15 changed files with 58 additions and 127 deletions
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -41,12 +41,6 @@ All tools:
  debugging, in order to test generators and other code against specific kernel
  command lines.
 * `$SYSTEMD_FSTAB` — if set, use this path instead of /etc/fstab. Only useful
  for debugging.
 * `$SYSTEMD_CRYPTTAB` — if set, use this path instead of /etc/crypttab. Only
  useful for debugging. Currently only supported by systemd-cryptsetup-generator.
 * `$SYSTEMD_EFI_OPTIONS` — if set, used instead of the string in SystemdOptions
  EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
@ -67,10 +61,6 @@ All tools:
  this only controls use of Unicode emoji glyphs, and has no effect on other
  Unicode glyphs.
 * `$RUNTIME_DIRECTORY` — various tools use this variable to locate the
  appropriate path under /run. This variable is also set by the manager when
  RuntimeDirectory= is used, see systemd.exec(5).
 systemctl:
 * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@ -2384,9 +2384,10 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
        in the system manager. When compiled for systems with "unmerged /usr" (<filename>/bin</filename> is
        not a symlink to <filename>/usr/bin</filename>),
        <literal>:<filename>/sbin</filename>:<filename>/bin</filename></literal> is appended. In case of the
-        the user manager, a different path may be configured by the distribution. It is recommended to not
+        the user manager, each <filename>bin/</filename> and <filename>sbin/</filename> pair is switched, so
-        rely on the order of entries, and have only one program with a given name in
+        that programs from <filename>/usr/bin</filename> have higher priority than programs from
-        <varname>$PATH</varname>.</para></listitem>
+        <filename>/usr/sbin</filename>, etc. It is recommended to not rely on this in any way, and have only
        one program with a given name in <varname>$PATH</varname>.</para></listitem>
      </varlistentry>
      <varlistentry>
@ -2435,20 +2436,6 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
        information.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><varname>$RUNTIME_DIRECTORY</varname></term>
        <term><varname>$STATE_DIRECTORY</varname></term>
        <term><varname>$CACHE_DIRECTORY</varname></term>
        <term><varname>$LOGS_DIRECTORY</varname></term>
        <term><varname>$CONFIGURATION_DIRECTORY</varname></term>
        <listitem><para>Contains and absolute paths to the directories defined with
        <varname>RuntimeDirectory=</varname>, <varname>StateDirectory=</varname>,
        <varname>CacheDirectory=</varname>, <varname>LogsDirectory=</varname>, and
        <varname>ConfigurationDirectory=</varname> when those settings are used.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><varname>$MAINPID</varname></term>
--- a/meson.build
+++ b/meson.build
@ -834,16 +834,6 @@ conf.set10('ENABLE_DEBUG_SIPHASH', enable_debug_siphash)
 conf.set10('VALGRIND', get_option('valgrind'))
 conf.set10('LOG_TRACE', get_option('log-trace'))
 default_user_path = get_option('user-path')
 if default_user_path != ''
        conf.set_quoted('DEFAULT_USER_PATH', default_user_path)
        default_user_path_display = default_user_path
 else
        # meson 0.49 fails when ?: is used in .format()
        default_user_path_display = '(same as system services)'
 endif
 #####################################################################
 threads = dependency('threads')
@ -3139,7 +3129,6 @@ status = [
        'default net.naming-scheme setting: @0@'.format(default_net_naming_scheme),
        'default KillUserProcesses setting: @0@'.format(kill_user_processes),
        'default locale:                    @0@'.format(default_locale),
        'default user $PATH:                @0@'.format(default_user_path_display),
        'systemd service watchdog:          @0@'.format(watchdog_opt)]
 alt_dns_servers = '\n                                            '.join(dns_servers.split(' '))
--- a/meson_options.txt
+++ b/meson_options.txt
@ -59,8 +59,6 @@ option('valgrind', type : 'boolean', value : false,
       description : 'do extra operations to avoid valgrind warnings')
 option('log-trace', type : 'boolean', value : false,
