Merge 2151b64b44 into 3bb398c299

I have been trying to run
https://github.com/include-what-you-use/include-what-you-use on the
systemd repository to hopefully get a handle on the rampant numbers of
includes we have in every file with no idea if any of the symbols coming
from that file are used or not.

While I haven't got it fully working yet, these changes still make sense
IMO and can be merged already.

Except the last commit, all other changes are about removing circular
dependencies between headers which trips up include-what-you-use.
Regardless of the tool, circular dependencies between headers are a code
smell and I think we should get rid of them regardless of whether we end
up using the tool or not.

.github/workflows/build_test.sh

@@ -10,7 +10,7 @@ fatal() { echo >&2 -e "\033[31;1m$1\033[0m"; exit 1; }
 success() { echo >&2 -e "\033[32;1m$1\033[0m"; }
 
 ARGS=(
-    "--optimization=0 -Dopenssl=disabled -Dcryptolib=gcrypt -Ddns-over-tls=gnutls -Dtpm=true -Dtpm2=enabled"
+    "--optimization=0 -Dopenssl=disabled -Dtpm=true -Dtpm2=enabled"
     "--optimization=s -Dutmp=false"
     "--optimization=2 -Dc_args=-Wmaybe-uninitialized -Ddns-over-tls=openssl"
     "--optimization=3 -Db_lto=true -Ddns-over-tls=false"
@@ -67,7 +67,6 @@ PACKAGES=(
 COMPILER="${COMPILER:?}"
 COMPILER_VERSION="${COMPILER_VERSION:?}"
 LINKER="${LINKER:?}"
-CRYPTOLIB="${CRYPTOLIB:?}"
 RELEASE="$(lsb_release -cs)"
 
 # Note: As we use postfixed clang/gcc binaries, we need to override $AR
@@ -150,7 +149,7 @@ for args in "${ARGS[@]}"; do
          CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \
          meson setup \
                -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \
-               -Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \
+               -Dnobody-group=nogroup -Ddebug=false \
                $args build; then
 
         cat build/meson-logs/meson-log.txt

.github/workflows/build_test.yml

@@ -25,11 +25,11 @@ jobs:
       fail-fast: false
       matrix:
         env:
-          - { COMPILER: "gcc",   COMPILER_VERSION: "11", LINKER: "bfd",  CRYPTOLIB: "gcrypt"  }
-          - { COMPILER: "gcc",   COMPILER_VERSION: "13", LINKER: "mold", CRYPTOLIB: "openssl" }
-          - { COMPILER: "clang", COMPILER_VERSION: "14", LINKER: "mold", CRYPTOLIB: "gcrypt"  }
-          - { COMPILER: "clang", COMPILER_VERSION: "16", LINKER: "bfd",  CRYPTOLIB: "openssl" }
-          - { COMPILER: "clang", COMPILER_VERSION: "18", LINKER: "lld",  CRYPTOLIB: "auto"    }
+          - { COMPILER: "gcc",   COMPILER_VERSION: "11", LINKER: "bfd"  }
+          - { COMPILER: "gcc",   COMPILER_VERSION: "13", LINKER: "mold" }
+          - { COMPILER: "clang", COMPILER_VERSION: "14", LINKER: "mold" }
+          - { COMPILER: "clang", COMPILER_VERSION: "16", LINKER: "bfd"  }
+          - { COMPILER: "clang", COMPILER_VERSION: "18", LINKER: "lld"  }
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout

.github/workflows/coverage.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@7e4ec15aee6b98300b2ee14265bc647a716a9f8a
+      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -90,7 +90,6 @@ jobs:
           sudo mkosi sandbox -- \
             meson setup \
             --buildtype=debugoptimized \
-            -Dintegration-tests=true \
             build
 
       - name: Build image
@@ -120,7 +119,8 @@ jobs:
             meson test \
             -C build \
             --no-rebuild \
-            --suite integration-tests \
+            --setup=integration \
+            --suite=integration-tests \
             --print-errorlogs \
             --no-stdsplit \
             --num-processes "$(($(nproc) - 1))" \

.github/workflows/mkosi.yml

@@ -120,7 +120,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@7e4ec15aee6b98300b2ee14265bc647a716a9f8a
+      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -197,7 +197,6 @@ jobs:
           sudo mkosi sandbox -- \
             meson setup \
             --buildtype=debugoptimized \
-            -Dintegration-tests=true \
             -Dbpf-framework=disabled \
             build
 
@@ -233,7 +232,8 @@ jobs:
             meson test \
             -C build \
             --no-rebuild \
-            --suite integration-tests \
+            --setup=integration \
+            --suite=integration-tests \
             --print-errorlogs \
             --no-stdsplit \
             --num-processes "$(($(nproc) - 1))" \

.github/workflows/unit_tests.sh

@@ -41,7 +41,7 @@ function run_meson() {
 
 set -ex
 
-MESON_ARGS=(-Dcryptolib=${CRYPTOLIB:-auto})
+MESON_ARGS=()
 
 # (Re)set the current oom-{score-}adj. For some reason root on GH actions is able to _decrease_
 # its oom-score even after dropping all capabilities (including CAP_SYS_RESOURCE), until the

