NEWS: fix typo

Follow-up for 644b6041d45ffbee3ad0848d72a417bb4559e1ae.

.github/workflows/build-test.yml

@@ -36,6 +36,8 @@ jobs:
             runner: [ ubuntu-24.04-ppc64le ]
           - env: { COMPILER: "gcc",   COMPILER_VERSION: "13", LINKER: "mold"  }
             runner: [ ubuntu-24.04-arm ]
+          - env: { COMPILER: "clang", COMPILER_VERSION: "18", LINKER: "lld"  }
+            runner: [ ubuntu-24.04-s390x ]
     env: ${{ matrix.env }}
     steps:
       - name: Repository checkout

.github/workflows/unit-tests.yml

@@ -29,11 +29,15 @@ jobs:
             runner: ubuntu-24.04-arm
           - run_phase: GCC
             runner: ubuntu-24.04-ppc64le
+          - run_phase: GCC
+            runner: ubuntu-24.04-s390x
           - run_phase: CLANG
           - run_phase: CLANG
             runner: ubuntu-24.04-arm
           - run_phase: CLANG
             runner: ubuntu-24.04-ppc64le
+          - run_phase: CLANG
+            runner: ubuntu-24.04-s390x
     steps:
       - name: Repository checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

NEWS

@@ -148,6 +148,16 @@ CHANGES WITH 258 in spe:
           - The concept of runlevels has been removed, so runlevel transitions
             are no longer recorded in the utmp/wtmp databases.
 
+        * Support for traditional /forcefsck and /fastboot files to control
+          execution mode of fsck on boot has been removed from systemd-fsck. To
+          control the mode, please use the fsck.mode= kernel command line option
+          or newly introduced fsck.mode credential.
+
+        * Support for traditional /forcequotacheck file to control execution
+          mode of quotacheck on boot has been removed from systemd-quotacheck.
+          To control the mode, please use the quotacheck.mode= kernel command
+          line option of newly introduced quotacheck.mode credential.
+
         Announcements of Future Feature Removals:
 
         * Support for System V service scripts is deprecated and will be
@@ -1400,6 +1410,12 @@ CHANGES WITH 258 in spe:
           once boot-up is complete will tell you how to connect to the system
           via SSH, if that's available.
 
+        * systemd-fsck gained fsck.mode and fsck.repair credentials support to
+          control the execution mode of fsck.
+
+        * systemd-quotacheck gained quotacheck.mode credential support to
+          control the execution mode of quotacheck.
+
         — <place>, <date>
 
 CHANGES WITH 257:

man/kernel-command-line.xml

@@ -275,7 +275,7 @@
         <listitem>
           <para>Parameter understood by the file quota checker
           service. For details, see
-          <citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+          <citerefentry><refentrytitle>systemd-quotacheck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
 
           <xi:include href="version-info.xml" xpointer="v186"/>
         </listitem>
@@ -820,7 +820,7 @@
         <member><citerefentry><refentrytitle>smbios-type-11</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
         <member><citerefentry><refentrytitle>systemd-debug-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
         <member><citerefentry><refentrytitle>systemd-fsck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
-        <member><citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+        <member><citerefentry><refentrytitle>systemd-quotacheck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
         <member><citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
         <member><citerefentry><refentrytitle>systemd-vconsole-setup.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
         <member><citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>

man/rules/meson.build

@@ -1086,9 +1086,9 @@ manpages = [
   ''],
  ['systemd-pstore.service', '8', ['systemd-pstore'], 'ENABLE_PSTORE'],
  ['systemd-pty-forward', '1', [], ''],
- ['systemd-quotacheck.service',
+ ['systemd-quotacheck@.service',
   '8',
-  ['systemd-quotacheck'],
+  ['systemd-quotacheck', 'systemd-quotacheck-root.service'],
   'ENABLE_QUOTACHECK'],
  ['systemd-random-seed.service',
   '8',

man/systemd-fsck@.service.xml

@@ -110,12 +110,40 @@
     </variablelist>
   </refsect1>
 
+  <refsect1>
+    <title>Credentials</title>
+
+    <para><command>systemd-fsck</command> supports the service credentials logic as implemented by
+    <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
+    (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+    details). The following credentials are used when passed in:</para>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>fsck.mode</varname></term>
+        <term><varname>fsck.repair</varname></term>
+
+        <listitem>
+          <para>The contents of the credentials are parsed as same as the kernel command line options with
+          the same name. See above for more details.</para>
+
+          <xi:include href="version-info.xml" xpointer="v258"/>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>Note that by default the <filename>systemd-fsck@.service</filename>,
+    <filename>systemd-fsck-root.service</filename>, and <filename>systemd-fsck-usr.service</filename> unit
+    files are set up to inherit both <varname>fsck.mode</varname> and <varname>fsck.repair</varname>
+    credentials from the service manager.</para>
+  </refsect1>
+
   <refsect1>
     <title>See Also</title>
     <para><simplelist type="inline">
       <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
       <member><citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
-      <member><citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+      <member><citerefentry><refentrytitle>systemd-quotacheck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry project='url'><refentrytitle url='https://btrfs.readthedocs.io/en/latest/fsck.btrfs.html'>fsck.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry project='man-pages'><refentrytitle>fsck.cramfs</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
       <member><citerefentry project='man-pages'><refentrytitle>fsck.ext4</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>

