factory/etc/nsswitch.conf

@@ -4,7 +4,7 @@ passwd:         compat systemd
 group:          compat [SUCCESS=merge] systemd
 shadow:         compat
 
-hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
+hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
 networks:       files
 
 protocols:      db files

hwdb.d/60-sensor.hwdb

@@ -90,7 +90,6 @@ sensor:modalias:acpi:KIOX0009*:dmi:*:svnAcer:pnOneS1003:*
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnAcer*:pnSwitchSW312-31:*
  ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
 
-sensor:modalias:acpi:BOSC0200*:dmi:*svn*Acer*:*pn*Spin*SP111-32*
 sensor:modalias:acpi:BOSC0200*:dmi:*svn*Acer*:*pn*Spin*SP111-33*
  ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
 

man/nss-myhostname.xml

@@ -67,12 +67,12 @@
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
     <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
-    and "traditional" modules like <literal>dns</literal>, or after them. In the first version, well-known
-    names like <literal>localhost</literal> and the machine hostname are given higher priority than the
-    external configuration. This is recommended when the external DNS servers and network are not absolutely
-    trusted. In the second version, external configuration is given higher priority and
-    <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable in closely
-    controlled networks, for example on a company LAN.</para>
+    and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
+    first version, well-known names like <literal>localhost</literal> and the machine hostname are given
+    higher priority than the external configuration. This is recommended when the external DNS servers and
+    network are not absolutely trusted. In the second version, external configuration is given higher
+    priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
+    in closely controlled networks, for example on a company LAN.</para>
   </refsect1>
 
   <refsect1>
@@ -83,11 +83,11 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
 <programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
+group:          compat systemd
 shadow:         compat
 
-# Either (untrusted network, see above):
-hosts:          mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
+# Either (untrusted network):
+hosts:          mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
 # Or (only trusted networks):
 hosts:          mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
 networks:       files

man/nss-mymachines.xml

@@ -42,10 +42,10 @@
     <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or
-    <literal>dns</literal> entry of the <literal>hosts:</literal> line of
-    <filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other
-    resolvers such as DNS.</para>
+    <para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
+    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> line to make sure that its
+    mappings are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>
+    based mappings take precedence.</para>
   </refsect1>
 
   <refsect1>
@@ -56,10 +56,10 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
     <programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
+group:          compat systemd
 shadow:         compat
 
-hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
+hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
 networks:       files
 
 protocols:      db files

man/nss-resolve.xml

@@ -44,12 +44,14 @@
     <literal>dns</literal> somewhere after <literal>resolve</literal>, to fall back to
     <command>nss-dns</command> if <filename>systemd-resolved.service</filename> is not available.</para>
 
-    <para>Note that <command>systemd-resolved</command> will synthesize DNS resource records in a few cases,
-    for example for <literal>localhost</literal> and the current local hostname, see
-    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
-    the full list. This duplicates the functionality of
-    <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, but
-    it is still recommended (see examples below) to keep <command>nss-myhostname</command> configured in
+    <para>Note that <command>systemd-resolved</command> will synthesize DNS resource
+    records in a few cases, for example for <literal>localhost</literal> and the
+    current hostname, see
+    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    for the full list. This duplicates the functionality of
+    <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+    but it is still recommended (see examples below) to keep
+    <command>nss-myhostname</command> configured in
     <filename>/etc/nsswitch.conf</filename>, to keep those names resolveable if
     <command>systemd-resolved</command> is not running.</para>
   </refsect1>
@@ -62,10 +64,10 @@
 
     <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
 <programlisting>passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
+group:          compat systemd
 shadow:         compat
 
-hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
+hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> myhostname files dns
 networks:       files
 
 protocols:      db files

man/nss-systemd.xml

@@ -65,7 +65,7 @@
 group:          compat [SUCCESS=merge] <command>systemd</command>
 shadow:         compat
 
-hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
+hosts:          mymachines resolve [!UNAVAIL=return] myhostname files dns
 networks:       files
 
 protocols:      db files

src/shared/socket-netlink.c

@@ -464,14 +464,7 @@ struct in_addr_full *in_addr_full_free(struct in_addr_full *a) {
         return mfree(a);
 }
 
