fix typo

- categorize entries
- add several news for networkd and udevd

NEWS

@@ -65,7 +65,7 @@ CHANGES WITH 251 in spe:
           (as exposed via the SystemCallFilter= setting in service unit files).
           It is apparently used by the linker now.
 
-        New functionality and other changes:
+        Changes for Boot Loader Specification, kernel-install and sd-boot:
 
         * kernel-install's and bootctl's Boot Loader Specification Type #1
           entry generation logic has been reworked. The user may now pick
@@ -113,6 +113,31 @@ CHANGES WITH 251 in spe:
           location. kernel-install will move them when all files have been
           prepared successfully.
 
+        * New option sort-key= has been added to the Boot Loader Specification
+          to override the sorting order of the entries in the boot menu. It is
+          read by sd-boot and bootctl, and will be written by kernel-install,
+          with the default value of IMAGE_ID= or ID= fields from
+          os-release. Together, this means that on multiboot installations,
+          entries should be grouped and sorted in a predictable way.
+
+        * The kernel-install tool gained a new 'inspect' verb which shows the
+          paths and other settings used.
+
+        * sd-boot can now optionally beep when the menu is shown and menu
+          entries are selected, which can be useful on machines without a
+          working display. (Controllable via a loader.conf setting.)
+
+        * The --make-machine-id-directory= switch to bootctl has been replaced
+          by --make-entry-directory=, given that the entry directory is not
+          necessarily named after the machine ID, but after some other suitable
+          ID as selected via --entry-token= described above. The old name of
+          the option is still understood to maximize compatibility.
+
+        * 'bootctl list' gained support for a new --json= switch to output boot
+          menu entries in JSON format.
+
+        Changes for homed:
+
         * Starting with v250 systemd-homed uses UID/GID mapping on the mounts
           of activated home directories it manages (if the kernel and selected
           file systems support it). So far it mapped three UID ranges: the
@@ -147,14 +172,7 @@ CHANGES WITH 251 in spe:
           handling, and improving compatibility with home directories intended
           to be portable like the ones managed by systemd-homed.
 
-        * The journal JSON export format has been added to listed of stable
+        Changes for shared libraries:
-          interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
-
-        * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
-          handling with the values that were configured during systemd build
-          (if /etc/locale.conf has not been created through some other
-          mechanism). This means that /etc/locale.conf should always have
-          reasonable contents and we avoid a potential mismatch in defaults.
 
         * A new libsystemd-core-<version>.so private shared library is
           installed under /usr/lib/systemd/system, mirroring the existing
@@ -170,6 +188,12 @@ CHANGES WITH 251 in spe:
           fail to execute because they were installed earlier or later than the
           appropriate version of the library.
 
+        * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
+          similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
+          format instead of simple series of hex characters.
+
+        Changes for PID1 and systemctl:
+
         * A new set of service monitor environment variables will be passed to
           OnFailure=/OnSuccess= handlers, but only if exactly one unit lists the
           handler unit as OnFailure=/OnSuccess=. The variables are:
@@ -184,50 +208,6 @@ CHANGES WITH 251 in spe:
 
           'portablectl attach --extension=' now also accepts directory paths.
 