man/systemd-quotacheck@.service.xml

@@ -3,37 +3,39 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
-<refentry id="systemd-quotacheck.service" conditional='ENABLE_QUOTACHECK'
+<refentry id="systemd-quotacheck_.service" conditional='ENABLE_QUOTACHECK'
           xmlns:xi="http://www.w3.org/2001/XInclude">
 
   <refentryinfo>
-    <title>systemd-quotacheck.service</title>
+    <title>systemd-quotacheck@.service</title>
     <productname>systemd</productname>
   </refentryinfo>
 
   <refmeta>
-    <refentrytitle>systemd-quotacheck.service</refentrytitle>
+    <refentrytitle>systemd-quotacheck@.service</refentrytitle>
     <manvolnum>8</manvolnum>
   </refmeta>
 
   <refnamediv>
-    <refname>systemd-quotacheck.service</refname>
+    <refname>systemd-quotacheck@.service</refname>
+    <refname>systemd-quotacheck-root.service</refname>
     <refname>systemd-quotacheck</refname>
     <refpurpose>File system quota checker logic</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
-    <para><filename>systemd-quotacheck.service</filename></para>
+    <para><filename>systemd-quotacheck@.service</filename></para>
+    <para><filename>systemd-quotacheck-root.service</filename></para>
     <para><filename>/usr/lib/systemd/systemd-quotacheck</filename></para>
   </refsynopsisdiv>
 
   <refsect1>
     <title>Description</title>
 
-    <para><filename>systemd-quotacheck.service</filename> is a service
+    <para><filename>systemd-quotacheck@.service</filename> and
-    responsible for file system quota checks. It is run once at boot
+    <filename>systemd-quotacheck-root.service</filename> are services responsible for file system quota
-    after all necessary file systems are mounted. It is pulled in only
+    checks. They run once at boot after all necessary file systems are mounted. They are pulled in only if at
-    if at least one file system has quotas enabled.</para>
+    least one file system has quotas enabled.</para>
   </refsect1>
 
   <refsect1>
@@ -60,6 +62,32 @@
     </variablelist>
   </refsect1>
 
+  <refsect1>
+    <title>Credentials</title>
+
+    <para><command>systemd-quotacheck</command> supports the service credentials logic as implemented by
+    <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
+    (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+    details). The following credentials are used when passed in:</para>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>quotacheck.mode</varname></term>
+
+        <listitem>
+          <para>The contents of the credential is parsed as same as the kernel command line option with the
+          same name. See above for more details.</para>
+
+          <xi:include href="version-info.xml" xpointer="v258"/>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>Note that by default the <filename>systemd-quotacheck@.service</filename> and
+    <filename>systemd-quotacheck-root.service</filename> unit files are set up to inherit
+    <varname>quotacheck.mode</varname> credential from the service manager.</para>
+  </refsect1>
+
   <refsect1>
     <title>See Also</title>
     <para><simplelist type="inline">

man/systemd.mount.xml

@@ -111,7 +111,7 @@
 
         <listitem><para>If traditional file system quota is enabled for a mount unit, automatic
         <varname>Wants=</varname> and <varname>Before=</varname> dependencies on
-        <filename>systemd-quotacheck.service</filename> and <filename>quotaon.service</filename>
+        <filename>systemd-quotacheck@.service</filename> and <filename>quotaon@.service</filename>
         are added.</para></listitem>
 
         <listitem><para>Additional implicit dependencies may be added as result of execution and

man/systemd.system-credentials.xml

@@ -510,6 +510,33 @@
           <xi:include href="version-info.xml" xpointer="v258"/>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><varname>fsck.*</varname></term>
+
+        <listitem>
+          <para>Read by <filename>systemd-fsck@.service</filename>,
+          <filename>systemd-fsck-root.service</filename>, and <filename>systemd-fsck-usr.service</filename>.
+          See
+          <citerefentry><refentrytitle>systemd-fsck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          for more details.</para>
+
+          <xi:include href="version-info.xml" xpointer="v258"/>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>quotacheck.*</varname></term>
+
+        <listitem>
+          <para>Read by <filename>systemd-quotacheck@.service</filename> and
+          <filename>systemd-quotacheck-root.service</filename>. See
+          <citerefentry><refentrytitle>systemd-quotacheck</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          for more details.</para>
+
+          <xi:include href="version-info.xml" xpointer="v258"/>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf.d/pkgenv.conf

