uki.conf is used by the ukify tool to create an Unified Kernel Image. It

would make sense to install it only if ukify is wanted.

NEWS

@@ -86,9 +86,10 @@ CHANGES WITH 258 in spe:
           keyboard mapping hardware database (hwdb.d/60-keyboard.hwdb) so far
           mapped the microphone mute and touchpad on/off/toggle keys to the
           function keys F20, F21, F22, F23 instead of their correct key codes.
-          This key code mangling has been removed.
+          This key code mangling has been removed from udev.
+
           To maintain compatibility with X11 applications that rely on the old
-          function key code mappings, this mangling has now been moved to the
+          function key code mappings, this mangling has now been added to the
           relevant X11 keyboard driver modules. In order to ensure these keys
           continue to work, update to xf86-input-evdev >= 2.11.0 and
           xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.
@@ -550,8 +551,8 @@ CHANGES WITH 258 in spe:
         * The generic "io.systemd.service" Varlink service that various of our
           long-running services implement, gained a new GetEnvironment() call
           that returns the current environment block of the service's main
-          process. In addition, this service interface has been implemented in many
+          process. In addition, this service interface has been implemented in
-          more long-running services.
+          many more long-running services.
 
         * A new sd-varlink call sd_varlink_get_description() has been added
           that returns the string previously set via
@@ -635,15 +636,15 @@ CHANGES WITH 258 in spe:
 
         * resolved.conf gained a new setting RefuseRecordTypes= which takes a
           list of RR types for which to refuse lookup attempts. This may be
-          used to for example block A or AAAA lookups on IPv4 or IPv6 only
+          used to for example block A or AAAA lookups on IPv4- or IPv6-only
           hosts.
 
         * A new DNS "delegate zone" concept has been introduced, which are
           additional lookup scopes (on top of the existing per-interface and
           the one global scope so far supported in resolved), which carry one
           or more DNS server addresses and a DNS search/routing domain. It
-          allows routing requests to specific domains to specific
+          allows routing requests to specific domains to specific servers.
-          servers. Delegate zones can be configured via drop-ins below
+          Delegate zones can be configured via drop-ins below
           /etc/systemd/dns-delegate.d/*.dns-delegate.
 
         * "resolvectl query -t sshfp" will now decode the returned RR
@@ -706,13 +707,13 @@ CHANGES WITH 258 in spe:
           variables can be forced now in environments where we'd previously
           automatically turn this off (e.g. in choot() contexts).
 
-        * systemd-stub learnt support for a couple of "extension" CHIDs, that
+        * systemd-stub gained support for a couple of "extension" CHIDs, that
           are not part of the Microsoft's original spec, and which include EDID
           display identification information in the hash. This may be used to
           match Devicetree blobs in UKIs. "systemd-analyze chid" has been
           updated to support these extension CHIDs, too. (They are clearly
           marked as extensions CHIDs, to emphasize they are systemd's own
-          invention, and not based on the Windows CHID spec)
+          invention, and not based on the Windows CHID spec.)
 
         * systemd-boot's loader.conf configuration file gained a new
           secure-boot-enroll-action setting which controls the action to take
@@ -782,11 +783,11 @@ CHANGES WITH 258 in spe:
           systemd-nsresourced, even if run privileged.
 
         * If systemd-nspawn is used interactively, two new special key
-          sequences can be entered to trigger an immediate clean shutdown or
+          sequences can be used to trigger an immediate clean shutdown or
-          reboot of the container (under the assumption it runs systemd as PID
+          reboot of the container with systemd running as PID 1: '^]^]p' for
-          1): ^]^]p will shutdown and ^]^]r will reboot. This is in addition to
+          shutdown and '^]^]r' for reboot. This is in addition to the
-          the previously supported ^]^]^] which will immediately shut it down,
+          previously supported '^]^]^]' which triggers immediate shutdown
-          without going through the clean shutdown logic.
+          without going through the usual shutdown logic.
 
         * systemd-nspawn will now invoke the TTY password agent if invoked
           interactively and without privileges. This makes sure unprivileged
@@ -889,26 +890,27 @@ CHANGES WITH 258 in spe:
           filtering by UID/GID min/max, fuzzy name matching and user
           disposition. Previously this was supported by the userdbctl
           client-side only. With this, userdb providers may now optionally
-          implement this server side too in order to optimize the lookups.
+          implement this server-side too in order to optimize the lookups.
 
         * User records now support a concept of home "areas",
           i.e. subdirectories of the primary $HOME directory that a user can
           log into. This is useful to maintain separate development
           environments or configuration contexts, but within the ownership of
           the same user. Support for this is implemented in systemd-homed, but
-          is conceptually open to other backends, too. New home areas can be
+          is conceptually open to other backends, too.
-          created via "mkdir -p ~/Areas/ && cp /etc/skel ~/Areas/foo", or
+
-          removed by "rm -rf ~/Areas/foo". Whenever prompted for login and a
+          New home areas can be created via "mkdir -p ~/Areas/ && cp /etc/skel
-          user name is requested, it is possible to enter a username suffixed
+          ~/Areas/foo", or removed by "rm -rf ~/Areas/foo". Whenever prompted
-          by "%" and the area name in order to log into the specified area of
+          for login and a user name is requested, it is possible to enter a
-          the user. (e.g. "bar%foo"). Effectively this ensures that $HOME and
+          username suffixed by "%" and the area name in order to log into the
-          $XDG_RUNTIME_DIR include the area choice after login. Note that at
+          specified area of the user. (e.g. "bar%foo"). Effectively this
-          this moment it's not possible to log into a fully graphical session
+          ensures that $HOME and $XDG_RUNTIME_DIR include the area choice after
-          with this, since we'd have to start a per-area user service manager
+          login. Note that at this moment it's not possible to log into a full
-          for that, and we currently do not do this. But we hope to provide
+          graphical session with this, since we'd have to start a per-area user
-          this in one of the next releases. In order to implement all this user
+          service manager for that, and we currently do not do this. But we
-          records gained a new "defaultArea" field, which is configurable with
+          hope to provide this in one of the next releases. In order to
-          homectl's --default-area= switch.
+          implement all this user records gained a new "defaultArea" field,
+          which is configurable with homectl's --default-area= switch.
 
         * An explicit MIME type application/x.systemd-home is now used for all
           LUKS *.home files managed by systemd.
@@ -1039,25 +1041,24 @@ CHANGES WITH 258 in spe:
         * There's now a per-user counterpart of /var/lib/machines/ defined as
           ~/.local/state/machines/. Various tools such as systemd-nspawn +
           systemd-vmspawn now will search this directory when looking for a
-          disk image, when invoked in unprivileged user
+          disk image, when invoked in unprivileged user context.
-          context. systemd-dissect's --discover command may now be combined
+          systemd-dissect's --discover command may now be combined with --user
-          with --user or --system to choose in which of the directory scopes to
+          or --system to choose in which of the directory scopes to look for
-          look for images.
+          images.
 
         * systemd-dissect gained a new --all switch. If specified the tool will
           not just discover DDIs (i.e. disk images) but also images stored in
           regular directories.
 