.github/workflows/unit_tests.yml

@@ -16,18 +16,15 @@ jobs:
   build:
     runs-on: ubuntu-24.04
     concurrency:
-      group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }}
+      group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }}
       cancel-in-progress: true
     strategy:
       fail-fast: false
       matrix:
         run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_RELEASE, CLANG_ASAN_UBSAN, CLANG_ASAN_UBSAN_NO_DEPS]
-        cryptolib: [auto]
         include:
           - run_phase: GCC
-            cryptolib: openssl
           - run_phase: CLANG
-            cryptolib: gcrypt
     steps:
       - name: Repository checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
@@ -38,8 +35,6 @@ jobs:
           sudo sed -i '/^XDG_/d' /etc/environment
           # Pass only specific env variables through sudo, to avoid having
           # the already existing XDG_* stuff on the "other side"
-          sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
+          sudo --preserve-env=GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
       - name: Build & test
-        run: sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
-        env:
-          CRYPTOLIB: ${{ matrix.cryptolib }}
+        run: sudo --preserve-env=GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}

LICENSES/README.md

@@ -32,23 +32,23 @@ The following exceptions apply:
  * some sources under src/udev/ are licensed under **GPL-2.0-or-later**,
    so all udev programs (`systemd-udevd`, `udevadm`, and the udev builtins
    and test programs) are also distributed under **GPL-2.0-or-later**.
- * the header files contained in src/basic/linux/ and src/shared/linux/ are copied
+ * the header files contained in src/basic/include/linux are copied
    verbatim from the Linux kernel source tree and are licensed under **GPL-2.0 WITH
    Linux-syscall-note** and are used within the scope of the Linux-syscall-note
    exception provisions
  * the following sources are licensed under the **LGPL-2.0-or-later** license:
    - src/basic/utf8.c
    - src/shared/initreq.h
- * the src/shared/linux/bpf_insn.h header is copied from the Linux kernel
+ * the src/basic/include/linux/bpf_insn.h header is copied from the Linux kernel
    source tree and is licensed under either **BSD-2-Clause** or **GPL-2.0-only**,
    and thus is included in the systemd build under the BSD-2-Clause license.
- * The src/basic/linux/wireguard.h header is copied from the Linux kernel
+ * The src/basic/include/linux/wireguard.h header is copied from the Linux kernel
    source tree and is licensed under either **MIT** or **GPL-2.0 WITH Linux-syscall-note**,
    and thus is included in the systemd build under the MIT license.
  * the following sources are licensed under the **MIT** license (in case of our
    scripts, to facilitate copying and reuse of those helpers to other projects):
    - hwdb.d/parse_hwdb.py
-   - src/basic/linux/batman_adv.h
+   - src/basic/include/linux/batman_adv.h
    - src/basic/sparse-endian.h
    - tools/catalog-report.py
  * the following sources are licensed under the **CC0-1.0** license:

NEWS

@@ -67,6 +67,12 @@ CHANGES WITH 258 in spe:
           in v255), 'default-hierarchy' (v256), and 'nscd' (v257) have been
           removed.
 
+        * OpenSSL is the only crypto backend for systemd-resolved and
+          systemd-importd, and support for gnutls and gcrypt has been removed.
+          Hence, support for 'dns-over-tls=gnutls' meson option has been
+          removed. Also, 'cryptolib' meson option has been deprecated, and will
+          be removed in a future release.
+
         Announcements of Future Feature Removals:
 
         * The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() is
@@ -96,6 +102,9 @@ CHANGES WITH 258 in spe:
           continue to work, update to xf86-input-evdev >= 2.11.0 and
           xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.
 
+        * The meson option 'integration-tests' has been deprecated, and will be
+          removed in a future release.
+
         — <place>, <date>
 
 CHANGES WITH 257:

README

@@ -240,8 +240,7 @@ REQUIREMENTS:
         libcurl >= 7.32.0 (optional)
         libidn2 or libidn (optional)
         gnutls >= 3.1.4 (optional)
-               >= 3.6.0 is required to support DNS-over-TLS with gnutls
-        openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
+        openssl >= 1.1.0 (optional, required to support DNS-over-TLS)
         p11-kit >= 0.23.3 (optional)
         libfido2 (optional)
         tpm2-tss (optional)

TODO

@@ -1791,7 +1791,6 @@ Features:
   with matches, then activate app through that passing socket over
 
 * unify on openssl:
-  - kill gnutls support in resolved
   - figure out what to do about libmicrohttpd, which has a hard dependency on
     gnutls
   - port fsprg over to a dlopen lib, then switch it to openssl

coccinelle/run-coccinelle.sh

@@ -5,8 +5,7 @@ set -e
 # Exclude following paths from the Coccinelle transformations
 EXCLUDED_PATHS=(
     "src/boot/efi/*"
-    "src/shared/linux/*"
-    "src/basic/linux/*"
+    "src/basic/include/linux/*"
     # Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
     "src/libsystemd/sd-bus/test-bus-vtable.c"
     "src/libsystemd/sd-journal/lookup3.c"

hwdb.d/60-keyboard.hwdb

@@ -383,6 +383,7 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:3:dmi:bvn*:bvr*:bd*:svncube:pni1-T
 ###########################################################
 
