meson: bump version to 258.4

git restore -s origin/main hwdb.d/ test/hwdb.d

(cherry picked from commit a54429d3111f7d28193244f99e5b614df4a67fd2)

.dir-locals.el

@@ -20,8 +20,7 @@
  (nxml-mode . ((nxml-child-indent . 2)
                (fill-column . 109)))
  (meson-mode . ((meson-indent-basic . 8)))
- (sh-mode . ((sh-basic-offset . 4)
-             (sh-indentation . 4)))
+ (sh-mode . ((sh-indentation . 4)))
  (awk-mode . ((c-basic-offset . 8)))
  (nil . ((indent-tabs-mode . nil)
          (tab-width . 8)

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -18,6 +18,8 @@ body:
         If a distro build is used, please just paste the package version, e.g. `systemd-257.3-7.fc42.x86_64`.
         See https://github.com/systemd/systemd-stable/tags for the list of most recent releases.
         For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues).
+        A repository with packages built from latest main for the major distributions and architectures is available from our
+        [OBS project for testing purposes.](https://software.opensuse.org//download.html?project=system%3Asystemd&package=systemd)
       placeholder: '257.x'
     validations:
       required: true

.github/workflows/build-test.yml

@@ -51,9 +51,9 @@ jobs:
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       - name: Setup python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
         with:
           python-version: ${{ matrix.python-version }}
       - name: Build check

.github/workflows/cifuzz.yml

@@ -61,14 +61,14 @@ jobs:
           sanitizer: ${{ matrix.sanitizer }}
           output-sarif: true
       - name: Upload Crash
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
         if: failure() && steps.build.outcome == 'success'
         with:
           name: ${{ matrix.sanitizer }}-${{ matrix.architecture }}-artifacts
           path: ./out/artifacts
       - name: Upload Sarif
         if: always() && steps.build.outcome == 'success'
-        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d
+        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: cifuzz-sarif/results.sarif

.github/workflows/codeql.yml

@@ -42,10 +42,10 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d
+      uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30
       with:
         languages: ${{ matrix.language }}
         config-file: ./.github/codeql-config.yml
@@ -60,7 +60,7 @@ jobs:
         fi
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d
+      uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d
+      uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30

.github/workflows/coverage.yml

@@ -24,8 +24,8 @@ jobs:
     if: github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable'
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@5a476a92deca8ad54869e5d416217aa1bb137b25
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      - uses: systemd/mkosi@14d2d37a1923c03062f55454b2b61d0c64db6238
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -127,7 +127,7 @@ jobs:
             --max-lines 300
 
       - name: Archive failed test journals
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         if: failure() && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable')
         with:
           name: ci-coverage-${{ github.run_id }}-${{ github.run_attempt }}-arch-rolling-failed-test-journals

.github/workflows/coverity.yml

@@ -22,7 +22,7 @@ jobs:
       COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}"
     steps:
       - name: Repository checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # Reuse the setup phase of the unit test script to avoid code duplication
       - name: Install build dependencies
         run: |

.github/workflows/development-freeze.yml

@@ -30,7 +30,7 @@ jobs:
           name: Pull Request Metadata
 
       - name: Repository checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 0
 

.github/workflows/differential-shellcheck.yml

@@ -23,12 +23,12 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 0
 
       - name: Differential ShellCheck
-        uses: redhat-plumbers-in-action/differential-shellcheck@dd551ce780d8af741f8cd8bab6982667b906b457
+        uses: redhat-plumbers-in-action/differential-shellcheck@d965e66ec0b3b2f821f75c8eff9b12442d9a7d1e
         with:
           # exclude all `.in` files because they may contain unsupported syntax, and they have to be preprocessed first
           # TEMPORARY: exclude bash completion files, they would generate too many defects in Code scanning dashboard (600+)

.github/workflows/gather-pr-metadata.yml

@@ -16,14 +16,14 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - id: metadata
         name: Gather Pull Request Metadata
-        uses: redhat-plumbers-in-action/gather-pull-request-metadata@5da2967931dd7c4b9ccd22f49b045e2c1f05165b
+        uses: redhat-plumbers-in-action/gather-pull-request-metadata@b86d1eaf7038cf88a56b26ba3e504f10e07b0ce5
 
       - name: Upload Pull Request Metadata artifact
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
         with:
           name: Pull Request Metadata
           path: ${{ steps.metadata.outputs.metadata-file }}

.github/workflows/issue-labeler.yml

@@ -20,7 +20,7 @@ jobs:
         template: [ bug_report.yml, feature_request.yml ]
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - name: Parse issue form
         uses: stefanbuck/github-issue-parser@1e5bdee70d4b3e066a33aa0669ab782943825f94
@@ -29,7 +29,7 @@ jobs:
           template-path: .github/ISSUE_TEMPLATE/${{ matrix.template }}
 
       - name: Set labels based on component field
-        uses: redhat-plumbers-in-action/advanced-issue-labeler@0db433d412193574252480b4fc22f2e4319a4ea3
+        uses: redhat-plumbers-in-action/advanced-issue-labeler@b80ae64e3e156e9c111b075bfa04b295d54e8e2e
         with:
           issue-form: ${{ steps.issue-parser.outputs.jsonString }}
           template: ${{ matrix.template }}

.github/workflows/labeler.yml

@@ -30,11 +30,11 @@ jobs:
 
     steps:
     - name: Repository checkout
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       if: github.event_name == 'pull_request'
 
     - name: Label PR based on policy in labeler.yml
-      uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9
+      uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b
       if: startsWith(github.event_name, 'pull_request') && github.base_ref == 'main' && github.event.action != 'closed'
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
@@ -42,7 +42,7 @@ jobs:
         sync-labels: false
 
     - name: Set or remove labels based on systemd development workflow
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
       if: startsWith(github.event_name, 'pull_request') && github.event.action != 'closed' && !github.event.pull_request.draft
       with:
         script: |
@@ -83,7 +83,7 @@ jobs:
           }
 
     - name: Add please-review label on command in issue comment
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
       if: github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/please-review')
       with:
         script: |
@@ -95,7 +95,7 @@ jobs:
           })
 
     - name: Remove specific labels when PR is closed or merged
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
       if: startsWith(github.event_name, 'pull_request') && github.event.action == 'closed'
       with:
         script: |

.github/workflows/linter.yml

@@ -23,13 +23,13 @@ jobs:
 
     steps:
       - name: Repo checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           # We need a full repo clone
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@502f4fe48a81a392756e173e39a861f8c8efe056
+        uses: super-linter/super-linter/slim@12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e
         env:
           DEFAULT_BRANCH: main
           MULTI_STATUS: false
@@ -37,8 +37,9 @@ jobs:
           VALIDATE_GITHUB_ACTIONS: true
           LINTER_RULES_PATH: .github/linters
           GITHUB_ACTIONS_CONFIG_FILE: actionlint.yml
+          ENABLE_GITHUB_PULL_REQUEST_SUMMARY_COMMENT: false
 
-      - uses: systemd/mkosi@5a476a92deca8ad54869e5d416217aa1bb137b25
+      - uses: systemd/mkosi@14d2d37a1923c03062f55454b2b61d0c64db6238
 
       - name: Check that tabs are not used in Python code
         run: sh -c '! git grep -P "\\t" -- src/core/generate-bpf-delegate-configs.py src/boot/generate-hwids-section.py src/ukify/ukify.py test/integration-tests/integration-test-wrapper.py'

.github/workflows/mkosi.yml

@@ -166,8 +166,8 @@ jobs:
             shim: 0
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@5a476a92deca8ad54869e5d416217aa1bb137b25
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      - uses: systemd/mkosi@14d2d37a1923c03062f55454b2b61d0c64db6238
 
       # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
       # immediately, we remove the files in the background. However, we first move them to a different location
@@ -311,7 +311,7 @@ jobs:
             "${MAX_LINES[@]}"
 
       - name: Archive failed test journals
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         if: failure() && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable')
         with:
           name: ci-mkosi-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.distro }}-${{ matrix.release }}-${{ matrix.runner }}-failed-test-journals

.github/workflows/requirements.txt

@@ -1,6 +1,6 @@
-meson==1.8.3 \
-    --hash=sha256:ef02b806ce0c5b6becd5bb5dc9fa67662320b29b337e7ace73e4354500590233 \
-    --hash=sha256:f118aa910fc0a137cc2dd0122232dbf82153d9a12fb5b0f5bb64896f6a157abf
+meson==1.10.1 \
+    --hash=sha256:c42296f12db316a4515b9375a5df330f2e751ccdd4f608430d41d7d6210e4317 \
+    --hash=sha256:fe43d1cc2e6de146fbea78f3a062194bcc0e779efc8a0f0d7c35544dfb86731f
 ninja==1.11.1.4 \
     --hash=sha256:055f386fb550c2c9d6157e45e20a84d29c47968876b9c5794ae2aec46f952306 \
     --hash=sha256:096487995473320de7f65d622c3f1d16c3ad174797602218ca8c967f51ec38a0 \

.github/workflows/scorecards.yml

@@ -29,12 +29,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif

.github/workflows/unit-tests.yml

@@ -40,7 +40,7 @@ jobs:
             runner: ubuntu-24.04-s390x
     steps:
       - name: Repository checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       - name: Install build dependencies
         run: |
           # Drop XDG_* stuff from /etc/environment, so we don't get the user

.mailmap

@@ -36,6 +36,9 @@ Daniel Stekloff <dsteklof@us.ibm.com>
 Daniel Șerbănescu <dasj19@users.noreply.github.com>
 Dann Frazier <dann.frazier@canonical.com>
 Dave Reisner <dreisner@archlinux.org> <d@falconindy.com>
+David Rheinsberg <david@readahead.eu>
+David Rheinsberg <dh.herrmann@gmail.com>
+David Rheinsberg <dh.herrmann@googlemail.com>
 David Santamaría Rogado <howl.nsp@gmail.com>
 David Zeuthen <david@fubar.dk>
 David Zeuthen <david@fubar.dk> <davidz@redhat.com>
@@ -91,7 +94,9 @@ José Bollo <jose.bollo@iot.bzh> <jobol@nonadev.net>
 Jun Bo Bi <jambonmcyeah@gmail.com>
 Justin Capella <justincapella@gmail.com> <b1tninja@users.noreply.github.com>
 Jérémy Rosen <jeremy.rosen@enst-bretagne.fr>
+Jörg Behrmann <behrmann@physik.fu-berlin.de>
 Jürg Billeter <j@bitron.ch>
+Kai Lüke <kailuke@microsoft.com>
 Karl Kraus <karl.kraus@tum.de> <laqueray@gmail.com>
 Kay Sievers <kay@vrfy.org>
 Kay Sievers <kay@vrfy.org> <kay.sievers@suse.de>

NEWS

@@ -4048,7 +4048,7 @@ CHANGES WITH 255:
         * A new component "systemd-storagetm" has been added, which exposes all
           local block devices as NVMe-TCP devices, fully automatically. It's
           hooked into a new target unit storage-target-mode.target that is
-          suppsoed to be booted into via
+          supposed to be booted into via
           rd.systemd.unit=storage-target-mode.target on the kernel command
           line. This is intended to be used for installers and debugging to
           quickly get access to the local disk. It's inspired by MacOS "target

README

@@ -123,7 +123,8 @@ REQUIREMENTS:
           CONFIG_SECCOMP
           CONFIG_SECCOMP_FILTER (required for seccomp support)
           CONFIG_KCMP (for the kcmp() syscall, used to be under
-                       CONFIG_CHECKPOINT_RESTORE before ~5.12)
+                       CONFIG_CHECKPOINT_RESTORE before ~5.12;
+                       not needed after 6.10)
           CONFIG_NET_SCHED
           CONFIG_NET_SCH_FQ_CODEL
 
@@ -191,7 +192,7 @@ REQUIREMENTS:
         This is shipped by default, see modprobe.d/systemd.conf.
 
