As for the Fedora change - it's a bit unfortunate that the udev.conf file doesn't support drop-ins like the rest of our configs; not sure if that's intentional or if just wasn't implemented y...

We already highlight sections and "de-highlight" comments, so let's add the last piece of the puzzle and highlight the configuration directives to visually distinguish them from the values.

Closes: #13416

Example:

![Screenshot_20231207_105604](https://github.com/systemd/systemd/as...

7e3607996a creates a symlink under /etc/ssh/sshd_config.d/ and with current Rawhide RPM stuff the systemd RPM tries to take ownership of that directory which conflicts with the openssh-server package. Let's temporarily tweak the regex in split-files.py until this changes makes it to Rawhide. ...

For instance units install_info_discover() returns path to the template, which then generates confusing errors when passed to do_unit_file_enable():

~# build/systemctl --root=/tmp/systemctl-test.N9ysbz reenable [email protected]
Unit name: [email protected]; p: /etc/systemd/system/...

When calling loginctl {seat,session}-status without arguments, show a nicer error message in case there's no suitable session/seat attached to the calling tty.

Before:

~# loginctl seat-status
Could not get properties: Unknown object '/org/freedesktop/login1/seat/auto'.
~# systemd-run -...

When --after-cursor=/--cursor-file= is used together with a journal filter, we still skipped over the first matching entry even if it wasn't the entry the cursor points at, thus missing one "valid" entry completely. Let's fix this by checking if the entry cursor after seeking matches the user p...

Otherwise the following test gets always skipped.

I have no idea what was my reasoning that led to this change, but it is simply wrong: systemd-journal-upload.service uses User=systemd-journal-upload together with DynamicUser=yes, so the user doesn't have to (and shouldn't) exist before starting the service.

See:

• https://github.com...

While finally enabling QEMU tests in the Fedora Rawhide testing-farm job, I had to deny-list TEST-64 there as it takes an ungodly amount of time without accel (similarly to Ubuntu CI). While at it, I also went through the existing deny...

Some distributions have started phasing out SHA1, which breaks the systemd-measure test case in its current form. Let's make sure we can use SHA1 for signing beforehand to mitigate this.

Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]:

openssl genpkey -algorithm RSA -pkeyo...

Requested by https://github.com/systemd/systemd/pull/25686.

Introduced by rebase in RHEL 9.2 (v250 -> v252).

Discovered whilst debugging #21.

Includes (among others) https://github.com/systemd/systemd/pull/25222 and https://github.com/systemd/systemd/pull/25541.

It may take a bit for newly introduced binaries/other files to get properly integrated into the Rawhide specfile, so don't choke up in the meantime when rpmbuild detects unpackaged files.

Otherwise we might start querying resolved too early, causing the monitoring service to miss stuff:

[ 1103.149474] testsuite-75.sh[35]: + systemd-run -u resmontest.service -p Type=notify resolvectl monitor
[ 1103.353803] testsuite-75.sh[423]: Running as unit: resmontest.service
[ 1103.3...

Some distributions have started phasing out SHA1, which breaks the systemd-measure test case in its current form. Let's make sure we can use SHA1 for signing beforehand to mitigate this.

Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]:

openssl genpkey -algorithm RSA -pkeyo...

This reverts & backports the new set of patches for the recent chase_symlinks*() without /proc/ issue.

For RHEL we either want to backport https://github.com/systemd/systemd/pull/25661 as well once it's merged, or drop the warning completely/lower it to debug, hence opening this as a draft...

Fixes issues pointed out by the cpp/inconsistent-null-check LGTM query.

In 9cf75222f20 the conf.get() statements for bpf-framework and valgrind were dropped, which cause the respective features to show as always disabled (since they don't follow the "standard" naming scheme with HAVE_/ENABLE_ prefixes).

to allow building with OpenSSL 3.x (again).

See: https://github.com/systemd/systemd/pull/21170#issuecomment-985505461

otherwise we end up with more than one job with the same identifier in one run, causing some of them to get cancelled unexpectedly.

A quick follow-up to 85bd394df57fe45c2873605e2c1d1d79e83e853d.

