NEWS

@@ -34,37 +34,6 @@ CHANGES WITH 248:
           allows the implementation of a service to provide key information
           dynamically, at the moment when it is needed.
 
-        * When the hostname is set explicitly to "localhost", systemd-hostnamed
-          will respect this. Previously such a setting would be mostly silently
-          ignored. The goal is to honour configuration as specified by the
-          user.
-
-        * The fallback hostname that will be used by the system manager and
-          systemd-hostnamed can now be configured in two new ways: by setting
-          DEFAULT_HOSTNAME= in os-release(5), or by setting
-          $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
-          also be configured during compilation. The environment variable is
-          intended for testing and local overrides, the os-release(5) field is
-          intended to allow customization by different variants of a
-          distribution that share the same compiled packages.
-
-        * The environment block of the manager itself may be configured through
-          a new ManagerEnvironment= setting in system.conf or user.conf. This
-          complements existing ways to set the environment block (the kernel
-          command line for the system manager, the inherited environment and
-          user@.service unit file settings for the user manager).
-
-        * systemd-hostnamed now exports the default hostname and the source of
-          the configured hostname ("static", "transient", or "default") as
-          D-Bus properties.
-
-        * systemd-hostnamed now exports the "HardwareVendor" and
-          "HardwareModel" D-Bus properties, which are supposed to contain a
-          pair of cleaned up, human readable strings describing the system's
-          vendor and model. It's typically sourced from the firmware's DMI
-          tables, but may be augmented from a new hwdb database. hostnamectl
-          shows this in the status output.
-
         * Support has been added to systemd-cryptsetup for extracting the
           PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
           metadata header. This allows the information how to open the
@@ -113,12 +82,7 @@ CHANGES WITH 248:
           ConditionCPUFeature=rdrand will condition a unit so that it is only
           run when the system CPU supports the RDRAND opcode.
 
-        * The existing ConditionControlGroupController= setting has been
-          extended with two new values "v1" and "v2". "v2" means that the
-          unified v2 cgroup hierachy is used, and "v1" means that legacy v1
-          hierarchy or the hybrid hierarchy are used.
-
-        * The tables of system calls in seccomp filters are now automatically
+        * The tables of system calls in seccomps filters are now automatically
           generated from kernel lists exported on
           https://fedora.juszkiewicz.com.pl/syscalls.html.
 
@@ -223,10 +187,8 @@ CHANGES WITH 248:
           as device properties under the /sys/class/dmi/id/ pseudo device.
 
         * /dev/ is not mounted noexec anymore. This didn't provide any
-          significant security benefits and would conflict with the executable
-          mappings used with /dev/sgx device nodes. The previous behaviour can
-          be restored for individual services with NoExecPaths=/dev (or by allow-
-          listing and excluding /dev from ExecPaths=).
+          significant security benefits and would conflicts with the executable
+          mappings used with /dev/sgx device nodes.
 
         * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
           and /dev/vhost-net are owned by the kvm group.
@@ -299,6 +261,22 @@ CHANGES WITH 248:
         * systemd-stdio-bridge gained --system/--user options to connect to the
           system bus (previous default) or the user session bus.
 
+        * When the hostname is set explicitly to "localhost", systemd-hostnamed
+          will respect this. Previously such a setting would be mostly silently
+          ignored. The goal is to honour configuration as specified by the
+          user.
+
+        * systemd-hostnamed now exports the default hostname and the source of
+          the configured hostname ("static", "transient", or "default") as
+          D-Bus properties.
+
+        * systemd-hostnamed now exports the "HardwareVendor" and
+          "HardwareModel" D-Bus properties, which are supposed to contain a
+          pair of cleaned up, human readable strings describing the system's
+          vendor and model. It's typically sourced from the firmware's DMI
+          tables, but may be augmented from a new hwdb database. hostnamectl
+          shows this in the status output.
+
         * systemd-localed may now call locale-gen to generate missing locales
           on-demand (UTF-8-only). This improves integration with Debian-based
           distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.