         Required for systemd-nspawn:
-          CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
+          CONFIG_DEVPTS_MULTIPLE_INSTANCES (removed and unneeded since 4.7)
 
         Required for systemd-oomd:
           CONFIG_PSI

docs/CODING_STYLE.md

@@ -234,6 +234,24 @@ SPDX-License-Identifier: LGPL-2.1-or-later
                   const char *input);
   ```
 
+- When passing `NULL` or another value meaning "unset" to a function, use a comment
+  to indicate the argument name to make it more clear where we're passing an "unset"
+  value.
+
+  Bad:
+
+  ```c
+  myfunction(NULL, NULL, NULL);
+  ```
+
+  Good:
+
+  ```c
+  myfunction(/* a= */ NULL, /* b= */ NULL, /* c= */ NULL);
+  ```
+
+  This guidance should be applied tree-wide, including in test files.
+
 - Please do not introduce new circular dependencies between header files.
   Effectively this means that if a.h includes b.h, then b.h cannot include a.h,
   directly or transitively via another header. Circular header dependencies can

docs/HACKING.md

@@ -36,6 +36,10 @@ or via your distribution's package manager. Note that systemd regularly adopts
 newer mkosi features that are not in an official release yet so there's a good
 chance that your distribution's packaged version of mkosi will be too old.
 
+Make sure to read the "Unprivileged User Namespaces" section in the mkosi documentation
+(run `mkosi documentation` to view the mkosi docs) and apply any necessary instructions
+to make sure unprivileged user namespaces work on your system.
+
 Then, you can build, run and test systemd executables as follows:
 
 ```sh

docs/OSC_CONTEXT.md

@@ -1,339 +1 @@
----
-title: OSC 3008: Hierarchical Context Signalling
-category: Interfaces
-layout: default
-SPDX-License-Identifier: LGPL-2.1-or-later
----
-
-# OSC 3008: Hierarchical Context Signalling
-
-A terminal connects a user with programs. Control of the program side of
-terminals is typically passed around to various different components while the
-user is active: a shell might pass control to a process it invokes. If that
-process is `run0` then primary control is passed to the privileged session of
-the target user. If `systemd-nspawn` is invoked to start a container, primary
-control is passed to that container, and so on.
-
-A terminal emulator might be interested to know which component is currently in
-primary control of the program side of a terminal. OSC 3008 is a mechanism to
-inform it about such contexts. Each component taking over control can inform
-the terminal emulators that a new context begins now, and then use the terminal
-or pass control down to further apps, which can introduce contexts. Each
-context may carry various descriptive metadata fields.
-
-## Status
-
-This OSC sequence has been invented by the systemd project and is generated by
-systemd. Currently, no terminal application is known that consumes these
-sequences.
-
-## Use Cases
-
-Terminal emulators can use hierarchical context information:
-
-1. To introduce markers/bookmarks in the output that the user can jump between.
-
-2. To visually identify output from different contexts. For example the
-   background of the associated output can be tinted in a reddish tone when
-   privileges are acquired, and similar.
-
-3. Meta information on specific output can be shown in a tooltip or similar
-
-4. Programs (and all subcontexts) can be killed via a right-click menu on the
-   output they generate.
-
-5. Similar, a right-click menu might offer an item to offer opening a new
-   interactive shell in the same working directory that was current on the
-   selected context.
-
-6. Failed commands or aborted sessions can be marked requesting user attention.
-
-## Context Types
-
-There are various types of contexts defined by this specification:
-
-1. `boot` → a booted system initiates this context early at boot. (systemd's
-   PID 1 generates this on `/dev/console`.)
-
-2. `container` → a container manager initialized an interactive connection to a
-   container. (`systemd-nspawn` generates this when interactively invoking a
-   container. `machinectl login`, `machinectl shell` do this too.)
-
-3. `vm` → a VM manager initialized a terminal connection to a
-   VM. (`systemd-vmspawn` generates this when interactively invoking a VM, as
-   one example.)
-
-4. `elevate` → when the user interactively acquired higher privileges. (`run0`
-   initiates a context of this type whenever the user invokes it to acquire
-   root privileges.)
-
-5. `chpriv` → similar, but when the user acquired *different* privileges, not
-   necessarily higher ones. (`run0` initiates a context of this type whenever
-   the user invokes it to acquire non-root privileges of another user.)
-
-5. `subcontext` → similar, but the source and target privileges where
-   identical. (`run0` initiates a context of this type whenever the user
-   invokes it to acquire privileges of the user itself.)
-
-6. `remote` → a user invoked a tool such as `ssh` to connect to a remote
-   system.
-
-7. `shell` → an interactive terminal shell initiates this context
-
-8. `command` → a shell interactively invokes a new program.
-
-9. `app` → an interactive program may initiate this context.
-
-10. `service` → the service manager invokes an interactive service on the terminal
-
-11. `session` → a login session of the user is initialized.
-
-## Semantics
-
-Contexts in the sense of OSC 3008 are hierarchical, and describe a tree
-structure: whenever a new context is opened it becomes the new active context,
-and the previously active context becomes its parent (if there is one). Only
-one context is currently active, but previously opened contexts remain valid in
-the background. Any other data written or read should be considered associated
-with the currently active context.
-
-Each context carries an identifier, chosen by the component opening the
-context. The identifier can chosen freely, but must not be longer than 64
-characters. The characters may be in the 32…126 byte range. Identifiers should
-be universally unique, for example randomly generated. A freshly generated UUID
-would work well for this, but this could also be something like the Linux boot
-ID combined with the 64bit inode number of Linux pidfds, or something hashed
-from it.
-
-Fundamentally, there are two OSC 3008 commands defined:
-
-1. OSC "`3008;start=`" … (the *start sequence*) → this initiates, updates or
-   indicates a return to a context. It carries a context identifier, and
-   typically some metadata. This may be sent to first initiate a context. If
-   sent again for the same context ID that was initiated already this indicates
-   an update of the existing context. In this case, *any* previously set
-   metadata fields for the context are flushed out, reset to their defaults,
-   and then reinitialized from the newly supplied data. Also, in this case any
-   subcontexts of the contexts are implicitly terminated.
-
-2. OSC "`3008;end=`" … (the *end sequence*) → this terminates a context. It
-   carries a context identifier to close, initiated before with OSC
-   "`3008;start=`". It may also carry additional metadata.
-
-## General Syntax
-
-This builds on ECMA-48, and reuses the OSC and ST concepts introduced there.
-
-For sequences following this specification it is recommended to encode OSC as
-0x1B 0x5D, and ST as 0x1B 0x5C.
-
-ECMA-48 only allows characters from the range 0x20…0x7e (i.e. 32…126) inside
-OSC sequences. However, most terminal emulators nowadays allow the ASCII byte
-range > 0x7f in the OSC sequences they process, and so does this
-specification. Control characters (< 0x20 and 0x7f) are not allowed. The
-semicolon character ("`;`") – which is used as field separator by this
-specification – shall be replaced by "`\x3b`" and the backslash character
-("`\`") shall be replaced by "`\x5c`". All textual fields must be encoded in
-UTF-8, and then escaped with these two replacements.
-
-The start sequence begins with OSC, followed by the string `3008;start=`,
-followed by the context ID. This is then followed by any number of metadata
-fields, including none. Metadata fields begin with a semicolon (`;`) followed
-by in a string identifying the type of field, followed by an equal sign (`=`),
-and the field value. The sequence ends in ST.
-
-The end sequence begins with OSC, followed by the string `3008;end=`, followed
-by the context ID, and a series of metadata fields in the same syntax as for
-the start sequence. The sequence ends in ST.
-
-## Metadata Fields
-
-The following fields are currently defined for the start sequence:
-
-|  Field        | Context Types | Description                                                                                                 |
-|---------------|---------------|-------------------------------------------------------------------------------------------------------------|
-| `type=`       | *all*         | Declares the context type, one of the types described above                                                 |
-| `user=`       | *all*         | UNIX user name the process issuing the sequence runs as                                                     |
-| `hostname=`   | *all*         | UNIX host name of the system the process issuing the sequence runs on                                       |
-| `machineid=`  | *all*         | The machine ID (i.e. `/etc/machine-id`) of the system the process issuing the sequence runs on              |
-| `bootid=`     | *all*         | The boot ID (i.e. `/proc/sys/kernel/random/boot_id`) of the system the process issuing the sequence runs on |
-| `pid=`        | *all*         | The numeric PID of the process issuing the sequence, in decimal notation                                    |
-| `pidfdid=`    | *all*         | The 64bit inode number of the pidfd of the process issuing the sequence, in decimal notation                |
-| `comm=`       | *all*         | The process name (i.e. `/proc/$PID/comm`, `PR_GET_NAME`) of the process issuing the sequence                |
-| `cwd=`        | `shell`, `command` | The current working directory                                                                          |
-| `cmdline=`    | `command`     | The full command line of the invoked command                                                                |
-| `vm=`         | `vm`          | The name of the VM being invoked                                                                            |
-| `container=`  | `container`   | The name of the container being invoked                                                                     |
-| `targetuser=` | `elevate`, `chpriv`, `vm`, `container`, `remote`, `session` | Target UNIX user name                                         |
-| `targethost=` | `remote`      | Target UNIX, DNS host name, or IP address                                                                   |
-| `sessionid=`  | `session`     | New allocated session ID                                                                                    |
-
-The following fields are currently defined for the end sequence:
-
-| Field         | Context Types | Description                                                                                                 |
-|---------------|---------------|-------------------------------------------------------------------------------------------------------------|
-| `exit=`       | `command`     | One of `success`, `failure`, `crash`, `interrupt`, indicating how the program terminated                    |
-| `status=`     | `command`     | The command's numeric exit status, i.e. the 0…255 value a program returns                                   |
-| `signal=`     | `command`     | The termination signal of the command, if it died abnormally. A symbolic signal name. (`SIGKILL`, …)        |
-
-All fields are optional, including the context type. However, it is generally
-recommended to always include the first 7 fields listed above, to make it easy
-to pinpoint the origin of a context in a race-free fashion, without any
-ambiguities.
-
-The order of the metadata fields is undefined, they may appear in any order
-(including that `type=` is specified at the very end or in the middle!). Note
-that `start=` and `end=` are not considered metadata fields but part of the
-start sequence, and hence must always appear right after OSC.
-
-## Processing, Limits, Security
-
-All context information provided like this should be considered auxiliary and –
-to some degree – redundant information. Hence, it would be wise for a terminal
-to enforce limits on various resources, dropping additional data once these
-limits are hit. Most importantly, a maximum stacking depth should probably
-enforced: any attempts to initiate further contexts should be ignored once the
-stack limit is hit (i.e. the earlier contexts should be kept, the later
-contexts be discarded, not the opposite). Overly long fields should be
-discarded (or potentially truncated, depending on the field type). This
-specification does not recommend any specific stack or string limits for now.
-
-The usual terminal reset sequences should *not* affect the stack of contexts
-(this is a safety feature: a program down the stack should not be able to
-affect the stack further up, possibly hiding relevant information). A temporary
-TTY hangup (`vhangup()`) should result in a full reset of the stack.
-
-All provided data should be processed in a lenient, graceful fashion: if a
-sequence contains invalid fields, those fields should be ignored, but the rest
-of the fields should still be used. In particular, unknown fields should be
-ignored.
-
-The fields provided in these sequences should not contain sensitive
-information. Context IDs should not be considered confidential, but it is
-strongly recommended to generate them in a fashion that guarantees their
-sufficient uniqueness and avoids accidental or intended clashes with other
-contents.
-
-## Examples
-
-1. A new container `foobar` has been invoked by user `lennart` on host `zeta`:
-   `OSC "3008;start=bed86fab93af4328bbed0a1224af6d40;type=container;user=lennart;hostname=zeta;machineid=3deb5353d3ba43d08201c136a47ead7b;bootid=d4a3d0fdf2e24fdea6d971ce73f4fbf2;pid=1062862;pidfdid=1063162;comm=systemd-nspawn;container=foobar" ST`
-
-2. This context ends: `OSC "3008;end=bed86fab93af4328bbed0a1224af6d40" ST`
-
-## Syntax in ABNF
-
-```abnf
-OSC          = %x1B %x5D
-ST           = %x1B %x5C
-
-DECIMAL      = "0"-"9"
-HEX          = "0"-"9" / "A"-"F" / "a-f"
-ID128        = 32*36(HEX / "-")
-UINT64       = 1*20DECIMAL
-ESCSEMICOLON = "\x3b"
-ESCBACKSLASH = "\x5c"
-SAFE         = %x20-3a / %x3c-5b / %x5d-7e / ESCSEMICOLON / ESCBACKSLASH
-
-CTXID        = 1*64SAFE
-TYPEENUM     = "service" / "session" / "shell" / "command" / "vm" / "container" / "elevate" / "chpriv"  / "subcontext" / "remote" / "boot" / "app"
-
-TYPE         = "type=" TYPEENUM
-USER         = "user=" 1*255SAFE
-HOSTNAME     = "hostname=" 1*255SAFE
-MACHINEID    = "machineid=" 1D128
-BOOTID       = "bootid=" ID128
-PID          = "pid=" UINT64
-PIDFDID      = "pidfdid=" UINT64
-COMM         = "comm=" 1*255SAFE
-CWD          = "cwd=" 1*255SAFE
-CMDLINE      = "cmdline=" *255SAFE
-VM           = "vm=" 1*255SAFE
-CONTAINER    = "container=" 1*255SAFE
-TARGETUSER   = "targetuser=" 1*255SAFE
-TARGETHOST   = "targethost=" 1*255SAFE
-SESSIONID    = "sessionid=" 1*255SAFE
-
-STARTFIELD   = TYPE / USER / HOSTNAME / MACHINEID / BOOTID / PID / PIDFDID / COMM / CWD / CMDLINE / VM / CONTAINER / TARGETUSER / TARGETHOST / SESSIONID
-STARTSEQ     = OSC "3008;start=" CTXID *(";" STARTFIELD) ST
-
-EXITENUM     = "success" / "failure" / "crash" / "interrupt"
-SIGNALENUM   = "SIGBUS" / "SIGTRAP" / "SIGABRT" / "SIGSEGV" / …
-
-EXIT         = "exit=" EXITENUM
-STATUS       = "status=" UINT64
-SIGNAL       = "signal=" SIGNALENUM
-
-ENDFIELD     = EXIT / STATUS / SIGNAL
-ENDSEQ       = OSC "3008;end=" CTXID *(";" ENDFIELD) ST
-```
-
-## Known OSC Prefixes
-
-Here's a list of OSC prefixes used by the various sequences currently in public
-use in various terminal emulators. It's not going to be complete, but I tried
-to do some reasonably thorough research to avoid conflicts with the new OSC
-sequence defined above.
-
-| OSC Prefix      | Purpose                                                    |
-|----------------:|------------------------------------------------------------|
-|     `OSC "0;…"` | Icon name + window title                                   |
-|     `OSC "1;…"` | Icon name                                                  |
-|     `OSC "2;…"` | Window title                                               |
-|     `OSC "3;…"` | X11 property                                               |
-|     `OSC "4;…"` | Palette                                                    |
-|     `OSC "5;…"` | Special palette                                            |
-|     `OSC "6;…"` | Disable special color                                      |
-|     `OSC "7;…"` | Report cwd                                                 |
-|     `OSC "8;…"` | Hyperlink                                                  |
-|     `OSC "9;…"` | Progress bar (conemu) [conflict: also growl notifications] |
-|    `OSC "10;…"` | Change colors                                              |
-|    `OSC "11;…"` | "                                                          |
-|    `OSC "12;…"` | "                                                          |
-|    `OSC "13;…"` | "                                                          |
-|    `OSC "14;…"` | "                                                          |
-|    `OSC "15;…"` | "                                                          |
-|    `OSC "16;…"` | "                                                          |
-|    `OSC "17;…"` | "                                                          |
-|    `OSC "18;…"` | "                                                          |
-|    `OSC "19;…"` | "                                                          |
-|    `OSC "21;…"` | Query colors (kitty)                                       |
-|    `OSC "22;…"` | Cursor shape                                               |
-|    `OSC "46;…"` | Log file                                                   |
-|    `OSC "50;…"` | Set font                                                   |
-|    `OSC "51;…"` | Emacs shell                                                |
-|    `OSC "52;…"` | Manipulate selection data (aka clipboard)                  |
-|    `OSC "60;…"` | Query allowed                                              |
-|    `OSC "61;…"` | Query disallowed                                           |
-|    `OSC "99;…"` | Notifications (kitty)                                      |
-|   `OSC "104;…"` | Reset color                                                |
-|   `OSC "105;…"` | Enable/disable special color                               |
-|   `OSC "110;…"` | Reset colors                                               |
-|   `OSC "111;…"` | "                                                          |
-|   `OSC "112;…"` | "                                                          |
-|   `OSC "113;…"` | "                                                          |
-|   `OSC "114;…"` | "                                                          |
-|   `OSC "115;…"` | "                                                          |
-|   `OSC "116;…"` | "                                                          |
-|   `OSC "117;…"` | "                                                          |
-|   `OSC "118;…"` | "                                                          |
-|   `OSC "119;…"` | "                                                          |
-|   `OSC "133;…"` | Prompt/command begin/command end (finalterm/iterm2)        |
-|   `OSC "440;…"` | Audio (mintty)                                             |
-|   `OSC "633;…"` | vscode action (Windows Terminal)                           |
-|   `OSC "666;…"` | "termprop" (vte)                                           |
-|   `OSC "701;…"` | Locale (mintty)                                            |
-|   `OSC "777;…"` | Notification (rxvt)                                        |
-|  `OSC "3008;…"` | This specification                                         |
-|  `OSC "7704;…"` | ANSI colors (mintty)                                       |
-|  `OSC "7750;…"` | Emoji style (mintty)                                       |
-|  `OSC "7770;…"` | Font size (mintty)                                         |
-|  `OSC "7771;…"` | Glyph coverage (mintty)                                    |
-|  `OSC "7721:…"` | Copy window title (mintty)                                 |
-|  `OSC "7777;…"` | Window size (mintty)                                       |
-|  `OSC "9001;…"` | Action (Windows Terminal)                                  |
-|  `OSC "1337;…"` | iterm2 multiplex seeuqnece                                 |
-|  `OSC "5522;…"` | Clipboard (kitty)                                          |
-| `OSC "30001;…"` | Push color onto stack (kitty)                              |
-| `OSC "30101;…"` | Pop color from stack (kitty)                               |
-| `OSC "77119;…"` | Wide chars (mintty)                                        |
+[This content has moved to the UAPI group website](https://uapi-group.org/specifications/specs/osc_context/)