         * systemd-dissect gained a new "--shift" switch for recursively
-          re-chown()ing a directory tree from one set of UID/GIDs to
+          re-chown()ing a directory tree from one set of UID/GIDs to another.
-          another. This may be used to shift a tree from the base-0-UID range
+          This may be used to shift a tree from the base-0-UID range to the
-          to the foreign UID range or back.
+          foreign UID range or back.
 
-        * systemd-dissect gained a new --usr-hash= option (and
+        * systemd-dissect gained new --usr-hash= and --usr-hash-sig= options,
-          --usr-hash-sig=), that is what the existing --root-hash= switch does
+          that are similar to the existing --root-hash=/--root-hash-sig=
-          (and --root-hash-sig=), but for the /usr/ partition. Or in other words,
+          options, but for the /usr/ partition. This allows the root hash of
-          it allows specifying the root hash of the /usr/ Verity volume, and
+          the /usr/ Verity volume and its signature to be specified.
-          possible its signature.
 
         * When dissecting/mounting a DDI disk image, and no Verity root hash or
           signature is provided, suitable values are now automatically
@@ -1162,8 +1163,8 @@ CHANGES WITH 258 in spe:
         * systemd-repart gained a new switch --append-fstab= for controlling
           how to write or append automatically generated /etc/fstab entries.
 
-        * `CopyFiles=` lines can now contain an `fsverity=copy` flag to
+        * CopyFiles= lines can now contain an "fsverity=copy" flag to preserve
-          preserve the fs-verity status of the source files when populating the
+          the fs-verity status of the source files when populating the
           filesystem.
 
         * systemd-repart has been updated to automatically generate the
@@ -2962,9 +2963,9 @@ CHANGES WITH 256:
           controlled via the --register= switch.
 
         * machinectl's start command (and related) can now invoke images either
-          as containers via `systemd-nspawn` (switch is --runner=nspawn, the
+          as containers via systemd-nspawn (specified as '--runner=nspawn', the
-          default) or as VMs via `systemd-vmspawn` (switch is --runner=vmspawn,
+          default) or as VMs via systemd-vmspawn (specified as
-          or short -V).
+          '--runner=vmspawn' or '-V').
 
         * systemd-vmspawn now supports two switches --pass-ssh-key= and
           --ssh-key-type= to optionally set up transient SSH keys to pass to the
@@ -3870,7 +3871,7 @@ CHANGES WITH 255:
           sd_id128_get_machine_app_specific() and
           sd_id128_get_boot_app_specific() but takes the ID to base calculation
           on as input. This new functionality is also exposed in the
-          "systemd-id128" tool where you can now combine --app= with `show`.
+          systemd-id128 tool where you can now combine --app= with 'show'.
 
         * All tools that parse timestamps now can also parse RFC3339 style
           timestamps that include the "T" and Z" characters.
@@ -6177,7 +6178,7 @@ CHANGES WITH 251:
           compatibility reasons, but nonetheless apparently commonplace). Note
           that this mapping is mapped 1:1 in a pass-through fashion, i.e. the
           UID assignments from the range are not managed or mapped by
-          `systemd-homed`, and must be managed with other mechanisms, in the
+          systemd-homed, and must be managed with other mechanisms, in the
           context of the local system.
 
           Typically, a better approach to user namespacing in relevant
@@ -6322,15 +6323,15 @@ CHANGES WITH 251:
         * PID 1 will now automatically pick up system credentials from qemu's
           fw_cfg interface, thus allowing passing arbitrary data into VM
           systems similar to how this is already supported for passing them
-          into `systemd-nspawn` containers. Credentials may now also be passed
+          into systemd-nspawn containers. Credentials may now also be passed in
-          in via the new kernel command line option `systemd.set_credential=`
+          via the new kernel command line option "systemd.set_credential="
           (note that kernel command line options are world-readable during
           runtime, and only useful for credentials that require no
           confidentiality). The credentials that can be passed to unified
-          kernels that use the `systemd-stub` UEFI stub are now similarly
+          kernels that use the systemd-stub UEFI stub are now similarly
           picked up automatically. Automatic importing of system credentials
           this way can be turned off via the new
-          `systemd.import_credentials=no` kernel command line option.
+          "systemd.import_credentials=no" kernel command line option.
 
         * LoadCredential= will now automatically look for credentials in the
           /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if
@@ -10839,7 +10840,7 @@ CHANGES WITH 242:
 
           Hint: the log output from udev (at debug level) was enhanced to
           clarify what policy is followed and which attributes are used.
-          `SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
+          'SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>'
           may be used to view this.
 
           Hint: if a bridge interface is created without any slaves, and gains
@@ -10869,7 +10870,7 @@ CHANGES WITH 242:
           configured with PIDFile= for processes of that service.
 
         * The fallback DNS server list was augmented with Cloudflare public DNS
-          servers. Use `-Ddns-servers=` to set a different fallback.
+          servers. Use '-Ddns-servers=' to set a different fallback.
 
         * A new special target usb-gadget.target will be started automatically
           when a USB Device Controller is detected (which means that the system
@@ -11005,7 +11006,7 @@ CHANGES WITH 242:
           system tree, --console=/--pipe may be used to configure how standard
           input, output, and error are set up.
 
-        * busctl learned the `emit` verb to generate D-Bus signals.
+        * busctl learned the 'emit' verb to generate D-Bus signals.
 
         * systemd-analyze cat-config may be used to gather and display
           configuration spread over multiple files, for example system and user
@@ -11056,14 +11057,14 @@ CHANGES WITH 242:
           This makes it easier to use kernel-install with plugins which support
           a different layout of the bootloader partitions (for example grub2).
 
-        * During package installation (with `ninja install`), we would create
+        * During package installation (with 'ninja install'), we would create
           symlinks for getty@tty1.service, systemd-networkd.service,
           systemd-networkd.socket, systemd-resolved.service,
           remote-cryptsetup.target, remote-fs.target,
           systemd-networkd-wait-online.service, and systemd-timesyncd.service
-          in /etc, as if `systemctl enable` was called for those units, to make
+          in /etc, as if 'systemctl enable' was called for those units, to make
           the system usable immediately after installation. Now this is not
-          done anymore, and instead calling `systemctl preset-all` is
+          done anymore, and instead calling 'systemctl preset-all' is
           recommended after the first installation of systemd.
 
         * A new boolean sandboxing option RestrictSUIDSGID= has been added that
@@ -11827,11 +11828,12 @@ CHANGES WITH 239:
           "systemd-resolve" user on such systems, so that nss-ldap won't be
           triggered; or use a different NSS package that doesn't do networking
           in-process but provides a local asynchronous name cache; or configure
-          the NSS package to avoid lookups for UIDs in the range `pkg-config
+          the NSS package to avoid lookups for UIDs in the range between the
-          systemd --variable=dynamicuidmin` … `pkg-config systemd
+          values returned by the commands
-          --variable=dynamicuidmax`, so that it does not consider itself
+          'pkg-config systemd --variable=dynamicuidmin' and
-          authoritative for the same UID range systemd allocates dynamic users
+          'pkg-config systemd --variable=dynamicuidmax', so that it does not
-          from.
+          consider itself authoritative for the same UID range systemd
+          allocates dynamic users from.
 
