Merge 9cb3382acd into 3bb398c299

I have been trying to run
https://github.com/include-what-you-use/include-what-you-use on the
systemd repository to hopefully get a handle on the rampant numbers of
includes we have in every file with no idea if any of the symbols coming
from that file are used or not.

While I haven't got it fully working yet, these changes still make sense
IMO and can be merged already.

Except the last commit, all other changes are about removing circular
dependencies between headers which trips up include-what-you-use.
Regardless of the tool, circular dependencies between headers are a code
smell and I think we should get rid of them regardless of whether we end
up using the tool or not.

.github/workflows/build_test.sh

@@ -10,7 +10,7 @@ fatal() { echo >&2 -e "\033[31;1m$1\033[0m"; exit 1; }
 success() { echo >&2 -e "\033[32;1m$1\033[0m"; }
 
 ARGS=(
-    "--optimization=0 -Dopenssl=disabled -Dcryptolib=gcrypt -Ddns-over-tls=gnutls -Dtpm=true -Dtpm2=enabled"
+    "--optimization=0 -Dopenssl=disabled -Dtpm=true -Dtpm2=enabled"
     "--optimization=s -Dutmp=false"
     "--optimization=2 -Dc_args=-Wmaybe-uninitialized -Ddns-over-tls=openssl"
     "--optimization=3 -Db_lto=true -Ddns-over-tls=false"
@@ -67,7 +67,6 @@ PACKAGES=(
 COMPILER="${COMPILER:?}"
 COMPILER_VERSION="${COMPILER_VERSION:?}"
 LINKER="${LINKER:?}"
-CRYPTOLIB="${CRYPTOLIB:?}"
 RELEASE="$(lsb_release -cs)"
 
 # Note: As we use postfixed clang/gcc binaries, we need to override $AR
@@ -150,7 +149,7 @@ for args in "${ARGS[@]}"; do
          CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \
          meson setup \
                -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \
-               -Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \
+               -Dnobody-group=nogroup -Ddebug=false \
                $args build; then
 
         cat build/meson-logs/meson-log.txt

.github/workflows/build_test.yml

@@ -25,11 +25,11 @@ jobs:
       fail-fast: false
       matrix:
         env:
-          - { COMPILER: "gcc",   COMPILER_VERSION: "11", LINKER: "bfd",  CRYPTOLIB: "gcrypt"  }
-          - { COMPILER: "gcc",   COMPILER_VERSION: "13", LINKER: "mold", CRYPTOLIB: "openssl" }
-          - { COMPILER: "clang", COMPILER_VERSION: "14", LINKER: "mold", CRYPTOLIB: "gcrypt"  }
-          - { COMPILER: "clang", COMPILER_VERSION: "16", LINKER: "bfd",  CRYPTOLIB: "openssl" }
-          - { COMPILER: "clang", COMPILER_VERSION: "18", LINKER: "lld",  CRYPTOLIB: "auto"    }
+          - { COMPILER: "gcc",   COMPILER_VERSION: "11", LINKER: "bfd"  }
+          - { COMPILER: "gcc",   COMPILER_VERSION: "13", LINKER: "mold" }
+          - { COMPILER: "clang", COMPILER_VERSION: "14", LINKER: "mold" }
+          - { COMPILER: "clang", COMPILER_VERSION: "16", LINKER: "bfd"  }
+          - { COMPILER: "clang", COMPILER_VERSION: "18", LINKER: "lld"  }
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout

.github/workflows/unit_tests.sh

@@ -41,7 +41,7 @@ function run_meson() {
 
 set -ex
 
-MESON_ARGS=(-Dcryptolib=${CRYPTOLIB:-auto})
+MESON_ARGS=()
 
 # (Re)set the current oom-{score-}adj. For some reason root on GH actions is able to _decrease_
 # its oom-score even after dropping all capabilities (including CAP_SYS_RESOURCE), until the