@@ -5,5 +5,5 @@ Environment=
         GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
         GIT_SUBDIR=debian
         GIT_BRANCH=debian/master
-        GIT_COMMIT=a8ad8e30e70c0b82ecb8fe016f2dde3a084236f0
+        GIT_COMMIT=61144ff7a6747bd3cc6340fbac38a8e15e9a239b
         PKG_SUBDIR=debian

mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot

@@ -22,7 +22,11 @@ TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
 # TODO: remove patches for removal of cgroups-agent, renaming pubring file, and removal of sysv files
 # when the upstream spec is updated
 while read -r filelist; do
-    sed -E 's/\.gz$//; /systemd-cgroups-agent/d; s/import-pubring.gpg/import-pubring.pgp/; /(initctl|runlevel|telinit)/ d' "$filelist" >"/tmp/$(basename "$filelist")"
+    sed -E \
+        -e 's/\.gz$//; /systemd-cgroups-agent/d; s/import-pubring.gpg/import-pubring.pgp/' \
+        -e '/(initctl|runlevel|telinit)/ d' \
+        -e 's/systemd-quotacheck.service.8/systemd-quotacheck@.service.8/' \
+        "$filelist" >"/tmp/$(basename "$filelist")"
     mount --bind "/tmp/$(basename "$filelist")" "$filelist"
 done < <(find "pkg/$PKG_SUBDIR${GIT_SUBDIR:+/$GIT_SUBDIR}" -name "files.*")
 

src/fsck/fsck.c

@@ -16,6 +16,7 @@
 #include "bus-error.h"
 #include "bus-locator.h"
 #include "bus-util.h"
+#include "creds-util.h"
 #include "device-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
@@ -28,13 +29,52 @@
 #include "socket-util.h"
 #include "special.h"
 #include "stdio-util.h"
+#include "string-table.h"
 #include "string-util.h"
 #include "time-util.h"
 
-static bool arg_skip = false;
+typedef enum FSCKMode {
-static bool arg_force = false;
+        FSCK_AUTO,
-static bool arg_show_progress = false;
+        FSCK_FORCE,
-static const char *arg_repair = "-a";
+        FSCK_SKIP,
+        _FSCK_MODE_MAX,
+        _FSCK_MODE_INVALID = -EINVAL,
+} FSCKMode;
+
+typedef enum FSCKRepair {
+        FSCK_REPAIR_NO,
+        FSCK_REPAIR_YES,
+        FSCK_REPAIR_PREEN,
+        _FSCK_REPAIR_MAX,
+        _FSCK_REPAIR_INVALID = -EINVAL,
+} FSCKRepair;
+
+static FSCKMode arg_mode = FSCK_AUTO;
+static FSCKRepair arg_repair = FSCK_REPAIR_PREEN;
+
+static const char * const fsck_mode_table[_FSCK_MODE_MAX] = {
+        [FSCK_AUTO]  = "auto",
+        [FSCK_FORCE] = "force",
+        [FSCK_SKIP]  = "skip",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(fsck_mode, FSCKMode);
+
+static const char * const fsck_repair_table[_FSCK_REPAIR_MAX] = {
+        [FSCK_REPAIR_NO]    = "no",
+        [FSCK_REPAIR_YES]   = "yes",
+        [FSCK_REPAIR_PREEN] = "preen",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(fsck_repair, FSCKRepair, FSCK_REPAIR_YES);
+
+static const char * const fsck_repair_option_table[_FSCK_REPAIR_MAX] = {
+        [FSCK_REPAIR_NO]    = "-n",
+        [FSCK_REPAIR_YES]   = "-y",
+        [FSCK_REPAIR_PREEN] = "-a",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(fsck_repair_option, FSCKRepair);
 
 static void start_target(const char *target, const char *mode) {
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
@@ -60,8 +100,6 @@ static void start_target(const char *target, const char *mode) {
 }
 
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
-        int r;
-
         assert(key);
 
         if (streq(key, "fsck.mode")) {
@@ -69,57 +107,52 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
                 if (proc_cmdline_value_missing(key, value))
                         return 0;
 
-                if (streq(value, "auto"))
+                arg_mode = fsck_mode_from_string(value);
-                        arg_force = arg_skip = false;
+                if (arg_mode < 0)
-                else if (streq(value, "force"))
+                        log_warning_errno(arg_mode, "Invalid fsck.mode= parameter, ignoring: %s", value);
-                        arg_force = true;
-                else if (streq(value, "skip"))
-                        arg_skip = true;
-                else
-                        log_warning("Invalid fsck.mode= parameter '%s'. Ignoring.", value);
 
         } else if (streq(key, "fsck.repair")) {
 
                 if (proc_cmdline_value_missing(key, value))
                         return 0;
 