         * The systemd-resolve tool has been renamed to resolvectl (it also
           remains available under the old name, for compatibility), and its

man/kernel-install.xml

@@ -321,6 +321,23 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>--entry-type=type1|type2|all</option></term>
+
+        <listitem>
+          <para>
+            Controls the type of entries handled by the command. This is typically useful when multiple types
+            of boot entries with the same kernel version are installed, and only one should be removed. When
+            <literal>type1</literal> or <literal>type2</literal> is specified, each plugin is invoked with
+            <varname>$KERNEL_INSTALL_BOOT_ENTRY_TYPE</varname> environment variable with the specified
+            value. When <literal>all</literal> is specified, the environment variable will not be set.
+            Defaults to <literal>all</literal>.
+          </para>
+
+          <xi:include href="version-info.xml" xpointer="v258"/>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>--entry-token=</option></term>
 

man/systemd-run.xml

@@ -565,6 +565,16 @@
       <xi:include href="standard-options.xml" xpointer="help" />
       <xi:include href="standard-options.xml" xpointer="version" />
       <xi:include href="standard-options.xml" xpointer="json" />
+
+      <varlistentry id='no-pager'>
+        <term><option>--no-pager</option></term>
+
+        <listitem><para>Do not pipe output into a pager. This currently only applies to
+        <option>--help</option>. (The pager is not started during normal operation.)</para>
+
+        <xi:include href="version-info.xml" xpointer="v258"/>
+        </listitem>
+      </varlistentry>
     </variablelist>
 
     <para>All command line arguments after the first non-option argument become part of the command line of

mkosi/mkosi.conf.d/centos/mkosi.conf

@@ -5,7 +5,7 @@ Distribution=centos
 
 [Distribution]
 Release=10
-Repositories=epel,epel-next
+Repositories=epel
 
 [Build]
 Environment=

mkosi/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/erofs-utils.conf

@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[TriggerMatch]
+Repositories=epel
+Release=9
+
+[TriggerMatch]
+Release=10
+
+[Content]
+Packages=erofs-utils

mkosi/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/rpmautospec-rpm-macros.conf

@@ -2,8 +2,7 @@
 
 [Match]
 Repositories=epel
+Release=9
 
 [Content]
-Packages=
+Packages=rpmautospec-rpm-macros
-        erofs-utils
-        rpmautospec-rpm-macros

shell-completion/bash/systemd-run

@@ -40,7 +40,8 @@ _systemd_run() {
         --path-property --socket-property --timer-property -H --host -M --machine --expand-environment
         --background --json --job-mode
     )
-    local OPTS="${opts_with_values[*]} --no-ask-password --scope -u --slice-inherit -r --remain-after-exit
+    local OPTS="${opts_with_values[*]} --no-ask-password --no-pager
+                --scope -u --slice-inherit -r --remain-after-exit
                 --send-sighup -d --same-dir -t --pty -P --pipe -S --shell -q --quiet --ignore-failure
                 --on-clock-change --on-timezone-change --no-block --wait -G --collect --user --system -h --help --version -v --verbose"
     local mode=--system

shell-completion/zsh/_systemd-run

@@ -47,6 +47,7 @@ _arguments \
     '(-C --capsule)'{-C,--capsule=}'[Operate on capsule]:capsule' \
     '--nice=[Nice level]:nice level' \
     '--no-ask-password[Do not query the user for authentication]' \
+    '--no-pager[Do not spawn a pager]' \
     '(--wait)--no-block[Do not synchronously wait for the unit start operation to finish]' \
     '--on-active=[Run after SEC seconds]:SEC' \
     '--on-boot=[Run SEC seconds after machine was booted up]:SEC' \

src/analyze/analyze-capability.c

@@ -2,7 +2,7 @@
 
 #include "analyze.h"
 #include "analyze-capability.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "format-table.h"
 #include "log.h"

src/basic/capability-list.c

@@ -4,7 +4,7 @@
 
 #include "alloc-util.h"
 #include "bitfield.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "extract-word.h"
 #include "log.h"
@@ -14,8 +14,8 @@
 
 static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
 
-#include "cap-from-name.inc"
+#include "capability-from-name.inc"
-#include "cap-to-name.inc"
+#include "capability-to-name.inc"
 
 const char* capability_to_name(int id) {
         if (id < 0)

src/basic/capability-util.c

@@ -8,7 +8,7 @@
 
 #include "alloc-util.h"
 #include "bitfield.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "fd-util.h"
 #include "fileio.h"

src/basic/meson.build

@@ -14,7 +14,7 @@ basic_sources = files(
         'build.c',
         'build-path.c',
         'bus-label.c',
-        'cap-list.c',
+        'capability-list.c',
         'capability-util.c',
         'capsule-util.c',
         'cgroup-util.c',
@@ -122,11 +122,11 @@ sources += basic_sources
 
 generated_gperf_headers = []
 foreach item : [
-        # name,    source,         struct name,  prefix,    headers
+        # name,        source,             prefix,    headers
-        ['af',     af_sources,     'af',         '',        ['<sys/socket.h>'],       ],
+        ['af',         af_sources,         '',        ['<sys/socket.h>'],       ],
-        ['arphrd', arphrd_sources, 'arphrd',     'ARPHRD_', ['<linux/if_arp.h>'],     ],
+        ['arphrd',     arphrd_sources,     'ARPHRD_', ['<linux/if_arp.h>'],     ],
-        ['cap',    cap_sources,    'capability', '',        ['<linux/capability.h>'], ],
+        ['capability', capability_sources, '',        ['<linux/capability.h>'], ],
-        ['errno',  [],             'errno',      '',        ['<errno.h>'],            ],
+        ['errno',      [],                 '',        ['<errno.h>'],            ],
 ]
 
         fname = '@0@-list.txt'.format(item[0])
@@ -141,7 +141,7 @@ foreach item : [
         gperf_file = custom_target(
                 input : list_txt,
                 output : fname,
-                command : [generate_gperfs, item[2], item[3], '@INPUT@'] + item[4],
+                command : [generate_gperfs, item[0], item[2], '@INPUT@'] + item[3],
                 capture : true)
 
         fname = '@0@-from-name.inc'.format(item[0])
@@ -150,8 +150,8 @@ foreach item : [
                 output : fname,
                 command : [gperf,
                            '-L', 'ANSI-C', '-t', '--ignore-case',
-                           '-N', 'lookup_@0@'.format(item[2]),
+                           '-N', 'lookup_@0@'.format(item[0]),
-                           '-H', 'hash_@0@_name'.format(item[2]),
+                           '-H', 'hash_@0@_name'.format(item[0]),
                            '-p', '-C',
                            '@INPUT@'],
                 capture : true)

src/basic/virt.c

@@ -475,8 +475,7 @@ Virtualization detect_vm(void) {
                    VIRTUALIZATION_ORACLE,
                    VIRTUALIZATION_XEN,
                    VIRTUALIZATION_AMAZON,
-                   VIRTUALIZATION_PARALLELS,
+                   VIRTUALIZATION_PARALLELS)) {
-                   VIRTUALIZATION_GOOGLE)) {
                 v = dmi;
                 goto finish;
         }
@@ -515,6 +514,10 @@ Virtualization detect_vm(void) {
                 hyperv = true;
         else if (v == VIRTUALIZATION_VM_OTHER)
                 other = true;
+        else if (v == VIRTUALIZATION_KVM && dmi == VIRTUALIZATION_GOOGLE)
+                /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between GCE
+                 * virtual machines and bare-metal instances, so we need to look at hypervisor. */
+                return VIRTUALIZATION_GOOGLE;
         else if (v != VIRTUALIZATION_NONE)
                 goto finish;
 