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pn*:*
+ KEYBOARD_KEY_68=prog2                                  # G-Mode (Dell-specific)
  KEYBOARD_KEY_81=playpause                              # Play/Pause
  KEYBOARD_KEY_82=stopcd                                 # Stop
  KEYBOARD_KEY_83=previoussong                           # Previous song

man/systemd-ssh-proxy.xml

@@ -24,7 +24,7 @@
 
   <refsynopsisdiv>
     <programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
 </programlisting>
@@ -46,7 +46,7 @@ Host unix/* vsock/* vsock-mux/*
     configuration fragment like the following:</para>
 
     <programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
     CheckHostIP no
@@ -69,7 +69,9 @@ Host .host
     direct <constant>AF_VSOCK</constant> communication between the host and guests, and provide their own
     multiplexer over <constant>AF_UNIX</constant> sockets. See
     <ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
-    and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.</para>
+    and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.
+    Note that <literal>,</literal> can be used as a separator instead of <literal>/</literal> to be
+    compatible with tools like <literal>scp</literal> and <literal>rsync</literal>.</para>
 
     <para>Moreover, connecting to <literal>.host</literal> will connect to the local host via SSH, without
     involving networking.</para>
@@ -113,6 +115,12 @@ Host .host
 
       <programlisting>ssh unix/run/ssh-unix-local/socket</programlisting>
     </example>
+
+    <example>
+      <title>Copy local 'foo' file to a local VM with CID 1348</title>
+
+      <programlisting>scp foo vsock,1348:</programlisting>
+    </example>
   </refsect1>
 
   <refsect1>

meson.build

@@ -13,6 +13,12 @@ project('systemd', 'c',
         meson_version : '>= 0.62.0',
 )
 
+add_test_setup(
+        'default',
+        exclude_suites : ['integration-tests'],
+        is_default : true,
+)
+
 project_major_version = meson.project_version().split('.')[0].split('~')[0]
 if meson.project_version().contains('.')
         project_minor_version = meson.project_version().split('.')[-1].split('~')[0]
@@ -339,7 +345,6 @@ meson_build_sh = find_program('tools/meson-build.sh')
 want_tests = get_option('tests')
 want_slow_tests = want_tests != 'false' and get_option('slow-tests')
 want_fuzz_tests = want_tests != 'false' and get_option('fuzz-tests')
-want_integration_tests = want_tests != 'false' and get_option('integration-tests')
 install_tests = want_tests != 'false' and get_option('install-tests')
 
 if add_languages('cpp', native : false, required : fuzzer_build)
@@ -1477,50 +1482,18 @@ endif
 dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips', 'riscv64']
 conf.set10('HAVE_DMI', host_machine.cpu_family() in dmi_arches)
 
-# We support one or the other. If gcrypt is available, we assume it's there to
-# be used, and use it in preference.
-opt = get_option('cryptolib')
-if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
-        error('openssl requested as the default cryptolib, but not available')
-endif
-conf.set10('PREFER_OPENSSL',
-           opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
-conf.set10('HAVE_OPENSSL_OR_GCRYPT',
-           conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
-lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? [libopenssl] : [libgcrypt, libgpg_error]
-
 dns_over_tls = get_option('dns-over-tls')
-if dns_over_tls != 'false'
-        if dns_over_tls == 'gnutls' and conf.get('PREFER_OPENSSL') == 1
-                error('Sorry, -Ddns-over-tls=gnutls is not supported when openssl is used as the cryptolib')
-        endif
-
-        if dns_over_tls == 'gnutls'
-                have_openssl = false
-        else
-                have_openssl = conf.get('HAVE_OPENSSL') == 1
-                if dns_over_tls == 'openssl' and not have_openssl
-                        error('DNS-over-TLS support was requested with openssl, but dependencies are not available')
-                endif
-        endif
-        if dns_over_tls == 'openssl' or have_openssl
-                have_gnutls = false
-        else
-                have_gnutls = conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0')
-                if dns_over_tls != 'auto' and not have_gnutls
-                        str = dns_over_tls == 'gnutls' ? ' with gnutls' : ''
-                        error('DNS-over-TLS support was requested@0@, but dependencies are not available'.format(str))
-                endif
-        endif
-        have = have_gnutls or have_openssl
-else
+have_openssl = conf.get('HAVE_OPENSSL') == 1
+if dns_over_tls == 'false'
         have = false
-        have_gnutls = false
-        have_openssl = false
+elif dns_over_tls == 'auto'
+        have = have_openssl
+elif have_openssl
+        have = true
+else
+        error('DNS-over-TLS support was requested, but OpenSSL support is disabled.')
 endif
 conf.set10('ENABLE_DNS_OVER_TLS', have)
-conf.set10('DNS_OVER_TLS_USE_GNUTLS', have_gnutls)
-conf.set10('DNS_OVER_TLS_USE_OPENSSL', have_openssl)
 
 default_dns_over_tls = get_option('default-dns-over-tls')
 if default_dns_over_tls != 'no' and conf.get('ENABLE_DNS_OVER_TLS') == 0
@@ -1547,8 +1520,8 @@ have = get_option('repart').require(
 conf.set10('ENABLE_REPART', have)
 
 default_dnssec = get_option('default-dnssec')
-if default_dnssec != 'no' and conf.get('HAVE_OPENSSL_OR_GCRYPT') == 0
-        message('default-dnssec cannot be set to yes or allow-downgrade openssl and gcrypt are disabled. Setting default-dnssec to no.')
+if default_dnssec != 'no' and conf.get('HAVE_OPENSSL') == 0
+        message('default-dnssec cannot be set to yes or allow-downgrade when openssl is disabled. Setting default-dnssec to no.')
         default_dnssec = 'no'
 endif
 conf.set('DEFAULT_DNSSEC_MODE',
@@ -1579,7 +1552,7 @@ conf.set10('ENABLE_STORAGETM', get_option('storagetm'))
 
 have = get_option('importd').require(
         conf.get('HAVE_LIBCURL') == 1 and
-        conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and
+        conf.get('HAVE_OPENSSL') == 1 and
         conf.get('HAVE_ZLIB') == 1 and
         conf.get('HAVE_XZ') == 1,
         error_message : 'curl, openssl/grypt, zlib and xz required').allowed()
@@ -2048,11 +2021,18 @@ boot_stubs = []
 
 build_dir_include = include_directories('.')
 
