man/nss-myhostname.xml

@@ -67,13 +67,9 @@
     <para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with
     <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>myhostname</literal> either between <literal>resolve</literal>
-    and "traditional" modules like <literal>files</literal> and <literal>dns</literal>, or after them. In the
-    first version, well-known names like <literal>localhost</literal> and the machine hostname are given
-    higher priority than the external configuration. This is recommended when the external DNS servers and
-    network are not absolutely trusted. In the second version, external configuration is given higher
-    priority and <command>nss-myhostname</command> only provides a fallback mechanism. This might be suitable
-    in closely controlled networks, for example on a company LAN.</para>
+    <para>It is recommended to place <literal>myhostname</literal> last in the <filename>nsswitch.conf</filename>'
+    <literal>hosts:</literal> line to make sure that this mapping is only used as fallback, and that any DNS or
+    <filename>/etc/hosts</filename> based mapping takes precedence.</para>
   </refsect1>
 
   <refsect1>
@@ -87,10 +83,7 @@
 group:          compat mymachines systemd
 shadow:         compat
 
-# Either (untrusted network):
-hosts:          mymachines resolve [!UNAVAIL=return] <command>myhostname</command> files dns
-# Or (only trusted networks):
-hosts:          mymachines resolve [!UNAVAIL=return] files dns <command>myhostname</command>
+hosts:          files mymachines resolve [!UNAVAIL=return] dns <command>myhostname</command>
 networks:       files
 
 protocols:      db files

man/nss-mymachines.xml

@@ -69,7 +69,7 @@
 group:          compat <command>mymachines</command> systemd
 shadow:         compat
 
-hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
+hosts:          files <command>mymachines</command> resolve [!UNAVAIL=return] dns myhostname
 networks:       files
 
 protocols:      db files

man/nss-resolve.xml

@@ -34,15 +34,14 @@
     name resolution service. It replaces the <command>nss-dns</command> plug-in module that traditionally resolves
     hostnames via DNS.</para>
 
-    <para>To activate the NSS module, add <literal>resolve [!UNAVAIL=return]</literal> to the line starting
-    with <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>. Specifically, it is
-    recommended to place <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>'s
-    <literal>hosts:</literal> line. It should be before the <literal>files</literal> entry, since
-    <filename>systemd-resolved</filename> supports <filename>/etc/hosts</filename> internally, but with
-    caching. To the contrary, it should be after <literal>mymachines</literal>, to give hostnames given to
-    local VMs and containers precedence over names received over DNS. Finally, we recommend placing
-    <literal>dns</literal> somewhere after <literal>resolve</literal>, to fall back to
-    <command>nss-dns</command> if <filename>systemd-resolved.service</filename> is not available.</para>
+    <para>To activate the NSS module, add <literal>resolve</literal> to the line starting with
+    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>. Specifically, it is recommended to place
+    <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>'s <literal>hosts:</literal> line (but
+    after the <literal>files</literal> or <literal>mymachines</literal> entries), right before the
+    <literal>dns</literal> entry if it exists, followed by <literal>[!UNAVAIL=return]</literal>, to ensure DNS queries
+    are always routed via
+    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> if it is
+    running, but are routed to <command>nss-dns</command> if this service is not available.</para>
 
     <para>Note that <command>systemd-resolved</command> will synthesize DNS resource
     records in a few cases, for example for <literal>localhost</literal> and the
@@ -67,7 +66,7 @@
 group:          compat mymachines systemd
 shadow:         compat
 
-hosts:          mymachines <command>resolve [!UNAVAIL=return]</command> myhostname files dns
+hosts:          files mymachines <command>resolve [!UNAVAIL=return]</command> dns myhostname
 networks:       files
 
 protocols:      db files

man/nss-systemd.xml

@@ -65,7 +65,7 @@
 group:          compat [SUCCESS=merge] mymachines [SUCCESS=merge] <command>systemd</command>
 shadow:         compat
 
-hosts:          mymachines resolve [!UNAVAIL=return] myhostname files dns
+hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
 networks:       files
 
 protocols:      db files

meson.build

@@ -1714,7 +1714,7 @@ exe = executable('systemd-analyze',
                                  libmount,
                                  libblkid],
                  install_rpath : rootlibexecdir,
-                 install : get_option('analyze'))
+                 install : true)
 public_programs += exe
 
 executable('systemd-journald',
@@ -3500,8 +3500,6 @@ foreach tuple : [
         ['link-systemctl-shared', get_option('link-systemctl-shared')],
         ['link-networkd-shared',  get_option('link-networkd-shared')],
         ['link-timesyncd-shared', get_option('link-timesyncd-shared')],
-        ['kernel-install',        get_option('kernel-install')],
-        ['systemd-analyze',       get_option('analyze')],
 ]
 
         if tuple.length() >= 2

meson_options.txt

@@ -363,6 +363,4 @@ option('oss-fuzz', type : 'boolean', value : 'false',
 option('llvm-fuzz', type : 'boolean', value : 'false',
        description : 'build against LLVM libFuzzer')
 option('kernel-install', type: 'boolean', value: 'true',
-       description : 'install kernel-install and associated files')
-option('analyze', type: 'boolean', value: 'true',
-       description : 'install systemd-analyze')
+       description : 'include kernel-install feature')

src/core/manager.c

@@ -2931,10 +2931,12 @@ int manager_loop(Manager *m) {
                 if (manager_dispatch_dbus_queue(m) > 0)
                         continue;
 
