network/nexthop: add one more assertion

This may help issue #35164.

hwdb.d/60-keyboard.hwdb

@@ -1438,11 +1438,6 @@ evdev:input:b0003v046DpC309*
  KEYBOARD_KEY_c01b6=images                              # My Pictures (F11)
  KEYBOARD_KEY_c01b7=audio                               # My Music (F12)
 
-# Logitech MX Keys for Mac
-evdev:input:b0003v046Dp4092*
- KEYBOARD_KEY_70035=102nd                               # '<' key
- KEYBOARD_KEY_70064=grave                               # '^' key
-
 ###########################################################
 # Maxdata
 ###########################################################

hwdb.d/60-sensor.hwdb

@@ -953,15 +953,6 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
 sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
  ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 
-#########################################
-# Pine64
-#########################################
-
-# PineTab2
-
-sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
- ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
-
 #########################################
 # Pipo
 #########################################

man/systemd-cryptenroll.xml

@@ -265,11 +265,32 @@
   </refsect1>
 
   <refsect1>
-    <title>Unlocking</title>
+    <title>Options</title>
 
-    <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
+    <para>The following options are understood:</para>
 
     <variablelist>
+      <varlistentry>
+        <term><option>--password</option></term>
+
+        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
+        <command>cryptsetup luksAddKey</command>, however may be combined with
+        <option>--wipe-slot=</option> in one call, see below.</para>
+
+        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--recovery-key</option></term>
+
+        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
+        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
+        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
+        </para>
+
+        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
 
@@ -307,45 +328,7 @@
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>Simple Enrollment</title>
-
-    <para>The following options are understood that may be used to enroll simple user input based
-    unlocking:</para>
-
-    <variablelist>
-      <varlistentry>
-        <term><option>--password</option></term>
-
-        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
-        <command>cryptsetup luksAddKey</command>, however may be combined with
-        <option>--wipe-slot=</option> in one call, see below.</para>
-
-        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--recovery-key</option></term>
-
-        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
-        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
-        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
-        </para>
-
-        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>PKCS#11 Enrollment</title>
-
-    <para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
 
@@ -378,15 +361,7 @@
 
         <xi:include href="version-info.xml" xpointer="v248"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>FIDO2 Enrollment</title>
-
-    <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
         <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@@ -486,15 +461,7 @@
 
         <xi:include href="version-info.xml" xpointer="v249"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>TPM2 Enrollment</title>
-
-    <para>The following options are understood that may be used to enroll TPM2 devices:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
 
@@ -669,15 +636,7 @@
 
         <xi:include href="version-info.xml" xpointer="v255"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>Other Options</title>
-
-    <para>The following additional options are understood:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
 

po/uk.po

@@ -9,8 +9,8 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-11-21 19:38+0000\n"
-"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+"PO-Revision-Date: 2024-11-20 19:13+0000\n"
+"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
 "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
 "systemd/main/uk/>\n"
 "Language: uk\n"
@@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
 
 #: src/home/org.freedesktop.home1.policy:53
 msgid "Update your home area"
-msgstr "Оновлення домашньої області"
+msgstr "Оновіть свій домашній простір"
 
 #: src/home/org.freedesktop.home1.policy:54
 msgid "Authentication is required to update your home area."
-msgstr "Для оновлення домашньої області слід пройти розпізнавання."
+msgstr "Для оновлення домашньої області потрібна автентифікація."
 
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
 
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
 msgid "Authentication is required to manage optional features"
-msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
+msgstr "Для керування додатковими функціями потрібна автентифікація"
 
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"

shell-completion/bash/systemd-cryptenroll

@@ -38,12 +38,19 @@ __get_tpm2_devices() {
     done
 }
 
+__get_block_devices() {
+    local i
+    for i in /dev/*; do
+        [ -b "$i" ] && printf '%s\n' "$i"
+    done
+}
+
 _systemd_cryptenroll() {
     local comps
     local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
     local -A OPTS=(
         [STANDALONE]='-h --help --version
-                     --password --recovery-key --list-devices'
+                     --password --recovery-key'
         [ARG]='--unlock-key-file
                --unlock-fido2-device
                --unlock-tpm2-device
@@ -109,7 +116,7 @@ _systemd_cryptenroll() {
         return 0
     fi
 