-basic_includes = include_directories(
-        'src/basic',
-        'src/fundamental',
-        'src/systemd',
-        '.')
+basic_includes = [
+        include_directories(
+                'src/basic',
+                'src/fundamental',
+                'src/systemd',
+                '.',
+        ),
+        include_directories(
+                'src/basic/include',
+                is_system : true,
+        ),
+]
 
 libsystemd_includes = [basic_includes, include_directories(
         'src/libsystemd/sd-bus',
@@ -2661,10 +2641,6 @@ endif
 #####################################################################
 
 mkosi = find_program('mkosi', required : false)
-if want_integration_tests and not mkosi.found()
-        error('Could not find mkosi which is required to run the integration tests')
-endif
-
 mkosi_depends = public_programs
 
 foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']
@@ -3089,6 +3065,7 @@ foreach tuple : [
 
         # optional features
         ['dmi'],
+        ['DNS-over-TLS'],
         ['idn'],
         ['polkit'],
         ['legacy-pkla',            install_polkit_pkla],
@@ -3153,22 +3130,6 @@ else
         found += 'static-libudev(@0@)'.format(static_libudev)
 endif
 
-if conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and conf.get('PREFER_OPENSSL') == 1
-        found += 'cryptolib(openssl)'
-elif conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1
-        found += 'cryptolib(gcrypt)'
-else
-        missing += 'cryptolib'
-endif
-
-if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
-        found += 'DNS-over-TLS(gnutls)'
-elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1
-        found += 'DNS-over-TLS(openssl)'
-else
-        missing += 'DNS-over-TLS'
-endif
-
 summary({
         'enabled' :  ', '.join(found),
         'disabled' : ', '.join(missing)},

meson_options.txt

@@ -358,7 +358,7 @@ option('default-llmnr', type : 'combo',
        choices : ['yes', 'resolve', 'no'],
        description : 'default LLMNR mode',
        value : 'yes')
-option('dns-over-tls', type : 'combo', choices : ['auto', 'gnutls', 'openssl', 'true', 'false'],
+option('dns-over-tls', type : 'combo', choices : ['auto', 'openssl', 'true', 'false'],
        description : 'DNS-over-TLS support')
 option('dns-servers', type : 'string',
        description : 'space-separated list of default DNS servers',
@@ -434,8 +434,8 @@ option('gnutls', type : 'feature', deprecated : { 'true' : 'enabled', 'false' :
        description : 'gnutls support')
 option('openssl', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'openssl support')
-option('cryptolib', type : 'combo', choices : ['auto', 'openssl', 'gcrypt'],
-       description : 'whether to use openssl or gcrypt where both are supported')
+option('cryptolib', type : 'combo', choices : ['auto', 'openssl'],
+       description : 'This option is deprecated and will be removed in a future release')
 option('p11kit', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'p11kit support')
 option('libfido2', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
@@ -509,7 +509,7 @@ option('install-tests', type : 'boolean', value : false,
        description : 'install test executables')
 option('log-message-verification', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'do fake printf() calls to verify format strings')
-option('integration-tests', type : 'boolean', value : false,
+option('integration-tests', type : 'boolean', value : false, deprecated : true,
        description : 'run the integration tests')
 
 option('ok-color', type : 'combo',

mkosi/mkosi.conf

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-MinimumVersion=commit:7e4ec15aee6b98300b2ee14265bc647a716a9f8a
+MinimumVersion=commit:dbb4020beee2cdf250f93a425794f1cf8b0fe693
 Dependencies=
         exitrd
         initrd
@@ -78,8 +78,7 @@ KernelCommandLine=
         oops=panic
         panic=-1
         softlockup_panic=1
-        # Disabled due to BTRFS issue, waiting for the fix to become available
-        panic_on_warn=0
+        panic_on_warn=1
         psi=1
         mitigations=off
 

mkosi/mkosi.conf.d/arch/mkosi.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.conf.d/centos-fedora/mkosi.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-boot

mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         libnss-myhostname
         libnss-mymachines

mkosi/mkosi.conf.d/opensuse/mkosi.conf

@@ -11,6 +11,7 @@ Repositories=non-oss
 SandboxTrees=macros.db_backend:/etc/rpm/macros.db_backend
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         libsystemd0
         libudev1

mkosi/mkosi.images/exitrd/mkosi.conf.d/arch.conf

@@ -4,7 +4,7 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/arch/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.images/exitrd/mkosi.conf.d/centos-fedora.conf

@@ -5,6 +5,6 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/debian.conf

@@ -4,6 +4,6 @@
 Distribution=debian
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/opensuse.conf