docs/PASSWORD_AGENTS.md

@@ -40,7 +40,9 @@ It is easy to write additional agents. The basic algorithm to follow looks like
 * You'll find the PID of the client asking the question in the `PID=` field in the `[Ask]` section
   (Before asking your question use `kill(PID, 0)` and ignore the file if this returns `ESRCH`;
   there's no need to show the data of this field but if you want to you may)
-* `Echo=` specifies whether the input should be obscured. If this field is missing or is `Echo=0`, the input should not be shown.
+* `Echo=` specifies whether the input should be obscured. If this field is missing or is `Echo=0`, the input should not be shown as-is.
+* `Silent=` specifies whether the input should have any indication. If this field is `Silent=1`, nothing should be printed for any input.
+* `AcceptCached=` specifies whether a cached password is acceptable or not. If this field is missing or is `AcceptCached=0`, the password should not be provided from a cache.
 * The socket to send the response to is configured via `Socket=` in the `[Ask]` section. It is a `AF_UNIX`/`SOCK_DGRAM` socket in the file system.
 * Ignore files where the time specified in the `NotAfter=` field in the `[Ask]` section is in the past.
   The time is specified in usecs, and refers to the `CLOCK_MONOTONIC` clock. If `NotAfter=` is `0`, no such check should take place.
@@ -100,4 +102,4 @@ now available, with the same protocol as the system-wide
 counterpart. Unprivileged, per-directory agents should watch this directory in
 parallel to the system-wide one. Unprivileged queriers (i.e. clients to these
 agents) should pick the per-user directory to place their password request
-files in.
+files in. If the directory does not exist, agents may create it.

