git-history.diyao.me Git - systemd/.git/log

Merge pull request #25639 from jamacku/update-contributing

doc: update link to systemd-rhel GitHub repository - `CONTRIBUTING.md`

doc: fix markdown-lint issues in `CONTRIBUTING.md`

doc: update link to systemd-rhel GitHub repo

systemd-rhel GitHub repository has been moved to new location:

- https://github.com/redhat-plumbers

Merge pull request #25537 from evverx/fuzz-resource-records

tests: fuzz dns resource records

acl-util: several cleanups

- add missing assertions,
- rename function arguments for storing result,
- rename variables which conflict our macros,
- always initialize function arguments for results on success.

Merge pull request #25437 from YHNdnzj/systemctl-disable-warn-statically-enabled-services

systemctl: warn if trying to disable a unit with no install info

chase-symlinks: Fix regression from 5bc244aaa90211ccd8370535274c266cdff6a1cb

Previously, chase_symlinks() always returned an absolute path, which
changed after 5bc244aaa90211ccd8370535274c266cdff6a1cb. This commit
fixes chase_symlinks() so it returns absolute paths all the time again.

pstore: fixes for dmesg.txt reconstruction

This patch fixes problems with the re-assembly of the dmesg
from the records stored in pstore.

The current code simply ignores the last 6 characters of the
file name to form a base record id, which then groups any
pstore files with this base id into the reconstructed dmesg.txt.
This approach fails when the following oops generated the
following in pstore:

-rw-------.  1 root root  1808 Oct 27 22:07 dmesg-efi-166692286101001
-rw-------.  1 root root  1341 Oct 27 22:07 dmesg-efi-166692286101002
-rw-------.  1 root root  1812 Oct 27 22:07 dmesg-efi-166692286102001
-rw-------.  1 root root  1820 Oct 27 22:07 dmesg-efi-166692286102002
-rw-------.  1 root root  1807 Oct 27 22:07 dmesg-efi-166692286103001
-rw-------.  1 root root  1791 Oct 27 22:07 dmesg-efi-166692286103002
-rw-------.  1 root root  1773 Oct 27 22:07 dmesg-efi-166692286104001
-rw-------.  1 root root  1801 Oct 27 22:07 dmesg-efi-166692286104002
-rw-------.  1 root root  1821 Oct 27 22:07 dmesg-efi-166692286105001
-rw-------.  1 root root  1809 Oct 27 22:07 dmesg-efi-166692286105002
-rw-------.  1 root root  1804 Oct 27 22:07 dmesg-efi-166692286106001
-rw-------.  1 root root  1817 Oct 27 22:07 dmesg-efi-166692286106002
-rw-------.  1 root root  1792 Oct 27 22:07 dmesg-efi-166692286107001
-rw-------.  1 root root  1810 Oct 27 22:07 dmesg-efi-166692286107002
-rw-------.  1 root root  1717 Oct 27 22:07 dmesg-efi-166692286108001
-rw-------.  1 root root  1808 Oct 27 22:07 dmesg-efi-166692286108002
-rw-------.  1 root root  1764 Oct 27 22:07 dmesg-efi-166692286109001
-rw-------.  1 root root  1765 Oct 27 22:07 dmesg-efi-166692286109002
-rw-------.  1 root root  1796 Oct 27 22:07 dmesg-efi-166692286110001
-rw-------.  1 root root  1816 Oct 27 22:07 dmesg-efi-166692286110002
-rw-------.  1 root root  1793 Oct 27 22:07 dmesg-efi-166692286111001
-rw-------.  1 root root  1751 Oct 27 22:07 dmesg-efi-166692286111002
-rw-------.  1 root root  1813 Oct 27 22:07 dmesg-efi-166692286112001
-rw-------.  1 root root  1786 Oct 27 22:07 dmesg-efi-166692286112002
-rw-------.  1 root root  1754 Oct 27 22:07 dmesg-efi-166692286113001
-rw-------.  1 root root  1752 Oct 27 22:07 dmesg-efi-166692286113002
-rw-------.  1 root root  1803 Oct 27 22:07 dmesg-efi-166692286114001
-rw-------.  1 root root  1759 Oct 27 22:07 dmesg-efi-166692286114002
-rw-------.  1 root root  1805 Oct 27 22:07 dmesg-efi-166692286115001
-rw-------.  1 root root  1787 Oct 27 22:07 dmesg-efi-166692286115002
-rw-------.  1 root root  1815 Oct 27 22:07 dmesg-efi-166692286116001
-rw-------.  1 root root  1771 Oct 27 22:07 dmesg-efi-166692286116002
-rw-------.  1 root root  1816 Oct 27 22:07 dmesg-efi-166692286117002
-rw-------.  1 root root  1388 Oct 27 22:07 dmesg-efi-166692286701003
-rw-------.  1 root root  1824 Oct 27 22:07 dmesg-efi-166692286702003
-rw-------.  1 root root  1795 Oct 27 22:07 dmesg-efi-166692286703003
-rw-------.  1 root root  1805 Oct 27 22:07 dmesg-efi-166692286704003
-rw-------.  1 root root  1813 Oct 27 22:07 dmesg-efi-166692286705003
-rw-------.  1 root root  1821 Oct 27 22:07 dmesg-efi-166692286706003
-rw-------.  1 root root  1814 Oct 27 22:07 dmesg-efi-166692286707003
-rw-------.  1 root root  1812 Oct 27 22:07 dmesg-efi-166692286708003
-rw-------.  1 root root  1769 Oct 27 22:07 dmesg-efi-166692286709003
-rw-------.  1 root root  1820 Oct 27 22:07 dmesg-efi-166692286710003
-rw-------.  1 root root  1755 Oct 27 22:07 dmesg-efi-166692286711003
-rw-------.  1 root root  1790 Oct 27 22:07 dmesg-efi-166692286712003
-rw-------.  1 root root  1756 Oct 27 22:07 dmesg-efi-166692286713003
-rw-------.  1 root root  1763 Oct 27 22:07 dmesg-efi-166692286714003
-rw-------.  1 root root  1791 Oct 27 22:07 dmesg-efi-166692286715003
-rw-------.  1 root root  1775 Oct 27 22:07 dmesg-efi-166692286716003
-rw-------.  1 root root  1820 Oct 27 22:07 dmesg-efi-166692286717003