@@ -4,7 +4,7 @@
 Distribution=opensuse
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         diffutils
         grep

mkosi/mkosi.images/exitrd/mkosi.conf.d/ubuntu.conf

@@ -4,7 +4,7 @@
 Distribution=ubuntu
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
         libsystemd-shared
         libsystemd0

mkosi/mkosi.images/initrd/mkosi.conf.d/arch.conf

@@ -4,7 +4,7 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/arch/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf

@@ -5,7 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
         tpm2-tools
 

mkosi/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf

@@ -5,7 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/opensuse.conf

@@ -4,7 +4,7 @@
 Distribution=opensuse
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         btrfs-progs
         kmod

mkosi/mkosi.images/minimal-base/mkosi.conf.d/arch.conf

@@ -4,7 +4,7 @@
 Distribution=arch
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/arch/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
         inetutils
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/centos-fedora.conf

@@ -5,7 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
         hostname
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/debian-ubuntu.conf

@@ -5,7 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
         hostname
         iproute2

mkosi/mkosi.images/minimal-base/mkosi.conf.d/opensuse.conf

@@ -4,7 +4,7 @@
 Distribution=opensuse
 
 [Content]
-PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/mkosi.prepare
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         diffutils
         grep

rules.d/70-uaccess.rules.in

@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
 # media player raw devices (for user-mode drivers, Android SDK, etc.)
 SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
 
+# Android devices (ADB DbC, ADB, Fastboot)
+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see:
+# * https://developer.android.com/tools/adb
+# * https://source.android.com/docs/setup/test/running
+# * https://source.android.com/docs/setup/test/flash
+#
+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here:
+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199
+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244
+#
+# Since it's using a generic vendor specific interface class, this can potentially result
+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android".
+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android"
+
 # software-defined radio communication devices
 ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess"
 
@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess"
 # As defined in https://en.wikipedia.org/wiki/3Dconnexion
 SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess"
 
+# Debug interfaces (e.g. Android Debug Bridge)
+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess"
+
 LABEL="uaccess_end"

src/ac-power/ac-power.c

@@ -5,6 +5,7 @@
 #include "ansi-color.h"
 #include "battery-util.h"
 #include "build.h"
+#include "log.h"
 #include "main-func.h"
 #include "pretty-print.h"
 

src/analyze/analyze-compare-versions.c

@@ -4,6 +4,7 @@
 
 #include "analyze-compare-versions.h"
 #include "compare-operator.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 #include "strv.h"

src/analyze/analyze-time-data.h

@@ -3,6 +3,7 @@
 
 #include "sd-bus.h"
 
+#include "memory-util.h"
 #include "time-util.h"
 #include "unit-def.h"
 

src/analyze/analyze-verify-util.c

@@ -31,7 +31,7 @@ static void log_syntax_callback(const char *unit, int level, void *userdata) {
 
         r = set_put_strdup(s, unit);
         if (r < 0) {
-                set_free_free(*s);
+                set_free(*s);
                 *s = POINTER_MAX;
         }
 }
@@ -265,7 +265,7 @@ static int verify_unit(Unit *u, bool check_man, const char *root) {
 static void set_destroy_ignore_pointer_max(Set **s) {
         if (*s == POINTER_MAX)
                 return;
-        set_free_free(*s);
+        set_free(*s);
 }
 
 int verify_units(

src/basic/alloc-util.c

@@ -6,7 +6,6 @@
 
 #include "alloc-util.h"
 #include "macro.h"
-#include "memory-util.h"
 
 void* memdup(const void *p, size_t l) {
         void *ret;

src/basic/alloc-util.h

@@ -7,7 +7,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "assert-util.h"
 #include "macro.h"
+#include "memory-util.h"
 
 #if HAS_FEATURE_MEMORY_SANITIZER
 #  include <sanitizer/msan_interface.h>
@@ -266,5 +268,3 @@ _alloc_(2) static inline void *realloc0(void *p, size_t new_size) {
 
         return q;
 }
-
-#include "memory-util.h"

src/basic/argv-util.c

@@ -8,6 +8,7 @@
 #include "argv-util.h"
 #include "capability-util.h"
 #include "errno-util.h"
+#include "log.h"
 #include "missing_sched.h"
 #include "parse-util.h"
 #include "path-util.h"

src/basic/argv-util.h

@@ -3,6 +3,7 @@
 
 #include <stdbool.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 extern int saved_argc;