docs/sysupdate-objects.svg

@@ -0,0 +1,851 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="316.28293mm"
+   height="306.23108mm"
+   viewBox="0 0 316.28293 306.23108"
+   version="1.1"
+   id="svg1"
+   inkscape:version="1.4.2 (ebf0e940d0, 2025-05-08)"
+   sodipodi:docname="drawing.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="0.74118967"
+     inkscape:cx="540.34752"
+     inkscape:cy="712.36826"
+     inkscape:window-width="1920"
+     inkscape:window-height="1043"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs1">
+    <marker
+       style="overflow:visible"
+       id="marker10"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="3"
+       markerHeight="3"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="xMidYMid">
+      <path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path10" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="Triangle"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="3"
+       markerHeight="3"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="xMidYMid">
+      <path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path135" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="Triangle-8"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="3"
+       markerHeight="3"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="xMidYMid">
+      <path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path135-9" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="marker10-2"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="3"
+       markerHeight="3"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="xMidYMid">
+      <path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path10-6" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="Triangle-8-6"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="3"
+       markerHeight="3"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="xMidYMid">
+      <path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path135-9-3" />
+    </marker>
+    <marker
+       style="overflow:visible"
+       id="marker10-2-1"
+       refX="0"
+       refY="0"
+       orient="auto-start-reverse"
+       inkscape:stockid="Triangle arrow"
+       markerWidth="3"
+       markerHeight="3"
+       viewBox="0 0 1 1"
+       inkscape:isstock="true"
+       inkscape:collect="always"
+       preserveAspectRatio="xMidYMid">
+      <path
+         transform="scale(0.5)"
+         style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
+         d="M 5.77,0 -2.88,5 V -5 Z"
+         id="path10-6-7" />
+    </marker>
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-6.3824526,-3.5266833)">
+    <rect
+       style="fill:#008075;fill-opacity:1;stroke:#0d64b5;stroke-width:0.799999;stroke-opacity:1"
+       id="rect3"
+       width="131.36539"
+       height="128.86658"
+       x="6.7824521"
+       y="61.045975"
+       rx="5.0009999"
+       ry="5" />
+    <g
+       id="g2">
+      <g
+         id="g1">
+        <rect
+           style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+           id="rect1"
+           width="52.697277"
+           height="12.002567"
+           x="15.773956"
+           y="100.73308"
+           rx="6.8996673"
+           ry="4.9446111" />
+        <text
+           xml:space="preserve"
+           style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+           x="64.392487"
+           y="110.51707"
+           id="text1"><tspan
+             sodipodi:role="line"
+             id="tspan1"
+             style="stroke-width:0.264583"
+             x="64.392487"
+             y="110.51707">Instance</tspan></text>
+      </g>
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="113.87379"
+         y="110.50744"
+         id="text2"><tspan
+           sodipodi:role="line"
+           id="tspan2"
+           style="stroke-width:0.264583"
+           x="113.87379"
+           y="110.50744">pattern</tspan></text>
+    </g>
+    <g
+       id="g2-3"
+       transform="translate(0,17.732698)">
+      <g
+         id="g1-5">
+        <rect
+           style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+           id="rect1-6"
+           width="52.697277"
+           height="12.002567"
+           x="15.773956"
+           y="100.73308"
+           rx="6.8996673"
+           ry="4.9446111" />
+        <text
+           xml:space="preserve"
+           style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+           x="64.392487"
+           y="110.51707"
+           id="text1-2"><tspan
+             sodipodi:role="line"
+             id="tspan1-9"
+             style="stroke-width:0.264583"
+             x="64.392487"
+             y="110.51707">Instance</tspan></text>
+      </g>
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="113.87379"
+         y="110.50744"
+         id="text2-1"><tspan
+           sodipodi:role="line"
+           id="tspan2-2"
+           style="stroke-width:0.264583"
+           x="113.87379"
+           y="110.50744">pattern</tspan></text>
+    </g>
+    <g
+       id="g3">
+      <g
+         id="g1-0"
+         transform="translate(0,35.465397)">
+        <rect
+           style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+           id="rect1-62"
+           width="52.697277"
+           height="12.002567"
+           x="15.773956"
+           y="100.73308"
+           rx="6.8996673"
+           ry="4.9446111" />
+        <text
+           xml:space="preserve"
+           style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+           x="64.392487"
+           y="110.51707"
+           id="text1-6"><tspan
+             sodipodi:role="line"
+             id="tspan1-1"
+             style="stroke-width:0.264583"
+             x="64.392487"
+             y="110.51707">Instance</tspan></text>
+      </g>
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="113.87379"
+         y="145.97284"
+         id="text2-8"><tspan
+           sodipodi:role="line"
+           id="tspan2-7"
+           style="stroke-width:0.264583"
+           x="113.87379"
+           y="145.97284">pattern</tspan></text>
+    </g>
+    <text
+       xml:space="preserve"
+       style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="47.416828"
+       y="162.0649"
+       id="text3"><tspan
+         sodipodi:role="line"
+         id="tspan3"
+         style="stroke-width:0.264583"
+         x="47.416828"
+         y="162.0649">⋮</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="59.971153"
+       y="74.610878"
+       id="text4"><tspan
+         sodipodi:role="line"
+         id="tspan4"
+         style="stroke-width:0.264583"
+         x="59.971153"
+         y="74.610878">Resource</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:6.35px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="118.45662"
+       y="86.030052"
+       id="text5"><tspan
+         sodipodi:role="line"
+         id="tspan5"
+         style="font-size:6.35px;stroke-width:0.264583"
+         x="118.45662"
+         y="86.030052">Partially loaded from .transfer file</tspan></text>
+    <g
+       id="g5"
+       transform="translate(0,-16.876938)">
+      <rect
+         style="fill:#008075;fill-opacity:1;stroke:#0d64b5;stroke-width:0.799999;stroke-opacity:1"
+         id="rect3-3"
+         width="131.36539"
+         height="128.86658"
+         x="190.90001"
+         y="77.922913"
+         rx="5.0009999"
+         ry="5" />
+      <g
+         id="g2-7"
+         transform="translate(184.11755,16.87694)">
+        <g
+           id="g1-59">
+          <rect
+             style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+             id="rect1-2"
+             width="52.697277"
+             height="12.002567"
+             x="15.773956"
+             y="100.73308"
+             rx="6.8996673"
+             ry="4.9446111" />
+          <text
+             xml:space="preserve"
+             style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+             x="64.392487"
+             y="110.51707"
+             id="text1-28"><tspan
+               sodipodi:role="line"
+               id="tspan1-97"
+               style="stroke-width:0.264583"
+               x="64.392487"
+               y="110.51707">Instance</tspan></text>
+        </g>
+        <text
+           xml:space="preserve"
+           style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+           x="113.87379"
+           y="110.50744"
+           id="text2-3"><tspan
+             sodipodi:role="line"
+             id="tspan2-6"
+             style="stroke-width:0.264583"
+             x="113.87379"
+             y="110.50744">pattern</tspan></text>
+      </g>
+      <g
+         id="g2-3-1"
+         transform="translate(184.11755,34.609638)">
+        <g
+           id="g1-5-2">
+          <rect
+             style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+             id="rect1-6-9"
+             width="52.697277"
+             height="12.002567"
+             x="15.773956"
+             y="100.73308"
+             rx="6.8996673"
+             ry="4.9446111" />
+          <text
+             xml:space="preserve"
+             style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+             x="64.392487"
+             y="110.51707"
+             id="text1-2-3"><tspan
+               sodipodi:role="line"
+               id="tspan1-9-1"
+               style="stroke-width:0.264583"
+               x="64.392487"
+               y="110.51707">Instance</tspan></text>
+        </g>
+        <text
+           xml:space="preserve"
+           style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+           x="113.87379"
+           y="110.50744"
+           id="text2-1-9"><tspan
+             sodipodi:role="line"
+             id="tspan2-2-4"
+             style="stroke-width:0.264583"
+             x="113.87379"
+             y="110.50744">pattern</tspan></text>
+      </g>
+      <g
+         id="g3-7"
+         transform="translate(184.11755,16.87694)">
+        <g
+           id="g1-0-8"
+           transform="translate(0,35.465397)">
+          <rect
+             style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+             id="rect1-62-4"
+             width="52.697277"
+             height="12.002567"
+             x="15.773956"
+             y="100.73308"
+             rx="6.8996673"
+             ry="4.9446111" />
+          <text
+             xml:space="preserve"
+             style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+             x="64.392487"
+             y="110.51707"
+             id="text1-6-5"><tspan
+               sodipodi:role="line"
+               id="tspan1-1-0"
+               style="stroke-width:0.264583"
+               x="64.392487"
+               y="110.51707">Instance</tspan></text>
+        </g>
+        <text
+           xml:space="preserve"
+           style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+           x="113.87379"
+           y="145.97284"
+           id="text2-8-3"><tspan
+             sodipodi:role="line"
+             id="tspan2-7-6"
+             style="stroke-width:0.264583"
+             x="113.87379"
+             y="145.97284">pattern</tspan></text>
+      </g>
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="231.53438"
+         y="178.94183"
+         id="text3-1"><tspan
+           sodipodi:role="line"
+           id="tspan3-0"
+           style="stroke-width:0.264583"
+           x="231.53438"
+           y="178.94183">⋮</tspan></text>
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="244.0887"
+         y="91.487816"
+         id="text4-6"><tspan
+           sodipodi:role="line"
+           id="tspan4-3"
+           style="stroke-width:0.264583"
+           x="244.0887"
+           y="91.487816">Resource</tspan></text>
+      <text
+         xml:space="preserve"
+         style="font-size:6.35px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="302.57416"
+         y="102.90699"
+         id="text5-2"><tspan
+           sodipodi:role="line"
+           id="tspan5-0"
+           style="font-size:6.35px;stroke-width:0.264583"
+           x="302.57416"
+           y="102.90699">Partially loaded from .transfer file</tspan></text>
+    </g>
+    <rect
+       style="fill:#ff7f2a;fill-opacity:1;stroke:#b56f0d;stroke-width:0.880404;stroke-opacity:1"
+       id="rect6"
+       width="111.65157"
+       height="42.399162"
+       x="6.8226547"
+       y="3.9668853"
+       rx="4.9974012"
+       ry="6.0599365" />
+    <text
+       xml:space="preserve"
+       style="font-size:6.35px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="92.622543"
+       y="28.901594"
+       id="text5-8"><tspan
+         sodipodi:role="line"
+         id="tspan5-8"
+         style="font-size:6.35px;stroke-width:0.264583"
+         x="92.622543"
+         y="28.901594">Loaded from .transfer file</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="55.061909"
+       y="16.949841"
+       id="text6"><tspan
+         sodipodi:role="line"
+         id="tspan6"
+         style="stroke-width:0.264583"
+         x="55.061913"
+         y="16.949841">Transfer</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.76111px;line-height:1.25;font-family:monospace;-inkscape-font-specification:monospace;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="39.600597"
+       y="41.837189"
+       id="text7"><tspan
+         sodipodi:role="line"
+         id="tspan7"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.76111px;font-family:monospace;-inkscape-font-specification:monospace;stroke-width:0.264583"
+         x="39.600597"
+         y="41.837189">source</tspan></text>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.76111px;line-height:1.25;font-family:monospace;-inkscape-font-specification:monospace;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+       x="113.82346"
+       y="41.837189"
+       id="text8"><tspan
+         sodipodi:role="line"
+         id="tspan8"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.76111px;font-family:monospace;-inkscape-font-specification:monospace;stroke-width:0.264583"
+         x="113.82346"
+         y="41.837189">target</tspan></text>
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Triangle)"
+       d="m 27.129808,44.621394 -0.356973,18.91947"
+       id="path8"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#marker10)"
+       d="m 116.01562,40.337739 75.67789,23.203125"
+       id="path9"
+       sodipodi:nodetypes="cc" />
+    <g
+       id="g16"
+       transform="translate(-194.19231,210.25601)">
+      <rect
+         style="fill:#55d400;fill-opacity:1;stroke:#58b50d;stroke-width:1.12104;stroke-opacity:1"
+         id="rect10"
+         width="121.40612"
+         height="78.56958"
+         x="217.91293"
+         y="4.087204"
+         rx="5.8448224"
+         ry="8.4007883" />
+      <text
+         xml:space="preserve"
+         style="font-size:6.35px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;stroke-width:0.264583"
+         x="222.03329"
+         y="28.901594"
+         id="text5-8-9"><tspan
+           sodipodi:role="line"
+           id="tspan5-8-2"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="28.901594">Set of Instances taken from across</tspan><tspan
+           sodipodi:role="line"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="36.839092"
+           id="tspan11">all Transfers, matching a certain</tspan><tspan
+           sodipodi:role="line"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="44.776592"
+           id="tspan12">version; either all source Instances</tspan><tspan
+           sodipodi:role="line"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="52.714092"
+           id="tspan13">or all target Instances.</tspan><tspan
+           sodipodi:role="line"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="60.651592"
+           id="tspan14" /><tspan
+           sodipodi:role="line"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="68.589096"
+           id="tspan15">For example: verity, root FS,</tspan><tspan
+           sodipodi:role="line"
+           style="font-size:6.35px;text-align:start;text-anchor:start;stroke-width:0.264583"
+           x="222.03329"
+           y="76.526596"
+           id="tspan16">and kernel boot image</tspan></text>
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="277.00961"
+         y="16.949841"
+         id="text10"><tspan
+           sodipodi:role="line"
+           id="tspan10"
+           style="stroke-width:0.264583"
+           x="277.00961"
+           y="16.949841">UpdateSet</tspan></text>
+    </g>
+    <g
+       id="g19"
+       transform="matrix(0.26299485,0,0,0.26299485,127.72763,135.80969)">
+      <rect
+         style="fill:#008075;fill-opacity:1;stroke:#0d64b5;stroke-width:0.799999;stroke-opacity:1"
+         id="rect3-9"
+         width="131.36539"
+         height="128.86658"
+         x="202.28317"
+         y="291.19574"
+         rx="5.0009999"
+         ry="5" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-8"
+         width="52.697277"
+         height="12.002567"
+         x="211.27467"
+         y="330.88284"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-6-1"
+         width="52.697277"
+         height="12.002567"
+         x="211.27467"
+         y="348.61554"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-62-9"
+         width="52.697277"
+         height="12.002567"
+         x="211.27467"
+         y="366.34824"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="242.91754"
+         y="392.21466"
+         id="text3-7"><tspan
+           sodipodi:role="line"
+           id="tspan3-1"
+           style="stroke-width:0.264583"
+           x="242.91754"
+           y="392.21466">⋮</tspan></text>
+      <rect
+         style="fill:#008075;fill-opacity:1;stroke:#0d64b5;stroke-width:0.799999;stroke-opacity:1"
+         id="rect3-3-6"
+         width="131.36539"
+         height="128.86658"
+         x="386.40073"
+         y="291.19574"
+         rx="5.0009999"
+         ry="5" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-2-6"
+         width="52.697277"
+         height="12.002567"
+         x="395.39221"
+         y="330.88284"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-6-9-1"
+         width="52.697277"
+         height="12.002567"
+         x="395.39221"
+         y="348.61554"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-62-4-8"
+         width="52.697277"
+         height="12.002567"
+         x="395.39221"
+         y="366.34824"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="427.0351"
+         y="392.21466"
+         id="text3-1-3"><tspan
+           sodipodi:role="line"
+           id="tspan3-0-8"
+           style="stroke-width:0.264583"
+           x="427.0351"
+           y="392.21466">⋮</tspan></text>
+      <rect
+         style="fill:#ff7f2a;fill-opacity:1;stroke:#b56f0d;stroke-width:0.880404;stroke-opacity:1"
+         id="rect6-5"
+         width="111.65157"
+         height="42.399162"
+         x="202.32336"
+         y="234.11665"
+         rx="4.9974012"
+         ry="6.0599365" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Triangle-8)"
+         d="m 222.63053,274.77115 -0.35698,18.91947"
+         id="path8-4"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#marker10-2)"
+         d="m 311.51634,270.4875 75.67789,23.20312"
+         id="path9-4"
+         sodipodi:nodetypes="cc" />
+    </g>
+    <g
+       id="g19-6"
+       transform="matrix(0.26299485,0,0,0.26299485,127.72763,199.17835)">
+      <rect
+         style="fill:#008075;fill-opacity:1;stroke:#0d64b5;stroke-width:0.799999;stroke-opacity:1"
+         id="rect3-9-2"
+         width="131.36539"
+         height="128.86658"
+         x="202.28317"
+         y="291.19574"
+         rx="5.0009999"
+         ry="5" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-8-1"
+         width="52.697277"
+         height="12.002567"
+         x="211.27467"
+         y="330.88284"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-6-1-7"
+         width="52.697277"
+         height="12.002567"
+         x="211.27467"
+         y="348.61554"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-62-9-8"
+         width="52.697277"
+         height="12.002567"
+         x="211.27467"
+         y="366.34824"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="242.91754"
+         y="392.21466"
+         id="text3-7-5"><tspan
+           sodipodi:role="line"
+           id="tspan3-1-7"
+           style="stroke-width:0.264583"
+           x="242.91754"
+           y="392.21466">⋮</tspan></text>
+      <rect
+         style="fill:#008075;fill-opacity:1;stroke:#0d64b5;stroke-width:0.799999;stroke-opacity:1"
+         id="rect3-3-6-4"
+         width="131.36539"
+         height="128.86658"
+         x="386.40073"
+         y="291.19574"
+         rx="5.0009999"
+         ry="5" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-2-6-1"
+         width="52.697277"
+         height="12.002567"
+         x="395.39221"
+         y="330.88284"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-6-9-1-8"
+         width="52.697277"
+         height="12.002567"
+         x="395.39221"
+         y="348.61554"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <rect
+         style="fill:#f13900;stroke:#a93019;stroke-width:0.93445"
+         id="rect1-62-4-8-5"
+         width="52.697277"
+         height="12.002567"
+         x="395.39221"
+         y="366.34824"
+         rx="6.8996673"
+         ry="4.9446111" />
+      <text
+         xml:space="preserve"
+         style="font-size:10.5833px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:sans-serif;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;stroke-width:0.264583"
+         x="427.0351"
+         y="392.21466"
+         id="text3-1-3-9"><tspan
+           sodipodi:role="line"
+           id="tspan3-0-8-7"
+           style="stroke-width:0.264583"
+           x="427.0351"
+           y="392.21466">⋮</tspan></text>
+      <rect
+         style="fill:#ff7f2a;fill-opacity:1;stroke:#b56f0d;stroke-width:0.880404;stroke-opacity:1"
+         id="rect6-5-5"
+         width="111.65157"
+         height="42.399162"
+         x="202.32336"
+         y="234.11665"
+         rx="4.9974012"
+         ry="6.0599365" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#Triangle-8-6)"
+         d="m 222.63053,274.77115 -0.35698,18.91947"
+         id="path8-4-3"
+         sodipodi:nodetypes="cc" />
+      <path
+         style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#marker10-2-1)"
+         d="m 311.51634,270.4875 75.67789,23.20312"
+         id="path9-4-8"
+         sodipodi:nodetypes="cc" />
+    </g>
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#marker10)"
+       d="m 142.02963,226.88607 c 29.98558,-7.85336 26.92872,-47.36399 27.13167,-52.37021 2.14182,-52.83172 30.34254,-50.6899 30.34254,-50.6899"
+       id="path19"
+       sodipodi:nodetypes="csc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#marker10)"
+       d="m 142.03149,232.34519 c 29.27163,16.0637 88.04009,-2.54025 88.04009,-2.54025"
+       id="path20"
+       sodipodi:nodetypes="cc" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-end:url(#marker10)"
+       d="m 142.07294,241.56334 c 55.80936,38.16624 88.27271,50.05886 88.27271,50.05886"
+       id="path21"
+       sodipodi:nodetypes="cc" />
+  </g>
+</svg>