-                if (streq(value, "preen"))
+                arg_repair = fsck_repair_from_string(value);
-                        arg_repair = "-a";
+                if (arg_repair < 0)
-                else {
+                        log_warning_errno(arg_repair, "Invalid fsck.repair= parameter, ignoring: %s", value);
-                        r = parse_boolean(value);
-                        if (r > 0)
-                                arg_repair = "-y";
-                        else if (r == 0)
-                                arg_repair = "-n";
-                        else
-                                log_warning("Invalid fsck.repair= parameter '%s'. Ignoring.", value);
-                }
         }
 
         else if (streq(key, "fastboot") && !value)
-                arg_skip = true;
+                arg_mode = FSCK_SKIP;
 
         else if (streq(key, "forcefsck") && !value)
-                arg_force = true;
+                arg_mode = FSCK_FORCE;
 
         return 0;
 }
 
-static void test_files(void) {
+static void parse_credentials(void) {
+        _cleanup_free_ char *value = NULL;
+        int r;
 
-#if HAVE_SYSV_COMPAT
+        r = read_credential("fsck.mode", (void**) &value, /* ret_size = */ NULL);
-        if (access("/fastboot", F_OK) >= 0) {
+        if (r < 0)
-                log_error("Please pass 'fsck.mode=skip' on the kernel command line rather than creating /fastboot on the root file system.");
+                log_debug_errno(r, "Failed to read credential 'fsck.mode', ignoring: %m");
-                arg_skip = true;
+        else {
+                arg_mode = fsck_mode_from_string(value);
+                if (arg_mode < 0)
+                        log_warning_errno(arg_mode, "Invalid 'fsck.mode' credential, ignoring: %s", value);
         }
 
-        if (access("/forcefsck", F_OK) >= 0) {
+        value = mfree(value);
-                log_error("Please pass 'fsck.mode=force' on the kernel command line rather than creating /forcefsck on the root file system.");
-                arg_force = true;
-        }
-#endif
 
-        arg_show_progress = access("/run/systemd/show-status", F_OK) >= 0;
+        r = read_credential("fsck.repair", (void**) &value, /* ret_size = */ NULL);
+        if (r < 0)
+                log_debug_errno(r, "Failed to read credential 'fsck.repair', ignoring: %m");
+        else {
+                arg_repair = fsck_repair_from_string(value);
+                if (arg_repair < 0)
+                        log_warning_errno(arg_repair, "Invalid 'fsck.repair' credential, ignoring: %s", value);
+        }
 }
 
 static double percent(int pass, unsigned long cur, unsigned long max) {
@@ -249,9 +282,11 @@ static int run(int argc, char *argv[]) {
         if (r < 0)
                 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
 
-        test_files();
+        parse_credentials();
 
-        if (!arg_force && arg_skip)
+        bool show_progress = access("/run/systemd/show-status", F_OK) >= 0;
+
+        if (arg_mode == FSCK_SKIP)
                 return 0;
 
         if (argc > 1) {
@@ -328,7 +363,7 @@ static int run(int argc, char *argv[]) {
 
         console = fopen("/dev/console", "we");
         if (console &&
-            arg_show_progress &&
+            show_progress &&
             pipe(progress_pipe) < 0)
                 return log_error_errno(errno, "pipe(): %m");
 
@@ -359,7 +394,7 @@ static int run(int argc, char *argv[]) {
                         dash_c[0] = 0;
 
                 cmdline[i++] = "fsck";
-                cmdline[i++] =  arg_repair;
+                cmdline[i++] = fsck_repair_option_to_string(arg_repair);
                 cmdline[i++] = "-T";
 
                 /*
@@ -372,7 +407,7 @@ static int run(int argc, char *argv[]) {
                 if (!root_directory)
                         cmdline[i++] = "-M";
 
-                if (arg_force)
+                if (arg_mode == FSCK_FORCE)
                         cmdline[i++] = "-f";
 
                 if (!isempty(dash_c))

src/quotacheck/quotacheck.c

@@ -3,18 +3,31 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
+#include "creds-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "proc-cmdline.h"
 #include "process-util.h"
-#include "static-destruct.h"
+#include "string-table.h"
 #include "string-util.h"
 
-static char *arg_path = NULL;
+typedef enum QuotaCheckMode {
-static bool arg_skip = false;
+        QUOTA_CHECK_AUTO,
-static bool arg_force = false;
+        QUOTA_CHECK_FORCE,
+        QUOTA_CHECK_SKIP,
+        _QUOTA_CHECK_MODE_MAX,
+        _QUOTA_CHECK_MODE_INVALID = -EINVAL,
+} QuotaCheckMode;
 
-STATIC_DESTRUCTOR_REGISTER(arg_path, freep);
+static QuotaCheckMode arg_mode = QUOTA_CHECK_AUTO;
+
+static const char * const quota_check_mode_table[_QUOTA_CHECK_MODE_MAX] = {
+        [QUOTA_CHECK_AUTO]  = "auto",
+        [QUOTA_CHECK_FORCE] = "force",
+        [QUOTA_CHECK_SKIP]  = "skip",
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(quota_check_mode, QuotaCheckMode);
 
