2026-04-11 09:34:51 +02:00
12 changed files with 21 additions and 116 deletions
--- a/9
+++ b/9
@ -188,11 +188,10 @@ CHANGES WITH 250 in spe:
          during build-time.

        * Path units gained new TriggerLimitBurst= and TriggerLimitIntervalSec=
-          settings that default to 200 and 2 s respectively. The ratelimit
-          ensures that a path unit cannot cause PID1 to busy-loop when it is
-          trying to trigger a service that is skipped because of a Condition*=
-          not being satisfied. This matches the configuration and behaviour of
-          socket units.
+          that default to '200' and '2s' respectively. This ensures that a path
+          unit cannot cause pid1 to busy loop when it is trying to trigger a
+          service that is skipped because of a Condition*= not being satisfied.
+          This matches the configuration and behaviour of socket units.

        * The TPM2/FIDO2/PKCS11 support in systemd-cryptsetup is now also built
          as a plug-in for cryptsetup. This means the plain cryptsetup command
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@ -76,55 +76,6 @@
        unreliable.</para></listitem>
      </varlistentry>
    </variablelist>
-
-    <variablelist class='environment-variables'>
-      <varlistentry>
-        <term><varname>$SYSTEMD_NSS_RESOLVE_SYNTHESIZE</varname></term>
-
-        <listitem><para>Takes a boolean argument. When false, synthetic records, e.g. for the local host
-        name, will not be returned. See section SYNTHETIC RECORDS in
-        <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-        for more information. This may be useful to query the "public" resource records, independent of the
-        configuration of the local machine.</para></listitem>
-      </varlistentry>
-    </variablelist>
-
-    <variablelist class='environment-variables'>
-      <varlistentry>
-        <term><varname>$SYSTEMD_NSS_RESOLVE_CACHE</varname></term>
-
-        <listitem><para>Takes a boolean argument. When false, the cache of previously queried records will
-        not be used by <filename>systemd-resolved</filename>.</para></listitem>
-      </varlistentry>
-    </variablelist>
-
-    <variablelist class='environment-variables'>
-      <varlistentry>
-        <term><varname>$SYSTEMD_NSS_RESOLVE_ZONE</varname></term>
-
-        <listitem><para>Takes a boolean argument. When false, answers using locally registered public
-        LLMNR/mDNS resource records will not be returned.</para></listitem>
-      </varlistentry>
-    </variablelist>
-
-    <variablelist class='environment-variables'>
-      <varlistentry>
-        <term><varname>$SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR</varname></term>
-
-        <listitem><para>Takes a boolean argument. When false, answers using locally configured trust anchors
-        will not be used.</para></listitem>
-      </varlistentry>
-    </variablelist>
-
-    <variablelist class='environment-variables'>
-      <varlistentry>
-        <term><varname>$SYSTEMD_NSS_RESOLVE_NETWORK</varname></term>
-
-        <listitem><para>Takes a boolean argument. When false, answers will be returned without using the
-        network, i.e. either from local sources or the cache in <filename>systemd-resolved</filename>.
-        </para></listitem>
-      </varlistentry>
-    </variablelist>
  </refsect1>

  <refsect1>
--- a/src/journal/journald-file.c
+++ b/src/journal/journald-file.c
@ -81,7 +81,7 @@ static int journald_file_entry_array_punch_hole(JournalFile *f, uint64_t p, uint
 static int journald_file_punch_holes(JournalFile *f) {
        HashItem items[PAYLOAD_BUFFER_SIZE / sizeof(HashItem)];
        uint64_t p, sz;
-        ssize_t n = SSIZE_MAX;
+        ssize_t n;
        int r;

        r = journald_file_entry_array_punch_hole(
@ -92,14 +92,11 @@ static int journald_file_punch_holes(JournalFile *f) {
        p = le64toh(f->header->data_hash_table_offset);
        sz = le64toh(f->header->data_hash_table_size);

