man/systemd.netdev.xml

@@ -183,8 +183,6 @@
           <row><entry><varname>ifb</varname></entry>
           <entry> The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic.</entry></row>
 
-          <row><entry><varname>bareudp</varname></entry>
-          <entry> Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of an UDP tunnel.</entry></row>
         </tbody>
       </tgroup>
     </table>
@@ -821,38 +819,6 @@
           <para>Accepts the same key in [VXLAN] section.</para>
         </listitem>
       </varlistentry>
-      <varlistentry>
-        <term><varname>Independent=</varname></term>
-        <listitem>
-          <para>Takes a boolean. When true, the vxlan interface is created without underlying interfaces.
-          Defaults to <literal>false</literal>.</para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>[BareUDP] Section Options</title>
-
-    <para>The [BareUDP] section only applies for
-    netdevs of kind <literal>bareudp</literal>, and accepts the
-    following keys:</para>
-
-    <variablelist class='network-directives'>
-      <varlistentry>
-        <term><varname>DestinationPort=</varname></term>
-        <listitem>
-          <para>Specifies the destination UDP port (in range 1…65535). This is mandatory.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><varname>EtherType=</varname></term>
-        <listitem>
-          <para>Specifies the L3 protocol. Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>mpls-uc</literal>
-          or <literal>mpls-mc</literal>. This is mandatory.</para>
-        </listitem>
-      </varlistentry>
     </variablelist>
   </refsect1>
 

po/it.po

@@ -3,22 +3,21 @@
 # Italian translation for systemd package
 # Traduzione in italiano per il pacchetto systemd
 # Daniele Medri <dmedri@gmail.com>, 2013-2020.
-# Milo Casagrande <milo@milo.name>, 2020.
+#
 msgid ""
 msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-08-19 18:02+0200\n"
-"PO-Revision-Date: 2020-09-15 08:29+0000\n"
-"Last-Translator: Milo Casagrande <milo@milo.name>\n"
-"Language-Team: Italian <https://translate.fedoraproject.org/projects/systemd/"
-"master/it/>\n"
+"PO-Revision-Date: 2020-02-27 17:22+0100\n"
+"Last-Translator: Daniele Medri <dmedri@gmail.com>\n"
+"Language-Team: Italian\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.2.2\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.2.1\n"
 
 #: src/core/org.freedesktop.systemd1.policy.in:22
 msgid "Send passphrase back to system"
@@ -28,7 +27,7 @@ msgstr "Invia la frase segreta (passphrase) al sistema"
 msgid ""
 "Authentication is required to send the entered passphrase back to the system."
 msgstr ""
-"È richiesto autenticarsi per inviare la frase segreta (passphrase) al "
+"Autenticazione richiesta per inviare la frase segreta (passphrase) al "
 "sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:33
@@ -38,7 +37,7 @@ msgstr "Gestisci i servizi o le altre unità di sistema"
 #: src/core/org.freedesktop.systemd1.policy.in:34
 msgid "Authentication is required to manage system services or other units."
 msgstr ""
-"È richiesto autenticarsi per gestire i servizi o le altre unità di sistema."
+"Autenticazione richiesta per gestire i servizi o le altre unità di sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:43
 msgid "Manage system service or unit files"
@@ -47,7 +46,7 @@ msgstr "Gestisci i file dei servizi o delle unità di sistema"
 #: src/core/org.freedesktop.systemd1.policy.in:44
 msgid "Authentication is required to manage system service or unit files."
 msgstr ""
-"È richiesto autenticarsi per gestire i file dei servizi o delle unità di "
+"Autenticazione richiesta per gestire i file dei servizi o delle unità di "
 "sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:54
@@ -60,7 +59,7 @@ msgid ""
 "Authentication is required to set or unset system and service manager "
 "environment variables."
 msgstr ""
-"È richiesto autenticarsi per configurare le variabili d'ambiente per la "
+"Autenticazione richiesta per configurare le variabili d'ambiente per la "
 "gestione dei servizi e del sistema."
 
 #: src/core/org.freedesktop.systemd1.policy.in:64
@@ -69,23 +68,27 @@ msgstr "Ricarica lo stato di systemd"
 
 #: src/core/org.freedesktop.systemd1.policy.in:65
 msgid "Authentication is required to reload the systemd state."
-msgstr "È richiesto autenticarsi per riavviare lo stato di sistemd."
+msgstr "Autenticazione richiesta per riavviare lo stato di sistemd."
 
 #: src/home/org.freedesktop.home1.policy:13
 msgid "Create a home area"
 msgstr "Crea un'area home"
 
 #: src/home/org.freedesktop.home1.policy:14
+#, fuzzy
+#| msgid "Authentication is required to creat a user's home area."
 msgid "Authentication is required to create a user's home area."
-msgstr "È richiesto autenticarsi per creare l'area home di un utente."
+msgstr "Autenticazione richiesta per creare un'area home per l'utente."
 
 #: src/home/org.freedesktop.home1.policy:23
 msgid "Remove a home area"
 msgstr "Rimuovi un'area home"
 
 #: src/home/org.freedesktop.home1.policy:24
+#, fuzzy
+#| msgid "Authentication is required to remov a user's home area."
 msgid "Authentication is required to remove a user's home area."
-msgstr "È richiesto autenticarsi per rimuovere l'area home di un utente."
+msgstr "Autenticazione richiesta per rimuovere un'area home per l'utente."
 
 #: src/home/org.freedesktop.home1.policy:33
 msgid "Check credentials of a home area"
@@ -95,7 +98,7 @@ msgstr "Controlla credenziali di un'area home"
 msgid ""
 "Authentication is required to check credentials against a user's home area."
 msgstr ""
-"È richiesto autenticarsi per controllare le credenziali di un'area home per "
+"Autenticazione richiesta per controllare le credenziali di un'area home per "
 "l'utente."
 
 #: src/home/org.freedesktop.home1.policy:43
@@ -103,27 +106,34 @@ msgid "Update a home area"
 msgstr "Aggiorna un'area home"
 
 #: src/home/org.freedesktop.home1.policy:44
+#, fuzzy
+#| msgid "Authentication is required to updat a user's home area."
 msgid "Authentication is required to update a user's home area."
-msgstr "È richiesto autenticarsi per aggiornare l'area home di un l'utente."
+msgstr "Autenticazione richiesta per aggiornare un'area home per l'utente."
 
 #: src/home/org.freedesktop.home1.policy:53
 msgid "Resize a home area"
 msgstr "Ridimensiona un'area home"
 
 #: src/home/org.freedesktop.home1.policy:54
+#, fuzzy
+#| msgid "Authentication is required to resiz a user's home area."
 msgid "Authentication is required to resize a user's home area."
-msgstr "È richiesto autenticarsi per ridimensionare l'area home di un'utente."
+msgstr "Autenticazione richiesta per ridimensionare l'area home dell'utente."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Change password of a home area"
-msgstr "Modifica password di un'area home"
+msgstr "Cambia password di un'area home"
 
 #: src/home/org.freedesktop.home1.policy:64
+#, fuzzy
+#| msgid ""
+#| "Authentication is required to chang the password of a user's home area."
 msgid ""
 "Authentication is required to change the password of a user's home area."
 msgstr ""
-"È richiesto autenticarsi per modificare la password dell'area home di un "
-"utente."
+"Autenticazione richiesta per cambiare le password per l'area home "
+"dell'utente."
 
 #: src/hostname/org.freedesktop.hostname1.policy:20
 msgid "Set hostname"
@@ -131,7 +141,7 @@ msgstr "Configura il nome host"
 
 #: src/hostname/org.freedesktop.hostname1.policy:21
 msgid "Authentication is required to set the local hostname."
-msgstr "È richiesto autenticarsi per configurare il nome host locale."
+msgstr "Autenticazione richiesta per configurare il nome host locale."
 
 #: src/hostname/org.freedesktop.hostname1.policy:30
 msgid "Set static hostname"
@@ -142,7 +152,7 @@ msgid ""
 "Authentication is required to set the statically configured local hostname, "
 "as well as the pretty hostname."
 msgstr ""
-"È richiesto autenticarsi per configurare staticamente il nome host locale e "
+"Autenticazione richiesta per configurare staticamente il nome host locale e "
 "il nome host descrittivo."
 
 #: src/hostname/org.freedesktop.hostname1.policy:41
@@ -152,7 +162,7 @@ msgstr "Configura le informazioni sulla macchina"
 #: src/hostname/org.freedesktop.hostname1.policy:42
 msgid "Authentication is required to set local machine information."
 msgstr ""
-"È richiesto autenticarsi per configurare le informazioni sulla macchina "
+"Autenticazione richiesta per configurare le informazioni sulla macchina "
 "locale."
 
 #: src/hostname/org.freedesktop.hostname1.policy:51
@@ -161,7 +171,7 @@ msgstr "Ottieni UUID del prodotto"
 
 #: src/hostname/org.freedesktop.hostname1.policy:52
 msgid "Authentication is required to get product UUID."
-msgstr "È richiesto autenticarsi per ottenere lo UUID del prodotto."
+msgstr "Autenticazione richiesta per ottenere UUID del prodotto."
 
 #: src/import/org.freedesktop.import1.policy:22
 msgid "Import a VM or container image"
@@ -169,7 +179,7 @@ msgstr "Importa un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:23
 msgid "Authentication is required to import a VM or container image"
-msgstr "È richiesto autenticarsi per importare un'immagine VM o un container"
+msgstr "Autenticazione richiesta per importare un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:32
 msgid "Export a VM or container image"
@@ -177,7 +187,7 @@ msgstr "Esporta un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:33
 msgid "Authentication is required to export a VM or container image"
-msgstr "È richiesto autenticarsi per esportare un'immagine VM o un container"
+msgstr "Autenticazione richiesta per esportare un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:42
 msgid "Download a VM or container image"
@@ -185,7 +195,7 @@ msgstr "Scarica un'immagine VM o un container"
 
 #: src/import/org.freedesktop.import1.policy:43
 msgid "Authentication is required to download a VM or container image"
-msgstr "È richiesto autenticarsi per scaricare un'immagine VM o un container"
+msgstr "Autenticazione richiesta per scaricare un'immagine VM o un container"
 
 #: src/locale/org.freedesktop.locale1.policy:22
 msgid "Set system locale"
@@ -194,7 +204,7 @@ msgstr "Configura le impostazioni regionali di sistema"
 #: src/locale/org.freedesktop.locale1.policy:23
 msgid "Authentication is required to set the system locale."
 msgstr ""
-"È richiesto autenticarsi per configurare le impostazioni regionali di "
+"Autenticazione richiesta per configurare le impostazioni regionali di "
 "sistema."
 
 #: src/locale/org.freedesktop.locale1.policy:33
@@ -203,7 +213,7 @@ msgstr "Configura la tastiera di sistema"
 
 #: src/locale/org.freedesktop.locale1.policy:34
 msgid "Authentication is required to set the system keyboard settings."
-msgstr "È richiesto autenticarsi per configurare la tastiera di sistema."
+msgstr "Autenticazione richiesta per configurare la tastiera di sistema."
 
 #: src/login/org.freedesktop.login1.policy:22
 msgid "Allow applications to inhibit system shutdown"
@@ -213,7 +223,7 @@ msgstr "Consenti alle applicazioni di inibire lo spegnimento del sistema"
 msgid ""
 "Authentication is required for an application to inhibit system shutdown."
 msgstr ""
-"È richiesto autenticarsi per un'applicazione per inibire lo spegnimento del "
+"Autenticazione richiesta per un'applicazione per inibire lo spegnimento del "
 "sistema."
 
 #: src/login/org.freedesktop.login1.policy:33
@@ -223,55 +233,54 @@ msgstr "Consenti alle applicazioni di ritardare lo spegnimento del sistema"
 #: src/login/org.freedesktop.login1.policy:34
 msgid "Authentication is required for an application to delay system shutdown."
 msgstr ""
-"È richiesto autenticarsi ad un'applicazione per ritardare lo spegnimento del "
+"Autenticazione richiesta ad un'applicazione per ritardare lo spegnimento del "
 "sistema."
 
 #: src/login/org.freedesktop.login1.policy:44
 msgid "Allow applications to inhibit system sleep"
-msgstr "Consenti alle applicazioni di inibire la pausa del sistema"
+msgstr "Consenti alle applicazioni di inibire il sistema in pausa"
 
 #: src/login/org.freedesktop.login1.policy:45
 msgid "Authentication is required for an application to inhibit system sleep."
 msgstr ""
-"È richiesto autenticarsi affinché un'applicazione possa inibire la pausa del "
-"sistema."
+"Autenticazione richiesta ad un'applicazione per inibire il sistema in pausa."
 
 #: src/login/org.freedesktop.login1.policy:55
 msgid "Allow applications to delay system sleep"
-msgstr "Consenti alle applicazioni di ritardare la pausa del sistema"
+msgstr "Consenti alle applicazioni di ritardare il sistema in pausa"
 
 #: src/login/org.freedesktop.login1.policy:56
 msgid "Authentication is required for an application to delay system sleep."
 msgstr ""
-"È richiesto autenticarsi affinché un'applicazione possa ritardare la pausa "
-"del sistema."
+"Autenticazione richiesta ad un'applicazione per ritardare il sistema in "
+"pausa."
 
 #: src/login/org.freedesktop.login1.policy:65
 msgid "Allow applications to inhibit automatic system suspend"
 msgstr ""
-"Consenti alle applicazioni di inibire la sospensione automatica del sistema"
+"Consenti alle applicazioni di inibire la sospesione automatica del sistema"
 
 #: src/login/org.freedesktop.login1.policy:66
 msgid ""
 "Authentication is required for an application to inhibit automatic system "
 "suspend."
 msgstr ""
-"È richiesto autenticarsi affinché un'applicazione possa inibire la "
-"sospensione automatica del sistema."
+"Autenticazione richiesta ad un'applicazione per inibire la sospensione "
+"automatica del sistema."
 
 #: src/login/org.freedesktop.login1.policy:75
 msgid "Allow applications to inhibit system handling of the power key"
 msgstr ""
-"Consenti alle applicazioni di inibire la gestione di sistema del tasto "
-"accensione"
+"Consenti alle applicazioni di inibire la gestione di sistema del "
+"tastoaccensione"
 
 #: src/login/org.freedesktop.login1.policy:76
 msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the power key."
 msgstr ""
-"È richiesto autenticarsi affinché un'applicazione possa inibire la gestione "
-"di sistema del tasto accensione."
+"Autenticazione richiesta per un'applicazione per inibire la gestione di "
+"sistema del tasto accensione."
 
 #: src/login/org.freedesktop.login1.policy:86
 msgid "Allow applications to inhibit system handling of the suspend key"
@@ -284,8 +293,8 @@ msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the suspend key."
 msgstr ""
-"È richiesto autenticarsi affinché un'applicazione possa inibire la gestione "
-"di sistema del tasto di sospensione."
+"Autenticazione richiesta ad un'applicazione per inibire la gestione di "
+"sistema del tasto di sospensione."
 
 #: src/login/org.freedesktop.login1.policy:97
 msgid "Allow applications to inhibit system handling of the hibernate key"
@@ -298,8 +307,8 @@ msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the hibernate key."
 msgstr ""
-"È richiesto autenticarsi affinché un'applicazione possa inibire la gestione "
-"di sistema del tasto di ibernazione."
+"Autenticazione richiesta ad un'applicazione per inibire la gestione di "
+"sistema del tasto di ibernazione."
 
 #: src/login/org.freedesktop.login1.policy:107
 msgid "Allow applications to inhibit system handling of the lid switch"
@@ -312,7 +321,7 @@ msgid ""
 "Authentication is required for an application to inhibit system handling of "
 "the lid switch."
 msgstr ""
-"È richiesto autenticarsi per consentire a un'applicazione di inibire la "
+"Autenticazione richiesta per consentire ad un'applicazione di inibire la "
 "gestione di sistema alla apertura/chiusura del portatile."
 
 #: src/login/org.freedesktop.login1.policy:117
@@ -322,7 +331,7 @@ msgstr "Consenti agli utenti non connessi di eseguire programmi"
 #: src/login/org.freedesktop.login1.policy:118
 msgid "Explicit request is required to run programs as a non-logged-in user."
 msgstr ""
-"È necessaria una richiesta esplicita per eseguire programmi come utenti non "
+"E' necessaria un'esplicita richiesta per eseguire programmi come utenti non "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:127
@@ -332,7 +341,7 @@ msgstr "Consenti agli utenti non connessi di eseguire programmi"
 #: src/login/org.freedesktop.login1.policy:128
 msgid "Authentication is required to run programs as a non-logged-in user."
 msgstr ""
-"È richiesto autenticarsi per consentire agli utenti non connessi di eseguire "
+"Autenticazione richiesta per consentire agli utenti non connessi di eseguire "
 "programmi."
 
 #: src/login/org.freedesktop.login1.policy:137
@@ -342,7 +351,7 @@ msgstr "Consenti di collegare dispositivi alle postazioni"
 #: src/login/org.freedesktop.login1.policy:138
 msgid "Authentication is required to attach a device to a seat."
 msgstr ""
-"È richiesto autenticarsi per collegare un dispositivo ad una postazione."
+"Autenticazione richiesta per collegare un dispositivo ad una postazione."
 
 #: src/login/org.freedesktop.login1.policy:148
 msgid "Flush device to seat attachments"
@@ -351,7 +360,7 @@ msgstr "Scollega i dispositivi dalla postazione"
 #: src/login/org.freedesktop.login1.policy:149
 msgid "Authentication is required to reset how devices are attached to seats."
 msgstr ""
-"È richiesto autenticarsi per ripristinare come i dispositivi sono collegati "
+"Autenticazione richiesta per ripristinare come i dispositivi sono collegati "
 "alle postazioni."
 
 #: src/login/org.freedesktop.login1.policy:158
@@ -360,7 +369,7 @@ msgstr "Spegni il sistema"
 
 #: src/login/org.freedesktop.login1.policy:159
 msgid "Authentication is required to power off the system."
-msgstr "È richiesto autenticarsi per spegnere il sistema."
+msgstr "Autenticazione richiesta per spegnere il sistema."
 
 #: src/login/org.freedesktop.login1.policy:169
 msgid "Power off the system while other users are logged in"
@@ -371,7 +380,7 @@ msgid ""
 "Authentication is required to power off the system while other users are "
 "logged in."
 msgstr ""
-"È richiesto autenticarsi per spegnere il sistema mentre altri utenti sono "
+"Autenticazione richiesta per spegnere il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:180
@@ -383,7 +392,7 @@ msgid ""
 "Authentication is required to power off the system while an application is "
 "inhibiting this."
 msgstr ""
-"È richiesto autenticarsi per spegnere il sistema mentre un'applicazione "
+"Autenticazione richiesta per spegnere il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:191
@@ -392,7 +401,7 @@ msgstr "Riavvia il sistema"
 
 #: src/login/org.freedesktop.login1.policy:192
 msgid "Authentication is required to reboot the system."
-msgstr "È richiesto autenticarsi per riavviare il sistema."
+msgstr "Autenticazione richiesta per riavviare il sistema."
 
 #: src/login/org.freedesktop.login1.policy:202
 msgid "Reboot the system while other users are logged in"
@@ -403,7 +412,7 @@ msgid ""
 "Authentication is required to reboot the system while other users are logged "
 "in."
 msgstr ""
-"È richiesto autenticarsi per riavviare il sistema mentre altri utenti sono "
+"Autenticazione richiesta per riavviare il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:213
@@ -415,7 +424,7 @@ msgid ""
 "Authentication is required to reboot the system while an application is "
 "inhibiting this."
 msgstr ""
-"È richiesto autenticarsi per riavviare il sistema mentre un'applicazione "
+"Autenticazione richiesta per riavviare il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:224
@@ -424,7 +433,7 @@ msgstr "Ferma il sistema"
 
 #: src/login/org.freedesktop.login1.policy:225
 msgid "Authentication is required to halt the system."
-msgstr "È richiesto autenticarsi per fermare il sistema."
+msgstr "Autenticazione richiesta per fermare il sistema."
 
 #: src/login/org.freedesktop.login1.policy:235
 msgid "Halt the system while other users are logged in"
@@ -435,7 +444,7 @@ msgid ""
 "Authentication is required to halt the system while other users are logged "
 "in."
 msgstr ""
-"È richiesto autenticarsi per fermare il sistema mentre altri utenti sono "
+"Autenticazione richiesta per fermare il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:246
@@ -447,7 +456,7 @@ msgid ""
 "Authentication is required to halt the system while an application is "
 "inhibiting this."
 msgstr ""
-"È richiesto autenticarsi per ibernare il sistema mentre un'applicazione ne "
+"Autenticazione richiesta per ibernare il sistema mentre un'applicazione ne "
 "inibisce l'azione."
 
 #: src/login/org.freedesktop.login1.policy:257
@@ -456,7 +465,7 @@ msgstr "Sospendi il sistema"
 
 #: src/login/org.freedesktop.login1.policy:258
 msgid "Authentication is required to suspend the system."
-msgstr "È richiesto autenticarsi per sospendere il sistema."
+msgstr "Autenticazione richiesta per sospendere il sistema."
 
 #: src/login/org.freedesktop.login1.policy:267
 msgid "Suspend the system while other users are logged in"
@@ -467,7 +476,7 @@ msgid ""
 "Authentication is required to suspend the system while other users are "
 "logged in."
 msgstr ""
-"È richiesto autenticarsi per sospendere il sistema mentre altri utenti sono "
+"Autenticazione richiesta per sospendere il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:278
@@ -479,7 +488,7 @@ msgid ""
 "Authentication is required to suspend the system while an application is "
 "inhibiting this."
 msgstr ""
-"È richiesto autenticarsi per sospendere il sistema mentre un'applicazione "
+"Autenticazione richiesta per sospendere il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:289
@@ -488,7 +497,7 @@ msgstr "Iberna il sistema"
 
 #: src/login/org.freedesktop.login1.policy:290
 msgid "Authentication is required to hibernate the system."
-msgstr "È richiesto autenticarsi per ibernare il sistema."
+msgstr "Autenticazione richiesta per ibernare il sistema."
 
