execute: Get rid of custom logging macros

We already have LOG_CONTEXT_PUSH_EXEC() which with two additions
does exactly the same as the custom logging macros, so let's get rid
of the custom logging macros and use LOG_CONTEXT_PUSH_EXEC() instead.

.github/workflows/coverage.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@a1a7e1f63e1726d88d5770fa06b29201d73e31a3
+      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -90,7 +90,6 @@ jobs:
           sudo mkosi sandbox -- \
             meson setup \
             --buildtype=debugoptimized \
-            -Dintegration-tests=true \
             build
 
       - name: Build image
@@ -120,7 +119,8 @@ jobs:
             meson test \
             -C build \
             --no-rebuild \
-            --suite integration-tests \
+            --setup=integration \
+            --suite=integration-tests \
             --print-errorlogs \
             --no-stdsplit \
             --num-processes "$(($(nproc) - 1))" \

.github/workflows/mkosi.yml

@@ -120,7 +120,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@a1a7e1f63e1726d88d5770fa06b29201d73e31a3
+      - uses: systemd/mkosi@dbb4020beee2cdf250f93a425794f1cf8b0fe693
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -197,7 +197,6 @@ jobs:
           sudo mkosi sandbox -- \
             meson setup \
             --buildtype=debugoptimized \
-            -Dintegration-tests=true \
             -Dbpf-framework=disabled \
             build
 
@@ -233,7 +232,8 @@ jobs:
             meson test \
             -C build \
             --no-rebuild \
-            --suite integration-tests \
+            --setup=integration \
+            --suite=integration-tests \
             --print-errorlogs \
             --no-stdsplit \
             --num-processes "$(($(nproc) - 1))" \

.gitignore

@@ -24,8 +24,8 @@ __pycache__/
 /ID
 /build*
 /install-tree
-/mkosi.key
+/mkosi/mkosi.key
-/mkosi.crt
+/mkosi/mkosi.crt
 /mkosi.tools/
 /mkosi.tools.manifest
 /mkosi/mkosi.local.conf

.packit.yml

@@ -39,7 +39,7 @@ jobs:
   trigger: pull_request
   fmf_url: https://src.fedoraproject.org/rpms/systemd
   # This is automatically updated by tools/fetch-distro.py --update fedora
-  fmf_ref: 08ce156d74460867657fb9b201c8be93d31e07de
+  fmf_ref: 6646d13acae64665f63354cd60ecf963ee563b96
   targets:
   - fedora-rawhide-x86_64
   # testing-farm in the Fedora repository is explicitly configured to use testing-farm bare metal runners as

LICENSES/README.md

@@ -32,23 +32,23 @@ The following exceptions apply:
  * some sources under src/udev/ are licensed under **GPL-2.0-or-later**,
    so all udev programs (`systemd-udevd`, `udevadm`, and the udev builtins
    and test programs) are also distributed under **GPL-2.0-or-later**.
- * the header files contained in src/basic/linux/ and src/shared/linux/ are copied
+ * the header files contained in src/basic/include/linux are copied
    verbatim from the Linux kernel source tree and are licensed under **GPL-2.0 WITH
    Linux-syscall-note** and are used within the scope of the Linux-syscall-note
    exception provisions
  * the following sources are licensed under the **LGPL-2.0-or-later** license:
    - src/basic/utf8.c
    - src/shared/initreq.h
- * the src/shared/linux/bpf_insn.h header is copied from the Linux kernel
+ * the src/basic/include/linux/bpf_insn.h header is copied from the Linux kernel
    source tree and is licensed under either **BSD-2-Clause** or **GPL-2.0-only**,
    and thus is included in the systemd build under the BSD-2-Clause license.
- * The src/basic/linux/wireguard.h header is copied from the Linux kernel
+ * The src/basic/include/linux/wireguard.h header is copied from the Linux kernel
    source tree and is licensed under either **MIT** or **GPL-2.0 WITH Linux-syscall-note**,
    and thus is included in the systemd build under the MIT license.
  * the following sources are licensed under the **MIT** license (in case of our
    scripts, to facilitate copying and reuse of those helpers to other projects):
    - hwdb.d/parse_hwdb.py
-   - src/basic/linux/batman_adv.h
+   - src/basic/include/linux/batman_adv.h
    - src/basic/sparse-endian.h
    - tools/catalog-report.py
  * the following sources are licensed under the **CC0-1.0** license:

NEWS

@@ -96,6 +96,9 @@ CHANGES WITH 258 in spe:
           continue to work, update to xf86-input-evdev >= 2.11.0 and
           xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.
 
+        * The meson option 'integration-tests' has been deprecated, and will be
+          removed in a future release.
+
         — <place>, <date>
 
 CHANGES WITH 257:

TODO

@@ -59,8 +59,6 @@ Regularly:
 
 * set_put(), hashmap_put() return values check. i.e. == 0 does not free()!
 
-* use secure_getenv() instead of getenv() where appropriate
-
 * link up selected blog stories from man pages and unit files Documentation= fields
 
 Janitorial Clean-ups:
@@ -130,6 +128,13 @@ Deprecations and removals:
 
 Features:
 
+* loginctl: show argv[] of "leader" process in tabular list-sessions output
+
+* loginctl: show "service identifier" in tabular list-sessions output, to make
+  run0 sessions easily visible.
+
+* run0: maybe enable utmp for run0 sessions, so that they are easily visible.
+
 * maybe replace nss-machines with logic in networkd that registers records with
   systemd-resolved, based on DHCP leases, so that we gain compat with VMs.
   Implementation idea: encode in an ifaltname the intended local name to expose this

coccinelle/run-coccinelle.sh

@@ -5,8 +5,7 @@ set -e
 # Exclude following paths from the Coccinelle transformations
 EXCLUDED_PATHS=(
     "src/boot/efi/*"
-    "src/shared/linux/*"
+    "src/basic/include/linux/*"
-    "src/basic/linux/*"
     # Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
     "src/libsystemd/sd-bus/test-bus-vtable.c"
     "src/libsystemd/sd-journal/lookup3.c"

docs/GROUP_RECORD.md

@@ -20,6 +20,12 @@ they carry some identical (or at least very similar) fields.
 Matches the `gr_name` field of UNIX/glibc NSS `struct group`,
 or the shadow structure `struct sgrp`'s `sg_namp` field.
 
+`uuid` -> A string containing a lowercase UUID that identifies this group.
+The same considerations apply to this field as they do to the corresponding field of user records.
+Users and groups MUST NOT share the same UUID unless they are semantically
+the same security principal e.g. if a system synthesizes a single-user group from
+user records to be the user's primary group.
+
 `realm` → The "realm" the group belongs to, conceptually identical to the same field of user records.
 A string in DNS domain name syntax.
 

docs/TESTING_WITH_SANITIZERS.md

@@ -18,7 +18,7 @@ compiler you want to use and which part of the test suite you want to run.
 To build with sanitizers in mkosi, create a file `mkosi/mkosi.local.conf` and add the following contents:
 
 ```
-[Content]
+[Build]
 Environment=SANITIZERS=address,undefined
 ```
 

docs/USER_RECORD.md

@@ -234,6 +234,13 @@ retrievable and resolvable under every name listed here, pretty much everywhere
 the primary user name is. If logging in is attempted via an alias name it
 should be normalized to the primary name.
 
+`uuid` -> A string containing a lowercase UUID that identifies this user.
+The UUID should be assigned to the user at creation, be the same across multiple machines,
+and never change (even if the user's username, realm or other identifying attributes change).
+When the user database is backed by Microsoft Active Directory, this field should contain
+he value from the [objectGUID](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/937eb5c6-f6b3-4652-a276-5d6bb8979658)
+attribute. The same UUID can be retrieved via `mbr_uid_to_uuid` on macOS.
+
 `blobDirectory` → The absolute path to a world-readable copy of the user's blob
 directory. See [Blob Directories](/USER_RECORD_BLOB_DIRS) for more details.
 

hwdb.d/60-keyboard.hwdb

@@ -383,6 +383,7 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:3:dmi:bvn*:bvr*:bd*:svncube:pni1-T
 ###########################################################
 
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pn*:*
+ KEYBOARD_KEY_68=prog2                                  # G-Mode (Dell-specific)
  KEYBOARD_KEY_81=playpause                              # Play/Pause
  KEYBOARD_KEY_82=stopcd                                 # Stop
  KEYBOARD_KEY_83=previoussong                           # Previous song

man/bootctl.xml

@@ -398,10 +398,12 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>--no-variables</option></term>
+        <term><option>--variables=yes|no</option></term>
-        <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para>
+        <listitem><para>Controls whether to touch the firmware's boot loader list stored in EFI variables,
+        and other EFI variables. If not specified defaults to no when execution in a container runtime is
+        detected, yes otherwise.</para>
 
-        <xi:include href="version-info.xml" xpointer="v220"/></listitem>
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
       </varlistentry>
 