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
 
@@ -23,29 +36,28 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
                 if (proc_cmdline_value_missing(key, value))
                         return 0;
 
-                if (streq(value, "auto"))
+                arg_mode = quota_check_mode_from_string(value);
-                        arg_force = arg_skip = false;
+                if (arg_mode < 0)
-                else if (streq(value, "force"))
+                        log_warning_errno(arg_mode, "Invalid quotacheck.mode= value, ignoring: %s", value);
-                        arg_force = true;
-                else if (streq(value, "skip"))
-                        arg_skip = true;
-                else
-                        log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
 
         } else if (streq(key, "forcequotacheck") && !value)
-                arg_force = true;
+                arg_mode = QUOTA_CHECK_FORCE;
 
         return 0;
 }
 
-static void test_files(void) {
+static void parse_credentials(void) {
+        _cleanup_free_ char *value = NULL;
+        int r;
 
-#if HAVE_SYSV_COMPAT
+        r = read_credential("quotacheck.mode", (void**) &value, /* ret_size = */ NULL);
-        if (access("/forcequotacheck", F_OK) >= 0) {
+        if (r < 0)
-                log_error("Please pass 'quotacheck.mode=force' on the kernel command line rather than creating /forcequotacheck on the root file system. Proceeding anyway.");
+                log_debug_errno(r, "Failed to read credential 'quotacheck.mode', ignoring: %m");
-                arg_force = true;
+        else {
+                arg_mode = quota_check_mode_from_string(value);
+                if (arg_mode < 0)
+                        log_warning_errno(arg_mode, "Invalid 'quotacheck.mode' credential, ignoring: %s", value);
         }
-#endif
 }
 
 static int run(int argc, char *argv[]) {
@@ -63,12 +75,12 @@ static int run(int argc, char *argv[]) {
         if (r < 0)
                 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
 
-        test_files();
+        parse_credentials();
 
-        if (!arg_force) {
+        if (arg_mode == QUOTA_CHECK_SKIP)
-                if (arg_skip)
+                return 0;
-                        return 0;
 
+        if (arg_mode == QUOTA_CHECK_AUTO) {
                 /* This is created by systemd-fsck when fsck detected and corrected errors. In normal
                  * operations quotacheck is not needed. */
                 if (access("/run/systemd/quotacheck", F_OK) < 0) {
@@ -80,9 +92,10 @@ static int run(int argc, char *argv[]) {
                 }
         }
 
+        _cleanup_free_ char *path = NULL;
         if (argc == 2) {
-                arg_path = strdup(argv[1]);
+                path = strdup(argv[1]);
-                if (!arg_path)
+                if (!path)
                         return log_oom();
         }
 
@@ -92,8 +105,8 @@ static int run(int argc, char *argv[]) {
         if (r == 0) {
                 const char *cmdline[] = {
                         QUOTACHECK,
-                        arg_path ? "-nug" : "-anug", /* Check all file systems if path isn't specified */
+                        path ? "-nug" : "-anug", /* Check all file systems if path isn't specified */
-                        arg_path,
+                        path,
                         NULL
                 };
 

src/resolve/resolvectl.c

@@ -3625,6 +3625,8 @@ static int compat_help(void) {
         if (r < 0)
                 return log_oom();
 
+        pager_open(arg_pager_flags);
+
         printf("%1$s [OPTIONS...] HOSTNAME|ADDRESS...\n"
                "%1$s [OPTIONS...] --service [[NAME] TYPE] DOMAIN\n"
                "%1$s [OPTIONS...] --openpgp EMAIL@DOMAIN...\n"
@@ -3682,6 +3684,8 @@ static int native_help(void) {
         if (r < 0)
                 return log_oom();
 
+        pager_open(arg_pager_flags);
+
         printf("%1$s [OPTIONS...] COMMAND ...\n"
                "\n"
                "%5$sSend control commands to the network name resolution manager, or%6$s\n"

src/shared/btrfs-util.c

@@ -299,23 +299,6 @@ static int btrfs_iterate(BtrfsForeachIterator *i) {
              btrfs_iterate(&iterator) > 0; )
 
 int btrfs_subvol_get_info_fd(int fd, uint64_t subvol_id, BtrfsSubvolInfo *ret) {
-        struct btrfs_ioctl_search_args args = {
-                /* Tree of tree roots */
-                .key.tree_id = BTRFS_ROOT_TREE_OBJECTID,
-
-                /* Look precisely for the subvolume items */
-                .key.min_type = BTRFS_ROOT_ITEM_KEY,
-                .key.max_type = BTRFS_ROOT_ITEM_KEY,
-
-                .key.min_offset = 0,
-                .key.max_offset = UINT64_MAX,
-
-                /* No restrictions on the other components */
-                .key.min_transid = 0,
-                .key.max_transid = UINT64_MAX,
-        };
-
-        bool found = false;
         int r;
 
         assert(fd >= 0);
@@ -327,66 +310,30 @@ int btrfs_subvol_get_info_fd(int fd, uint64_t subvol_id, BtrfsSubvolInfo *ret) {
         if (fd < 0)
                 return fd;
 