 #: src/login/org.freedesktop.login1.policy:299
 msgid "Hibernate the system while other users are logged in"
@@ -499,7 +508,7 @@ msgid ""
 "Authentication is required to hibernate the system while other users are "
 "logged in."
 msgstr ""
-"È richiesto autenticarsi per ibernare il sistema mentre altri utenti sono "
+"Autenticazione richiesta per ibernare il sistema mentre altri utenti sono "
 "connessi."
 
 #: src/login/org.freedesktop.login1.policy:310
@@ -511,7 +520,7 @@ msgid ""
 "Authentication is required to hibernate the system while an application is "
 "inhibiting this."
 msgstr ""
-"È richiesto autenticarsi per ibernare il sistema mentre un'applicazione "
+"Autenticazione richiesta per ibernare il sistema mentre un'applicazione "
 "chiede di inibirne l'azione."
 
 #: src/login/org.freedesktop.login1.policy:321
@@ -521,7 +530,7 @@ msgstr "Gestione delle sessioni attive, utenti e postazioni"
 #: src/login/org.freedesktop.login1.policy:322
 msgid "Authentication is required to manage active sessions, users and seats."
 msgstr ""
-"È richiesto autenticarsi per gestire le sessioni attive, gli utenti e le "
+"Autenticazione richiesta per gestire le sessioni attive, gli utenti e le "
 "postazioni."
 
 #: src/login/org.freedesktop.login1.policy:331
@@ -530,7 +539,7 @@ msgstr "Blocca/sblocca sessioni attive"
 
 #: src/login/org.freedesktop.login1.policy:332
 msgid "Authentication is required to lock or unlock active sessions."
-msgstr "È richiesto autenticarsi per bloccare o sbloccare le sessioni attive."
+msgstr "Autenticazione richiesta per bloccare o sbloccare le sessioni attive."
 
 #: src/login/org.freedesktop.login1.policy:341
 msgid "Set the reboot \"reason\" in the kernel"
@@ -539,7 +548,7 @@ msgstr "Indica il \"motivo\" del riavvio nel kernel"
 #: src/login/org.freedesktop.login1.policy:342
 msgid "Authentication is required to set the reboot \"reason\" in the kernel."
 msgstr ""
-"È richiesto autenticarsi per configurare il \"motivo\" del riavvio nel "
+"Autenticazione richiesta per configurare il \"motivo\" del riavvio nel "
 "kernel."
 
 #: src/login/org.freedesktop.login1.policy:352
@@ -551,7 +560,7 @@ msgid ""
 "Authentication is required to indicate to the firmware to boot to setup "
 "interface."
 msgstr ""
-"È richiesto autenticarsi per indicare al firmware l'avvio di un'interfaccia "
+"Autenticazione richiesta per indicare al firmware l'avvio di un'interfaccia "
 "di configurazione."
 
 #: src/login/org.freedesktop.login1.policy:363
@@ -563,7 +572,7 @@ msgid ""
 "Authentication is required to indicate to the boot loader to boot to the "
 "boot loader menu."
 msgstr ""
-"È richiesto autenticarsi per indicate al boot loader l'avvio di uno "
+"Autenticazione richiesta per indicate al boot loader l'avvio di uno "
 "specifico menu."
 
 #: src/login/org.freedesktop.login1.policy:374
@@ -575,7 +584,7 @@ msgid ""
 "Authentication is required to indicate to the boot loader to boot into a "
 "specific boot loader entry."
 msgstr ""
-"È richiesto autenticarsi per indicare al boot loader l'avvio di una "
+"Autenticazione richiesta per indicare al boot loader l'avvio di una "
 "specifica voce in elenco."
 
 #: src/login/org.freedesktop.login1.policy:385
@@ -584,7 +593,7 @@ msgstr "Configura un messaggio per gli utenti"
 
 #: src/login/org.freedesktop.login1.policy:386
 msgid "Authentication is required to set a wall message"
-msgstr "È richiesto autenticarsi per configurare un messaggio per gli utenti"
+msgstr "Autenticazione richiesta per configurare un messaggio per gli utenti"
 
 #: src/login/org.freedesktop.login1.policy:395
 msgid "Change Session"
@@ -592,7 +601,7 @@ msgstr "Cambia sessione"
 
 #: src/login/org.freedesktop.login1.policy:396
 msgid "Authentication is required to change the virtual terminal."
-msgstr "È richiesto autenticarsi per cambiare il terminale virtuale."
+msgstr "Autenticazione richiesta per cambiare il terminale virtuale."
 
 #: src/machine/org.freedesktop.machine1.policy:22
 msgid "Log into a local container"
@@ -600,7 +609,7 @@ msgstr "Accedi ad un container locale"
 
 #: src/machine/org.freedesktop.machine1.policy:23
 msgid "Authentication is required to log into a local container."
-msgstr "È richiesto autenticarsi per accedere ad un container locale."
+msgstr "Autenticazione richiesta per accedere ad un container locale."
 
 #: src/machine/org.freedesktop.machine1.policy:32
 msgid "Log into the local host"
@@ -608,7 +617,7 @@ msgstr "Accedi in un host locale"
 
 #: src/machine/org.freedesktop.machine1.policy:33
 msgid "Authentication is required to log into the local host."
-msgstr "È richiesto autenticarsi per accedere ad un host locale."
+msgstr "Autenticazione richiesta per accedere ad un host locale."
 
 #: src/machine/org.freedesktop.machine1.policy:42
 msgid "Acquire a shell in a local container"
@@ -616,7 +625,7 @@ msgstr "Apri una shell in un container locale"
 
 #: src/machine/org.freedesktop.machine1.policy:43
 msgid "Authentication is required to acquire a shell in a local container."
-msgstr "È richiesto autenticarsi per aprire una shell in un container locale."
+msgstr "Autenticazione richiesta per aprire una shell in un container locale."
 
 #: src/machine/org.freedesktop.machine1.policy:53
 msgid "Acquire a shell on the local host"
@@ -624,7 +633,7 @@ msgstr "Apri una shell in un host locale"
 
 #: src/machine/org.freedesktop.machine1.policy:54
 msgid "Authentication is required to acquire a shell on the local host."
-msgstr "È richiesto autenticarsi per aprire una shell in un host locale."
+msgstr "Autenticazione richiesta per aprire una shell in un host locale."
 
 #: src/machine/org.freedesktop.machine1.policy:64
 msgid "Acquire a pseudo TTY in a local container"
@@ -634,7 +643,7 @@ msgstr "Apri un pseudo TTY in un container locale"
 msgid ""
 "Authentication is required to acquire a pseudo TTY in a local container."
 msgstr ""
-"È richiesto autenticarsi per aprire un pseudo TTY in un container locale."
+"Autenticazione richiesta per aprire un pseudo TTY in un container locale."
 
 #: src/machine/org.freedesktop.machine1.policy:74
 msgid "Acquire a pseudo TTY on the local host"
@@ -642,7 +651,7 @@ msgstr "Apri un pseudo TTY in un host locale"
 
 #: src/machine/org.freedesktop.machine1.policy:75
 msgid "Authentication is required to acquire a pseudo TTY on the local host."
-msgstr "È richiesto autenticarsi per aprire un pseudo TTY in un host locale."
+msgstr "Autenticazione richiesta per aprire un pseudo TTY in un host locale."
 
 #: src/machine/org.freedesktop.machine1.policy:84
 msgid "Manage local virtual machines and containers"
@@ -652,7 +661,7 @@ msgstr "Gestisci le virtual machine e i container locali"
 msgid ""
 "Authentication is required to manage local virtual machines and containers."
 msgstr ""
-"È richiesto autenticarsi per gestire le virtual machine e i container locali."
+"Autenticazione richiesta per gestire le virtual machine e i container locali."
 
 #: src/machine/org.freedesktop.machine1.policy:95
 msgid "Manage local virtual machine and container images"
@@ -663,7 +672,7 @@ msgid ""
 "Authentication is required to manage local virtual machine and container "
 "images."
 msgstr ""
-"È richiesto autenticarsi per gestire le immagini delle virtual machine e dei "
+"Autenticazione richiesta per gestire le immagini delle virtual machine e dei "
 "container locali."
 
 #: src/network/org.freedesktop.network1.policy:22
@@ -672,7 +681,7 @@ msgstr "Configura server NTP"
 
 #: src/network/org.freedesktop.network1.policy:23
 msgid "Authentication is required to set NTP servers."
-msgstr "È richiesto autenticarsi per configurare i server NTP."
+msgstr "Autenticazione richiesta per configurare i server NTP."
 
 #: src/network/org.freedesktop.network1.policy:33
 #: src/resolve/org.freedesktop.resolve1.policy:44
@@ -682,7 +691,7 @@ msgstr "Configura i server DNS"
 #: src/network/org.freedesktop.network1.policy:34
 #: src/resolve/org.freedesktop.resolve1.policy:45
 msgid "Authentication is required to set DNS servers."
-msgstr "È richiesto autenticarsi per configurare i server DNS."
+msgstr "Autenticazione richiesta per configurare i server DNS."
 
 #: src/network/org.freedesktop.network1.policy:44
 #: src/resolve/org.freedesktop.resolve1.policy:55
@@ -692,7 +701,7 @@ msgstr "Configura domini"
 #: src/network/org.freedesktop.network1.policy:45
 #: src/resolve/org.freedesktop.resolve1.policy:56
 msgid "Authentication is required to set domains."
-msgstr "È richiesto autenticarsi per configurare i domini."
+msgstr "Autenticazione richiesta per configurare i domini."
 
 #: src/network/org.freedesktop.network1.policy:55
 #: src/resolve/org.freedesktop.resolve1.policy:66
@@ -703,7 +712,7 @@ msgstr "Configura la tabella di instradamento"
 #: src/resolve/org.freedesktop.resolve1.policy:67
 msgid "Authentication is required to set default route."
 msgstr ""
-"È richiesto autenticarsi per configurare la tabella di instradamento "
+"Autenticazione richiesta per configurare la tabella di instradamento "
 "predefinita."
 
 #: src/network/org.freedesktop.network1.policy:66
@@ -714,7 +723,7 @@ msgstr "Abilita/disabilita LLMNR"
 #: src/network/org.freedesktop.network1.policy:67
 #: src/resolve/org.freedesktop.resolve1.policy:78
 msgid "Authentication is required to enable or disable LLMNR."
-msgstr "È richiesto autenticarsi per attivare/disattivare LLMNR."
+msgstr "Autenticazione richiesta per attivare/disattivare LLMNR."
 
 #: src/network/org.freedesktop.network1.policy:77
 #: src/resolve/org.freedesktop.resolve1.policy:88
@@ -724,7 +733,7 @@ msgstr "Abilita/disabilita DNS multicast"
 #: src/network/org.freedesktop.network1.policy:78
 #: src/resolve/org.freedesktop.resolve1.policy:89
 msgid "Authentication is required to enable or disable multicast DNS."
-msgstr "È richiesto autenticarsi per abilitare/disabilitare DNS multicast."
+msgstr "Autenticazione richiesta per abilitare/disabilitare DNS multicast."
 
 #: src/network/org.freedesktop.network1.policy:88
 #: src/resolve/org.freedesktop.resolve1.policy:99
@@ -734,7 +743,7 @@ msgstr "Abilita/disabilita DNS su TLS"
 #: src/network/org.freedesktop.network1.policy:89
 #: src/resolve/org.freedesktop.resolve1.policy:100
 msgid "Authentication is required to enable or disable DNS over TLS."
-msgstr "È richiesto autenticarsi per abilitare o disabilitare DNS su TLS."
+msgstr "Autenticazione richiesta per abilitare o disabilitare DNS su TLS."
 
 #: src/network/org.freedesktop.network1.policy:99
 #: src/resolve/org.freedesktop.resolve1.policy:110
@@ -744,7 +753,7 @@ msgstr "Abilita/disabilita DNSSEC"
 #: src/network/org.freedesktop.network1.policy:100
 #: src/resolve/org.freedesktop.resolve1.policy:111
 msgid "Authentication is required to enable or disable DNSSEC."
-msgstr "È richiesto autenticarsi per abilitare o disabilitare DNSSEC."
+msgstr "Autenticazione richiesta per abilitare o disabilitare DNSSEC."
 
 #: src/network/org.freedesktop.network1.policy:110
 #: src/resolve/org.freedesktop.resolve1.policy:121
@@ -754,7 +763,8 @@ msgstr "Configura DNSSEC Negative Trust Anchors"
 #: src/network/org.freedesktop.network1.policy:111
 #: src/resolve/org.freedesktop.resolve1.policy:122
 msgid "Authentication is required to set DNSSEC Negative Trust Anchors."
-msgstr "È richiesto autenticarsi per configurare DNSSEC Negative Trust Anchors."
+msgstr ""
+"Autenticazione richiesta per configurare DNSSEC Negative Trust Anchors."
 
 #: src/network/org.freedesktop.network1.policy:121
 msgid "Revert NTP settings"
@@ -762,7 +772,7 @@ msgstr "Ripristina configurazioni NTP"
 
 #: src/network/org.freedesktop.network1.policy:122
 msgid "Authentication is required to reset NTP settings."
-msgstr "È richiesto autenticarsi per ripristinare le configurazioni NTP."
+msgstr "Autenticazione richiesta per ripristinare le configurazioni NTP."
 
 #: src/network/org.freedesktop.network1.policy:132
 msgid "Revert DNS settings"
@@ -770,15 +780,17 @@ msgstr "Ripristina configurazioni DNS"
 
 #: src/network/org.freedesktop.network1.policy:133
 msgid "Authentication is required to reset DNS settings."
-msgstr "È richiesto autenticarsi per ripristinare le configurazioni DNS."
+msgstr "Autenticazione richiesta per ripristinare le configurazioni DNS."
 
 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr "Il server DHCP invia messaggi di rinnovo forzato"
+msgstr ""
 
 #: src/network/org.freedesktop.network1.policy:144
+#, fuzzy
+#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
-msgstr "È richiesto autenticarsi per inviare messaggi di rinnovo forzato."
+msgstr "Autenticazione richiesta per configurare un messaggio per gli utenti"
 
 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
@@ -786,7 +798,7 @@ msgstr "Rinnova indirizzi dinamici"
 
 #: src/network/org.freedesktop.network1.policy:155
 msgid "Authentication is required to renew dynamic addresses."
-msgstr "È richiesto autenticarsi per rinnovare gli indirizzi dinamici."
+msgstr "Autenticazione richiesta per rinnovare gli indirizzi dinamici."
 
 #: src/network/org.freedesktop.network1.policy:165
 msgid "Reload network settings"
@@ -794,7 +806,7 @@ msgstr "Ricarica configurazioni di rete"
 
 #: src/network/org.freedesktop.network1.policy:166
 msgid "Authentication is required to reload network settings."
-msgstr "È richiesto autenticarsi per ricaricare le configurazioni di rete."
+msgstr "Autenticazione richiesta per ricaricare le configurazioni di rete."
 
 #: src/network/org.freedesktop.network1.policy:176
 msgid "Reconfigure network interface"
@@ -802,7 +814,7 @@ msgstr "Riconfigura interfaccia di rete"
 
 #: src/network/org.freedesktop.network1.policy:177
 msgid "Authentication is required to reconfigure network interface."
-msgstr "È richiesto autenticarsi per riconfigurare l'interfaccia di rete."
+msgstr "Autenticazione richiesta per riconfigurare l'interfaccia di rete."
 
 #: src/portable/org.freedesktop.portable1.policy:13
 msgid "Inspect a portable service image"
@@ -811,7 +823,7 @@ msgstr "Ispeziona un'immagine di servizio portabile"
 #: src/portable/org.freedesktop.portable1.policy:14
 msgid "Authentication is required to inspect a portable service image."
 msgstr ""
-"È richiesto autenticarsi per ispezionare un'immagine di servizio portabile."
+"Autenticazione richiesta per ispezionare un'immagine di servizio portabile."
 
 #: src/portable/org.freedesktop.portable1.policy:23
 msgid "Attach or detach a portable service image"
@@ -821,7 +833,7 @@ msgstr "Collega o meno un'immagine di servizio portabile"
 msgid ""
 "Authentication is required to attach or detach a portable service image."
 msgstr ""
-"È richiesto autenticarsi per collegare o meno un'immagine di servizio "
+"Autenticazione richiesta per collegare o meno un'immagine di servizio "
 "portabile."
 
 #: src/portable/org.freedesktop.portable1.policy:34
@@ -832,7 +844,7 @@ msgstr "Elimina o modifica un'immagine di servizio portabile"
 msgid ""
 "Authentication is required to delete or modify a portable service image."
 msgstr ""
-"È richiesto autenticarsi per eliminare o modificare un'immagine di servizio "
+"Autenticazione richiesta per eliminare o modificare un'immagine di servizio "
 "portabile."
 
 #: src/resolve/org.freedesktop.resolve1.policy:22
@@ -841,7 +853,7 @@ msgstr "Registra un servizio DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:23
 msgid "Authentication is required to register a DNS-SD service"
-msgstr "È richiesto autenticarsi per registrare un servizio DNS-SD"
+msgstr "Autenticazione richiesta per registrare un servizio DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:33
 msgid "Unregister a DNS-SD service"
@@ -850,7 +862,7 @@ msgstr "Annulla la registrazione di un servizio DNS-SD"
 #: src/resolve/org.freedesktop.resolve1.policy:34
 msgid "Authentication is required to unregister a DNS-SD service"
 msgstr ""
-"È richiesto autenticarsi per annullare la registrazione di un servizio DNS-SD"
+"Autenticazione richiesta per annullare la registrazione di un servizio DNS-SD"
 
 #: src/resolve/org.freedesktop.resolve1.policy:132
 msgid "Revert name resolution settings"
@@ -859,95 +871,99 @@ msgstr "Ripristina le configurazioni per la risoluzione dei nomi"
 #: src/resolve/org.freedesktop.resolve1.policy:133
 msgid "Authentication is required to reset name resolution settings."
 msgstr ""
-"È richiesto autenticarsi per ripristinare le configurazioni per la "
+"Autenticazione richiesta per ripristinare le configurazioni per la "
 "risoluzione dei nomi."
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"
-msgstr "Imposta l'orario di sistema"
+msgstr "Configura l'orario di sistema"
 
 #: src/timedate/org.freedesktop.timedate1.policy:23
 msgid "Authentication is required to set the system time."
-msgstr "È richiesto autenticarsi per impostare l'orario di sistema."
+msgstr "Autenticazione richiesta per configurare l'orario di sistema."
 
 #: src/timedate/org.freedesktop.timedate1.policy:33
 msgid "Set system timezone"
-msgstr "Imposta il fuso orario di sistema"
+msgstr "Configura il fuso orario di sistema"
 
 #: src/timedate/org.freedesktop.timedate1.policy:34
 msgid "Authentication is required to set the system timezone."
-msgstr "È richiesto autenticarsi per impostare il fuso orario di sistema."
+msgstr "Autenticazione richiesta per configurare il fuso orario di sistema."
 
 #: src/timedate/org.freedesktop.timedate1.policy:43
 msgid "Set RTC to local timezone or UTC"
 msgstr ""
-"Imposta l'orologio di sistema (RTC) al fuso orario locale o al tempo civile "
-"(UTC)"
+"Configura l'orologio di sistema (RTC) al fuso orario locale o al tempo "
+"civile (UTC)"
 
 #: src/timedate/org.freedesktop.timedate1.policy:44
 msgid ""
 "Authentication is required to control whether the RTC stores the local or "
 "UTC time."
 msgstr ""
-"È richiesto autenticarsi per verificare se l'orologio di sistema (RTC) è "
+"Autenticazione richiesta per verificare se l'orologio di sistema (RTC) è "
 "configurato all'orario locale o al tempo civile (UTC)."
 
 #: src/timedate/org.freedesktop.timedate1.policy:53
 msgid "Turn network time synchronization on or off"
-msgstr "Attiva/Disattiva la sincronizzazione dell'orario in rete"
+msgstr "Abilita o meno la sincronizzazione dell'orario in rete"
 
 #: src/timedate/org.freedesktop.timedate1.policy:54
 msgid ""
 "Authentication is required to control whether network time synchronization "
 "shall be enabled."
 msgstr ""
-"È richiesto autenticarsi per verificare se la sincronizzazione dell'orario "
+"Autenticazione richiesta per verificare se la sincronizzazione dell'orario "
 "in rete deve essere attivata."
 
 #: src/core/dbus-unit.c:362
 msgid "Authentication is required to start '$(unit)'."
-msgstr "È richiesto autenticarsi per avviare «${unit}»."
+msgstr "Autenticazione richiesta per avviare '$(unit)'."
 
 #: src/core/dbus-unit.c:363
 msgid "Authentication is required to stop '$(unit)'."
-msgstr "È richiesto autenticarsi per fermare «${unit}»."
+msgstr "Autenticazione richiesta per fermare '$(unit)'."
 
 #: src/core/dbus-unit.c:364
 msgid "Authentication is required to reload '$(unit)'."
-msgstr "È richiesto autenticarsi per ricaricare «${unit}»."
+msgstr "Autenticazione richiesta per ricaricare '$(unit)'."
 
 #: src/core/dbus-unit.c:365 src/core/dbus-unit.c:366
 msgid "Authentication is required to restart '$(unit)'."
-msgstr "È richiesto autenticarsi per riavviare «${unit}»."
+msgstr "Autenticazione richiesta per riavviare '$(unit)'."
 
 #: src/core/dbus-unit.c:538
 msgid ""
 "Authentication is required to send a UNIX signal to the processes of "
 "'$(unit)'."
 msgstr ""
-"È richiesto autenticarsi per inviare un segnale UNIX ai processi di "
-"«${unit}»."
+"Autenticazione richiesta per inviare un segnale UNIX ai processi di "
+"'$(unit)'."
 
 #: src/core/dbus-unit.c:569
 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgstr ""
-"È richiesto autenticarsi per riconfigurare lo stato \"fallito\" di «${unit}»."
+"Autenticazione richiesta per riconfigurare lo stato \"fallito\" di '$(unit)'."
 