       <varlistentry>

man/importctl.xml

@@ -182,11 +182,12 @@
         archive, possibly compressed with
         <citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
         <citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        <citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
         or
         <citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
         It will then be unpacked into its own
         subvolume/directory. When <command>import-raw</command> is used, the file should be a qcow2 or raw
-        disk image, possibly compressed with xz, gzip or bzip2. If the second argument (the resulting image
+        disk image, possibly compressed with xz, gzip, zstd or bzip2. If the second argument (the resulting image
         name) is not specified, it is automatically derived from the file name. If the filename is passed as
         <literal>-</literal>, the image is read from standard input, in which case the second argument is
         mandatory.</para>
@@ -222,6 +223,8 @@
         <citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
         if it ends in <literal>.xz</literal>, with
         <citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+        if it ends in <literal>.zst</literal>, with
+        <citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
         and if it ends in <literal>.bz2</literal>, with
         <citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
         If the path ends in neither, the file is left uncompressed. If the second argument is missing, the image
@@ -315,8 +318,8 @@
         <listitem><para>When used with the <option>export-tar</option> or <option>export-raw</option>
         commands, specifies the compression format to use for the resulting file. Takes one of
         <literal>uncompressed</literal>, <literal>xz</literal>, <literal>gzip</literal>,
-        <literal>bzip2</literal>. By default, the format is determined automatically from the output image
+        <literal>zst</literal>, <literal>bzip2</literal>. By default, the format is determined
-        file name passed.</para>
+        automatically from the output image file name passed.</para>
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>
@@ -450,6 +453,7 @@
       <member><citerefentry project='die-net'><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+      <member><citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
     </simplelist></para>
   </refsect1>

man/kernel-command-line.xml

@@ -161,12 +161,12 @@
         <term><varname>systemd.volatile=</varname></term>
         <listitem>
           <para>This parameter controls whether the system shall boot up in volatile mode. Takes a boolean argument, or
-          the special value <literal>state</literal>. If false (the default), normal boot mode is selected, the root
+          the special values <literal>state</literal> or <literal>overlay</literal>. If false (the default), normal boot
-          directory and <filename>/var/</filename> are mounted as specified on the kernel command line or
+          mode is selected, the root directory and <filename>/var/</filename> are mounted as specified on the kernel
-          <filename>/etc/fstab</filename>, or otherwise configured. If true, full state-less boot mode is selected. In
+          command line or <filename>/etc/fstab</filename>, or otherwise configured. If true, full state-less boot mode
-          this case, the root directory is mounted as volatile memory file system (<literal>tmpfs</literal>), and only
+          is selected. In this case, the root directory is mounted as volatile memory file system (<literal>tmpfs</literal>),
-          <filename>/usr/</filename> is mounted from the file system configured as root device, in read-only mode. This
+          and only <filename>/usr/</filename> is mounted from the file system configured as root device, in read-only mode.
-          enables fully state-less boots were the vendor-supplied OS is used as shipped, with only default
+          This enables fully state-less boots were the vendor-supplied OS is used as shipped, with only default
           configuration and no stored state in effect, as <filename>/etc/</filename> and <filename>/var/</filename> (as
           well as all other resources shipped in the root file system) are reset at boot and lost on shutdown. If this
           setting is set to <literal>state</literal> the root file system is mounted read-only, however

man/machinectl.xml

@@ -872,6 +872,7 @@
       <member><citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+      <member><citerefentry project='die-net'><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
     </simplelist></para>
   </refsect1>
 

man/org.freedesktop.import1.xml

@@ -214,12 +214,13 @@ node /org/freedesktop/import1 {
       to the tar or raw file to import. It should reference a file on disk, a pipe or a socket. When
       <function>ImportTar()</function>/<function>ImportTarEx()</function> is used the file descriptor should
       refer to a tar file, optionally compressed with <citerefentry project="die-net"><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry project="die-net"><refentrytitle>zstd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry project="die-net"><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry>, or
       <citerefentry project="die-net"><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
       <command>systemd-importd</command> will detect the used compression scheme (if any) automatically. When
       <function>ImportRaw()</function>/<function>ImportRawEx()</function> is used the file descriptor should
       refer to a raw or qcow2 disk image containing an MBR or GPT disk label, also optionally compressed with
-      gzip, bzip2 or xz. In either case, if the file is specified as a file descriptor on disk, progress
+      gzip, zstd, bzip2 or xz. In either case, if the file is specified as a file descriptor on disk, progress
       information is generated for the import operation (as in that case we know the total size on disk). If
       a socket or pipe is specified, progress information is not available. The file descriptor argument is
       followed by a local name for the image. This should be a name suitable as a hostname and will be used
@@ -250,9 +251,9 @@ node /org/freedesktop/import1 {
       name to export as their first parameter, followed by a file descriptor (opened for writing) where the
       tar or raw file will be written. It may either reference a file on disk or a pipe/socket. The third
       argument specifies in which compression format to write the image. It takes one of
-      <literal>uncompressed</literal>, <literal>xz</literal>, <literal>bzip2</literal> or
+      <literal>uncompressed</literal>, <literal>xz</literal>, <literal>bzip2</literal>,
-      <literal>gzip</literal>, depending on which compression scheme is required. The image written to the
+      <literal>gzip</literal> or <literal>zstd</literal>, depending on which compression scheme is required.
-      specified file descriptor will be a tar file in case of
+      The image written to the specified file descriptor will be a tar file in case of
       <function>ExportTar()</function>/<function>ExportTarEx()</function> or a raw disk image in case of
       <function>ExportRaw()</function>/<function>ExportRawEx()</function>. Note that currently raw disk
       images may not be exported as tar files, and vice versa. This restriction might be lifted
@@ -267,8 +268,8 @@ node /org/freedesktop/import1 {
       <function>PullRaw()</function>/<function>PullRawEx()</function> may be used to download, verify and
       import a system image from a URL. They take a URL argument which should point to a tar or raw file on
       the <literal>http://</literal> or <literal>https://</literal> protocols, possibly compressed with xz,
-      bzip2 or gzip. The second argument is a local name for the image. It should be suitable as a hostname,
+      bzip2, gzip or zstd. The second argument is a local name for the image. It should be suitable as a
-      similarly to the matching argument of the
+      hostname, similarly to the matching argument of the
       <function>ImportTar()</function>/<function>ImportTarEx()</function> and
       <function>ImportRaw()</function>/<function>ImportRawEx()</function> methods above. The third argument
       indicates the verification mode for the image. It may be one of <literal>no</literal>,

man/org.freedesktop.systemd1.xml

@@ -477,8 +477,6 @@ node /org/freedesktop/systemd1 {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b DefaultCPUAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
-      readonly b DefaultBlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b DefaultIOAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b DefaultIPAccounting = ...;
@@ -719,8 +717,6 @@ node /org/freedesktop/systemd1 {
 
     <!--property DefaultCPUAccounting is not documented!-->
 
-    <!--property DefaultBlockIOAccounting is not documented!-->
-
     <!--property DefaultIOAccounting is not documented!-->
 
     <!--property DefaultIPAccounting is not documented!-->
@@ -1167,8 +1163,6 @@ node /org/freedesktop/systemd1 {
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultCPUAccounting"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="DefaultBlockIOAccounting"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultIOAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultIPAccounting"/>
@@ -2906,10 +2900,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -2940,18 +2930,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -2984,8 +2962,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -3565,10 +3541,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -3599,18 +3571,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -3643,8 +3603,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -4237,10 +4195,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -4271,18 +4225,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -4315,8 +4257,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -5113,10 +5053,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -5147,18 +5083,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -5191,8 +5115,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -5784,10 +5706,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -5818,18 +5736,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -5862,8 +5768,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -6428,10 +6332,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -6462,18 +6362,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -6506,8 +6394,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -7136,10 +7022,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -7170,18 +7052,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -7214,8 +7084,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -7737,10 +7605,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -7771,18 +7635,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -7815,8 +7667,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -8297,10 +8147,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -8331,18 +8177,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -8375,8 +8209,6 @@ node /org/freedesktop/systemd1/unit/home_2emount {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -9132,10 +8964,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -9166,18 +8994,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -9210,8 +9026,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -9715,10 +9529,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -9749,18 +9559,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -9793,8 +9591,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -10257,10 +10053,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -10291,18 +10083,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -10335,8 +10115,6 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -10945,10 +10723,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -10979,18 +10753,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -11023,8 +10785,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -11138,10 +10898,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -11172,18 +10928,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -11216,8 +10960,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -11338,10 +11080,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -11372,18 +11110,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -11416,8 +11142,6 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>
@@ -11569,10 +11293,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t StartupCPUWeight = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t CPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupCPUShares = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPerSecUSec = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t CPUQuotaPeriodUSec = ...;
@@ -11603,18 +11323,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(st) IODeviceLatencyTargetUSec = [...];
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly b BlockIOAccounting = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t BlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t StartupBlockIOWeight = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIODeviceWeight = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOReadBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly a(st) BlockIOWriteBandwidth = [...];
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryAccounting = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly t DefaultMemoryLow = ...;
@@ -11647,8 +11355,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly b MemoryZSwapWriteback = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
-      readonly t MemoryLimit = ...;
-      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s DevicePolicy = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly a(ss) DeviceAllow = [...];
@@ -11782,10 +11488,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <!--property StartupCPUWeight is not documented!-->
 
-    <!--property CPUShares is not documented!-->
-
-    <!--property StartupCPUShares is not documented!-->
-
     <!--property CPUQuotaPerSecUSec is not documented!-->
 
     <!--property CPUQuotaPeriodUSec is not documented!-->
@@ -11816,18 +11518,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <!--property IODeviceLatencyTargetUSec is not documented!-->
 
