New upstream version 248

2025-06-01 05:49:22 +00:00 · 2021-03-31 15:25:31 +02:00 · 2021-03-31 15:25:31 +02:00 · 3a6ce6777f
commit 3a6ce6777f
parent 1ce460ce8d
1628 changed files with 91110 additions and 30960 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1 +1,2 @@
 *.[ch] whitespace=tab-in-indent,trailing-space
 test/dmidecode-dumps/*.bin binary
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@ -7,15 +7,20 @@ about: A report of an error in a recent systemd version
 **systemd version the issue has been seen with**
 > …
-<!-- **NOTE:** Do not submit bug reports about anything but the two most recently released (non-rc) systemd versions upstream! -->
+<!-- **NOTE:** Do not submit bug reports about anything but the two most recently released *major* systemd versions upstream! -->
-<!-- See https://github.com/systemd/systemd/releases for the list of most recent releases. -->
+<!--           If there have been multiple stable releases for that major version, please consider updating to a recent one before reporting an issue. -->
 <!--           When using a distro package, please make sure that the version reported is meaningful for upstream. -->
 <!-- See https://github.com/systemd/systemd-stable/releases for the list of most recent releases. -->
 <!-- For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues). -->
 **Used distribution**
 > …
 **Linux kernel version used** (`uname -a`)
- > …
+<!-- Make sure to enclose the pasted kernel version in `backticks`, so that
     GitHub doesn't convert the `#` character typically included in it into a
     reference to old GitHub issues. -->
 > `…`
 **CPU architecture issue was seen on**
 > …
@ -28,3 +33,15 @@ about: A report of an error in a recent systemd version
 **Steps to reproduce the problem**
 > …
 **Additional program output to the terminal or log subsystem illustrating the issue**
 <!-- Please paste relevant program terminal or journal output here, ideally
     when generated in debug mode (try setting the SYSTEMD_LOG_LEVEL=debug
     environment variable). For very long copy/pasted data consider using a
     service like https://gist.github.com/. Where copy/paste is not possible
     (for example early boot or late shutdown), a photo of the screen might do
     too, but text is always much preferred. -->
 ```text
 …
 ```
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@ -12,3 +12,6 @@ A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **The systemd version you checked that didn't have the feature you are asking for**
 <!-- If this is not the most recently released upstream version, then please check first if it has that feature already. -->
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@ -0,0 +1,38 @@
 hwdb:
  - hwdb.d/**/*
 units:
  - units/**/*
 documentation:
  - NEWS
  - docs/*
 network:
  - src/libsystemd-network/**/*
  - src/network/**/*
 udev:
  - src/udev/**/*
  - src/libudev/*
 selinux:
  - '**/*selinux*'
 apparmor:
  - '**/*apparmor*'
 meson:
  - meson_option.txt
 mkosi:
  - .mkosi/*
  - mkosi.build
 busctl:
  - src/busctl/*
 systemctl:
  - src/systemctl/*
 journal:
  - src/journal/*
 journal-remote:
  - src/journal-remote/*
 portable:
  - src/portable/**/*
 resolve:
  - src/resolve/*
 timedate:
  - src/timedate/*
 timesync:
  - src/timesync/*
--- a/.github/workflows/ubuntu-build-check.sh
+++ b/.github/workflows/ubuntu-build-check.sh
@ -12,6 +12,7 @@ ARGS=(
    "--optimization=s"
    "--optimization=3 -Db_lto=true"
    "--optimization=3 -Db_lto=false"
    "--optimization=3 -Ddns-over-tls=openssl"
    "-Db_ndebug=true"
 )
 PACKAGES=(
@ -37,6 +38,7 @@ PACKAGES=(
    libpwquality-dev
    libqrencode-dev
    libssl-dev
    libtss2-dev
    libxkbcommon-dev
    libxtables-dev
    libzstd-dev
@ -79,7 +81,7 @@ elif [[ "$COMPILER" == gcc ]]; then
    AR="gcc-ar-$COMPILER_VERSION"