@@ -527,7 +530,9 @@ Virtualization detect_vm(void) {
                 return dmi;
         if (dmi == VIRTUALIZATION_VM_OTHER)
                 other = true;
-        else if (dmi != VIRTUALIZATION_NONE) {
+        else if (!IN_SET(dmi, VIRTUALIZATION_NONE, VIRTUALIZATION_GOOGLE)) {
+                /* At this point if GCE has been detected in dmi, do not report as a VM. It should
+                 * be a bare-metal machine */
                 v = dmi;
                 goto finish;
         }

src/core/dbus-execute.c

@@ -9,7 +9,7 @@
 #include "bpf-restrict-fs.h"
 #include "bus-get-properties.h"
 #include "bus-unit-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "cpu-set-util.h"
 #include "creds-util.h"
 #include "dbus-execute.h"

src/core/execute.c

@@ -14,7 +14,7 @@
 #include "alloc-util.h"
 #include "async.h"
 #include "bitfield.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "cgroup-setup.h"
 #include "coredump-util.h"

src/core/load-fragment.c

@@ -17,7 +17,7 @@
 #include "bpf-restrict-fs.h"
 #include "bus-error.h"
 #include "calendarspec.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "cgroup-setup.h"
 #include "condition.h"

src/home/homectl.c

@@ -12,7 +12,7 @@
 #include "bus-error.h"
 #include "bus-locator.h"
 #include "bus-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "cgroup-util.h"
 #include "creds-util.h"

src/include/meson.build

@@ -13,7 +13,7 @@ arphrd_sources = files(
 )
 
 # Source files that provides CAP_XYZ
-cap_sources = files(
+capability_sources = files(
         'uapi/linux/capability.h',
 )
 

src/include/override/sys/generate-syscall.py

@@ -44,6 +44,10 @@ HEADER = '''\
 
 #include_next <sys/syscall.h>
 
+#ifdef ARCH_MIPS
+#include <asm/sgidefs.h>
+#endif
+
 #include <assert.h>
 '''
 

src/include/override/sys/syscall.h

@@ -8,6 +8,10 @@
 
 #include_next <sys/syscall.h>
 
+#ifdef ARCH_MIPS
+#include <asm/sgidefs.h>
+#endif
+
 #include <assert.h>
 
 /* Note: if this code looks strange, this is because it is derived from the same

src/kernel-install/50-depmod.install

@@ -33,11 +33,12 @@ case "$COMMAND" in
         exec depmod -a "$KERNEL_VERSION"
         ;;
     remove)
-        [ "$KERNEL_INSTALL_BOOT_ENTRY_TYPE" = "type2" ] || \
+        if [ -n "$KERNEL_INSTALL_BOOT_ENTRY_TYPE" ] && [ -d "/lib/modules/$KERNEL_VERSION/kernel" ]; then
-        [ "$KERNEL_INSTALL_BOOT_ENTRY_TYPE" = "type1" ] && \
+            [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
-        [ -d "/lib/modules/$KERNEL_VERSION/kernel" ] && \
+                echo "Multiple entry types may exist, not removing modules.dep or associated files."
-            echo "Multiple entry types exist, not removing modules.dep or associated files." && \
             exit 0
+        fi
+
         [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
             echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files"
         exec rm -f \

src/kernel-install/kernel-install.c

@@ -1496,17 +1496,17 @@ static int help(void) {
                "     --boot-path=PATH          Path to the $BOOT partition\n"
                "     --make-entry-directory=yes|no|auto\n"
                "                               Create $BOOT/ENTRY-TOKEN/ directory\n"
+               "     --entry-type=type1|type2|all\n"
+               "                               Operate only on the specified bootloader\n"
+               "                               entry type\n"
                "     --entry-token=machine-id|os-id|os-image-id|auto|literal:…\n"
-               "                               Entry token to use for this installation\n"
+               "                               Entry token to be used for this installation\n"
                "     --no-pager                Do not pipe inspect output into a pager\n"
                "     --json=pretty|short|off   Generate JSON output\n"
                "     --no-legend               Do not show the headers and footers\n"
                "     --root=PATH               Operate on an alternate filesystem root\n"
                "     --image=PATH              Operate on disk image as filesystem root\n"
                "     --image-policy=POLICY     Specify disk image dissection policy\n"
-               "     --entry-type=type1|type2|all\n"
-               "                               Operate only on the specified bootloader\n"
-               "                               entry type\n"
                "\n"
                "This program may also be invoked as 'installkernel':\n"
                "  installkernel  [OPTIONS...] VERSION VMLINUZ [MAP] [INSTALLATION-DIR]\n"

src/kernel-install/meson.build

@@ -40,9 +40,11 @@ if want_kernel_install
 
         install_data('install.conf',
                      install_dir : kerneldir)
- 
+
-        install_data('uki.conf',
+        if want_ukify
-                     install_dir : kerneldir)
+                install_data('uki.conf',
+                             install_dir : kerneldir)
+        endif
 
         if install_sysconfdir
                 install_emptydir(sysconfdir / 'kernel/install.d')

src/libsystemd/sd-bus/bus-dump.c

@@ -8,7 +8,7 @@
 #include "bus-internal.h"
 #include "bus-message.h"
 #include "bus-type.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "fileio.h"
 #include "format-util.h"

src/libsystemd/sd-device/device-enumerator-private.h

@@ -20,9 +20,9 @@ int device_enumerator_add_parent_devices(sd_device_enumerator *enumerator, sd_de
 int device_enumerator_add_match_is_initialized(sd_device_enumerator *enumerator, MatchInitializedType type);
 int device_enumerator_add_match_parent_incremental(sd_device_enumerator *enumerator, sd_device *parent);
 int device_enumerator_add_prioritized_subsystem(sd_device_enumerator *enumerator, const char *subsystem);
-sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator);
+sd_device* device_enumerator_get_first(sd_device_enumerator *enumerator);
-sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator);
+sd_device* device_enumerator_get_next(sd_device_enumerator *enumerator);
-sd_device **device_enumerator_get_devices(sd_device_enumerator *enumerator, size_t *ret_n_devices);
+sd_device** device_enumerator_get_devices(sd_device_enumerator *enumerator, size_t *ret_n_devices);
 
 #define FOREACH_DEVICE_AND_SUBSYSTEM(enumerator, device)       \
         for (device = device_enumerator_get_first(enumerator); \

src/libsystemd/sd-device/device-enumerator.c

@@ -98,7 +98,7 @@ static void device_enumerator_unref_devices(sd_device_enumerator *enumerator) {
         enumerator->n_devices = 0;
 }
 
