journalctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_journalctl_fields] )) ||
--- a/shell-completion/zsh/_kernel-install
+++ b/shell-completion/zsh/_kernel-install
@ -1,4 +1,4 @@
-#compdef kernel-install
+#compdef kernel-install                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_kernel-install_images] )) ||
--- a/shell-completion/zsh/_localectl
+++ b/shell-completion/zsh/_localectl
@ -1,4 +1,4 @@
-#compdef localectl
+#compdef localectl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_localectl_set-locale] )) ||
--- a/shell-completion/zsh/_loginctl
+++ b/shell-completion/zsh/_loginctl
@ -1,4 +1,4 @@
-#compdef loginctl
+#compdef loginctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_loginctl_all_sessions] )) ||
--- a/shell-completion/zsh/_machinectl
+++ b/shell-completion/zsh/_machinectl
@ -1,4 +1,4 @@
-#compdef machinectl
+#compdef machinectl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[__machinectl_get_machines] )) ||
--- a/shell-completion/zsh/_networkctl
+++ b/shell-completion/zsh/_networkctl
@ -1,4 +1,4 @@
-#compdef networkctl
+#compdef networkctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_networkctl_commands] )) ||
--- a/shell-completion/zsh/_resolvectl
+++ b/shell-completion/zsh/_resolvectl
@ -1,4 +1,4 @@
-#compdef resolvectl systemd-resolve
+#compdef resolvectl systemd-resolve         -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 #
 # This file is part of systemd.
--- a/shell-completion/zsh/_systemctl.in
+++ b/shell-completion/zsh/_systemctl.in
@ -1,4 +1,4 @@
-#compdef systemctl
+#compdef systemctl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_systemctl_commands] )) || _systemctl_commands()
--- a/shell-completion/zsh/_systemd
+++ b/shell-completion/zsh/_systemd
@ -1,4 +1,4 @@
-#compdef systemd-cat systemd-ask-password systemd-cgls systemd-cgtop systemd-detect-virt systemd-machine-id-setup systemd-notify systemd-tty-ask-password-agent
+#compdef systemd-cat systemd-ask-password systemd-cgls systemd-cgtop systemd-detect-virt systemd-machine-id-setup systemd-notify systemd-tty-ask-password-agent                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 local curcontext="$curcontext" state lstate line
--- a/shell-completion/zsh/_systemd-analyze
+++ b/shell-completion/zsh/_systemd-analyze
@ -1,4 +1,4 @@
-#compdef systemd-analyze
+#compdef systemd-analyze                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_systemd-analyze_log-level] )) ||
--- a/shell-completion/zsh/_systemd-delta
+++ b/shell-completion/zsh/_systemd-delta
@ -1,4 +1,4 @@
-#compdef systemd-delta
+#compdef systemd-delta                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_systemd-delta_types] )) ||
--- a/shell-completion/zsh/_systemd-inhibit
+++ b/shell-completion/zsh/_systemd-inhibit
@ -1,4 +1,4 @@
-#compdef systemd-inhibit
+#compdef systemd-inhibit                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_systemd-inhibit_commands] )) ||
--- a/shell-completion/zsh/_systemd-nspawn
+++ b/shell-completion/zsh/_systemd-nspawn
@ -1,4 +1,4 @@
-#compdef systemd-nspawn
+#compdef systemd-nspawn                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_systemd-nspawn_caps] )) ||
--- a/shell-completion/zsh/_systemd-run
+++ b/shell-completion/zsh/_systemd-run
@ -1,4 +1,4 @@
-#compdef systemd-run
+#compdef systemd-run                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 # @todo _systemctl has a helper with the same name, so we must redefine
--- a/shell-completion/zsh/_systemd-tmpfiles
+++ b/shell-completion/zsh/_systemd-tmpfiles
@ -1,4 +1,4 @@
-#compdef systemd-tmpfiles
+#compdef systemd-tmpfiles                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 _arguments \
--- a/shell-completion/zsh/_timedatectl
+++ b/shell-completion/zsh/_timedatectl
@ -1,4 +1,4 @@
-#compdef timedatectl
+#compdef timedatectl                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 _timedatectl_set-timezone(){
--- a/shell-completion/zsh/_udevadm
+++ b/shell-completion/zsh/_udevadm
@ -1,4 +1,4 @@
-#compdef udevadm
+#compdef udevadm                    -*- shell-script -*-
 # SPDX-License-Identifier: LGPL-2.1-or-later
 (( $+functions[_udevadm_info] )) ||
--- a/src/core/unit.c
+++ b/src/core/unit.c
@ -5520,11 +5520,7 @@ int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
 void unit_log_success(Unit *u) {
        assert(u);
-        /* Let's show message "Deactivated successfully" in debug mode (when manager is user) rather than in info mode.