-        for (uint64_t i = p; i < p + sz && n > 0; i += n) {
+        for (uint64_t i = p; i < p + sz; i += n) {
                n = pread(f->fd, items, MIN(sizeof(items), p + sz - i), i);
                if (n < 0)
                        return n;

-                /* Let's ignore any partial hash items by rounding down to the nearest multiple of HashItem. */
-                n -= n % sizeof(HashItem);
-
                for (size_t j = 0; j < (size_t) n / sizeof(HashItem); j++) {
                        Object o;

--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@ -198,29 +198,19 @@ static const JsonDispatch address_parameters_dispatch_table[] = {
        {}
 };

-static uint64_t query_flag(
-                const char *name,
-                const int value,
-                uint64_t flag) {
+static uint64_t query_flags(void) {
+        uint64_t f = 0;
        int r;

-        r = getenv_bool_secure(name);
-        if (r >= 0)
-                return r == value ? flag : 0;
-        if (r != -ENXIO)
-                log_debug_errno(r, "Failed to parse $%s, ignoring.", name);
-        return 0;
-}
+        /* Allow callers to turn off validation, when we resolve via nss-resolve */

-static uint64_t query_flags(void) {
-        /* Allow callers to turn off validation, synthetization, caching, etc., when we resolve via
-         * nss-resolve. */
-        return  query_flag("SYSTEMD_NSS_RESOLVE_VALIDATE", 0, SD_RESOLVED_NO_VALIDATE) |
-                query_flag("SYSTEMD_NSS_RESOLVE_SYNTHESIZE", 0, SD_RESOLVED_NO_SYNTHESIZE) |
-                query_flag("SYSTEMD_NSS_RESOLVE_CACHE", 0, SD_RESOLVED_NO_CACHE) |
-                query_flag("SYSTEMD_NSS_RESOLVE_ZONE", 0, SD_RESOLVED_NO_ZONE) |
-                query_flag("SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR", 0, SD_RESOLVED_NO_TRUST_ANCHOR) |
-                query_flag("SYSTEMD_NSS_RESOLVE_NETWORK", 0, SD_RESOLVED_NO_NETWORK);
+        r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE");
+        if (r < 0 && r != -ENXIO)
+                log_debug_errno(r, "Failed to parse $SYSTEMD_NSS_RESOLVE_VALIDATE value, ignoring.");
+        else if (r == 0)
+                f |= SD_RESOLVED_NO_VALIDATE;
+
+        return f;
 }

 enum nss_status _nss_resolve_gethostbyname4_r(
--- a/src/test/test-nss-hosts.c
+++ b/src/test/test-nss-hosts.c
@ -7,7 +7,6 @@
 #include "af-list.h"
 #include "alloc-util.h"
 #include "dlfcn-util.h"
-#include "env-util.h"
 #include "errno-list.h"
 #include "format-util.h"
 #include "hexdecoct.h"
@ -136,9 +135,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
        if (STR_IN_SET(module, "resolve", "mymachines") && status == NSS_STATUS_UNAVAIL)
                return;

-        if (STR_IN_SET(module, "myhostname", "resolve") &&
-            streq(name, "localhost") &&
-            getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
+        if (STR_IN_SET(module, "myhostname", "resolve") && streq(name, "localhost")) {
                assert_se(status == NSS_STATUS_SUCCESS);
                assert_se(n == 2);
        }
--- a/src/timedate/timedatectl.c
+++ b/src/timedate/timedatectl.c
@ -742,7 +742,7 @@ static int print_timesync_property(const char *name, const char *expected_value,
                        printf(" ReceiveTimestamp=%s,", FORMAT_TIMESTAMP(i.recv));
                        printf(" TransmitTimestamp=%s,", FORMAT_TIMESTAMP(i.trans));
                        printf(" DestinationTimestamp=%s,", FORMAT_TIMESTAMP(i.dest));
-                        printf(" Ignored=%s, PacketCount=%" PRIu64 ",",
+                        printf(" Ignored=%s PacketCount=%" PRIu64 ",",
                               yes_no(i.spike), i.packet_count);
                        printf(" Jitter=%s }\n", FORMAT_TIMESPAN(i.jitter, 0));