-static sd_device_enumerator *device_enumerator_free(sd_device_enumerator *enumerator) {
+static sd_device_enumerator* device_enumerator_free(sd_device_enumerator *enumerator) {
         assert(enumerator);
 
         device_enumerator_unref_devices(enumerator);
@@ -1021,7 +1021,7 @@ int device_enumerator_scan_devices(sd_device_enumerator *enumerator) {
         return r;
 }
 
-_public_ sd_device *sd_device_enumerator_get_device_first(sd_device_enumerator *enumerator) {
+_public_ sd_device* sd_device_enumerator_get_device_first(sd_device_enumerator *enumerator) {
         assert_return(enumerator, NULL);
 
         if (device_enumerator_scan_devices(enumerator) < 0)
@@ -1038,7 +1038,7 @@ _public_ sd_device *sd_device_enumerator_get_device_first(sd_device_enumerator *
         return enumerator->devices[0];
 }
 
-_public_ sd_device *sd_device_enumerator_get_device_next(sd_device_enumerator *enumerator) {
+_public_ sd_device* sd_device_enumerator_get_device_next(sd_device_enumerator *enumerator) {
         assert_return(enumerator, NULL);
 
         if (!enumerator->scan_uptodate ||
@@ -1088,7 +1088,7 @@ int device_enumerator_scan_subsystems(sd_device_enumerator *enumerator) {
         return r;
 }
 
-_public_ sd_device *sd_device_enumerator_get_subsystem_first(sd_device_enumerator *enumerator) {
+_public_ sd_device* sd_device_enumerator_get_subsystem_first(sd_device_enumerator *enumerator) {
         assert_return(enumerator, NULL);
 
         if (device_enumerator_scan_subsystems(enumerator) < 0)
@@ -1105,7 +1105,7 @@ _public_ sd_device *sd_device_enumerator_get_subsystem_first(sd_device_enumerato
         return enumerator->devices[0];
 }
 
-_public_ sd_device *sd_device_enumerator_get_subsystem_next(sd_device_enumerator *enumerator) {
+_public_ sd_device* sd_device_enumerator_get_subsystem_next(sd_device_enumerator *enumerator) {
         assert_return(enumerator, NULL);
 
         if (!enumerator->scan_uptodate ||
@@ -1161,7 +1161,7 @@ int device_enumerator_scan_devices_and_subsystems(sd_device_enumerator *enumerat
         return r;
 }
 
-sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator) {
+sd_device* device_enumerator_get_first(sd_device_enumerator *enumerator) {
         assert_return(enumerator, NULL);
 
         if (!enumerator->scan_uptodate)
@@ -1178,7 +1178,7 @@ sd_device *device_enumerator_get_first(sd_device_enumerator *enumerator) {
         return enumerator->devices[0];
 }
 
-sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator) {
+sd_device* device_enumerator_get_next(sd_device_enumerator *enumerator) {
         assert_return(enumerator, NULL);
 
         if (!enumerator->scan_uptodate ||
@@ -1189,7 +1189,7 @@ sd_device *device_enumerator_get_next(sd_device_enumerator *enumerator) {
         return enumerator->devices[++enumerator->current_device_index];
 }
 
-sd_device **device_enumerator_get_devices(sd_device_enumerator *enumerator, size_t *ret_n_devices) {
+sd_device** device_enumerator_get_devices(sd_device_enumerator *enumerator, size_t *ret_n_devices) {
         assert(enumerator);
         assert(ret_n_devices);
 

src/libsystemd/sd-device/device-monitor.c

@@ -412,13 +412,13 @@ _public_ int sd_device_monitor_attach_event(sd_device_monitor *m, sd_event *even
         return 0;
 }
 
-_public_ sd_event *sd_device_monitor_get_event(sd_device_monitor *m) {
+_public_ sd_event* sd_device_monitor_get_event(sd_device_monitor *m) {
         assert_return(m, NULL);
 
         return m->event;
 }
 
-_public_ sd_event_source *sd_device_monitor_get_event_source(sd_device_monitor *m) {
+_public_ sd_event_source* sd_device_monitor_get_event_source(sd_device_monitor *m) {
         assert_return(m, NULL);
 
         return m->event_source;
@@ -447,7 +447,7 @@ _public_ int sd_device_monitor_get_description(sd_device_monitor *m, const char
         return 0;
 }
 
-static sd_device_monitor *device_monitor_free(sd_device_monitor *m) {
+static sd_device_monitor* device_monitor_free(sd_device_monitor *m) {
         assert(m);
 
         (void) sd_device_monitor_detach_event(m);

src/libsystemd/sd-device/sd-device.c

@@ -52,7 +52,7 @@ int device_new_aux(sd_device **ret) {
         return 0;
 }
 
-static sd_device *device_free(sd_device *device) {
+static sd_device* device_free(sd_device *device) {
         assert(device);
 
         sd_device_unref(device->parent);
@@ -1051,7 +1051,7 @@ static int device_enumerate_children(sd_device *device) {
         return 1; /* Enumerated. */
 }
 
-_public_ sd_device *sd_device_get_child_first(sd_device *device, const char **ret_suffix) {
+_public_ sd_device* sd_device_get_child_first(sd_device *device, const char **ret_suffix) {
         int r;
 
         assert(device);
@@ -1069,7 +1069,7 @@ _public_ sd_device *sd_device_get_child_first(sd_device *device, const char **re
         return sd_device_get_child_next(device, ret_suffix);
 }
 
-_public_ sd_device *sd_device_get_child_next(sd_device *device, const char **ret_suffix) {
+_public_ sd_device* sd_device_get_child_next(sd_device *device, const char **ret_suffix) {
         sd_device *child;
 
         assert(device);
@@ -1922,7 +1922,7 @@ _public_ int sd_device_get_usec_since_initialized(sd_device *device, uint64_t *r
         return 0;
 }
 
-_public_ const char *sd_device_get_tag_first(sd_device *device) {
+_public_ const char* sd_device_get_tag_first(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);
@@ -1936,7 +1936,7 @@ _public_ const char *sd_device_get_tag_first(sd_device *device) {
         return v;
 }
 
-_public_ const char *sd_device_get_tag_next(sd_device *device) {
+_public_ const char* sd_device_get_tag_next(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);
@@ -1962,7 +1962,7 @@ static bool device_database_supports_current_tags(sd_device *device) {
         return device->database_version >= 1;
 }
 
-_public_ const char *sd_device_get_current_tag_first(sd_device *device) {
+_public_ const char* sd_device_get_current_tag_first(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);
@@ -1979,7 +1979,7 @@ _public_ const char *sd_device_get_current_tag_first(sd_device *device) {
         return v;
 }
 
-_public_ const char *sd_device_get_current_tag_next(sd_device *device) {
+_public_ const char* sd_device_get_current_tag_next(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);
@@ -1996,7 +1996,7 @@ _public_ const char *sd_device_get_current_tag_next(sd_device *device) {
         return v;
 }
 
-_public_ const char *sd_device_get_devlink_first(sd_device *device) {
+_public_ const char* sd_device_get_devlink_first(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);
@@ -2010,7 +2010,7 @@ _public_ const char *sd_device_get_devlink_first(sd_device *device) {
         return v;
 }
 