    # Latest gcc stack deb packages provided by
    # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
-    sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
+    add-apt-repository -y ppa:ubuntu-toolchain-r/test
    PACKAGES+=(gcc-$COMPILER_VERSION)
 else
    fatal "Unknown compiler: $COMPILER"
@ -98,6 +100,8 @@ pip3 install --user -U meson ninja
 export PATH="$HOME/.local/bin:$PATH"
 $CC --version
 meson --version
 ninja --version
 for args in "${ARGS[@]}"; do
    SECONDS=0
@ -107,9 +111,8 @@ for args in "${ARGS[@]}"; do
        fatal "meson failed with $args"
    fi
-    ninja --version
+    if ! meson compile -C build; then
-    if ! ninja -C build; then
+        fatal "'meson compile' failed with $args"
        fatal "ninja failed with $args"
    fi
    git clean -dxf
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@ -21,9 +21,10 @@ jobs:
          - { COMPILER: "gcc",   COMPILER_VERSION: "10" }
          - { COMPILER: "clang", COMPILER_VERSION: "10" }
          - { COMPILER: "clang", COMPILER_VERSION: "11" }
          - { COMPILER: "clang", COMPILER_VERSION: "12" }
    env: ${{ matrix.env }}
    steps:
      - name: Repository checkout
        uses: actions/checkout@v1
      - name: Build check (${{ env.COMPILER }}-${{ env.COMPILER_VERSION }})
-        run: sudo -E .github/workflows/ubuntu-build-check.sh
+        run: sudo -E .github/workflows/build_test.sh
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@ -14,7 +14,7 @@ on:
      - 'tools/oss-fuzz.sh'
  push:
    branches:
-      - master
+      - main
 jobs:
 Fuzzing:
   runs-on: ubuntu-latest
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@ -0,0 +1,39 @@
 ---
 # vi: ts=2 sw=2 et:
 #
 name: Coverity
 on:
  schedule:
    # Run Coverity daily at midnight
    - cron:  '0 0 * * *'
 jobs:
  build:
    runs-on: ubuntu-20.04
    if: github.repository == 'systemd/systemd'
    env:
      COVERITY_SCAN_BRANCH_PATTERN:     "${{ github.ref}}"
      COVERITY_SCAN_NOTIFICATION_EMAIL: ""
      COVERITY_SCAN_PROJECT_NAME:       "${{ github.repository }}"
      # Set in repo settings -> secrets -> repository secrets
      COVERITY_SCAN_TOKEN:              "${{ secrets.COVERITY_SCAN_TOKEN }}"
      CURRENT_REF:                      "${{ github.ref }}"
    steps:
      - name: Repository checkout
        uses: actions/checkout@v1
      # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
      - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
      - name: Install Coverity tools
        run: tools/get-coverity.sh
      # Reuse the setup phase of the unit test script to avoid code duplication
      - name: Install build dependencies
        run: sudo -E .github/workflows/unit_tests.sh SETUP
      # Preconfigure with meson to prevent Coverity from capturing meson metadata
      - name: Preconfigure the build directory
        run: meson cov-build -Dman=false
      - name: Build
        run: tools/coverity.sh build
      - name: Upload the results
        run: tools/coverity.sh upload
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@ -0,0 +1,13 @@
 name: "Pull Request Labeler"
 on:
 - pull_request_target
 jobs:
  triage:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@main
      with:
        repo-token: "${{ secrets.GITHUB_TOKEN }}"
        configuration-path: .github/labeler.yml
        sync-labels: "" # This is a workaround for issue 18671
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@ -0,0 +1,55 @@
 name: mkosi
 # Simple boot tests that build and boot the mkosi images generated by the mkosi config files in .mkosi.
 on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
 jobs:
  ci:
    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
        distro:
          - arch
          - debian
          - ubuntu
          - fedora
    steps:
    - uses: actions/checkout@v2
    - uses: systemd/mkosi@v9
    - name: Install
      run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect
    - name: Symlink
      run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default
    # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is
    # required, since current Arch's glibc implements faccessat() via faccessat2().
    - name: Update systemd-nspawn
      if: ${{ matrix.distro == 'arch' }}
      run: |
        echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
        sudo apt update
        sudo apt build-dep systemd
        meson build
        ninja -C build
        sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
        systemd-nspawn --version
    - name: Build ${{ matrix.distro }}
      run: sudo python3 -m mkosi --password= --qemu-headless build
    - name: Boot ${{ matrix.distro }} systemd-nspawn
      run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless boot
    - name: Boot ${{ matrix.distro }} QEMU
      run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi --password= --qemu-headless qemu
--- a/.github/workflows/test_mkosi_boot.py
+++ b/.github/workflows/test_mkosi_boot.py
@ -0,0 +1,27 @@
 #!/usr/bin/env python3
 # SPDX-License-Identifier: LGPL-2.1-or-later
 import pexpect
 import sys
 def run() -> None:
    p = pexpect.spawnu(" ".join(sys.argv[1:]), logfile=sys.stdout, timeout=300)
    p.expect("login:")
    p.sendline("root")
    p.expect("#")
    p.sendline("systemctl poweroff")
    p.expect(pexpect.EOF)
 try:
    run()
 except pexpect.EOF:
    print("UNEXPECTED EOF")
    sys.exit(1)
 except pexpect.TIMEOUT:
    print("TIMED OUT")
    sys.exit(1)
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@ -0,0 +1,85 @@
 #!/bin/bash
 PHASES=(${@:-SETUP RUN RUN_ASAN_UBSAN CLEANUP})
 RELEASE="$(lsb_release -cs)"
 ADDITIONAL_DEPS=(
    clang
    expect
    fdisk
    libfdisk-dev
    libfido2-dev
    libp11-kit-dev
    libpwquality-dev
    libqrencode-dev
    libssl-dev
    libtss2-dev
    libzstd-dev
    perl
    python3-libevdev
    python3-pyparsing
    zstd
 )
 function info() {
    echo -e "\033[33;1m$1\033[0m"
 }
 set -ex
 for phase in "${PHASES[@]}"; do
    case $phase in
        SETUP)
            info "Setup phase"
            bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list"
            # PPA with some newer build dependencies
            add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci
            apt-get -y update
            apt-get -y build-dep systemd
            apt-get -y install "${ADDITIONAL_DEPS[@]}"
            ;;
        RUN|RUN_GCC|RUN_CLANG)
            if [[ "$phase" = "RUN_CLANG" ]]; then
                export CC=clang
                export CXX=clang++
            fi
            meson --werror -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true -Dman=true build
            ninja -C build -v
            meson test -C build --print-errorlogs
            ;;
        RUN_ASAN_UBSAN|RUN_GCC_ASAN_UBSAN|RUN_CLANG_ASAN_UBSAN)
            MESON_ARGS=(--optimization=1)
            if [[ "$phase" = "RUN_CLANG_ASAN_UBSAN" ]]; then
                export CC=clang
                export CXX=clang++
                # Build fuzzer regression tests only with clang (for now),
                # see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604
                # -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764
                MESON_ARGS+=(-Db_lundef=false -Dfuzz-tests=true)
            fi
            meson --werror -Dtests=unsafe -Db_sanitize=address,undefined "${MESON_ARGS[@]}" build
            ninja -C build -v
            export ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1
            # Never remove halt_on_error from UBSAN_OPTIONS. See https://github.com/systemd/systemd/commit/2614d83aa06592aedb.
            export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
            # FIXME
            # For some strange reason the GH Actions VM stops responding after
            # executing first ~150 tests, _unless_ there's something producing
            # output (either running `meson test` in verbose mode, or something
            # else in background). Despite my efforts so far I haven't been able
            # to identify the culprit (since the issue is not reproducible
            # during debugging, wonderful), so let's at least keep a workaround
            # here to make the builds stable for the time being.