+        log_unit_struct(u, LOG_INFO,
         * This message has low information value for regular users and it might be a bit overwhelming on a system with
         * a lot of devices. */
        log_unit_struct(u,
                        MANAGER_IS_USER(u->manager) ? LOG_DEBUG : LOG_INFO,
                        "MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
                        LOG_UNIT_INVOCATION_ID(u),
                        LOG_UNIT_MESSAGE(u, "Deactivated successfully."));
--- a/sysusers.d/basic.conf.in
+++ b/sysusers.d/basic.conf.in
@ -12,28 +12,28 @@ u root    0     "Super User" /root
 u {{NOBODY_USER_NAME}}  65534 "Nobody"     -
 # Administrator group: can *see* more than normal users
-g adm     {{ADM_GID    }}     -            -
+g adm     -     -            -
 # Administrator group: can *do* more than normal users
-g wheel   {{WHEEL_GID  }}     -            -
+g wheel   -     -            -
-# Access to shared database of users on the system
+# Access to certain kernel and userspace facilities
-g utmp    {{UTMP_GID   }}     -            -
+g kmem    -     -            -
 g tty     {{TTY_GID}}     -            -
 g utmp    -     -            -
-# Physical and virtual hardware access groups
+# Hardware access groups
-g audio   {{AUDIO_GID  }}     -            -
+g audio   -     -            -
-g cdrom   {{CDROM_GID  }}     -            -
+g cdrom   -     -            -
-g dialout {{DIALOUT_GID}}     -            -
+g dialout -     -            -
-g disk    {{DISK_GID   }}     -            -
+g disk    -     -            -
-g input   {{INPUT_GID  }}     -            -
+g input   -     -            -
-g kmem    {{KMEM_GID   }}     -            -
+g kvm     -     -            -
-g kvm     {{KVM_GID    }}     -            -
+g lp      -     -            -
-g lp      {{LP_GID     }}     -            -
+g render  -     -            -
-g render  {{RENDER_GID }}     -            -
+g sgx     -     -            -
-g sgx     {{SGX_GID    }}     -            -
+g tape    -     -            -
-g tape    {{TAPE_GID   }}     -            -
+g video   -     -            -
 g tty     {{TTY_GID    }}     -            -
 g video   {{VIDEO_GID  }}     -            -
 # Default group for normal users
-g users   {{USERS_GID  }}     -            -
+g users   {{USERS_GID}}     -            -
--- a/sysusers.d/systemd.conf.in
+++ b/sysusers.d/systemd.conf.in
@ -5,18 +5,18 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-g systemd-journal   {{SYSTEMD_JOURNAL_GID}} -
+g systemd-journal   - -
 {% if ENABLE_NETWORKD %}
-u systemd-network   {{SYSTEMD_NETWORK_UID}} "systemd Network Management"
+u systemd-network   - "systemd Network Management"
 {% endif %}
 {% if ENABLE_OOMD %}
 u systemd-oom       - "systemd Userspace OOM Killer"
 {% endif %}
 {% if ENABLE_RESOLVE %}
-u systemd-resolve   {{SYSTEMD_RESOLVE_UID}} "systemd Resolver"
+u systemd-resolve   - "systemd Resolver"
 {% endif %}
 {% if ENABLE_TIMESYNCD %}
-u systemd-timesync  {{SYSTEMD_TIMESYNC_UID}} "systemd Time Synchronization"
+u systemd-timesync  - "systemd Time Synchronization"
 {% endif %}
 {% if ENABLE_COREDUMP %}
 u systemd-coredump  - "systemd Core Dumper"
--- a/test/test-functions
+++ b/test/test-functions
@ -1006,13 +1006,11 @@ create_empty_image() {
    fi
    local size=500
-    if [ -z "$NO_BUILD" ]; then
+    if meson configure "${BUILD_DIR:?}" | grep 'static-lib\|standalone-binaries' | awk '{ print $2 }' | grep -q 'true'; then
-        if meson configure "${BUILD_DIR:?}" | grep 'static-lib\|standalone-binaries' | awk '{ print $2 }' | grep -q 'true'; then
+        size=$((size+=200))
-            size=$((size+=200))
+    fi
-        fi
+    if meson configure "${BUILD_DIR:?}" | grep 'link-.*-shared' | awk '{ print $2 }' | grep -q 'false'; then
-        if meson configure "${BUILD_DIR:?}" | grep 'link-.*-shared' | awk '{ print $2 }' | grep -q 'false'; then
+        size=$((size+=200))
            size=$((size+=200))
        fi
    fi
    if [[ "$STRIP_BINARIES" = "no" ]]; then
        size=$((4 * size))