-        * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
-          to override the values gleaned from the hwdb.
-
-        * A ID_CHASSIS property can be set in the hwdb (for the DMI device
-          /sys/class/dmi/id) to override the chassis that is reported by
-          hostnamed.
-
-        * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
-          for reading the hardware serial number, as reportd by DMI.
-
-        * Two new hwdb files have been added. One lists "handhelds" (PDAs,
-          calculators, etc.), the other AV production devices (DJ tables,
-          keypads, etc.) that should accessible to the seat owner user by
-          default.
-
-        * A new unit systemd-networkd-wait-online@<interface>.service has been
-          added that can be used to wait for a specific network interface to be
-          up.
-
-        * systemd-resolved is started earlier (in sysinit.target), so it
-          available earlier and will also be started in the initrd if installed
-          there.
-
-        * udevadm trigger gained a new --prioritized-subsystem= option to
-          process certain subsystems (and all their parent devices) earlier.
-
-          systemd-udev-trigger.service now uses this new option to trigger
-          block and TPM devices first, hopefully making the boot a bit faster.
-
-        * udevadm trigger now implements --type=all, --initialized-match,
-          --initialized-nomatch to trigger both subsystems and devices, only
-          already-initialized devices, and only devices which haven't been
-          initialized yet, respectively.
-
-        * systemd-cryptenroll can now control whether to require the user to
-          enter a PIN when using TPM-based unlocking of a volume via the new
-          --tpm2-with-pin= option.
-
-          Option tpm2-pin= can be used in /etc/crypttab.
-
-        * When unlocking devices via TPM, TPM2 parameter encryption is now
-          used, to ensure that communication between CPU and discrete TPM chips
-          cannot be eavesdropped to acquire disk encryption keys.
-
         * The user.delegate and user.invocation_id extended attributes on
           cgroups are used in addition to trusted.delegate and
           trusted.invocation_id. The latter pair requires privileges to set,
@@ -236,17 +216,6 @@ CHANGES WITH 251 in spe:
 
           (Only supported on kernels ≥5.6.)
 
-        * New option sort-key= has been added to the Boot Loader Specification
-          to override the sorting order of the entries in the boot menu. It is
-          read by sd-boot and bootctl, and will be written by kernel-install,
-          with the default value of IMAGE_ID= or ID= fields from
-          os-release. Together, this means that on multiboot installations,
-          entries should be grouped and sorted in a predictable way.
-
-        * sd-boot can now optionally beep when the menu is shown and menu
-          entries are selected, which can be useful on machines without a
-          working display. (Controllable via a loader.conf setting.)
-
         * In unit files the new %y/%Y specifiers can be used to refer to
           normalized unit file path, which is particularly useful for symlinked
           unit files.
@@ -266,15 +235,6 @@ CHANGES WITH 251 in spe:
           services, i.e. those run by the user's --user service manager, as long
           as user namespaces are enabled on the system.
 
-        * The --make-machine-id-directory= switch to bootctl has been replaced
-          by --make-entry-directory=, given that the entry directory is not
-          necessarily named after the machine ID, but after some other suitable
-          ID as selected via --entry-token= described above. The old name of
-          the option is still understood to maximize compatibility.
-
-        * 'bootctl list' gained support for a new --json= switch to output boot
-          menu entries in JSON format.
-
         * Services with Restart=always and a failing ExecCondition= will no
           longer be restarted, to bring ExecCondition= behaviour in line with
           Condition*= settings.
@@ -286,31 +246,18 @@ CHANGES WITH 251 in spe:
           that encapsulates the service's numeric cgroup ID that newer kernels
           assign to each cgroup.
 
-        * systemd-networkd gained a new [Bridge] Isolated=true|false setting
+        * PID 1 gained support for configuring the "pre-timeout" of watchdog
-          that configures the eponymous kernel attribute on the bridge.
+          devices and the associated governor, via the new
+          RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
+          options in /etc/systemd/system.conf.
 
-        * .netdev files now can be used to create virtual WLAN devices, and
+        * systemctl's --timestamp= option gained a new choice "unix", to show
-          configure various settings on them, via the [VirtualWLAN] section.
+          timestamp as unix times, i.e. seconds since 1970, Jan 1st.
 
-        * .link files gained support for [Match] Firmware= setting to match on
+        Changes for journald:
-          the device firmware description string. By mistake, it was previously
-          only supported in .network files.
 