-_public_ const char *sd_device_get_devlink_next(sd_device *device) {
+_public_ const char* sd_device_get_devlink_next(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);
@@ -2083,7 +2083,7 @@ int device_properties_prepare(sd_device *device) {
         return 0;
 }
 
-_public_ const char *sd_device_get_property_first(sd_device *device, const char **_value) {
+_public_ const char* sd_device_get_property_first(sd_device *device, const char **_value) {
         const char *key;
         int r;
 
@@ -2100,7 +2100,7 @@ _public_ const char *sd_device_get_property_first(sd_device *device, const char
         return key;
 }
 
-_public_ const char *sd_device_get_property_next(sd_device *device, const char **_value) {
+_public_ const char* sd_device_get_property_next(sd_device *device, const char **_value) {
         const char *key;
         int r;
 
@@ -2217,19 +2217,14 @@ static int device_sysattrs_read_all(sd_device *device) {
         return 0;
 }
 
-_public_ const char *sd_device_get_sysattr_first(sd_device *device) {
+_public_ const char* sd_device_get_sysattr_first(sd_device *device) {
         void *v;
-        int r;
 
         assert_return(device, NULL);
 
-        if (!device->sysattrs_read) {
+        if (!device->sysattrs_read &&
-                r = device_sysattrs_read_all(device);
+            device_sysattrs_read_all(device) < 0)
-                if (r < 0) {
+                return NULL;
-                        errno = -r;
-                        return NULL;
-                }
-        }
 
         device->sysattrs_iterator = ITERATOR_FIRST;
 
@@ -2237,7 +2232,7 @@ _public_ const char *sd_device_get_sysattr_first(sd_device *device) {
         return v;
 }
 
-_public_ const char *sd_device_get_sysattr_next(sd_device *device) {
+_public_ const char* sd_device_get_sysattr_next(sd_device *device) {
         void *v;
 
         assert_return(device, NULL);

src/login/pam_systemd.c

@@ -22,7 +22,7 @@
 #include "bus-error.h"
 #include "bus-internal.h"
 #include "bus-locator.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "cgroup-setup.h"
 #include "chase.h"

src/network/networkd-address.c

@@ -1345,7 +1345,7 @@ int link_drop_ipv6ll_addresses(Link *link) {
         /* IPv6LL address may be in the tentative state, and in that case networkd has not received it.
          * So, we need to dump all IPv6 addresses. */
 
-        if (link_may_have_ipv6ll(link, /* check_multicast = */ false))
+        if (link_ipv6ll_enabled_harder(link))
                 return 0;
 
         r = sd_rtnl_message_new_addr(link->manager->rtnl, &req, RTM_GETADDR, link->ifindex, AF_INET6);

src/network/networkd-ipv6ll.c

@@ -43,41 +43,26 @@ bool link_ipv6ll_enabled(Link *link) {
         return link->network->link_local & ADDRESS_FAMILY_IPV6;
 }
 
-bool link_may_have_ipv6ll(Link *link, bool check_multicast) {
+bool link_ipv6ll_enabled_harder(Link *link) {
         assert(link);
 
-        /*
+        /* This is mostly equivalent to link_ipv6ll_enabled(), but also checks if an IPv6LL address is
-         * This is equivalent to link_ipv6ll_enabled() for non-WireGuard interfaces.
+         * manually configured. */
-         *
-         * For WireGuard interface, the kernel does not assign any IPv6LL addresses, but we can assign
-         * it manually. It is necessary to set an IPv6LL address manually to run NDisc or RADV on
-         * WireGuard interface. Note, also Multicast=yes must be set. See #17380.
-         *
-         * TODO: May be better to introduce GenerateIPv6LinkLocalAddress= setting, and use algorithms
-         *       used in networkd-address-generation.c
-         */
 
         if (link_ipv6ll_enabled(link))
                 return true;
 
-        /* IPv6LL address can be manually assigned on WireGuard interface. */
+        if (!link->network)
-        if (streq_ptr(link->kind, "wireguard")) {
+                return false;
-                Address *a;
 
-                if (!link->network)
+        Address *a;
-                        return false;
+        ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) {
-
+                if (a->family != AF_INET6)
-                if (check_multicast && !FLAGS_SET(link->flags, IFF_MULTICAST) && link->network->multicast <= 0)
+                        continue;
-                        return false;
+                if (in6_addr_is_set(&a->in_addr_peer.in6))
-
+                        continue;
-                ORDERED_HASHMAP_FOREACH(a, link->network->addresses_by_section) {
+                if (in6_addr_is_link_local(&a->in_addr.in6))
-                        if (a->family != AF_INET6)
+                        return true;
-                                continue;
-                        if (in6_addr_is_set(&a->in_addr_peer.in6))
-                                continue;
-                        if (in6_addr_is_link_local(&a->in_addr.in6))
-                                return true;
-                }
         }
 
         return false;

src/network/networkd-ipv6ll.h

@@ -15,7 +15,7 @@ typedef enum IPv6LinkLocalAddressGenMode {
 } IPv6LinkLocalAddressGenMode;
 
 bool link_ipv6ll_enabled(Link *link);
-bool link_may_have_ipv6ll(Link *link, bool check_multicast);
+bool link_ipv6ll_enabled_harder(Link *link);
 
 IPv6LinkLocalAddressGenMode link_get_ipv6ll_addrgen_mode(Link *link);
 int ipv6ll_addrgen_mode_fill_message(sd_netlink_message *message, IPv6LinkLocalAddressGenMode mode);

src/network/networkd-link.c

@@ -133,7 +133,7 @@ bool link_ipv6_enabled(Link *link) {
         if (link->network->bond)
                 return false;
 
-        if (link_may_have_ipv6ll(link, /* check_multicast = */ false))
+        if (link_ipv6ll_enabled(link))
                 return true;
 
         if (network_has_static_ipv6_configurations(link->network))
@@ -2126,6 +2126,17 @@ bool link_has_carrier(Link *link) {
         return netif_has_carrier(link->kernel_operstate, link->flags);
 }
 
+bool link_multicast_enabled(Link *link) {
+        assert(link);
+
+        /* If Multicast= is specified, use the value. */
+        if (link->network && link->network->multicast >= 0)
+                return link->network->multicast;
+
+        /* Otherwise, return the current state. */
+        return FLAGS_SET(link->flags, IFF_MULTICAST);
+}
+
 #define FLAG_STRING(string, flag, old, new)                      \
         (((old ^ new) & flag)                                    \
          ? ((old & flag) ? (" -" string) : (" +" string))        \

src/network/networkd-link.h

@@ -229,6 +229,7 @@ void link_check_ready(Link *link);
 void link_update_operstate(Link *link, bool also_update_bond_master);
 
 bool link_has_carrier(Link *link);
+bool link_multicast_enabled(Link *link);
 
 bool link_ipv6_enabled(Link *link);
 int link_ipv6ll_gained(Link *link);

src/network/networkd-ndisc.c

@@ -65,7 +65,10 @@ bool link_ndisc_enabled(Link *link) {
         if (!link->network)
                 return false;
 