-    <!--property BlockIOAccounting is not documented!-->
-
-    <!--property BlockIOWeight is not documented!-->
-
-    <!--property StartupBlockIOWeight is not documented!-->
-
-    <!--property BlockIODeviceWeight is not documented!-->
-
-    <!--property BlockIOReadBandwidth is not documented!-->
-
-    <!--property BlockIOWriteBandwidth is not documented!-->
-
     <!--property MemoryAccounting is not documented!-->
 
     <!--property DefaultMemoryLow is not documented!-->
@@ -11860,8 +11550,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <!--property MemoryZSwapWriteback is not documented!-->
 
-    <!--property MemoryLimit is not documented!-->
-
     <!--property DevicePolicy is not documented!-->
 
     <!--property DeviceAllow is not documented!-->
@@ -12012,10 +11700,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUWeight"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="CPUShares"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupCPUShares"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPerSecUSec"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="CPUQuotaPeriodUSec"/>
@@ -12046,18 +11730,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <variablelist class="dbus-property" generated="True" extra-ref="IODeviceLatencyTargetUSec"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOAccounting"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="StartupBlockIOWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIODeviceWeight"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOReadBandwidth"/>
-
-    <variablelist class="dbus-property" generated="True" extra-ref="BlockIOWriteBandwidth"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryAccounting"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DefaultMemoryLow"/>
@@ -12090,8 +11762,6 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
 
     <variablelist class="dbus-property" generated="True" extra-ref="MemoryZSwapWriteback"/>
 
-    <variablelist class="dbus-property" generated="True" extra-ref="MemoryLimit"/>
-
     <variablelist class="dbus-property" generated="True" extra-ref="DevicePolicy"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="DeviceAllow"/>

man/systemctl.xml

@@ -506,6 +506,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
           <listitem>
             <para>Reload one or more units if they support it. If not, stop and then start them instead. If the units
             are not running yet, they will be started.</para>
+
+            <para>This has a slightly differing functionality when used in combination with <option>--marked</option>,
+            see below.</para>
           </listitem>
         </varlistentry>
         <varlistentry>

man/systemd-ssh-proxy.xml

@@ -24,7 +24,7 @@
 
   <refsynopsisdiv>
     <programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
 </programlisting>
@@ -46,7 +46,7 @@ Host unix/* vsock/* vsock-mux/*
     configuration fragment like the following:</para>
 
     <programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
     CheckHostIP no
@@ -69,7 +69,9 @@ Host .host
     direct <constant>AF_VSOCK</constant> communication between the host and guests, and provide their own
     multiplexer over <constant>AF_UNIX</constant> sockets. See
     <ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
-    and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.</para>
+    and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.
+    Note that <literal>,</literal> can be used as a separator instead of <literal>/</literal> to be
+    compatible with tools like <literal>scp</literal> and <literal>rsync</literal>.</para>
 
     <para>Moreover, connecting to <literal>.host</literal> will connect to the local host via SSH, without
     involving networking.</para>
@@ -113,6 +115,12 @@ Host .host
 
       <programlisting>ssh unix/run/ssh-unix-local/socket</programlisting>
     </example>
+
+    <example>
+      <title>Copy local 'foo' file to a local VM with CID 1348</title>
+
+      <programlisting>scp foo vsock,1348:</programlisting>
+    </example>
   </refsect1>
 
   <refsect1>

man/systemd.network.xml

@@ -1738,8 +1738,10 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
         <term><varname>FirewallMark=</varname></term>
         <listitem>
           <para>Specifies the iptables firewall mark value to match (a number in the range
-          1…4294967295). Optionally, the firewall mask (also a number between 1…4294967295) can be
+          0…4294967295). Optionally, the firewall mask (also a number between 0…4294967295) can be
-          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>.</para>
+          suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>. When the
+          mark value is non-zero and no mask is explicitly specified, all bits of the mark are
+          compared. </para>
 
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>

man/udevadm.xml

@@ -769,6 +769,16 @@
             <xi:include href="version-info.xml" xpointer="v258"/>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term><option>--revert</option></term>
+          <listitem>
+            <para>Revert settings previously set with <command>udevadm control</command> command. When
+            specified, settings set with <option>-l/--log-level=</option>, <option>--trace</option>,
+            <option>-m/--children-max=</option>, and <option>-p/--property=</option> will be cleared.</para>
+
+            <xi:include href="version-info.xml" xpointer="v258"/>
+          </listitem>
+        </varlistentry>
         <varlistentry>
           <term><option>-t</option></term>
           <term><option>--timeout=<replaceable>seconds</replaceable></option></term>

meson.build

@@ -13,6 +13,12 @@ project('systemd', 'c',
         meson_version : '>= 0.62.0',
 )
 
+add_test_setup(
+        'default',
+        exclude_suites : ['integration-tests'],
+        is_default : true,
+)
+
 project_major_version = meson.project_version().split('.')[0].split('~')[0]
 if meson.project_version().contains('.')
         project_minor_version = meson.project_version().split('.')[-1].split('~')[0]
@@ -339,7 +345,6 @@ meson_build_sh = find_program('tools/meson-build.sh')
 want_tests = get_option('tests')
 want_slow_tests = want_tests != 'false' and get_option('slow-tests')
 want_fuzz_tests = want_tests != 'false' and get_option('fuzz-tests')
-want_integration_tests = want_tests != 'false' and get_option('integration-tests')
 install_tests = want_tests != 'false' and get_option('install-tests')
 
 if add_languages('cpp', native : false, required : fuzzer_build)
@@ -1988,11 +1993,12 @@ endif
 conf.set_quoted('VERSION_TAG', version_tag)
 
 vcs_tag = get_option('vcs-tag')
-version_h = vcs_tag(
+version_h = custom_target('version',
+        build_always_stale : vcs_tag,
         input : 'src/version/version.h.in',
         output : 'version.h',
-        fallback : '',
+        capture : true,
-        command : [vcs_tag ? 'tools/vcs-tag.sh' : 'true', get_option('mode')],
+        command : ['tools/vcs-tag.sh', '@INPUT@', get_option('mode'), vcs_tag ? '1' : '0'],
 )
 
 shared_lib_tag = get_option('shared-lib-tag')
@@ -2047,11 +2053,18 @@ boot_stubs = []
 
 build_dir_include = include_directories('.')
 
-basic_includes = include_directories(
+basic_includes = [
-        'src/basic',
+        include_directories(
-        'src/fundamental',
+                'src/basic',
-        'src/systemd',
+                'src/fundamental',
-        '.')
+                'src/systemd',
+                '.',
+        ),
+        include_directories(
+                'src/basic/include',
+                is_system : true,
+        ),
+]
 
 libsystemd_includes = [basic_includes, include_directories(
         'src/libsystemd/sd-bus',
@@ -2660,10 +2673,6 @@ endif
 #####################################################################
 
 mkosi = find_program('mkosi', required : false)
-if want_integration_tests and not mkosi.found()
-        error('Could not find mkosi which is required to run the integration tests')
-endif
-
 mkosi_depends = public_programs
 
 foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']
@@ -2692,6 +2701,13 @@ if mkosi.found()
         )
 endif
 
+if install_tests
+        install_subdir('mkosi',
+                       install_dir : testsdir,
+                       exclude_files : ['mkosi.local.conf', 'mkosi.key', 'mkosi.crt'],
+                       exclude_directories : ['mkosi.local'])
+endif
+
 ############################################################
 
 subdir('rules.d')

meson_options.txt

@@ -509,7 +509,7 @@ option('install-tests', type : 'boolean', value : false,
        description : 'install test executables')
 option('log-message-verification', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'do fake printf() calls to verify format strings')
-option('integration-tests', type : 'boolean', value : false,
+option('integration-tests', type : 'boolean', value : false, deprecated : true,
        description : 'run the integration tests')
 
 option('ok-color', type : 'combo',

mkosi/mkosi.conf

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-MinimumVersion=25~devel
+MinimumVersion=commit:dbb4020beee2cdf250f93a425794f1cf8b0fe693
 Dependencies=
         exitrd
         initrd
@@ -39,15 +39,11 @@ WithTests=no
 
 [Validation]
 SignExpectedPcr=yes
-SignExpectedPcrKey=../mkosi.key
-SignExpectedPcrCertificate=../mkosi.crt
-VerityKey=../mkosi.key
-VerityCertificate=../mkosi.crt
 
 [Content]
 ExtraTrees=
         mkosi.extra.common
-        ../mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
+        mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
         %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
         %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
         %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
@@ -82,9 +78,9 @@ KernelCommandLine=
         oops=panic
         panic=-1
         softlockup_panic=1
-        # Disabled due to BTRFS issue, waiting for the fix to become available
+        panic_on_warn=1
-        panic_on_warn=0
         psi=1
+        mitigations=off
 
 Packages=
         acl
@@ -137,14 +133,14 @@ Packages=
         zstd
 
 [Runtime]
-SshKey=../mkosi.key
-SshCertificate=../mkosi.crt
 Credentials=
         journal.storage=persistent
         tty.serial.hvc0.agetty.autologin=root
         tty.serial.hvc0.login.noauth=yes
         tty.console.agetty.autologin=root
         tty.console.login.noauth=yes
+        tty.virtual.tty1.agetty.autologin=root
+        tty.virtual.tty1.login.noauth=yes
 RuntimeBuildSources=yes
 RuntimeScratch=no
 CPUs=2

mkosi/mkosi.conf.d/arch/mkosi.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.conf.d/arch/systemd.prepare