-    comps=$(systemd-cryptenroll --list-devices)
+    comps=$(__get_block_devices)
     COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
     return 0
 }

src/basic/linux/auto_fs.h

@@ -21,7 +21,7 @@
 #define AUTOFS_MIN_PROTO_VERSION	3
 #define AUTOFS_MAX_PROTO_VERSION	5
 
-#define AUTOFS_PROTO_SUBVERSION		6
+#define AUTOFS_PROTO_SUBVERSION		5
 
 /*
  * The wait_queue_token (autofs_wqt_t) is part of a structure which is passed

src/basic/linux/bpf.h

@@ -1121,9 +1121,6 @@ enum bpf_attach_type {
 
 #define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
 
-/* Add BPF_LINK_TYPE(type, name) in bpf_types.h to keep bpf_link_type_strs[]
- * in sync with the definitions below.
- */
 enum bpf_link_type {
 	BPF_LINK_TYPE_UNSPEC = 0,
 	BPF_LINK_TYPE_RAW_TRACEPOINT = 1,
@@ -2854,7 +2851,7 @@ union bpf_attr {
  * 		  **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**,
  * 		  **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**,
  * 		  **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**,
- *		  **TCP_BPF_RTO_MIN**, **TCP_BPF_SOCK_OPS_CB_FLAGS**.
+ * 		  **TCP_BPF_RTO_MIN**.
  * 		* **IPPROTO_IP**, which supports *optname* **IP_TOS**.
  * 		* **IPPROTO_IPV6**, which supports the following *optname*\ s:
  * 		  **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**.
@@ -5522,12 +5519,11 @@ union bpf_attr {
  *		**-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
  *		invalid arguments are passed.
  *
- * void *bpf_kptr_xchg(void *dst, void *ptr)
+ * void *bpf_kptr_xchg(void *map_value, void *ptr)
  *	Description
- *		Exchange kptr at pointer *dst* with *ptr*, and return the old value.
- *		*dst* can be map value or local kptr. *ptr* can be NULL, otherwise
- *		it must be a referenced pointer which will be released when this helper
- *		is called.
+ *		Exchange kptr at pointer *map_value* with *ptr*, and return the
+ *		old value. *ptr* can be NULL, otherwise it must be a referenced
+ *		pointer which will be released when this helper is called.
  *	Return
  *		The old value of kptr (which can be NULL). The returned pointer
  *		if not NULL, is a reference which must be released using its
@@ -6050,6 +6046,11 @@ enum {
 	BPF_F_MARK_ENFORCE		= (1ULL << 6),
 };
 
+/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
+enum {
+	BPF_F_INGRESS			= (1ULL << 0),
+};
+
 /* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
 enum {
 	BPF_F_TUNINFO_IPV6		= (1ULL << 0),
@@ -6196,12 +6197,10 @@ enum {
 	BPF_F_BPRM_SECUREEXEC	= (1ULL << 0),
 };
 
-/* Flags for bpf_redirect and bpf_redirect_map helpers */
+/* Flags for bpf_redirect_map helper */
 enum {
-	BPF_F_INGRESS		= (1ULL << 0), /* used for skb path */
-	BPF_F_BROADCAST		= (1ULL << 3), /* used for XDP path */
-	BPF_F_EXCLUDE_INGRESS	= (1ULL << 4), /* used for XDP path */
-#define BPF_F_REDIRECT_FLAGS (BPF_F_INGRESS | BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS)
+	BPF_F_BROADCAST		= (1ULL << 3),
+	BPF_F_EXCLUDE_INGRESS	= (1ULL << 4),
 };
 
 #define __bpf_md_ptr(type, name)	\
@@ -7081,7 +7080,6 @@ enum {
 	TCP_BPF_SYN		= 1005, /* Copy the TCP header */
 	TCP_BPF_SYN_IP		= 1006, /* Copy the IP[46] and TCP header */
 	TCP_BPF_SYN_MAC         = 1007, /* Copy the MAC, IP[46], and TCP header */
-	TCP_BPF_SOCK_OPS_CB_FLAGS = 1008, /* Get or Set TCP sock ops flags */
 };
 
 enum {
@@ -7514,13 +7512,4 @@ struct bpf_iter_num {
 	__u64 __opaque[1];
 } __attribute__((aligned(8)));
 