 #: src/core/dbus-unit.c:602
 msgid "Authentication is required to set properties on '$(unit)'."
-msgstr "È richiesto autenticarsi per configurare le proprietà di «${unit}»."
+msgstr "Autenticazione richiesta per configurare le proprietà di '$(unit)'."
 
 #: src/core/dbus-unit.c:711
 msgid ""
 "Authentication is required to delete files and directories associated with "
 "'$(unit)'."
 msgstr ""
-"È richiesto autenticarsi per eliminare i file e le directory associate a "
-"«${unit}»."
+"Autenticazione richiesta per eliminare i file e le directory associate a "
+"'$(unit)'."
 
 #: src/core/dbus-unit.c:760
+#, fuzzy
+#| msgid ""
+#| "Authentication is required to send a UNIX signal to the processes of "
+#| "'$(unit)'."
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
 msgstr ""
-"È richiesto autenticarsi per bloccare/sbloccare il processo dell'unità "
-"«$(unit)»."
+"Autenticazione richiesta per inviare un segnale UNIX ai processi di "
+"'$(unit)'."

po/ja.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: systemd\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-09-17 20:41+0900\n"
+"POT-Creation-Date: 2020-08-19 18:02+0200\n"
 "PO-Revision-Date: 2018-10-27 07:41+0900\n"
 "Last-Translator: Yu Watanabe <watanabe.yu+github@gmail.com>\n"
 "Language-Team: \n"
@@ -274,72 +274,62 @@ msgid ""
 msgstr "アプリケーションが液晶開閉による動作を阻害するには認証が必要です。"
 
 #: src/login/org.freedesktop.login1.policy:117
-msgid "Allow applications to inhibit system handling of the reboot key"
-msgstr "アプリケーションが再起動ボタンによる動作を阻害することを許可"
-
-#: src/login/org.freedesktop.login1.policy:118
-msgid ""
-"Authentication is required for an application to inhibit system handling of "
-"the reboot key."
-msgstr "アプリケーションが再起動ボタンによる動作を阻害するには認証が必要です。"
-
-#: src/login/org.freedesktop.login1.policy:128
 msgid "Allow non-logged-in user to run programs"
 msgstr "ログインしていないユーザがプログラムを実行することを許可"
 
-#: src/login/org.freedesktop.login1.policy:129
+#: src/login/org.freedesktop.login1.policy:118
 msgid "Explicit request is required to run programs as a non-logged-in user."
 msgstr ""
 "ログインしていないユーザがプログラムを実行するには明示的な要求が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:138
+#: src/login/org.freedesktop.login1.policy:127
 msgid "Allow non-logged-in users to run programs"
 msgstr "ログインしていないユーザがプログラムを実行することを許可"
 
-#: src/login/org.freedesktop.login1.policy:139
+#: src/login/org.freedesktop.login1.policy:128
 msgid "Authentication is required to run programs as a non-logged-in user."
 msgstr "ログインしていないユーザがプログラムを実行するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:148
+#: src/login/org.freedesktop.login1.policy:137
 msgid "Allow attaching devices to seats"
 msgstr "シートにデバイスを接続することを許可"
 
-#: src/login/org.freedesktop.login1.policy:149
+#: src/login/org.freedesktop.login1.policy:138
 msgid "Authentication is required to attach a device to a seat."
 msgstr "シートにデバイスを接続するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:159
+#: src/login/org.freedesktop.login1.policy:148
 msgid "Flush device to seat attachments"
 msgstr "デバイスのシートへの接続のリセット"
 
-#: src/login/org.freedesktop.login1.policy:160
+#: src/login/org.freedesktop.login1.policy:149
 msgid "Authentication is required to reset how devices are attached to seats."
 msgstr "デバイスのシートへの接続をリセットするには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:169
+#: src/login/org.freedesktop.login1.policy:158
 msgid "Power off the system"
 msgstr "システムの電源を切る"
 
-#: src/login/org.freedesktop.login1.policy:170
+#: src/login/org.freedesktop.login1.policy:159
 msgid "Authentication is required to power off the system."
 msgstr "システムの電源を切るには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:180
+#: src/login/org.freedesktop.login1.policy:169
 msgid "Power off the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムの電源を切る"
 
-#: src/login/org.freedesktop.login1.policy:181
+#: src/login/org.freedesktop.login1.policy:170
 msgid ""
 "Authentication is required to power off the system while other users are "
 "logged in."
 msgstr ""
 "他のユーザがログインしている状態でシステムの電源を切るには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:191
+#: src/login/org.freedesktop.login1.policy:180
 msgid "Power off the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムの電源を切る"
 
-#: src/login/org.freedesktop.login1.policy:192
+#: src/login/org.freedesktop.login1.policy:181
 msgid ""
 "Authentication is required to power off the system while an application is "
 "inhibiting this."
@@ -347,30 +337,30 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムの電源を切るには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:202
+#: src/login/org.freedesktop.login1.policy:191
 msgid "Reboot the system"
 msgstr "システムの再起動"
 
-#: src/login/org.freedesktop.login1.policy:203
+#: src/login/org.freedesktop.login1.policy:192
 msgid "Authentication is required to reboot the system."
 msgstr "システムの再起動には認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:213
+#: src/login/org.freedesktop.login1.policy:202
 msgid "Reboot the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムを再起動する"
 
-#: src/login/org.freedesktop.login1.policy:214
+#: src/login/org.freedesktop.login1.policy:203
 msgid ""
 "Authentication is required to reboot the system while other users are logged "
 "in."
 msgstr ""
 "他のユーザがログインしている状態でシステムを再起動するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:224
+#: src/login/org.freedesktop.login1.policy:213
 msgid "Reboot the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムを再起動する"
 
-#: src/login/org.freedesktop.login1.policy:225
+#: src/login/org.freedesktop.login1.policy:214
 msgid ""
 "Authentication is required to reboot the system while an application is "
 "inhibiting this."
@@ -378,49 +368,54 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムを再起動するには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:235
+#: src/login/org.freedesktop.login1.policy:224
 msgid "Halt the system"
 msgstr "システムの停止"
 
-#: src/login/org.freedesktop.login1.policy:236
+#: src/login/org.freedesktop.login1.policy:225
 msgid "Authentication is required to halt the system."
 msgstr "システムを停止するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:246
+#: src/login/org.freedesktop.login1.policy:235
 msgid "Halt the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムを停止する"
 
-#: src/login/org.freedesktop.login1.policy:247
+#: src/login/org.freedesktop.login1.policy:236
 msgid ""
 "Authentication is required to halt the system while other users are logged "
 "in."
 msgstr ""
 "他のユーザがログインしている状態でシステムを停止するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:257
+#: src/login/org.freedesktop.login1.policy:246
 msgid "Halt the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムを停止する"
 
-#: src/login/org.freedesktop.login1.policy:258
+#: src/login/org.freedesktop.login1.policy:247
+#, fuzzy
+#| msgid ""
+#| "Authentication is required to hibernate the system while an application "
+#| "is inhibiting this."
 msgid ""
 "Authentication is required to halt the system while an application is "
 "inhibiting this."
 msgstr ""
-"アプリケーションが使用されている状態でシステムを停止するには認証が必要です。"
+"アプリケーションが使用されている状態でシステムをハイバネートするには認証が必"
+"要です。"
 
-#: src/login/org.freedesktop.login1.policy:268
+#: src/login/org.freedesktop.login1.policy:257
 msgid "Suspend the system"
 msgstr "システムのサスペンド"
 
-#: src/login/org.freedesktop.login1.policy:269
+#: src/login/org.freedesktop.login1.policy:258
 msgid "Authentication is required to suspend the system."
 msgstr "システムのサスペンドには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:278
+#: src/login/org.freedesktop.login1.policy:267
 msgid "Suspend the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムをサスペンドする"
 
-#: src/login/org.freedesktop.login1.policy:279
+#: src/login/org.freedesktop.login1.policy:268
 msgid ""
 "Authentication is required to suspend the system while other users are "
 "logged in."
@@ -428,11 +423,11 @@ msgstr ""
 "他のユーザがログインしている状態でシステムをサスペンドするには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:289
+#: src/login/org.freedesktop.login1.policy:278
 msgid "Suspend the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムをサスペンドする"
 
-#: src/login/org.freedesktop.login1.policy:290
+#: src/login/org.freedesktop.login1.policy:279
 msgid ""
 "Authentication is required to suspend the system while an application is "
 "inhibiting this."
@@ -440,19 +435,19 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムをサスペンドするには認証が必要"
 "です。"
 
-#: src/login/org.freedesktop.login1.policy:300
+#: src/login/org.freedesktop.login1.policy:289
 msgid "Hibernate the system"
 msgstr "システムのハイバネート"
 
-#: src/login/org.freedesktop.login1.policy:301
+#: src/login/org.freedesktop.login1.policy:290
 msgid "Authentication is required to hibernate the system."
 msgstr "システムのハイバネートには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:310
+#: src/login/org.freedesktop.login1.policy:299
 msgid "Hibernate the system while other users are logged in"
 msgstr "他のユーザがログインしている状態でシステムをハイバネートする"
 
-#: src/login/org.freedesktop.login1.policy:311
+#: src/login/org.freedesktop.login1.policy:300
 msgid ""
 "Authentication is required to hibernate the system while other users are "
 "logged in."
@@ -460,11 +455,11 @@ msgstr ""
 "他のユーザがログインしている状態でシステムをハイバネートするには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:321
+#: src/login/org.freedesktop.login1.policy:310
 msgid "Hibernate the system while an application is inhibiting this"
 msgstr "アプリケーションが使用されている状態でシステムをハイバネートする"
 
-#: src/login/org.freedesktop.login1.policy:322
+#: src/login/org.freedesktop.login1.policy:311
 msgid ""
 "Authentication is required to hibernate the system while an application is "
 "inhibiting this."
@@ -472,36 +467,36 @@ msgstr ""
 "アプリケーションが使用されている状態でシステムをハイバネートするには認証が必"
 "要です。"
 
-#: src/login/org.freedesktop.login1.policy:332
+#: src/login/org.freedesktop.login1.policy:321
 msgid "Manage active sessions, users and seats"
 msgstr "アクティブなセッションやユーザ，シートの管理"
 
-#: src/login/org.freedesktop.login1.policy:333
+#: src/login/org.freedesktop.login1.policy:322
 msgid "Authentication is required to manage active sessions, users and seats."
 msgstr "アクティブなセッションやユーザ，シートを管理するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:342
+#: src/login/org.freedesktop.login1.policy:331
 msgid "Lock or unlock active sessions"
 msgstr "アクティブなセッションのロックもしくはアンロック"
 
-#: src/login/org.freedesktop.login1.policy:343
+#: src/login/org.freedesktop.login1.policy:332
 msgid "Authentication is required to lock or unlock active sessions."
 msgstr ""
 "アクティブなセッションをロックもしくはアンロックするには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:352
+#: src/login/org.freedesktop.login1.policy:341
 msgid "Set the reboot \"reason\" in the kernel"
 msgstr "再起動の理由を設定する"
 
-#: src/login/org.freedesktop.login1.policy:353
+#: src/login/org.freedesktop.login1.policy:342
 msgid "Authentication is required to set the reboot \"reason\" in the kernel."
 msgstr "再起動の理由を設定するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:363
+#: src/login/org.freedesktop.login1.policy:352
 msgid "Indicate to the firmware to boot to setup interface"
 msgstr "ファームウェアに「インターフェースの設定を起動」を表示させる"
 
-#: src/login/org.freedesktop.login1.policy:364
+#: src/login/org.freedesktop.login1.policy:353
 msgid ""
 "Authentication is required to indicate to the firmware to boot to setup "
 "interface."
@@ -509,11 +504,11 @@ msgstr ""
 "ファームウェアに「インターフェースの設定を起動」を表示させるには認証が必要で"
 "す。"
 
-#: src/login/org.freedesktop.login1.policy:374
+#: src/login/org.freedesktop.login1.policy:363
 msgid "Indicate to the boot loader to boot to the boot loader menu"
 msgstr "ブートローダにブートローダメニューを起動するための項目を表示させる。"
 
-#: src/login/org.freedesktop.login1.policy:375
+#: src/login/org.freedesktop.login1.policy:364
 msgid ""
 "Authentication is required to indicate to the boot loader to boot to the "
 "boot loader menu."
@@ -521,29 +516,29 @@ msgstr ""
 "ブートローダにブートローダメニューを起動するための項目を表示させるには認証が"
 "必要です。"
 
-#: src/login/org.freedesktop.login1.policy:385
+#: src/login/org.freedesktop.login1.policy:374
 msgid "Indicate to the boot loader to boot a specific entry"
 msgstr "ブートローダに特定の項目を表示させる"
 
-#: src/login/org.freedesktop.login1.policy:386
+#: src/login/org.freedesktop.login1.policy:375
 msgid ""
 "Authentication is required to indicate to the boot loader to boot into a "
 "specific boot loader entry."
 msgstr "ブートローダに特定の項目を表示させるには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:396
+#: src/login/org.freedesktop.login1.policy:385
 msgid "Set a wall message"
 msgstr "全ユーザへのメッセージの設定"
 
-#: src/login/org.freedesktop.login1.policy:397
+#: src/login/org.freedesktop.login1.policy:386
 msgid "Authentication is required to set a wall message"
 msgstr "全ユーザへのメッセージを設定するには認証が必要です。"
 
-#: src/login/org.freedesktop.login1.policy:406
+#: src/login/org.freedesktop.login1.policy:395
 msgid "Change Session"
 msgstr "セッションの変更"
 
-#: src/login/org.freedesktop.login1.policy:407
+#: src/login/org.freedesktop.login1.policy:396
 msgid "Authentication is required to change the virtual terminal."
 msgstr "仮想ターミナルを変更するには認証が必要です。"
 
@@ -721,11 +716,13 @@ msgstr "DNSの設定を破棄するには認証が必要です。"
 
 #: src/network/org.freedesktop.network1.policy:143
 msgid "DHCP server sends force renew message"
-msgstr "DHCPサーバが強制的にIPアドレスを更新する"
+msgstr ""
 
 #: src/network/org.freedesktop.network1.policy:144
+#, fuzzy
+#| msgid "Authentication is required to set a wall message"
 msgid "Authentication is required to send force renew message."
-msgstr "DHCPサーバが強制的なIPアドレス更新を行うには認証が必要です。"
+msgstr "全ユーザへのメッセージを設定するには認証が必要です。"
 
 #: src/network/org.freedesktop.network1.policy:154
 msgid "Renew dynamic addresses"
@@ -839,44 +836,55 @@ msgid ""
 "shall be enabled."
 msgstr "ネットワーク経由の時刻同期を有効もしくは無効にするには認証が必要です。"
 
-#: src/core/dbus-unit.c:359
+#: src/core/dbus-unit.c:362
 msgid "Authentication is required to start '$(unit)'."
 msgstr "'$(unit)'を開始するには認証が必要です。"
 
-#: src/core/dbus-unit.c:360
+#: src/core/dbus-unit.c:363
 msgid "Authentication is required to stop '$(unit)'."
 msgstr "'$(unit)'を停止するには認証が必要です。"
 
-#: src/core/dbus-unit.c:361
+#: src/core/dbus-unit.c:364
 msgid "Authentication is required to reload '$(unit)'."
 msgstr "'$(unit)'を再読込するには認証が必要です。"
 
-#: src/core/dbus-unit.c:362 src/core/dbus-unit.c:363
+#: src/core/dbus-unit.c:365 src/core/dbus-unit.c:366
 msgid "Authentication is required to restart '$(unit)'."
 msgstr "'$(unit)'を再起動するには認証が必要です。"
 
-#: src/core/dbus-unit.c:535
+#: src/core/dbus-unit.c:538
 msgid ""
 "Authentication is required to send a UNIX signal to the processes of "
 "'$(unit)'."
 msgstr "'$(unit)'のプロセスにUNIXシグナルを送るには認証が必要です。"
 
-#: src/core/dbus-unit.c:566
+#: src/core/dbus-unit.c:569
 msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
 msgstr "'$(unit)'の「失敗」状態をリセットするには認証が必要です。"
 
-#: src/core/dbus-unit.c:599
+#: src/core/dbus-unit.c:602
 msgid "Authentication is required to set properties on '$(unit)'."
 msgstr "'$(unit)'のプロパティを設定するには認証が必要です。"
 
-#: src/core/dbus-unit.c:708
+#: src/core/dbus-unit.c:711
 msgid ""
 "Authentication is required to delete files and directories associated with "
 "'$(unit)'."
 msgstr ""
 "'$(unit)'に関連付けられたファイルやディレクトリの削除には認証が必要です。"
 
-#: src/core/dbus-unit.c:757
+#: src/core/dbus-unit.c:760
+#, fuzzy
+#| msgid ""
+#| "Authentication is required to send a UNIX signal to the processes of "
+#| "'$(unit)'."
 msgid ""
 "Authentication is required to freeze or thaw the processes of '$(unit)' unit."
-msgstr "'$(unit)'のプロセスを凍結もしくは凍結解除するには認証が必要です。"
+msgstr "'$(unit)'のプロセスにUNIXシグナルを送るには認証が必要です。"
+
+#~ msgid ""
+#~ "Authentication is required to halt the system while an application asked "
+#~ "to inhibit it."
+#~ msgstr ""
+#~ "アプリケーションが使用されている状態でシステムを停止するには認証が必要で"
+#~ "す。"

src/basic/linux/btrfs.h

@@ -36,22 +36,17 @@ struct btrfs_ioctl_vol_args {
 #define BTRFS_DEVICE_PATH_NAME_MAX	1024
 #define BTRFS_SUBVOL_NAME_MAX 		4039
 
-#ifndef __KERNEL__
-/* Deprecated since 5.7 */
-# define BTRFS_SUBVOL_CREATE_ASYNC	(1ULL << 0)
-#endif
+#define BTRFS_SUBVOL_CREATE_ASYNC	(1ULL << 0)
 #define BTRFS_SUBVOL_RDONLY		(1ULL << 1)
 #define BTRFS_SUBVOL_QGROUP_INHERIT	(1ULL << 2)
 
 #define BTRFS_DEVICE_SPEC_BY_ID		(1ULL << 3)
 
-#define BTRFS_SUBVOL_SPEC_BY_ID	(1ULL << 4)
-
 #define BTRFS_VOL_ARG_V2_FLAGS_SUPPORTED		\
-			(BTRFS_SUBVOL_RDONLY |		\
+			(BTRFS_SUBVOL_CREATE_ASYNC |	\
+			BTRFS_SUBVOL_RDONLY |		\
 			BTRFS_SUBVOL_QGROUP_INHERIT |	\
-			BTRFS_DEVICE_SPEC_BY_ID |	\
-			BTRFS_SUBVOL_SPEC_BY_ID)
+			BTRFS_DEVICE_SPEC_BY_ID)
 
 #define BTRFS_FSID_SIZE 16
 #define BTRFS_UUID_SIZE 16
@@ -102,29 +97,16 @@ struct btrfs_ioctl_qgroup_limit_args {
 };
 
 /*
- * Arguments for specification of subvolumes or devices, supporting by-name or
- * by-id and flags
+ * flags for subvolumes
  *
- * The set of supported flags depends on the ioctl
+ * Used by:
+ * struct btrfs_ioctl_vol_args_v2.flags
  *
  * BTRFS_SUBVOL_RDONLY is also provided/consumed by the following ioctls:
  * - BTRFS_IOC_SUBVOL_GETFLAGS
  * - BTRFS_IOC_SUBVOL_SETFLAGS
  */
 
-/* Supported flags for BTRFS_IOC_RM_DEV_V2 */
-#define BTRFS_DEVICE_REMOVE_ARGS_MASK					\
-	(BTRFS_DEVICE_SPEC_BY_ID)
-
-/* Supported flags for BTRFS_IOC_SNAP_CREATE_V2 and BTRFS_IOC_SUBVOL_CREATE_V2 */
-#define BTRFS_SUBVOL_CREATE_ARGS_MASK					\
-	 (BTRFS_SUBVOL_RDONLY |						\
-	 BTRFS_SUBVOL_QGROUP_INHERIT)
-
-/* Supported flags for BTRFS_IOC_SNAP_DESTROY_V2 */
-#define BTRFS_SUBVOL_DELETE_ARGS_MASK					\
-	(BTRFS_SUBVOL_SPEC_BY_ID)
-
 struct btrfs_ioctl_vol_args_v2 {
 	__s64 fd;
 	__u64 transid;
@@ -139,7 +121,6 @@ struct btrfs_ioctl_vol_args_v2 {
 	union {
 		char name[BTRFS_SUBVOL_NAME_MAX + 1];
 		__u64 devid;
-		__u64 subvolid;
 	};
 };
 
@@ -243,18 +224,6 @@ struct btrfs_ioctl_dev_info_args {
 	__u8 path[BTRFS_DEVICE_PATH_NAME_MAX];	/* out */
 };
 
-/*
- * Retrieve information about the filesystem
- */
-
-/* Request information about checksum type and size */
-#define BTRFS_FS_INFO_FLAG_CSUM_INFO			(1 << 0)
-
-/* Request information about filesystem generation */
-#define BTRFS_FS_INFO_FLAG_GENERATION			(1 << 1)
-/* Request information about filesystem metadata UUID */
-#define BTRFS_FS_INFO_FLAG_METADATA_UUID		(1 << 2)
-
 struct btrfs_ioctl_fs_info_args {
 	__u64 max_id;				/* out */
 	__u64 num_devices;			/* out */
@@ -262,13 +231,8 @@ struct btrfs_ioctl_fs_info_args {
 	__u32 nodesize;				/* out */
 	__u32 sectorsize;			/* out */
 	__u32 clone_alignment;			/* out */
-	/* See BTRFS_FS_INFO_FLAG_* */
-	__u16 csum_type;			/* out */
-	__u16 csum_size;			/* out */
-	__u64 flags;				/* in/out */
-	__u64 generation;			/* out */
-	__u8 metadata_uuid[BTRFS_FSID_SIZE];	/* out */
-	__u8 reserved[944];			/* pad to 1k */
+	__u32 reserved32;
+	__u64 reserved[122];			/* pad to 1k */
 };
 