.github/workflows/unit_tests.yml

@@ -16,18 +16,15 @@ jobs:
   build:
     runs-on: ubuntu-24.04
     concurrency:
-      group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }}
+      group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }}
       cancel-in-progress: true
     strategy:
       fail-fast: false
       matrix:
         run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_RELEASE, CLANG_ASAN_UBSAN, CLANG_ASAN_UBSAN_NO_DEPS]
-        cryptolib: [auto]
         include:
           - run_phase: GCC
-            cryptolib: openssl
           - run_phase: CLANG
-            cryptolib: gcrypt
     steps:
       - name: Repository checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
@@ -38,8 +35,6 @@ jobs:
           sudo sed -i '/^XDG_/d' /etc/environment
           # Pass only specific env variables through sudo, to avoid having
           # the already existing XDG_* stuff on the "other side"
-          sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
+          sudo --preserve-env=GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
       - name: Build & test
-        run: sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
-        env:
-          CRYPTOLIB: ${{ matrix.cryptolib }}
+        run: sudo --preserve-env=GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}

LICENSES/README.md

@@ -32,23 +32,23 @@ The following exceptions apply:
  * some sources under src/udev/ are licensed under **GPL-2.0-or-later**,
    so all udev programs (`systemd-udevd`, `udevadm`, and the udev builtins
    and test programs) are also distributed under **GPL-2.0-or-later**.
- * the header files contained in src/basic/linux/ and src/shared/linux/ are copied
+ * the header files contained in src/basic/include/linux are copied
    verbatim from the Linux kernel source tree and are licensed under **GPL-2.0 WITH
    Linux-syscall-note** and are used within the scope of the Linux-syscall-note
    exception provisions
  * the following sources are licensed under the **LGPL-2.0-or-later** license:
    - src/basic/utf8.c
    - src/shared/initreq.h
- * the src/shared/linux/bpf_insn.h header is copied from the Linux kernel
+ * the src/basic/include/linux/bpf_insn.h header is copied from the Linux kernel
    source tree and is licensed under either **BSD-2-Clause** or **GPL-2.0-only**,
    and thus is included in the systemd build under the BSD-2-Clause license.
- * The src/basic/linux/wireguard.h header is copied from the Linux kernel
+ * The src/basic/include/linux/wireguard.h header is copied from the Linux kernel
    source tree and is licensed under either **MIT** or **GPL-2.0 WITH Linux-syscall-note**,
    and thus is included in the systemd build under the MIT license.
  * the following sources are licensed under the **MIT** license (in case of our
    scripts, to facilitate copying and reuse of those helpers to other projects):
    - hwdb.d/parse_hwdb.py
-   - src/basic/linux/batman_adv.h
+   - src/basic/include/linux/batman_adv.h
    - src/basic/sparse-endian.h
    - tools/catalog-report.py
  * the following sources are licensed under the **CC0-1.0** license:

NEWS

@@ -67,6 +67,12 @@ CHANGES WITH 258 in spe:
           in v255), 'default-hierarchy' (v256), and 'nscd' (v257) have been
           removed.
 
+        * OpenSSL is the only crypto backend for systemd-resolved and
+          systemd-importd, and support for gnutls and gcrypt has been removed.
+          Hence, support for 'dns-over-tls=gnutls' meson option has been
+          removed. Also, 'cryptolib' meson option has been deprecated, and will
+          be removed in a future release.
+
         Announcements of Future Feature Removals:
 
         * The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() is

README

@@ -240,8 +240,7 @@ REQUIREMENTS:
         libcurl >= 7.32.0 (optional)
         libidn2 or libidn (optional)
         gnutls >= 3.1.4 (optional)
-               >= 3.6.0 is required to support DNS-over-TLS with gnutls
-        openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
+        openssl >= 1.1.0 (optional, required to support DNS-over-TLS)
         p11-kit >= 0.23.3 (optional)
         libfido2 (optional)
         tpm2-tss (optional)

TODO

@@ -1791,7 +1791,6 @@ Features:
   with matches, then activate app through that passing socket over
 
 * unify on openssl:
-  - kill gnutls support in resolved
   - figure out what to do about libmicrohttpd, which has a hard dependency on
     gnutls
   - port fsprg over to a dlopen lib, then switch it to openssl

coccinelle/run-coccinelle.sh

@@ -5,8 +5,7 @@ set -e
 # Exclude following paths from the Coccinelle transformations
 EXCLUDED_PATHS=(
     "src/boot/efi/*"
-    "src/shared/linux/*"
-    "src/basic/linux/*"
+    "src/basic/include/linux/*"
     # Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
     "src/libsystemd/sd-bus/test-bus-vtable.c"
     "src/libsystemd/sd-journal/lookup3.c"

hwdb.d/60-keyboard.hwdb

@@ -383,6 +383,7 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:3:dmi:bvn*:bvr*:bd*:svncube:pni1-T
 ###########################################################
 