src/basic/assert-util.c

@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <stdio.h>
+
+#include "assert-util.h"
+#include "errno-util.h"
+#include "log.h"
+
+static bool assert_return_is_critical = BUILD_MODE_DEVELOPER;
+
+/* Akin to glibc's __abort_msg; which is private and we hence cannot
+ * use here. */
+static char *log_abort_msg = NULL;
+
+void log_set_assert_return_is_critical(bool b) {
+        assert_return_is_critical = b;
+}
+
+bool log_get_assert_return_is_critical(void) {
+        return assert_return_is_critical;
+}
+
+static void log_assert(
+        int level,
+        const char *text,
+        const char *file,
+        int line,
+        const char *func,
+        const char *format) {
+
+        static char buffer[LINE_MAX];
+
+        if (_likely_(LOG_PRI(level) > log_get_max_level()))
+                return;
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        (void) snprintf(buffer, sizeof buffer, format, text, file, line, func);
+        REENABLE_WARNING;
+
+        log_abort_msg = buffer;
+
+        log_dispatch_internal(level, 0, file, line, func, NULL, NULL, NULL, NULL, buffer);
+}
+
+_noreturn_ void log_assert_failed(const char *text, const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, text, file, line, func,
+                   "Assertion '%s' failed at %s:%u, function %s(). Aborting.");
+        abort();
+}
+
+_noreturn_ void log_assert_failed_unreachable(const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, "Code should not be reached", file, line, func,
+                   "%s at %s:%u, function %s(). Aborting. 💥");
+        abort();
+}
+
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
+
+        if (assert_return_is_critical)
+                log_assert_failed(text, file, line, func);
+
+        PROTECT_ERRNO;
+        log_assert(LOG_DEBUG, text, file, line, func,
+                   "Assertion '%s' failed at %s:%u, function %s(), ignoring.");
+}

src/basic/assert-util.h

@@ -0,0 +1,84 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "assert-fundamental.h"
+#include "macro.h"
+
+/* Logging for various assertions */
+
+void log_set_assert_return_is_critical(bool b);
+bool log_get_assert_return_is_critical(void) _pure_;
+
+_noreturn_ void log_assert_failed(const char *text, const char *file, int line, const char *func);
+_noreturn_ void log_assert_failed_unreachable(const char *file, int line, const char *func);
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func);
+
+#ifdef __COVERITY__
+
+/* Use special definitions of assertion macros in order to prevent
+ * false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer
+ * for uses of assert_se() and assert_return().
+ *
+ * These definitions make expression go through a (trivial) function
+ * call to ensure they are not discarded. Also use ! or !! to ensure
+ * the boolean expressions are seen as such.
+ *
+ * This technique has been described and recommended in:
+ * https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects
+ */
+
+extern void __coverity_panic__(void);
+
+static inline void __coverity_check__(int condition) {
+        if (!condition)
+                __coverity_panic__();
+}
+
+static inline int __coverity_check_and_return__(int condition) {
+        return condition;
+}
+
+#define assert_message_se(expr, message) __coverity_check__(!!(expr))
+
+#define assert_log(expr, message) __coverity_check_and_return__(!!(expr))
+
+#else  /* ! __COVERITY__ */
+
+#define assert_message_se(expr, message)                                \
+        do {                                                            \
+                if (_unlikely_(!(expr)))                                \
+                        log_assert_failed(message, PROJECT_FILE, __LINE__, __func__); \
+        } while (false)
+
+#define assert_log(expr, message) ((_likely_(expr))                     \
+        ? (true)                                                        \
+        : (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __func__), false))
+
+#endif  /* __COVERITY__ */
+
+#define assert_se(expr) assert_message_se(expr, #expr)
+
+/* We override the glibc assert() here. */
+#undef assert
+#ifdef NDEBUG
+#define assert(expr) ({ if (!(expr)) __builtin_unreachable(); })
+#else
+#define assert(expr) assert_message_se(expr, #expr)
+#endif
+
+#define assert_not_reached()                                            \
+        log_assert_failed_unreachable(PROJECT_FILE, __LINE__, __func__)
+
+#define assert_return(expr, r)                                          \
+        do {                                                            \
+                if (!assert_log(expr, #expr))                           \
+                        return (r);                                     \
+        } while (false)
+
+#define assert_return_errno(expr, r, err)                               \
+        do {                                                            \
+                if (!assert_log(expr, #expr)) {                         \
+                        errno = err;                                    \
+                        return (r);                                     \
+                }                                                       \
+        } while (false)

src/basic/build.c

@@ -6,6 +6,7 @@
 #include "ansi-color.h"
 #include "build.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 #include "terminal-util.h"

src/basic/cap-list.c

@@ -8,6 +8,7 @@
 #include "capability-util.h"
 #include "cap-list.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "stdio-util.h"

src/basic/capability-util.c

@@ -20,6 +20,7 @@
 #include "macro.h"
 #include "parse-util.h"
 #include "pidref.h"
+#include "process-util.h"
 #include "stat-util.h"
 #include "user-util.h"
 

src/basic/chattr-util.c

@@ -10,6 +10,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 

src/basic/compress.c

@@ -27,6 +27,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "sparse-endian.h"
 #include "string-table.h"

src/basic/confidential-virt.c

@@ -14,6 +14,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "log.h"
 #include "string-table.h"
 #include "utf8.h"
 

src/basic/dlfcn-util.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "dlfcn-util.h"
+#include "log.h"
 
 static int dlsym_many_or_warnv(void *dl, int log_level, va_list ap) {
         void (**fn)(void);

src/basic/dlfcn-util.h

@@ -3,6 +3,7 @@
 
 #include <dlfcn.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 static inline void* safe_dlclose(void *dl) {

src/basic/efivars.c

@@ -15,6 +15,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "memory-util.h"
 #include "missing_fs.h"

src/basic/env-file.c

@@ -7,6 +7,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "log.h"
 #include "string-util.h"
 #include "strv.h"
 #include "tmpfile-util.h"

src/basic/env-util.c

@@ -11,6 +11,7 @@
 #include "errno-util.h"
 #include "escape.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "path-util.h"

src/basic/errno-util.h

@@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 /* strerror(3) says that glibc uses a maximum length of 1024 bytes. */

src/basic/ether-addr-util.c

@@ -8,6 +8,7 @@
 
 #include "ether-addr-util.h"
 #include "hexdecoct.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 

src/basic/fd-util.c

@@ -15,6 +15,7 @@
 #include "fileio.h"
 #include "fs-util.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "missing_fcntl.h"
 #include "missing_fs.h"
@@ -1001,13 +1002,13 @@ int fd_verify_safe_flags_full(int fd, int extra_flags) {
         if (flags < 0)
                 return -errno;
 