hwdb.d/20-dmi-id.hwdb

@@ -71,3 +71,7 @@ dmi:bvnLENOVO*
 # Microsoft Surface 1's chassis type
 dmi:bvnMicrosoft Corporation*:pvrSurface with Windows 8 Pro*
  ID_CHASSIS=tablet
+
+# GPD Pocket 4 chassis type
+dmi:bvnAmericanMegatrendsInternational*:rvnGPD:rnG1628-04*
+ ID_CHASSIS=convertible

hwdb.d/60-evdev.hwdb

@@ -132,6 +132,13 @@ evdev:input:b0003v05ACp025B*
  EVDEV_ABS_35=::94
  EVDEV_ABS_36=::92
 
+# MacbookPro12,1 (unibody, Early 2015)
+evdev:input:b0003v05ACp0273*
+ EVDEV_ABS_00=::97
+ EVDEV_ABS_01=::92
+ EVDEV_ABS_35=::97
+ EVDEV_ABS_36=::92
+
 # MacBook8,1 (2015), MacBook9,1 (2016), MacBook10,1 (2017)
 evdev:name:Apple SPI Touchpad:dmi:*:svnAppleInc.:pnMacBook8,1:*
 evdev:name:Apple SPI Touchpad:dmi:*:svnAppleInc.:pnMacBook9,1:*
@@ -697,6 +704,13 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoideapadY700-14ISK:*
  EVDEV_ABS_35=::27
  EVDEV_ABS_36=::29
 
+#Lenovo Y50-70
+evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoY50-70**
+ EVDEV_ABS_00=164:3918:37
+ EVDEV_ABS_01=120:1935:26
+ EVDEV_ABS_35=164:3918:37
+ EVDEV_ABS_36=120:1935:26
+
 # Lenovo Ideapad 310S-14ISK
 evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoideapad310S-14ISK:*
  EVDEV_ABS_00=113:3960:37
@@ -746,12 +760,15 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoU41-70:*
  EVDEV_ABS_35=117:3958:36
  EVDEV_ABS_36=104:1960:26
 
-# Lenovo Thinkpad T490 and T14/P14s Gen1/2
+# Lenovo Thinkpad T490/T495 and T14/P14s Gen1/2 (identical chassis)
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT490:*
+evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT495:*
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT14Gen1:*
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT14Gen2a:*
+evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT14Gen2i:*
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadP14sGen1:*
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadP14sGen2a:*
+evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadP14sGen2i:*
  EVDEV_ABS_00=::44
  EVDEV_ABS_01=::52
  EVDEV_ABS_35=::44

hwdb.d/60-keyboard.hwdb

@@ -320,6 +320,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAYANEO:pnKUN:pvr*
 # multi-scancode sequence. The specific preceding codes
 # depend on the model, but the final scancode is always the
 # same.
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnAYA NEO:*
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnAYADEVICE:*
 evdev:name:AT Translated Set 2 keyboard:dmi:*:svnAYANEO:*
  KEYBOARD_KEY_66=f15                                    # LC (All models)
  KEYBOARD_KEY_67=f16                                    # RC (All models)
@@ -665,6 +667,11 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*[tT][aA][bB][lL][eE][tT]*:*
  KEYBOARD_KEY_86=pageup
  KEYBOARD_KEY_87=pagedown
 
+# OmniBook Ultra Flip Laptop 14-fh0xxx
+evdev:atkbd:dmi:*:svnHP:pnHPOmniBookUltraFlipLaptop14-fh0xxx:*
+ KEYBOARD_KEY_82=unknown                                # Mic mute, handled by hp-wmi
+ KEYBOARD_KEY_ab=!unknown                               # Brightness Down and Up keys, handled by acpi-video
+
 # Pavilion
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*[pP][aA][vV][iI][lL][iI][oO][nN]*:*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pn*[pP][aA][vV][iI][lL][iI][oO][nN]*:*
@@ -811,6 +818,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPElite*x360*:*
 # HP Elite Dragonfly
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteDragonfly*:*
+# HP EliteBoard
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBoard*:*
 # HP ProBook 440 G2
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP440G2:*
 # HP ProBook
@@ -1163,18 +1172,48 @@ evdev:input:b0003v04B3p301B*
  KEYBOARD_KEY_90007=mail
  KEYBOARD_KEY_90008=www
 
-# Lenovo Ideapad D330-10IGM
-evdev:name:SIPODEV Lenovo HID Device:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IGM:*
- KEYBOARD_KEY_70073=touchpad_toggle                     # Fn+Supr (Touchpad toggle)
+# Lenovo Ideapad D330-10IGM and D330-10IGL
+# (Tablet buttons)
+evdev:atkbd:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IG[ML]:*
+ KEYBOARD_LED_NUMLOCK=0                                 # Lacks Num-Lock LED
+ KEYBOARD_LED_CAPSLOCK=0                                # Lacks Caps-Lock LED
 
-evdev:name:SIPODEV Lenovo HID Device Consumer Control:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IGM:*
- KEYBOARD_KEY_c00ff=fn_esc                              # Fn+Tab (FnLk toggle)
+# Lenovo Ideapad D330-10IGM and D330-10IGL
+# (Dock keyboard) "* Lenovo HID Device"
+evdev:input:b0003v17EFp60C[368]*-e0,1,4,11,14,k*,C2,*ram4,l0,1,2,sfw
+# Touchpad key acts as LEFTCTRL+LEFTMETA+F24 (C2) Windows shortcut for touchpad toggle,
+# with this as LEFTCTRL+LEFTMETA+TOUCHPAD_TOGGLE but just works.
+ KEYBOARD_KEY_70073=touchpad_toggle                     # Fn+Supr (Touchpad toggle).
+ KEYBOARD_LED_NUMLOCK=0                                 # Lacks Num-Lock LED
+ KEYBOARD_LED_CAPSLOCK=0                                # Lacks Caps-Lock LED
+
+# Lenovo Ideapad D330-10IGM and D330-10IGL
+# (Dock keyboard: volume, brightness and FnLk keys) "* Lenovo HID Device Consumer Control"
+evdev:input:b0003v17EFp60C[368]*-e0,1,4,k*,F0,*ram4,lsfw
+ KEYBOARD_KEY_c00ff=fn_esc                              # Fn+Tab (FnLk toggle). Default is UNKNOWN (F0).
 
 # Lenovo Thinkbook 16 G6+ 2024
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnLENOVO:pn21LG:pvr*
  KEYBOARD_KEY_0a=!9
  KEYBOARD_KEY_0b=!0
 
+# Lenovo Legion Go Translated
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83E1:*
+# Lenovo Legion Go S Translated
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83L3:*
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83N6:*
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83Q2:*
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83Q3:*
+# Lenovo Legion Go 2 Translated
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83N0:*
+evdev:name:AT Translated Set 2 keyboard:dmi:*:svnLENOVO:pn83N1:*
+ KEYBOARD_KEY_67=f16 # Power button long press
+
+# Lenovo Legion Go 2 Raw
+evdev:name:AT Raw Set 2 keyboard:dmi:*:svnLENOVO:pn83N0:*
+evdev:name:AT Raw Set 2 keyboard:dmi:*:svnLENOVO:pn83N1:*
+ KEYBOARD_KEY_20=f16 # Power button long press
+
 ###########################################################
 # LG
 ###########################################################
@@ -2360,21 +2399,21 @@ evdev:input:b0003v05FEp1010*
 ######################### LACK OF MODIFIER LEDS ############################
 # This section lists keyboard which do not have their own LEDs for some
 # modifiers. Only Caps-Lock (KEYBOARD_LED_CAPSLOCK) and Num-Lock
-# (KEYBOARD_LED_CAPSLOCK) are currently handled and need their values set
+# (KEYBOARD_LED_NUMLOCK) are currently handled and need their values set
 # to "0" to indicate the absence of LED.
 #
 # Presence of a LED is implicit when the property is absent.
 
 # Apple Wireless keyboards
-evdev:input:b0005v05aCp022C*
-evdev:input:b0005v05aCp022D*
-evdev:input:b0005v05aCp022E*
-evdev:input:b0005v05aCp0239*
-evdev:input:b0005v05aCp023A*
-evdev:input:b0005v05aCp023B*
-evdev:input:b0005v05aCp0255*
-evdev:input:b0005v05aCp0256*
-evdev:input:b0005v05aCp0257*
+evdev:input:b0005v05ACp022C*
+evdev:input:b0005v05ACp022D*
+evdev:input:b0005v05ACp022E*
+evdev:input:b0005v05ACp0239*
+evdev:input:b0005v05ACp023A*
+evdev:input:b0005v05ACp023B*
+evdev:input:b0005v05ACp0255*
+evdev:input:b0005v05ACp0256*
+evdev:input:b0005v05ACp0257*
  KEYBOARD_LED_NUMLOCK=0
 
 # Logitech K750

hwdb.d/60-sensor.hwdb

@@ -41,7 +41,9 @@
 #    PROXIMITY_NEAR_LEVEL=<value>
 #
 # where <matrix> is a mount-matrix in the format specified in the IIO
-# subsystem[1]. The default, when unset, is equivalent to:
+# subsystem[1]. The default, when unset, is the one defined by the ACPI
+# found in /sys/bus/iio/devices/iio\:deviceXXX/in_mount_matrix or, in
+# absence of it, is equivalent to:
 #   ACCEL_MOUNT_MATRIX=1, 0, 0; 0, 1, 0; 0, 0, 1
 # eg. the identity matrix,
 # and <value> is an integer value above or equal to which an object is
@@ -158,10 +160,6 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TAS:*
 sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA:*
  ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
 