-                /* Sleep for watchdog runtime wait time */
-                if (MANAGER_IS_SYSTEM(m))
-                        wait_usec = watchdog_runtime_wait();
-                else
+                /* Sleep for half the watchdog time */
+                if (timestamp_is_set(m->runtime_watchdog) && MANAGER_IS_SYSTEM(m)) {
+                        wait_usec = m->runtime_watchdog / 2;
+                        if (wait_usec <= 0)
+                                wait_usec = 1;
+                } else
                         wait_usec = USEC_INFINITY;
 
                 r = sd_event_run(m->event, wait_usec);

src/login/loginctl.c

@@ -825,15 +825,7 @@ static int show_properties(sd_bus *bus, const char *path, bool *new_line) {
 
         *new_line = true;
 
-        r = bus_print_all_properties(
-                        bus,
-                        "org.freedesktop.login1",
-                        path,
-                        print_property,
-                        arg_property,
-                        arg_value,
-                        arg_all,
-                        NULL);
+        r = bus_print_all_properties(bus, "org.freedesktop.login1", path, print_property, arg_property, arg_value, arg_all, NULL);
         if (r < 0)
                 return bus_log_parse_error(r);
 
@@ -1355,6 +1347,7 @@ static int help(int argc, char *argv[], void *userdata) {
 }
 
 static int parse_argv(int argc, char *argv[]) {
+
         enum {
                 ARG_VERSION = 0x100,
                 ARG_VALUE,
@@ -1493,6 +1486,7 @@ static int parse_argv(int argc, char *argv[]) {
 }
 
 static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
+
         static const Verb verbs[] = {
                 { "help",              VERB_ANY, VERB_ANY, 0,            help              },
                 { "list-sessions",     VERB_ANY, 1,        VERB_DEFAULT, list_sessions     },

src/login/logind-dbus.c

@@ -3170,12 +3170,6 @@ static int method_set_wall_message(
         if (r < 0)
                 return r;
 
-        /* Short-circuit the operation if the desired state is already in place, to
-         * avoid an unnecessary polkit permission check. */
-        if (streq_ptr(m->wall_message, empty_to_null(wall_message)) &&
-            m->enable_wall_messages == enable_wall_messages)
-                goto done;
-
         r = bus_verify_polkit_async(message,
                                     CAP_SYS_ADMIN,
                                     "org.freedesktop.login1.set-wall-message",
@@ -3195,7 +3189,6 @@ static int method_set_wall_message(
 
         m->enable_wall_messages = enable_wall_messages;
 
- done:
         return sd_bus_reply_method_return(message, NULL);
 }
 

src/resolve/resolved-resolv-conf.c

@@ -283,9 +283,9 @@ static int write_uplink_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSe
               "# This is a dynamic resolv.conf file for connecting local clients directly to\n"
               "# all known uplink DNS servers. This file lists all configured search domains.\n"
               "#\n"
-              "# Third party programs should typically not access this file directly, but only\n"
-              "# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a\n"
-              "# different way, replace this symlink by a static file or a different symlink.\n"
+              "# Third party programs must not access this file directly, but only through the\n"
+              "# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,\n"
+              "# replace this symlink by a static file or a different symlink.\n"
               "#\n"
               "# See man:systemd-resolved.service(8) for details about the supported modes of\n"
               "# operation for /etc/resolv.conf.\n"
@@ -308,24 +308,24 @@ static int write_uplink_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSe
 }
 
 static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet *domains) {
-        fputs("# This file is managed by man:systemd-resolved(8). Do not edit.\n"
-              "#\n"
-              "# This is a dynamic resolv.conf file for connecting local clients to the\n"
-              "# internal DNS stub resolver of systemd-resolved. This file lists all\n"
-              "# configured search domains.\n"
-              "#\n"
-              "# Run \"resolvectl status\" to see details about the uplink DNS servers\n"
-              "# currently in use.\n"
-              "#\n"
-              "# Third party programs should typically not access this file directly, but only\n"
-              "# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a\n"
-              "# different way, replace this symlink by a static file or a different symlink.\n"
-              "#\n"
-              "# See man:systemd-resolved.service(8) for details about the supported modes of\n"
-              "# operation for /etc/resolv.conf.\n"
-              "\n"
-              "nameserver 127.0.0.53\n"
-              "options edns0\n", f);
+        fputs_unlocked("# This file is managed by man:systemd-resolved(8). Do not edit.\n"
+                       "#\n"
+                       "# This is a dynamic resolv.conf file for connecting local clients to the\n"
+                       "# internal DNS stub resolver of systemd-resolved. This file lists all\n"
+                       "# configured search domains.\n"
+                       "#\n"
+                       "# Run \"resolvectl status\" to see details about the uplink DNS servers\n"
+                       "# currently in use.\n"
+                       "#\n"
+                       "# Third party programs must not access this file directly, but only through the\n"
+                       "# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,\n"
+                       "# replace this symlink by a static file or a different symlink.\n"
+                       "#\n"
+                       "# See man:systemd-resolved.service(8) for details about the supported modes of\n"
+                       "# operation for /etc/resolv.conf.\n"
+                       "\n"
+                       "nameserver 127.0.0.53\n"
+                       "options edns0\n", f);
 
