2026-04-11 09:34:51 +02:00
12 changed files with 21 additions and 116 deletions
--- a/9
+++ b/9
@ -188,11 +188,10 @@ CHANGES WITH 250 in spe:
          during build-time.
        * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
-          settings that default to 200 and 2 s respectively. The ratelimit
+          that default to '200' and '2s' respectively. This ensures that a path
-          ensures that a path unit cannot cause PID1 to busy-loop when it is
+          unit cannot cause pid1 to busy loop when it is trying to trigger a
-          trying to trigger a service that is skipped because of a Condition*=
+          service that is skipped because of a Condition*= not being satisfied.
-          not being satisfied. This matches the configuration and behaviour of
+          This matches the configuration and behaviour of socket units.
          socket units.
        * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
          as a plug-in for cryptsetup. This means the plain cryptsetup command
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@ -76,55 +76,6 @@
        unreliable.</para></listitem>
      </varlistentry>
    </variablelist>
    <variablelist class='environment-variables'>
      <varlistentry>
        <term><varname>$SYSTEMD_NSS_RESOLVE_SYNTHESIZE</varname></term>
        <listitem><para>Takes a boolean argument. When false, synthetic records, e.g. for the local host
        name, will not be returned. See section SYNTHETIC RECORDS in
        <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
        for more information. This may be useful to query the "public" resource records, independent of the
        configuration of the local machine.</para></listitem>
      </varlistentry>
    </variablelist>
    <variablelist class='environment-variables'>
      <varlistentry>
        <term><varname>$SYSTEMD_NSS_RESOLVE_CACHE</varname></term>
        <listitem><para>Takes a boolean argument. When false, the cache of previously queried records will
        not be used by <filename>systemd-resolved</filename>.</para></listitem>
      </varlistentry>
    </variablelist>
    <variablelist class='environment-variables'>
      <varlistentry>
        <term><varname>$SYSTEMD_NSS_RESOLVE_ZONE</varname></term>
        <listitem><para>Takes a boolean argument. When false, answers using locally registered public
        LLMNR/mDNS resource records will not be returned.</para></listitem>
      </varlistentry>
    </variablelist>
    <variablelist class='environment-variables'>
      <varlistentry>
        <term><varname>$SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR</varname></term>
        <listitem><para>Takes a boolean argument. When false, answers using locally configured trust anchors
        will not be used.</para></listitem>
      </varlistentry>
    </variablelist>
    <variablelist class='environment-variables'>
      <varlistentry>
        <term><varname>$SYSTEMD_NSS_RESOLVE_NETWORK</varname></term>
        <listitem><para>Takes a boolean argument. When false, answers will be returned without using the
        network, i.e. either from local sources or the cache in <filename>systemd-resolved</filename>.
        </para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
--- a/src/journal/journald-file.c
+++ b/src/journal/journald-file.c
@ -81,7 +81,7 @@ static int journald_file_entry_array_punch_hole(JournalFile *f, uint64_t p, uint
 static int journald_file_punch_holes(JournalFile *f) {
        HashItem items[PAYLOAD_BUFFER_SIZE / sizeof(HashItem)];
        uint64_t p, sz;
-        ssize_t n = SSIZE_MAX;
+        ssize_t n;
        int r;
        r = journald_file_entry_array_punch_hole(
@ -92,14 +92,11 @@ static int journald_file_punch_holes(JournalFile *f) {
        p = le64toh(f->header->data_hash_table_offset);
        sz = le64toh(f->header->data_hash_table_size);
-        for (uint64_t i = p; i < p + sz && n > 0; i += n) {
+        for (uint64_t i = p; i < p + sz; i += n) {
                n = pread(f->fd, items, MIN(sizeof(items), p + sz - i), i);
                if (n < 0)
                        return n;
                /* Let's ignore any partial hash items by rounding down to the nearest multiple of HashItem. */
                n -= n % sizeof(HashItem);
                for (size_t j = 0; j < (size_t) n / sizeof(HashItem); j++) {
                        Object o;
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@ -198,29 +198,19 @@ static const JsonDispatch address_parameters_dispatch_table[] = {
        {}
 };
-static uint64_t query_flag(
+static uint64_t query_flags(void) {
-                const char *name,
+        uint64_t f = 0;
                const int value,
                uint64_t flag) {
        int r;
-        r = getenv_bool_secure(name);
+        /* Allow callers to turn off validation, when we resolve via nss-resolve */
        if (r >= 0)
                return r == value ? flag : 0;
        if (r != -ENXIO)
                log_debug_errno(r, "Failed to parse $%s, ignoring.", name);
        return 0;
 }
-static uint64_t query_flags(void) {
+        r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE");
-        /* Allow callers to turn off validation, synthetization, caching, etc., when we resolve via
+        if (r < 0 && r != -ENXIO)
-         * nss-resolve. */