The "reconstructed" dmesg.txt that resulted from the above contained
the following (ignoring actual contents, just providing the Part info):

Emergency#3 Part17
Emergency#3 Part16
Emergency#3 Part15
Emergency#3 Part14
Emergency#3 Part13
Emergency#3 Part12
Emergency#3 Part11
Emergency#3 Part10
Emergency#3 Part9
Emergency#3 Part8
Emergency#3 Part7
Emergency#3 Part6
Emergency#3 Part5
Emergency#3 Part4
Emergency#3 Part3
Emergency#3 Part2
Emergency#3 Part1
Panic#2 Part17
Panic#2 Part16
Oops#1 Part16
Panic#2 Part15
Oops#1 Part15
Panic#2 Part14
Oops#1 Part14
Panic#2 Part13
Oops#1 Part13
Panic#2 Part12
Oops#1 Part12
Panic#2 Part11
Oops#1 Part11
Panic#2 Part10
Oops#1 Part10
Panic#2 Part9
Oops#1 Part9
Panic#2 Part8
Oops#1 Part8
Panic#2 Part7
Oops#1 Part7
Panic#2 Part6
Oops#1 Part6
Panic#2 Part5
Oops#1 Part5
Panic#2 Part4
Oops#1 Part4
Panic#2 Part3
Oops#1 Part3
Panic#2 Part2
Oops#1 Part2
Panic#2 Part1
Oops#1 Part1

The above is a interleaved mess of three dmesg dumps.

This patch fixes the above problems, and simplifies the dmesg
reconstruction process. The code now distinguishes between
records on EFI vs ERST, which have differently formatted
record identifiers. Using knowledge of the format of the
record ids allows vastly improved reconstruction process.