 /*
@@ -985,7 +949,5 @@ enum btrfs_err_code {
 				struct btrfs_ioctl_get_subvol_rootref_args)
 #define BTRFS_IOC_INO_LOOKUP_USER _IOWR(BTRFS_IOCTL_MAGIC, 62, \
 				struct btrfs_ioctl_ino_lookup_user_args)
-#define BTRFS_IOC_SNAP_DESTROY_V2 _IOW(BTRFS_IOCTL_MAGIC, 63, \
-				struct btrfs_ioctl_vol_args_v2)
 
 #endif /* _UAPI_LINUX_BTRFS_H */

src/basic/linux/btrfs_tree.h

@@ -519,6 +519,15 @@ struct btrfs_extent_inline_ref {
 	__le64 offset;
 } __attribute__ ((__packed__));
 
+/* old style backrefs item */
+struct btrfs_extent_ref_v0 {
+	__le64 root;
+	__le64 generation;
+	__le64 objectid;
+	__le32 count;
+} __attribute__ ((__packed__));
+
+
 /* dev extents record free space on individual devices.  The owner
  * field points back to the chunk allocation mapping tree that allocated
  * the extent.  The chunk tree uuid field is a way to double check the owner
@@ -913,9 +922,9 @@ struct btrfs_free_space_info {
 #define BTRFS_FREE_SPACE_USING_BITMAPS (1ULL << 0)
 
 #define BTRFS_QGROUP_LEVEL_SHIFT		48
-static inline __u16 btrfs_qgroup_level(__u64 qgroupid)
+static inline __u64 btrfs_qgroup_level(__u64 qgroupid)
 {
-	return (__u16)(qgroupid >> BTRFS_QGROUP_LEVEL_SHIFT);
+	return qgroupid >> BTRFS_QGROUP_LEVEL_SHIFT;
 }
 
 /*

src/basic/linux/if.h

@@ -177,7 +177,6 @@ enum {
 enum {
 	IF_LINK_MODE_DEFAULT,
 	IF_LINK_MODE_DORMANT,	/* limit upward transition to dormant */
-	IF_LINK_MODE_TESTING,	/* limit upward transition to testing */
 };
 
 /*

src/basic/linux/if_bridge.h

@@ -120,7 +120,6 @@ enum {
 	IFLA_BRIDGE_MODE,
 	IFLA_BRIDGE_VLAN_INFO,
 	IFLA_BRIDGE_VLAN_TUNNEL_INFO,
-	IFLA_BRIDGE_MRP,
 	__IFLA_BRIDGE_MAX,
 };
 #define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
@@ -158,176 +157,6 @@ struct bridge_vlan_xstats {
 	__u32 pad2;
 };
 
-enum {
-	IFLA_BRIDGE_MRP_UNSPEC,
-	IFLA_BRIDGE_MRP_INSTANCE,
-	IFLA_BRIDGE_MRP_PORT_STATE,
-	IFLA_BRIDGE_MRP_PORT_ROLE,
-	IFLA_BRIDGE_MRP_RING_STATE,
-	IFLA_BRIDGE_MRP_RING_ROLE,
-	IFLA_BRIDGE_MRP_START_TEST,
-	IFLA_BRIDGE_MRP_INFO,
-	IFLA_BRIDGE_MRP_IN_ROLE,
-	IFLA_BRIDGE_MRP_IN_STATE,
-	IFLA_BRIDGE_MRP_START_IN_TEST,
-	__IFLA_BRIDGE_MRP_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_MAX (__IFLA_BRIDGE_MRP_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_INSTANCE_UNSPEC,
-	IFLA_BRIDGE_MRP_INSTANCE_RING_ID,
-	IFLA_BRIDGE_MRP_INSTANCE_P_IFINDEX,
-	IFLA_BRIDGE_MRP_INSTANCE_S_IFINDEX,
-	IFLA_BRIDGE_MRP_INSTANCE_PRIO,
-	__IFLA_BRIDGE_MRP_INSTANCE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_INSTANCE_MAX (__IFLA_BRIDGE_MRP_INSTANCE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_PORT_STATE_UNSPEC,
-	IFLA_BRIDGE_MRP_PORT_STATE_STATE,
-	__IFLA_BRIDGE_MRP_PORT_STATE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_PORT_STATE_MAX (__IFLA_BRIDGE_MRP_PORT_STATE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_PORT_ROLE_UNSPEC,
-	IFLA_BRIDGE_MRP_PORT_ROLE_ROLE,
-	__IFLA_BRIDGE_MRP_PORT_ROLE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_PORT_ROLE_MAX (__IFLA_BRIDGE_MRP_PORT_ROLE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_RING_STATE_UNSPEC,
-	IFLA_BRIDGE_MRP_RING_STATE_RING_ID,
-	IFLA_BRIDGE_MRP_RING_STATE_STATE,
-	__IFLA_BRIDGE_MRP_RING_STATE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_RING_STATE_MAX (__IFLA_BRIDGE_MRP_RING_STATE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_RING_ROLE_UNSPEC,
-	IFLA_BRIDGE_MRP_RING_ROLE_RING_ID,
-	IFLA_BRIDGE_MRP_RING_ROLE_ROLE,
-	__IFLA_BRIDGE_MRP_RING_ROLE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_RING_ROLE_MAX (__IFLA_BRIDGE_MRP_RING_ROLE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_START_TEST_UNSPEC,
-	IFLA_BRIDGE_MRP_START_TEST_RING_ID,
-	IFLA_BRIDGE_MRP_START_TEST_INTERVAL,
-	IFLA_BRIDGE_MRP_START_TEST_MAX_MISS,
-	IFLA_BRIDGE_MRP_START_TEST_PERIOD,
-	IFLA_BRIDGE_MRP_START_TEST_MONITOR,
-	__IFLA_BRIDGE_MRP_START_TEST_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_START_TEST_MAX (__IFLA_BRIDGE_MRP_START_TEST_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_INFO_UNSPEC,
-	IFLA_BRIDGE_MRP_INFO_RING_ID,
-	IFLA_BRIDGE_MRP_INFO_P_IFINDEX,
-	IFLA_BRIDGE_MRP_INFO_S_IFINDEX,
-	IFLA_BRIDGE_MRP_INFO_PRIO,
-	IFLA_BRIDGE_MRP_INFO_RING_STATE,
-	IFLA_BRIDGE_MRP_INFO_RING_ROLE,
-	IFLA_BRIDGE_MRP_INFO_TEST_INTERVAL,
-	IFLA_BRIDGE_MRP_INFO_TEST_MAX_MISS,
-	IFLA_BRIDGE_MRP_INFO_TEST_MONITOR,
-	IFLA_BRIDGE_MRP_INFO_I_IFINDEX,
-	IFLA_BRIDGE_MRP_INFO_IN_STATE,
-	IFLA_BRIDGE_MRP_INFO_IN_ROLE,
-	IFLA_BRIDGE_MRP_INFO_IN_TEST_INTERVAL,
-	IFLA_BRIDGE_MRP_INFO_IN_TEST_MAX_MISS,
-	__IFLA_BRIDGE_MRP_INFO_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_INFO_MAX (__IFLA_BRIDGE_MRP_INFO_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_IN_STATE_UNSPEC,
-	IFLA_BRIDGE_MRP_IN_STATE_IN_ID,
-	IFLA_BRIDGE_MRP_IN_STATE_STATE,
-	__IFLA_BRIDGE_MRP_IN_STATE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_IN_STATE_MAX (__IFLA_BRIDGE_MRP_IN_STATE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_IN_ROLE_UNSPEC,
-	IFLA_BRIDGE_MRP_IN_ROLE_RING_ID,
-	IFLA_BRIDGE_MRP_IN_ROLE_IN_ID,
-	IFLA_BRIDGE_MRP_IN_ROLE_ROLE,
-	IFLA_BRIDGE_MRP_IN_ROLE_I_IFINDEX,
-	__IFLA_BRIDGE_MRP_IN_ROLE_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_IN_ROLE_MAX (__IFLA_BRIDGE_MRP_IN_ROLE_MAX - 1)
-
-enum {
-	IFLA_BRIDGE_MRP_START_IN_TEST_UNSPEC,
-	IFLA_BRIDGE_MRP_START_IN_TEST_IN_ID,
-	IFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL,
-	IFLA_BRIDGE_MRP_START_IN_TEST_MAX_MISS,
-	IFLA_BRIDGE_MRP_START_IN_TEST_PERIOD,
-	__IFLA_BRIDGE_MRP_START_IN_TEST_MAX,
-};
-
-#define IFLA_BRIDGE_MRP_START_IN_TEST_MAX (__IFLA_BRIDGE_MRP_START_IN_TEST_MAX - 1)
-
-struct br_mrp_instance {
-	__u32 ring_id;
-	__u32 p_ifindex;
-	__u32 s_ifindex;
-	__u16 prio;
-};
-
-struct br_mrp_ring_state {
-	__u32 ring_id;
-	__u32 ring_state;
-};
-
-struct br_mrp_ring_role {
-	__u32 ring_id;
-	__u32 ring_role;
-};
-
-struct br_mrp_start_test {
-	__u32 ring_id;
-	__u32 interval;
-	__u32 max_miss;
-	__u32 period;
-	__u32 monitor;
-};
-
-struct br_mrp_in_state {
-	__u32 in_state;
-	__u16 in_id;
-};
-
-struct br_mrp_in_role {
-	__u32 ring_id;
-	__u32 in_role;
-	__u32 i_ifindex;
-	__u16 in_id;
-};
-
-struct br_mrp_start_in_test {
-	__u32 interval;
-	__u32 max_miss;
-	__u32 period;
-	__u16 in_id;
-};
-
 struct bridge_stp_xstats {
 	__u64 transition_blk;
 	__u64 transition_fwd;
@@ -345,16 +174,6 @@ struct br_vlan_msg {
 	__u32 ifindex;
 };
 
-enum {
-	BRIDGE_VLANDB_DUMP_UNSPEC,
-	BRIDGE_VLANDB_DUMP_FLAGS,
-	__BRIDGE_VLANDB_DUMP_MAX,
-};
-#define BRIDGE_VLANDB_DUMP_MAX (__BRIDGE_VLANDB_DUMP_MAX - 1)
-
-/* flags used in BRIDGE_VLANDB_DUMP_FLAGS attribute to affect dumps */
-#define BRIDGE_VLANDB_DUMPF_STATS	(1 << 0) /* Include stats in the dump */
-
 /* Bridge vlan RTM attributes
  * [BRIDGE_VLANDB_ENTRY] = {
  *     [BRIDGE_VLANDB_ENTRY_INFO]
@@ -373,46 +192,10 @@ enum {
 	BRIDGE_VLANDB_ENTRY_INFO,
 	BRIDGE_VLANDB_ENTRY_RANGE,
 	BRIDGE_VLANDB_ENTRY_STATE,
-	BRIDGE_VLANDB_ENTRY_TUNNEL_INFO,
-	BRIDGE_VLANDB_ENTRY_STATS,
 	__BRIDGE_VLANDB_ENTRY_MAX,
 };
 #define BRIDGE_VLANDB_ENTRY_MAX (__BRIDGE_VLANDB_ENTRY_MAX - 1)
 
-/* [BRIDGE_VLANDB_ENTRY] = {
- *     [BRIDGE_VLANDB_ENTRY_TUNNEL_INFO] = {
- *         [BRIDGE_VLANDB_TINFO_ID]
- *         ...
- *     }
- * }
- */
-enum {
-	BRIDGE_VLANDB_TINFO_UNSPEC,
-	BRIDGE_VLANDB_TINFO_ID,
-	BRIDGE_VLANDB_TINFO_CMD,
-	__BRIDGE_VLANDB_TINFO_MAX,
-};
-#define BRIDGE_VLANDB_TINFO_MAX (__BRIDGE_VLANDB_TINFO_MAX - 1)
-
-/* [BRIDGE_VLANDB_ENTRY] = {
- *     [BRIDGE_VLANDB_ENTRY_STATS] = {
- *         [BRIDGE_VLANDB_STATS_RX_BYTES]
- *         ...
- *     }
- *     ...
- * }
- */
-enum {
-	BRIDGE_VLANDB_STATS_UNSPEC,
-	BRIDGE_VLANDB_STATS_RX_BYTES,
-	BRIDGE_VLANDB_STATS_RX_PACKETS,
-	BRIDGE_VLANDB_STATS_TX_BYTES,
-	BRIDGE_VLANDB_STATS_TX_PACKETS,
-	BRIDGE_VLANDB_STATS_PAD,
-	__BRIDGE_VLANDB_STATS_MAX,
-};
-#define BRIDGE_VLANDB_STATS_MAX (__BRIDGE_VLANDB_STATS_MAX - 1)
-
 /* Bridge multicast database attributes
  * [MDBA_MDB] = {
  *     [MDBA_MDB_ENTRY] = {

src/basic/linux/if_ether.h

@@ -92,7 +92,6 @@
 #define ETH_P_PREAUTH	0x88C7		/* 802.11 Preauthentication */
 #define ETH_P_TIPC	0x88CA		/* TIPC 			*/
 #define ETH_P_LLDP	0x88CC		/* Link Layer Discovery Protocol */
-#define ETH_P_MRP	0x88E3		/* Media Redundancy Protocol	*/
 #define ETH_P_MACSEC	0x88E5		/* 802.1ae MACsec */
 #define ETH_P_8021AH	0x88E7          /* 802.1ah Backbone Service Tag */
 #define ETH_P_MVRP	0x88F5          /* 802.1Q MVRP                  */

src/basic/linux/if_link.h

@@ -170,22 +170,12 @@ enum {
 	IFLA_PROP_LIST,
 	IFLA_ALT_IFNAME, /* Alternative ifname */
 	IFLA_PERM_ADDRESS,
-	IFLA_PROTO_DOWN_REASON,
 	__IFLA_MAX
 };
 
 
 #define IFLA_MAX (__IFLA_MAX - 1)
 
-enum {
-	IFLA_PROTO_DOWN_REASON_UNSPEC,
-	IFLA_PROTO_DOWN_REASON_MASK,	/* u32, mask for reason bits */
-	IFLA_PROTO_DOWN_REASON_VALUE,   /* u32, reason bit value */
-
-	__IFLA_PROTO_DOWN_REASON_CNT,
-	IFLA_PROTO_DOWN_REASON_MAX = __IFLA_PROTO_DOWN_REASON_CNT - 1
-};
-
 /* backwards compatibility for userspace */
 #ifndef __KERNEL__
 #define IFLA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
@@ -353,8 +343,6 @@ enum {
 	IFLA_BRPORT_NEIGH_SUPPRESS,
 	IFLA_BRPORT_ISOLATED,
 	IFLA_BRPORT_BACKUP_PORT,
-	IFLA_BRPORT_MRP_RING_OPEN,
-	IFLA_BRPORT_MRP_IN_OPEN,
 	__IFLA_BRPORT_MAX
 };
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
@@ -475,7 +463,6 @@ enum {
 	IFLA_MACSEC_REPLAY_PROTECT,
 	IFLA_MACSEC_VALIDATION,
 	IFLA_MACSEC_PAD,
-	IFLA_MACSEC_OFFLOAD,
 	__IFLA_MACSEC_MAX,
 };
 
@@ -502,7 +489,6 @@ enum macsec_validation_type {
 enum macsec_offload {
 	MACSEC_OFFLOAD_OFF = 0,
 	MACSEC_OFFLOAD_PHY = 1,
-	MACSEC_OFFLOAD_MAC = 2,
 	__MACSEC_OFFLOAD_END,
 	MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
 };
@@ -604,18 +590,6 @@ enum ifla_geneve_df {
 	GENEVE_DF_MAX = __GENEVE_DF_END - 1,
 };
 
-/* Bareudp section  */
-enum {
-	IFLA_BAREUDP_UNSPEC,
-	IFLA_BAREUDP_PORT,
-	IFLA_BAREUDP_ETHERTYPE,
-	IFLA_BAREUDP_SRCPORT_MIN,
-	IFLA_BAREUDP_MULTIPROTO_MODE,
-	__IFLA_BAREUDP_MAX
-};
-
-#define IFLA_BAREUDP_MAX (__IFLA_BAREUDP_MAX - 1)
-
 /* PPP section */
 enum {
 	IFLA_PPP_UNSPEC,
@@ -917,14 +891,7 @@ enum {
 #define IFLA_IPOIB_MAX (__IFLA_IPOIB_MAX - 1)
 
 
-/* HSR/PRP section, both uses same interface */
-
-/* Different redundancy protocols for hsr device */
-enum {
-	HSR_PROTOCOL_HSR,
-	HSR_PROTOCOL_PRP,
-	HSR_PROTOCOL_MAX,
-};
+/* HSR section */
 
 enum {
 	IFLA_HSR_UNSPEC,
@@ -934,9 +901,6 @@ enum {
 	IFLA_HSR_SUPERVISION_ADDR,	/* Supervision frame multicast addr */
 	IFLA_HSR_SEQ_NR,
 	IFLA_HSR_VERSION,		/* HSR version */
-	IFLA_HSR_PROTOCOL,		/* Indicate different protocol than
-					 * HSR. For example PRP.
-					 */
 	__IFLA_HSR_MAX,
 };
 
@@ -996,12 +960,11 @@ enum {
 #define XDP_FLAGS_SKB_MODE		(1U << 1)
 #define XDP_FLAGS_DRV_MODE		(1U << 2)
 #define XDP_FLAGS_HW_MODE		(1U << 3)
-#define XDP_FLAGS_REPLACE		(1U << 4)
 #define XDP_FLAGS_MODES			(XDP_FLAGS_SKB_MODE | \
 					 XDP_FLAGS_DRV_MODE | \
 					 XDP_FLAGS_HW_MODE)
 #define XDP_FLAGS_MASK			(XDP_FLAGS_UPDATE_IF_NOEXIST | \
-					 XDP_FLAGS_MODES | XDP_FLAGS_REPLACE)
+					 XDP_FLAGS_MODES)
 
 /* These are stored into IFLA_XDP_ATTACHED on dump. */
 enum {
@@ -1021,7 +984,6 @@ enum {
 	IFLA_XDP_DRV_PROG_ID,
 	IFLA_XDP_SKB_PROG_ID,
 	IFLA_XDP_HW_PROG_ID,
-	IFLA_XDP_EXPECTED_FD,
 	__IFLA_XDP_MAX,
 };
 

src/basic/linux/if_macsec.h

@@ -22,11 +22,9 @@
 
 #define MACSEC_KEYID_LEN 16
 
-/* cipher IDs as per IEEE802.1AE-2018 (Table 14-1) */
+/* cipher IDs as per IEEE802.1AEbn-2011 */
 #define MACSEC_CIPHER_ID_GCM_AES_128 0x0080C20001000001ULL
 #define MACSEC_CIPHER_ID_GCM_AES_256 0x0080C20001000002ULL
-#define MACSEC_CIPHER_ID_GCM_AES_XPN_128 0x0080C20001000003ULL
-#define MACSEC_CIPHER_ID_GCM_AES_XPN_256 0x0080C20001000004ULL
 
 /* deprecated cipher ID for GCM-AES-128 */
 #define MACSEC_DEFAULT_CIPHER_ID     0x0080020001000001ULL
@@ -90,13 +88,11 @@ enum macsec_sa_attrs {
 	MACSEC_SA_ATTR_UNSPEC,
 	MACSEC_SA_ATTR_AN,     /* config/dump, u8 0..3 */
 	MACSEC_SA_ATTR_ACTIVE, /* config/dump, u8 0..1 */
-	MACSEC_SA_ATTR_PN,     /* config/dump, u32/u64 (u64 if XPN) */
+	MACSEC_SA_ATTR_PN,     /* config/dump, u32 */
 	MACSEC_SA_ATTR_KEY,    /* config, data */
 	MACSEC_SA_ATTR_KEYID,  /* config/dump, 128-bit */
 	MACSEC_SA_ATTR_STATS,  /* dump, nested, macsec_sa_stats_attr */
 	MACSEC_SA_ATTR_PAD,
-	MACSEC_SA_ATTR_SSCI,   /* config/dump, u32 - XPN only */
-	MACSEC_SA_ATTR_SALT,   /* config, 96-bit - XPN only */
 	__MACSEC_SA_ATTR_END,
 	NUM_MACSEC_SA_ATTR = __MACSEC_SA_ATTR_END,
 	MACSEC_SA_ATTR_MAX = __MACSEC_SA_ATTR_END - 1,

src/basic/linux/in.h

@@ -74,8 +74,6 @@ enum {
 #define IPPROTO_UDPLITE		IPPROTO_UDPLITE
   IPPROTO_MPLS = 137,		/* MPLS in IP (RFC 4023)		*/
 #define IPPROTO_MPLS		IPPROTO_MPLS
-  IPPROTO_ETHERNET = 143,	/* Ethernet-within-IPv6 Encapsulation	*/
-#define IPPROTO_ETHERNET	IPPROTO_ETHERNET
   IPPROTO_RAW = 255,		/* Raw IP packets			*/
 #define IPPROTO_RAW		IPPROTO_RAW
   IPPROTO_MPTCP = 262,		/* Multipath TCP connection		*/
@@ -123,7 +121,6 @@ struct in_addr {
 #define IP_CHECKSUM	23
 #define IP_BIND_ADDRESS_NO_PORT	24
 #define IP_RECVFRAGSIZE	25
-#define IP_RECVERR_RFC4884	26
 
 /* IP_MTU_DISCOVER values */
 #define IP_PMTUDISC_DONT		0	/* Never send DF frames */
@@ -135,7 +132,7 @@ struct in_addr {
  * this socket to prevent accepting spoofed ones.
  */
 #define IP_PMTUDISC_INTERFACE		4
-/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
+/* weaker version of IP_PMTUDISC_INTERFACE, which allos packets to get
  * fragmented if they exeed the interface mtu
  */
 #define IP_PMTUDISC_OMIT		5

src/basic/linux/in6.h

@@ -179,7 +179,6 @@ struct in6_flowlabel_req {
 #define IPV6_LEAVE_ANYCAST	28
 #define IPV6_MULTICAST_ALL	29
 #define IPV6_ROUTER_ALERT_ISOLATE	30
-#define IPV6_RECVERR_RFC4884	31
 