       description : 'enable low level debug logging')
 option('user-path', type : 'string',
       description : '$PATH to use for user sessions')
 option('utmp', type : 'boolean',
       description : 'support for utmp/wtmp log handling')
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@ -11,37 +11,41 @@
 #include "time-util.h"
 #define PATH_SPLIT_SBIN_BIN(x) x "sbin:" x "bin"
 #define PATH_SPLIT_BIN_SBIN(x) x "bin:" x "sbin"
 #define PATH_SPLIT_SBIN_BIN_NULSTR(x) x "sbin\0" x "bin\0"
 #define PATH_NORMAL_SBIN_BIN(x) x "bin"
 #define PATH_NORMAL_BIN_SBIN(x) x "bin"
 #define PATH_NORMAL_SBIN_BIN_NULSTR(x) x "bin\0"
 #if HAVE_SPLIT_BIN
 #  define PATH_SBIN_BIN(x) PATH_SPLIT_SBIN_BIN(x)
 #  define PATH_BIN_SBIN(x) PATH_SPLIT_BIN_SBIN(x)
 #  define PATH_SBIN_BIN_NULSTR(x) PATH_SPLIT_SBIN_BIN_NULSTR(x)
 #else
 #  define PATH_SBIN_BIN(x) PATH_NORMAL_SBIN_BIN(x)
 #  define PATH_BIN_SBIN(x) PATH_NORMAL_BIN_SBIN(x)
 #  define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x)
 #endif
 #define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
 #define DEFAULT_USER_PATH_NORMAL PATH_BIN_SBIN("/usr/local/") ":" PATH_BIN_SBIN("/usr/")
 #define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/")
 #define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/")
 #define DEFAULT_USER_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_BIN_SBIN("/")
 #define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/")
 #define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/")
 #if HAVE_SPLIT_USR
 #  define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR
 #  define DEFAULT_USER_PATH DEFAULT_USER_PATH_SPLIT_USR
 #  define DEFAULT_PATH_NULSTR DEFAULT_PATH_SPLIT_USR_NULSTR
 #else
 #  define DEFAULT_PATH DEFAULT_PATH_NORMAL
 #  define DEFAULT_USER_PATH DEFAULT_USER_PATH_NORMAL
 #  define DEFAULT_PATH_NULSTR DEFAULT_PATH_NORMAL_NULSTR
 #endif
 #ifndef DEFAULT_USER_PATH
 #  define DEFAULT_USER_PATH DEFAULT_PATH
 #endif
 bool is_path(const char *p) _pure_;
 int path_split_and_make_absolute(const char *p, char ***ret);
 bool path_is_absolute(const char *p) _pure_;
--- a/src/boot/efi/pe.c
+++ b/src/boot/efi/pe.c
@ -30,7 +30,6 @@ struct DosFileHeader {
 #define PE_HEADER_MACHINE_I386          0x014c
 #define PE_HEADER_MACHINE_X64           0x8664
 #define PE_HEADER_MACHINE_ARM64         0xaa64
 struct PeFileHeader {
        UINT16  Machine;
        UINT16  NumberOfSections;
@ -76,7 +75,6 @@ EFI_STATUS pe_memory_locate_sections(CHAR8 *base, CHAR8 **sections, UINTN *addrs
        /* PE32+ Subsystem type */
        if (pe->FileHeader.Machine != PE_HEADER_MACHINE_X64 &&
            pe->FileHeader.Machine != PE_HEADER_MACHINE_ARM64 &&
            pe->FileHeader.Machine != PE_HEADER_MACHINE_I386)
                return EFI_LOAD_ERROR;
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@ -62,8 +62,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
        cmdline_len = szs[0];
-        /* if we are not in secure boot mode, or none was provided, accept a custom command line and replace the built-in one */
+        /* if we are not in secure boot mode, accept a custom command line and replace the built-in one */
-        if ((!secure || cmdline_len == 0) && loaded_image->LoadOptionsSize > 0 && *(CHAR16 *)loaded_image->LoadOptions > 0x1F) {
+        if (!secure && loaded_image->LoadOptionsSize > 0 && *(CHAR16 *)loaded_image->LoadOptions > 0x1F) {
                CHAR16 *options;
                CHAR8 *line;
                UINTN i;
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@ -37,8 +37,6 @@ typedef struct crypto_device {
 static const char *arg_dest = NULL;
 static bool arg_enabled = true;
 static bool arg_read_crypttab = true;
 static const char *arg_crypttab = NULL;
 static const char *arg_runtime_directory = NULL;
 static bool arg_whitelist = false;
 static Hashmap *arg_disks = NULL;
 static char *arg_default_options = NULL;
@ -62,36 +60,17 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key
        c = strrchr(keyspec, ':');
        if (c) {
                /* The keydev part has to be either an absolute path to device node (/dev/something,
                 * /dev/foo/something, or even possibly /dev/foo/something:part), or a fstab device
                 * specification starting with LABEL= or similar. The keyfile part has the same syntax.