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pn*:*
+ KEYBOARD_KEY_68=prog2                                  # G-Mode (Dell-specific)
  KEYBOARD_KEY_81=playpause                              # Play/Pause
  KEYBOARD_KEY_82=stopcd                                 # Stop
  KEYBOARD_KEY_83=previoussong                           # Previous song

man/systemd-ssh-proxy.xml

@@ -24,7 +24,7 @@
 
   <refsynopsisdiv>
     <programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
 </programlisting>
@@ -46,7 +46,7 @@ Host unix/* vsock/* vsock-mux/*
     configuration fragment like the following:</para>
 
     <programlisting>
-Host unix/* vsock/* vsock-mux/*
+Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
     CheckHostIP no
@@ -69,7 +69,9 @@ Host .host
     direct <constant>AF_VSOCK</constant> communication between the host and guests, and provide their own
     multiplexer over <constant>AF_UNIX</constant> sockets. See
     <ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
-    and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.</para>
+    and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.
+    Note that <literal>,</literal> can be used as a separator instead of <literal>/</literal> to be
+    compatible with tools like <literal>scp</literal> and <literal>rsync</literal>.</para>
 
     <para>Moreover, connecting to <literal>.host</literal> will connect to the local host via SSH, without
     involving networking.</para>
@@ -113,6 +115,12 @@ Host .host
 
       <programlisting>ssh unix/run/ssh-unix-local/socket</programlisting>
     </example>
+
+    <example>
+      <title>Copy local 'foo' file to a local VM with CID 1348</title>
+
+      <programlisting>scp foo vsock,1348:</programlisting>
+    </example>
   </refsect1>
 
   <refsect1>

meson.build

@@ -1482,50 +1482,18 @@ endif
 dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips', 'riscv64']
 conf.set10('HAVE_DMI', host_machine.cpu_family() in dmi_arches)
 
-# We support one or the other. If gcrypt is available, we assume it's there to
-# be used, and use it in preference.
-opt = get_option('cryptolib')
-if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
-        error('openssl requested as the default cryptolib, but not available')
-endif
-conf.set10('PREFER_OPENSSL',
-           opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
-conf.set10('HAVE_OPENSSL_OR_GCRYPT',
-           conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
-lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? [libopenssl] : [libgcrypt, libgpg_error]
-
 dns_over_tls = get_option('dns-over-tls')
-if dns_over_tls != 'false'
-        if dns_over_tls == 'gnutls' and conf.get('PREFER_OPENSSL') == 1
-                error('Sorry, -Ddns-over-tls=gnutls is not supported when openssl is used as the cryptolib')
-        endif
-
-        if dns_over_tls == 'gnutls'
-                have_openssl = false
-        else
-                have_openssl = conf.get('HAVE_OPENSSL') == 1
-                if dns_over_tls == 'openssl' and not have_openssl
-                        error('DNS-over-TLS support was requested with openssl, but dependencies are not available')
-                endif
-        endif
-        if dns_over_tls == 'openssl' or have_openssl
-                have_gnutls = false
-        else
-                have_gnutls = conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0')
-                if dns_over_tls != 'auto' and not have_gnutls
-                        str = dns_over_tls == 'gnutls' ? ' with gnutls' : ''
-                        error('DNS-over-TLS support was requested@0@, but dependencies are not available'.format(str))
-                endif
-        endif
-        have = have_gnutls or have_openssl
-else
+have_openssl = conf.get('HAVE_OPENSSL') == 1
+if dns_over_tls == 'false'
         have = false
-        have_gnutls = false
-        have_openssl = false
+elif dns_over_tls == 'auto'
+        have = have_openssl
+elif have_openssl
+        have = true
+else
+        error('DNS-over-TLS support was requested, but OpenSSL support is disabled.')
 endif
 conf.set10('ENABLE_DNS_OVER_TLS', have)
-conf.set10('DNS_OVER_TLS_USE_GNUTLS', have_gnutls)
-conf.set10('DNS_OVER_TLS_USE_OPENSSL', have_openssl)
 