-        if (!link_may_have_ipv6ll(link, /* check_multicast = */ true))
+        if (!link_multicast_enabled(link))
+                return false;
+
+        if (!link_ipv6ll_enabled_harder(link))
                 return false;
 
         /* Honor explicitly specified value. */

src/network/networkd-radv.c

@@ -31,10 +31,10 @@
 bool link_radv_enabled(Link *link) {
         assert(link);
 
-        if (!link_may_have_ipv6ll(link, /* check_multicast = */ true))
+        if (!link_multicast_enabled(link))
                 return false;
 
-        if (link->hw_addr.length != ETH_ALEN)
+        if (!link_ipv6ll_enabled_harder(link))
                 return false;
 
         return link->network->router_prefix_delegation;

src/nspawn/nspawn-oci.c

@@ -8,7 +8,7 @@
 
 #include "alloc-util.h"
 #include "bus-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "cgroup-util.h"
 #include "cpu-set-util.h"
 #include "device-util.h"

src/nspawn/nspawn-settings.c

@@ -3,7 +3,7 @@
 #include "sd-bus.h"
 
 #include "alloc-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "conf-parser.h"
 #include "cpu-set-util.h"
 #include "extract-word.h"

src/nspawn/nspawn.c

@@ -32,7 +32,7 @@
 #include "bus-error.h"
 #include "bus-locator.h"
 #include "bus-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "cgroup-setup.h"
 #include "cgroup-util.h"

src/run/run.c

@@ -42,6 +42,7 @@
 #include "log.h"
 #include "main-func.h"
 #include "osc-context.h"
+#include "pager.h"
 #include "parse-argument.h"
 #include "parse-util.h"
 #include "path-util.h"
@@ -110,6 +111,7 @@ static char **arg_cmdline = NULL;
 static char *arg_exec_path = NULL;
 static bool arg_ignore_failure = false;
 static char *arg_background = NULL;
+static PagerFlags arg_pager_flags = 0;
 static sd_json_format_flags_t arg_json_format_flags = SD_JSON_FORMAT_OFF;
 static char *arg_shell_prompt_prefix = NULL;
 static int arg_lightweight = -1;
@@ -133,6 +135,8 @@ static int help(void) {
         _cleanup_free_ char *link = NULL;
         int r;
 
+        pager_open(arg_pager_flags);
+
         r = terminal_urlify_man("systemd-run", "1", &link);
         if (r < 0)
                 return log_oom();
@@ -177,6 +181,7 @@ static int help(void) {
                "                                  when queueing a new job\n"
                "     --ignore-failure             Ignore the exit status of the invoked process\n"
                "     --background=COLOR           Set ANSI color for background\n"
+               "     --no-pager                   Do not pipe output into a pager\n"
                "\n%3$sPath options:%4$s\n"
                "     --path-property=NAME=VALUE   Set path unit property\n"
                "\n%3$sSocket options:%4$s\n"
@@ -318,6 +323,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_JOB_MODE,
                 ARG_IGNORE_FAILURE,
                 ARG_BACKGROUND,
+                ARG_NO_PAGER,
                 ARG_JSON,
         };
 
@@ -370,6 +376,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "job-mode",           required_argument, NULL, ARG_JOB_MODE           },
                 { "ignore-failure",     no_argument,       NULL, ARG_IGNORE_FAILURE     },
                 { "background",         required_argument, NULL, ARG_BACKGROUND         },
+                { "no-pager",           no_argument,       NULL, ARG_NO_PAGER           },
                 { "json",               required_argument, NULL, ARG_JSON               },
                 {},
         };
@@ -684,6 +691,10 @@ static int parse_argv(int argc, char *argv[]) {
                                 return r;
                         break;
 
+                case ARG_NO_PAGER:
+                        arg_pager_flags |= PAGER_DISABLE;
+                        break;
+
                 case ARG_JSON:
                         r = parse_json_argument(optarg, &arg_json_format_flags);
                         if (r <= 0)

src/shared/base-filesystem.c

@@ -5,6 +5,10 @@
 #include <syslog.h>
 #include <unistd.h>
 
+#ifdef ARCH_MIPS
+#include <asm/sgidefs.h>
+#endif
+
 #include "alloc-util.h"
 #include "base-filesystem.h"
 #include "errno-util.h"

src/shared/bus-print-properties.c

@@ -4,7 +4,7 @@
 
 #include "alloc-util.h"
 #include "bus-print-properties.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "cgroup-util.h"
 #include "escape.h"
 #include "log.h"

src/shared/bus-unit-util.c

@@ -11,7 +11,7 @@
 #include "bus-locator.h"
 #include "bus-unit-util.h"
 #include "bus-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "cgroup-setup.h"
 #include "cgroup-util.h"
 #include "condition.h"

src/shared/condition.c

@@ -16,7 +16,7 @@
 #include "battery-util.h"
 #include "bitfield.h"
 #include "blockdev-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "cgroup-util.h"
 #include "compare-operator.h"

src/shared/quota-util.h

@@ -1,7 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
-#include <sys/quota.h> /* IWYU pragma: export */
+#include <linux/quota.h>        /* IWYU pragma: export */
+#include <sys/quota.h>          /* IWYU pragma: export */
 
 #include "forward.h"
 

src/shared/seccomp-util.c

@@ -8,6 +8,10 @@
 #include <sys/shm.h>
 #include <sys/stat.h>
 
+#ifdef ARCH_MIPS
+#include <asm/sgidefs.h>
+#endif
+
 #include "af-list.h"
 #include "alloc-util.h"
 #include "env-util.h"

src/shared/user-record-show.c

@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "alloc-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "format-util.h"
 #include "glyph-util.h"
 #include "hashmap.h"

src/shared/user-record.c

@@ -4,7 +4,7 @@
 
 #include "alloc-util.h"
 #include "bitfield.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "cgroup-util.h"
 #include "dns-domain.h"
 #include "glyph-util.h"

src/systemd/sd-device.h

@@ -50,8 +50,8 @@ typedef int (*sd_device_monitor_handler_t)(sd_device_monitor *m, sd_device *devi
 
 /* device */
 
-sd_device *sd_device_ref(sd_device *device);
+sd_device* sd_device_ref(sd_device *device);
-sd_device *sd_device_unref(sd_device *device);
+sd_device* sd_device_unref(sd_device *device);
 
 int sd_device_new_from_syspath(sd_device **ret, const char *syspath);
 int sd_device_new_from_devnum(sd_device **ret, char type, dev_t devnum);
@@ -98,8 +98,8 @@ const char* sd_device_get_property_first(sd_device *device, const char **value);
 const char* sd_device_get_property_next(sd_device *device, const char **value);
 const char* sd_device_get_sysattr_first(sd_device *device);
 const char* sd_device_get_sysattr_next(sd_device *device);
-sd_device *sd_device_get_child_first(sd_device *device, const char **ret_suffix);
+sd_device* sd_device_get_child_first(sd_device *device, const char **ret_suffix);
-sd_device *sd_device_get_child_next(sd_device *device, const char **ret_suffix);
+sd_device* sd_device_get_child_next(sd_device *device, const char **ret_suffix);
 
 int sd_device_has_tag(sd_device *device, const char *tag);
 int sd_device_has_current_tag(sd_device *device, const char *tag);
@@ -117,13 +117,13 @@ int sd_device_open(sd_device *device, int flags);
 /* device enumerator */
 
 int sd_device_enumerator_new(sd_device_enumerator **ret);
-sd_device_enumerator *sd_device_enumerator_ref(sd_device_enumerator *enumerator);
+sd_device_enumerator* sd_device_enumerator_ref(sd_device_enumerator *enumerator);
-sd_device_enumerator *sd_device_enumerator_unref(sd_device_enumerator *enumerator);
+sd_device_enumerator* sd_device_enumerator_unref(sd_device_enumerator *enumerator);
 