README

@@ -126,9 +126,6 @@ REQUIREMENTS:
         Required for systemd-nspawn:
           CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
 
-        Required for systemd-oomd:
-          CONFIG_PSI
-
         Note that kernel auditing is broken when used with systemd's
         container code. When using systemd in conjunction with
         containers, please make sure to either turn off auditing at

man/systemd.generator.xml

@@ -47,13 +47,12 @@
 
   <refsect1>
     <title>Description</title>
-    <para>Generators are small executables placed in <filename>&systemgeneratordir;/</filename> and other
-    directories listed above.
-    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will execute
-    these binaries very early at bootup and at configuration reload time — before unit files are
-    loaded. Their main purpose is to convert configuration that is not native to the service manager into
-    dynamically generated unit files, symlinks or unit file drop-ins, so that they can extend the unit file
-    hierarchy the service manager subsequently loads and operates on.</para>
+    <para>Generators are small executables that live in
+    <filename>&systemgeneratordir;/</filename> and other directories listed above.
+    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    will execute those binaries very early at bootup and at configuration reload time
+    — before unit files are loaded. Their main purpose is to convert configuration
+    that is not native into dynamically generated unit files.</para>
 
     <para>Each generator is called with three directory paths that are to be used for
     generator output. In these three directories, generators may dynamically generate
@@ -156,15 +155,17 @@
       </listitem>
 
       <listitem>
-        <para>Generators are run very early at boot and cannot rely on any external services. They may not
-        talk to any other process. That includes simple things such as logging to <citerefentry
-        project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>, or
-        <command>systemd</command> itself (this means: no
+        <para>Generators are run very early at boot and cannot rely on any external
+        services. They may not talk to any other process. That includes simple things
+        such as logging to
+        <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+        or <command>systemd</command> itself (this means: no
         <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>)!
-        Non-essential file systems like <filename>/var/</filename> and <filename>/home/</filename> are
-        mounted after generators have run. Generators can however rely on the most basic kernel functionality
-        to be available, as well as mounted <filename>/sys/</filename>, <filename>/proc/</filename>,
-        <filename>/dev/</filename>, <filename>/usr/</filename> and <filename>/run/</filename> file systems.
+        Non-essential file systems like <filename>/var/</filename> and
+        <filename>/home/</filename> are mounted after generators have run. Generators
+        can however rely on the most basic kernel functionality to be available,
+        including a mounted <filename>/sys/</filename>, <filename>/proc/</filename>,
+        <filename>/dev/</filename>, <filename>/usr/</filename>.
         </para>
       </listitem>
 
@@ -175,18 +176,12 @@
       </listitem>
 
       <listitem>
-        <para>Generators should only be used to generate unit files, <filename>.d/*.conf</filename> drop-ins
-        for them and symlinks to them, not any other kind of non-unit related configuration. Due to the
-        lifecycle logic mentioned above, generators are not a good fit to generate dynamic configuration for
-        other services. If you need to generate dynamic configuration for other services, do so in normal
-        services you order before the service in question.</para>
-
-        <para>Note that using the <varname>StandardInputData=</varname>/<varname>StandardInputText=</varname>
-        settings of service unit files (see
-        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>), it
-        is possible to make arbitrary input data (including daemon-specific configuration) part of the unit
-        definitions, which often might be sufficient to embed data or configuration for other programs into
-        unit files in a native fashion.</para>
+        <para>Generators should only be used to generate unit files and symlinks to
+        them, not any other kind of configuration. Due to the lifecycle logic
+        mentioned above, generators are not a good fit to generate dynamic
+        configuration for other services. If you need to generate dynamic
+        configuration for other services, do so in normal services you order before
+        the service in question.</para>
       </listitem>
 
       <listitem>

man/systemd.xml

@@ -609,24 +609,6 @@
   <refsect1>
     <title>Environment</title>
 
-    <para>The environment block for the system manager is initially set by the kernel. (In particular,
-    <literal>key=value</literal> assignments on the kernel command line are returned into environment
-    variables for PID 1). For the user manager, the system manager sets the environment as described in the
-    "Environment Variables in Spawned Processes" section of
-    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
-    <varname>DefaultEnvironment=</varname> setting in the system manager applies to all services including
-    <filename>user@.service</filename>. Additional entries may be configured (as for any other service)
-    through the <varname>Environment=</varname> and <varname>EnvironmentFile=</varname> settings for
-    <filename>user@.service</filename> (see
-    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>). Also,
-    additional environment variables may be set through the <varname>ManagerEnvironment=</varname> setting in
-    <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-    and
-    <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-    </para>
-
-    <para>Some of the variables understood by <command>systemd</command>:</para>
-
     <variablelist class='environment-variables'>
       <varlistentry>
         <term><varname>$SYSTEMD_LOG_COLOR</varname></term>
@@ -1108,11 +1090,12 @@
       only the options described below are understood. Nevertheless, <command>systemd</command> is usually
       started in this mode through the
       <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      service, which is shared between all users. It may be more convenient to use configuration files to
+      service, which is shared between all users, and it may be more convenient to use configuration files to
       modify settings (see
       <citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
-      or environment variables. See the "Environment" section above for a discussion of how the environment
-      block is set.</para>
+      or a drop-in that specifies one of the environment variables listed above in the Environment section
+      (see the discussion of <varname>Environment=</varname> and <varname>EnvironmentFile=</varname> in
+      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
 