 /* IPV6_MTU_DISCOVER values */
 #define IPV6_PMTUDISC_DONT		0

src/basic/linux/netlink.h

@@ -249,107 +249,4 @@ struct nla_bitfield32 {
 	__u32 selector;
 };
 
-/*
- * policy descriptions - it's specific to each family how this is used
- * Normally, it should be retrieved via a dump inside another attribute
- * specifying where it applies.
- */
-
-/**
- * enum netlink_attribute_type - type of an attribute
- * @NL_ATTR_TYPE_INVALID: unused
- * @NL_ATTR_TYPE_FLAG: flag attribute (present/not present)
- * @NL_ATTR_TYPE_U8: 8-bit unsigned attribute
- * @NL_ATTR_TYPE_U16: 16-bit unsigned attribute
- * @NL_ATTR_TYPE_U32: 32-bit unsigned attribute
- * @NL_ATTR_TYPE_U64: 64-bit unsigned attribute
- * @NL_ATTR_TYPE_S8: 8-bit signed attribute
- * @NL_ATTR_TYPE_S16: 16-bit signed attribute
- * @NL_ATTR_TYPE_S32: 32-bit signed attribute
- * @NL_ATTR_TYPE_S64: 64-bit signed attribute
- * @NL_ATTR_TYPE_BINARY: binary data, min/max length may be specified
- * @NL_ATTR_TYPE_STRING: string, min/max length may be specified
- * @NL_ATTR_TYPE_NUL_STRING: NUL-terminated string,
- *	min/max length may be specified
- * @NL_ATTR_TYPE_NESTED: nested, i.e. the content of this attribute
- *	consists of sub-attributes. The nested policy and maxtype
- *	inside may be specified.
- * @NL_ATTR_TYPE_NESTED_ARRAY: nested array, i.e. the content of this
- *	attribute contains sub-attributes whose type is irrelevant
- *	(just used to separate the array entries) and each such array
- *	entry has attributes again, the policy for those inner ones
- *	and the corresponding maxtype may be specified.
- * @NL_ATTR_TYPE_BITFIELD32: &struct nla_bitfield32 attribute
- */
-enum netlink_attribute_type {
-	NL_ATTR_TYPE_INVALID,
-
-	NL_ATTR_TYPE_FLAG,
-
-	NL_ATTR_TYPE_U8,
-	NL_ATTR_TYPE_U16,
-	NL_ATTR_TYPE_U32,
-	NL_ATTR_TYPE_U64,
-
-	NL_ATTR_TYPE_S8,
-	NL_ATTR_TYPE_S16,
-	NL_ATTR_TYPE_S32,
-	NL_ATTR_TYPE_S64,
-
-	NL_ATTR_TYPE_BINARY,
-	NL_ATTR_TYPE_STRING,
-	NL_ATTR_TYPE_NUL_STRING,
-
-	NL_ATTR_TYPE_NESTED,
-	NL_ATTR_TYPE_NESTED_ARRAY,
-
-	NL_ATTR_TYPE_BITFIELD32,
-};
-
-/**
- * enum netlink_policy_type_attr - policy type attributes
- * @NL_POLICY_TYPE_ATTR_UNSPEC: unused
- * @NL_POLICY_TYPE_ATTR_TYPE: type of the attribute,
- *	&enum netlink_attribute_type (U32)
- * @NL_POLICY_TYPE_ATTR_MIN_VALUE_S: minimum value for signed
- *	integers (S64)
- * @NL_POLICY_TYPE_ATTR_MAX_VALUE_S: maximum value for signed
- *	integers (S64)
- * @NL_POLICY_TYPE_ATTR_MIN_VALUE_U: minimum value for unsigned
- *	integers (U64)
- * @NL_POLICY_TYPE_ATTR_MAX_VALUE_U: maximum value for unsigned
- *	integers (U64)
- * @NL_POLICY_TYPE_ATTR_MIN_LENGTH: minimum length for binary
- *	attributes, no minimum if not given (U32)
- * @NL_POLICY_TYPE_ATTR_MAX_LENGTH: maximum length for binary
- *	attributes, no maximum if not given (U32)
- * @NL_POLICY_TYPE_ATTR_POLICY_IDX: sub policy for nested and
- *	nested array types (U32)
- * @NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE: maximum sub policy
- *	attribute for nested and nested array types, this can
- *	in theory be < the size of the policy pointed to by
- *	the index, if limited inside the nesting (U32)
- * @NL_POLICY_TYPE_ATTR_BITFIELD32_MASK: valid mask for the
- *	bitfield32 type (U32)
- * @NL_POLICY_TYPE_ATTR_PAD: pad attribute for 64-bit alignment
- */
-enum netlink_policy_type_attr {
-	NL_POLICY_TYPE_ATTR_UNSPEC,
-	NL_POLICY_TYPE_ATTR_TYPE,
-	NL_POLICY_TYPE_ATTR_MIN_VALUE_S,
-	NL_POLICY_TYPE_ATTR_MAX_VALUE_S,
-	NL_POLICY_TYPE_ATTR_MIN_VALUE_U,
-	NL_POLICY_TYPE_ATTR_MAX_VALUE_U,
-	NL_POLICY_TYPE_ATTR_MIN_LENGTH,
-	NL_POLICY_TYPE_ATTR_MAX_LENGTH,
-	NL_POLICY_TYPE_ATTR_POLICY_IDX,
-	NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE,
-	NL_POLICY_TYPE_ATTR_BITFIELD32_MASK,
-	NL_POLICY_TYPE_ATTR_PAD,
-
-	/* keep last */
-	__NL_POLICY_TYPE_ATTR_MAX,
-	NL_POLICY_TYPE_ATTR_MAX = __NL_POLICY_TYPE_ATTR_MAX - 1
-};
-
 #endif /* _UAPI__LINUX_NETLINK_H */

src/basic/linux/nexthop.h

@@ -49,9 +49,6 @@ enum {
 	NHA_GROUPS,	/* flag; only return nexthop groups in dump */
 	NHA_MASTER,	/* u32;  only return nexthops with given master dev */
 
-	NHA_FDB,	/* flag; nexthop belongs to a bridge fdb */
-	/* if NHA_FDB is added, OIF, BLACKHOLE, ENCAP cannot be set */
-
 	__NHA_MAX,
 };
 

src/basic/linux/pkt_sched.h

@@ -256,9 +256,6 @@ enum {
 	TCA_RED_PARMS,
 	TCA_RED_STAB,
 	TCA_RED_MAX_P,
-	TCA_RED_FLAGS,		/* bitfield32 */
-	TCA_RED_EARLY_DROP_BLOCK, /* u32 */
-	TCA_RED_MARK_BLOCK,	/* u32 */
 	__TCA_RED_MAX,
 };
 
@@ -271,28 +268,12 @@ struct tc_red_qopt {
 	unsigned char   Wlog;		/* log(W)		*/
 	unsigned char   Plog;		/* log(P_max/(qth_max-qth_min))	*/
 	unsigned char   Scell_log;	/* cell size for idle damping */
-
-	/* This field can be used for flags that a RED-like qdisc has
-	 * historically supported. E.g. when configuring RED, it can be used for
-	 * ECN, HARDDROP and ADAPTATIVE. For SFQ it can be used for ECN,
-	 * HARDDROP. Etc. Because this field has not been validated, and is
-	 * copied back on dump, any bits besides those to which a given qdisc
-	 * has assigned a historical meaning need to be considered for free use
-	 * by userspace tools.
-	 *
-	 * Any further flags need to be passed differently, e.g. through an
-	 * attribute (such as TCA_RED_FLAGS above). Such attribute should allow
-	 * passing both recent and historic flags in one value.
-	 */
 	unsigned char	flags;
 #define TC_RED_ECN		1
 #define TC_RED_HARDDROP		2
 #define TC_RED_ADAPTATIVE	4
-#define TC_RED_NODROP		8
 };
 
-#define TC_RED_HISTORIC_FLAGS (TC_RED_ECN | TC_RED_HARDDROP | TC_RED_ADAPTATIVE)
-
 struct tc_red_xstats {
 	__u32           early;          /* Early drops */
 	__u32           pdrop;          /* Drops due to queue limits */
@@ -913,12 +894,6 @@ enum {
 
 	TCA_FQ_CE_THRESHOLD,	/* DCTCP-like CE-marking threshold */
 
-	TCA_FQ_TIMER_SLACK,	/* timer slack */
-
-	TCA_FQ_HORIZON,		/* time horizon in us */
-
-	TCA_FQ_HORIZON_DROP,	/* drop packets beyond horizon, or cap their EDT */
-
 	__TCA_FQ_MAX
 };
 
@@ -938,8 +913,6 @@ struct tc_fq_qd_stats {
 	__u32	throttled_flows;
 	__u32	unthrottle_latency_ns;
 	__u64	ce_mark;		/* packets above ce_threshold */
-	__u64	horizon_drops;
-	__u64	horizon_caps;
 };
 
 /* Heavy-Hitter Filter */
@@ -1224,8 +1197,8 @@ enum {
  *       [TCA_TAPRIO_ATTR_SCHED_ENTRY_INTERVAL]
  */
 
-#define TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST	_BITUL(0)
-#define TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD	_BITUL(1)
+#define TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST	BIT(0)
+#define TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD	BIT(1)
 
 enum {
 	TCA_TAPRIO_ATTR_UNSPEC,

src/basic/linux/rtnetlink.h

@@ -257,12 +257,12 @@ enum {
 
 /* rtm_protocol */
 
-#define RTPROT_UNSPEC		0
-#define RTPROT_REDIRECT		1	/* Route installed by ICMP redirects;
-					   not used by current IPv4 */
-#define RTPROT_KERNEL		2	/* Route installed by kernel		*/
-#define RTPROT_BOOT		3	/* Route installed during boot		*/
-#define RTPROT_STATIC		4	/* Route installed by administrator	*/
+#define RTPROT_UNSPEC	0
+#define RTPROT_REDIRECT	1	/* Route installed by ICMP redirects;
+				   not used by current IPv4 */
+#define RTPROT_KERNEL	2	/* Route installed by kernel		*/
+#define RTPROT_BOOT	3	/* Route installed during boot		*/
+#define RTPROT_STATIC	4	/* Route installed by administrator	*/
 
 /* Values of protocol >= RTPROT_STATIC are not interpreted by kernel;
    they are just passed from user and back as is.
@@ -271,23 +271,22 @@ enum {
    avoid conflicts.
  */
 
-#define RTPROT_GATED		8	/* Apparently, GateD */
-#define RTPROT_RA		9	/* RDISC/ND router advertisements */
-#define RTPROT_MRT		10	/* Merit MRT */
-#define RTPROT_ZEBRA		11	/* Zebra */
-#define RTPROT_BIRD		12	/* BIRD */
-#define RTPROT_DNROUTED		13	/* DECnet routing daemon */
-#define RTPROT_XORP		14	/* XORP */
-#define RTPROT_NTK		15	/* Netsukuku */
-#define RTPROT_DHCP		16	/* DHCP client */
-#define RTPROT_MROUTED		17	/* Multicast daemon */
-#define RTPROT_KEEPALIVED	18	/* Keepalived daemon */
-#define RTPROT_BABEL		42	/* Babel daemon */
-#define RTPROT_BGP		186	/* BGP Routes */
-#define RTPROT_ISIS		187	/* ISIS Routes */
-#define RTPROT_OSPF		188	/* OSPF Routes */
-#define RTPROT_RIP		189	/* RIP Routes */
-#define RTPROT_EIGRP		192	/* EIGRP Routes */
+#define RTPROT_GATED	8	/* Apparently, GateD */
+#define RTPROT_RA	9	/* RDISC/ND router advertisements */
+#define RTPROT_MRT	10	/* Merit MRT */
+#define RTPROT_ZEBRA	11	/* Zebra */
+#define RTPROT_BIRD	12	/* BIRD */
+#define RTPROT_DNROUTED	13	/* DECnet routing daemon */
+#define RTPROT_XORP	14	/* XORP */
+#define RTPROT_NTK	15	/* Netsukuku */
+#define RTPROT_DHCP	16      /* DHCP client */
+#define RTPROT_MROUTED	17      /* Multicast daemon */
+#define RTPROT_BABEL	42      /* Babel daemon */
+#define RTPROT_BGP	186     /* BGP Routes */
+#define RTPROT_ISIS	187     /* ISIS Routes */
+#define RTPROT_OSPF	188     /* OSPF Routes */
+#define RTPROT_RIP	189     /* RIP Routes */
+#define RTPROT_EIGRP	192     /* EIGRP Routes */
 
 /* rtm_scope
 
@@ -610,17 +609,11 @@ enum {
 	TCA_HW_OFFLOAD,
 	TCA_INGRESS_BLOCK,
 	TCA_EGRESS_BLOCK,
-	TCA_DUMP_FLAGS,
 	__TCA_MAX
 };
 
 #define TCA_MAX (__TCA_MAX - 1)
 
-#define TCA_DUMP_FLAGS_TERSE (1 << 0) /* Means that in dump user gets only basic
-				       * data necessary to identify the objects
-				       * (handle, cookie, etc.) and stats.
-				       */
-
 #define TCA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcmsg))))
 #define TCA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcmsg))
 
@@ -778,7 +771,6 @@ enum {
 #define RTEXT_FILTER_BRVLAN	(1 << 1)
 #define RTEXT_FILTER_BRVLAN_COMPRESSED	(1 << 2)
 #define	RTEXT_FILTER_SKIP_STATS	(1 << 3)
-#define RTEXT_FILTER_MRP	(1 << 4)
 
 /* End of information exported to user level */
 

src/basic/linux/update.sh

@@ -3,7 +3,11 @@
 set -eu
 
 for i in *.h */*.h; do
-    curl https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/$i -o $i
+    if [[ $i == 'wireguard.h' ]]; then
+        curl https://raw.githubusercontent.com/WireGuard/WireGuard/master/src/uapi/$i -o $i
+    else
+        curl https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/$i -o $i
+    fi
 
     sed -i -e 's/__user //g' -e '/^#include <linux\/compiler.h>/ d' $i
 done

src/core/namespace.c

@@ -942,51 +942,32 @@ static int mount_images(const MountEntry *m) {
         _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
         _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
         _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
-        _cleanup_(verity_settings_done) VeritySettings verity = {};
-        DissectImageFlags dissect_image_flags;
+        _cleanup_free_ void *root_hash_decoded = NULL;
+        _cleanup_free_ char *verity_data = NULL, *hash_sig = NULL;
+        DissectImageFlags dissect_image_flags = m->read_only ? DISSECT_IMAGE_READ_ONLY : 0;
+        size_t root_hash_size = 0;
         int r;
 
-        assert(m);
-
-        r = verity_settings_load(&verity, mount_entry_source(m), NULL, NULL);
+        r = verity_metadata_load(mount_entry_source(m), NULL, &root_hash_decoded, &root_hash_size, &verity_data, &hash_sig);
         if (r < 0)
                 return log_debug_errno(r, "Failed to load root hash: %m");
+        dissect_image_flags |= verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
 
-        dissect_image_flags =
-                (m->read_only ? DISSECT_IMAGE_READ_ONLY : 0) |
-                (verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0);
-
-        r = loop_device_make_by_path(
-                        mount_entry_source(m),
-                        m->read_only ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
-                        verity.data_path ? 0 : LO_FLAGS_PARTSCAN,
-                        &loop_device);
+        r = loop_device_make_by_path(mount_entry_source(m),
+                                     m->read_only ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
+                                     verity_data ? 0 : LO_FLAGS_PARTSCAN,
+                                     &loop_device);
         if (r < 0)
                 return log_debug_errno(r, "Failed to create loop device for image: %m");
 
-        r = dissect_image(
-                        loop_device->fd,
-                        &verity,
-                        m->image_options,
-                        dissect_image_flags,
-                        &dissected_image);
+        r = dissect_image(loop_device->fd, root_hash_decoded, root_hash_size, verity_data, m->image_options, dissect_image_flags, &dissected_image);
         /* No partition table? Might be a single-filesystem image, try again */
-        if (!verity.data_path && r == -ENOPKG)
-                 r = dissect_image(
-                                 loop_device->fd,
-                                 &verity,
-                                 m->image_options,
-                                 dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE,
-                                 &dissected_image);
+        if (!verity_data && r < 0 && r == -ENOPKG)
+                 r = dissect_image(loop_device->fd, root_hash_decoded, root_hash_size, verity_data, m->image_options, dissect_image_flags|DISSECT_IMAGE_NO_PARTITION_TABLE, &dissected_image);
         if (r < 0)
                 return log_debug_errno(r, "Failed to dissect image: %m");
 
-        r = dissected_image_decrypt(
-                        dissected_image,
-                        NULL,
-                        &verity,
-                        dissect_image_flags,
-                        &decrypted_image);
+        r = dissected_image_decrypt(dissected_image, NULL, root_hash_decoded, root_hash_size, verity_data, hash_sig, NULL, 0, dissect_image_flags, &decrypted_image);
         if (r < 0)
                 return log_debug_errno(r, "Failed to decrypt dissected image: %m");
 
@@ -1393,60 +1374,6 @@ static bool home_read_only(
         return false;
 }
 
-static int verity_settings_prepare(
-                VeritySettings *verity,
-                const char *root_image,
-                const void *root_hash,
-                size_t root_hash_size,
-                const char *root_hash_path,
-                const void *root_hash_sig,
-                size_t root_hash_sig_size,
-                const char *root_hash_sig_path,
-                const char *verity_data_path) {
-
-        int r;
-
-        assert(verity);
-
-        if (root_hash) {
-                void *d;
-
-                d = memdup(root_hash, root_hash_size);
-                if (!d)
-                        return -ENOMEM;
-
-                free_and_replace(verity->root_hash, d);
-                verity->root_hash_size = root_hash_size;
-        }
-
-        if (root_hash_sig) {
-                void *d;
-
-                d = memdup(root_hash_sig, root_hash_sig_size);
-                if (!d)
-                        return -ENOMEM;
-
-                free_and_replace(verity->root_hash_sig, d);
-                verity->root_hash_sig_size = root_hash_sig_size;
-        }
-
-        if (verity_data_path) {
-                r = free_and_strdup(&verity->data_path, verity_data_path);
-                if (r < 0)
-                        return r;
-        }
-
-        r = verity_settings_load(
-                        verity,
-                        root_image,
-                        root_hash_path,
-                        root_hash_sig_path);
-        if (r < 0)
-                return log_debug_errno(r, "Failed to load root hash: %m");
-
-        return 0;
-}
-
 int setup_namespace(
                 const char* root_directory,
                 const char* root_image,
@@ -1473,19 +1400,20 @@ int setup_namespace(
                 const void *root_hash_sig,
                 size_t root_hash_sig_size,
                 const char *root_hash_sig_path,
-                const char *verity_data_path,
+                const char *root_verity,
                 DissectImageFlags dissect_image_flags,
                 char **error_path) {
 
         _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
         _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
         _cleanup_(dissected_image_unrefp) DissectedImage *dissected_image = NULL;
-        _cleanup_(verity_settings_done) VeritySettings verity = {};
+        _cleanup_free_ void *root_hash_decoded = NULL;
+        _cleanup_free_ char *verity_data = NULL, *hash_sig_path = NULL;
         MountEntry *m = NULL, *mounts = NULL;
+        size_t n_mounts;
         bool require_prefix = false;
         const char *root;
-        size_t n_mounts;
-        int r;
+        int r = 0;
 
         assert(ns_info);
 
@@ -1504,40 +1432,43 @@ int setup_namespace(
                     strv_isempty(read_write_paths))
                         dissect_image_flags |= DISSECT_IMAGE_READ_ONLY;
 
-                r = verity_settings_prepare(
-                                &verity,
-                                root_image,
-                                root_hash, root_hash_size, root_hash_path,
-                                root_hash_sig, root_hash_sig_size, root_hash_sig_path,
-                                verity_data_path);
-                if (r < 0)
-                        return r;
-
-                SET_FLAG(dissect_image_flags, DISSECT_IMAGE_NO_PARTITION_TABLE, verity.data_path);
-
-                r = loop_device_make_by_path(
-                                root_image,
-                                FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
-                                FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN,
-                                &loop_device);
+                r = loop_device_make_by_path(root_image,
+                                             FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : -1 /* < 0 means writable if possible, read-only as fallback */,
+                                             LO_FLAGS_PARTSCAN,
+                                             &loop_device);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to create loop device for root image: %m");
 
-                r = dissect_image(
-                                loop_device->fd,
-                                &verity,
-                                root_image_options,
-                                dissect_image_flags,
-                                &dissected_image);
+                r = verity_metadata_load(root_image,
+                                         root_hash_path,
+                                         root_hash ? NULL : &root_hash_decoded,
+                                         root_hash ? NULL : &root_hash_size,
+                                         root_verity ? NULL : &verity_data,
+                                         root_hash_sig || root_hash_sig_path ? NULL : &hash_sig_path);
+                if (r < 0)
+                        return log_debug_errno(r, "Failed to load root hash: %m");
+                dissect_image_flags |= root_verity || verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
+
+                r = dissect_image(loop_device->fd,
+                                  root_hash ?: root_hash_decoded,
+                                  root_hash_size,
+                                  root_verity ?: verity_data,
+                                  root_image_options,
+                                  dissect_image_flags,
+                                  &dissected_image);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to dissect image: %m");
 