-sd_device *sd_device_enumerator_get_device_first(sd_device_enumerator *enumerator);
+sd_device* sd_device_enumerator_get_device_first(sd_device_enumerator *enumerator);
-sd_device *sd_device_enumerator_get_device_next(sd_device_enumerator *enumerator);
+sd_device* sd_device_enumerator_get_device_next(sd_device_enumerator *enumerator);
-sd_device *sd_device_enumerator_get_subsystem_first(sd_device_enumerator *enumerator);
+sd_device* sd_device_enumerator_get_subsystem_first(sd_device_enumerator *enumerator);
-sd_device *sd_device_enumerator_get_subsystem_next(sd_device_enumerator *enumerator);
+sd_device* sd_device_enumerator_get_subsystem_next(sd_device_enumerator *enumerator);
 
 int sd_device_enumerator_add_match_subsystem(sd_device_enumerator *enumerator, const char *subsystem, int match);
 int sd_device_enumerator_add_match_sysattr(sd_device_enumerator *enumerator, const char *sysattr, const char *value, int match);
@@ -139,8 +139,8 @@ int sd_device_enumerator_add_all_parents(sd_device_enumerator *enumerator);
 /* device monitor */
 
 int sd_device_monitor_new(sd_device_monitor **ret);
-sd_device_monitor *sd_device_monitor_ref(sd_device_monitor *m);
+sd_device_monitor* sd_device_monitor_ref(sd_device_monitor *m);
-sd_device_monitor *sd_device_monitor_unref(sd_device_monitor *m);
+sd_device_monitor* sd_device_monitor_unref(sd_device_monitor *m);
 
 int sd_device_monitor_get_fd(sd_device_monitor *m);
 int sd_device_monitor_get_events(sd_device_monitor *m);
@@ -148,8 +148,8 @@ int sd_device_monitor_get_timeout(sd_device_monitor *m, uint64_t *ret);
 int sd_device_monitor_set_receive_buffer_size(sd_device_monitor *m, size_t size);
 int sd_device_monitor_attach_event(sd_device_monitor *m, sd_event *event);
 int sd_device_monitor_detach_event(sd_device_monitor *m);
-sd_event *sd_device_monitor_get_event(sd_device_monitor *m);
+sd_event* sd_device_monitor_get_event(sd_device_monitor *m);
-sd_event_source *sd_device_monitor_get_event_source(sd_device_monitor *m);
+sd_event_source* sd_device_monitor_get_event_source(sd_device_monitor *m);
 int sd_device_monitor_set_description(sd_device_monitor *m, const char *description);
 int sd_device_monitor_get_description(sd_device_monitor *m, const char **ret);
 int sd_device_monitor_is_running(sd_device_monitor *m);

src/test/meson.build

@@ -249,11 +249,11 @@ executables += [
                 'type' : 'manual',
         },
         test_template + {
-                'sources' : files('test-cap-list.c'),
+                'sources' : files('test-capability-list.c'),
                 'dependencies' : libcap,
         },
         test_template + {
-                'sources' : files('test-capability.c'),
+                'sources' : files('test-capability-util.c'),
                 'dependencies' : libcap,
         },
         test_template + {

src/test/test-capability-list.c

@@ -3,7 +3,7 @@
 #include <stdio.h>
 
 #include "alloc-util.h"
-#include "cap-list.h"
+#include "capability-list.h"
 #include "capability-util.h"
 #include "parse-util.h"
 #include "random-util.h"

src/udev/udevadm-util.c

@@ -305,7 +305,7 @@ static int search_rules_file(const char *s, const char *root, ConfFile ***files,
         if (!GREEDY_REALLOC_APPEND(*files, *n_files, f, n))
                 return log_oom();
 
-        TAKE_PTR(f);
+        f = mfree(f); /* The array elements are owned by 'files'. So, conf_file_free_many() must not be called. */
         n = 0;
         return 0;
 }

test/integration-tests/integration-test-wrapper.py

@@ -572,6 +572,8 @@ def main() -> None:
     else:
         firmware = args.firmware
 
+    vm = args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1'
+
     cmd = [
         args.mkosi,
         '--directory', os.fspath(args.mkosi_dir),
@@ -616,9 +618,8 @@ def main() -> None:
         ),
         '--credential', f"journal.storage={'persistent' if sys.stdin.isatty() else args.storage}",
         *(['--runtime-build-sources=no', '--register=no'] if not sys.stdin.isatty() else []),
-        'vm' if args.vm or os.getuid() != 0 or os.getenv('TEST_PREFER_QEMU', '0') == '1' else 'boot',
+        'vm' if vm else 'boot',
-        *(['--', '--capability=CAP_BPF'] \
+        *(['--', '--capability=CAP_BPF'] if not vm else []),
-            if not args.vm and os.getenv('TEST_PREFER_QEMU', '0') == '0' else []),
     ]  # fmt: skip
 
     try:

test/units/TEST-50-DISSECT.mountfsd.sh

@@ -6,12 +6,12 @@ set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh
 
-if [[ ! -f /usr/lib/systemd/system/systemd-mountfsd.socket ]] || \
+if [[ ! -f /usr/lib/systemd/system/systemd-mountfsd.socket ]] ||
-   [[ ! -f /usr/lib/systemd/system/systemd-nsresourced.socket ]] || \
+   [[ ! -f /usr/lib/systemd/system/systemd-nsresourced.socket ]] ||
-   ! command -v mksquashfs || \
+   ! command -v mksquashfs ||
    ! grep -q bpf /sys/kernel/security/lsm ||
-   ! find /usr/lib* -name libbpf.so.1 2>/dev/null | grep . || \
+   ! find /usr/lib* -name libbpf.so.1 2>/dev/null | grep . ||
-   systemd-analyze compare-versions "$(uname -r)" lt 6.5 || \
+   systemd-analyze compare-versions "$(uname -r)" lt 6.5 ||
    systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" lt 124; then
     echo "Skipping mountfsd/nsresourced tests"
     exit 0

test/units/TEST-60-MOUNT-RATELIMIT.sh

@@ -243,9 +243,9 @@ EOF
 
         sleep 1
 
-        if [[ "$(systemctl is-failed tmp-hoge.mount)" == "failed" ]] || \
+        if [[ "$(systemctl is-failed tmp-hoge.mount)" == "failed" ]] ||
            journalctl --since="$since" -u tmp-hoge.mount -q --grep "but there is no mount"; then
-                exit 1
+            exit 1
         fi
 
         systemctl stop tmp-hoge.mount