With this change in place, the above pstore records now
result in the following:

# ls -alR /var/lib/systemd/pstore
1666922861:
total 8
drwxr-xr-x. 4 root root   28 Nov 18 14:58 .
drwxr-xr-x. 7 root root  144 Nov 18 14:58 ..
drwxr-xr-x. 2 root root 4096 Nov 18 14:58 001
drwxr-xr-x. 2 root root 4096 Nov 18 14:58 002

1666922861/001:
total 100
drwxr-xr-x. 2 root root  4096 Nov 18 14:58 .
drwxr-xr-x. 4 root root    28 Nov 18 14:58 ..
-rw-------. 1 root root  1808 Oct 27 22:07 dmesg-efi-166692286101001
-rw-------. 1 root root  1812 Oct 27 22:07 dmesg-efi-166692286102001
-rw-------. 1 root root  1807 Oct 27 22:07 dmesg-efi-166692286103001
-rw-------. 1 root root  1773 Oct 27 22:07 dmesg-efi-166692286104001
-rw-------. 1 root root  1821 Oct 27 22:07 dmesg-efi-166692286105001
-rw-------. 1 root root  1804 Oct 27 22:07 dmesg-efi-166692286106001
-rw-------. 1 root root  1792 Oct 27 22:07 dmesg-efi-166692286107001
-rw-------. 1 root root  1717 Oct 27 22:07 dmesg-efi-166692286108001
-rw-------. 1 root root  1764 Oct 27 22:07 dmesg-efi-166692286109001
-rw-------. 1 root root  1796 Oct 27 22:07 dmesg-efi-166692286110001
-rw-------. 1 root root  1793 Oct 27 22:07 dmesg-efi-166692286111001
-rw-------. 1 root root  1813 Oct 27 22:07 dmesg-efi-166692286112001
-rw-------. 1 root root  1754 Oct 27 22:07 dmesg-efi-166692286113001
-rw-------. 1 root root  1803 Oct 27 22:07 dmesg-efi-166692286114001
-rw-------. 1 root root  1805 Oct 27 22:07 dmesg-efi-166692286115001
-rw-------. 1 root root  1815 Oct 27 22:07 dmesg-efi-166692286116001
-rw-r-----. 1 root root 28677 Nov 18 14:58 dmesg.txt

1666922861/002:
total 104
drwxr-xr-x. 2 root root  4096 Nov 18 14:58 .
drwxr-xr-x. 4 root root    28 Nov 18 14:58 ..
-rw-------. 1 root root  1341 Oct 27 22:07 dmesg-efi-166692286101002
-rw-------. 1 root root  1820 Oct 27 22:07 dmesg-efi-166692286102002
-rw-------. 1 root root  1791 Oct 27 22:07 dmesg-efi-166692286103002
-rw-------. 1 root root  1801 Oct 27 22:07 dmesg-efi-166692286104002
-rw-------. 1 root root  1809 Oct 27 22:07 dmesg-efi-166692286105002
-rw-------. 1 root root  1817 Oct 27 22:07 dmesg-efi-166692286106002
-rw-------. 1 root root  1810 Oct 27 22:07 dmesg-efi-166692286107002
-rw-------. 1 root root  1808 Oct 27 22:07 dmesg-efi-166692286108002
-rw-------. 1 root root  1765 Oct 27 22:07 dmesg-efi-166692286109002
-rw-------. 1 root root  1816 Oct 27 22:07 dmesg-efi-166692286110002
-rw-------. 1 root root  1751 Oct 27 22:07 dmesg-efi-166692286111002
-rw-------. 1 root root  1786 Oct 27 22:07 dmesg-efi-166692286112002
-rw-------. 1 root root  1752 Oct 27 22:07 dmesg-efi-166692286113002
-rw-------. 1 root root  1759 Oct 27 22:07 dmesg-efi-166692286114002
-rw-------. 1 root root  1787 Oct 27 22:07 dmesg-efi-166692286115002
-rw-------. 1 root root  1771 Oct 27 22:07 dmesg-efi-166692286116002
-rw-------. 1 root root  1816 Oct 27 22:07 dmesg-efi-166692286117002
-rw-r-----. 1 root root 30000 Nov 18 14:58 dmesg.txt

1666922867:
total 4
drwxr-xr-x. 3 root root   17 Nov 18 14:58 .
drwxr-xr-x. 7 root root  144 Nov 18 14:58 ..
drwxr-xr-x. 2 root root 4096 Nov 18 14:58 003