-int in_addr_full_new(
-                int family,
-                const union in_addr_union *a,
-                uint16_t port,
-                int ifindex,
-                const char *server_name,
-                struct in_addr_full **ret) {
-
+int in_addr_full_new(int family, union in_addr_union *a, uint16_t port, int ifindex, const char *server_name, struct in_addr_full **ret) {
         _cleanup_free_ char *name = NULL;
         struct in_addr_full *x;
 

src/shared/socket-netlink.h

@@ -45,6 +45,6 @@ struct in_addr_full {
 
 struct in_addr_full *in_addr_full_free(struct in_addr_full *a);
 DEFINE_TRIVIAL_CLEANUP_FUNC(struct in_addr_full*, in_addr_full_free);
-int in_addr_full_new(int family, const union in_addr_union *a, uint16_t port, int ifindex, const char *server_name, struct in_addr_full **ret);
+int in_addr_full_new(int family, union in_addr_union *a, uint16_t port, int ifindex, const char *server_name, struct in_addr_full **ret);
 int in_addr_full_new_from_string(const char *s, struct in_addr_full **ret);
 const char *in_addr_full_to_string(struct in_addr_full *a);

src/test/test-fs-util.c

@@ -615,8 +615,8 @@ static void test_touch_file(void) {
         assert_se(timespec_load(&st.st_mtim) == test_mtime);
 
         if (geteuid() == 0) {
-                a = strjoina(p, "/bdev");
-                r = mknod(a, 0775 | S_IFBLK, makedev(0, 0));
+                a = strjoina(p, "/cdev");
+                r = mknod(a, 0775 | S_IFCHR, makedev(0, 0));
                 if (r < 0 && errno == EPERM && detect_container() > 0) {
                         log_notice("Running in unprivileged container? Skipping remaining tests in %s", __func__);
                         return;
@@ -626,17 +626,17 @@ static void test_touch_file(void) {
                 assert_se(lstat(a, &st) >= 0);
                 assert_se(st.st_uid == test_uid);
                 assert_se(st.st_gid == test_gid);
-                assert_se(S_ISBLK(st.st_mode));
+                assert_se(S_ISCHR(st.st_mode));
                 assert_se((st.st_mode & 0777) == 0640);
                 assert_se(timespec_load(&st.st_mtim) == test_mtime);
 
-                a = strjoina(p, "/cdev");
-                assert_se(mknod(a, 0775 | S_IFCHR, makedev(0, 0)) >= 0);
+                a = strjoina(p, "/bdev");
+                assert_se(mknod(a, 0775 | S_IFBLK, makedev(0, 0)) >= 0);
                 assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
                 assert_se(lstat(a, &st) >= 0);
                 assert_se(st.st_uid == test_uid);
                 assert_se(st.st_gid == test_gid);
-                assert_se(S_ISCHR(st.st_mode));
+                assert_se(S_ISBLK(st.st_mode));
                 assert_se((st.st_mode & 0777) == 0640);
                 assert_se(timespec_load(&st.st_mtim) == test_mtime);
         }
@@ -850,12 +850,11 @@ static void test_path_is_encrypted_one(const char *p, int expect) {
         int r;
 
         r = path_is_encrypted(p);
-        if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) /* This might fail, if btrfs is used and we run in a
-                           * container. In that case we cannot resolve the device node paths that
-                           * BTRFS_IOC_DEV_INFO returns, because the device nodes are unlikely to exist in
-                           * the container. But if we can't stat() them we cannot determine the dev_t of
-                           * them, and thus cannot figure out if they are enrypted. Hence let's just ignore
-                           * ENOENT here. Also skip the test if we lack privileges. */
+        if (r == -ENOENT) /* This might fail, if btrfs is used and we run in a container. In that case we
+                           * cannot resolve the device node paths that BTRFS_IOC_DEV_INFO returns, because
+                           * the device nodes are unlikely to exist in the container. But if we can't stat()
+                           * them we cannot determine the dev_t of them, and thus cannot figure out if they
+                           * are enrypted. Hence let's just ignore ENOENT here. */
                 return;
         assert_se(r >= 0);
 

src/test/test-stat-util.c

@@ -148,7 +148,7 @@ static void test_device_path_make_canonical(void) {
         test_device_path_make_canonical_one("/dev/urandom");
         test_device_path_make_canonical_one("/dev/tty");
 
-        if (is_device_node("/run/systemd/inaccessible/blk") > 0) {
+        if (is_device_node("/run/systemd/inaccessible/chr") > 0) {
                 test_device_path_make_canonical_one("/run/systemd/inaccessible/chr");
                 test_device_path_make_canonical_one("/run/systemd/inaccessible/blk");
         }

tools/make-man-index.py

@@ -55,8 +55,7 @@ def make_index(pages):
         check_id(p, t)
         section = t.find('./refmeta/manvolnum').text
         refname = t.find('./refnamediv/refname').text
-        purpose_text = ' '.join(t.find('./refnamediv/refpurpose').itertext())
-        purpose = ' '.join(purpose_text.split())
+        purpose = ' '.join(t.find('./refnamediv/refpurpose').text.split())
         for f in t.findall('./refnamediv/refname'):
             infos = (f.text, section, purpose, refname)
             index[f.text[0].upper()].append(infos)