-/*
- * Flags to control BPF kfunc behaviour.
- *     - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective
- *       helper documentation for details.)
- */
-enum bpf_kfunc_flags {
-	BPF_F_PAD_ZEROS = (1ULL << 0),
-};
-
 #endif /* __LINUX_BPF_H__ */

src/basic/linux/const.h

@@ -28,23 +28,6 @@
 #define _BITUL(x)	(_UL(1) << (x))
 #define _BITULL(x)	(_ULL(1) << (x))
 
-#if !defined(__ASSEMBLY__)
-/*
- * Missing __asm__ support
- *
- * __BIT128() would not work in the __asm__ code, as it shifts an
- * 'unsigned __init128' data type as direct representation of
- * 128 bit constants is not supported in the gcc compiler, as
- * they get silently truncated.
- *
- * TODO: Please revisit this implementation when gcc compiler
- * starts representing 128 bit constants directly like long
- * and unsigned long etc. Subsequently drop the comment for
- * GENMASK_U128() which would then start supporting __asm__ code.
- */
-#define _BIT128(x)	((unsigned __int128)(1) << (x))
-#endif
-
 #define __ALIGN_KERNEL(x, a)		__ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
 #define __ALIGN_KERNEL_MASK(x, mask)	(((x) + (mask)) & ~(mask))
 

src/basic/linux/ethtool.h

@@ -2531,20 +2531,4 @@ struct ethtool_link_settings {
 	 * __u32 map_lp_advertising[link_mode_masks_nwords];
 	 */
 };
-
-/**
- * enum phy_upstream - Represents the upstream component a given PHY device
- * is connected to, as in what is on the other end of the MII bus. Most PHYs
- * will be attached to an Ethernet MAC controller, but in some cases, there's
- * an intermediate PHY used as a media-converter, which will driver another
- * MII interface as its output.
- * @PHY_UPSTREAM_MAC: Upstream component is a MAC (a switch port,
- *		      or ethernet controller)
- * @PHY_UPSTREAM_PHY: Upstream component is a PHY (likely a media converter)
- */
-enum phy_upstream {
-	PHY_UPSTREAM_MAC,
-	PHY_UPSTREAM_PHY,
-};
-
 #endif /* _LINUX_ETHTOOL_H */

src/basic/linux/fib_rules.h

@@ -67,7 +67,6 @@ enum {
 	FRA_IP_PROTO,	/* ip proto */
 	FRA_SPORT_RANGE, /* sport */
 	FRA_DPORT_RANGE, /* dport */
-	FRA_DSCP,	/* dscp */
 	__FRA_MAX
 };
 

src/basic/linux/if_packet.h

@@ -230,8 +230,8 @@ struct tpacket_hdr_v1 {
 	 * ts_first_pkt:
 	 *		Is always the time-stamp when the block was opened.
 	 *		Case a)	ZERO packets
-	 *			No packets to deal with but at least you know
-	 *			the time-interval of this block.
+	 *			No packets to deal with but atleast you know the
+	 *			time-interval of this block.
 	 *		Case b) Non-zero packets
 	 *			Use the ts of the first packet in the block.
 	 *
@@ -265,8 +265,7 @@ enum tpacket_versions {
    - struct tpacket_hdr
    - pad to TPACKET_ALIGNMENT=16
    - struct sockaddr_ll
-   - Gap, chosen so that packet data (Start+tp_net) aligns to
-     TPACKET_ALIGNMENT=16
+   - Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16
    - Start+tp_mac: [ Optional MAC header ]
    - Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
    - Pad to align to TPACKET_ALIGNMENT=16

src/basic/linux/in.h

@@ -141,7 +141,7 @@ struct in_addr {
  */
 #define IP_PMTUDISC_INTERFACE		4
 /* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
- * fragmented if they exceed the interface mtu
+ * fragmented if they exeed the interface mtu
  */
 #define IP_PMTUDISC_OMIT		5
 