-        unexpected_flags = flags & ~(O_ACCMODE|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
+        unexpected_flags = flags & ~(O_ACCMODE_STRICT|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
         if (unexpected_flags != 0)
                 return log_debug_errno(SYNTHETIC_ERRNO(EREMOTEIO),
                                        "Unexpected flags set for extrinsic fd: 0%o",
                                        (unsigned) unexpected_flags);
 
-        return flags & (O_ACCMODE | extra_flags); /* return the flags variable, but remove the noise */
+        return flags & (O_ACCMODE_STRICT | extra_flags); /* return the flags variable, but remove the noise */
 }
 
 int read_nr_open(void) {
@@ -1132,7 +1133,7 @@ int fds_are_same_mount(int fd1, int fd2) {
 }
 
 const char* accmode_to_string(int flags) {
-        switch (flags & O_ACCMODE) {
+        switch (flags & O_ACCMODE_STRICT) {
         case O_RDONLY:
                 return "ro";
         case O_WRONLY:

src/basic/fd-util.h

@@ -8,6 +8,7 @@
 #include <sys/socket.h>
 
 #include "macro.h"
+#include "memory-util.h"
 #include "missing_fcntl.h"
 #include "stdio-util.h"
 

src/basic/format-ifname.c

@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "format-ifname.h"
+#include "log.h"
+#include "stdio-util.h"
 #include "string-util.h"
 
 assert_cc(STRLEN("%") + DECIMAL_STR_MAX(int) <= IF_NAMESIZE);

src/basic/fs-util.c

@@ -1036,7 +1036,7 @@ int open_mkdir_at_full(int dirfd, const char *path, int flags, XOpenFlags xopen_
 
         if (flags & ~(O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_EXCL|O_NOATIME|O_NOFOLLOW|O_PATH))
                 return -EINVAL;
-        if ((flags & O_ACCMODE) != O_RDONLY)
+        if ((flags & O_ACCMODE_STRICT) != O_RDONLY)
                 return -EINVAL;
 
         /* Note that O_DIRECTORY|O_NOFOLLOW is implied, but we allow specifying it anyway. The following

src/basic/gcrypt-util.c

@@ -4,6 +4,7 @@
 
 #include "gcrypt-util.h"
 #include "hexdecoct.h"
+#include "log.h"
 
 static void *gcrypt_dl = NULL;
 
@@ -105,39 +106,4 @@ int initialize_libgcrypt(bool secmem) {
 
         return 0;
 }
-
-#  if !PREFER_OPENSSL
-int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
-        _cleanup_(sym_gcry_md_closep) gcry_md_hd_t md = NULL;
-        gcry_error_t err;
-        size_t hash_size;
-        void *hash;
-        char *enc;
-        int r;
-
-        r = initialize_libgcrypt(false);
-        if (r < 0)
-                return r;
-
-        hash_size = sym_gcry_md_get_algo_dlen(md_algorithm);
-        assert(hash_size > 0);
-
-        err = sym_gcry_md_open(&md, md_algorithm, 0);
-        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
-                return -EIO;
-
-        sym_gcry_md_write(md, s, len);
-
-        hash = sym_gcry_md_read(md, 0);
-        if (!hash)
-                return -EIO;
-
-        enc = hexmem(hash, hash_size);
-        if (!enc)
-                return -ENOMEM;
-
-        *out = enc;
-        return 0;
-}
-#  endif
 #endif

src/basic/gcrypt-util.h

@@ -11,6 +11,7 @@
 
 #include "dlfcn-util.h"
 #include "macro.h"
+#include "memory-util.h"
 
 extern DLSYM_PROTOTYPE(gcry_md_close);
 extern DLSYM_PROTOTYPE(gcry_md_copy);
@@ -63,25 +64,3 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gcry_md_hd_t, gcry_md_close, NULL);
                 (h__)->buf[(h__)->bufpos++] = (c) & 0xff;  \
         } while(false)
 #endif
-
-#if !PREFER_OPENSSL
-#  if HAVE_GCRYPT
-int string_hashsum(const char *s, size_t len, int md_algorithm, char **out);
-#  endif
-
-static inline int string_hashsum_sha224(const char *s, size_t len, char **out) {
-#  if HAVE_GCRYPT
-        return string_hashsum(s, len, GCRY_MD_SHA224, out);
-#  else
-        return -EOPNOTSUPP;
-#  endif
-}
-
-static inline int string_hashsum_sha256(const char *s, size_t len, char **out) {
-#  if HAVE_GCRYPT
-        return string_hashsum(s, len, GCRY_MD_SHA256, out);
-#  else
-        return -EOPNOTSUPP;
-#  endif
-}
-#endif

src/basic/glob-util.c

@@ -8,6 +8,7 @@
 #include "dirent-util.h"
 #include "errno-util.h"
 #include "glob-util.h"
+#include "log.h"
 #include "macro.h"
 #include "path-util.h"
 #include "strv.h"

src/basic/hashmap.c

@@ -12,6 +12,7 @@
 #include "alloc-util.h"
 #include "fileio.h"
 #include "hashmap.h"
+#include "log.h"
 #include "logarithm.h"
 #include "macro.h"
 #include "memory-util.h"
@@ -912,24 +913,20 @@ static void hashmap_free_no_clear(HashmapBase *h) {
                 free(h);
 }
 