         if (!ordered_set_isempty(domains))
                 write_resolv_conf_search(domains, f);

src/shared/watchdog.c

@@ -16,7 +16,6 @@
 static int watchdog_fd = -1;
 static char *watchdog_device = NULL;
 static usec_t watchdog_timeout = USEC_INFINITY;
-static usec_t watchdog_last_ping = USEC_INFINITY;
 
 static int update_timeout(void) {
         int r;
@@ -58,8 +57,6 @@ static int update_timeout(void) {
                 r = ioctl(watchdog_fd, WDIOC_KEEPALIVE, 0);
                 if (r < 0)
                         return log_warning_errno(errno, "Failed to ping hardware watchdog: %m");
-
-                watchdog_last_ping = now(clock_boottime_or_monotonic());
         }
 
         return 0;
@@ -117,38 +114,9 @@ int watchdog_set_timeout(usec_t *usec) {
         return r;
 }
 
-usec_t watchdog_runtime_wait(void) {
-        usec_t rtwait;
-        usec_t ntime;
-
-        if (!timestamp_is_set(watchdog_timeout))
-                return USEC_INFINITY;
-
-        /* Sleep half the watchdog timeout since the last succesful ping at most */
-        if (timestamp_is_set(watchdog_last_ping)) {
-                ntime = now(clock_boottime_or_monotonic());
-                assert(ntime >= watchdog_last_ping);
-                rtwait = usec_sub_unsigned(watchdog_last_ping + (watchdog_timeout / 2), ntime);
-        } else
-                rtwait = watchdog_timeout / 2;
-
-        return rtwait;
-}
-
 int watchdog_ping(void) {
-        usec_t ntime;
         int r;
 
-        ntime = now(clock_boottime_or_monotonic());
-
-        /* Never ping earlier than watchdog_timeout/4 and try to ping
-         * by watchdog_timeout/2 plus scheduling latencies the latest */
-        if (timestamp_is_set(watchdog_last_ping)) {
-                assert(ntime >= watchdog_last_ping);
-                if ((ntime - watchdog_last_ping) < (watchdog_timeout / 4))
-                        return 0;
-        }
-
         if (watchdog_fd < 0) {
                 r = open_watchdog();
                 if (r < 0)
@@ -159,8 +127,6 @@ int watchdog_ping(void) {
         if (r < 0)
                 return log_warning_errno(errno, "Failed to ping hardware watchdog: %m");
 
-        watchdog_last_ping = ntime;
-
         return 0;
 }
 

src/shared/watchdog.h

@@ -10,7 +10,6 @@ int watchdog_set_device(char *path);
 int watchdog_set_timeout(usec_t *usec);
 int watchdog_ping(void);
 void watchdog_close(bool disarm);
-usec_t watchdog_runtime_wait(void);
 
 static inline void watchdog_free_device(void) {
         (void) watchdog_set_device(NULL);

test/test-functions

@@ -879,7 +879,7 @@ install_execs() {
          # also, plymouth is pulled in by rescue.service, but even there the exit code
          # is ignored; as it's not present on some distros, don't fail if it doesn't exist
          dinfo "Attempting to install $i"
-         inst $i || [ "${i%.local}" != "$i" ] || [ "${i%systemd-update-done}" != "$i" ] || [ "${i##*/}" == "plymouth" ]
+         inst $i || [ "${i%.local}" != "$i" ] || [ "${i%systemd-update-done}" != "$i" ] || [ "/bin/plymouth" == "$i" ]
      done
     )
 }

units/emergency.service.in

@@ -19,7 +19,7 @@ Before=rescue.service
 [Service]
 Environment=HOME=/root
 WorkingDirectory=-/root
-ExecStartPre=-@rootbindir@/plymouth --wait quit
+ExecStartPre=-/bin/plymouth --wait quit
 ExecStart=-@rootlibexecdir@/systemd-sulogin-shell emergency
 Type=idle
 StandardInput=tty-force

units/rescue.service.in

@@ -18,7 +18,7 @@ Before=shutdown.target
 [Service]
 Environment=HOME=/root
 WorkingDirectory=-/root
-ExecStartPre=-@rootbindir@/plymouth --wait quit
+ExecStartPre=-/bin/plymouth --wait quit
 ExecStart=-@rootlibexecdir@/systemd-sulogin-shell rescue
 Type=idle
 StandardInput=tty-force