+                log_debug_errno(r, "Failed to parse $SYSTEMD_NSS_RESOLVE_VALIDATE value, ignoring.");
-        return  query_flag("SYSTEMD_NSS_RESOLVE_VALIDATE", 0, SD_RESOLVED_NO_VALIDATE) |
+        else if (r == 0)
-                query_flag("SYSTEMD_NSS_RESOLVE_SYNTHESIZE", 0, SD_RESOLVED_NO_SYNTHESIZE) |
+                f |= SD_RESOLVED_NO_VALIDATE;
-                query_flag("SYSTEMD_NSS_RESOLVE_CACHE", 0, SD_RESOLVED_NO_CACHE) |
+
-                query_flag("SYSTEMD_NSS_RESOLVE_ZONE", 0, SD_RESOLVED_NO_ZONE) |
+        return f;
                query_flag("SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR", 0, SD_RESOLVED_NO_TRUST_ANCHOR) |
                query_flag("SYSTEMD_NSS_RESOLVE_NETWORK", 0, SD_RESOLVED_NO_NETWORK);
 }
 enum nss_status _nss_resolve_gethostbyname4_r(
--- a/src/test/test-nss-hosts.c
+++ b/src/test/test-nss-hosts.c
@ -7,7 +7,6 @@
 #include "af-list.h"
 #include "alloc-util.h"
 #include "dlfcn-util.h"
 #include "env-util.h"
 #include "errno-list.h"
 #include "format-util.h"
 #include "hexdecoct.h"
@ -136,9 +135,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
        if (STR_IN_SET(module, "resolve", "mymachines") && status == NSS_STATUS_UNAVAIL)
                return;
-        if (STR_IN_SET(module, "myhostname", "resolve") &&
+        if (STR_IN_SET(module, "myhostname", "resolve") && streq(name, "localhost")) {
            streq(name, "localhost") &&
            getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
                assert_se(status == NSS_STATUS_SUCCESS);
                assert_se(n == 2);
        }
--- a/src/timedate/timedatectl.c
+++ b/src/timedate/timedatectl.c
@ -742,7 +742,7 @@ static int print_timesync_property(const char *name, const char *expected_value,
                        printf(" ReceiveTimestamp=%s,", FORMAT_TIMESTAMP(i.recv));
                        printf(" TransmitTimestamp=%s,", FORMAT_TIMESTAMP(i.trans));
                        printf(" DestinationTimestamp=%s,", FORMAT_TIMESTAMP(i.dest));
-                        printf(" Ignored=%s, PacketCount=%" PRIu64 ",",
+                        printf(" Ignored=%s PacketCount=%" PRIu64 ",",
                               yes_no(i.spike), i.packet_count);
                        printf(" Jitter=%s }\n", FORMAT_TIMESPAN(i.jitter, 0));
--- a/test/TEST-29-PORTABLE/test.sh
+++ b/test/TEST-29-PORTABLE/test.sh
@ -21,6 +21,7 @@ test_append_files() {
        instmods overlay =overlayfs
        install_dmevent
        generate_module_dependencies
        inst_binary losetup
        inst_binary mksquashfs
        inst_binary unsquashfs
        install_verity_minimal
--- a/test/TEST-50-DISSECT/test.sh
+++ b/test/TEST-50-DISSECT/test.sh
@ -27,6 +27,7 @@ test_append_files() {
        instmods overlay =overlayfs
        install_dmevent
        generate_module_dependencies
        inst_binary losetup
        inst_binary wc
        if command -v openssl >/dev/null 2>&1; then
            inst_binary openssl
--- a/test/TEST-63-ISSUE-17433/test.sh
+++ b/test/TEST-63-ISSUE-17433/test.sh
@ -7,16 +7,4 @@ TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433"
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"
 test_append_files() {
    (
        # Collecting coverage slows this particular test quite a bit, causing
        # it to fail with the default settings (20 triggers per 2 secs)
        # to trip over the default limit. Let's help it a bit in such case.
        if get_bool "$IS_BUILT_WITH_COVERAGE"; then
            mkdir -p "${initdir:?}/etc/systemd/system/test63.path.d"
            printf "[Path]\nTriggerLimitIntervalSec=10\n" >"${initdir:?}/etc/systemd/system/test63.path.d/coverage-override.conf"
        fi
    )
 }
 do_test "$@"
--- a/test/TEST-67-INTEGRITY/test.sh
+++ b/test/TEST-67-INTEGRITY/test.sh
@ -15,6 +15,7 @@ test_append_files() {(
    instmods loop =block
    instmods dm_integrity =md
    inst_binary losetup
    inst_binary integritysetup
    inst_binary blkid
    install_dmevent
--- a/test/test-functions
+++ b/test/test-functions
@ -154,7 +154,6 @@ BASICTOOLS=(
    ln
    loadkeys
    login
    losetup
    lz4cat
    mkfifo
    mktemp
--- a/test/units/testsuite-58.sh
+++ b/test/units/testsuite-58.sh
@ -116,25 +116,6 @@ grep -qxF '/var/tmp/testsuite-58.3.img3 : start=     3662944, size=    17308536,
 rm /var/tmp/testsuite-58.3.img /tmp/testsuite-58.3.dump
 rm -r /tmp/testsuite-58.3-defs/
 # testcase for #21817
 mkdir -p /tmp/testsuite-58-issue-21817-defs/
 truncate -s 100m /tmp/testsuite-58-issue-21817.img
 LOOP=$(losetup -P --show -f /tmp/testsuite-58-issue-21817.img)
 printf 'size=50M,type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709\n,\n' | sfdisk -X gpt /tmp/testsuite-58-issue-21817.img
 cat >/tmp/testsuite-58-issue-21817-defs/test.conf <<EOF
 [Partition]
 Type=root
 EOF
 systemd-repart --pretty=yes --definitions /tmp/testsuite-58-issue-21817-defs/ "$LOOP"
 sfdisk --dump "$LOOP" | tee /tmp/testsuite-58-issue-21817.dump
 losetup -d "$LOOP"
 grep -qF 'p1 : start=        2048, size=      102400, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709,' /tmp/testsuite-58-issue-21817.dump
 grep -qF 'p2 : start=      104448, size=      100319,' /tmp/testsuite-58-issue-21817.dump
 rm /tmp/testsuite-58-issue-21817.img /tmp/testsuite-58-issue-21817.dump
 rm -r /tmp/testsuite-58-issue-21817-defs/
 echo OK >/testok
 exit 0