-# Asus Transformer Mini T103HAF
-sensor:modalias:platform:HID-SENSOR-200073*:dmi:*svn*ASUSTeK*:pnT103HAF:*
- ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, -1
-
 sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnTP201SA:*
 sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pn*E205SA:*
  ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
@@ -756,6 +754,14 @@ sensor:modalias:acpi:BMA250E*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-1030:*
 sensor:modalias:acpi:SMO8500*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-830:*
  ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 
+# IdeaPad D330-10IGM (81H3) and (81MD) product names
+#   Panel mounted at -90º. ACPI in_mount_matrix 0, -1, 0; 1, 0, 0; 0, 0, 1
+# IdeaPad Duet 3 10IGL5 (82AT) and 10IGL5-LTE (82HK)
+#   Panel mounted at -90º. ACPI in_mount_matrix unknown, if someone knows please report it
+sensor:modalias:acpi:BOSC0200*:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IGM:*
+sensor:modalias:acpi:SMO8B30*:dmi:*:svnLENOVO:*:pvrIdeaPadDuet310IGL5*:*
+ ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
+
 # IdeaPad Miix 300
 sensor:modalias:acpi:SMO8500*:dmi:bvnLENOVO:*:pvrMIIX300-*:*
  ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1

hwdb.d/70-hardware-wallets.hwdb

@@ -20,6 +20,65 @@
 # Allowed properties are:
 #   ID_HARDWARE_WALLET=0|1
 
+################
+# Blockstream Jade Hardware Wallets
+################
+
+# Jade UART (Silicon Labs)
+usb:v10C4pEA60*
+ ID_HARDWARE_WALLET=1
+
+# Jade UART (WCH)
+usb:v1A86p55D4*
+ ID_HARDWARE_WALLET=1
+
+################
+# Coinkite Hardware Wallets
+################
+
+# Coldcard
+usb:vD13EpCC10*
+ ID_HARDWARE_WALLET=1
+
+################
+# Digital Bitbox Hardware Wallets
+################
+
+# Digital Bitbox (dbb)
+usb:v03EBp2402*
+ ID_HARDWARE_WALLET=1
+
+# BitBox02
+usb:v03EBp2403*
+ ID_HARDWARE_WALLET=1
+
+################
+# KeepKey Hardware Wallets
+################
+
+# KeepKey HID Firmware/Bootloader
+usb:v2B24p0001*
+ ID_HARDWARE_WALLET=1
+
+# KeepKey WebUSB Firmware/Bootloader
+usb:v2B24p0002*
+ ID_HARDWARE_WALLET=1
+
+################
+# Ledger Hardware Wallets
+################
+
+# Ledger HW.1 / Nano series
+usb:v2581p1B7C*
+usb:v2581p2B7C*
+usb:v2581p3B7C*
+usb:v2581p4B7C*
+ ID_HARDWARE_WALLET=1
+
+# Ledger Nano S/X/Blue/Stax and related devices
+usb:v2C97*
+ ID_HARDWARE_WALLET=1
+
 ################
 # Trezor Hardware Wallets
 ################
@@ -30,7 +89,5 @@ usb:v534Cp0001*
 
 # Trezor v2
 usb:v1209p53C0*
- ID_HARDWARE_WALLET=1
-
 usb:v1209p53C1*
  ID_HARDWARE_WALLET=1

hwdb.d/70-lights.hwdb

@@ -26,11 +26,11 @@
 # Logitech
 ################
 # Litra Beam
-bluetooth:v046dpc901*
-usb:v046dpc901*
+bluetooth:v046DpC901*
+usb:v046DpC901*
  ID_AV_LIGHTS=1
 
 # Litra Glow
-bluetooth:v046dpc900*
-usb:v046dpc900*
+bluetooth:v046DpC900*
+usb:v046DpC900*
  ID_AV_LIGHTS=1

hwdb.d/70-sound-card.hwdb

@@ -43,18 +43,32 @@ usb:v045Ep091E*
 # Arctis Headsets
 usb:v1038p12B3*
 usb:v1038p12B6*
-usb:v1038p12D7*
 usb:v1038p1260*
-usb:v1038p12AD*
 usb:v1038p1252*
 usb:v1038p1280*
+usb:v1038p12D5*
+usb:v1038p12D7*
+usb:v1038p12AD*
 usb:v1038p220E*
 usb:v1038p2212*
 usb:v1038p2216*
 usb:v1038p2236*
 usb:v1038p12C2*
+usb:v1038p1290*
+usb:v1038p12EC*
+usb:v1038p2269*
+usb:v1038p226D*
+usb:v1038p2232*
+usb:v1038p2253*
 usb:v1038p2202*
 usb:v1038p2206*
 usb:v1038p220A*
-usb:v1038p1290*
+usb:v1038p2258*
+usb:v1038p223A*
+usb:v1038p227A*
+usb:v1038p22A1*
+usb:v1038p227E*
+usb:v1038p229E*
+usb:v1038p12E0*
+usb:v1038p12E5*
  SOUND_FORM_FACTOR=headset

hwdb.d/70-touchpad.hwdb

@@ -52,6 +52,12 @@ touchpad:usb:v05acp0324:*
 touchpad:usb:v044ep1221:*
  ID_INPUT_TOUCHPAD_INTEGRATION=external
 
+###########################################################
+# Lenovo IdeaPad Duet3 10IGL5 (82AT)
+###########################################################
+touchpad:bluetooth:v17efp60fa:*
+ ID_INPUT_TOUCHPAD_INTEGRATION=internal
+
 ###########################################################
 # Logitech
 ###########################################################

man/custom-html.xsl

@@ -268,6 +268,10 @@
 <!-- add Index link at top of page -->
 <xsl:template name="user.header.content">
   <style>
+    :root {
+      color-scheme: light dark;
+    }
+
     a.headerlink {
       color: #c60f0f;
       font-size: 0.8em;
@@ -312,6 +316,13 @@
   <xsl:text>"</xsl:text>
 </xsl:template>
 
+<!-- copied from docbook to remove the static color declarations -->
+<xsl:template name="body.attributes">
+  <xsl:if test="starts-with($writing.mode, 'rl')">
+    <xsl:attribute name="dir">rtl</xsl:attribute>
+  </xsl:if>
+</xsl:template>
+
 <!-- Switch things to UTF-8, ISO-8859-1 is soo yesteryear -->
 <xsl:output method="html" encoding="UTF-8" indent="no"/>
 

man/kernel-install.xml

@@ -616,6 +616,7 @@
         <term><filename>/proc/cmdline</filename></term>
         <listitem>
           <para>Specifies the kernel command line to use. The first of the files that is found will be used.
+          When running in a container, <filename>/proc/cmdline</filename> is ignored.
           <varname>$KERNEL_INSTALL_CONF_ROOT</varname> may be used to override the search path; see below for
           details.</para>
 

man/org.freedesktop.systemd1.xml

@@ -4860,7 +4860,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
       has no main PID. The control PID is the PID of the current start/stop/reload process running and is 0
       if no such process is currently running. That means that <varname>ExecMainPID</varname> and
       <varname>MainPID</varname> differ in the way that the latter immediately reflects whether a main
-      process is currently running while the latter possible contains information collected from the last run
+      process is currently running while the former possibly contains information collected from the last run
       even if the process is no longer around.</para>
 
       <para><varname>StatusText</varname>, <varname>StatusErrno</varname>, <varname>StatusBusError</varname>,

man/rules/meson.build

@@ -1171,7 +1171,7 @@ manpages = [
    'systemd-tmpfiles-setup.service'],
   ''],
  ['systemd-tpm2-clear.service', '8', [], 'ENABLE_BOOTLOADER'],
- ['systemd-tpm2-generator', '8', [], ''],
+ ['systemd-tpm2-generator', '8', [], 'ENABLE_BOOTLOADER'],
  ['systemd-tpm2-setup.service',
   '8',
   ['systemd-tpm2-setup', 'systemd-tpm2-setup-early.service'],

man/systemctl.xml

@@ -1696,7 +1696,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
           <listitem>
             <para>Shut down and reboot the system.</para>
 
-            <para>This command mostly equivalent to <command>systemctl start reboot.target
+            <para>This command is mostly equivalent to <command>systemctl start reboot.target
             --job-mode=replace-irreversibly --no-block</command>, but also prints a wall message to all
             users. This command is asynchronous; it will return after the reboot operation is enqueued,
             without waiting for it to complete.</para>

man/systemd-cryptenroll.xml

@@ -722,7 +722,7 @@
         <listitem><para>Show a list of candidate block devices this command may operate on. Specifically,
         this enumerates block devices currently present that contain a LUKS superblock, and shows their
         device node paths along with any of their symlinks. The devices must implement the
-        <option>hmac-secret</option> extension to be useable.</para>
+        <option>hmac-secret</option> extension to be usable.</para>
 
         <xi:include href="version-info.xml" xpointer="v257"/></listitem>
       </varlistentry>

man/systemd-fstab-generator.xml

@@ -85,8 +85,8 @@
         initrd. This accepts a device node path (usually <filename>/dev/disk/by-uuid/…</filename> or
         <filename>/dev/disk/by-label/…</filename> or similar), or the special values
         <literal>gpt-auto</literal>, <literal>gpt-auto-force</literal>, <literal>dissect</literal>,
-        <literal>dissect-force</literal>, <literal>fstab</literal>, <literal>fstab</literal>, and
-        <literal>off</literal>.</para>
+        <literal>dissect-force</literal>, <literal>fstab</literal>, <literal>tmpfs</literal>,
+        <literal>bind:…</literal>, and <literal>off</literal>.</para>
 
         <para>Set to <literal>gpt-auto</literal>, <literal>gpt-auto-force</literal>,
         <literal>dissect</literal>, <literal>dissect-force</literal> to explicitly request automatic root

man/systemd-vmspawn.xml

@@ -317,7 +317,7 @@
           <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
 
           <para>Defaults to true. (Note that this is unlike the option of the same name to
-          <citerefentry><refentrytitle>systemd-vmspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+          <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
           that defaults to false.)</para>
 
           <xi:include href="version-info.xml" xpointer="v258"/></listitem>

man/systemd.service.xml

@@ -579,11 +579,12 @@
 
       <varlistentry>
         <term><varname>RestartSteps=</varname></term>
-        <listitem><para>Configures the number of steps to take to increase the interval
+        <listitem><para>Configures the number of exponential steps to take to increase the interval
         of auto-restarts from <varname>RestartSec=</varname> to <varname>RestartMaxDelaySec=</varname>.
         Takes a positive integer or 0 to disable it. Defaults to 0.</para>
 
-        <para>This setting is effective only if <varname>RestartMaxDelaySec=</varname> is also set.</para>
+        <para>This setting is effective only if <varname>RestartMaxDelaySec=</varname> is also set and
+        <varname>RestartSec=</varname> is not zero.</para>
 
         <xi:include href="version-info.xml" xpointer="v254"/></listitem>
       </varlistentry>
@@ -595,7 +596,8 @@
         in the same format as <varname>RestartSec=</varname>, or <literal>infinity</literal>
         to disable the setting. Defaults to <literal>infinity</literal>.</para>
 
-        <para>This setting is effective only if <varname>RestartSteps=</varname> is also set.</para>
+        <para>This setting is effective only if <varname>RestartSteps=</varname> is also set and
+        <varname>RestartSec=</varname> is not zero.</para>
 
         <xi:include href="version-info.xml" xpointer="v254"/></listitem>
       </varlistentry>

man/sysusers.d.xml

@@ -119,13 +119,15 @@ r     -        500-900
           bearing the same name unless the ID field specifies it. The account will be
           created disabled, so that logins are not allowed.</para>
 
+          <xi:include href="version-info.xml" xpointer="v215"/>
+
           <para>Type <varname>u</varname> may be suffixed with an exclamation mark (<literal>u!</literal>) to
           create a fully locked account. This is recommended, since logins should typically not be allowed
           for system users. With or without the exclamation mark an invalid password is set. For
           <literal>u!</literal>, the account is also locked, which makes a difference for non-password forms
           of authentication, such as SSH or similar.</para>
 
-          <xi:include href="version-info.xml" xpointer="v215"/></listitem>
+          <xi:include href="version-info.xml" xpointer="v257"/></listitem>
         </varlistentry>
 
         <varlistentry>

man/ukify.xml

@@ -357,7 +357,10 @@
           <listitem><para>The os-release description (the <literal>.osrel</literal> section). The argument
           may be a literal string, or <literal>@</literal> followed by a path name. If not specified, the
           <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file
-          will be picked up from the host system.</para>
+          will be picked up from the host system. If explicitly set to an empty string, the ".osrel" section
+          is omitted from the UKI (this is not recommended in most cases, and causes the resulting artifact
+          to not be recognized as a UKI by other tools like <command>kernel-install</command>
+          and <command>bootctl</command>).</para>
 