            (set +x; while :; do echo -ne "\n[WATCHDOG] $(date)\n"; sleep 30; done) &
            meson test --timeout-multiplier=3 -C build --print-errorlogs
            ;;
        CLEANUP)
            info "Cleanup phase"
            ;;
        *)
            echo >&2 "Unknown phase '$phase'"
            exit 1
    esac
 done
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@ -0,0 +1,23 @@
 ---
 # vi: ts=2 sw=2 et:
 #
 name: Unit tests
 on:
  pull_request:
    branches:
      - main
 jobs:
  build:
    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
        run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_ASAN_UBSAN]
    steps:
      - name: Repository checkout
        uses: actions/checkout@v1
      - name: Install build dependencies
        run: sudo -E .github/workflows/unit_tests.sh SETUP
      - name: Build & test (${{ matrix.run_phase }})
        run: sudo -E .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
--- a/.gitignore
+++ b/.gitignore
@ -36,4 +36,6 @@ __pycache__/
 /mkosi.builddir/
 /mkosi.output/
 /mkosi.default
 mkosi.default.d/*
 !mkosi.default.d/10-systemd.conf
 /tags
--- a/.mailmap
+++ b/.mailmap
@ -115,12 +115,14 @@ Michael Biebl <biebl@debian.org> <mbiebl@gmail.com>
 Michael Buesch <mbuesch@freenet.de>
 Michael Hoy <rimmington@gmail.com>
 Michael Olbrich <m.olbrich@pengutronix.de>
 Michael Trapp <michael.trapp@sap.com>
 Michal Soltys <soltys@ziu.info> <nozo@ziu.info>
 Michal Suchanek <msuchanek@suse.de>
 Michal Suchanek <msuchanek@suse.de> <hramrach@gmail.com>
 Michal Sekletár <msekleta@redhat.com>
 Michał Szczepański <skrzatu@hotmail.com> <skrzatu@gmail.com>
 Michel Kraus <github@demonsphere.de> <27o@users.noreply.github.com>
 Michele Guerini Rocco <rnhmjoj@inventati.org>
 Miklos Vajna <vmiklos@frugalware.org> <vmiklos@gmail.com>
 Milan Pässler <me@petabyteboy.de>
 Neil Brown <neil@brown.name>
@ -209,3 +211,4 @@ Andrey Yashkin <38919268+AndreyYashkin@users.noreply.github.com>
 Ronald Tschalär <ronald@innovation.ch>
 Jay Burger <jay.burger@fujitsu.com> <root@new-host-3.home>
 Yi Gao <ymuemc@163.com>
 Weblate <noreply@weblate.org>
--- a/.mkosi/mkosi.arch
+++ b/.mkosi/mkosi.arch
@ -8,15 +8,7 @@
 [Distribution]
 Distribution=arch
 [Output]
 Format=raw_btrfs
 Bootable=yes
 [Partitions]
 RootSize=3G
 [Packages]
 Cache=/var/cache/pacman/pkg/
 BuildPackages=
        acl
        bzip2
@ -54,5 +46,9 @@ BuildPackages=
        zstd
 Packages=
        gdb
        libidn2
        nano
        qrencode
        strace
        vi
--- a/.mkosi/mkosi.debian
+++ b/.mkosi/mkosi.debian
@ -7,13 +7,6 @@
 Distribution=debian
 Release=unstable
 [Output]
 Format=raw_btrfs
 Bootable=yes
 [Partitions]
 RootSize=2G
 [Packages]
 BuildPackages=
        acl
@ -24,7 +17,6 @@ BuildPackages=
        git
        gnu-efi
        gperf
        libiptc-dev
        libacl1-dev
        libaudit-dev
        libblkid-dev
@ -35,19 +27,23 @@ BuildPackages=
        libdbus-1-dev
        libdw-dev
        libfdisk-dev
        libfido2-dev
        libgcrypt20-dev
        libgnutls28-dev
        libidn2-0-dev
        libiptc-dev
        libkmod-dev
        liblzma-dev
        liblz4-dev
        liblz4-tool
        liblzma-dev
        libmicrohttpd-dev
        libmount-dev
        libpam0g-dev
        libqrencode-dev
        libseccomp-dev
        libsmartcols-dev
        libssl-dev
        libtss2-dev
        libxkbcommon-dev
        libzstd-dev
        m4
@ -62,6 +58,14 @@ BuildPackages=
        zstd
 Packages=
-        libqrencode4
+        gdb
-        locales
+        libfdisk1
        libfido2-1
        libidn2-0
        libqrencode4
        # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically
        libtss2-dev
        locales
        nano
        strace
        vim-tiny
--- a/.mkosi/mkosi.fedora
+++ b/.mkosi/mkosi.fedora
@ -7,13 +7,6 @@
 Distribution=fedora
 Release=33
 [Output]
 Format=gpt_ext4
 Bootable=yes
 [Partitions]
 RootSize=3G
 [Packages]
 BuildPackages=
        audit-libs-devel
@ -66,17 +59,20 @@ BuildPackages=
        python3-lxml
        qrencode-devel
        rpm
        tpm2-tss-devel
        tree
        valgrind-devel
        xz-devel
        zstd
 Packages=
        gdb
        # libfido2 + libzstd can be dropped once the Fedora RPM gets a dependency on them
        libfido2
        libzstd
        nano
        # procps-ng provides a set of useful utilies (ps, free, etc)
        procps-ng
-
+        strace