src/basic/linux/libc-compat.h

@@ -140,6 +140,25 @@
 
 #endif /* _NETINET_IN_H */
 
+/* Coordinate with glibc netipx/ipx.h header. */
+#if defined(__NETIPX_IPX_H)
+
+#define __UAPI_DEF_SOCKADDR_IPX			0
+#define __UAPI_DEF_IPX_ROUTE_DEFINITION		0
+#define __UAPI_DEF_IPX_INTERFACE_DEFINITION	0
+#define __UAPI_DEF_IPX_CONFIG_DATA		0
+#define __UAPI_DEF_IPX_ROUTE_DEF		0
+
+#else /* defined(__NETIPX_IPX_H) */
+
+#define __UAPI_DEF_SOCKADDR_IPX			1
+#define __UAPI_DEF_IPX_ROUTE_DEFINITION		1
+#define __UAPI_DEF_IPX_INTERFACE_DEFINITION	1
+#define __UAPI_DEF_IPX_CONFIG_DATA		1
+#define __UAPI_DEF_IPX_ROUTE_DEF		1
+
+#endif /* defined(__NETIPX_IPX_H) */
+
 /* Definitions for xattr.h */
 #if defined(_SYS_XATTR_H)
 #define __UAPI_DEF_XATTR		0
@@ -221,6 +240,23 @@
 #define __UAPI_DEF_IP6_MTUINFO		1
 #endif
 
+/* Definitions for ipx.h */
+#ifndef __UAPI_DEF_SOCKADDR_IPX
+#define __UAPI_DEF_SOCKADDR_IPX			1
+#endif
+#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
+#define __UAPI_DEF_IPX_ROUTE_DEFINITION		1
+#endif
+#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
+#define __UAPI_DEF_IPX_INTERFACE_DEFINITION	1
+#endif
+#ifndef __UAPI_DEF_IPX_CONFIG_DATA
+#define __UAPI_DEF_IPX_CONFIG_DATA		1
+#endif
+#ifndef __UAPI_DEF_IPX_ROUTE_DEF
+#define __UAPI_DEF_IPX_ROUTE_DEF		1
+#endif
+
 /* Definitions for xattr.h */
 #ifndef __UAPI_DEF_XATTR
 #define __UAPI_DEF_XATTR		1

src/basic/linux/netfilter/nf_tables.h

@@ -436,7 +436,7 @@ enum nft_set_elem_flags {
  * @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
  * @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
  * @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
- * @NFTA_SET_ELEM_TIMEOUT: timeout value, zero means never times out (NLA_U64)
+ * @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64)
  * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
  * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
  * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
@@ -1694,7 +1694,7 @@ enum nft_flowtable_flags {
  *
  * @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING)
  * @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
- * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration (NLA_NESTED)
+ * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32)
  * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
  * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
  * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)

src/basic/linux/nexthop.h

@@ -16,15 +16,10 @@ struct nhmsg {
 struct nexthop_grp {
 	__u32	id;	  /* nexthop id - must exist */
 	__u8	weight;   /* weight of this nexthop */
-	__u8	weight_high;	/* high order bits of weight */
+	__u8	resvd1;
 	__u16	resvd2;
 };
 
-static __inline__ __u16 nexthop_grp_weight(const struct nexthop_grp *entry)
-{
-	return ((entry->weight_high << 8) | entry->weight) + 1;
-}
-
 enum {
 	NEXTHOP_GRP_TYPE_MPATH,  /* hash-threshold nexthop group
 				  * default type if not specified
@@ -38,9 +33,6 @@ enum {
 #define NHA_OP_FLAG_DUMP_STATS		BIT(0)
 #define NHA_OP_FLAG_DUMP_HW_STATS	BIT(1)
 
-/* Response OP_FLAGS. */
-#define NHA_OP_FLAG_RESP_GRP_RESVD_0	BIT(31)	/* Dump clears resvd fields. */
-
 enum {
 	NHA_UNSPEC,
 	NHA_ID,		/* u32; id for nexthop. id == 0 means auto-assign */

src/basic/namespace-util.c

@@ -531,24 +531,20 @@ int is_idmapping_supported(const char *path) {
         userns_fd = userns_acquire(uid_map, gid_map);
         if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
                 return false;
-        if (userns_fd == -ENOSPC) {
-                log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m");
-                return false;
-        }
         if (userns_fd < 0)
-                return log_debug_errno(userns_fd, "Failed to acquire new user namespace for checking if '%s' supports ID-mapping: %m", path);
+                return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path);
 
         dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
         if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
                 return false;
         if (dir_fd < 0)
-                return log_debug_errno(dir_fd, "Failed to open '%s', cannot determine if ID-mapping is supported: %m", path);
+                return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path);
 
         mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
         if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
                 return false;
         if (mount_fd < 0)
-                return log_debug_errno(mount_fd, "Failed to open mount tree '%s', cannot determine if ID-mapping is supported: %m", path);
+                return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path);
 
         r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH,
                        &(struct mount_attr) {
@@ -558,7 +554,7 @@ int is_idmapping_supported(const char *path) {
         if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
                 return false;
         if (r < 0)
-                return log_debug_errno(r, "Failed to set mount attribute to '%s', cannot determine if ID-mapping is supported: %m", path);
+                return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path);
 
         return true;
 }

src/core/service.c

@@ -3426,12 +3426,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
                         return 0;
                 }
 