-                r = dissected_image_decrypt(
-                                dissected_image,
-                                NULL,
-                                &verity,
-                                dissect_image_flags,
-                                &decrypted_image);
+                r = dissected_image_decrypt(dissected_image,
+                                            NULL,
+                                            root_hash ?: root_hash_decoded,
+                                            root_hash_size,
+                                            root_verity ?: verity_data,
+                                            root_hash_sig_path ?: hash_sig_path,
+                                            root_hash_sig,
+                                            root_hash_sig_size,
+                                            dissect_image_flags,
+                                            &decrypted_image);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to decrypt dissected image: %m");
         }

src/dissect/dissect.c

@@ -11,7 +11,6 @@
 #include "copy.h"
 #include "dissect-image.h"
 #include "fd-util.h"
-#include "fileio.h"
 #include "format-table.h"
 #include "format-util.h"
 #include "fs-util.h"
@@ -44,11 +43,19 @@ static const char *arg_path = NULL;
 static const char *arg_source = NULL;
 static const char *arg_target = NULL;
 static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK;
-static VeritySettings arg_verity_settings = {};
+static void *arg_root_hash = NULL;
+static char *arg_verity_data = NULL;
+static size_t arg_root_hash_size = 0;
+static char *arg_root_hash_sig_path = NULL;
+static void *arg_root_hash_sig = NULL;
+static size_t arg_root_hash_sig_size = 0;
 static bool arg_json = false;
 static JsonFormatFlags arg_json_format_flags = 0;
 
-STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done);
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);
 
 static int help(void) {
         _cleanup_free_ char *link = NULL;
@@ -98,10 +105,10 @@ static int parse_argv(int argc, char *argv[]) {
         enum {
                 ARG_VERSION = 0x100,
                 ARG_DISCARD,
-                ARG_FSCK,
                 ARG_ROOT_HASH,
-                ARG_ROOT_HASH_SIG,
+                ARG_FSCK,
                 ARG_VERITY_DATA,
+                ARG_ROOT_HASH_SIG,
                 ARG_MKDIR,
                 ARG_JSON,
         };
@@ -112,10 +119,10 @@ static int parse_argv(int argc, char *argv[]) {
                 { "mount",         no_argument,       NULL, 'm'               },
                 { "read-only",     no_argument,       NULL, 'r'               },
                 { "discard",       required_argument, NULL, ARG_DISCARD       },
-                { "fsck",          required_argument, NULL, ARG_FSCK          },
                 { "root-hash",     required_argument, NULL, ARG_ROOT_HASH     },
-                { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
+                { "fsck",          required_argument, NULL, ARG_FSCK          },
                 { "verity-data",   required_argument, NULL, ARG_VERITY_DATA   },
+                { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
                 { "mkdir",         no_argument,       NULL, ARG_MKDIR         },
                 { "copy-from",     no_argument,       NULL, 'x'               },
                 { "copy-to",       no_argument,       NULL, 'a'               },
@@ -192,47 +199,55 @@ static int parse_argv(int argc, char *argv[]) {
                 }
 
                 case ARG_ROOT_HASH: {
-                        _cleanup_free_ void *p = NULL;
+                        void *p;
                         size_t l;
 
                         r = unhexmem(optarg, strlen(optarg), &p, &l);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
-                        if (l < sizeof(sd_id128_t))
-                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                       "Root hash must be at least 128bit long: %s", optarg);
-
-                        free_and_replace(arg_verity_settings.root_hash, p);
-                        arg_verity_settings.root_hash_size = l;
-                        break;
-                }
-
-                case ARG_ROOT_HASH_SIG: {
-                        char *value;
-                        size_t l;
-                        void *p;
-
-                        if ((value = startswith(optarg, "base64:"))) {
-                                r = unbase64mem(value, strlen(value), &p, &l);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
-                        } else {
-                                r = read_full_file(optarg, (char**) &p, &l);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to read root hash signature file '%s': %m", optarg);
+                        if (l < sizeof(sd_id128_t)) {
+                                log_error("Root hash must be at least 128bit long: %s", optarg);
+                                free(p);
+                                return -EINVAL;
                         }
 
-                        free_and_replace(arg_verity_settings.root_hash_sig, p);
-                        arg_verity_settings.root_hash_sig_size = l;
+                        free(arg_root_hash);
+                        arg_root_hash = p;
+                        arg_root_hash_size = l;
                         break;
                 }
 
                 case ARG_VERITY_DATA:
-                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_settings.data_path);
+                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
                         if (r < 0)
                                 return r;
                         break;
 
+                case ARG_ROOT_HASH_SIG: {
+                        char *value;
+
+                        if ((value = startswith(optarg, "base64:"))) {
+                                void *p;
+                                size_t l;
+
+                                r = unbase64mem(value, strlen(value), &p, &l);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
+
+                                free_and_replace(arg_root_hash_sig, p);
+                                arg_root_hash_sig_size = l;
+                                arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
+                        } else {
+                                r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
+                                if (r < 0)
+                                        return r;
+                                arg_root_hash_sig = mfree(arg_root_hash_sig);
+                                arg_root_hash_sig_size = 0;
+                        }
+
+                        break;
+                }
+
                 case ARG_FSCK:
                         r = parse_boolean(optarg);
                         if (r < 0)
@@ -468,7 +483,7 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
                 if (r < 0)
                         return table_log_add_error(r);
 
-                if (arg_verity_settings.data_path)
+                if (arg_verity_data)
                         r = table_add_cell(t, NULL, TABLE_STRING, "external");
                 else if (dissected_image_can_do_verity(m, i))
                         r = table_add_cell(t, NULL, TABLE_STRING, yes_no(dissected_image_has_verity(m, i)));
@@ -524,7 +539,9 @@ static int action_mount(DissectedImage *m, LoopDevice *d) {
 
         r = dissected_image_decrypt_interactively(
                         m, NULL,
-                        &arg_verity_settings,
+                        arg_root_hash, arg_root_hash_size,
+                        arg_verity_data,
+                        arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
                         arg_flags,
                         &di);
         if (r < 0)
@@ -556,7 +573,9 @@ static int action_copy(DissectedImage *m, LoopDevice *d) {
 
         r = dissected_image_decrypt_interactively(
                         m, NULL,
-                        &arg_verity_settings,
+                        arg_root_hash, arg_root_hash_size,
+                        arg_verity_data,
+                        arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
                         arg_flags,
                         &di);
         if (r < 0)
@@ -720,30 +739,34 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        r = verity_settings_load(
-                        &arg_verity_settings,
-                        arg_image, NULL, NULL);
+        r = verity_metadata_load(
+                        arg_image, NULL,
+                        arg_root_hash ? NULL : &arg_root_hash,
+                        &arg_root_hash_size,
+                        arg_verity_data ? NULL : &arg_verity_data,
+                        arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
         if (r < 0)
                 return log_error_errno(r, "Failed to read verity artifacts for %s: %m", arg_image);
 
-        if (arg_verity_settings.data_path)
-                arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system,
-                                                                * hence if there's external Verity data
-                                                                * available we turn off partition table
-                                                                * support */
-
         r = loop_device_make_by_path(
                         arg_image,
-                        FLAGS_SET(arg_flags, DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR,
-                        FLAGS_SET(arg_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN,
+                        (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR,
+                        arg_verity_data ? 0 : LO_FLAGS_PARTSCAN,
                         &d);
         if (r < 0)
                 return log_error_errno(r, "Failed to set up loopback device: %m");
 
+        if (arg_verity_data)
+                arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system,
+                                                                * hence if there's external Verity data
+                                                                * available we turn off partition table
+                                                                * support */
         r = dissect_image_and_warn(
                         d->fd,
                         arg_image,
-                        &arg_verity_settings,
+                        arg_root_hash,
+                        arg_root_hash_size,
+                        arg_verity_data,
                         NULL,
                         arg_flags,
                         &m);

src/gpt-auto-generator/gpt-auto-generator.c

@@ -665,7 +665,7 @@ static int enumerate_partitions(dev_t devnum) {
         if (r <= 0)
                 return r;
 
-        r = dissect_image(fd, NULL, NULL, DISSECT_IMAGE_GPT_ONLY|DISSECT_IMAGE_NO_UDEV, &m);
+        r = dissect_image(fd, NULL, 0, NULL, NULL, DISSECT_IMAGE_GPT_ONLY|DISSECT_IMAGE_NO_UDEV, &m);
         if (r == -ENOPKG) {
                 log_debug_errno(r, "No suitable partition table found, ignoring.");
                 return 0;

src/libsystemd/sd-netlink/netlink-types.c

@@ -351,12 +351,6 @@ static const NLType rtnl_link_info_data_xfrm_types[] = {
         [IFLA_XFRM_IF_ID]        = { .type = NETLINK_TYPE_U32 }
 };
 
-static const NLType rtnl_link_info_data_bareudp_types[] = {
-        [IFLA_BAREUDP_PORT]            = { .type = NETLINK_TYPE_U16 },
-        [IFLA_BAREUDP_ETHERTYPE]       = { .type = NETLINK_TYPE_U16 },
-        [IFLA_BAREUDP_SRCPORT_MIN]     = { .type = NETLINK_TYPE_U16 },
-        [IFLA_BAREUDP_MULTIPROTO_MODE] = { .type = NETLINK_TYPE_FLAG },
-};
 /* these strings must match the .kind entries in the kernel */
 static const char* const nl_union_link_info_data_table[] = {
         [NL_UNION_LINK_INFO_DATA_BOND] = "bond",
@@ -390,7 +384,6 @@ static const char* const nl_union_link_info_data_table[] = {
         [NL_UNION_LINK_INFO_DATA_NLMON] = "nlmon",
         [NL_UNION_LINK_INFO_DATA_XFRM] = "xfrm",
         [NL_UNION_LINK_INFO_DATA_IFB] = "ifb",
-        [NL_UNION_LINK_INFO_DATA_BAREUDP] = "bareudp",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(nl_union_link_info_data, NLUnionLinkInfoData);
@@ -446,8 +439,6 @@ static const NLTypeSystem rtnl_link_info_data_type_systems[] = {
                                                        .types = rtnl_link_info_data_macsec_types },
         [NL_UNION_LINK_INFO_DATA_XFRM] =             { .count = ELEMENTSOF(rtnl_link_info_data_xfrm_types),
                                                        .types = rtnl_link_info_data_xfrm_types },
-        [NL_UNION_LINK_INFO_DATA_BAREUDP] =          { .count = ELEMENTSOF(rtnl_link_info_data_bareudp_types),
-                                                       .types = rtnl_link_info_data_bareudp_types },
 };
 
 static const NLTypeSystemUnion rtnl_link_info_data_type_system_union = {

src/libsystemd/sd-netlink/netlink-types.h

@@ -88,7 +88,6 @@ typedef enum NLUnionLinkInfoData {
         NL_UNION_LINK_INFO_DATA_NLMON,
         NL_UNION_LINK_INFO_DATA_XFRM,
         NL_UNION_LINK_INFO_DATA_IFB,
-        NL_UNION_LINK_INFO_DATA_BAREUDP,
         _NL_UNION_LINK_INFO_DATA_MAX,
         _NL_UNION_LINK_INFO_DATA_INVALID = -1
 } NLUnionLinkInfoData;

src/network/meson.build

@@ -1,8 +1,6 @@
 # SPDX-License-Identifier: LGPL-2.1+
 
 sources = files('''
-        netdev/bareudp.c
-        netdev/bareudp.h
         netdev/bond.c
         netdev/bond.h
         netdev/bridge.c

src/network/netdev/bareudp.c

@@ -1,138 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1+
- * Copyright © 2020 VMware, Inc. */
-
-#include "bareudp.h"
-#include "netlink-util.h"
-#include "networkd-manager.h"
-#include "string-table.h"
-
-static const char* const bare_udp_protocol_table[_BARE_UDP_PROTOCOL_MAX] = {
-        [BARE_UDP_PROTOCOL_IPV4]    = "ipv4",
-        [BARE_UDP_PROTOCOL_IPV6]    = "ipv6",
-        [BARE_UDP_PROTOCOL_MPLS_UC] = "mpls-uc",
-        [BARE_UDP_PROTOCOL_MPLS_MC] = "mpls-mc",
-};
-
-DEFINE_STRING_TABLE_LOOKUP(bare_udp_protocol, BareUDPProtocol);
-DEFINE_CONFIG_PARSE_ENUM(config_parse_bare_udp_iftype, bare_udp_protocol, BareUDPProtocol,
-                         "Failed to parse EtherType=");
-
-/* callback for bareudp netdev's created without a backing Link */
-static int bare_udp_netdev_create_handler(sd_netlink *rtnl, sd_netlink_message *m, NetDev *netdev) {
-        int r;
-
-        assert(netdev);
-        assert(netdev->state != _NETDEV_STATE_INVALID);
-
-        r = sd_netlink_message_get_errno(m);
-        if (r == -EEXIST)
-                log_netdev_info(netdev, "BareUDP netdev exists, using existing without changing its parameters.");
-        else if (r < 0) {
-                log_netdev_warning_errno(netdev, r, "BareUDP netdev could not be created: %m");
-                netdev_drop(netdev);
-
-                return 1;
-        }
-
-        log_netdev_debug(netdev, "BareUDP created.");
-
-        return 1;
-}
-
-static int netdev_bare_udp_create(NetDev *netdev) {
-        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
-        BareUDP *u;
-        int r;
-
-        assert(netdev);
-
-        u = BAREUDP(netdev);
-
-        assert(u);
-
-        r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not allocate RTM_NEWLINK message: %m");
-
-        r = sd_netlink_message_append_string(m, IFLA_IFNAME, netdev->ifname);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_IFNAME, attribute: %m");
-
-        r = sd_netlink_message_open_container(m, IFLA_LINKINFO);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
-
-        r = sd_netlink_message_open_container_union(m, IFLA_INFO_DATA, netdev_kind_to_string(netdev->kind));
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
-
-        r = sd_netlink_message_append_u16(m, IFLA_BAREUDP_ETHERTYPE, htobe16(u->iftype));
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BAREUDP_ETHERTYPE attribute: %m");
-
-        r = sd_netlink_message_append_u16(m, IFLA_BAREUDP_PORT, htobe16(u->dest_port));
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_BAREUDP_PORT attribute: %m");
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_INFO_DATA attribute: %m");
-
-        r = sd_netlink_message_close_container(m);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not append IFLA_LINKINFO attribute: %m");
-
-        r = netlink_call_async(netdev->manager->rtnl, NULL, m, bare_udp_netdev_create_handler,
-                               netdev_destroy_callback, netdev);
-        if (r < 0)
-                return log_netdev_error_errno(netdev, r, "Could not send rtnetlink message: %m");
-
-        netdev_ref(netdev);
-        netdev->state = NETDEV_STATE_CREATING;
-
-        log_netdev_debug(netdev, "Creating");
-
-        return r;
-}
-
-static int netdev_bare_udp_verify(NetDev *netdev, const char *filename) {
-        BareUDP *u;
-
-        assert(netdev);
-        assert(filename);
-
-        u = BAREUDP(netdev);
-
-        assert(u);
-
-        if (u->dest_port == 0)
-                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
-                                                "%s: BareUDP DesinationPort= is not set. Ignoring.", filename);
-
-        if (u->iftype == _BARE_UDP_PROTOCOL_INVALID)
-                return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
-                                                "%s: BareUDP EtherType= is not set. Ignoring.", filename);
-
-        return 0;
-}
-
-static void bare_udp_init(NetDev *netdev) {
-        BareUDP *u;
-
-        assert(netdev);
-
-        u = BAREUDP(netdev);
-
-        assert(u);
-
-        u->iftype = _BARE_UDP_PROTOCOL_INVALID;
-}
-
-const NetDevVTable bare_udp_vtable = {
-        .object_size = sizeof(BareUDP),
-        .sections = NETDEV_COMMON_SECTIONS "BareUDP\0",
-        .init = bare_udp_init,
-        .config_verify = netdev_bare_udp_verify,
-        .create = netdev_bare_udp_create,
-        .create_type = NETDEV_CREATE_INDEPENDENT,
-};

src/network/netdev/bareudp.h

@@ -1,34 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1+
- * Copyright © 2020 VMware, Inc. */
-#pragma once
-
-typedef struct BareUDP BareUDP;
-
-#include <linux/if_ether.h>
-
-#include "conf-parser.h"
-#include "netdev.h"
-
-typedef enum BareUDPProtocol {
-        BARE_UDP_PROTOCOL_IPV4    = ETH_P_IP,
-        BARE_UDP_PROTOCOL_IPV6    = ETH_P_IPV6,
-        BARE_UDP_PROTOCOL_MPLS_UC = ETH_P_MPLS_UC,
-        BARE_UDP_PROTOCOL_MPLS_MC = ETH_P_MPLS_MC,
-        _BARE_UDP_PROTOCOL_MAX,
-        _BARE_UDP_PROTOCOL_INVALID = -1
-} BareUDPProtocol;
-
-struct BareUDP {
-        NetDev meta;
-
-        BareUDPProtocol iftype;
-        uint16_t dest_port;
-};
-
-DEFINE_NETDEV_CAST(BAREUDP, BareUDP);
-extern const NetDevVTable bare_udp_vtable;
-
-const char *bare_udp_protocol_to_string(BareUDPProtocol d) _const_;
-BareUDPProtocol bare_udp_protocol_from_string(const char *d) _pure_;
-
-CONFIG_PARSER_PROTOTYPE(config_parse_bare_udp_iftype);

src/network/netdev/netdev-gperf.gperf

@@ -3,7 +3,6 @@
 _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #endif
 #include <stddef.h>
-#include "bareudp.h"
 #include "bond.h"
 #include "bridge.h"
 #include "conf-parser.h"
@@ -135,7 +134,6 @@ VXLAN.PortRange,                          config_parse_port_range,
 VXLAN.DestinationPort,                    config_parse_ip_port,                      0,                             offsetof(VxLan, dest_port)
 VXLAN.FlowLabel,                          config_parse_flow_label,                   0,                             0
 VXLAN.IPDoNotFragment,                    config_parse_df,                           0,                             offsetof(VxLan, df)
-VXLAN.Independent,                        config_parse_bool,                         0,                             offsetof(VxLan, independent)
 GENEVE.Id,                                config_parse_geneve_vni,                   0,                             offsetof(Geneve, id)
 GENEVE.Remote,                            config_parse_geneve_address,               0,                             offsetof(Geneve, remote)
 GENEVE.TOS,                               config_parse_uint8,                        0,                             offsetof(Geneve, tos)
@@ -215,8 +213,6 @@ Bridge.STP,                               config_parse_tristate,
 Bridge.MulticastIGMPVersion,              config_parse_uint8,                        0,                             offsetof(Bridge, igmp_version)
 VRF.TableId,                              config_parse_uint32,                       0,                             offsetof(Vrf, table) /* deprecated */
 VRF.Table,                                config_parse_uint32,                       0,                             offsetof(Vrf, table)
-BareUDP.DestinationPort,                  config_parse_ip_port,                      0,                             offsetof(BareUDP, dest_port)
-BareUDP.EtherType,                        config_parse_bare_udp_iftype,              0,                             offsetof(BareUDP, iftype)
 WireGuard.FirewallMark,                   config_parse_unsigned,                     0,                             offsetof(Wireguard, fwmark)
 WireGuard.FwMark,                         config_parse_unsigned,                     0,                             offsetof(Wireguard, fwmark) /* deprecated */
 WireGuard.ListenPort,                     config_parse_wireguard_listen_port,        0,                             offsetof(Wireguard, port)

src/network/netdev/netdev.c

@@ -5,7 +5,6 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
-#include "bareudp.h"
 #include "bond.h"
 #include "bridge.h"
 #include "conf-files.h"
@@ -78,11 +77,9 @@ const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX] = {
         [NETDEV_KIND_NLMON] = &nlmon_vtable,
         [NETDEV_KIND_XFRM] = &xfrm_vtable,
         [NETDEV_KIND_IFB] = &ifb_vtable,
-        [NETDEV_KIND_BAREUDP] = &bare_udp_vtable,
 };
 
 static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
-        [NETDEV_KIND_BAREUDP] = "bareudp",
         [NETDEV_KIND_BRIDGE] = "bridge",
         [NETDEV_KIND_BOND] = "bond",
         [NETDEV_KIND_VLAN] = "vlan",
@@ -826,9 +823,6 @@ int netdev_load_one(Manager *manager, const char *filename) {
         case NETDEV_KIND_XFRM:
                 independent = XFRM(netdev)->independent;
                 break;
-        case NETDEV_KIND_VXLAN:
-                independent = VXLAN(netdev)->independent;
-                break;
         default:
                 break;
         }

src/network/netdev/netdev.h

@@ -11,7 +11,6 @@
 #define NETDEV_COMMON_SECTIONS "Match\0NetDev\0"
 /* This is the list of known sections. We need to ignore them in the initial parsing phase. */
 #define NETDEV_OTHER_SECTIONS                     \
-        "-BareUDP\0"                              \
         "-Bond\0"                                 \
         "-Bridge\0"                               \
         "-FooOverUDP\0"                           \
@@ -82,7 +81,6 @@ typedef enum NetDevKind {
         NETDEV_KIND_NLMON,
         NETDEV_KIND_XFRM,
         NETDEV_KIND_IFB,
-        NETDEV_KIND_BAREUDP,
         _NETDEV_KIND_MAX,
         _NETDEV_KIND_TUNNEL, /* Used by config_parse_stacked_netdev() */
         _NETDEV_KIND_INVALID = -1

src/network/netdev/vxlan.c

@@ -25,6 +25,7 @@ static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netli
         int r;
 
         assert(netdev);
+        assert(link);
         assert(m);
 
         v = VXLAN(netdev);
@@ -62,7 +63,7 @@ static int netdev_vxlan_fill_message_create(NetDev *netdev, Link *link, sd_netli
                         return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LOCAL attribute: %m");
         }
 
-        r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LINK, link ? link->ifindex : 0);
+        r = sd_netlink_message_append_u32(m, IFLA_VXLAN_LINK, link->ifindex);
         if (r < 0)
                 return log_netdev_error_errno(netdev, r, "Could not append IFLA_VXLAN_LINK attribute: %m");
 

src/network/netdev/vxlan.h

@@ -56,7 +56,6 @@ struct VxLan {
         bool group_policy;
         bool generic_protocol_extension;
         bool inherit;
-        bool independent;
 
         struct ifla_vxlan_port_range port_range;
 };

src/network/networkd-link.c

@@ -146,7 +146,7 @@ bool link_ipv4ll_enabled(Link *link, AddressFamily mask) {
 
         if (STRPTR_IN_SET(link->kind,
                           "vrf", "wireguard", "ipip", "gre", "ip6gre","ip6tnl", "sit", "vti",
-                          "vti6", "nlmon", "xfrm", "bareudp"))
+                          "vti6", "nlmon", "xfrm"))
                 return false;
 