-BuildDirectory=mkosi.builddir
+        tpm2-tss
-Cache=mkosi.cache
+        vi
--- a/.mkosi/mkosi.opensuse
+++ b/.mkosi/mkosi.opensuse
@ -7,17 +7,7 @@
 Distribution=opensuse
 Release=tumbleweed
 [Output]
 Format=raw_btrfs
 Bootable=yes
 [Partitions]
 RootSize=3G
 [Packages]
 # Uncomment to share system RPM cache (works only with Tumbleweed)
 #Cache=/var/cache/zypp/packages
 BuildDirectory=mkosi.builddir
 BuildPackages=
        docbook-xsl-stylesheets
        fdupes
@ -62,6 +52,7 @@ BuildPackages=
        timezone
 Packages=
        gdb
        # brought in via meson->python3
        libp11-kit0
        # --bootable=no
@ -75,4 +66,7 @@ Packages=
        libqrencode4
        libseccomp2
        pam
        nano
        strace
        util-linux
        vi
--- a/.mkosi/mkosi.ubuntu
+++ b/.mkosi/mkosi.ubuntu
@ -8,13 +8,6 @@ Distribution=ubuntu
 Release=focal
 Repositories=main,universe
 [Output]
 Format=raw_btrfs
 Bootable=no
 [Partitions]
 RootSize=2G
 [Packages]
 BuildPackages=
        acl
@ -35,6 +28,7 @@ BuildPackages=
        libdbus-1-dev
        libdw-dev
        libfdisk-dev
        libfido2-dev
        libgcrypt20-dev
        libgnutls28-dev
        libidn2-0-dev
@ -50,6 +44,8 @@ BuildPackages=
        libqrencode-dev
        libseccomp-dev
        libsmartcols-dev
        libssl-dev
        libtss2-dev
        libxkbcommon-dev
        libxtables-dev
        libzstd-dev
@ -66,6 +62,13 @@ BuildPackages=
        zstd
 Packages=
-        libqrencode4
+        gdb
-        locales
+        libfido2-1
        libidn2-0
        libqrencode4
        # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically
        libtss2-dev
        locales
        nano
        strace
        vim-tiny
--- a/.packit.yml
+++ b/.packit.yml
@ -0,0 +1,40 @@
 ---
 # vi:ts=2 sw=2 et:
 #
 # Docs: https://packit.dev/docs/
 specfile_path: .packit_rpm/systemd.spec
 synced_files:
  - .packit.yaml
  - src: .packit_rpm/systemd.spec
    dest: systemd.spec
 upstream_package_name: systemd
 downstream_package_name: systemd
 # `git describe` returns in systemd's case 'v245-xxx' which breaks RPM version
 # detection (that expects 245-xxxx'). Let's tweak the version string accordingly
 upstream_tag_template: "v{version}"
 actions:
  post-upstream-clone:
    # Use the Fedora Rawhide specfile
    - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
    # Drop backported patches from the specfile, but keep the downstream-only ones
    # - Patch0000-0499: backported patches from upstream
    # - Patch0500-9999: downstream-only patches
    - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec"
    # Build the RPM with --werror. Even though --werror doesn't work in all
    # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
    # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
    #
    # [0] https://github.com/mesonbuild/meson/issues/7360
    # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
    - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
 jobs:
 - job: copr_build
  trigger: pull_request
  metadata:
    targets:
    - fedora-rawhide-aarch64
    - fedora-rawhide-i386
    - fedora-rawhide-x86_64
--- a/semaphoreci/semaphore-runner.sh
+++ b/semaphoreci/semaphore-runner.sh
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@ -0,0 +1,27 @@
 ---
 # vi: ts=2 sw=2 et:
 version: v1.0
 name: Debian autopkgtest (LXC)
 agent:
  machine:
    type: e1-standard-2
    os_image: ubuntu1804
 # Cancel any running or queued job for the same ref
 auto_cancel:
  running:
    when: "true"
 execution_time_limit:
  hours: 1
 blocks:
  - name: "Setup & test"
    task:
      jobs:
        - name: "Install dependencies & run the Debian autopkgtest"
          commands:
            - checkout --use-cache
            - .semaphore/semaphore-runner.sh SETUP
            - .semaphore/semaphore-runner.sh RUN
--- a/.travis.yml
+++ b/.travis.yml
@ -1,84 +0,0 @@
 ---
 # vi: ts=2 sw=2 et:
 language: bash
 dist: bionic
 services:
  - docker
 env:
  global:
    - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")"
    - CI_MANAGERS="$TRAVIS_BUILD_DIR/travis-ci/managers"
    - CI_TOOLS="$TRAVIS_BUILD_DIR/travis-ci/tools"
    - REPO_ROOT="$TRAVIS_BUILD_DIR"
  jobs:
    - DEBIAN_RELEASE=testing PHASE="RUN_GCC"
    - DEBIAN_RELEASE=testing PHASE="RUN_GCC_ASAN_UBSAN"
    - DEBIAN_RELEASE=testing PHASE="RUN_CLANG"
    - DEBIAN_RELEASE=testing PHASE="RUN_CLANG_ASAN_UBSAN"
 stages:
  # 'Test' is the default stage (for matrix jobs)
  - name: Test
    if: type != cron
    # Run Coverity periodically instead of for each commit/PR
  - name: Coverity
    if: type = cron
 # Matrix job definition - this is run for each combination of env variables
 # from the env.jobs array above
 before_install:
  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
  - docker --version
 install:
  - $CI_MANAGERS/debian.sh SETUP
 script:
  - $CI_MANAGERS/debian.sh $PHASE || travis_terminate 1
 after_script:
  - $CI_MANAGERS/debian.sh CLEANUP
 # Inject another (single) job into the matrix for Coverity
 jobs:
  include:
    - stage: Coverity
      language: bash
      env:
        - FEDORA_RELEASE="31"
        - TOOL_BASE="/var/tmp/coverity-scan-analysis"
        - CONT_NAME="coverity-fedora-$FEDORA_RELEASE"
        - DOCKER_EXEC="docker exec -ti $CONT_NAME"
        - DOCKER_RUN="docker run -v $TOOL_BASE:$TOOL_BASE:rw --env-file .cov-env"
          # Coverity env variables
        - PLATFORM="$(uname)"
        - TOOL_ARCHIVE="/var/tmp/cov-analysis-$PLATFORM.tgz"
        - SCAN_URL="https://scan.coverity.com"
        - UPLOAD_URL="https://scan.coverity.com/builds"
        - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
        - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
        - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH"
          # Encrypted COVERITY_SCAN_TOKEN env variable
          # Generated using `travis encrypt -r systemd/systemd COVERITY_SCAN_TOKEN=xxxx`
        - secure: "jKSz+Y1Mv8xMpQHh7g5lzW7E6HQGndFz/vKDJQ1CVShwFoyjV3Zu+MFS3UYKlh1236zL0Z4dvsYFx/b3Hq8nxZWCrWeZs2NdXgy/wh8LZhxwzcGYigp3sIA/cYdP5rDjFJO0MasNkl25/rml8+eZWz+8/xQic98UQHjSco/EOWtssoRcg0J0c4eDM7bGLfIQWE73NNY1Q1UtWjKmx1kekVrM8dPmHXJ9aERka7bmcbJAcKd6vabs6DQ5AfWccUPIn/EsRYqIJTRxJrFYU6XizANZ1a7Vwk/DWHZUEn2msxcZw5BbAMDTMx0TbfrNkKSHMHuvQUCu6KCBAq414i+LgkMfmQ2SWwKiIUsud1kxXX3ZPl9bxDv1HkvVdcniC/EM7lNEEVwm4meOnjuhI2lhOyOjmP3FTSlMHGP7xlK8DS2k9fqL58vn0BaSjwWgd+2+HuL2+nJmxcK1eLGzKqaostFxrk2Xs2vPZkUdV2nWY/asUrcWHml6YlWDn2eP83pfwxHYsMiEHY/rTKvxeVY+iirO/AphoO+eaYu7LvjKZU1Yx5Z4u/SnGWAiCH0yhMis0bWmgi7SCbw+sDd2uya+aoiLIGiB2ChW7hXHXCue/dif6/gLU7b+L8R00pQwnWdvKUPoIJCmZJYCluTeib4jpW+EmARB2+nR8wms2K9FGKM="
      before_install:
        - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
        - docker --version
      install:
        # Install Coverity on the host
        - $CI_TOOLS/get-coverity.sh
          # Export necessary env variables for Coverity
        - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env
          # Pull a Docker image and start a new container
        - $CI_MANAGERS/fedora.sh SETUP
      script:
        - set -e
          # Preconfigure with meson to prevent Coverity from capturing meson metadata
        - $DOCKER_EXEC meson cov-build -Dman=false
          # Run Coverity
        - $DOCKER_EXEC tools/coverity.sh build
        - $DOCKER_EXEC tools/coverity.sh upload
        - set +e
      after_script:
        - $CI_MANAGERS/fedora.sh CLEANUP
--- a/2
+++ b/2
@ -1,3 +1,5 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 all:
 	ninja -C build
--- a/514
+++ b/514
@ -1,5 +1,485 @@
 systemd System and Service Manager
 CHANGES WITH 248:
        * A concept of system extension images is introduced. Such images may
          be used to extend the /usr/ and /opt/ directory hierarchies at
          runtime with additional files (even if the file system is read-only).
          When a system extension image is activated, its /usr/ and /opt/
          hierarchies and os-release information are combined via overlayfs
          with the file system hierarchy of the host OS.
          A new systemd-sysext tool can be used to merge, unmerge, list, and
          refresh system extension hierarchies. See
          https://www.freedesktop.org/software/systemd/man/systemd-sysext.html.
          The systemd-sysext.service automatically merges installed system
          extensions during boot (before basic.target, but not in very early
          boot, since various file systems have to be mounted first).
          The SYSEXT_LEVEL= field in os-release(5) may be used to specify the
          supported system extension level.
        * A new ExtensionImages= unit setting can be used to apply the same
          system extension image concept from systemd-sysext to the namespaced
          file hierarchy of specific services, following the same rules and
          constraints.