-        * .link/.network files gained support for [Match] Kind= setting to match
+        * The journal JSON export format has been added to listed of stable
-          on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
+          interfaces (https://systemd.io/PORTABILITY_AND_STABILITY/).
-
-          This value is also shown by 'networkctl status'.
-
-        * .link files gained support for setting MDI/MID-X on a link.
-
-        * The Local= setting for various virtual network devices gained support
-          for specifying, in addition to the network address, the name of a
-          local interface which must have the specified address.
-
-        * New [DHCPServer] BootServerName=, BootServerAddress=, and
-          BootFilename= settings can be used to configure the server address,
-          server name, and file name sent in the DHCP packet (e.g. to configure
-          PXE boot).
 
         * journalctl --list-boots now supports JSON output and the --reverse option.
 
@@ -320,24 +267,113 @@ CHANGES WITH 251 in spe:
           https://systemd.io/JOURNAL_EXPORT_FORMATS
           https://systemd.io/BUILDING_IMAGES
 
-        * The sd-id128 API gained a new call sd_id128_to_uuid_string() that is
+        Changes for udev:
-          similar to sd_id128_to_string() but formats the ID in RFC 4122 UUID
+
-          format instead of simple series of hex characters.
+        * Two new hwdb files have been added. One lists "handhelds" (PDAs,
+          calculators, etc.), the other AV production devices (DJ tables,
+          keypads, etc.) that should accessible to the seat owner user by
+          default.
+
+        * udevadm trigger gained a new --prioritized-subsystem= option to
+          process certain subsystems (and all their parent devices) earlier.
+
+          systemd-udev-trigger.service now uses this new option to trigger
+          block and TPM devices first, hopefully making the boot a bit faster.
+
+        * udevadm trigger now implements --type=all, --initialized-match,
+          --initialized-nomatch to trigger both subsystems and devices, only
+          already-initialized devices, and only devices which haven't been
+          initialized yet, respectively.
+
+        * .link files gained support for setting MDI/MID-X on a link.
+
+        * .link files gained support for [Match] Firmware= setting to match on
+          the device firmware description string. By mistake, it was previously
+          only supported in .network files.
+
+        * .link files gained support for [Link] SR-IOVVirtualFunctions= setting
+          and [SR-IOV] section to configure SR-IOV virtual functions.
+
+        Changes for networkd:
+
+        * The default scope for unicast routes configured through [Route]
+          section is changed to "link", to make the behavior consistent with
+          "ip route" command. The manual configuration of [Route] Scope= is
+          still honored.
+
+        * A new unit systemd-networkd-wait-online@<interface>.service has been
+          added that can be used to wait for a specific network interface to be
+          up.
+
+        * systemd-networkd gained a new [Bridge] Isolated=true|false setting
+          that configures the eponymous kernel attribute on the bridge.
+
+        * .netdev files now can be used to create virtual WLAN devices, and
+          configure various settings on them, via the [WLAN] section.
+
+        * .link/.network files gained support for [Match] Kind= setting to match
+          on device kind ("bond", "bridge", "gre", "tun", "veth", etc.)
+
+          This value is also shown by 'networkctl status'.
+
+        * The Local= setting in .netdev files for various virtual network
+          devices gained support for specifying, in addition to the network
+          address, the name of a local interface which must have the specified
+          address.
+
+        * systemd-networkd gained a new [Tunnel] External= setting in .netdev
+          files, to configure tunnels in external mode (a.k.a. collect metadata
+          mode).
+
+        * [Network] L2TP= setting was removed. Please use interface specifier in
+          Local= setting in .netdev files of corresponding L2TP interface.
+
+        * New [DHCPServer] BootServerName=, BootServerAddress=, and
+          BootFilename= settings can be used to configure the server address,
+          server name, and file name sent in the DHCP packet (e.g. to configure
+          PXE boot).
+
+        Changes for resolved:
+
+        * systemd-resolved is started earlier (in sysinit.target), so it
+          available earlier and will also be started in the initrd if installed
+          there.
+
+        Changes for disk encryption:
+
+        * systemd-cryptenroll can now control whether to require the user to
+          enter a PIN when using TPM-based unlocking of a volume via the new
+          --tpm2-with-pin= option.
+
+          Option tpm2-pin= can be used in /etc/crypttab.
+
+        * When unlocking devices via TPM, TPM2 parameter encryption is now
+          used, to ensure that communication between CPU and discrete TPM chips
+          cannot be eavesdropped to acquire disk encryption keys.
+
+        Changes for hostnamed:
+
+        * HARDWARE_VENDOR= and HARDWARE_MODEL= can be set in /etc/machine-info
+          to override the values gleaned from the hwdb.
+
+        * A ID_CHASSIS property can be set in the hwdb (for the DMI device
+          /sys/class/dmi/id) to override the chassis that is reported by
+          hostnamed.
+
+        * hostnamed's D-Bus interface gained a new method GetHardwareSerial()
+          for reading the hardware serial number, as reportd by DMI.
+
+        Changes for other components:
+
+        * /etc/locale.conf is now populated through tmpfiles.d factory /etc/
+          handling with the values that were configured during systemd build
+          (if /etc/locale.conf has not been created through some other
+          mechanism). This means that /etc/locale.conf should always have
+          reasonable contents and we avoid a potential mismatch in defaults.
 