         /* L3 or L3S mode do not support ARP. */

src/nspawn/nspawn.c

@@ -199,7 +199,12 @@ static bool arg_notify_ready = false;
 static bool arg_use_cgns = true;
 static unsigned long arg_clone_ns_flags = CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS;
 static MountSettingsMask arg_mount_settings = MOUNT_APPLY_APIVFS_RO|MOUNT_APPLY_TMPFS_TMP;
-static VeritySettings arg_verity_settings = {};
+static void *arg_root_hash = NULL;
+static char *arg_verity_data = NULL;
+static char *arg_root_hash_sig_path = NULL;
+static void *arg_root_hash_sig = NULL;
+static size_t arg_root_hash_sig_size = 0;
+static size_t arg_root_hash_size = 0;
 static char **arg_syscall_allow_list = NULL;
 static char **arg_syscall_deny_list = NULL;
 #if HAVE_SECCOMP
@@ -243,7 +248,10 @@ STATIC_DESTRUCTOR_REGISTER(arg_oci_bundle, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_property, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_property_message, sd_bus_message_unrefp);
 STATIC_DESTRUCTOR_REGISTER(arg_parameters, strv_freep);
-STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done);
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_syscall_allow_list, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_syscall_deny_list, strv_freep);
 #if HAVE_SECCOMP
@@ -664,8 +672,6 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_PRIVATE_USERS_CHOWN,
                 ARG_NOTIFY_READY,
                 ARG_ROOT_HASH,
-                ARG_ROOT_HASH_SIG,
-                ARG_VERITY_DATA,
                 ARG_SYSTEM_CALL_FILTER,
                 ARG_RLIMIT,
                 ARG_HOSTNAME,
@@ -678,6 +684,8 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_PIPE,
                 ARG_OCI_BUNDLE,
                 ARG_NO_PAGER,
+                ARG_VERITY_DATA,
+                ARG_ROOT_HASH_SIG,
                 ARG_SET_CREDENTIAL,
                 ARG_LOAD_CREDENTIAL,
         };
@@ -735,8 +743,6 @@ static int parse_argv(int argc, char *argv[]) {
                 { "pivot-root",             required_argument, NULL, ARG_PIVOT_ROOT             },
                 { "notify-ready",           required_argument, NULL, ARG_NOTIFY_READY           },
                 { "root-hash",              required_argument, NULL, ARG_ROOT_HASH              },
-                { "root-hash-sig",          required_argument, NULL, ARG_ROOT_HASH_SIG          },
-                { "verity-data",            required_argument, NULL, ARG_VERITY_DATA            },
                 { "system-call-filter",     required_argument, NULL, ARG_SYSTEM_CALL_FILTER     },
                 { "rlimit",                 required_argument, NULL, ARG_RLIMIT                 },
                 { "oom-score-adjust",       required_argument, NULL, ARG_OOM_SCORE_ADJUST       },
@@ -747,6 +753,8 @@ static int parse_argv(int argc, char *argv[]) {
                 { "pipe",                   no_argument,       NULL, ARG_PIPE                   },
                 { "oci-bundle",             required_argument, NULL, ARG_OCI_BUNDLE             },
                 { "no-pager",               no_argument,       NULL, ARG_NO_PAGER               },
+                { "verity-data",            required_argument, NULL, ARG_VERITY_DATA            },
+                { "root-hash-sig",          required_argument, NULL, ARG_ROOT_HASH_SIG          },
                 { "set-credential",         required_argument, NULL, ARG_SET_CREDENTIAL         },
                 { "load-credential",        required_argument, NULL, ARG_LOAD_CREDENTIAL        },
                 {}
@@ -1320,47 +1328,54 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_ROOT_HASH: {
-                        _cleanup_free_ void *k = NULL;
+                        void *k;
                         size_t l;
 
                         r = unhexmem(optarg, strlen(optarg), &k, &l);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse root hash: %s", optarg);
-                        if (l < sizeof(sd_id128_t))
+                        if (l < sizeof(sd_id128_t)) {
+                                free(k);
                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Root hash must be at least 128bit long: %s", optarg);
-
-                        free_and_replace(arg_verity_settings.root_hash, k);
-                        arg_verity_settings.root_hash_size = l;
-                        break;
-                }
-
-                case ARG_ROOT_HASH_SIG: {
-                        char *value;
-                        size_t l;
-                        void *p;
-
-                        if ((value = startswith(optarg, "base64:"))) {
-                                r = unbase64mem(value, strlen(value), &p, &l);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
-
-                        } else {
-                                r = read_full_file(optarg, (char**) &p, &l);
-                                if (r < 0)
-                                        return log_error_errno(r, "Failed parse root hash signature file '%s': %m", optarg);
                         }
 
-                        free_and_replace(arg_verity_settings.root_hash_sig, p);
-                        arg_verity_settings.root_hash_sig_size = l;
+                        free(arg_root_hash);
+                        arg_root_hash = k;
+                        arg_root_hash_size = l;
                         break;
                 }
 
                 case ARG_VERITY_DATA:
-                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_settings.data_path);
+                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
                         if (r < 0)
                                 return r;
                         break;
 
+                case ARG_ROOT_HASH_SIG: {
+                        char *value;
+
+                        if ((value = startswith(optarg, "base64:"))) {
+                                void *p;
+                                size_t l;
+
+                                r = unbase64mem(value, strlen(value), &p, &l);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
+
+                                free_and_replace(arg_root_hash_sig, p);
+                                arg_root_hash_sig_size = l;
+                                arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
+                        } else {
+                                r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
+                                if (r < 0)
+                                        return r;
+                                arg_root_hash_sig = mfree(arg_root_hash_sig);
+                                arg_root_hash_sig_size = 0;
+                        }
+
+                        break;
+                }
+
                 case ARG_SYSTEM_CALL_FILTER: {
                         bool negative;
                         const char *items;
@@ -5360,16 +5375,14 @@ static int run(int argc, char *argv[]) {
                                 goto finish;
                         }
 
-                        r = verity_settings_load(
-                                        &arg_verity_settings,
-                                        arg_image, NULL, NULL);
+                        r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
+                                        arg_verity_data ? NULL : &arg_verity_data,
+                                        arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
                         if (r < 0) {
                                 log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
                                 goto finish;
                         }
-
-                        if (arg_verity_settings.data_path)
-                                dissect_image_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE;
+                        dissect_image_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
                 }
 
                 if (!mkdtemp(tmprootdir)) {
@@ -5385,11 +5398,7 @@ static int run(int argc, char *argv[]) {
                         goto finish;
                 }
 
-                r = loop_device_make_by_path(
-                                arg_image,
-                                arg_read_only ? O_RDONLY : O_RDWR,
-                                FLAGS_SET(dissect_image_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN,
-                                &loop);
+                r = loop_device_make_by_path(arg_image, arg_read_only ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &loop);
                 if (r < 0) {
                         log_error_errno(r, "Failed to set up loopback block device: %m");
                         goto finish;
@@ -5398,7 +5407,8 @@ static int run(int argc, char *argv[]) {
                 r = dissect_image_and_warn(
                                 loop->fd,
                                 arg_image,
-                                &arg_verity_settings,
+                                arg_root_hash, arg_root_hash_size,
+                                arg_verity_data,
                                 NULL,
                                 dissect_image_flags,
                                 &dissected_image);
@@ -5415,15 +5425,10 @@ static int run(int argc, char *argv[]) {
                 if (r < 0)
                         goto finish;
 
-                if (!arg_verity_settings.root_hash && dissected_image->can_verity)
+                if (!arg_root_hash && dissected_image->can_verity)
                         log_notice("Note: image %s contains verity information, but no root hash specified! Proceeding without integrity checking.", arg_image);
 
-                r = dissected_image_decrypt_interactively(
-                                dissected_image,
-                                NULL,
-                                &arg_verity_settings,
-                                0,
-                                &decrypted_image);
+                r = dissected_image_decrypt_interactively(dissected_image, NULL, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size, 0, &decrypted_image);
                 if (r < 0)
                         goto finish;
 

src/partition/repart.c

@@ -72,12 +72,6 @@
 /* LUKS2 takes off 16M of the partition size with its metadata by default */
 #define LUKS2_METADATA_SIZE (16*1024*1024)
 
-#if !HAVE_LIBCRYPTSETUP
-struct crypt_device;
-static inline void sym_crypt_free(struct crypt_device* cd) {}
-static inline void sym_crypt_freep(struct crypt_device** cd) {}
-#endif
-
 /* Note: When growing and placing new partitions we always align to 4K sector size. It's how newer hard disks
  * are designed, and if everything is aligned to that performance is best. And for older hard disks with 512B
  * sector size devices were generally assumed to have an even number of sectors, hence at the worst we'll
@@ -2375,7 +2369,7 @@ static int partition_encrypt(
                 struct crypt_device **ret_cd,
                 char **ret_volume,
                 int *ret_fd) {
-#if HAVE_LIBCRYPTSETUP
+
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
         _cleanup_(erase_and_freep) void *volume_key = NULL;
         _cleanup_free_ char *dm_name = NULL, *vol = NULL;
@@ -2471,13 +2465,9 @@ static int partition_encrypt(
                 *ret_volume = TAKE_PTR(vol);
 
         return 0;
-#else
-        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "libcryptsetup is not supported, cannot encrypt: %m");
-#endif
 }
 
 static int deactivate_luks(struct crypt_device *cd, const char *node) {
-#if HAVE_LIBCRYPTSETUP
         int r;
 
         if (!cd)
@@ -2493,9 +2483,6 @@ static int deactivate_luks(struct crypt_device *cd, const char *node) {
                 return log_error_errno(r, "Failed to deactivate LUKS device: %m");
 
         return 1;
-#else
-        return 0;
-#endif
 }
 
 static int context_copy_blocks(Context *context) {

src/portable/portable.c

@@ -379,7 +379,7 @@ static int portable_extract_by_path(
                 if (r < 0)
                         return log_debug_errno(r, "Failed to create temporary directory: %m");
 
-                r = dissect_image(d->fd, NULL, NULL, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
+                r = dissect_image(d->fd, NULL, 0, NULL, NULL, DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
                 if (r == -ENOPKG)
                         sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Couldn't identify a suitable partition table or file system in '%s'.", path);
                 else if (r == -EADDRNOTAVAIL)

src/shared/dissect-image.c

@@ -304,7 +304,9 @@ static void check_partition_flags(
 
 int dissect_image(
                 int fd,
-                const VeritySettings *verity,
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *verity_data,
                 const MountOptions *mount_options,
                 DissectImageFlags flags,
                 DissectedImage **ret) {
@@ -326,7 +328,7 @@ int dissect_image(
 
         assert(fd >= 0);
         assert(ret);
-        assert(!verity || verity->root_hash || verity->root_hash_size == 0);
+        assert(root_hash || root_hash_size == 0);
         assert(!((flags & DISSECT_IMAGE_GPT_ONLY) && (flags & DISSECT_IMAGE_NO_PARTITION_TABLE)));
 
         /* Probes a disk image, and returns information about what it found in *ret.
@@ -334,16 +336,16 @@ int dissect_image(
          * Returns -ENOPKG if no suitable partition table or file system could be found.
          * Returns -EADDRNOTAVAIL if a root hash was specified but no matching root/verity partitions found. */
 
-        if (verity && verity->root_hash) {
+        if (root_hash) {
                 /* If a root hash is supplied, then we use the root partition that has a UUID that match the first
                  * 128bit of the root hash. And we use the verity partition that has a UUID that match the final
                  * 128bit. */
 
-                if (verity->root_hash_size < sizeof(sd_id128_t))
+                if (root_hash_size < sizeof(sd_id128_t))
                         return -EINVAL;
 
-                memcpy(&root_uuid, verity->root_hash, sizeof(sd_id128_t));
-                memcpy(&verity_uuid, (const uint8_t*) verity->root_hash + verity->root_hash_size - sizeof(sd_id128_t), sizeof(sd_id128_t));
+                memcpy(&root_uuid, root_hash, sizeof(sd_id128_t));
+                memcpy(&verity_uuid, (const uint8_t*) root_hash + root_hash_size - sizeof(sd_id128_t), sizeof(sd_id128_t));
 
                 if (sd_id128_is_null(root_uuid))
                         return -EINVAL;
@@ -414,8 +416,8 @@ int dissect_image(
                                 return r;
 
                         m->single_file_system = true;
-                        m->verity = verity && verity->root_hash && verity->data_path;
-                        m->can_verity = verity && verity->data_path;
+                        m->verity = root_hash && verity_data;
+                        m->can_verity = !!verity_data;
 
                         options = mount_options_from_designator(mount_options, PARTITION_ROOT);
                         if (options) {
@@ -813,7 +815,7 @@ int dissect_image(
 
                         /* If the root hash was set, then we won't fall back to a generic node, because the
                          * root hash decides. */
-                        if (verity && verity->root_hash)
+                        if (root_hash)
                                 return -EADDRNOTAVAIL;
 
                         /* If we didn't find a generic node, then we can't fix this up either */
@@ -844,7 +846,7 @@ int dissect_image(
                 }
         }
 
-        if (verity && verity->root_hash) {
+        if (root_hash) {
                 if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
                         return -EADDRNOTAVAIL;
 
@@ -1331,20 +1333,14 @@ static int decrypt_partition(
         return 0;
 }
 
-static int verity_can_reuse(
-                const VeritySettings *verity,
-                const char *name,
-                struct crypt_device **ret_cd) {
-
+static int verity_can_reuse(const void *root_hash, size_t root_hash_size, bool has_sig, const char *name, struct crypt_device **ret_cd) {
         /* If the same volume was already open, check that the root hashes match, and reuse it if they do */
         _cleanup_free_ char *root_hash_existing = NULL;
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
         struct crypt_params_verity crypt_params = {};
-        size_t root_hash_existing_size;
+        size_t root_hash_existing_size = root_hash_size;
         int r;
 
-        assert(verity);
-        assert(name);
         assert(ret_cd);
 
         r = sym_crypt_init_by_name(&cd, name);
@@ -1355,23 +1351,20 @@ static int verity_can_reuse(
         if (r < 0)
                 return log_debug_errno(r, "Error opening verity device, crypt_get_verity_info failed: %m");
 
-        root_hash_existing_size = verity->root_hash_size;
-        root_hash_existing = malloc0(root_hash_existing_size);
+        root_hash_existing = malloc0(root_hash_size);
         if (!root_hash_existing)
                 return -ENOMEM;
 
         r = sym_crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_existing, &root_hash_existing_size, NULL, 0);
         if (r < 0)
                 return log_debug_errno(r, "Error opening verity device, crypt_volume_key_get failed: %m");
-        if (verity->root_hash_size != root_hash_existing_size ||
-            memcmp(root_hash_existing, verity->root_hash, verity->root_hash_size) != 0)
+        if (root_hash_size != root_hash_existing_size || memcmp(root_hash_existing, root_hash, root_hash_size) != 0)
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Error opening verity device, it already exists but root hashes are different.");
-
 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-        /* Ensure that, if signatures are supported, we only reuse the device if the previous mount used the
-         * same settings, so that a previous unsigned mount will not be reused if the user asks to use
-         * signing for the new one, and viceversa. */
-        if (!!verity->root_hash_sig != !!(crypt_params.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE))
+        /* Ensure that, if signatures are supported, we only reuse the device if the previous mount
+         * used the same settings, so that a previous unsigned mount will not be reused if the user
+         * asks to use signing for the new one, and viceversa. */
+        if (has_sig != !!(crypt_params.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE))
                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Error opening verity device, it already exists but signature settings are not the same.");
 #endif
 
@@ -1391,24 +1384,29 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(char *, dm_deferred_remove_clean);
 static int verity_partition(
                 DissectedPartition *m,
                 DissectedPartition *v,
-                const VeritySettings *verity,
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *verity_data,
+                const char *root_hash_sig_path,
+                const void *root_hash_sig,
+                size_t root_hash_sig_size,
                 DissectImageFlags flags,
                 DecryptedImage *d) {
 
+        _cleanup_free_ char *node = NULL, *name = NULL, *hash_sig_from_file = NULL;
         _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
         _cleanup_(dm_deferred_remove_cleanp) char *restore_deferred_remove = NULL;
-        _cleanup_free_ char *node = NULL, *name = NULL;
         int r;
 
         assert(m);
-        assert(v || (verity && verity->data_path));
+        assert(v || verity_data);
 
-        if (!verity || !verity->root_hash)
+        if (!root_hash)
                 return 0;
 
         if (!m->found || !m->node || !m->fstype)
                 return 0;
-        if (!verity->data_path) {
+        if (!verity_data) {
                 if (!v->found || !v->node || !v->fstype)
                         return 0;
 
@@ -1424,7 +1422,7 @@ static int verity_partition(
                 /* Use the roothash, which is unique per volume, as the device node name, so that it can be reused */
                 _cleanup_free_ char *root_hash_encoded = NULL;
 
-                root_hash_encoded = hexmem(verity->root_hash, verity->root_hash_size);
+                root_hash_encoded = hexmem(root_hash, root_hash_size);
                 if (!root_hash_encoded)
 
                         return -ENOMEM;
@@ -1434,7 +1432,13 @@ static int verity_partition(
         if (r < 0)
                 return r;
 
-        r = sym_crypt_init(&cd, verity->data_path ?: v->node);
+        if (!root_hash_sig && root_hash_sig_path) {
+                r = read_full_file_full(AT_FDCWD, root_hash_sig_path, 0, &hash_sig_from_file, &root_hash_sig_size);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sym_crypt_init(&cd, verity_data ?: v->node);
         if (r < 0)
                 return r;
 
@@ -1455,33 +1459,20 @@ static int verity_partition(
          * In case of ENODEV/ENOENT, which can happen if another process is activating at the exact same time,
          * retry a few times before giving up. */
         for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) {
-                if (verity->root_hash_sig) {
+                if (root_hash_sig || hash_sig_from_file) {
 #if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
-                        r = sym_crypt_activate_by_signed_key(
-                                        cd,
-                                        name,
-                                        verity->root_hash,
-                                        verity->root_hash_size,
-                                        verity->root_hash_sig,
-                                        verity->root_hash_sig_size,
-                                        CRYPT_ACTIVATE_READONLY);
+                        r = sym_crypt_activate_by_signed_key(cd, name, root_hash, root_hash_size, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, CRYPT_ACTIVATE_READONLY);
 #else
                         r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()");
 #endif
                 } else
-                        r = sym_crypt_activate_by_volume_key(
-                                        cd,
-                                        name,
-                                        verity->root_hash,
-                                        verity->root_hash_size,
-                                        CRYPT_ACTIVATE_READONLY);
+                        r = sym_crypt_activate_by_volume_key(cd, name, root_hash, root_hash_size, CRYPT_ACTIVATE_READONLY);
                 /* libdevmapper can return EINVAL when the device is already in the activation stage.
                  * There's no way to distinguish this situation from a genuine error due to invalid
                  * parameters, so immediately fall back to activating the device with a unique name.
-                 * Improvements in libcrypsetup can ensure this never happens:
-                 * https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/96 */
+                 * Improvements in libcrypsetup can ensure this never happens: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/96 */
                 if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
-                        return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
+                        return verity_partition(m, v, root_hash, root_hash_size, verity_data, NULL, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
                 if (!IN_SET(r,
                             0, /* Success */
                             -EEXIST, /* Volume is already open and ready to be used */
@@ -1504,10 +1495,10 @@ static int verity_partition(
                                 }
                         }
 
-                        r = verity_can_reuse(verity, name, &existing_cd);
+                        r = verity_can_reuse(root_hash, root_hash_size, !!root_hash_sig || !!hash_sig_from_file, name, &existing_cd);
                         /* Same as above, -EINVAL can randomly happen when it actually means -EEXIST */
                         if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
-                                return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
+                                return verity_partition(m, v, root_hash, root_hash_size, verity_data, NULL, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
                         if (!IN_SET(r, 0, -ENODEV, -ENOENT, -EBUSY))
                                 return log_debug_errno(r, "Checking whether existing verity device %s can be reused failed: %m", node);
                         if (r == 0) {
@@ -1535,7 +1526,7 @@ static int verity_partition(
         /* An existing verity device was reported by libcryptsetup/libdevmapper, but we can't use it at this time.
          * Fall back to activating it with a unique device name. */
         if (r != 0 && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
-                return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
+                return verity_partition(m, v, root_hash, root_hash_size, verity_data, NULL, root_hash_sig ?: hash_sig_from_file, root_hash_sig_size, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
 
         /* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */
         restore_deferred_remove = mfree(restore_deferred_remove);
@@ -1553,7 +1544,12 @@ static int verity_partition(
 int dissected_image_decrypt(
                 DissectedImage *m,
                 const char *passphrase,
-                const VeritySettings *verity,
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *verity_data,
+                const char *root_hash_sig_path,
+                const void *root_hash_sig,
+                size_t root_hash_sig_size,
                 DissectImageFlags flags,
                 DecryptedImage **ret) {
 
@@ -1563,7 +1559,7 @@ int dissected_image_decrypt(
 #endif
 
         assert(m);
-        assert(!verity || verity->root_hash || verity->root_hash_size == 0);
+        assert(root_hash || root_hash_size == 0);
 
         /* Returns:
          *
@@ -1573,7 +1569,7 @@ int dissected_image_decrypt(
          *      -EKEYREJECTED → Passed key was not correct
          */
 