-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+HashmapBase* _hashmap_free(HashmapBase *h) {
         if (h) {
-                _hashmap_clear(h, default_free_key, default_free_value);
+                _hashmap_clear(h);
                 hashmap_free_no_clear(h);
         }
 
         return NULL;
 }
 
-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
-        free_func_t free_key, free_value;
+void _hashmap_clear(HashmapBase *h) {
         if (!h)
                 return;
 
-        free_key = h->hash_ops->free_key ?: default_free_key;
-        free_value = h->hash_ops->free_value ?: default_free_value;
-
-        if (free_key || free_value) {
+        if (h->hash_ops->free_key || h->hash_ops->free_value) {
 
                 /* If destructor calls are defined, let's destroy things defensively: let's take the item out of the
                  * hash table, and only then call the destructor functions. If these destructors then try to unregister
@@ -941,11 +938,11 @@ void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t de
 
                         v = _hashmap_first_key_and_value(h, true, &k);
 
-                        if (free_key)
-                                free_key(k);
+                        if (h->hash_ops->free_key)
+                                h->hash_ops->free_key(k);
 
-                        if (free_value)
-                                free_value(v);
+                        if (h->hash_ops->free_value)
+                                h->hash_ops->free_value(v);
                 }
         }
 
@@ -1780,7 +1777,7 @@ HashmapBase* _hashmap_copy(HashmapBase *h  HASHMAP_DEBUG_PARAMS) {
         }
 
         if (r < 0)
-                return _hashmap_free(copy, NULL, NULL);
+                return _hashmap_free(copy);
 
         return copy;
 }

src/basic/hashmap.h

@@ -88,15 +88,17 @@ OrderedHashmap* _ordered_hashmap_new(const struct hash_ops *hash_ops  HASHMAP_DE
 #define hashmap_new(ops) _hashmap_new(ops  HASHMAP_DEBUG_SRC_ARGS)
 #define ordered_hashmap_new(ops) _ordered_hashmap_new(ops  HASHMAP_DEBUG_SRC_ARGS)
 
-#define hashmap_free_and_replace(a, b)          \
+#define hashmap_free_and_replace(a, b)                          \
         free_and_replace_full(a, b, hashmap_free)
+#define ordered_hashmap_free_and_replace(a, b)                  \
+        free_and_replace_full(a, b, ordered_hashmap_free)
 
-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
+HashmapBase* _hashmap_free(HashmapBase *h);
 static inline Hashmap* hashmap_free(Hashmap *h) {
-        return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
+        return (void*) _hashmap_free(HASHMAP_BASE(h));
 }
 static inline OrderedHashmap* ordered_hashmap_free(OrderedHashmap *h) {
-        return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
+        return (void*) _hashmap_free(HASHMAP_BASE(h));
 }
 
 IteratedCache* iterated_cache_free(IteratedCache *cache);
@@ -264,12 +266,12 @@ static inline bool ordered_hashmap_iterate(OrderedHashmap *h, Iterator *i, void
         return _hashmap_iterate(HASHMAP_BASE(h), i, value, key);
 }
 
-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
+void _hashmap_clear(HashmapBase *h);
 static inline void hashmap_clear(Hashmap *h) {
-        _hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(h));
 }
 static inline void ordered_hashmap_clear(OrderedHashmap *h) {
-        _hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(h));
 }
 
 /*
@@ -329,27 +331,6 @@ static inline void *ordered_hashmap_first_key(OrderedHashmap *h) {
         return _hashmap_first_key(HASHMAP_BASE(h), false);
 }
 
-#define hashmap_clear_with_destructor(h, f)                     \
-        ({                                                      \
-                Hashmap *_h = (h);                              \
-                void *_item;                                    \
-                while ((_item = hashmap_steal_first(_h)))       \
-                        f(_item);                               \
-                _h;                                             \
-        })
-#define hashmap_free_with_destructor(h, f)                      \
-        hashmap_free(hashmap_clear_with_destructor(h, f))
-#define ordered_hashmap_clear_with_destructor(h, f)                     \
-        ({                                                              \
-                OrderedHashmap *_h = (h);                               \
-                void *_item;                                            \
-                while ((_item = ordered_hashmap_steal_first(_h)))       \
-                        f(_item);                                       \
-                _h;                                                     \
-        })
-#define ordered_hashmap_free_with_destructor(h, f)                      \
-        ordered_hashmap_free(ordered_hashmap_clear_with_destructor(h, f))
-
 /* no hashmap_next */
 void* ordered_hashmap_next(OrderedHashmap *h, const void *key);
 

src/basic/hostname-util.c

@@ -10,6 +10,7 @@
 #include "alloc-util.h"
 #include "env-file.h"
 #include "hostname-util.h"
+#include "log.h"
 #include "os-util.h"
 #include "string-util.h"
 #include "strv.h"