-                r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
+                r = service_add_fd_store(s, fd, fdn, do_poll);
                 if (r < 0) {
                         log_unit_debug_errno(u, r,
                                              "Failed to store deserialized fd '%s', ignoring: %m", fdn);
                         return 0;
                 }
+
+                TAKE_FD(fd);
         } else if (streq(key, "extra-fd")) {
                 _cleanup_free_ char *fdv = NULL, *fdn = NULL;
                 _cleanup_close_ int fd = -EBADF;

src/cryptenroll/cryptenroll.c

@@ -193,7 +193,7 @@ static int help(void) {
                "\n%3$sSimple Enrollment:%4$s\n"
                "     --password        Enroll a user-supplied password\n"
                "     --recovery-key    Enroll a recovery key\n"
-               "\n%3$sPKCS#11 Enrollment:%4$s\n"
+               "\n%3$sPKCS11 Enrollment:%4$s\n"
                "     --pkcs11-token-uri=URI\n"
                "                       Specify PKCS#11 security token URI\n"
                "\n%3$sFIDO2 Enrollment:%4$s\n"

src/fsck/fsck.c

@@ -98,11 +98,16 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
                 }
         }
 
-        else if (streq(key, "fastboot") && !value)
+#if HAVE_SYSV_COMPAT
+        else if (streq(key, "fastboot") && !value) {
+                log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
                 arg_skip = true;
 
-        else if (streq(key, "forcefsck") && !value)
+        } else if (streq(key, "forcefsck") && !value) {
+                log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
                 arg_force = true;
+        }
+#endif
 
         return 0;
 }

src/libsystemd/sd-varlink/varlink-util.c

@@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
 
         int pidfd = sd_varlink_get_peer_pidfd(v);
         if (pidfd < 0) {
-                if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
+                if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
                         return pidfd;
 
                 pid_t pid;

src/network/networkd-nexthop.c

@@ -78,7 +78,9 @@ static NextHop* nexthop_detach_impl(NextHop *nexthop) {
 
                 nexthop_detach_from_group_members(nexthop);
 
-                hashmap_remove(nexthop->manager->nexthops_by_id, UINT32_TO_PTR(nexthop->id));
+                NextHop *n;
+                n = hashmap_remove(nexthop->manager->nexthops_by_id, UINT32_TO_PTR(nexthop->id));
+                assert(!n || n == nexthop);
                 nexthop->manager = NULL;
                 return nexthop;
         }

src/network/networkd-nexthop.h

@@ -22,7 +22,7 @@ typedef int (*nexthop_netlink_handler_t)(
                 sd_netlink_message *m,
                 Request *req,
                 Link *link,
-                NextHop *nexthop);
+                NextHop *address);
 
 struct NextHop {
         Network *network;

src/nspawn/nspawn.c

@@ -2280,9 +2280,10 @@ static int copy_devnode_one(const char *dest, const char *node, bool ignore_mkno
         r = path_extract_directory(from, &parent);
         if (r < 0)
                 return log_error_errno(r, "Failed to extract directory from %s: %m", from);
-        r = userns_mkdir(dest, parent, 0755, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create directory %s: %m", parent);
+        if (!path_equal(parent, "/dev/")) {
+                if (userns_mkdir(dest, parent, 0755, 0, 0) < 0)
+                        return log_error_errno(r, "Failed to create directory %s: %m", parent);
+        }
 
         if (mknod(to, st.st_mode, st.st_rdev) < 0) {
                 r = -errno; /* Save the original error code. */
@@ -4653,7 +4654,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
 
         ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
         if (!ucred || ucred->pid != inner_child_pid) {
-                log_debug("Received notify message from process that is not the payload's PID 1. Ignoring.");
+                log_debug("Received notify message without valid credentials. Ignoring.");
                 return 0;
         }
 

src/quotacheck/quotacheck.c

@@ -36,9 +36,14 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
                         arg_skip = true;
                 else
                         log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
+        }
 