        * Support for a new special "root=tmpfs" kernel command-line option has
          been added. When specified, a tmpfs is mounted on /, and mount.usr=
          should be used to point to the operating system implementation.
        * A new configuration file /etc/veritytab may be used to configure
          dm-verity integrity protection for block devices. Each line is in the
          format "volume-name data-device hash-device roothash options",
          similar to /etc/crypttab.
        * A new kernel command-line option systemd.verity.root_options= may be
          used to configure dm-verity behaviour for the root device.
        * The key file specified in /etc/crypttab (the third field) may now
          refer to an AF_UNIX/SOCK_STREAM socket in the file system. The key is
          acquired by connecting to that socket and reading from it. This
          allows the implementation of a service to provide key information
          dynamically, at the moment when it is needed.
        * When the hostname is set explicitly to "localhost", systemd-hostnamed
          will respect this. Previously such a setting would be mostly silently
          ignored. The goal is to honour configuration as specified by the
          user.
        * The fallback hostname that will be used by the system manager and
          systemd-hostnamed can now be configured in two new ways: by setting
          DEFAULT_HOSTNAME= in os-release(5), or by setting
          $SYSTEMD_DEFAULT_HOSTNAME in the environment block. As before, it can
          also be configured during compilation. The environment variable is
          intended for testing and local overrides, the os-release(5) field is
          intended to allow customization by different variants of a
          distribution that share the same compiled packages.
        * The environment block of the manager itself may be configured through
          a new ManagerEnvironment= setting in system.conf or user.conf. This
          complements existing ways to set the environment block (the kernel
          command line for the system manager, the inherited environment and
          user@.service unit file settings for the user manager).
        * systemd-hostnamed now exports the default hostname and the source of
          the configured hostname ("static", "transient", or "default") as
          D-Bus properties.
        * systemd-hostnamed now exports the "HardwareVendor" and
          "HardwareModel" D-Bus properties, which are supposed to contain a
          pair of cleaned up, human readable strings describing the system's
          vendor and model. It's typically sourced from the firmware's DMI
          tables, but may be augmented from a new hwdb database. hostnamectl
          shows this in the status output.
        * Support has been added to systemd-cryptsetup for extracting the
          PKCS#11 token URI and encrypted key from the LUKS2 JSON embedded
          metadata header. This allows the information how to open the
          encrypted device to be embedded directly in the device and obviates
          the need for configuration in an external file.
        * systemd-cryptsetup gained support for unlocking LUKS2 volumes using
          TPM2 hardware, as well as FIDO2 security tokens (in addition to the
          pre-existing support for PKCS#11 security tokens).
        * systemd-repart may enroll encrypted partitions using TPM2
          hardware. This may be useful for example to create an encrypted /var
          partition bound to the machine on first boot.
        * A new systemd-cryptenroll tool has been added to enroll TPM2, FIDO2
          and PKCS#11 security tokens to LUKS volumes, list and destroy
          them. See:
          http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
          It also supports enrolling "recovery keys" and regular passphrases.
        * The libfido2 dependency is now based on dlopen(), so that the library
          is used at runtime when installed, but is not a hard runtime
          dependency.
        * systemd-cryptsetup gained support for two new options in
          /etc/crypttab: "no-write-workqueue" and "no-read-workqueue" which
          request synchronous processing of encryption/decryption IO.
        * The manager may be configured at compile time to use the fexecve()
          instead of the execve() system call when spawning processes. Using
          fexecve() closes a window between checking the security context of an
          executable and spawning it, but unfortunately the kernel displays
          stale information in the process' "comm" field, which impacts ps
          output and such.
        * The configuration option -Dcompat-gateway-hostname has been dropped.
          "_gateway" is now the only supported name.
        * The ConditionSecurity=tpm2 unit file setting may be used to check if
          the system has at least one TPM2 (tpmrm class) device.
        * A new ConditionCPUFeature= has been added that may be used to
          conditionalize units based on CPU features. For example,
          ConditionCPUFeature=rdrand will condition a unit so that it is only
          run when the system CPU supports the RDRAND opcode.
        * The existing ConditionControlGroupController= setting has been
          extended with two new values "v1" and "v2". "v2" means that the
          unified v2 cgroup hierarchy is used, and "v1" means that legacy v1
          hierarchy or the hybrid hierarchy are used.
        * A new PrivateIPC= setting on a unit file allows executed processes to
          be moved into a private IPC namespace, with separate System V IPC
          identifiers and POSIX message queues.
          A new IPCNamespacePath= allows the unit to be joined to an existing
          IPC namespace.