 default_dns_over_tls = get_option('default-dns-over-tls')
 if default_dns_over_tls != 'no' and conf.get('ENABLE_DNS_OVER_TLS') == 0
@@ -1552,8 +1520,8 @@ have = get_option('repart').require(
 conf.set10('ENABLE_REPART', have)
 
 default_dnssec = get_option('default-dnssec')
-if default_dnssec != 'no' and conf.get('HAVE_OPENSSL_OR_GCRYPT') == 0
-        message('default-dnssec cannot be set to yes or allow-downgrade openssl and gcrypt are disabled. Setting default-dnssec to no.')
+if default_dnssec != 'no' and conf.get('HAVE_OPENSSL') == 0
+        message('default-dnssec cannot be set to yes or allow-downgrade when openssl is disabled. Setting default-dnssec to no.')
         default_dnssec = 'no'
 endif
 conf.set('DEFAULT_DNSSEC_MODE',
@@ -1584,7 +1552,7 @@ conf.set10('ENABLE_STORAGETM', get_option('storagetm'))
 
 have = get_option('importd').require(
         conf.get('HAVE_LIBCURL') == 1 and
-        conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and
+        conf.get('HAVE_OPENSSL') == 1 and
         conf.get('HAVE_ZLIB') == 1 and
         conf.get('HAVE_XZ') == 1,
         error_message : 'curl, openssl/grypt, zlib and xz required').allowed()
@@ -2053,11 +2021,18 @@ boot_stubs = []
 
 build_dir_include = include_directories('.')
 
-basic_includes = include_directories(
-        'src/basic',
-        'src/fundamental',
-        'src/systemd',
-        '.')
+basic_includes = [
+        include_directories(
+                'src/basic',
+                'src/fundamental',
+                'src/systemd',
+                '.',
+        ),
+        include_directories(
+                'src/basic/include',
+                is_system : true,
+        ),
+]
 
 libsystemd_includes = [basic_includes, include_directories(
         'src/libsystemd/sd-bus',
@@ -3090,6 +3065,7 @@ foreach tuple : [
 
         # optional features
         ['dmi'],
+        ['DNS-over-TLS'],
         ['idn'],
         ['polkit'],
         ['legacy-pkla',            install_polkit_pkla],
@@ -3154,22 +3130,6 @@ else
         found += 'static-libudev(@0@)'.format(static_libudev)
 endif
 
-if conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and conf.get('PREFER_OPENSSL') == 1
-        found += 'cryptolib(openssl)'
-elif conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1
-        found += 'cryptolib(gcrypt)'
-else
-        missing += 'cryptolib'
-endif
-
-if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
-        found += 'DNS-over-TLS(gnutls)'
-elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1
-        found += 'DNS-over-TLS(openssl)'
-else
-        missing += 'DNS-over-TLS'
-endif
-
 summary({
         'enabled' :  ', '.join(found),
         'disabled' : ', '.join(missing)},

meson_options.txt

@@ -358,7 +358,7 @@ option('default-llmnr', type : 'combo',
        choices : ['yes', 'resolve', 'no'],
        description : 'default LLMNR mode',
        value : 'yes')
-option('dns-over-tls', type : 'combo', choices : ['auto', 'gnutls', 'openssl', 'true', 'false'],
+option('dns-over-tls', type : 'combo', choices : ['auto', 'openssl', 'true', 'false'],
        description : 'DNS-over-TLS support')
 option('dns-servers', type : 'string',
        description : 'space-separated list of default DNS servers',
@@ -434,8 +434,8 @@ option('gnutls', type : 'feature', deprecated : { 'true' : 'enabled', 'false' :
        description : 'gnutls support')
 option('openssl', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'openssl support')
-option('cryptolib', type : 'combo', choices : ['auto', 'openssl', 'gcrypt'],
-       description : 'whether to use openssl or gcrypt where both are supported')
+option('cryptolib', type : 'combo', choices : ['auto', 'openssl'],
+       description : 'This option is deprecated and will be removed in a future release')
 option('p11kit', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'p11kit support')
 option('libfido2', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },

src/ac-power/ac-power.c

@@ -5,6 +5,7 @@
 #include "ansi-color.h"
 #include "battery-util.h"
 #include "build.h"
+#include "log.h"
 #include "main-func.h"
 #include "pretty-print.h"
 

src/analyze/analyze-compare-versions.c

@@ -4,6 +4,7 @@
 
 #include "analyze-compare-versions.h"
 #include "compare-operator.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 #include "strv.h"

src/analyze/analyze-time-data.h

@@ -3,6 +3,7 @@
 
 #include "sd-bus.h"
 