         * The userdbctl tool will now show UID range information as part of the
           list of known users.
 
-        * systemctl's --timestamp= option gained a new choice "unix", to show
-          timestamp as unix times, i.e. seconds since 1970, Jan 1st.
-
-        * PID 1 gained support for configuring the "pre-timeout" of watchdog
-          devices and the associated governor, via the new
-          RuntimeWatchdogPreSec= and RuntimeWatchdogPreGovernor= configuration
-          options in /etc/systemd/system.conf.
-
-        * The kernel-install tool gained a new 'inspect' verb which shows the
-          paths and other settings used.
-
         Experimental features:
 
         * sd-boot gained a new *experimental* setting "reboot-for-bitlocker" in

TODO

@@ -1352,7 +1352,7 @@ Features:
   - on login, if we can't fallocate initially, but rebalance is on, then allow
     login in discard mode, then immediately rebalance, then turn off discard
   - extend user records with optional "bulk" data. Specifically, a user
-    avatar/photo or so. This data should be stored along wiht the user record,
+    avatar/photo or so. This data should be stored along with the user record,
     but probably shouldn't be part of the record itself, since it might be
     large.
 

docs/COREDUMP_PACKAGE_METADATA.md

@@ -92,9 +92,9 @@ $ ./generate-package-notes.py --rpm systemd-248~rc2-1.fc33.arm32 --cpe cpe:/o:fe
 SECTIONS
 {
     .note.package (READONLY) : ALIGN(4) {
-        BYTE(0x04) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Owner including NUL */
+        LONG(0x0004)                                /* Length of Owner including NUL */
-        BYTE(0x7b) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Value including NUL */
+        LONG(0x007b)                                /* Length of Value including NUL */
-        BYTE(0x7e) BYTE(0x1a) BYTE(0xfe) BYTE(0xca) /* Note ID */
+        LONG(0xcafe1a7e)                            /* Note ID */
         BYTE(0x46) BYTE(0x44) BYTE(0x4f) BYTE(0x00) /* Owner: 'FDO\x00' */
         BYTE(0x7b) BYTE(0x22) BYTE(0x74) BYTE(0x79) /* Value: '{"type":"rpm","name":"systemd","version":"248~rc2-1.fc33","architecture":"arm32","osCpe":"cpe:/o:fedoraproject:fedora:33"}\x00\x00' */
         BYTE(0x70) BYTE(0x65) BYTE(0x22) BYTE(0x3a)

man/systemd.netdev.xml

@@ -193,8 +193,8 @@
           <row><entry><varname>ipoib</varname></entry>
           <entry>An IP over Infiniband subinterface.</entry></row>
 