-        if (verity && verity->root_hash && verity->root_hash_size < sizeof(sd_id128_t))
+        if (root_hash && root_hash_size < sizeof(sd_id128_t))
                 return -EINVAL;
 
         if (!m->encrypted && !m->verity) {
@@ -1599,7 +1595,7 @@ int dissected_image_decrypt(
 
                 k = PARTITION_VERITY_OF(i);
                 if (k >= 0) {
-                        r = verity_partition(p, m->partitions + k, verity, flags | DISSECT_IMAGE_VERITY_SHARE, d);
+                        r = verity_partition(p, m->partitions + k, root_hash, root_hash_size, verity_data, root_hash_sig_path, root_hash_sig, root_hash_sig_size, flags | DISSECT_IMAGE_VERITY_SHARE, d);
                         if (r < 0)
                                 return r;
                 }
@@ -1622,7 +1618,12 @@ int dissected_image_decrypt(
 int dissected_image_decrypt_interactively(
                 DissectedImage *m,
                 const char *passphrase,
-                const VeritySettings *verity,
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *verity_data,
+                const char *root_hash_sig_path,
+                const void *root_hash_sig,
+                size_t root_hash_sig_size,
                 DissectImageFlags flags,
                 DecryptedImage **ret) {
 
@@ -1633,7 +1634,7 @@ int dissected_image_decrypt_interactively(
                 n--;
 
         for (;;) {
-                r = dissected_image_decrypt(m, passphrase, verity, flags, ret);
+                r = dissected_image_decrypt(m, passphrase, root_hash, root_hash_size, verity_data, root_hash_sig_path, root_hash_sig, root_hash_sig_size, flags, ret);
                 if (r >= 0)
                         return r;
                 if (r == -EKEYREJECTED)
@@ -1685,138 +1686,126 @@ int decrypted_image_relinquish(DecryptedImage *d) {
         return 0;
 }
 
-static char *build_auxiliary_path(const char *image, const char *suffix) {
-        const char *e;
-        char *n;
-
-        assert(image);
-        assert(suffix);
-
-        e = endswith(image, ".raw");
-        if (!e)
-                return strjoin(e, suffix);
-
-        n = new(char, e - image + strlen(suffix) + 1);
-        if (!n)
-                return NULL;
-
-        strcpy(mempcpy(n, image, e - image), suffix);
-        return n;
-}
-
-void verity_settings_done(VeritySettings *v) {
-        assert(v);
-
-        v->root_hash = mfree(v->root_hash);
-        v->root_hash_size = 0;
-
-        v->root_hash_sig = mfree(v->root_hash_sig);
-        v->root_hash_sig_size = 0;
-
-        v->data_path = mfree(v->data_path);
-}
-
-int verity_settings_load(
-                VeritySettings *verity,
+int verity_metadata_load(
                 const char *image,
                 const char *root_hash_path,
-                const char *root_hash_sig_path) {
+                void **ret_roothash,
+                size_t *ret_roothash_size,
+                char **ret_verity_data,
+                char **ret_roothashsig) {
 
-        _cleanup_free_ void *root_hash = NULL, *root_hash_sig = NULL;
-        size_t root_hash_size = 0, root_hash_sig_size = 0;
-        _cleanup_free_ char *verity_data_path = NULL;
+        _cleanup_free_ char *verity_filename = NULL, *roothashsig_filename = NULL;
+        _cleanup_free_ void *roothash_decoded = NULL;
+        size_t roothash_decoded_size = 0;
         int r;
 
-        assert(verity);
         assert(image);
 
-        /* If we are asked to load the root hash for a device node, exit early */
-        if (is_device_path(image))
+        if (is_device_path(image)) {
+                /* If we are asked to load the root hash for a device node, exit early */
+                if (ret_roothash)
+                        *ret_roothash = NULL;
+                if (ret_roothash_size)
+                        *ret_roothash_size = 0;
+                if (ret_verity_data)
+                        *ret_verity_data = NULL;
+                if (ret_roothashsig)
+                        *ret_roothashsig = NULL;
                 return 0;
+        }
 
-        /* We only fill in what isn't already filled in */
+        if (ret_verity_data) {
+                char *e;
 
-        if (!verity->root_hash) {
+                verity_filename = new(char, strlen(image) + STRLEN(".verity") + 1);
+                if (!verity_filename)
+                        return -ENOMEM;
+                strcpy(verity_filename, image);
+                e = endswith(verity_filename, ".raw");
+                if (e)
+                        strcpy(e, ".verity");
+                else
+                        strcat(verity_filename, ".verity");
+
+                r = access(verity_filename, F_OK);
+                if (r < 0) {
+                        if (errno != ENOENT)
+                                return -errno;
+                        verity_filename = mfree(verity_filename);
+                }
+        }
+
+        if (ret_roothashsig) {
+                char *e;
+
+                /* Follow naming convention recommended by the relevant RFC:
+                 * https://tools.ietf.org/html/rfc5751#section-3.2.1 */
+                roothashsig_filename = new(char, strlen(image) + STRLEN(".roothash.p7s") + 1);
+                if (!roothashsig_filename)
+                        return -ENOMEM;
+                strcpy(roothashsig_filename, image);
+                e = endswith(roothashsig_filename, ".raw");
+                if (e)
+                        strcpy(e, ".roothash.p7s");
+                else
+                        strcat(roothashsig_filename, ".roothash.p7s");
+
+                r = access(roothashsig_filename, R_OK);
+                if (r < 0) {
+                        if (errno != ENOENT)
+                                return -errno;
+                        roothashsig_filename = mfree(roothashsig_filename);
+                }
+        }
+
+        if (ret_roothash) {
                 _cleanup_free_ char *text = NULL;
+                assert(ret_roothash_size);
 
                 if (root_hash_path) {
+                        /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
                         r = read_one_line_file(root_hash_path, &text);
                         if (r < 0)
                                 return r;
                 } else {
                         r = getxattr_malloc(image, "user.verity.roothash", &text, true);
                         if (r < 0) {
-                                _cleanup_free_ char *p = NULL;
+                                char *fn, *e, *n;
 
-                                if (!IN_SET(r, -ENODATA, -ENOENT) && !ERRNO_IS_NOT_SUPPORTED(r))
+                                if (!IN_SET(r, -ENODATA, -EOPNOTSUPP, -ENOENT))
                                         return r;
 
-                                p = build_auxiliary_path(image, ".roothash");
-                                if (!p)
-                                        return -ENOMEM;
+                                fn = newa(char, strlen(image) + STRLEN(".roothash") + 1);
+                                n = stpcpy(fn, image);
+                                e = endswith(fn, ".raw");
+                                if (e)
+                                        n = e;
 
-                                r = read_one_line_file(p, &text);
+                                strcpy(n, ".roothash");
+
+                                r = read_one_line_file(fn, &text);
                                 if (r < 0 && r != -ENOENT)
                                         return r;
                         }
                 }
 
                 if (text) {
-                        r = unhexmem(text, strlen(text), &root_hash, &root_hash_size);
+                        r = unhexmem(text, strlen(text), &roothash_decoded, &roothash_decoded_size);
                         if (r < 0)
                                 return r;
-                        if (root_hash_size < sizeof(sd_id128_t))
+                        if (roothash_decoded_size < sizeof(sd_id128_t))
                                 return -EINVAL;
                 }
         }
 
-        if (!verity->root_hash_sig) {
-                _cleanup_free_ char *p = NULL;
-
-                if (!root_hash_sig_path) {
-                        /* Follow naming convention recommended by the relevant RFC:
-                         * https://tools.ietf.org/html/rfc5751#section-3.2.1 */
-                        p = build_auxiliary_path(image, ".roothash.p7s");
-                        if (!p)
-                                return -ENOMEM;
-
-                        root_hash_sig_path = p;
-                }
-
-                r = read_full_file_full(AT_FDCWD, root_hash_sig_path, 0, (char**) &root_hash_sig, &root_hash_sig_size);
-                if (r < 0) {
-                        if (r != -ENOENT)
-                                return r;
-                } else if (root_hash_sig_size == 0) /* refuse empty size signatures */
-                        return -EINVAL;
+        if (ret_roothash) {
+                *ret_roothash = TAKE_PTR(roothash_decoded);
+                *ret_roothash_size = roothash_decoded_size;
         }
-
-        if (!verity->data_path) {
-                _cleanup_free_ char *p = NULL;
-
-                p = build_auxiliary_path(image, ".verity");
-                if (!p)
-                        return -ENOMEM;
-
-                if (access(p, F_OK) < 0) {
-                        if (errno != ENOENT)
-                                return -errno;
-                } else
-                        verity_data_path = TAKE_PTR(p);
-        }
-
-        if (root_hash) {
-                verity->root_hash = TAKE_PTR(root_hash);
-                verity->root_hash_size = root_hash_size;
-        }
-
-        if (root_hash_sig) {
-                verity->root_hash_sig = TAKE_PTR(root_hash_sig);
-                verity->root_hash_sig_size = root_hash_sig_size;
-        }
-
-        if (verity_data_path)
-                verity->data_path = TAKE_PTR(verity_data_path);
+        if (ret_verity_data)
+                *ret_verity_data = TAKE_PTR(verity_filename);
+        if (roothashsig_filename)
+                *ret_roothashsig = TAKE_PTR(roothashsig_filename);
 
         return 1;
 }
@@ -1999,7 +1988,9 @@ finish:
 int dissect_image_and_warn(
                 int fd,
                 const char *name,
-                const VeritySettings *verity,
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *verity_data,
                 const MountOptions *mount_options,
                 DissectImageFlags flags,
                 DissectedImage **ret) {
@@ -2015,7 +2006,7 @@ int dissect_image_and_warn(
                 name = buffer;
         }
 
-        r = dissect_image(fd, verity, mount_options, flags, ret);
+        r = dissect_image(fd, root_hash, root_hash_size, verity_data, mount_options, flags, ret);
 
         switch (r) {
 
@@ -2119,11 +2110,11 @@ int mount_image_privately_interactively(
         if (r < 0)
                 return log_error_errno(r, "Failed to set up loopback device: %m");
 
-        r = dissect_image_and_warn(d->fd, image, NULL, NULL, flags, &dissected_image);
+        r = dissect_image_and_warn(d->fd, image, NULL, 0, NULL, NULL, flags, &dissected_image);
         if (r < 0)
                 return r;
 
-        r = dissected_image_decrypt_interactively(dissected_image, NULL, NULL, flags, &decrypted_image);
+        r = dissected_image_decrypt_interactively(dissected_image, NULL, NULL, 0, NULL, NULL, NULL, 0, flags, &decrypted_image);
         if (r < 0)
                 return r;
 

src/shared/dissect-image.h

@@ -13,7 +13,6 @@ typedef struct DissectedImage DissectedImage;
 typedef struct DissectedPartition DissectedPartition;
 typedef struct DecryptedImage DecryptedImage;
 typedef struct MountOptions MountOptions;
-typedef struct VeritySettings VeritySettings;
 
 struct DissectedPartition {
         bool found:1;
@@ -93,32 +92,19 @@ struct MountOptions {
         LIST_FIELDS(MountOptions, mount_options);
 };
 
-struct VeritySettings {
-        /* Binary root hash for the Verity Merkle tree */
-        void *root_hash;
-        size_t root_hash_size;
-
-        /* PKCS#7 signature of the above */
-        void *root_hash_sig;
-        size_t root_hash_sig_size;
-
-        /* Path to the verity data file, if stored externally */
-        char *data_path;
-};
-
 MountOptions* mount_options_free_all(MountOptions *options);
 DEFINE_TRIVIAL_CLEANUP_FUNC(MountOptions*, mount_options_free_all);
 const char* mount_options_from_designator(const MountOptions *options, PartitionDesignator designator);
 
 int probe_filesystem(const char *node, char **ret_fstype);
-int dissect_image(int fd, const VeritySettings *verity, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
-int dissect_image_and_warn(int fd, const char *name, const VeritySettings *verity, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
+int dissect_image(int fd, const void *root_hash, size_t root_hash_size, const char *verity_data, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
+int dissect_image_and_warn(int fd, const char *name, const void *root_hash, size_t root_hash_size, const char *verity_data, const MountOptions *mount_options, DissectImageFlags flags, DissectedImage **ret);
 
 DissectedImage* dissected_image_unref(DissectedImage *m);
 DEFINE_TRIVIAL_CLEANUP_FUNC(DissectedImage*, dissected_image_unref);
 
-int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags, DecryptedImage **ret);
-int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const VeritySettings *verity, DissectImageFlags flags, DecryptedImage **ret);
+int dissected_image_decrypt(DissectedImage *m, const char *passphrase, const void *root_hash, size_t root_hash_size, const char *verity_data, const char *root_hash_sig_path, const void *root_hash_sig, size_t root_hash_sig_size, DissectImageFlags flags, DecryptedImage **ret);
+int dissected_image_decrypt_interactively(DissectedImage *m, const char *passphrase, const void *root_hash, size_t root_hash_size, const char *verity_data, const char *root_hash_sig_path, const void *root_hash_sig, size_t root_hash_sig_size, DissectImageFlags flags, DecryptedImage **ret);
 int dissected_image_mount(DissectedImage *m, const char *dest, uid_t uid_shift, DissectImageFlags flags);
 int dissected_image_mount_and_warn(DissectedImage *m, const char *where, uid_t uid_shift, DissectImageFlags flags);
 
@@ -131,9 +117,7 @@ int decrypted_image_relinquish(DecryptedImage *d);
 const char* partition_designator_to_string(PartitionDesignator d) _const_;
 PartitionDesignator partition_designator_from_string(const char *name) _pure_;
 
-int verity_settings_load(VeritySettings *verity, const char *image, const char *root_hash_path, const char *root_hash_sig_path);
-void verity_settings_done(VeritySettings *verity);
-
+int verity_metadata_load(const char *image, const char *root_hash_path, void **ret_roothash, size_t *ret_roothash_size, char **ret_verity_data, char **ret_roothashsig);
 bool dissected_image_can_do_verity(const DissectedImage *image, PartitionDesignator d);
 bool dissected_image_has_verity(const DissectedImage *image, PartitionDesignator d);
 

src/shared/machine-image.c

@@ -1171,7 +1171,7 @@ int image_read_metadata(Image *i) {
                 if (r < 0)
                         return r;
 
-                r = dissect_image(d->fd, NULL, NULL, DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
+                r = dissect_image(d->fd, NULL, 0, NULL, NULL, DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_RELAX_VAR_CHECK, &m);
                 if (r < 0)
                         return r;
 

src/udev/udev-builtin-input_id.c

@@ -154,20 +154,17 @@ static bool test_pointers(sd_device *dev,
         bool has_rel_coordinates = false;
         bool has_mt_coordinates = false;
         bool has_joystick_axes_or_buttons = false;
-        bool has_pad_buttons = false;
         bool is_direct = false;
         bool has_touch = false;
         bool has_3d_coordinates = false;
         bool has_keys = false;
-        bool has_stylus = false;
-        bool has_pen = false;
+        bool stylus_or_pen = false;
         bool finger_but_no_pen = false;
         bool has_mouse_button = false;
         bool is_mouse = false;
         bool is_touchpad = false;
         bool is_touchscreen = false;
         bool is_tablet = false;
-        bool is_tablet_pad = false;
         bool is_joystick = false;
         bool is_accelerometer = false;
         bool is_pointing_stick = false;
@@ -186,8 +183,7 @@ static bool test_pointers(sd_device *dev,
         }
 
         is_pointing_stick = test_bit(INPUT_PROP_POINTING_STICK, bitmask_props);
-        has_stylus = test_bit(BTN_STYLUS, bitmask_key);
-        has_pen = test_bit(BTN_TOOL_PEN, bitmask_key);
+        stylus_or_pen = test_bit(BTN_STYLUS, bitmask_key) || test_bit(BTN_TOOL_PEN, bitmask_key);
         finger_but_no_pen = test_bit(BTN_TOOL_FINGER, bitmask_key) && !test_bit(BTN_TOOL_PEN, bitmask_key);
         for (button = BTN_MOUSE; button < BTN_JOYSTICK && !has_mouse_button; button++)
                 has_mouse_button = test_bit(button, bitmask_key);
@@ -199,7 +195,6 @@ static bool test_pointers(sd_device *dev,
                 has_mt_coordinates = false;
         is_direct = test_bit(INPUT_PROP_DIRECT, bitmask_props);
         has_touch = test_bit(BTN_TOUCH, bitmask_key);
-        has_pad_buttons = test_bit(BTN_0, bitmask_key) && has_stylus && !has_pen;
 
         /* joysticks don't necessarily have buttons; e. g.
          * rudders/pedals are joystick-like, but buttonless; they have
@@ -221,7 +216,7 @@ static bool test_pointers(sd_device *dev,
                 has_joystick_axes_or_buttons = test_bit(axis, bitmask_abs);
 
         if (has_abs_coordinates) {
-                if (has_stylus || has_pen)
+                if (stylus_or_pen)
                         is_tablet = true;
                 else if (finger_but_no_pen && !is_direct)
                         is_touchpad = true;
@@ -237,7 +232,7 @@ static bool test_pointers(sd_device *dev,
                 is_joystick = true;
 
         if (has_mt_coordinates) {
-                if (has_stylus || has_pen)
+                if (stylus_or_pen)
                         is_tablet = true;
                 else if (finger_but_no_pen && !is_direct)
                         is_touchpad = true;
@@ -245,9 +240,6 @@ static bool test_pointers(sd_device *dev,
                         is_touchscreen = true;
         }
 
-        if (is_tablet && has_pad_buttons)
-                is_tablet_pad = true;
-
         if (!is_tablet && !is_touchpad && !is_joystick &&
             has_mouse_button &&
             (has_rel_coordinates ||
@@ -270,8 +262,6 @@ static bool test_pointers(sd_device *dev,
                 udev_builtin_add_property(dev, test, "ID_INPUT_JOYSTICK", "1");
         if (is_tablet)
                 udev_builtin_add_property(dev, test, "ID_INPUT_TABLET", "1");
-        if (is_tablet_pad)
-                udev_builtin_add_property(dev, test, "ID_INPUT_TABLET_PAD", "1");
 
         return is_tablet || is_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick;
 }

test/fuzz/fuzz-netdev-parser/directives.netdev

@@ -116,7 +116,6 @@ PortRange=
 UDPChecksum=
 UDP6ZeroCheckSumTx=
 IPDoNotFragment=
-Independent=
 [VXCAN]
 Peer=
 [Bond]
@@ -216,6 +215,3 @@ Activate=
 [Xfrm]
 Independent=
 InterfaceId=
-[BareUDP]
-DestinationPort=
-EtherType=

test/test-network/conf/25-bareudp.netdev

@@ -1,7 +0,0 @@
-[NetDev]
-Kind=bareudp
-Name=bareudp99
-
-[BareUDP]
-DestinationPort=1000
-EtherType=ipv4

test/test-network/conf/25-vxlan-independent.netdev

@@ -1,17 +0,0 @@
-[NetDev]
-Name=vxlan98
-Kind=vxlan
-
-[VXLAN]
-VNI=1000
-L2MissNotification=true
-L3MissNotification=true
-RouteShortCircuit=true
-UDPChecksum=true
-UDP6ZeroChecksumTx=true
-UDP6ZeroChecksumRx=true
-RemoteChecksumTx=true
-RemoteChecksumRx=true
-GroupPolicyExtension=true
-DestinationPort=5556
-Independent=yes

test/test-network/conf/netdev-link-local-addressing-yes.network

@@ -1,5 +1,4 @@
 [Match]
-Name=bareudp99
 Name=ipvlan99
 Name=ipvtap99
 Name=macvlan99
@@ -15,7 +14,6 @@ Name=ifb99
 Name=ipiptun99
 Name=nlmon99
 Name=xfrm99
-Name=vxlan98
 Name=hogehogehogehogehogehoge
 
 [Network]

test/test-network/systemd-networkd-tests.py

@@ -732,7 +732,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
 
     links = [
         '6rdtun99',
-        'bareudp99',
         'bond99',
         'bridge99',
         'dropin-test',
@@ -786,7 +785,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         'vtitun98',
         'vtitun99',
         'vxcan99',
-        'vxlan98',
         'vxlan99',
         'wg97',
         'wg98',
@@ -807,7 +805,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         '21-vlan.netdev',
         '21-vlan.network',
         '25-6rd-tunnel.netdev',
-        '25-bareudp.netdev',
         '25-bond.netdev',
         '25-bond-balanced-tlb.netdev',
         '25-bridge.netdev',
@@ -873,7 +870,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         '25-vti-tunnel-remote-any.netdev',
         '25-vti-tunnel.netdev',
         '25-vxcan.netdev',
-        '25-vxlan-independent.netdev',
         '25-vxlan.netdev',
         '25-wireguard-23-peers.netdev',
         '25-wireguard-23-peers.network',
@@ -954,18 +950,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         self.wait_operstate('bridge99', '(off|no-carrier)', setup_state='configuring')
         self.wait_operstate('test1', 'degraded')
 
-    @expectedFailureIfModuleIsNotAvailable('bareudp')
-    def test_bareudp(self):
-        copy_unit_to_networkd_unit_path('25-bareudp.netdev', 'netdev-link-local-addressing-yes.network')
-        start_networkd()
-
-        self.wait_online(['bareudp99:degraded'])
-
-        output = check_output('ip -d link show bareudp99')
-        print(output)
-        self.assertRegex(output, 'dstport 1000 ')
-        self.assertRegex(output, 'ethertype ip ')
-
     def test_bridge(self):
         copy_unit_to_networkd_unit_path('25-bridge.netdev', '25-bridge-configure-without-carrier.network')
         start_networkd()
@@ -1532,11 +1516,10 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
 
     def test_vxlan(self):
         copy_unit_to_networkd_unit_path('25-vxlan.netdev', 'vxlan.network',
-                                        '25-vxlan-independent.netdev', 'netdev-link-local-addressing-yes.network',
                                         '11-dummy.netdev', 'vxlan-test1.network')
         start_networkd()
 
-        self.wait_online(['test1:degraded', 'vxlan99:degraded', 'vxlan98:degraded'])
+        self.wait_online(['test1:degraded', 'vxlan99:degraded'])
 
         output = check_output('ip -d link show vxlan99')
         print(output)
@@ -1563,9 +1546,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         self.assertRegex(output, 'Destination Port: 5555')
         self.assertRegex(output, 'Underlying Device: test1')
 
-        output = check_output('ip -d link show vxlan98')
-        print(output)
-
     def test_macsec(self):
         copy_unit_to_networkd_unit_path('25-macsec.netdev', '25-macsec.network', '25-macsec.key',
                                         'macsec.network', '12-dummy.netdev')