+#include "memory-util.h"
 #include "time-util.h"
 #include "unit-def.h"
 

src/basic/alloc-util.c

@@ -6,7 +6,6 @@
 
 #include "alloc-util.h"
 #include "macro.h"
-#include "memory-util.h"
 
 void* memdup(const void *p, size_t l) {
         void *ret;

src/basic/alloc-util.h

@@ -7,7 +7,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "assert-util.h"
 #include "macro.h"
+#include "memory-util.h"
 
 #if HAS_FEATURE_MEMORY_SANITIZER
 #  include <sanitizer/msan_interface.h>
@@ -266,5 +268,3 @@ _alloc_(2) static inline void *realloc0(void *p, size_t new_size) {
 
         return q;
 }
-
-#include "memory-util.h"

src/basic/argv-util.c

@@ -8,6 +8,7 @@
 #include "argv-util.h"
 #include "capability-util.h"
 #include "errno-util.h"
+#include "log.h"
 #include "missing_sched.h"
 #include "parse-util.h"
 #include "path-util.h"

src/basic/argv-util.h

@@ -3,6 +3,7 @@
 
 #include <stdbool.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 extern int saved_argc;

src/basic/assert-util.c

@@ -0,0 +1,65 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <stdio.h>
+
+#include "assert-util.h"
+#include "errno-util.h"
+#include "log.h"
+
+static bool assert_return_is_critical = BUILD_MODE_DEVELOPER;
+
+/* Akin to glibc's __abort_msg; which is private and we hence cannot
+ * use here. */
+static char *log_abort_msg = NULL;
+
+void log_set_assert_return_is_critical(bool b) {
+        assert_return_is_critical = b;
+}
+
+bool log_get_assert_return_is_critical(void) {
+        return assert_return_is_critical;
+}
+
+static void log_assert(
+        int level,
+        const char *text,
+        const char *file,
+        int line,
+        const char *func,
+        const char *format) {
+
+        static char buffer[LINE_MAX];
+
+        if (_likely_(LOG_PRI(level) > log_get_max_level()))
+                return;
+
+        DISABLE_WARNING_FORMAT_NONLITERAL;
+        (void) snprintf(buffer, sizeof buffer, format, text, file, line, func);
+        REENABLE_WARNING;
+
+        log_abort_msg = buffer;
+
+        log_dispatch_internal(level, 0, file, line, func, NULL, NULL, NULL, NULL, buffer);
+}
+
+_noreturn_ void log_assert_failed(const char *text, const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, text, file, line, func,
+                   "Assertion '%s' failed at %s:%u, function %s(). Aborting.");
+        abort();
+}
+
+_noreturn_ void log_assert_failed_unreachable(const char *file, int line, const char *func) {
+        log_assert(LOG_CRIT, "Code should not be reached", file, line, func,
+                   "%s at %s:%u, function %s(). Aborting. 💥");
+        abort();
+}
+
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func) {
+
+        if (assert_return_is_critical)
+                log_assert_failed(text, file, line, func);
+
+        PROTECT_ERRNO;
+        log_assert(LOG_DEBUG, text, file, line, func,
+                   "Assertion '%s' failed at %s:%u, function %s(), ignoring.");
+}