       <variablelist>
         <varlistentry>

src/boot/efi/stub.c

@@ -84,14 +84,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
                 if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS)
                         efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0);
 
-        /* If LoaderImageIdentifier is not set, assume the image with this stub was loaded directly from the
-         * UEFI firmware without any boot loader, and hence set the LoaderImageIdentifier ourselves. Note
-         * that some boot chain loaders neither set LoaderImageIdentifier nor make FilePath available to us,
-         * in which case there's simple nothing to set for us. (The UEFI spec doesn't really say who's wrong
-         * here, i.e. whether FilePath may be NULL or not, hence handle this gracefully and check if FilePath
-         * is non-NULL explicitly.) */
-        if (efivar_get_raw(LOADER_GUID, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS &&
-            loaded_image->FilePath) {
+        /* if LoaderImageIdentifier is not set, assume the image with this stub was loaded directly from UEFI */
+        if (efivar_get_raw(LOADER_GUID, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS) {
                 _cleanup_freepool_ CHAR16 *s;
 
                 s = DevicePathToStr(loaded_image->FilePath);

src/core/execute.c

@@ -3202,16 +3202,11 @@ static int apply_mount_namespace(
 
         if (MANAGER_IS_SYSTEM(u->manager)) {
                 propagate_dir = path_join("/run/systemd/propagate/", u->id);
-                if (!propagate_dir) {
-                        r = -ENOMEM;
-                        goto finalize;
-                }
-
+                if (!propagate_dir)
+                        return -ENOMEM;
                 incoming_dir = strdup("/run/systemd/incoming");
-                if (!incoming_dir) {
-                        r = -ENOMEM;
-                        goto finalize;
-                }
+                if (!incoming_dir)
+                        return -ENOMEM;
         }
 
         r = setup_namespace(root_dir, root_image, context->root_image_options,

src/core/main.c

@@ -700,24 +700,26 @@ static int parse_config_file(void) {
                 {}
         };
 
-        _cleanup_strv_free_ char **files = NULL, **dirs = NULL;
-        const char *suffix;
+        _cleanup_strv_free_ char **_free_files = NULL, **_free_dirs = NULL;
+
+        const char *const *files, *const *dirs, *suffix;
         int r;
 
-        if (arg_system)
+        if (arg_system) {
+                files = STRV_MAKE_CONST(PKGSYSCONFDIR "/system.conf");
+                dirs = (const char* const*) CONF_PATHS_STRV("systemd");
                 suffix = "system.conf.d";
-        else {
-                r = manager_find_user_config_paths(&files, &dirs);
+        } else {
+                r = manager_find_user_config_paths(&_free_files, &_free_dirs);
                 if (r < 0)
                         return log_error_errno(r, "Failed to determine config file paths: %m");
-
+                files = (const char* const*) _free_files;
+                dirs = (const char* const*) _free_dirs;
                 suffix = "user.conf.d";
         }
 
         (void) config_parse_many(
-                        (const char* const*) (files ?: STRV_MAKE(PKGSYSCONFDIR "/system.conf")),
-                        (const char* const*) (dirs ?: CONF_PATHS_STRV("systemd")),
-                        suffix,
+                        files, dirs, suffix,
                         "Manager\0",
                         config_item_table_lookup, items,
                         CONFIG_PARSE_WARN,

src/kernel-install/meson.build

@@ -4,8 +4,7 @@ want_kernel_install = get_option('kernel-install')
 
 if want_kernel_install
         install_data('kernel-install',
-                     install_mode : 'rwxr-xr-x',
-                     install_dir : bindir)
+                     install_mode : 'rwxr-xr-x')
 
         install_data('00-entry-directory.install',
                      '50-depmod.install',

src/libsystemd-network/icmp6-util.c

@@ -162,7 +162,7 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst,
         };
         struct cmsghdr *cmsg;
         struct in6_addr addr = {};
-        triple_timestamp t = {};
+        triple_timestamp t;
         ssize_t len;
 
         iov = IOVEC_MAKE(buffer, size);

src/resolve/resolved-dns-transaction.c

@@ -121,10 +121,10 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) {
                 }
 