-        if (subvol_id == 0) {
+        r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
-                r = btrfs_subvol_get_id_fd(fd, &subvol_id);
+        if (r < 0)
-                if (r < 0)
+                return r;
-                        return r;
+        if (r == 0)
-        } else {
+                return -ENOTTY;
-                r = fd_is_fs_type(fd, BTRFS_SUPER_MAGIC);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return -ENOTTY;
-        }
 
-        args.key.min_objectid = args.key.max_objectid = subvol_id;
+        struct btrfs_ioctl_get_subvol_info_args info;
+        if (ioctl(fd, BTRFS_IOC_GET_SUBVOL_INFO, &info) < 0)
+                return -errno;
 
-        while (btrfs_ioctl_search_args_compare(&args) <= 0) {
+        *ret = (BtrfsSubvolInfo) {
-                struct btrfs_ioctl_search_header sh;
+                .subvol_id = info.treeid,
-                const void *body;
+                .otime = info.otime.sec * USEC_PER_SEC + (info.otime.nsec / NSEC_PER_USEC),
+                .ctime = info.ctime.sec * USEC_PER_SEC + (info.ctime.nsec / NSEC_PER_USEC),
+                .read_only = FLAGS_SET(info.flags, BTRFS_SUBVOL_RDONLY),
+        };
 
-                args.key.nr_items = 256;
+        assert_cc(sizeof(info.uuid) == sizeof(sd_id128_t));
-                if (ioctl(fd, BTRFS_IOC_TREE_SEARCH, &args) < 0)
+        memcpy(&ret->uuid, info.uuid, sizeof(sd_id128_t));
-                        return -errno;
 
-                if (args.key.nr_items <= 0)
+        assert_cc(sizeof(info.parent_uuid) == sizeof(sd_id128_t));
-                        break;
+        memcpy(&ret->parent_uuid, info.parent_uuid, sizeof(sd_id128_t));
 
-                FOREACH_BTRFS_IOCTL_SEARCH_HEADER(sh, body, args) {
+        return 0;
-                        /* Make sure we start the next search at least from this entry */
-                        btrfs_ioctl_search_args_set(&args, &sh);
-
-                        if (sh.objectid != subvol_id)
-                                continue;
-                        if (sh.type != BTRFS_ROOT_ITEM_KEY)
-                                continue;
-
-                        /* Older versions of the struct lacked the otime setting */
-                        if (sh.len < offsetof(struct btrfs_root_item, otime) + sizeof(struct btrfs_timespec))
-                                continue;
-
-                        const struct btrfs_root_item *ri = body;
-                        ret->otime = (usec_t) le64toh(ri->otime.sec) * USEC_PER_SEC +
-                                (usec_t) le32toh(ri->otime.nsec) / NSEC_PER_USEC;
-
-                        ret->subvol_id = subvol_id;
-                        ret->read_only = le64toh(ri->flags) & BTRFS_ROOT_SUBVOL_RDONLY;
-
-                        assert_cc(sizeof(ri->uuid) == sizeof(ret->uuid));
-                        memcpy(&ret->uuid, ri->uuid, sizeof(ret->uuid));
-                        memcpy(&ret->parent_uuid, ri->parent_uuid, sizeof(ret->parent_uuid));
-
-                        found = true;
-                        goto finish;
-                }
-
-                /* Increase search key by one, to read the next item, if we can. */
-                if (!btrfs_ioctl_search_args_inc(&args))
-                        break;
-        }
-
-finish:
-        return found ? 0 : -ENODATA;
 }
 
 int btrfs_qgroup_get_quota_fd(int fd, uint64_t qgroupid, BtrfsQuotaInfo *ret) {

src/shared/btrfs-util.h

@@ -8,7 +8,8 @@
 
 typedef struct BtrfsSubvolInfo {
         uint64_t subvol_id;
-        usec_t otime;
+        usec_t otime; /* creation time */
+        usec_t ctime; /* change time */
 
         sd_id128_t uuid;
         sd_id128_t parent_uuid;

src/shared/discover-image.c

@@ -430,7 +430,7 @@ static int image_make(
                                               filename,
                                               info.read_only || read_only,
                                               info.otime,
-                                              0,
+                                              info.ctime,
                                               ret);
                                 if (r < 0)
                                         return r;

src/shared/generator.c

@@ -250,7 +250,8 @@ static int write_fsck_sysroot_service(
                 "Type=oneshot\n"
                 "RemainAfterExit=yes\n"
                 "ExecStart=" SYSTEMD_FSCK_PATH " %6$s\n"
-                "TimeoutSec=infinity\n",
+                "TimeoutSec=infinity\n"
+                "ImportCredential=fsck.*\n",
                 escaped,
                 unit,
                 device,

src/test/test-tpm2.c

@@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include "architecture.h"
 #include "hexdecoct.h"
 #include "tests.h"
 #include "tpm2-util.h"
@@ -875,6 +876,13 @@ static void check_tpm2b_public_from_rsa_pem(const char *pem, const char *hexn, u
 }
 