src/basic/assert-util.h

@@ -0,0 +1,84 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "assert-fundamental.h"
+#include "macro.h"
+
+/* Logging for various assertions */
+
+void log_set_assert_return_is_critical(bool b);
+bool log_get_assert_return_is_critical(void) _pure_;
+
+_noreturn_ void log_assert_failed(const char *text, const char *file, int line, const char *func);
+_noreturn_ void log_assert_failed_unreachable(const char *file, int line, const char *func);
+void log_assert_failed_return(const char *text, const char *file, int line, const char *func);
+
+#ifdef __COVERITY__
+
+/* Use special definitions of assertion macros in order to prevent
+ * false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer
+ * for uses of assert_se() and assert_return().
+ *
+ * These definitions make expression go through a (trivial) function
+ * call to ensure they are not discarded. Also use ! or !! to ensure
+ * the boolean expressions are seen as such.
+ *
+ * This technique has been described and recommended in:
+ * https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects
+ */
+
+extern void __coverity_panic__(void);
+
+static inline void __coverity_check__(int condition) {
+        if (!condition)
+                __coverity_panic__();
+}
+
+static inline int __coverity_check_and_return__(int condition) {
+        return condition;
+}
+
+#define assert_message_se(expr, message) __coverity_check__(!!(expr))
+
+#define assert_log(expr, message) __coverity_check_and_return__(!!(expr))
+
+#else  /* ! __COVERITY__ */
+
+#define assert_message_se(expr, message)                                \
+        do {                                                            \
+                if (_unlikely_(!(expr)))                                \
+                        log_assert_failed(message, PROJECT_FILE, __LINE__, __func__); \
+        } while (false)
+
+#define assert_log(expr, message) ((_likely_(expr))                     \
+        ? (true)                                                        \
+        : (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __func__), false))
+
+#endif  /* __COVERITY__ */
+
+#define assert_se(expr) assert_message_se(expr, #expr)
+
+/* We override the glibc assert() here. */
+#undef assert
+#ifdef NDEBUG
+#define assert(expr) ({ if (!(expr)) __builtin_unreachable(); })
+#else
+#define assert(expr) assert_message_se(expr, #expr)
+#endif
+
+#define assert_not_reached()                                            \
+        log_assert_failed_unreachable(PROJECT_FILE, __LINE__, __func__)
+
+#define assert_return(expr, r)                                          \
+        do {                                                            \
+                if (!assert_log(expr, #expr))                           \
+                        return (r);                                     \
+        } while (false)
+
+#define assert_return_errno(expr, r, err)                               \
+        do {                                                            \
+                if (!assert_log(expr, #expr)) {                         \
+                        errno = err;                                    \
+                        return (r);                                     \
+                }                                                       \
+        } while (false)

src/basic/build.c

@@ -6,6 +6,7 @@
 #include "ansi-color.h"
 #include "build.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 #include "terminal-util.h"

src/basic/cap-list.c

@@ -8,6 +8,7 @@
 #include "capability-util.h"
 #include "cap-list.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "stdio-util.h"

src/basic/capability-util.c

@@ -20,6 +20,7 @@
 #include "macro.h"
 #include "parse-util.h"
 #include "pidref.h"
+#include "process-util.h"
 #include "stat-util.h"
 #include "user-util.h"
 

src/basic/chattr-util.c

@@ -10,6 +10,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 

src/basic/compress.c

@@ -27,6 +27,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "sparse-endian.h"
 #include "string-table.h"

src/basic/confidential-virt.c

@@ -14,6 +14,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "log.h"
 #include "string-table.h"
 #include "utf8.h"
 

src/basic/dlfcn-util.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "dlfcn-util.h"
+#include "log.h"
 
 static int dlsym_many_or_warnv(void *dl, int log_level, va_list ap) {
         void (**fn)(void);

src/basic/dlfcn-util.h

@@ -3,6 +3,7 @@
 
 #include <dlfcn.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 static inline void* safe_dlclose(void *dl) {

src/basic/efivars.c

@@ -15,6 +15,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "memory-util.h"
 #include "missing_fs.h"

src/basic/env-file.c

@@ -7,6 +7,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "log.h"
 #include "string-util.h"
 #include "strv.h"
 #include "tmpfile-util.h"

src/basic/env-util.c

@@ -11,6 +11,7 @@
 #include "errno-util.h"
 #include "escape.h"
 #include "extract-word.h"
+#include "log.h"
 #include "macro.h"
 #include "parse-util.h"
 #include "path-util.h"

src/basic/errno-util.h

@@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "assert-util.h"
 #include "macro.h"
 