                 *
                 * Let's try to guess if the second part looks like a keydev specification, or just part of a
                 * filename with a colon. fstab_node_to_udev_node() will convert the fstab device syntax to
                 * an absolute path. If we didn't get an absolute path, assume that it is just part of the
                 * first keyfile argument. */
                keydev = fstab_node_to_udev_node(c + 1);
                if (!keydev)
                        return log_oom();
                if (path_is_absolute(keydev))
                keyfile = strndup(keyspec, c-keyspec);
-                else {
+                keydev = strdup(c + 1);
-                        log_debug("Keyspec argument contains a colon, but \"%s\" doesn't look like a device specification.\n"
+                if (!keyfile || !keydev)
-                                  "Assuming that \"%s\" is a single device specification.",
+                        return log_oom();
-                                  c + 1, keyspec);
+        } else {
                        keydev = mfree(keydev);
                        c = NULL;
                }
        }
        if (!c)
                /* No keydev specified */
                keyfile = strdup(keyspec);
-
+                keydev = NULL;
                if (!keyfile)
                        return log_oom();
        }
        *ret_keyfile = TAKE_PTR(keyfile);
        *ret_keydev = TAKE_PTR(keydev);
@ -100,7 +79,7 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key
 }
 static int generate_keydev_mount(const char *name, const char *keydev, const char *keydev_timeout, bool canfail, char **unit, char **mount) {
-        _cleanup_free_ char *u = NULL, *where = NULL, *name_escaped = NULL, *device_unit = NULL;
+        _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL, *device_unit = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        int r;
        usec_t timeout_us;
@ -110,11 +89,11 @@ static int generate_keydev_mount(const char *name, const char *keydev, const cha
        assert(unit);
        assert(mount);
-        r = mkdir_parents(arg_runtime_directory, 0755);
+        r = mkdir_parents("/run/systemd/cryptsetup", 0755);
        if (r < 0)
                return r;
-        r = mkdir(arg_runtime_directory, 0700);
+        r = mkdir("/run/systemd/cryptsetup", 0700);
        if (r < 0 && errno != EEXIST)
                return -errno;
@ -122,7 +101,7 @@ static int generate_keydev_mount(const char *name, const char *keydev, const cha
        if (!name_escaped)
                return -ENOMEM;
-        where = strjoin(arg_runtime_directory, "/keydev-", name_escaped);
+        where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped);
        if (!where)
                return -ENOMEM;
@ -138,18 +117,22 @@ static int generate_keydev_mount(const char *name, const char *keydev, const cha
        if (r < 0)
                return r;
        what = fstab_node_to_udev_node(keydev);
        if (!what)
                return -ENOMEM;
        fprintf(f,
                "[Unit]\n"
                "DefaultDependencies=no\n\n"
                "[Mount]\n"
                "What=%s\n"
                "Where=%s\n"
-                "Options=ro%s\n", keydev, where, canfail ? ",nofail" : "");
+                "Options=ro%s\n", what, where, canfail ? ",nofail" : "");
        if (keydev_timeout) {
                r = parse_sec_fix_0(keydev_timeout, &timeout_us);
                if (r >= 0) {
-                        r = unit_name_from_path(keydev, ".device", &device_unit);
+                        r = unit_name_from_path(what, ".device", &device_unit);
                        if (r < 0)
                                return log_error_errno(r, "Failed to generate unit name: %m");
@ -288,12 +271,11 @@ static int create_disk(
                "[Unit]\n"
                "Description=Cryptography Setup for %%I\n"
                "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
-                "SourcePath=%s\n"
+                "SourcePath=/etc/crypttab\n"
                "DefaultDependencies=no\n"
                "Conflicts=umount.target\n"