           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
         </varlistentry>

meson.build

@@ -1694,6 +1694,8 @@ if conf.get('BPF_FRAMEWORK') == 1
         bpf_clang_flags = [
                 '-std=gnu17',
                 '-Wno-compare-distinct-pointer-types',
+                '-Wno-microsoft-anon-tag',
+                '-fms-extensions',
                 '-fno-stack-protector',
                 '-O2',
                 '-target',
@@ -1704,6 +1706,7 @@ if conf.get('BPF_FRAMEWORK') == 1
 
         bpf_gcc_flags = [
                 '-std=gnu17',
+                '-fms-extensions',
                 '-fno-stack-protector',
                 '-fno-ssa-phiopt',
                 '-O2',

meson.version

@@ -1 +1 @@
-258.3
+258.4

mkosi/mkosi.clangd

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.clean

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 set -e

mkosi/mkosi.conf

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-MinimumVersion=commit:5a476a92deca8ad54869e5d416217aa1bb137b25
+MinimumVersion=commit:14d2d37a1923c03062f55454b2b61d0c64db6238
 Dependencies=
         exitrd
         initrd

mkosi/mkosi.conf.d/arch/systemd.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.conf.d/centos-fedora/mkosi.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.conf.d/centos-fedora/systemd.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.conf.d/debian-ubuntu/systemd.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.conf.d/opensuse/systemd.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.coverage/mkosi.postinst

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.extra.common/usr/lib/systemd/coverage-forwarder

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 logger --journald <<EOF

mkosi/mkosi.extra/usr/lib/modules-load.d/mdadm-workaround.conf

@@ -0,0 +1,10 @@
+# This is a workaround for the issue observed with mdadm-4.5 + linux-6.18.
+# ===
+# + mdadm --create /dev/md/mdmirror ...
+# mdadm: size set to 64512K
+# mdadm: Can't open /sys/module/md_mod/parameters/legacy_async_del_gendisk
+# mdadm: init md module parameters fail
+# ===
+# See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125390
+# Fixed by https://github.com/md-raid-utilities/mdadm/pull/228
+md_mod

mkosi/mkosi.finalize

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: CC-0
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 

mkosi/mkosi.images/exitrd/mkosi.extra/shutdown

@@ -1,4 +1,4 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -eux
 

mkosi/mkosi.images/minimal-base/mkosi.postinst

@@ -1,10 +1,10 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
 # We don't use mkosi.extra because /usr/sbin could be a symlink and cp doesn't handle that properly until
 # coreutils 9.5 or newer.
 cat >"$BUILDROOT/sbin/init" <<EOF
-#!/bin/bash
+#!/usr/bin/env bash
 echo "Hello from dummy init, beautiful day, innit?"
 ip link
 EOF

mkosi/mkosi.postinst.chroot

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 set -o nounset

mkosi/mkosi.sanitizers/mkosi.postinst

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 set -o nounset

mkosi/mkosi.sync

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 set -o nounset

mkosi/mkosi.tools.conf/mkosi.conf.d/debian-ubuntu.conf

@@ -8,7 +8,6 @@ Distribution=|ubuntu
 PrepareScripts=%D/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare
 Packages=
         clang-tools
-        gh
         iwyu
         lcov
         mypy

profile.d/80-systemd-osc-context.sh

@@ -10,6 +10,10 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
+# This implements the UAPI.15 "OSC 3008: Hierarchical Context Signalling"
+# specification for the shell prompt. For details see:
+# https://uapi-group.org/specifications/specs/osc_context/
+
 # Not bash?
 [ -n "${BASH_VERSION:-}" ] || return 0
 

src/analyze/analyze-image-policy.c

@@ -103,7 +103,7 @@ int verb_image_policy(int argc, char *argv[], void *userdata) {
                 else if (streq(argv[i], "@host"))
                         p = &image_policy_host;
                 else {
-                        r = image_policy_from_string(argv[i], &pbuf);
+                        r = image_policy_from_string(argv[i], /* graceful= */ false, &pbuf);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse image policy '%s': %m", argv[i]);
 

src/ask-password/ask-password.c

@@ -282,10 +282,10 @@ typedef struct MethodAskParameters {
 static int vl_method_ask(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
 
         static const sd_json_dispatch_field dispatch_table[] = {
-                { "message",      SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, message),       0 },
-                { "keyname",      SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, keyring),       0 },
-                { "icon",         SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, icon),          0 },
-                { "id",           SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, id),            0 },
+                { "message",      SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, message),       SD_JSON_STRICT },
+                { "keyname",      SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, keyring),       SD_JSON_STRICT },
+                { "icon",         SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, icon),          SD_JSON_STRICT },
+                { "id",           SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(MethodAskParameters, id),            SD_JSON_STRICT },
                 { "timeoutUSec",  _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64,       offsetof(MethodAskParameters, timeout_usec),  0              },
                 { "untilUSec",    _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64,       offsetof(MethodAskParameters, until_usec),    0              },
                 { "acceptCached", SD_JSON_VARIANT_BOOLEAN,       sd_json_dispatch_tristate,     offsetof(MethodAskParameters, accept_cached), 0              },

src/ask-password/meson.build

@@ -7,3 +7,6 @@ executables += [
                 'sources' : files('ask-password.c'),
         },
 ]
+
+install_data('io.systemd.ask-password.policy',
+             install_dir : polkitpolicydir)

src/basic/ansi-color.h

@@ -48,7 +48,7 @@ void reset_ansi_feature_caches(void);
 #define ANSI_BRIGHT_CYAN    "\x1B[0;96m"
 #define ANSI_BRIGHT_WHITE   "\x1B[0;97m"
 
-#define ANSI_GREY    "\x1B[0;38;5;245m"
+#define ANSI_GREY    "\x1B[0;38:5:245m"
 
 /* Bold/highlighted */
 #define ANSI_HIGHLIGHT_BLACK    "\x1B[0;1;30m"

src/basic/cgroup-util.c

@@ -38,7 +38,7 @@
 /* The structure to pass to name_to_handle_at() on cgroupfs2 */
 typedef union {
         struct file_handle file_handle;
-        uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
+        uint8_t space[MAX_HANDLE_SZ];
 } cg_file_handle;
 
 #define CG_FILE_HANDLE_INIT                                     \

src/basic/compress.c

@@ -349,20 +349,18 @@ int decompress_blob_xz(
         assert(dst_size);
 
 #if HAVE_XZ
-        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
-        lzma_ret ret;
-        size_t space;
         int r;
 
         r = dlopen_lzma();
         if (r < 0)
                 return r;
 
-        ret = sym_lzma_stream_decoder(&s, UINT64_MAX, 0);
+        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
+        lzma_ret ret = sym_lzma_stream_decoder(&s, UINT64_MAX, 0);
         if (ret != LZMA_OK)
                 return -ENOMEM;
 
-        space = MIN(src_size * 2, dst_max ?: SIZE_MAX);
+        size_t space = MIN(src_size * 2, dst_max ?: SIZE_MAX);
         if (!greedy_realloc(dst, space, 1))
                 return -ENOMEM;
 
@@ -544,23 +542,21 @@ int decompress_startswith_xz(
         assert(prefix);
 
 #if HAVE_XZ
-        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
-        size_t allocated;
-        lzma_ret ret;
         int r;
 
         r = dlopen_lzma();
         if (r < 0)
                 return r;
 
-        ret = sym_lzma_stream_decoder(&s, UINT64_MAX, 0);
+        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
+        lzma_ret ret = sym_lzma_stream_decoder(&s, UINT64_MAX, 0);
         if (ret != LZMA_OK)
                 return -EBADMSG;
 
         if (!(greedy_realloc(buffer, ALIGN_8(prefix_len + 1), 1)))
                 return -ENOMEM;
 
-        allocated = MALLOC_SIZEOF_SAFE(*buffer);
+        size_t allocated = MALLOC_SIZEOF_SAFE(*buffer);
 
         s.next_in = src;
         s.avail_in = src_size;
@@ -766,22 +762,21 @@ int compress_stream_xz(int fdf, int fdt, uint64_t max_bytes, uint64_t *ret_uncom
         assert(fdt >= 0);
 
 #if HAVE_XZ
-        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
-        lzma_ret ret;
-        uint8_t buf[BUFSIZ], out[BUFSIZ];
-        lzma_action action = LZMA_RUN;
         int r;
 
         r = dlopen_lzma();
         if (r < 0)
                 return r;
 
-        ret = sym_lzma_easy_encoder(&s, LZMA_PRESET_DEFAULT, LZMA_CHECK_CRC64);
+        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
+        lzma_ret ret = sym_lzma_easy_encoder(&s, LZMA_PRESET_DEFAULT, LZMA_CHECK_CRC64);
         if (ret != LZMA_OK)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Failed to initialize XZ encoder: code %u",
                                        ret);
 
+        uint8_t buf[BUFSIZ], out[BUFSIZ];
+        lzma_action action = LZMA_RUN;
         for (;;) {
                 if (s.avail_in == 0 && action == LZMA_RUN) {
                         size_t m = sizeof(buf);
@@ -946,23 +941,21 @@ int decompress_stream_xz(int fdf, int fdt, uint64_t max_bytes) {
         assert(fdt >= 0);
 
 #if HAVE_XZ
-        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
-        lzma_ret ret;
-
-        uint8_t buf[BUFSIZ], out[BUFSIZ];
-        lzma_action action = LZMA_RUN;
         int r;
 
         r = dlopen_lzma();
         if (r < 0)
                 return r;
 
-        ret = sym_lzma_stream_decoder(&s, UINT64_MAX, 0);
+        _cleanup_(lzma_end_wrapper) lzma_stream s = LZMA_STREAM_INIT;
+        lzma_ret ret = sym_lzma_stream_decoder(&s, UINT64_MAX, 0);
         if (ret != LZMA_OK)
                 return log_debug_errno(SYNTHETIC_ERRNO(ENOMEM),
                                        "Failed to initialize XZ decoder: code %u",
                                        ret);
 
+        uint8_t buf[BUFSIZ], out[BUFSIZ];
+        lzma_action action = LZMA_RUN;
         for (;;) {
                 if (s.avail_in == 0 && action == LZMA_RUN) {
                         ssize_t n;

src/basic/filesystem-sets.py

@@ -56,6 +56,7 @@ NAME_TO_MAGIC = {
     # gfs is an old version of gfs2 and reuses the magic
     'gfs':             ['GFS2_MAGIC'],
     'gfs2':            ['GFS2_MAGIC'],
+    'gmem':            ['GUEST_MEMFD_MAGIC'],
     'hostfs':          ['HOSTFS_SUPER_MAGIC'],
     'hpfs':            ['HPFS_SUPER_MAGIC'],
     'hugetlbfs':       ['HUGETLBFS_MAGIC'],

src/basic/parse-util.c

@@ -61,7 +61,7 @@ int parse_tristate_full(const char *v, const char *third, int *ret) {
         return 0;
 }
 
-int parse_pid(const char *s, pid_t* ret_pid) {
+int parse_pid(const char *s, pid_t *ret) {
         unsigned long ul = 0;
         pid_t pid;
         int r;
@@ -80,8 +80,8 @@ int parse_pid(const char *s, pid_t* ret_pid) {
         if (!pid_is_valid(pid))
                 return -ERANGE;
 
-        if (ret_pid)
-                *ret_pid = pid;
+        if (ret)
+                *ret = pid;
         return 0;
 }
 

src/basic/parse-util.h

@@ -10,7 +10,7 @@ int parse_tristate_full(const char *v, const char *third, int *ret);
 static inline int parse_tristate(const char *v, int *ret) {
         return parse_tristate_full(v, NULL, ret);
 }
-int parse_pid(const char *s, pid_t* ret_pid);
+int parse_pid(const char *s, pid_t *ret);
 int parse_mode(const char *s, mode_t *ret);
 int parse_ifindex(const char *s);
 int parse_mtu(int family, const char *s, uint32_t *ret);

src/basic/pidfd-util.c

@@ -239,7 +239,7 @@ int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {
         if (file_handle_supported) {
                 union {
                         struct file_handle file_handle;
-                        uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
+                        uint8_t space[MAX_HANDLE_SZ];
                 } fh = {
                         .file_handle.handle_bytes = sizeof(uint64_t),
                         .file_handle.handle_type = FILEID_KERNFS,

src/basic/process-util.c

@@ -4,6 +4,7 @@
 #include <pthread.h>
 #include <spawn.h>
 #include <stdio.h>
+#include <sys/mman.h>
 #include <sys/mount.h>
 #include <sys/personality.h>
 #include <sys/prctl.h>
@@ -20,6 +21,7 @@
 #include "alloc-util.h"
 #include "architecture.h"
 #include "argv-util.h"
+#include "capability-util.h"
 #include "cgroup-util.h"
 #include "dirent-util.h"
 #include "env-file.h"
@@ -2289,6 +2291,26 @@ int proc_dir_read_pidref(DIR *d, PidRef *ret) {
         return 0;
 }
 