                 LIST_REMOVE(transactions_by_scope, t->scope->transactions, t);
+        }
 
         if (t->id != 0)
                 hashmap_remove(t->scope->manager->dns_transactions, UINT_TO_PTR(t->id));
-        }
 
         while ((c = set_steal_first(t->notify_query_candidates)))
                 set_remove(c->transactions, t);

src/resolve/resolved-manager.c

@@ -548,13 +548,7 @@ static int manager_watch_hostname(Manager *m) {
 
         r = determine_hostname(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
         if (r < 0) {
-                _cleanup_free_ char *d = NULL;
-
-                d = fallback_hostname();
-                if (!d)
-                        return log_oom();
-
-                log_info("Defaulting to hostname '%s'.", d);
+                log_info("Defaulting to hostname '%s'.", fallback_hostname());
 
                 r = make_fallback_hostnames(&m->full_hostname, &m->llmnr_hostname, &m->mdns_hostname);
                 if (r < 0)

src/shared/bootspec.c

@@ -1033,16 +1033,6 @@ static int verify_fsroot_dir(
                                       SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
                                       "Block device node of \"%s\" is invalid.", path);
 
-        if (path_equal(path, "/")) {
-                /* Let's assume that the root directory of the OS is always the root of its file system
-                 * (which technically doesn't have to be the case, but it's close enough, and it's not easy
-                 * to be fully correct for it, since we can't look further up than the root dir easily.) */
-                if (ret_dev)
-                        *ret_dev = st.st_dev;
-
-                return 0;
-        }
-
         t2 = strjoina(path, "/..");
         if (stat(t2, &st2) < 0) {
                 if (errno != EACCES)
@@ -1058,7 +1048,10 @@ static int verify_fsroot_dir(
                         if (!parent)
                                 return log_oom();
 
-                        r = stat(parent, &st2) < 0 ? -errno : 0;
+                        if (stat(parent, &st2) < 0)
+                                r = -errno;
+                        else
+                                r = 0;
                 }
 
                 if (r < 0)

src/shared/dissect-image.c

@@ -2280,11 +2280,8 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
                 log_debug("No image name available, will skip extension-release metadata");
 
         for (; n_meta_initialized < _META_MAX; n_meta_initialized ++) {
-                if (!paths[n_meta_initialized]) {
-                        fds[2*n_meta_initialized] = fds[2*n_meta_initialized+1] = -1;
+                if (!paths[n_meta_initialized])
                         continue;
-                }
-
                 if (pipe2(fds + 2*n_meta_initialized, O_CLOEXEC) < 0) {
                         r = -errno;
                         goto finish;
@@ -2438,8 +2435,11 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
         strv_free_and_replace(m->extension_release, extension_release);
 
 finish:
-        for (k = 0; k < n_meta_initialized; k++)
+        for (k = 0; k < n_meta_initialized; k++) {
+                if (!paths[k])
+                        continue;
                 safe_close_pair(fds + 2*k);
+        }
 
         return r;
 }

src/shared/serialize.c

@@ -175,7 +175,7 @@ int deserialize_dual_timestamp(const char *value, dual_timestamp *t) {
 }
 
 int deserialize_environment(const char *value, char ***list) {
-        _cleanup_free_ char *unescaped = NULL;
+        char *unescaped;
         int r;
 
         assert(value);
@@ -187,10 +187,9 @@ int deserialize_environment(const char *value, char ***list) {
         if (r < 0)
                 return log_error_errno(r, "Failed to unescape: %m");
 
-        r = strv_env_replace_consume(list, TAKE_PTR(unescaped));
+        r = strv_env_replace_consume(list, unescaped);
         if (r < 0)
                 return log_error_errno(r, "Failed to append environment variable: %m");
-
         return 0;
 }
 

units/systemd-oomd.service.in

@@ -13,10 +13,6 @@ Documentation=man:systemd-oomd.service(8)
 DefaultDependencies=no
 Before=multi-user.target shutdown.target
 Conflicts=shutdown.target
-ConditionControlGroupController=v2
-ConditionPathExists=/proc/pressure/cpu
-ConditionPathExists=/proc/pressure/io
-ConditionPathExists=/proc/pressure/memory
 
 [Service]
 AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE

zanata.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<config xmlns="http://zanata.org/namespace/config/">
+  <url>https://fedora.zanata.org/</url>
+  <project>systemd</project>
+  <project-version>master</project-version>
+  <project-type>gettext</project-type>
+  <src-dir>po</src-dir>
+  <trans-dir>po</trans-dir>
+</config>