 /* strerror(3) says that glibc uses a maximum length of 1024 bytes. */

src/basic/ether-addr-util.c

@@ -8,6 +8,7 @@
 
 #include "ether-addr-util.h"
 #include "hexdecoct.h"
+#include "log.h"
 #include "macro.h"
 #include "string-util.h"
 

src/basic/fd-util.c

@@ -15,6 +15,7 @@
 #include "fileio.h"
 #include "fs-util.h"
 #include "io-util.h"
+#include "log.h"
 #include "macro.h"
 #include "missing_fcntl.h"
 #include "missing_fs.h"

src/basic/fd-util.h

@@ -8,6 +8,7 @@
 #include <sys/socket.h>
 
 #include "macro.h"
+#include "memory-util.h"
 #include "missing_fcntl.h"
 #include "stdio-util.h"
 

src/basic/format-ifname.c

@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include "format-ifname.h"
+#include "log.h"
+#include "stdio-util.h"
 #include "string-util.h"
 
 assert_cc(STRLEN("%") + DECIMAL_STR_MAX(int) <= IF_NAMESIZE);

src/basic/gcrypt-util.c

@@ -4,6 +4,7 @@
 
 #include "gcrypt-util.h"
 #include "hexdecoct.h"
+#include "log.h"
 
 static void *gcrypt_dl = NULL;
 
@@ -105,39 +106,4 @@ int initialize_libgcrypt(bool secmem) {
 
         return 0;
 }
-
-#  if !PREFER_OPENSSL
-int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
-        _cleanup_(sym_gcry_md_closep) gcry_md_hd_t md = NULL;
-        gcry_error_t err;
-        size_t hash_size;
-        void *hash;
-        char *enc;
-        int r;
-
-        r = initialize_libgcrypt(false);
-        if (r < 0)
-                return r;
-
-        hash_size = sym_gcry_md_get_algo_dlen(md_algorithm);
-        assert(hash_size > 0);
-
-        err = sym_gcry_md_open(&md, md_algorithm, 0);
-        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
-                return -EIO;
-
-        sym_gcry_md_write(md, s, len);
-
-        hash = sym_gcry_md_read(md, 0);
-        if (!hash)
-                return -EIO;
-
-        enc = hexmem(hash, hash_size);
-        if (!enc)
-                return -ENOMEM;
-
-        *out = enc;
-        return 0;
-}
-#  endif
 #endif

src/basic/gcrypt-util.h

@@ -11,6 +11,7 @@
 
 #include "dlfcn-util.h"
 #include "macro.h"
+#include "memory-util.h"
 
 extern DLSYM_PROTOTYPE(gcry_md_close);
 extern DLSYM_PROTOTYPE(gcry_md_copy);
@@ -63,25 +64,3 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gcry_md_hd_t, gcry_md_close, NULL);
                 (h__)->buf[(h__)->bufpos++] = (c) & 0xff;  \
         } while(false)
 #endif
-
-#if !PREFER_OPENSSL
-#  if HAVE_GCRYPT
-int string_hashsum(const char *s, size_t len, int md_algorithm, char **out);
-#  endif
-
-static inline int string_hashsum_sha224(const char *s, size_t len, char **out) {
-#  if HAVE_GCRYPT
-        return string_hashsum(s, len, GCRY_MD_SHA224, out);
-#  else
-        return -EOPNOTSUPP;
-#  endif
-}
-
-static inline int string_hashsum_sha256(const char *s, size_t len, char **out) {
-#  if HAVE_GCRYPT
-        return string_hashsum(s, len, GCRY_MD_SHA256, out);
-#  else
-        return -EOPNOTSUPP;
-#  endif
-}
-#endif

src/basic/glob-util.c

@@ -8,6 +8,7 @@
 #include "dirent-util.h"
 #include "errno-util.h"
 #include "glob-util.h"
+#include "log.h"
 #include "macro.h"
 #include "path-util.h"
 #include "strv.h"

src/basic/hashmap.c

@@ -12,6 +12,7 @@
 #include "alloc-util.h"
 #include "fileio.h"
 #include "hashmap.h"
+#include "log.h"
 #include "logarithm.h"
 #include "macro.h"
 #include "memory-util.h"
@@ -912,24 +913,20 @@ static void hashmap_free_no_clear(HashmapBase *h) {
                 free(h);
 }
 
-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+HashmapBase* _hashmap_free(HashmapBase *h) {
         if (h) {
-                _hashmap_clear(h, default_free_key, default_free_value);
+                _hashmap_clear(h);
                 hashmap_free_no_clear(h);
         }
 
         return NULL;
 }
 
-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
-        free_func_t free_key, free_value;
+void _hashmap_clear(HashmapBase *h) {
         if (!h)
                 return;
 