-        } else if (streq(key, "forcequotacheck") && !value)
+#if HAVE_SYSV_COMPAT
+        else if (streq(key, "forcequotacheck") && !value) {
+                log_warning("Please use 'quotacheck.mode=force' rather than 'forcequotacheck' on the kernel command line. Proceeding anyway.");
                 arg_force = true;
+        }
+#endif
 
         return 0;
 }

src/shared/tpm2-util.h

@@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
 int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
 
 int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
-int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
+int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
 
 /* Default to PCR 7 only */
 #define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)

src/shutdown/detach-dm.c

@@ -98,17 +98,15 @@ static int delete_dm(DeviceMapper *m) {
         assert(major(m->devnum) != 0);
         assert(m->path);
 
-        fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
-        if (fd < 0)
-                log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
-        else {
-                (void) sync_with_progress(fd);
-                fd = safe_close(fd);
-        }
-
         fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
         if (fd < 0)
-                return log_debug_errno(errno, "Failed to open /dev/mapper/control: %m");
+                return -errno;
+
+        _cleanup_close_ int block_fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
+        if (block_fd < 0)
+                log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
+        else
+                (void) sync_with_progress(block_fd);
 
         return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
                 .version = {

src/shutdown/shutdown.c

@@ -211,8 +211,10 @@ static int sync_making_progress(unsigned long long *prev_dirty) {
                         continue;
 
                 errno = 0;
-                if (sscanf(line, "%*s %llu %*s", &ull) != 1)
-                        return log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field: %m");
+                if (sscanf(line, "%*s %llu %*s", &ull) != 1) {
+                        log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field, ignoring: %m");
+                        return false;
+                }
 
                 val += ull;
         }

src/userdb/userdbctl.c

@@ -23,7 +23,6 @@
 #include "user-util.h"
 #include "userdb.h"
 #include "verbs.h"
-#include "virt.h"
 
 static enum {
         OUTPUT_CLASSIC,
@@ -140,16 +139,10 @@ static int show_user(UserRecord *ur, Table *table) {
         return 0;
 }
 
-static bool test_show_mapped(void) {
-        /* Show mapped user range only in environments where user mapping is a thing. */
-        return running_in_userns() > 0;
-}
-
 static const struct {
         uid_t first, last;
         const char *name;
         UserDisposition disposition;
-        bool (*test)(void);
 } uid_range_table[] = {
         {
                 .first = 1,
@@ -182,12 +175,11 @@ static const struct {
                 .last = MAP_UID_MAX,
                 .name = "mapped",
                 .disposition = USER_REGULAR,
-                .test = test_show_mapped,
         },
 };
 
 static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
-        int r, n_added = 0;
+        int r;
 
         assert(table);
 
@@ -200,9 +192,6 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
                 if (!uid_range_covers(p, i->first, i->last - i->first + 1))
                         continue;
 
-                if (i->test && !i->test())
-                        continue;
-
                 name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
                                " begin ", i->name, " users ",
                                special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@@ -260,11 +249,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
                                 TABLE_INT, 1); /* sort after any other entry with the same UID */
                 if (r < 0)
                         return table_log_add_error(r);
-
-                n_added += 2;
         }
 
-        return n_added;
+        return ELEMENTSOF(uid_range_table) * 2;
 }
 
 static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
@@ -578,22 +565,16 @@ static int show_group(GroupRecord *gr, Table *table) {
 }
 
 static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
-        int r, n_added = 0;
+        int r;
 
         assert(table);
 
         FOREACH_ELEMENT(i, uid_range_table) {
                 _cleanup_free_ char *name = NULL, *comment = NULL;
 
-                if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
-                        continue;
-
                 if (!uid_range_covers(p, i->first, i->last - i->first + 1))
                         continue;
 
-                if (i->test && !i->test())
-                        continue;
-
                 name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
                                " begin ", i->name, " groups ",
                                special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@@ -645,11 +626,9 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
                                 TABLE_INT, 1); /* sort after any other entry with the same GID */
                 if (r < 0)
                         return table_log_add_error(r);
-
-                n_added += 2;
         }
 
-        return n_added;
+        return ELEMENTSOF(uid_range_table) * 2;
 }
 
 static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {

test/networkd-test.py

@@ -960,13 +960,10 @@ exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ {{ s/^.*=/
 