This should address the remaining five outstanding errors reported by LGTM: https://lgtm.com/projects/g/systemd/systemd/alerts/?mode=list&severity=error.

Originally I thought it's possible to hide certain alerts manually using the LGTM web UI, but that just points to the documentation regardin...

@msekletar as for the cleanup stuff, I wrote a bunch of test along with the query - https://github.com/mrc0mmand/codeql-sandbox/blob/master/cpp/UninitializedVariableWithCleanup/test.c - so if you have any other scenarios on your mind (or anything else which would be useful to detect), please le...

This is a quick follow-up to 863bff75488d33f519deea6390988f3d9d72e6de to suppress following LGTM alert:

https://lgtm.com/projects/g/systemd/systemd/snapshot/3c4ed28f77052fd129d615da838c715e6c7599b1/files/src/shared/ask-password-api.c?sort=name&dir=ASC&mode=list#xbec5c7aaeb039689:1

this one ...

I'm not sure if it's going to help, but one can always hope ;-)

With this config the new issue tab looks like this:

We already track them in LGTM and it unnecessarily clutters the Security page.

Needed by systemd/systemd#21562.

Spotted whilst debugging:

[763/2094] Generating man/machine-info.html with a custom command
Element cite in namespace '' encountered in para, but no template matches.
[765/2094] Generating man/machine-info.5 with a custom command
Element cite in namespace '' encountered in para, but no t...

Based on:

• 2e7090e94d0c8b31d418555ab2f6a9b75318f6a4
• e00e2e0b50bbd120290572c8d1242703fb98b34e
• 197298ff9fc930de450330095cc5b67d165d0801

Related: #2017033

to avoid https://github.com/systemd/systemd/issues/21675#issuecomment-993524324

for two recently reoccurring issues plaguing the CI.

Basically the same thing as in e70103e, but for TEST-63. Uses directives introduced by 47dba9f.

Follow-up to aaae822.

since it affects slower machines (or machines under a heavy load) as well.

See: https://github.com/systemd/systemd/pull/21808#issuecomment-998927401

/cc @bluca

This should, hopefully, catch issues like #21671 automagically.

There are a couple of iffy parts:

1. OpenSUSE workaround in mkosi.postinst This is, unfortunately, necessary, until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a# lan...

Let's assign a specific -Dcryptolib= value to each job to have at least some coverage for all supported cryptolibs without unnecessarily multiplying the test matrix.

In light of recent copr outages, let's add a backup repo mirror, so we can mitigate the outage impact as much as possible

(Technical background: simple reposync executed every hour)

A few light touches to make the bootstrap debugging a bit more bearable.

I'll try to setup a working CI for this repo, so we can avoid all that manual testing before deploying any changes. I'll use this PR for testing as well, as I need to create a new project in the CentOS CI Jenkins for this.

Also, I'll finally refrain for pushing directly into master

Fixes #11173.

This is still a work in progress, just need it right now to debug issues in recent PRs.

TODO:

• use a more generic solution for dracut network configuration instead of a static network script file
• possibly make a custom dracut-crypt-ssh package in the [systemd CentOS CI repo](https://cop...

See https://github.com/systemd/systemd/pull/11130

Let's collect more (hopefully) useful logs from the SUT.

Namely:

• meson logs
• complete TEST-??-* logs
• system journal dump after each phase

Let's try running the integration test suite under both systemd-nspawn and KVM.

Quick workaround to fetch artifacts even when the test suite fails instead of just bailing out with an exception. I'm planning to rewrite most of the agent-control.py script anyway, when I have a some free time, so it's pointless to implement a more robust solution.

This PR introduces artifact exporting in the CentOS CI infrastructure.

The shenanigans with the environment and rsync password files are necessary to make the directory structure on the artifact server at least a little bit pretty, and to not expose ...

In lights of recent issues with unbootable systems (e.g. https://github.com/systemd/systemd/pull/11178), it would make sense to do a basic sanity check if the new systemd is at least bootable before installing it to the SUT. This should provide precious debug information if something goes south a...