1666922867/003:
total 104
drwxr-xr-x. 2 root root  4096 Nov 18 14:58 .
drwxr-xr-x. 3 root root    17 Nov 18 14:58 ..
-rw-------. 1 root root  1388 Oct 27 22:07 dmesg-efi-166692286701003
-rw-------. 1 root root  1824 Oct 27 22:07 dmesg-efi-166692286702003
-rw-------. 1 root root  1795 Oct 27 22:07 dmesg-efi-166692286703003
-rw-------. 1 root root  1805 Oct 27 22:07 dmesg-efi-166692286704003
-rw-------. 1 root root  1813 Oct 27 22:07 dmesg-efi-166692286705003
-rw-------. 1 root root  1821 Oct 27 22:07 dmesg-efi-166692286706003
-rw-------. 1 root root  1814 Oct 27 22:07 dmesg-efi-166692286707003
-rw-------. 1 root root  1812 Oct 27 22:07 dmesg-efi-166692286708003
-rw-------. 1 root root  1769 Oct 27 22:07 dmesg-efi-166692286709003
-rw-------. 1 root root  1820 Oct 27 22:07 dmesg-efi-166692286710003
-rw-------. 1 root root  1755 Oct 27 22:07 dmesg-efi-166692286711003
-rw-------. 1 root root  1790 Oct 27 22:07 dmesg-efi-166692286712003
-rw-------. 1 root root  1756 Oct 27 22:07 dmesg-efi-166692286713003
-rw-------. 1 root root  1763 Oct 27 22:07 dmesg-efi-166692286714003
-rw-------. 1 root root  1791 Oct 27 22:07 dmesg-efi-166692286715003
-rw-------. 1 root root  1775 Oct 27 22:07 dmesg-efi-166692286716003
-rw-------. 1 root root  1820 Oct 27 22:07 dmesg-efi-166692286717003
-rw-r-----. 1 root root 30111 Nov 18 14:58 dmesg.txt

Furthemore, pstore records on ERST are now able to accurately
identify the change in timestamp sequence in order to start a
new dmesg.txt, as needed.

Revert "update credentials when reloading a service"

This reverts commit 16a42b84cf88745e6b2b93f111f99179117b9610.

gpt-auto-generator: do not write "noauto" in unit options

"auto"/"noauto" only make sense in the fstab. Putting them in Options= in the
generated unit has no effect and is confusing.

Merge pull request #25618 from keszybz/sysctl-simplify-writing

Write sysctl values without newlines and as fixed strings

rpm/systemd-update-helper: use --no-warn when disabling units

Suppress the "empty [Install] section" warning (see #25437).

systemctl: allow suppress the warning of no install info using --no-warn

In cases like packaging scripts, it might be desired to use
enable/disable on units without install info. So, adding an
option '--no-warn' to suppress the warning.

systemctl: warn if trying to disable a unit with no install info

Trying to disable a unit with no install info is mostly useless, so
adding a warning like we do for enable (with the new dbus method
'DisableUnitFilesWithFlagsAndInstallInfo()'). Note that it would
still find and remove symlinks to the unit in /etc, regardless of
whether it has install info or not, just like before. And if there are
actually files to remove, we suppress the warning.

Fixes #17689

Update TODO

manager: write net/unix/max_dgram_qlen sysctl as fixed string

manager: define a string constant for LONG_MAX and use that for sysctl

This moves the formatting of the constant to compilation time and let's us
avoid asprintf() in the very hot path of initial boot.

manager: do not append '\n' when writing sysctl settings

When booting with debug logs, we print:

   Setting '/proc/sys/fs/file-max' to '9223372036854775807
   '
   Setting '/proc/sys/fs/nr_open' to '2147483640
   '
   Couldn't write fs.nr_open as 2147483640, halving it.
   Setting '/proc/sys/fs/nr_open' to '1073741816
   '
   Successfully bumped fs.nr_open to 1073741816

The strange formatting is because we explicitly appended a newline in those two
places. It seems that the kernel doesn't care. In fact, we have a few dozen other
writes to sysctl where we don't append a newline. So let's just drop those here
too, to make the code a bit simpler and avoid strange output in the logs.

dissect: add new helper verity_settings_data_covers()

This function checks if the external verity data referenced in
VeritySettings covers the specified partition (indicated via
designator).

Right now, we'll use that at one place, but in a later commit in more.

dissect: pick up gpt partition flags

Let's store the GPT partition flags in the dissected partition info.

Right now we won't actually use them for anything yet, but later we'll
add that, when enforcing policy on dissection.

Merge pull request #25570 from yuwata/dissect-rootless-image

dissect: support to unmount image without root partition

Revert "basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted"

This reverts commit 3e22dfc2352bb5c4f058e23a82f424655b599b18.

basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted

https://bugzilla.redhat.com/show_bug.cgi?id=2136916

Merge pull request #25541 from medhefgo/boot-reconnect

boot: Fix huge boot delay

test: check if we can use SHA1 MD for signing before using it

Some distributions have started phasing out SHA1, which breaks
the systemd-measure test case in its current form. Let's make sure we
can use SHA1 for signing beforehand to mitigate this.

Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]:
```
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "/tmp/pcrsign-private.pem"
...
openssl rsa -pubout -in "/tmp/pcrsign-private.pem" -out "/tmp/pcrsign-public.pem"
writing RSA key
/usr/lib/systemd/systemd-measure sign --current --bank=sha1 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem"
Failed to initialize signature context.
```

[0] https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0049-Selectively-disallow-SHA1-signatures.patch

Merge pull request #25603 from DaanDeMeyer/mkosi

mkosi config changes

dissect-image: log expected UUID for /var

Closes #25443.

bootspec: fix null-dereference-read

Fixes [oss-fuzz#53578](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53578).
Fixes #25450.

fuzz-systemctl: limit the size of input

Fixes [oss-fuzz#53552](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53552).
Fixes #25445.

mkosi: Drop HostonlyInitrd=yes

This option will be removed in the upcoming version of mkosi so let's
stop using it in our config.

mkosi: Drop explicit Format=

Once mkosi migrates to systemd-repart, only "disk" will be supported
for making disk images with mkosi and the filesystem will have to be
specified in repart partition definition files. To accomodate this
change, let's remove the explicit Format= assignment which means we'll
default to a disk image with ext4 until we add our own mkosi.repart/
directory.

tree-wide: fix typo

hwdb: add Dell Inspiron N4010 touchpad corrections

virt: Support detection of LMHS SRE guests

Merge pull request #25591 from poettering/dissect-probe-offset

dissect-image: probe file system via main block device fd/image file fd

nspawn: Use "Ctrl-" rather than "^" in info msg

Maybe most people know that "^]" means "Ctrl + ]" but for those that
don't, this should be more clear.

network: unset Link.ndisc_configured only when a new address or route is requested

This fixes an issue introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803.

When an outdated address or route is passed to link_request_address()/route(),
then they return 0 and the address or route will not be assigned. Such
situation can happen when we receive RA with zero lifetime. In that
case, we should not unset Link.ndisc_configured flag, otherwise even
no new address nor route will assigned, the interface will enter to the
configuring state, and unnecessary DBus property change is emit and the state
file will be updated. That makes resolved or timesyncd triggered to
reconfigure the interface.

Fixes #25456.

Merge pull request #25568 from yuwata/network-tiny-cleanups

network: tiny cleanups

dissect-image: probe file system via main block device fd/image file fd

let's make sure we can probe file systems also when unprivileged:
instead of probing the partition block devices for file system
signatures, let's go via the original "whole" fd.

libblkid makes this easy actually, as it allows us to specify the
offset/size of the area to probe. And we have the partition
offsets/sizes anyway, so it's trivial for us to make use of.

This thus enables fs probing also when lacking privs and operating on
naked regular files without loopback devices or anything like this.

test-loop-block: let's explicitly flush buffer cache on whole block device

Let's explicitly flush the kernel's buffer cache on the whole block
device once we ran "mkfs". This is necessary, because partition and
whole block devices maintain separate buffer caches, and thus writing
to one will not be visible on the other if cached there already, until
the latter's cache is explicitly flushed.

This is preparation for later adding support for probing file sytems
also if we have no open partition block devices, and hence want to use
the whole block device instead.

test-loop-block: also test dissection without ADD/PIN of partition block devices

Let's extend the test further, and try the codepaths where we do not
pin/add the partition block devices (i.e. which is the codepaths we use
when running without privs)

test-loop-block: tighten tests a bit - check fstype, too

Let's verify that we properly created the file systems once we did so.
And tets this way that our dissector works correctly.