 TEST(tpm2b_public_from_openssl_pkey) {
+        // TODO: this test fails on s390x but only on Github Actions, re-enable once
+        // https://github.com/systemd/systemd/issues/38229 is fixed
+        if (strstr_ptr(ci_environment(), "github-actions") && uname_architecture() == ARCHITECTURE_S390X) {
+                log_notice("%s: skipping test on GH Actions because of systemd/systemd#38229", __func__);
+                return;
+        }
+
         /* standard ECC key */
         check_tpm2b_public_from_ecc_pem("2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30444151634451674145726a6e4575424c73496c3972687068777976584e50686a346a426e500a44586e794a304b395579724e6764365335413532542b6f5376746b436a365a726c34685847337741515558706f426c532b7448717452714c35513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a",
                                         "ae39c4b812ec225f6b869870caf5cd3e18f88c19cf0d79f22742bd532acd81de",

src/vmspawn/vmspawn.c

@@ -117,7 +117,6 @@ static int arg_secure_boot = -1;
 static MachineCredentialContext arg_credentials = {};
 static uid_t arg_uid_shift = UID_INVALID, arg_uid_range = 0x10000U;
 static RuntimeMountContext arg_runtime_mounts = {};
-static SettingsMask arg_settings_mask = 0;
 static char *arg_firmware = NULL;
 static char *arg_forward_journal = NULL;
 static bool arg_privileged = false;
@@ -365,7 +364,6 @@ static int parse_argv(int argc, char *argv[]) {
                         if (r < 0)
                                 return r;
 
-                        arg_settings_mask |= SETTING_DIRECTORY;
                         break;
 
                 case 'i':
@@ -373,7 +371,6 @@ static int parse_argv(int argc, char *argv[]) {
                         if (r < 0)
                                 return r;
 
-                        arg_settings_mask |= SETTING_DIRECTORY;
                         break;
 
                 case 'M':
@@ -485,7 +482,6 @@ static int parse_argv(int argc, char *argv[]) {
                         if (r < 0)
                                 return log_error_errno(r, "Invalid UUID: %s", optarg);
 
-                        arg_settings_mask |= SETTING_MACHINE_ID;
                         break;
 
                 case ARG_REGISTER:
@@ -505,7 +501,6 @@ static int parse_argv(int argc, char *argv[]) {
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse --bind(-ro)= argument %s: %m", optarg);
 
-                        arg_settings_mask |= SETTING_BIND_MOUNTS;
                         break;
 
                 case ARG_EXTRA_DRIVE: {
@@ -558,7 +553,6 @@ static int parse_argv(int argc, char *argv[]) {
                         r = machine_credential_set(&arg_credentials, optarg);
                         if (r < 0)
                                 return r;
-                        arg_settings_mask |= SETTING_CREDENTIALS;
                         break;
                 }
 
@@ -567,7 +561,6 @@ static int parse_argv(int argc, char *argv[]) {
                         if (r < 0)
                                 return r;
 
-                        arg_settings_mask |= SETTING_CREDENTIALS;
                         break;
                 }
 
@@ -693,8 +686,6 @@ static int parse_argv(int argc, char *argv[]) {
                 arg_kernel_cmdline_extra = strv_copy(argv + optind);
                 if (!arg_kernel_cmdline_extra)
                         return log_oom();
-
-                arg_settings_mask |= SETTING_START_MODE;
         }
 
         return 1;

test/integration-test-setup.sh

@@ -24,7 +24,7 @@ case "$1" in
                     pacman --upgrade --needed --noconfirm /work/build/*.pkg.tar
                     ;;
                 debian|ubuntu)
-                    apt-get install /work/build/*.deb
+                    DEBIAN_FRONTEND=noninteractive apt-get -y install /work/build/*.deb
                     ;;
                 opensuse*)
                     zypper --non-interactive install --allow-unsigned-rpm /work/build/*.rpm

test/test-fstab-generator/test-12-dev-sdx.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/sdx1
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-13-label.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/disk/by-label/Root
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-14-uuid.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/disk/by-uuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-15-partuuid.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/disk/by-partuuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-17-initrd-sysroot.fstab.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/sdx1
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-18-options.fstab.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/sdx1
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-19-mounts-from-cmdline.expected/systemd-fsck-root.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/sdx1
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-fstab-generator/test-19-mounts-from-cmdline.expected/systemd-fsck-usr.service