--- a/test/TEST-29-PORTABLE/test.sh
+++ b/test/TEST-29-PORTABLE/test.sh
@ -21,6 +21,7 @@ test_append_files() {
        instmods overlay =overlayfs
        install_dmevent
        generate_module_dependencies
+        inst_binary losetup
        inst_binary mksquashfs
        inst_binary unsquashfs
        install_verity_minimal
--- a/test/TEST-50-DISSECT/test.sh
+++ b/test/TEST-50-DISSECT/test.sh
@ -27,6 +27,7 @@ test_append_files() {
        instmods overlay =overlayfs
        install_dmevent
        generate_module_dependencies
+        inst_binary losetup
        inst_binary wc
        if command -v openssl >/dev/null 2>&1; then
            inst_binary openssl
--- a/test/TEST-63-ISSUE-17433/test.sh
+++ b/test/TEST-63-ISSUE-17433/test.sh
@ -7,16 +7,4 @@ TEST_DESCRIPTION="https://github.com/systemd/systemd/issues/17433"
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"

-test_append_files() {
-    (
-        # Collecting coverage slows this particular test quite a bit, causing
-        # it to fail with the default settings (20 triggers per 2 secs)
-        # to trip over the default limit. Let's help it a bit in such case.
-        if get_bool "$IS_BUILT_WITH_COVERAGE"; then
-            mkdir -p "${initdir:?}/etc/systemd/system/test63.path.d"
-            printf "[Path]\nTriggerLimitIntervalSec=10\n" >"${initdir:?}/etc/systemd/system/test63.path.d/coverage-override.conf"
-        fi
-    )
-}
-
 do_test "$@"
--- a/test/TEST-67-INTEGRITY/test.sh
+++ b/test/TEST-67-INTEGRITY/test.sh
@ -15,6 +15,7 @@ test_append_files() {(
    instmods loop =block
    instmods dm_integrity =md

+    inst_binary losetup
    inst_binary integritysetup
    inst_binary blkid
    install_dmevent
--- a/test/test-functions
+++ b/test/test-functions
@ -154,7 +154,6 @@ BASICTOOLS=(
    ln
    loadkeys
    login
-    losetup
    lz4cat
    mkfifo
    mktemp
--- a/test/units/testsuite-58.sh
+++ b/test/units/testsuite-58.sh
@ -116,25 +116,6 @@ grep -qxF '/var/tmp/testsuite-58.3.img3 : start=     3662944, size=    17308536,
 rm /var/tmp/testsuite-58.3.img /tmp/testsuite-58.3.dump
 rm -r /tmp/testsuite-58.3-defs/

-# testcase for #21817
-mkdir -p /tmp/testsuite-58-issue-21817-defs/
-truncate -s 100m /tmp/testsuite-58-issue-21817.img
-LOOP=$(losetup -P --show -f /tmp/testsuite-58-issue-21817.img)
-printf 'size=50M,type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709\n,\n' | sfdisk -X gpt /tmp/testsuite-58-issue-21817.img
-cat >/tmp/testsuite-58-issue-21817-defs/test.conf <<EOF
-[Partition]
-Type=root
-EOF
-systemd-repart --pretty=yes --definitions /tmp/testsuite-58-issue-21817-defs/ "$LOOP"
-sfdisk --dump "$LOOP" | tee /tmp/testsuite-58-issue-21817.dump
-losetup -d "$LOOP"
-
-grep -qF 'p1 : start=        2048, size=      102400, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709,' /tmp/testsuite-58-issue-21817.dump
-grep -qF 'p2 : start=      104448, size=      100319,' /tmp/testsuite-58-issue-21817.dump
-
-rm /tmp/testsuite-58-issue-21817.img /tmp/testsuite-58-issue-21817.dump
-rm -r /tmp/testsuite-58-issue-21817-defs/
-
 echo OK >/testok

 exit 0