Merge pull request #25593 from poettering/blkid-safeprobe-enum

define symbolic enum for blkid_do_safeprobe() return values

dissect: support to unmount image without root partition

Fixes #25480.

dissect: use sd-device to find and open loopback block device

update TODO

blkid-util: define enum for blkid_do_safeprobe() return values

libblkid really should define an enum for this on its own, but it
currently doesn't and returns literal numeric values. Lets make this
more readable by adding our own symbolic names via an enum.

tree-wide: use errno_or_else() more, instead of homegrown checks

Merge pull request #25579 from DaanDeMeyer/copy-graceful-symlinks

repart: Ignore copy failures for unsupported file types

build(deps): bump ninja from 1.10.2.4 to 1.11.1 in /.github/workflows

Bumps [ninja](https://github.com/ninja-build/ninja) from 1.10.2.4 to 1.11.1.
- [Release notes](https://github.com/ninja-build/ninja/releases)
- [Commits](https://github.com/ninja-build/ninja/commits/v1.11.1)

---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

repart: Ignore copy failures for unsupported file types

e.g. vfat doesn't support symlinks, sockets, fifos, etc so let's ignore
any copy failures related to unsupported file types when populating
filesystems.

Merge pull request #25554 from enr0n/follow-on-25509

oomd: only check prefix_uid when uid != 0

dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + DISSECT_IMAGE_OPEN_PARTITION_DEVICES

Curently, these two flags were implied by dissect_loop_device(), but
that's not right, because this means systemd-gpt-auto-generator will
dissect the root block device with these flags set and that's not
desirable: the generator should not cause the partition devices to be
created (we don't intend to use them right-away after all, but expect
udev to find/probe them first, and then mount them though .mount units).
And there's no point in opening the partition devices, since we do not
intend to mount them via fds either.

Hence, rework this: instead of implying the flags, specify them
explicitly.

While we are at it, let's also rename the flags to make them more
descriptive:

DISSECT_IMAGE_MANAGE_PARTITION_DEVICES becomes
DISSECT_IMAGE_ADD_PARTITION_DEVICES, since that's really all this does:
add the partition devices via BLKPG.

DISSECT_IMAGE_OPEN_PARTITION_DEVICES becomes
DISSECT_IMAGE_PIN_PARTITION_DEVICES, since we not only open the devices,
but keep the devices open continously (i.e. we "pin" them).

Also, drop the DISSECT_IMAGE_BLOCK_DEVICE combination flag, since it is
misleading, i.e. it suggests it was appropriate to specify on all
dissected blocking devices, but that's precisely not the case, see the
systemd-gpt-auto-generator case. My guess is that the confusion around
this was actually the cause for this bug we are addressing here.

Fixes: #25528

terminal-util: Set OPOST when setting ONLCR

reset_terminal_fd sets certain minimum required terminal attributes
that systemd relies on.

One of those attributes is `ONLCR` which ensures that when a new line
is sent to the terminal, that the cursor not only moves to the next
line, but also moves to the very beginning of that line.

In order for `ONLCR` to work, the terminal needs to perform output
post-processing. That requires an additional attribute, `OPOST`,
which reset_terminal_fd currently fails to ensure is set.

In most cases `OPOST` (and `ONLCR` actually) are both set anyway, so
it's not an issue, but it could be a problem if, e.g., the terminal was
put in raw mode by a program and the program unexpectedly died before
restoring settings.

This commit ensures when `ONLCR` is set `OPOST` is set too, which is
the only thing that really makes sense to do.

build(deps): bump meson from 0.63.3 to 0.64.1 in /.github/workflows

Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.3 to 0.64.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.3...0.64.1)

---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump redhat-plumbers-in-action/differential-shellcheck

Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 3.1.1 to 3.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md)
- [Commits](https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/1b1b75e42f0694c1012228513b21617a748c866e...f3cd08fcf12680861615270b29494d2b87c3e1cc)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...83fd05a356d7e2593de66fc9913b3002723633cb)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler

Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/compare/fe9c43b7d77bd8bd7fbe86c2c217e74ebeea71f2...88209aef583c66312529c515d41ea6a710a4baba)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

TODO: add unprivileged nspawn item

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

TODO: add socket reduction entry for nspawn

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

TODO: add CLONE_PARENT entry for nspawn

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

TODO: consolidate nspawn items

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>

copy: Add COPY_GRACEFUL_WARN

When copying between filesystems, sometimes the target filesystem
might not support symlinks/fifos/sockets/... and we want to log and
ignore any failures to copy such files when copying. Let's introduce
a new flag to enable this behavior.

Merge pull request #25578 from mrc0mmand/test-shutdown-tweaks

test: give the container time to properly shut down on exception

update TODO

test: a couple of pylint-related tweaks

test: give the container time to properly shut down on exception

Otherwise the `terminate()` method sends SIGKILL rather quickly (~0.3s),
which then leaves a dangling scope on the host system, breaking further
test executions.