-        free_key = h->hash_ops->free_key ?: default_free_key;
-        free_value = h->hash_ops->free_value ?: default_free_value;
-
-        if (free_key || free_value) {
+        if (h->hash_ops->free_key || h->hash_ops->free_value) {
 
                 /* If destructor calls are defined, let's destroy things defensively: let's take the item out of the
                  * hash table, and only then call the destructor functions. If these destructors then try to unregister
@@ -941,11 +938,11 @@ void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t de
 
                         v = _hashmap_first_key_and_value(h, true, &k);
 
-                        if (free_key)
-                                free_key(k);
+                        if (h->hash_ops->free_key)
+                                h->hash_ops->free_key(k);
 
-                        if (free_value)
-                                free_value(v);
+                        if (h->hash_ops->free_value)
+                                h->hash_ops->free_value(v);
                 }
         }
 
@@ -1780,7 +1777,7 @@ HashmapBase* _hashmap_copy(HashmapBase *h  HASHMAP_DEBUG_PARAMS) {
         }
 
         if (r < 0)
-                return _hashmap_free(copy, NULL, NULL);
+                return _hashmap_free(copy);
 
         return copy;
 }

src/basic/hashmap.h

@@ -93,12 +93,12 @@ OrderedHashmap* _ordered_hashmap_new(const struct hash_ops *hash_ops  HASHMAP_DE
 #define ordered_hashmap_free_and_replace(a, b)                  \
         free_and_replace_full(a, b, ordered_hashmap_free)
 
-HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
+HashmapBase* _hashmap_free(HashmapBase *h);
 static inline Hashmap* hashmap_free(Hashmap *h) {
-        return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
+        return (void*) _hashmap_free(HASHMAP_BASE(h));
 }
 static inline OrderedHashmap* ordered_hashmap_free(OrderedHashmap *h) {
-        return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
+        return (void*) _hashmap_free(HASHMAP_BASE(h));
 }
 
 IteratedCache* iterated_cache_free(IteratedCache *cache);
@@ -266,12 +266,12 @@ static inline bool ordered_hashmap_iterate(OrderedHashmap *h, Iterator *i, void
         return _hashmap_iterate(HASHMAP_BASE(h), i, value, key);
 }
 
-void _hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
+void _hashmap_clear(HashmapBase *h);
 static inline void hashmap_clear(Hashmap *h) {
-        _hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(h));
 }
 static inline void ordered_hashmap_clear(OrderedHashmap *h) {
-        _hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
+        _hashmap_clear(HASHMAP_BASE(h));
 }
 
 /*
@@ -331,27 +331,6 @@ static inline void *ordered_hashmap_first_key(OrderedHashmap *h) {
         return _hashmap_first_key(HASHMAP_BASE(h), false);
 }
 
-#define hashmap_clear_with_destructor(h, f)                     \
-        ({                                                      \
-                Hashmap *_h = (h);                              \
-                void *_item;                                    \
-                while ((_item = hashmap_steal_first(_h)))       \
-                        f(_item);                               \
-                _h;                                             \
-        })
-#define hashmap_free_with_destructor(h, f)                      \
-        hashmap_free(hashmap_clear_with_destructor(h, f))
-#define ordered_hashmap_clear_with_destructor(h, f)                     \
-        ({                                                              \
-                OrderedHashmap *_h = (h);                               \
-                void *_item;                                            \
-                while ((_item = ordered_hashmap_steal_first(_h)))       \
-                        f(_item);                                       \
-                _h;                                                     \
-        })
-#define ordered_hashmap_free_with_destructor(h, f)                      \
-        ordered_hashmap_free(ordered_hashmap_clear_with_destructor(h, f))
-
 /* no hashmap_next */
 void* ordered_hashmap_next(OrderedHashmap *h, const void *key);
 

src/basic/hostname-util.c

@@ -10,6 +10,7 @@
 #include "alloc-util.h"
 #include "env-file.h"
 #include "hostname-util.h"
+#include "log.h"
 #include "os-util.h"
 #include "string-util.h"
 #include "strv.h"