@@ -17,14 +17,16 @@ for PACKAGE in "${PACKAGES[@]}"; do
             sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
     )"
 
-    DEPS="$DEPS $(
+    if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
-        pacman --sync --info "$PACKAGE" |
+        DEPS="$DEPS $(
-            sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
+            pacman --sync --info "$PACKAGE" |
-            sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
+                sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
-            sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
+                sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
-            sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
+                sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
-            tr '\n' ' ' # Transform newlines to whitespace.
+                sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
-    )"
+                tr '\n' ' ' # Transform newlines to whitespace.
+        )"
+    fi
 done
 
 echo "$DEPS" |

mkosi/mkosi.conf.d/centos-fedora/mkosi.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         systemd
         systemd-boot

mkosi/mkosi.conf.d/centos-fedora/mkosi.conf.d/pkgenv.conf

@@ -8,5 +8,5 @@ Distribution=|fedora
 Environment=
         GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
         GIT_BRANCH=rawhide
-        GIT_COMMIT=08ce156d74460867657fb9b201c8be93d31e07de
+        GIT_COMMIT=6646d13acae64665f63354cd60ecf963ee563b96
         PKG_SUBDIR=fedora

mkosi/mkosi.conf.d/centos-fedora/systemd.prepare

@@ -8,7 +8,12 @@ fi
 
 mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
 
-for DEPS in --requires --recommends --suggests; do
+DEP_TYPES=(--requires)
+if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+    DEP_TYPES+=(--recommends --suggests)
+fi
+
+for DEPS in "${DEP_TYPES[@]}"; do
     # We need --latest-limit=1 to only consider the newest version of the packages.
     # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
     # are not considered on x86-64.

mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         libnss-myhostname
         libnss-mymachines

mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf.d/pkgenv.conf

@@ -9,5 +9,5 @@ Environment=
         GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
         GIT_SUBDIR=debian
         GIT_BRANCH=debian/master
-        GIT_COMMIT=46432631232015b78071f84e5a3fb944621c83f7
+        GIT_COMMIT=91a4d114e0b5a01385477f8862caedc1056fa68b
         PKG_SUBDIR=debian

mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare

@@ -22,9 +22,14 @@ for PACKAGE in "${PACKAGES[@]}"; do
     # Get all the dependencies of the systemd packages including recommended and suggested dependencies.
     PATTERNS+=(
         "?and(?reverse-depends(?exact-name($PACKAGE)), $COMMON)"
-        "?and(?reverse-recommends(?exact-name($PACKAGE)), $COMMON)"
-        "?and(?reverse-suggests(?exact-name($PACKAGE)), $COMMON)"
     )
+
+    if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+        PATTERNS+=(
+            "?and(?reverse-recommends(?exact-name($PACKAGE)), $COMMON)"
+            "?and(?reverse-suggests(?exact-name($PACKAGE)), $COMMON)"
+        )
+    fi
 done
 
 mkosi-install "${PATTERNS[@]}"

mkosi/mkosi.conf.d/opensuse/mkosi.conf

@@ -11,6 +11,7 @@ Repositories=non-oss
 SandboxTrees=macros.db_backend:/etc/rpm/macros.db_backend
 
 [Content]
+PrepareScripts=systemd.prepare
 VolatilePackages=
         libsystemd0
         libudev1

mkosi/mkosi.conf.d/opensuse/systemd.prepare

@@ -9,11 +9,15 @@ fi
 mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
 
 DEPS=""
+DEP_TYPES=(--requires)
+if ! ((SYSTEMD_REQUIRED_DEPS_ONLY)); then
+    DEP_TYPES+=(--recommends --suggests)
+fi
 
 for PACKAGE in "${PACKAGES[@]}"; do
     # zypper's output is not machine readable so we make do with sed instead.
     DEPS="$DEPS\n$(
-        zypper info --requires --recommends --suggests "$PACKAGE" |
+        zypper info "${DEP_TYPES[@]}" "$PACKAGE" |
             sed '/Requires/,$!d' | # Remove everything before Requires line
             sed --quiet 's/^    //p' # All indented lines have dependencies
     )"

mkosi/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot

@@ -22,7 +22,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
     MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
 fi
 
-MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none} -Dtime-epoch=1744207869"
 if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
     MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
 fi

mkosi/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot

@@ -52,7 +52,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
     MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
 fi
 
-MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none} -Dtime-epoch=1744207869"
 if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
     MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
 fi

mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot

@@ -22,7 +22,7 @@ if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then
     MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")"
 fi
 
-MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none} -Dtime-epoch=1744207869"
 if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
     MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
 fi

mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot

@@ -57,7 +57,7 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then
     MKOSI_LDFLAGS="%{nil}"
 fi
 
-MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none}"
+MKOSI_MESON_OPTIONS="-D mode=developer -D vcs-tag=${VCS_TAG:-true} -D b_sanitize=${SANITIZERS:-none} -Dtime-epoch=1744207869"
 if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then
     MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe"
 fi

mkosi/mkosi.images/exitrd/mkosi.conf

@@ -3,6 +3,9 @@
 [Output]
 Format=directory
 
+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 Bootable=no
 Locale=C.UTF-8
@@ -11,6 +14,7 @@ CleanPackageMetadata=yes
 MakeInitrd=yes
 
 Packages=
+        coreutils
         bash
 
 [Include]

mkosi/mkosi.images/exitrd/mkosi.conf.d/arch.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 VolatilePackages=
         systemd
         systemd-libs

mkosi/mkosi.images/exitrd/mkosi.conf.d/centos-fedora.conf

@@ -5,5 +5,6 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/debian.conf

@@ -4,5 +4,6 @@
 Distribution=debian
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
         systemd-standalone-shutdown

mkosi/mkosi.images/exitrd/mkosi.conf.d/opensuse.conf

@@ -4,6 +4,7 @@
 Distribution=opensuse
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         diffutils
         grep

mkosi/mkosi.images/exitrd/mkosi.conf.d/ubuntu.conf

@@ -4,6 +4,7 @@
 Distribution=ubuntu
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 VolatilePackages=
         libsystemd-shared
         libsystemd0

mkosi/mkosi.images/initrd/mkosi.conf

@@ -6,10 +6,14 @@ Include=
         %D/mkosi/mkosi.sanitizers
         %D/mkosi/mkosi.coverage
 
+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 ExtraTrees=%D/mkosi/mkosi.extra.common
 
 Packages=
+        coreutils
         findutils
         grep
         sed

mkosi/mkosi.images/initrd/mkosi.conf.d/arch.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
         tpm2-tools
 

mkosi/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
         btrfs-progs
         tpm2-tools

mkosi/mkosi.images/initrd/mkosi.conf.d/opensuse.conf

@@ -4,6 +4,7 @@
 Distribution=opensuse
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         btrfs-progs
         kmod

mkosi/mkosi.images/minimal-base/mkosi.conf

@@ -3,6 +3,9 @@
 [Output]
 Format=directory
 
+[Build]
+Environment=SYSTEMD_REQUIRED_DEPS_ONLY=1
+
 [Content]
 Bootable=no
 Locale=C.UTF-8

mkosi/mkosi.images/minimal-base/mkosi.conf.d/arch.conf

@@ -4,6 +4,7 @@
 Distribution=arch
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/arch/systemd.prepare
 Packages=
         inetutils
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/centos-fedora.conf

@@ -5,6 +5,7 @@ Distribution=|centos
 Distribution=|fedora
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/centos-fedora/systemd.prepare
 Packages=
         hostname
         iproute

mkosi/mkosi.images/minimal-base/mkosi.conf.d/debian-ubuntu.conf

@@ -5,6 +5,7 @@ Distribution=|debian
 Distribution=|ubuntu
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare
 Packages=
         hostname
         iproute2

mkosi/mkosi.images/minimal-base/mkosi.conf.d/opensuse.conf

@@ -4,6 +4,7 @@
 Distribution=opensuse
 
 [Content]
+PrepareScripts=%D/mkosi/mkosi.conf.d/opensuse/systemd.prepare
 Packages=
         diffutils
         grep

mkosi/mkosi.images/minimal-base/mkosi.extra/etc/os-release

@@ -1 +0,0 @@
-../usr/lib/os-release

mkosi/mkosi.images/minimal-base/mkosi.postinst

@@ -9,3 +9,8 @@ echo "Hello from dummy init, beautiful day, innit?"
 ip link
 EOF
 chmod +x "$BUILDROOT/sbin/init"
+
+# Arch relies on tmpfiles.d/etc.conf but this image isn't booted
+if [ ! -e "$BUILDROOT/etc/os-release" ]; then
+    ln -s ../usr/lib/os-release "$BUILDROOT/etc/os-release"
+fi

mkosi/mkosi.postinst.chroot

@@ -34,8 +34,9 @@ done
 # systemd-journald.
 rm -rf "$BUILDROOT/var/log/journal"
 
+# Make sure our own nsswitch.conf from the repository is used instead of the distribution's by deleting the
+# distribution's and relying on tmpfiles to put ours in place during boot.
 rm -f /etc/nsswitch.conf
-cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf
 