@@ -15,3 +15,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/systemd-fsck /dev/sdx5
 TimeoutSec=infinity
+ImportCredential=fsck.*

test/test-network/systemd-networkd-tests.py

@@ -423,16 +423,32 @@ def clear_udev_rules():
     rm_rf(udev_rules_dir)
 
 def save_active_units():
-    for u in ['systemd-networkd.socket', 'systemd-networkd.service',
+    for u in [
-              'systemd-resolved.service', 'systemd-timesyncd.service',
+            'systemd-networkd.socket',
-              'firewalld.service']:
+            'systemd-networkd-varlink.socket',
+            'systemd-networkd.service',
+            'systemd-resolved.service',
+            'systemd-timesyncd.service',
+            'firewalld.service'
+    ]:
         if call(f'systemctl is-active --quiet {u}') == 0:
             call(f'systemctl stop {u}')
             active_units.append(u)
 
 def restore_active_units():
+    has_socket = False
+
     if 'systemd-networkd.socket' in active_units:
-        call('systemctl stop systemd-networkd.socket systemd-networkd.service')
+        call('systemctl stop systemd-networkd.socket')
+        has_socket = True
+
+    if 'systemd-networkd-varlink.socket' in active_units:
+        call('systemctl stop systemd-networkd-varlink.socket')
+        has_socket = True
+
+    if has_socket:
+        call('systemctl stop systemd-networkd.service')
+
     for u in active_units:
         call(f'systemctl restart {u}')
 
@@ -482,6 +498,7 @@ def setup_system_units():
         for unit in [
                 'systemd-networkd.service',
                 'systemd-networkd.socket',
+                'systemd-networkd-varlink.socket',
                 'systemd-networkd-persistent-storage.service',
                 'systemd-resolved.service',
                 'systemd-timesyncd.service',
@@ -522,6 +539,13 @@ def setup_system_units():
             'StartLimitIntervalSec=0',
         ]
     )
+    create_unit_dropin(
+        'systemd-networkd-varlink.socket',
+        [
+            '[Unit]',
+            'StartLimitIntervalSec=0',
+        ]
+    )
     create_unit_dropin(
         'systemd-networkd-persistent-storage.service',
         [
@@ -553,6 +577,7 @@ def clear_system_units():
 
     rm_unit('systemd-networkd.service')
     rm_unit('systemd-networkd.socket')
+    rm_unit('systemd-networkd-varlink.socket')
     rm_unit('systemd-networkd-persistent-storage.service')
     rm_unit('systemd-resolved.service')
     rm_unit('systemd-timesyncd.service')
@@ -938,9 +963,11 @@ def stop_networkd(show_logs=True, check_failed=True):
 
     if check_failed:
         check_output('systemctl stop systemd-networkd.socket')
+        check_output('systemctl stop systemd-networkd-varlink.socket')
         check_output('systemctl stop systemd-networkd.service')
     else:
         call('systemctl stop systemd-networkd.socket')
+        call('systemctl stop systemd-networkd-varlink.socket')
         call('systemctl stop systemd-networkd.service')
 
     if show_logs:

tmpfiles.d/legacy.conf.in

@@ -21,11 +21,4 @@ L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
 # /run/lock/subsys is used for serializing SysV service execution, and
 # hence without use on SysV-less systems.
 d /run/lock/subsys 0755 root root -
-
-# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
-# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
-# 'quotacheck.mode=force'
-r! /forcefsck
-r! /fastboot
-r! /forcequotacheck
 {% endif %}

units/systemd-fsck-root.service.in

@@ -22,3 +22,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart={{LIBEXECDIR}}/systemd-fsck
 TimeoutSec=infinity
+ImportCredential=fsck.*

units/systemd-fsck@.service.in

@@ -22,3 +22,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart={{LIBEXECDIR}}/systemd-fsck %f
 TimeoutSec=infinity
+ImportCredential=fsck.*

units/systemd-quotacheck-root.service.in

@@ -9,7 +9,7 @@
 
 [Unit]
 Description=Root File System Quota Check
-Documentation=man:systemd-quotacheck.service(8)
+Documentation=man:systemd-quotacheck@.service(8)
 
 ConditionPathExists=!/etc/initrd-release
 
@@ -23,3 +23,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart={{LIBEXECDIR}}/systemd-quotacheck /
 TimeoutSec=infinity
+ImportCredential=quotacheck.*

units/systemd-quotacheck@.service.in

@@ -9,7 +9,7 @@
 
 [Unit]
 Description=File System Quota Check
-Documentation=man:systemd-quotacheck.service(8)
+Documentation=man:systemd-quotacheck@.service(8)
 
 ConditionPathExists={{QUOTACHECK}}
 ConditionPathExists=!/etc/initrd-release
@@ -25,3 +25,4 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart={{LIBEXECDIR}}/systemd-quotacheck %f
 TimeoutSec=infinity
+ImportCredential=quotacheck.*