                "IgnoreOnIsolate=true\n"
                "After=%s\n",
                arg_crypttab,
                netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
        if (password) {
@ -576,15 +558,15 @@ static int add_crypttab_devices(void) {
        if (!arg_read_crypttab)
                return 0;
-        r = fopen_unlocked(arg_crypttab, "re", &f);
+        r = fopen_unlocked("/etc/crypttab", "re", &f);
        if (r < 0) {
                if (errno != ENOENT)
-                        log_error_errno(errno, "Failed to open %s: %m", arg_crypttab);
+                        log_error_errno(errno, "Failed to open /etc/crypttab: %m");
                return 0;
        }
        if (fstat(fileno(f), &st) < 0) {
-                log_error_errno(errno, "Failed to stat %s: %m", arg_crypttab);
+                log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
                return 0;
        }
@ -596,7 +578,7 @@ static int add_crypttab_devices(void) {
                r = read_line(f, LONG_LINE_MAX, &line);
                if (r < 0)
-                        return log_error_errno(r, "Failed to read %s: %m", arg_crypttab);
+                        return log_error_errno(r, "Failed to read /etc/crypttab: %m");
                if (r == 0)
                        break;
@ -608,7 +590,7 @@ static int add_crypttab_devices(void) {
                k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyspec, &options);
                if (k < 2 || k > 4) {
-                        log_error("Failed to parse %s:%u, ignoring.", arg_crypttab, crypttab_line);
+                        log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
                        continue;
                }
@ -685,9 +667,6 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
        assert_se(arg_dest = dest);
        arg_crypttab = getenv("SYSTEMD_CRYPTTAB") ?: "/etc/crypttab";
        arg_runtime_directory = getenv("RUNTIME_DIRECTORY") ?: "/run/systemd/cryptsetup";
        arg_disks = hashmap_new(&crypt_device_hash_ops);
        if (!arg_disks)
                return log_oom();
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@ -15,7 +15,6 @@
 #include "device-util.h"
 #include "escape.h"
 #include "fileio.h"
 #include "fstab-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "mount-util.h"
@ -303,7 +302,7 @@ static char *disk_mount_point(const char *label) {
        if (asprintf(&device, "/dev/mapper/%s", label) < 0)
                return NULL;
-        f = setmntent(fstab_path(), "re");
+        f = setmntent("/etc/fstab", "re");
        if (!f)
                return NULL;
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@ -112,16 +112,14 @@ static int add_swap(
        if (r < 0)
                return log_error_errno(r, "Failed to generate unit name: %m");
-        r = generator_open_unit_file(arg_dest, fstab_path(), name, &f);
+        r = generator_open_unit_file(arg_dest, "/etc/fstab", name, &f);
        if (r < 0)
                return r;
-        fprintf(f,
+        fputs("[Unit]\n"
-                "[Unit]\n"
+              "SourcePath=/etc/fstab\n"
                "SourcePath=%s\n"
              "Documentation=man:fstab(5) man:systemd-fstab-generator(8)\n\n"
-                "[Swap]\n",
+              "[Swap]\n", f);
                fstab_path());
        r = write_what(f, what);
        if (r < 0)
@ -342,7 +340,7 @@ static int add_mount(
        if (r < 0)
                return log_error_errno(r, "Failed to generate unit name: %m");
-        r = generator_open_unit_file(dest, fstab_path(), name, &f);
+        r = generator_open_unit_file(dest, "/etc/fstab", name, &f);
        if (r < 0)
                return r;
@ -465,7 +463,7 @@ static int add_mount(
                f = safe_fclose(f);
-                r = generator_open_unit_file(dest, fstab_path(), automount_name, &f);
+                r = generator_open_unit_file(dest, "/etc/fstab", automount_name, &f);
                if (r < 0)
                        return r;
@ -517,19 +515,19 @@ static int add_mount(
 static int parse_fstab(bool initrd) {
        _cleanup_endmntent_ FILE *f = NULL;
-        const char *fstab;