 # Remove to make TEST-73-LOCALE pass on Ubuntu.
 rm -f /etc/default/keyboard
@@ -58,8 +59,8 @@ SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \
     --dry-run=no \
     --size=auto \
     --offline=true \
-    --root test/integration-tests/TEST-24-CRYPTSETUP \
+    --root mkosi/mkosi.credentials \
-    --definitions test/integration-tests/TEST-24-CRYPTSETUP/keydev.repart \
+    --definitions mkosi/keydev.repart \
     "$OUTPUTDIR/keydev.raw"
 
 can_test_pkcs11() {
@@ -132,7 +133,7 @@ EOF
     certtool --generate-self-signed \
       --load-privkey="pkcs11:token=TestToken;object=RSATestKey;type=private" \
       --load-pubkey="pkcs11:token=TestToken;object=RSATestKey;type=public" \
-      --template "test/integration-tests/TEST-24-CRYPTSETUP/template.cfg" \
+      --template "mkosi/template.cfg" \
       --outder --outfile "/tmp/rsa_test.crt"
 
     pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/rsa_test.crt" --type cert --label "RSATestKey"
@@ -144,7 +145,7 @@ EOF
     certtool --generate-self-signed \
       --load-privkey="pkcs11:token=TestToken;object=ECTestKey;type=private" \
       --load-pubkey="pkcs11:token=TestToken;object=ECTestKey;type=public" \
-      --template "test/integration-tests/TEST-24-CRYPTSETUP/template.cfg" \
+      --template "mkosi/template.cfg" \
       --outder --outfile "/tmp/ec_test.crt"
 
     pkcs11-tool --module "$SOFTHSM_MODULE" --token-label "TestToken" --pin "env:GNUTLS_PIN" --so-pin "env:GNUTLS_SO_PIN" --write-object "/tmp/ec_test.crt" --type cert --label "ECTestKey"

po/zh_TW.po

@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-28 18:16+0900\n"
-"PO-Revision-Date: 2025-03-20 12:55+0000\n"
+"PO-Revision-Date: 2025-04-09 02:53+0000\n"
 "Last-Translator: hsu zangmen <chzang55@gmail.com>\n"
 "Language-Team: Chinese (Traditional) <https://translate.fedoraproject.org/"
 "projects/systemd/main/zh_TW/>\n"
@@ -69,10 +69,9 @@ msgid "Dump the systemd state without rate limits"
 msgstr "無速率限制地轉儲系統狀態"
 
 #: src/core/org.freedesktop.systemd1.policy.in:75
-#, fuzzy
 msgid ""
 "Authentication is required to dump the systemd state without rate limits."
-msgstr "重新載入 systemd 狀態需要驗證。"
+msgstr "要轉儲沒有速率限制的 systemd 狀態，必須進行驗證。"
 
 #: src/home/org.freedesktop.home1.policy:13
 msgid "Create a home area"
@@ -108,9 +107,8 @@ msgid "Authentication is required to update a user's home area."
 msgstr "更新用戶家區域需要認證。"
 
 #: src/home/org.freedesktop.home1.policy:53
-#, fuzzy
 msgid "Update your home area"
-msgstr "更新一個家區域"
+msgstr "更新你的家區域"
 
 #: src/home/org.freedesktop.home1.policy:54
 msgid "Authentication is required to update your home area."
@@ -134,14 +132,12 @@ msgid ""
 msgstr "更改家區域密碼需要認證。"
 
 #: src/home/org.freedesktop.home1.policy:83
-#, fuzzy
 msgid "Activate a home area"
-msgstr "創建一個家區域"
+msgstr "啟動家區域"
 
 #: src/home/org.freedesktop.home1.policy:84
-#, fuzzy
 msgid "Authentication is required to activate a user's home area."
-msgstr "創建用戶家區域需要身份驗證。"
+msgstr "啟動使用者的首頁區域需要驗證。"
 
 #: src/home/pam_systemd_home.c:293
 #, c-format
@@ -166,11 +162,11 @@ msgstr "用戶 %s 的密碼不正確或不足以進行身份驗證。"
 
 #: src/home/pam_systemd_home.c:313
 msgid "Sorry, try again: "
-msgstr "抱歉，請重試："
+msgstr "抱歉，請重試： "
 
 #: src/home/pam_systemd_home.c:335
 msgid "Recovery key: "
-msgstr "恢復金鑰："
+msgstr "恢復金鑰： "
 
 #: src/home/pam_systemd_home.c:337
 #, c-format
@@ -181,7 +177,7 @@ msgstr "用戶 %s 密碼/恢復金鑰不正確或不足以進行身份驗證。"
 
 #: src/home/pam_systemd_home.c:338
 msgid "Sorry, reenter recovery key: "
-msgstr "抱歉，重新輸入恢復金鑰："
+msgstr "抱歉，重新輸入恢復金鑰： "
 
 #: src/home/pam_systemd_home.c:358
 #, c-format
@@ -190,7 +186,7 @@ msgstr "用戶 %s 的安全權杖未插入。"
 
 #: src/home/pam_systemd_home.c:359 src/home/pam_systemd_home.c:362
 msgid "Try again with password: "
-msgstr "使用密碼重試："
+msgstr "使用密碼重試： "
 
 #: src/home/pam_systemd_home.c:361
 #, c-format
@@ -201,7 +197,7 @@ msgstr "密碼不正確或不足，並且未插入用戶 %s 的配寘安全權
 
 #: src/home/pam_systemd_home.c:381
 msgid "Security token PIN: "
-msgstr "安全權杖 PIN:"
+msgstr "安全權杖 PIN: "
 
 #: src/home/pam_systemd_home.c:398
 #, c-format
@@ -232,7 +228,7 @@ msgstr "用戶 %s 的安全權杖 PIN 不正確。"
 #: src/home/pam_systemd_home.c:438 src/home/pam_systemd_home.c:457
 #: src/home/pam_systemd_home.c:476
 msgid "Sorry, retry security token PIN: "
-msgstr "抱歉，請重試安全權杖 PIN:"
+msgstr "抱歉，請重試安全權杖 PIN: "
 
 #: src/home/pam_systemd_home.c:456
 #, c-format
@@ -335,59 +331,49 @@ msgid "Get hardware serial number"
 msgstr "獲取硬體序號"
 
 #: src/hostname/org.freedesktop.hostname1.policy:62
-#, fuzzy
 msgid "Authentication is required to get hardware serial number."
-msgstr "獲取硬體序號需要身份驗證。"
+msgstr "需要驗證才能取得硬體序號。"
 
 #: src/hostname/org.freedesktop.hostname1.policy:71
-#, fuzzy
 msgid "Get system description"
-msgstr "獲取系統描述"
+msgstr "取得系統描述"
 
 #: src/hostname/org.freedesktop.hostname1.policy:72
-#, fuzzy
 msgid "Authentication is required to get system description."
-msgstr "需要身份驗證才能獲得系統描述。"
+msgstr "需要驗證才能取得系統描述。"
 
 #: src/import/org.freedesktop.import1.policy:22
-#, fuzzy
 msgid "Import a disk image"
-msgstr "導入磁片映像"
+msgstr "匯入磁碟映像"
 
 #: src/import/org.freedesktop.import1.policy:23
-#, fuzzy
 msgid "Authentication is required to import an image."
-msgstr "導入映像需要身份驗證"
+msgstr "導入映像需要身份驗證。"
 
 #: src/import/org.freedesktop.import1.policy:32
-#, fuzzy
 msgid "Export a disk image"
-msgstr "匯出磁片映像"
+msgstr "匯出磁碟映像"
 
 #: src/import/org.freedesktop.import1.policy:33
-#, fuzzy
 msgid "Authentication is required to export disk image."
-msgstr "匯出磁片映像需要驗證"
+msgstr "匯出磁片映像需要驗證。"
 
 #: src/import/org.freedesktop.import1.policy:42
-#, fuzzy
 msgid "Download a disk image"
-msgstr "下載磁片映像"
+msgstr "下載磁碟映像"
 
 #: src/import/org.freedesktop.import1.policy:43
-#, fuzzy
 msgid "Authentication is required to download a disk image."
-msgstr "下載磁片映像需要驗證"
+msgstr "下載磁片映像需要驗證。"
 
 #: src/import/org.freedesktop.import1.policy:52
 msgid "Cancel transfer of a disk image"
 msgstr "取消磁片映像的傳輸"
 
 #: src/import/org.freedesktop.import1.policy:53
-#, fuzzy
 msgid ""
 "Authentication is required to cancel the ongoing transfer of a disk image."
-msgstr "需要身份驗證才能取消正在進行的磁片映像傳輸"
+msgstr "需要身份驗證才能取消正在進行的磁片映像傳輸。"
 
 #: src/locale/org.freedesktop.locale1.policy:22
 msgid "Set system locale"
@@ -729,9 +715,8 @@ msgid "Set a wall message"
 msgstr "設定 wall 訊息"
 
 #: src/login/org.freedesktop.login1.policy:397
-#, fuzzy
 msgid "Authentication is required to set a wall message."
-msgstr "設定 wall 訊息需要身份驗證"
+msgstr "設定 wall 訊息需要身份驗證。"
 