         # wait until devices got created
         for _ in range(50):
-            if subprocess.run(['ip', 'link', 'show', 'dev', self.if_router],
-                              stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode == 0:
+            out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.if_router])
+            if b'state UP' in out and b'scope global' in out:
                 break
             time.sleep(0.1)
-        else:
-            subprocess.call(['ip', 'link', 'show', 'dev', self.if_router])
-            self.fail('Timed out waiting for {ifr} created.'.format(ifr=self.if_router))
 
     def shutdown_iface(self):
         '''Remove test interface and stop DHCP server'''

tmpfiles.d/20-systemd-shell-extra.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 {% if LINK_SHELL_EXTRA_DROPIN %}
 L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

tmpfiles.d/20-systemd-ssh-generator.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 {% if LINK_SSH_PROXY_DROPIN %}
 L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

tmpfiles.d/20-systemd-stub.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 # Copy systemd-stub provided metadata such as PCR signature and public key file
 # from initrd into /run/, so that it will survive the initrd stage

tmpfiles.d/20-systemd-userdb.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 {% if LINK_SSHD_USERDB_DROPIN %}
 L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

tmpfiles.d/credstore.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 d /etc/credstore 0700 root root
 d /etc/credstore.encrypted 0700 root root

tmpfiles.d/etc.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 L /etc/os-release - - - - ../usr/lib/os-release
 L+ /etc/mtab - - - - ../proc/self/mounts

tmpfiles.d/home.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 Q /home 0755 - - -
 q /srv 0755 - - -

tmpfiles.d/journal-nocow.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 # Set the NOCOW attribute for directories of journal files. This flag
 # is inherited by their new files and sub-directories. Matters only

tmpfiles.d/legacy.conf.in

@@ -5,28 +5,26 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
-# The functionality provided by these files and directories has been replaced
-# by newer interfaces. Their use is discouraged on legacy-free systems. This
-# configuration is provided to maintain backward compatibility.
+# These files are considered legacy and are unnecessary on legacy-free
+# systems.
 
 d /run/lock 0755 root root -
 L /var/lock - - - - ../run/lock
-
-{% if HAVE_SYSV_COMPAT %}
 {% if CREATE_LOG_DIRS %}
 L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
 {% endif %}
 
 # /run/lock/subsys is used for serializing SysV service execution, and
 # hence without use on SysV-less systems.
+
 d /run/lock/subsys 0755 root root -
 
 # /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
 # kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
 # 'quotacheck.mode=force'
+
 r! /forcefsck
 r! /fastboot
 r! /forcequotacheck
-{% endif %}

tmpfiles.d/meson.build

@@ -35,7 +35,7 @@ in_files = [
         ['20-systemd-stub.conf',          'ENABLE_EFI'],
         ['20-systemd-userdb.conf',        'ENABLE_SSH_USERDB_CONFIG'],
         ['etc.conf'],
-        ['legacy.conf'],
+        ['legacy.conf',                   'HAVE_SYSV_COMPAT'],
         ['static-nodes-permissions.conf'],
         ['systemd.conf'],
         ['var.conf'],

tmpfiles.d/portables.conf

@@ -1,4 +1,4 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 Q /var/lib/portables 0700

tmpfiles.d/provision.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 # Provision additional login messages from credentials, if they are set. Note
 # that these lines are NOPs if the credentials are not set or if the files

tmpfiles.d/systemd-network.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 d$ /run/systemd/netif        0755 systemd-network systemd-network -
 d$ /run/systemd/netif/links  0755 systemd-network systemd-network -

tmpfiles.d/systemd-nspawn.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 Q /var/lib/machines 0700 - - -
 

tmpfiles.d/systemd-resolve.conf

@@ -5,6 +5,6 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

tmpfiles.d/systemd-tmp.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 # Exclude namespace mountpoints created with PrivateTmp=yes
 x /tmp/systemd-private-%b-*

tmpfiles.d/systemd.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 d /run/user 0755 root root -
 {% if ENABLE_UTMP %}

tmpfiles.d/tmp.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 # Clear tmp directories separately, to make them easier to override
 q /tmp 1777 root root 10d

tmpfiles.d/var.conf.in

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 q /var 0755 - - -
 

tmpfiles.d/x11.conf

@@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-# See tmpfiles.d(5) for details.
+# See tmpfiles.d(5) for details
 
 # Make sure these are created by default so that nobody else can
 # or empty them at startup