Merge pull request #25574 from bluca/gh_wf

actions: restrict development_freeze to main repo and disable codeql on security repo

GA: do not run codeql on systemd-security

Scanning is not available on private repositories

GA: run development_freeze only on main repository

No point in running this checker on other forks

sd-netlink: fix assertion triggered by message_get_serial()

This fixes an issue introduced by 7b34bae3b1a8726e241a56600a6edf9b3733a4f4.

Fixes https://github.com/systemd/systemd/pull/25565#issuecomment-1331353945.

mkfs-util: fix memleak

Fixes an issure introduced by c75cf0164cbd69104f13cbe7be42ab639953bd7d.

Fixes CID#1501073.

network: address: use ASSERT_PTR()

network: address: always update link state when an address is removed

The removed address might be in the tentative state.

network: add missing assertion

cgtop: Update code comments

Merge pull request #25561 from poettering/btrfs-quota-opath-fix

tmpfiles: fix btrfs quota logic

Merge pull request #25565 from poettering/dissect-optimizations

two dissect-image.c optimizations/tweaks

oomd: fix doc comment for oomd_fetch_cgroup_oom_preference

Explicitly state that ManagedOOMPreference is always honored when the
unit's cgroup is owned by root.

man: clarify ManagedOOMPreference documentation

Explicitly state that ManagedOOMPreference is always honored when the
unit's cgroup is owned by root.

oomd: only check prefix_uid when uid != 0

If the cgroup is owned by root there is no need to get prefix_uid. Only
check prefix_uid when uid != 0, and then set MANAGED_OOM_PREFERENCE_NONE
and return early if uid != prefix_uid.

dissect-image: merge handlers for 4 different partition designators into one

These four branches execute the exact same code these days, hence merge
them into one.

dissect-image: don't probe swap partitions needlessly

We already know it's swap, we can assume it's also fstype swap, and
don#t need to probe things later again.

hwdb: add Clevo touchpad toggle key quirks

update TODO

units: change Requires=systemd-networkd.service → BindsTo= one more time

Follow-up for da15f8406e9aeb7908e1d92c02d2ff5147c7788a which did the
change for systemd-networkd-wait-online.service, let's also do this for
systemd-networkd-wait-online@.service

Merge pull request #25558 from poettering/fdisk-id128

add generic uuid/id128 helpers for libfdisk too

blkid: add helpers that get gpt partition uuid as sd_id128_t

just some refactoring to make things simpler.

btrfs-util: convert O_PATH if necessary, in btrfs quota call

Fixes: #25468

blockdev-util: move O_PATH fd conversion into btrfs_get_block_device_fd() to shorten things

And let's use a simple call to the new fd_reopen_condition() helper
there.

btrfs-util: convert to fd_reopen_condition()

fd-util: add new helper fd_reopen_conditional()

This is a wrapper around fd_reopen() that will reopen an fd if the
F_GETFL flags indicate this is necessary, and otherwise not.

This is useful for various utility calls that shall be able to operate
on O_PATH and without it, and might need to convert between the two
depending on what's passed in.

boot: Only do full driver initialization in VMs

Doing the reconnect dance on some real firmware creates huge delays on
boot. This should not be needed anymore as we now ask the firmware to
make console devices and xbootldr partitions available explicitly in a
more targeted fashion.

Fixes: #25510

boot: Make sure all partitions drivers are connected

boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices

Merge pull request #25385 from drvink/main

systemd: Support OOMPolicy in scope units

fdisk-util: add fdisk_partition_get_type_as_id128() helper

Let's also add an easy accessor for the other per-partition UUID.

fdisk-util: add fdisk_partition_get_uuid_as_id128() helper

Inspired by: #25534

kernel-install: Add uki layout

Currently the kernel-install man page only documents the bls layout for use
with the boot loader spec type #1. 90-loaderentry.install uses this layout to
generate loader entries and copy the kernel image and initrd to $BOOT.

This commit documents a second layout "uki" and adds 90-uki-copy.install,
which copies a UKI "uki.efi" from the staging area or any file with the .efi
extension given on the command line to
$BOOT/EFI/Linux/$ENTRY_TOKEN-$KERNEl_VERSION(+$TRIES).efi

This allows for both locally generated and distro-provided UKIs to be handled
by kernel-install.

update TODO