 #: src/login/org.freedesktop.login1.policy:406
 msgid "Change Session"
@@ -800,15 +785,13 @@ msgid ""
 msgstr "管理本機虛擬機器及容器需要驗證。"
 
 #: src/machine/org.freedesktop.machine1.policy:95
-#, fuzzy
 msgid "Create a local virtual machine or container"
-msgstr "管理本機虛擬機器及容器"
+msgstr "建立本機虛擬機器或容器"
 
 #: src/machine/org.freedesktop.machine1.policy:96
-#, fuzzy
 msgid ""
 "Authentication is required to create a local virtual machine or container."
-msgstr "管理本機虛擬機器及容器需要驗證。"
+msgstr "建立本機虛擬機器或容器需要驗證。"
 
 #: src/machine/org.freedesktop.machine1.policy:106
 msgid "Manage local virtual machine and container images"
@@ -997,18 +980,16 @@ msgid "Register a DNS-SD service"
 msgstr "註冊 DNS-SD 服務"
 
 #: src/resolve/org.freedesktop.resolve1.policy:23
-#, fuzzy
 msgid "Authentication is required to register a DNS-SD service."
-msgstr "註冊 DNS-SD 服務需要身份驗證"
+msgstr "註冊 DNS-SD 服務需要身份驗證。"
 
 #: src/resolve/org.freedesktop.resolve1.policy:33
 msgid "Unregister a DNS-SD service"
 msgstr "取消註冊 DNS-SD 服務"
 
 #: src/resolve/org.freedesktop.resolve1.policy:34
-#, fuzzy
 msgid "Authentication is required to unregister a DNS-SD service."
-msgstr "取消註冊 DNS-SD 服務需要身份驗證"
+msgstr "取消註冊 DNS-SD 服務需要身份驗證。"
 
 #: src/resolve/org.freedesktop.resolve1.policy:132
 msgid "Revert name resolution settings"
@@ -1023,92 +1004,82 @@ msgid "Subscribe query results"
 msgstr "訂閱查詢結果"
 
 #: src/resolve/org.freedesktop.resolve1.policy:144
-#, fuzzy
 msgid "Authentication is required to subscribe query results."
-msgstr "暫停系統需要驗證。"
+msgstr "訂閱查詢結果需要驗證。"
 
 #: src/resolve/org.freedesktop.resolve1.policy:154
 msgid "Dump cache"
 msgstr "傾倒至快取"
 
 #: src/resolve/org.freedesktop.resolve1.policy:155
-#, fuzzy
 msgid "Authentication is required to dump cache."
-msgstr "設定網域需要身份驗證。"
+msgstr "轉存快取記憶體需要驗證。"
 
 #: src/resolve/org.freedesktop.resolve1.policy:165
 msgid "Dump server state"
 msgstr "傾倒伺服器狀態"
 
 #: src/resolve/org.freedesktop.resolve1.policy:166
-#, fuzzy
 msgid "Authentication is required to dump server state."
-msgstr "設定 NTP 伺服器需要身份驗證。"
+msgstr "轉儲伺服器狀態需要身份驗證。"
 
 #: src/resolve/org.freedesktop.resolve1.policy:176
 msgid "Dump statistics"
 msgstr "傾倒統計"
 
 #: src/resolve/org.freedesktop.resolve1.policy:177
-#, fuzzy
 msgid "Authentication is required to dump statistics."
-msgstr "設定網域需要身份驗證。"
+msgstr "轉儲統計資料需要驗證。"
 
 #: src/resolve/org.freedesktop.resolve1.policy:187
 msgid "Reset statistics"
 msgstr "重置統計"
 
 #: src/resolve/org.freedesktop.resolve1.policy:188
-#, fuzzy
 msgid "Authentication is required to reset statistics."
-msgstr "重設 NTP 設定需要身份驗證。"
+msgstr "重設統計資料需要驗證。"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:35
 msgid "Check for system updates"
 msgstr "檢查系統更新"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:36
-#, fuzzy
 msgid "Authentication is required to check for system updates."
-msgstr "設定系統時間需要驗證。"
+msgstr "檢查系統更新需要驗證。"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:45
 msgid "Install system updates"
 msgstr "安裝系統更新"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:46
-#, fuzzy
 msgid "Authentication is required to install system updates."
-msgstr "設定系統時間需要驗證。"
+msgstr "安裝系統更新需要驗證。"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:55
 msgid "Install specific system version"
 msgstr "安裝特定的系統版本"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:56
-#, fuzzy
 msgid ""
 "Authentication is required to update the system to a specific (possibly old) "
 "version."
-msgstr "設定系統時區需要驗證。"
+msgstr "更新系統至特定 (可能是舊) 版本需要驗證。"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:65
 msgid "Cleanup old system updates"
 msgstr "清理舊有的系統更新"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:66
-#, fuzzy
 msgid "Authentication is required to cleanup old system updates."
-msgstr "設定系統時間需要驗證。"
+msgstr "清理舊系統更新需要驗證。"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
 msgid "Manage optional features"
 msgstr "管理選配功能"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
-#, fuzzy
 msgid "Authentication is required to manage optional features."
-msgstr "管理活躍的工作階段、使用者與座位需要驗證。"
+msgstr "管理選購功能需要驗證。"
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

rules.d/70-uaccess.rules.in

@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
 # media player raw devices (for user-mode drivers, Android SDK, etc.)
 SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
 
+# Android devices (ADB DbC, ADB, Fastboot)
+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see:
+# * https://developer.android.com/tools/adb
+# * https://source.android.com/docs/setup/test/running
+# * https://source.android.com/docs/setup/test/flash
+#
+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here:
+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199
+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244
+#
+# Since it's using a generic vendor specific interface class, this can potentially result
+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android".
+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android"
+
 # software-defined radio communication devices
 ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess"
 
@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess"
 # As defined in https://en.wikipedia.org/wiki/3Dconnexion
 SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess"
 
+# Debug interfaces (e.g. Android Debug Bridge)
+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess"
+
 LABEL="uaccess_end"

shell-completion/bash/importctl

@@ -73,7 +73,7 @@ _importctl() {
                 comps='no checksum signature'
                 ;;
             --format)
-                comps='uncompressed xz gzip bzip2'
+                comps='uncompressed xz gzip bzip2 zstd'
                 ;;
             --class)
                 comps='machine portable sysext confext'

shell-completion/bash/machinectl

@@ -85,7 +85,7 @@ _machinectl() {
                 comps=$( machinectl --verify=help 2>/dev/null )
                 ;;
             --format)
-                comps='uncompressed xz gzip bzip2'
+                comps='uncompressed xz gzip bzip2 zstd'
                 ;;
         esac
         COMPREPLY=( $(compgen -W '$comps' -- "$cur") )

shell-completion/bash/udevadm

@@ -93,7 +93,7 @@ _udevadm() {
                        -g --tag-match -y --sysname-match --name-match -b --parent-match
                        --prioritized-subsystem'
         [SETTLE]='-t --timeout -E --exit-if-exists'
-        [CONTROL_STANDALONE]='-e --exit -s --stop-exec-queue -S --start-exec-queue -R --reload --ping
+        [CONTROL_STANDALONE]='-e --exit -s --stop-exec-queue -S --start-exec-queue -R --reload --ping --revert
                               --load-credentials'
         [CONTROL_ARG]='-l --log-priority -p --property -m --children-max -t --timeout --trace'
         [MONITOR_STANDALONE]='-k --kernel -u --udev -p --property'
@@ -110,7 +110,7 @@ _udevadm() {
     )
 
     local verbs=(info trigger settle control monitor test-builtin test verify cat wait lock)
-    local builtins=(blkid btrfs factory_reset hwdb input_id keyboard kmod net_driver net_id net_setup_link path_id uaccess usb_id)
+    local builtins=(blkid btrfs dissect_image factory_reset hwdb input_id keyboard kmod net_driver net_id net_setup_link path_id uaccess usb_id)
 
     for ((i=0; i < COMP_CWORD; i++)); do
         if __contains_word "${COMP_WORDS[i]}" "${verbs[@]}"; then

shell-completion/zsh/_udevadm

@@ -67,6 +67,7 @@ _udevadm_control(){
         '(-p --property)'{-p,--property=}'[Set a global property for all events.]:KEY=VALUE' \
         '(-m --children-max=)'{-m,--children-max=}'[Set the maximum number of events.]:N' \
         '--trace=[Enable/disable trace logging.]:BOOL' \
+        '--revert[Revert previously set configurations.]' \
         '(-t --timeout=)'{-t,--timeout=}'[The maximum number of seconds to wait for a reply from systemd-udevd.]:SECONDS'
 }
 
@@ -103,7 +104,7 @@ _udevadm_test-builtin(){
         '(- *)'{-h,--help}'[Print help]' \
         '(- *)'{-V,--version}'[Print version of the program]' \
         '--action=[The action string.]:actions:(add change remove move online offline bind unbind)' \
-        '*::builtins:(blkid btrfs factory_reset hwdb input_id keyboard kmod net_driver net_id net_setup_link path_id uaccess usb_id)'
+        '*::builtins:(blkid btrfs dissect_image factory_reset hwdb input_id keyboard kmod net_driver net_id net_setup_link path_id uaccess usb_id)'
     elif  (( CURRENT == 3 )); then
         _arguments \
             '--action=[The action string.]:actions:(add change remove move online offline bind unbind)' \

src/ac-power/ac-power.c

@@ -5,6 +5,7 @@
 #include "ansi-color.h"
 #include "battery-util.h"
 #include "build.h"
+#include "log.h"
 #include "main-func.h"
 #include "pretty-print.h"
 

src/analyze/analyze-compare-versions.c

@@ -4,6 +4,7 @@
 
 #include "analyze-compare-versions.h"
 #include "compare-operator.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 #include "strv.h"

src/analyze/analyze-time-data.h

@@ -3,6 +3,7 @@
 
 #include "sd-bus.h"
 