-          <row><entry><varname>virtual-wlan</varname></entry>
+          <row><entry><varname>wlan</varname></entry>
-          <entry>A virtual local wireless network (WLAN) interface.</entry></row>
+          <entry>A virtual wireless network (WLAN) interface.</entry></row>
         </tbody>
       </tgroup>
     </table>
@@ -2186,17 +2186,16 @@
   </refsect1>
 
   <refsect1>
-    <title>[VirtualWLAN] Section Options</title>
+    <title>[WLAN] Section Options</title>
-    <para>The [VirtualWLAN] section only applies to virtual WLAN interfaces, and accepts the following
+    <para>The [WLAN] section only applies to WLAN interfaces, and accepts the following keys:</para>
-    keys:</para>
 
     <variablelist class='network-directives'>
       <varlistentry>
         <term><varname>PhysicalDevice=</varname></term>
         <listitem>
-          <para>Specifies the name or index of the WLAN physical WLAN device (e.g. <literal>0</literal>
+          <para>Specifies the name or index of the physical WLAN device (e.g. <literal>0</literal> or
-          or <literal>phy0</literal>). The list of the physical WLAN devices that exist os the host can
+          <literal>phy0</literal>). The list of the physical WLAN devices that exist os the host can be
-          be obtained by <command>iw phy</command> command. This option is mandatory.</para>
+          obtained by <command>iw phy</command> command. This option is mandatory.</para>
         </listitem>
       </varlistentry>
 

meson.build

@@ -760,6 +760,10 @@ conf.set('TIME_EPOCH', time_epoch)
 
 conf.set('CLOCK_VALID_RANGE_USEC_MAX', get_option('clock-valid-range-usec-max'))
 
+default_user_shell = get_option('default-user-shell')
+conf.set_quoted('DEFAULT_USER_SHELL',      default_user_shell)
+conf.set_quoted('DEFAULT_USER_SHELL_NAME', fs.name(default_user_shell))
+
 foreach tuple : [['system-alloc-uid-min', 'SYS_UID_MIN', 1],  # Also see login.defs(5).
                  ['system-uid-max',       'SYS_UID_MAX', 999],
                  ['system-alloc-gid-min', 'SYS_GID_MIN', 1],

meson_options.txt

@@ -220,6 +220,8 @@ option('time-epoch', type : 'integer', value : '-1',
        description : 'time epoch for time clients')
 option('clock-valid-range-usec-max', type : 'integer', value : '473364000000000', # 15 years
        description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error')
+option('default-user-shell', type : 'string', value : '/bin/bash',
+       description : 'default interactive shell')
 
 option('system-alloc-uid-min', type : 'integer', value : '-1',
        description : 'minimum system UID used when allocating')

src/core/manager.c

@@ -2644,7 +2644,7 @@ static int manager_dispatch_sigchld(sd_event_source *source, void *userdata) {
                          * We only do this for the cgroup the PID belonged to. */
                         (void) unit_check_oom(u1);
 
-                        /* We check if systemd-oomd perfomed a kill so that we log and notify appropriately */
+                        /* We check if systemd-oomd performed a kill so that we log and notify appropriately */
                         (void) unit_check_oomd_kill(u1);
 
                         manager_invoke_sigchld_event(m, u1, &si);

src/libsystemd/sd-journal/journal-file.c

@@ -1939,7 +1939,7 @@ static void schedule_post_change(JournalFile *f) {
 
         assert_se(e = sd_event_source_get_event(f->post_change_timer));
 
-        /* If we are aleady going down, post the change immediately. */
+        /* If we are already going down, post the change immediately. */
         if (IN_SET(sd_event_get_state(e), SD_EVENT_EXITING, SD_EVENT_FINISHED))
                 goto fail;
 