+        const char *fstab_path;
        struct mntent *me;
        int r = 0;
-        fstab = initrd ? "/sysroot/etc/fstab" : fstab_path();
+        fstab_path = initrd ? "/sysroot/etc/fstab" : "/etc/fstab";
-        log_debug("Parsing %s...", fstab);
+        log_debug("Parsing %s...", fstab_path);
-        f = setmntent(fstab, "re");
+        f = setmntent(fstab_path, "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;
-                return log_error_errno(errno, "Failed to open %s: %m", fstab);
+                return log_error_errno(errno, "Failed to open %s: %m", fstab_path);
        }
        while ((me = getmntent(f))) {
@ -608,7 +606,7 @@ static int parse_fstab(bool initrd) {
                                      me->mnt_passno,
                                      makefs*MAKEFS | growfs*GROWFS | noauto*NOAUTO | nofail*NOFAIL | automount*AUTOMOUNT,
                                      post,
-                                      fstab);
+                                      fstab_path);
                }
                if (r >= 0 && k < 0)
--- a/src/remount-fs/remount-fs.c
+++ b/src/remount-fs/remount-fs.c
@ -9,7 +9,6 @@
 #include "env-util.h"
 #include "exit-status.h"
 #include "fstab-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "mount-setup.h"
@ -87,10 +86,10 @@ static int run(int argc, char *argv[]) {
        umask(0022);
-        f = setmntent(fstab_path(), "re");
+        f = setmntent("/etc/fstab", "re");
        if (!f) {
                if (errno != ENOENT)
-                        return log_error_errno(errno, "Failed to open %s: %m", fstab_path());
+                        return log_error_errno(errno, "Failed to open /etc/fstab: %m");
        } else
                while ((me = getmntent(f))) {
                        /* Remount the root fs, /usr, and all API VFSs */
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@ -105,11 +105,10 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
        int r;
        assert(keyname);
        assert(passwords);
        if (!(flags & ASK_PASSWORD_PUSH_CACHE))
                return 0;
        if (strv_isempty(passwords))
                return 0;
        r = lookup_key(keyname, &serial);
        if (r >= 0) {
@ -148,6 +147,7 @@ static int add_to_keyring_and_log(const char *keyname, AskPasswordFlags flags, c
        int r;
        assert(keyname);
        assert(passwords);
        r = add_to_keyring(keyname, flags, passwords);
        if (r < 0)
--- a/src/shared/fstab-util.c
+++ b/src/shared/fstab-util.c
@ -19,7 +19,7 @@ int fstab_has_fstype(const char *fstype) {
        _cleanup_endmntent_ FILE *f = NULL;
        struct mntent *m;
-        f = setmntent(fstab_path(), "re");
+        f = setmntent("/etc/fstab", "re");
        if (!f)
                return errno == ENOENT ? false : -errno;
@ -39,7 +39,7 @@ int fstab_is_mount_point(const char *mount) {
        _cleanup_endmntent_ FILE *f = NULL;
        struct mntent *m;
-        f = setmntent(fstab_path(), "re");
+        f = setmntent("/etc/fstab", "re");
        if (!f)
                return errno == ENOENT ? false : -errno;
--- a/src/shared/fstab-util.h
+++ b/src/shared/fstab-util.h
@ -31,7 +31,3 @@ static inline bool fstab_test_yes_no_option(const char *opts, const char *yes_no
 }
 char *fstab_node_to_udev_node(const char *p);
 static inline const char* fstab_path(void) {
        return secure_getenv("SYSTEMD_FSTAB") ?: "/etc/fstab";
 }
--- a/src/test/test-path-util.c
+++ b/src/test/test-path-util.c
@ -15,11 +15,6 @@
 #include "tests.h"
 #include "util.h"
 static void test_print_paths(void) {
        log_info("DEFAULT_PATH=%s", DEFAULT_PATH);
        log_info("DEFAULT_USER_PATH=%s", DEFAULT_USER_PATH);
 }
 #define test_path_compare(a, b, result) {                 \
                assert_se(path_compare(a, b) == result);  \
                assert_se(path_compare(b, a) == -result); \
@ -664,7 +659,6 @@ static void test_path_startswith_strv(void) {
 int main(int argc, char **argv) {
        test_setup_logging(LOG_DEBUG);
        test_print_paths();
        test_path();
        test_path_equal_root();
        test_find_binary(argv[0]);