+#include "memory-util.h"
 #include "time-util.h"
 #include "unit-def.h"
 

src/analyze/analyze-verify-util.c

@@ -31,7 +31,7 @@ static void log_syntax_callback(const char *unit, int level, void *userdata) {
 
         r = set_put_strdup(s, unit);
         if (r < 0) {
-                set_free_free(*s);
+                set_free(*s);
                 *s = POINTER_MAX;
         }
 }
@@ -265,7 +265,7 @@ static int verify_unit(Unit *u, bool check_man, const char *root) {
 static void set_destroy_ignore_pointer_max(Set **s) {
         if (*s == POINTER_MAX)
                 return;
-        set_free_free(*s);
+        set_free(*s);
 }
 
 int verify_units(

src/backlight/backlight.c

@@ -408,35 +408,6 @@ static int read_brightness(sd_device *device, unsigned max_brightness, unsigned
         assert(device);
         assert(ret_brightness);
 
-        if (device_in_subsystem(device, "backlight")) {
-                r = sd_device_get_sysattr_value(device, "actual_brightness", &value);
-                if (r == -ENOENT) {
-                        log_device_debug_errno(device, r, "Failed to read 'actual_brightness' attribute, "
-                                               "fall back to use 'brightness' attribute: %m");
-                        goto use_brightness;
-                }
-                if (r < 0)
-                        return log_device_debug_errno(device, r, "Failed to read 'actual_brightness' attribute: %m");
-
-                r = safe_atou(value, &brightness);
-                if (r < 0) {
-                        log_device_debug_errno(device, r, "Failed to parse 'actual_brightness' attribute, "
-                                               "fall back to use 'brightness' attribute: %s", value);
-                        goto use_brightness;
-                }
-
-                if (brightness > max_brightness) {
-                        log_device_debug(device, "actual_brightness=%u is larger than max_brightness=%u, "
-                                         "fall back to use 'brightness' attribute", brightness, max_brightness);
-                        goto use_brightness;
-                }
-
-                log_device_debug(device, "Current actual_brightness is %u", brightness);
-                *ret_brightness = brightness;
-                return 0;
-        }
-
-use_brightness:
         r = sd_device_get_sysattr_value(device, "brightness", &value);
         if (r < 0)
                 return log_device_debug_errno(device, r, "Failed to read 'brightness' attribute: %m");

src/basic/alloc-util.c

@@ -6,7 +6,6 @@
 
 #include "alloc-util.h"
 #include "macro.h"
-#include "memory-util.h"
 
 void* memdup(const void *p, size_t l) {
         void *ret;

src/basic/alloc-util.h

@@ -7,7 +7,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "assert-util.h"
 #include "macro.h"
+#include "memory-util.h"
 
 #if HAS_FEATURE_MEMORY_SANITIZER
 #  include <sanitizer/msan_interface.h>
@@ -266,5 +268,3 @@ _alloc_(2) static inline void *realloc0(void *p, size_t new_size) {
 
         return q;
 }
-
-#include "memory-util.h"

src/basic/argv-util.c

@@ -8,6 +8,7 @@
 #include "argv-util.h"
 #include "capability-util.h"
 #include "errno-util.h"
+#include "log.h"
 #include "missing_sched.h"
 #include "parse-util.h"
 #include "path-util.h"

src/basic/argv-util.h

@@ -3,6 +3,7 @@
 
 #include <stdbool.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 extern int saved_argc;

src/basic/assert-util.c

@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <stdio.h>
+
+#include "assert-util.h"
+#include "errno-util.h"
+#include "log.h"
+
+static bool assert_return_is_critical = BUILD_MODE_DEVELOPER;
+
+/* Akin to glibc's __abort_msg; which is private and we hence cannot
+ * use here. */
+static char *log_abort_msg = NULL;
+
+void log_set_assert_return_is_critical(bool b) {
+        assert_return_is_critical = b;
+}
+
+bool log_get_assert_return_is_critical(void) {
+        return assert_return_is_critical;
+}
+
+static void log_assert(
+        int level,
+        const char *text,
+        const char *file,
+        int line,
+        const char *func,
+        const char *format) {
+
+        static char buffer[LINE_MAX];
+
+        if (_likely_(LOG_PRI(level) > log_get_max_level()))
+                return;
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        (void) snprintf(buffer, sizeof buffer, format, text, file, line, func);
+        REENABLE_WARNING;
+
+        log_abort_msg = buffer;
+
+        log_dispatch_internal(level, 0, file, line, func, NULL, NULL, NULL, NULL, buffer);
+}
+
+_noreturn_ void log_assert_failed(const char *text, const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, text, file, line, func,
+                   "Assertion '%s' failed at %s:%u, function %s(). Aborting.");
+        abort();
+}
+
+_noreturn_ void log_assert_failed_unreachable(const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, "Code should not be reached", file, line, func,
+                   "%s at %s:%u, function %s(). Aborting. 💥");
+        abort();
+}
+
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
+
+        if (assert_return_is_critical)
+                log_assert_failed(text, file, line, func);
+
+        PROTECT_ERRNO;
+        log_assert(LOG_DEBUG, text, file, line, func,
+                   "Assertion '%s' failed at %s:%u, function %s(), ignoring.");
+}

src/basic/assert-util.h

@@ -0,0 +1,84 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "assert-fundamental.h"
+#include "macro.h"
+
+/* Logging for various assertions */
+
+void log_set_assert_return_is_critical(bool b);
+bool log_get_assert_return_is_critical(void) _pure_;
+
+_noreturn_ void log_assert_failed(const char *text, const char *file, int line, const char *func);
+_noreturn_ void log_assert_failed_unreachable(const char *file, int line, const char *func);
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func);
+
+#ifdef __COVERITY__
+
+/* Use special definitions of assertion macros in order to prevent
+ * false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer
+ * for uses of assert_se() and assert_return().
+ *
+ * These definitions make expression go through a (trivial) function
+ * call to ensure they are not discarded. Also use ! or !! to ensure
+ * the boolean expressions are seen as such.
+ *
+ * This technique has been described and recommended in:
+ * https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects
+ */
+
+extern void __coverity_panic__(void);
+
+static inline void __coverity_check__(int condition) {
+        if (!condition)
+                __coverity_panic__();
+}
+
+static inline int __coverity_check_and_return__(int condition) {
+        return condition;
+}
+
+#define assert_message_se(expr, message) __coverity_check__(!!(expr))
+
+#define assert_log(expr, message) __coverity_check_and_return__(!!(expr))
+
+#else  /* ! __COVERITY__ */
+
+#define assert_message_se(expr, message)                                \
+        do {                                                            \
+                if (_unlikely_(!(expr)))                                \
+                        log_assert_failed(message, PROJECT_FILE, __LINE__, __func__); \
+        } while (false)
+
+#define assert_log(expr, message) ((_likely_(expr))                     \
+        ? (true)                                                        \
+        : (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __func__), false))
+
+#endif  /* __COVERITY__ */
+
+#define assert_se(expr) assert_message_se(expr, #expr)
+
+/* We override the glibc assert() here. */
+#undef assert
+#ifdef NDEBUG
+#define assert(expr) ({ if (!(expr)) __builtin_unreachable(); })
+#else
+#define assert(expr) assert_message_se(expr, #expr)
+#endif
+
+#define assert_not_reached()                                            \
+        log_assert_failed_unreachable(PROJECT_FILE, __LINE__, __func__)
+
+#define assert_return(expr, r)                                          \
+        do {                                                            \
+                if (!assert_log(expr, #expr))                           \
+                        return (r);                                     \
+        } while (false)
+
+#define assert_return_errno(expr, r, err)                               \
+        do {                                                            \
+                if (!assert_log(expr, #expr)) {                         \
+                        errno = err;                                    \
+                        return (r);                                     \
+                }                                                       \
+        } while (false)

src/basic/build.c

@@ -6,6 +6,7 @@
 #include "ansi-color.h"
 #include "build.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 #include "terminal-util.h"

src/basic/cap-list.c

@@ -8,6 +8,7 @@
 #include "capability-util.h"
 #include "cap-list.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "stdio-util.h"

src/basic/capability-util.c

@@ -20,6 +20,7 @@
 #include "macro.h"
 #include "parse-util.h"
 #include "pidref.h"
+#include "process-util.h"
 #include "stat-util.h"
 #include "user-util.h"
 

src/basic/chattr-util.c

@@ -10,6 +10,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 

src/basic/compress.c

@@ -27,6 +27,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "sparse-endian.h"
 #include "string-table.h"

src/basic/conf-files.c

@@ -19,7 +19,6 @@
 #include "nulstr-util.h"
 #include "path-util.h"
 #include "set.h"
-#include "sort-util.h"
 #include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -122,29 +121,22 @@ static int files_add(
         return 0;
 }
 