src/network/netdev/netdev-gperf.gperf

@@ -259,6 +259,6 @@ BatmanAdvanced.RoutingAlgorithm,          config_parse_batadv_routing_algorithm,
 IPoIB.PartitionKey,                       config_parse_ipoib_pkey,                   0,                             offsetof(IPoIB, pkey)
 IPoIB.Mode,                               config_parse_ipoib_mode,                   0,                             offsetof(IPoIB, mode)
 IPoIB.IgnoreUserspaceMulticastGroups,     config_parse_tristate,                     0,                             offsetof(IPoIB, umcast)
-VirtualWLAN.PhysicalDevice,               config_parse_wiphy,                        0,                             0
+WLAN.PhysicalDevice,                      config_parse_wiphy,                        0,                             0
-VirtualWLAN.Type,                         config_parse_wlan_iftype,                  0,                             offsetof(WLan, iftype)
+WLAN.Type,                                config_parse_wlan_iftype,                  0,                             offsetof(WLan, iftype)
-VirtualWLAN.WDS,                          config_parse_tristate,                     0,                             offsetof(WLan, wds)
+WLAN.WDS,                                 config_parse_tristate,                     0,                             offsetof(WLan, wds)

src/network/netdev/netdev.c

@@ -128,7 +128,7 @@ static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
         [NETDEV_KIND_VXCAN]     = "vxcan",
         [NETDEV_KIND_VXLAN]     = "vxlan",
         [NETDEV_KIND_WIREGUARD] = "wireguard",
-        [NETDEV_KIND_WLAN]      = "virtual-wlan",
+        [NETDEV_KIND_WLAN]      = "wlan",
         [NETDEV_KIND_XFRM]      = "xfrm",
 };
 

src/network/netdev/netdev.h

@@ -41,9 +41,9 @@
         "-VRF\0"                                  \
         "-VXCAN\0"                                \
         "-VXLAN\0"                                \
+        "-WLAN\0"                                 \
         "-WireGuard\0"                            \
         "-WireGuardPeer\0"                        \
-        "-VirtualWLAN\0"                          \
         "-Xfrm\0"
 
 typedef enum NetDevKind {

src/network/netdev/wlan.c

@@ -249,7 +249,7 @@ const NetDevVTable wlan_vtable = {
         .object_size = sizeof(WLan),
         .init = wlan_init,
         .done = wlan_done,
-        .sections = NETDEV_COMMON_SECTIONS "VirtualWLAN\0",
+        .sections = NETDEV_COMMON_SECTIONS "WLAN\0",
         .is_ready_to_create = wlan_is_ready_to_create,
         .create = wlan_create,
         .create_type = NETDEV_CREATE_INDEPENDENT,

src/nspawn/nspawn.c

@@ -3550,10 +3550,13 @@ static int inner_child(
                         /* If we cannot change the directory, we'll end up in /, that is expected. */
                         (void) chdir(home ?: "/root");
 
+                execle(DEFAULT_USER_SHELL, "-" DEFAULT_USER_SHELL_NAME, NULL, env_use);
+                if (!streq(DEFAULT_USER_SHELL, "/bin/bash"))
                         execle("/bin/bash", "-bash", NULL, env_use);
+                if (!streq(DEFAULT_USER_SHELL, "/bin/sh"))
                         execle("/bin/sh", "-sh", NULL, env_use);
 
-                exec_target = "/bin/bash, /bin/sh";
+                exec_target = DEFAULT_USER_SHELL ", /bin/bash, /bin/sh";
         }
 
         return log_error_errno(errno, "execv(%s) failed: %m", exec_target);

src/shared/user-record.c

@@ -1747,7 +1747,7 @@ const char *user_record_shell(UserRecord *h) {
                 return "/bin/sh";
 
         if (user_record_disposition(h) == USER_REGULAR)
-                return "/bin/bash";
+                return DEFAULT_USER_SHELL;
 
         return NOLOGIN;
 }

test/fuzz/fuzz-netdev-parser/directives.netdev

@@ -246,7 +246,7 @@ RoutingAlgorithm=
 PartitionKey=
 Mode=
 IgnoreUserspaceMulticastGroups=
-[VirtualWLAN]
+[WLAN]
 PhysicalDevice=
 Type=
 WDS=