+int safe_mlockall(int flags) {
+        int r;
+
+        /* When dealing with sensitive data, let's lock ourselves into memory. We do this only when
+         * privileged however, as otherwise the amount of lockable memory that RLIMIT_MEMLOCK grants us is
+         * frequently too low to make this work. The resource limit has no effect on CAP_IPC_LOCK processes,
+         * hence that's the capability we check for. */
+        r = have_effective_cap(CAP_IPC_LOCK);
+        if (r < 0)
+                return log_debug_errno(r, "Failed to determine if we have CAP_IPC_LOCK: %m");
+        if (r == 0)
+                return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Lacking CAP_IPC_LOCK, skipping mlockall().");
+
+        if (mlockall(flags) < 0)
+                return log_debug_errno(errno, "Failed to call mlockall(): %m");
+
+        log_debug("Successfully called mlockall().");
+        return 0;
+}
+
 static const char *const sigchld_code_table[] = {
         [CLD_EXITED] = "exited",
         [CLD_KILLED] = "killed",

src/basic/process-util.h

@@ -265,5 +265,7 @@ int proc_dir_open(DIR **ret);
 int proc_dir_read(DIR *d, pid_t *ret);
 int proc_dir_read_pidref(DIR *d, PidRef *ret);
 
+int safe_mlockall(int flags);
+
 _noreturn_ void report_errno_and_exit(int errno_fd, int error);
 int read_errno(int errno_fd);

src/basic/stat-util.c

@@ -415,6 +415,8 @@ int path_is_network_fs(const char *path) {
 }
 
 int proc_mounted(void) {
+        /* This is typically used in error path. So, it is better to not overwrite the original errno. */
+        PROTECT_ERRNO;
         int r;
 
         /* A quick check of procfs is properly mounted */

src/basic/string-util.c

@@ -735,7 +735,7 @@ char* strip_tab_ansi(char **ibuf, size_t *_isz, size_t highlight[2]) {
                 case STATE_CSI:
                         assert(n_carriage_returns == 0);
 
-                        if (eot || !strchr("01234567890;m", *i)) { /* EOT or invalid chars in sequence */
+                        if (eot || !strchr(DIGITS ";:m", *i)) { /* EOT or invalid chars in sequence */
                                 fputc('\x1B', f);
                                 fputc('[', f);
                                 advance_offsets(i - *ibuf, highlight, shift, 2);

src/basic/terminal-util.c

@@ -969,7 +969,8 @@ static int terminal_reset_ansi_seq(int fd) {
 
         k = loop_write_full(fd,
                             "\033[!p"              /* soft terminal reset */
-                            "\033]104\007" /* reset colors */
+                            ANSI_OSC "104" ANSI_ST /* reset color palette via OSC 104 */
+                            ANSI_NORMAL            /* reset colors */
                             "\033[?7h"             /* enable line-wrapping */
                             "\033[1G"              /* place cursor at beginning of current line */
                             "\033[0J",             /* erase till end of screen */

src/basic/time-util.c

@@ -1735,6 +1735,39 @@ bool in_utc_timezone(void) {
         return timezone == 0 && daylight == 0;
 }
 
+int usleep_safe(usec_t usec) {
+        int r;
+
+        /* usleep() takes useconds_t that is (typically?) uint32_t. Also, usleep() may only support the
+         * range [0, 1000000]. See usleep(3). Let's override usleep() with clock_nanosleep().
+         *
+         * ⚠️ Note we are not using plain nanosleep() here, since that operates on CLOCK_REALTIME, not
+         *    CLOCK_MONOTONIC! */
+
+        if (usec == 0)
+                return 0;
+
+        if (usec == USEC_INFINITY)
+                return RET_NERRNO(pause());
+
+        struct timespec t;
+        timespec_store(&t, usec);
+
+        for (;;) {
+                struct timespec remaining;
+
+                /* `clock_nanosleep()` does not use `errno`, but returns positive error codes. */
+                r = -clock_nanosleep(CLOCK_MONOTONIC, /* flags= */ 0, &t, &remaining);
+                if (r == -EINTR) {
+                        /* Interrupted. Continue sleeping for the remaining time. */
+                        t = remaining;
+                        continue;
+                }
+
+                return r;
+        }
+}
+
 int time_change_fd(void) {
 
         /* We only care for the cancellation event, hence we set the timeout to the latest possible value. */

src/basic/time-util.h

@@ -205,19 +205,7 @@ static inline usec_t usec_sub_signed(usec_t timestamp, int64_t delta) {
         return usec_sub_unsigned(timestamp, (usec_t) delta);
 }
 
-static inline int usleep_safe(usec_t usec) {
-        /* usleep() takes useconds_t that is (typically?) uint32_t. Also, usleep() may only support the
-         * range [0, 1000000]. See usleep(3). Let's override usleep() with clock_nanosleep().
-         *
-         * ⚠️ Note we are not using plain nanosleep() here, since that operates on CLOCK_REALTIME, not
-         *    CLOCK_MONOTONIC! */
-
-        if (usec == 0)
-                return 0;
-
-        /* `clock_nanosleep()` does not use `errno`, but returns positive error codes. */
-        return -clock_nanosleep(CLOCK_MONOTONIC, 0, TIMESPEC_STORE(usec), NULL);
-}
+int usleep_safe(usec_t usec);
 
 /* The last second we can format is 31. Dec 9999, 1s before midnight, because otherwise we'd enter 5 digit
  * year territory. However, since we want to stay away from this in all timezones we take one day off. */

src/bless-boot/bless-boot-generator.c

@@ -26,6 +26,11 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
                 return 0;
         }
 
+        if (generator_soft_rebooted()) {
+                log_debug("Skipping generator, current system is entered via soft-reboot.");
+                return 0;
+        }
+
         if (!is_efi_boot()) {
                 log_debug("Skipping generator, not an EFI boot.");
                 return 0;

src/boot/efi-string.c

@@ -497,7 +497,8 @@ char* line_get_key_value(char *s, const char *sep, size_t *pos, char **ret_key,
                         value++;
 
                 /* unquote */
-                if (value[0] == '"' && line[linelen - 1] == '"') {
+                if ((value[0] == '"' && line[linelen - 1] == '"') ||
+                    (value[0] == '\'' && line[linelen - 1] == '\'')) {
                         value++;
                         line[linelen - 1] = '\0';
                 }

src/boot/stub.c

@@ -1289,9 +1289,9 @@ static EFI_STATUS run(EFI_HANDLE image) {
 
         /* Combine the initrds into one */
         _cleanup_pages_ Pages initrd_pages = {};
-        struct iovec final_initrd;
+        struct iovec final_initrd = {};
         if (n_all_initrds > 1) {
-                /* There will always be a base initrd, if this counter is higher, we need to combine them */
+                /* If there is more then 1 initrd we need to combine them */
                 err = combine_initrds(all_initrds, n_all_initrds, &initrd_pages, &final_initrd.iov_len);
                 if (err != EFI_SUCCESS)
                         return err;
@@ -1300,7 +1300,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
 
                 /* Given these might be large let's free them explicitly before we pass control to Linux */
                 initrds_free(&initrds);
-        } else
+        } else if (n_all_initrds == 1)
                 final_initrd = all_initrds[0];
 
         struct iovec kernel = IOVEC_MAKE(

src/core/dbus-execute.c

@@ -3925,7 +3925,7 @@ int bus_exec_context_set_transient_property(
                 if (r < 0)
                         return r;
 
-                if (empty) {
+                if (!UNIT_WRITE_FLAGS_NOOP(flags) && empty) {
                         bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
                         c->bind_mounts = NULL;
                         c->n_bind_mounts = 0;
@@ -3970,7 +3970,7 @@ int bus_exec_context_set_transient_property(
                 if (r < 0)
                         return r;
 
-                if (empty) {
+                if (!UNIT_WRITE_FLAGS_NOOP(flags) && empty) {
                         temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
                         c->temporary_filesystems = NULL;
                         c->n_temporary_filesystems = 0;
@@ -4319,7 +4319,7 @@ int bus_exec_context_set_transient_property(
                 if (r < 0)
                         return r;
 
-                r = image_policy_from_string(s, &p);
+                r = image_policy_from_string(s, /* graceful= */ true, &p);
                 if (r < 0)
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Failed to parse image policy string: %s", s);
 

src/core/dbus-unit.c

@@ -1199,7 +1199,7 @@ static int property_get_cpu_usage(
 
         r = unit_get_cpu_usage(u, &ns);
         if (r < 0 && r != -ENODATA)
-                log_unit_warning_errno(u, r, "Failed to get cpuacct.usage attribute: %m");
+                log_unit_warning_errno(u, r, "Failed to get CPU usage: %m");
 
         return sd_bus_message_append(reply, "t", ns);
 }

src/core/dynamic-user.c

@@ -736,11 +736,20 @@ int dynamic_user_lookup_name(Manager *m, const char *name, uid_t *ret) {
         if (!d)
                 return -ESRCH;
 
-        r = dynamic_user_current(d, ret);
+        uid_t uid;
+        r = dynamic_user_current(d, &uid);
         if (r == -EAGAIN) /* not realized yet? */
                 return -ESRCH;
-
+        if (r < 0)
                 return r;
+
+        if (!uid_is_dynamic(uid))
+                return -ESRCH;
+
+        if (ret)
+                *ret = uid;
+
+        return 0;
 }
 
 int dynamic_creds_make(Manager *m, const char *user, const char *group, DynamicCreds **ret) {

src/core/execute-serialize.c

@@ -3726,21 +3726,21 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
                         if (c->root_image_policy)
                                 return -EINVAL; /* duplicated */
 
-                        r = image_policy_from_string(val, &c->root_image_policy);
+                        r = image_policy_from_string(val, /* graceful= */ true, &c->root_image_policy);
                         if (r < 0)
                                 return r;
                 } else if ((val = startswith(l, "exec-context-mount-image-policy="))) {
                         if (c->mount_image_policy)
                                 return -EINVAL; /* duplicated */
 
-                        r = image_policy_from_string(val, &c->mount_image_policy);
+                        r = image_policy_from_string(val, /* graceful= */ true, &c->mount_image_policy);
                         if (r < 0)
                                 return r;
                 } else if ((val = startswith(l, "exec-context-extension-image-policy="))) {
                         if (c->extension_image_policy)
                                 return -EINVAL; /* duplicated */
 
-                        r = image_policy_from_string(val, &c->extension_image_policy);
+                        r = image_policy_from_string(val, /* graceful= */ true, &c->extension_image_policy);
                         if (r < 0)
                                 return r;
                 } else

src/core/job.c

@@ -789,7 +789,7 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
                                 log_unit_struct(
                                         u,
                                         job_done_messages[result].log_level,
-                                        LOG_MESSAGE("%s was skipped because no trigger condition checks were met.",
+                                        LOG_MESSAGE("%s skipped, no trigger condition checks were met.",
                                                     ident),
                                         LOG_ITEM("JOB_ID=%" PRIu32, job_id),
                                         LOG_ITEM("JOB_TYPE=%s", job_type_to_string(t)),
@@ -800,7 +800,7 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
                                 log_unit_struct(
                                         u,
                                         job_done_messages[result].log_level,
-                                        LOG_MESSAGE("%s was skipped because of an unmet condition check (%s=%s%s).",
+                                        LOG_MESSAGE("%s skipped, unmet condition check %s=%s%s",
                                                     ident,
                                                     condition_type_to_string(c->type),
                                                     c->negate ? "!" : "",

src/core/main.c

@@ -2805,7 +2805,7 @@ static void determine_default_oom_score_adjust(void) {
                 return (void) log_warning_errno(r, "Failed to determine current OOM score adjustment value, ignoring: %m");
 
         assert_cc(100 <= OOM_SCORE_ADJ_MAX);
-        b = a >= OOM_SCORE_ADJ_MAX - 100 ? OOM_SCORE_ADJ_MAX : a + 100;
+        b = saturate_add(a, 100, OOM_SCORE_ADJ_MAX);
 
         if (a == b)
                 return;

src/core/manager.c

@@ -2269,6 +2269,11 @@ int manager_propagate_reload(Manager *m, Unit *unit, JobMode mode, sd_bus_error
                         tr->anchor_job,
                         mode == JOB_IGNORE_DEPENDENCIES ? TRANSACTION_IGNORE_ORDER : 0);
 
+        /* Only activate the transaction if it contains jobs other than NOP anchor.
+         * Short-circuiting here avoids unnecessary processing, such as emitting D-Bus signals. */
+        if (hashmap_size(tr->jobs) <= 1)
+                return 0;
+
         r = transaction_activate(tr, m, mode, NULL, e);
         if (r < 0)
                 return r;