-static int base_cmp(char * const *a, char * const *b) {
-        assert(a);
-        assert(b);
-        return path_compare_filename(*a, *b);
-}
-
 static int copy_and_sort_files_from_hashmap(Hashmap *fh, char ***ret) {
         _cleanup_free_ char **sv = NULL;
         char **files;
+        int r;
 
         assert(ret);
 
-        sv = hashmap_get_strv(fh);
+        r = hashmap_dump_sorted(fh, (void***) &sv, /* ret_n = */ NULL);
-        if (!sv)
+        if (r < 0)
-                return -ENOMEM;
+                return r;
 
-        /* The entries in the array given by hashmap_get_strv() are still owned by the hashmap. */
+        /* The entries in the array given by hashmap_dump_sorted() are still owned by the hashmap. */
         files = strv_copy(sv);
         if (!files)
                 return -ENOMEM;
 
-        typesafe_qsort(files, strv_length(files), base_cmp);
-
         *ret = files;
         return 0;
 }
@@ -237,7 +229,7 @@ int conf_files_insert(char ***strv, const char *root, char **dirs, const char *p
         for (i = 0; i < n; i++) {
                 int c;
 
-                c = base_cmp((char* const*) *strv + i, (char* const*) &path);
+                c = path_compare_filename((*strv)[i], path);
                 if (c == 0)
                         /* Oh, there already is an entry with a matching name (the last component). */
                         STRV_FOREACH(dir, dirs) {

src/basic/confidential-virt.c

@@ -14,6 +14,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "log.h"
 #include "string-table.h"
 #include "utf8.h"
 

src/basic/dlfcn-util.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "dlfcn-util.h"
+#include "log.h"
 
 static int dlsym_many_or_warnv(void *dl, int log_level, va_list ap) {
         void (**fn)(void);

src/basic/dlfcn-util.h

@@ -3,6 +3,7 @@
 
 #include <dlfcn.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 static inline void* safe_dlclose(void *dl) {

src/basic/efivars.c

@@ -15,6 +15,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "memory-util.h"
 #include "missing_fs.h"

src/basic/env-file.c

@@ -7,6 +7,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "log.h"
 #include "string-util.h"
 #include "strv.h"
 #include "tmpfile-util.h"

src/basic/env-util.c

@@ -11,6 +11,7 @@
 #include "errno-util.h"
 #include "escape.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "path-util.h"
@@ -546,7 +547,7 @@ char* strv_env_get_n(char * const *l, const char *name, size_t k, ReplaceEnvFlag
                         return NULL;
 
                 t = strndupa_safe(name, k);
-                return getenv(t);
+                return secure_getenv(t);
         };
 
         return NULL;
@@ -1105,7 +1106,7 @@ int getenv_steal_erase(const char *name, char **ret) {
          * it from there. Usecase: reading passwords from the env block (which is a bad idea, but useful for
          * testing, and given that people are likely going to misuse this, be thorough) */
 
-        e = getenv(name);
+        e = secure_getenv(name);
         if (!e) {
                 if (ret)
                         *ret = NULL;

src/basic/errno-util.h

@@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 /* strerror(3) says that glibc uses a maximum length of 1024 bytes. */

src/basic/ether-addr-util.c

@@ -8,6 +8,7 @@
 
 #include "ether-addr-util.h"
 #include "hexdecoct.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 

src/basic/fd-util.c

@@ -15,6 +15,7 @@
 #include "fileio.h"
 #include "fs-util.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "missing_fcntl.h"
 #include "missing_fs.h"
@@ -1001,13 +1002,13 @@ int fd_verify_safe_flags_full(int fd, int extra_flags) {
         if (flags < 0)
                 return -errno;
 
-        unexpected_flags = flags & ~(O_ACCMODE|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
+        unexpected_flags = flags & ~(O_ACCMODE_STRICT|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
         if (unexpected_flags != 0)
                 return log_debug_errno(SYNTHETIC_ERRNO(EREMOTEIO),
                                        "Unexpected flags set for extrinsic fd: 0%o",
                                        (unsigned) unexpected_flags);
 
-        return flags & (O_ACCMODE | extra_flags); /* return the flags variable, but remove the noise */
+        return flags & (O_ACCMODE_STRICT | extra_flags); /* return the flags variable, but remove the noise */
 }
 
 int read_nr_open(void) {
@@ -1132,7 +1133,7 @@ int fds_are_same_mount(int fd1, int fd2) {
 }
 
 const char* accmode_to_string(int flags) {
-        switch (flags & O_ACCMODE) {
+        switch (flags & O_ACCMODE_STRICT) {
         case O_RDONLY:
                 return "ro";
         case O_WRONLY:

src/basic/fd-util.h

@@ -8,6 +8,7 @@
 #include <sys/socket.h>
 
 #include "macro.h"
+#include "memory-util.h"
 #include "missing_fcntl.h"
 #include "stdio-util.h"
 

src/basic/format-ifname.c

@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "format-ifname.h"
+#include "log.h"
+#include "stdio-util.h"
 #include "string-util.h"
 
 assert_cc(STRLEN("%") + DECIMAL_STR_MAX(int) <= IF_NAMESIZE);

src/basic/fs-util.c

@@ -1036,7 +1036,7 @@ int open_mkdir_at_full(int dirfd, const char *path, int flags, XOpenFlags xopen_
 
         if (flags & ~(O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_EXCL|O_NOATIME|O_NOFOLLOW|O_PATH))
                 return -EINVAL;
-        if ((flags & O_ACCMODE) != O_RDONLY)
+        if ((flags & O_ACCMODE_STRICT) != O_RDONLY)
                 return -EINVAL;
 
         /* Note that O_DIRECTORY|O_NOFOLLOW is implied, but we allow specifying it anyway. The following

src/basic/gcrypt-util.c

@@ -4,6 +4,7 @@
 
 #include "gcrypt-util.h"
 #include "hexdecoct.h"
+#include "log.h"
 
 static void *gcrypt_dl = NULL;
 

src/basic/gcrypt-util.h

@@ -11,6 +11,7 @@
 
 #include "dlfcn-util.h"
 #include "macro.h"
+#include "memory-util.h"
 
 extern DLSYM_PROTOTYPE(gcry_md_close);
 extern DLSYM_PROTOTYPE(gcry_md_copy);

src/basic/glob-util.c

@@ -8,6 +8,7 @@
 #include "dirent-util.h"
 #include "errno-util.h"
 #include "glob-util.h"
+#include "log.h"
 #include "macro.h"
 #include "path-util.h"
 #include "strv.h"

src/basic/hashmap.c

@@ -12,6 +12,7 @@
 #include "alloc-util.h"
 #include "fileio.h"
 #include "hashmap.h"
+#include "log.h"
 #include "logarithm.h"
 #include "macro.h"
 #include "memory-util.h"
@@ -912,24 +913,20 @@ static void hashmap_free_no_clear(HashmapBase *h) {
                 free(h);
 }
 
-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+HashmapBase* _hashmap_free(HashmapBase *h) {
         if (h) {
-                _hashmap_clear(h, default_free_key, default_free_value);
+                _hashmap_clear(h);
                 hashmap_free_no_clear(h);
         }
 
         return NULL;
 }
 
-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+void _hashmap_clear(HashmapBase *h) {
-        free_func_t free_key, free_value;
         if (!h)
                 return;
 
-        free_key = h->hash_ops->free_key ?: default_free_key;
+        if (h->hash_ops->free_key || h->hash_ops->free_value) {
-        free_value = h->hash_ops->free_value ?: default_free_value;
-
-        if (free_key || free_value) {
 
                 /* If destructor calls are defined, let's destroy things defensively: let's take the item out of the
                  * hash table, and only then call the destructor functions. If these destructors then try to unregister
@@ -941,11 +938,11 @@ void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t de
 
                         v = _hashmap_first_key_and_value(h, true, &k);
 
-                        if (free_key)
+                        if (h->hash_ops->free_key)
-                                free_key(k);
+                                h->hash_ops->free_key(k);
 
-                        if (free_value)
+                        if (h->hash_ops->free_value)
-                                free_value(v);
+                                h->hash_ops->free_value(v);
                 }
         }
 
@@ -1780,7 +1777,7 @@ HashmapBase* _hashmap_copy(HashmapBase *h  HASHMAP_DEBUG_PARAMS) {
         }
 
         if (r < 0)
-                return _hashmap_free(copy, NULL, NULL);
+                return _hashmap_free(copy);
 
         return copy;
 }
@@ -1805,6 +1802,23 @@ char** _hashmap_get_strv(HashmapBase *h) {
         return sv;
 }
 
+char** set_to_strv(Set **s) {
+        assert(s);
+
+        /* This is similar to set_get_strv(), but invalidates the set on success. */
+
+        char **v = new(char*, set_size(*s) + 1);
+        if (!v)
+                return NULL;
+
+        for (char **p = v; (*p = set_steal_first(*s)); p++)
+                ;
+
+        assert(set_isempty(*s));
+        *s = set_free(*s);
+        return v;
+}
+
 void* ordered_hashmap_next(OrderedHashmap *h, const void *key) {
         struct ordered_hashmap_entry *e;
         unsigned hash, idx;