        * The tables of system calls in seccomp filters are now automatically
          generated from kernel lists exported on
          https://fedora.juszkiewicz.com.pl/syscalls.html.
          The following architectures should now have complete lists:
          alpha, arc, arm64, arm, i386, ia64, m68k, mips64n32, mips64, mipso32,
          powerpc, powerpc64, s390, s390x, tilegx, sparc, x86_64, x32.
        * The MountAPIVFS= service file setting now additionally mounts a tmpfs
          on /run/ if it is not already a mount point. A writable /run/ has
          always been a requirement for a functioning system, but this was not
          guaranteed when using a read-only image.
          Users can always specify BindPaths= or InaccessiblePaths= as
          overrides, and they will take precedence. If the host's root mount
          point is used, there is no change in behaviour.
        * New bind mounts and file system image mounts may be injected into the
          mount namespace of a service (without restarting it). This is exposed
          respectively as 'systemctl bind <unit> <path>…' and
          'systemctl mount-image <unit> <image>…'.
        * The StandardOutput= and StandardError= settings can now specify files
          to be truncated for output (as "truncate:<path>").
        * The ExecPaths= and NoExecPaths= settings may be used to specify
          noexec for parts of the file system.
        * sd-bus has a new function sd_bus_open_user_machine() to open a
          connection to the session bus of a specific user in a local container
          or on the local host. This is exposed in the existing -M switch to
          systemctl and similar tools:
              systemctl --user -M lennart@foobar start foo
          This will connect to the user bus of a user "lennart" in container
          "foobar". If no container name is specified, the specified user on
          the host itself is connected to
              systemctl --user -M lennart@ start quux
        * sd-bus also gained a convenience function sd_bus_message_send() to
          simplify invocations of sd_bus_send(), taking only a single
          parameter: the message to send.
        * sd-event allows rate limits to be set on event sources, for dealing
          with high-priority event sources that might starve out others. See
          the new man page sd_event_source_set_ratelimit(3) for details.
        * systemd.link files gained a [Link] Promiscuous= switch, which allows
          the device to be raised in promiscuous mode.
          New [Link] TransmitQueues= and ReceiveQueues= settings allow the
          number of TX and RX queues to be configured.
          New [Link] TransmitQueueLength= setting allows the size of the TX
          queue to be configured.
          New [Link] GenericSegmentOffloadMaxBytes= and
          GenericSegmentOffloadMaxSegments= allow capping the packet size and
          the number of segments accepted in Generic Segment Offload.
        * systemd-networkd gained support for the "B.A.T.M.A.N. advanced"
          wireless routing protocol that operates on ISO/OSI Layer 2 only and
          uses ethernet frames to route/bridge packets. This encompasses a new
          "batadv" netdev Type=, a new [BatmanAdvanced] section with a bunch of
          new settings in .netdev files, and a new BatmanAdvanced= setting in
          .network files.
        * systemd.network files gained a [Network] RouteTable= configuration
          switch to select the routing policy table.
          systemd.network files gained a [RoutingPolicyRule] Type=
          configuration switch (one of "blackhole, "unreachable", "prohibit").
          systemd.network files gained a [IPv6AcceptRA] RouteDenyList= and
          RouteAllowList= settings to ignore/accept route advertisements from
          routers matching specified prefixes. The DenyList= setting has been
          renamed to PrefixDenyList= and a new PrefixAllowList= option has been
          added.
          systemd.network files gained a [DHCPv6] UseAddress= setting to
          optionally ignore the address provided in the lease.
          systemd.network files gained a [DHCPv6PrefixDelegation]
          ManageTemporaryAddress= switch.
          systemd.network files gained a new ActivationPolicy= setting which
          allows configuring how the UP state of an interface shall be managed,
          i.e. whether the interface is always upped, always downed, or may be
          upped/downed by the user using "ip link set dev".
        * The default for the Broadcast= setting in .network files has slightly
          changed: the broadcast address will not be configured for wireguard
          devices.
        * systemd.netdev files gained a [VLAN] Protocol=, IngressQOSMaps=,
          EgressQOSMaps=, and [MACVLAN] BroadcastMulticastQueueLength=
          configuration options for VLAN packet handling.
        * udev rules may now set log_level= option. This allows debug logs to
          be enabled for select events, e.g. just for a specific subsystem or
          even a single device.
        * udev now exports the VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID, and
          DATA_PREPARED_ID properties for block devices with ISO9660 file
          systems.
        * udev now exports decoded DMI information about installed memory slots
          as device properties under the /sys/class/dmi/id/ pseudo device.
        * /dev/ is not mounted noexec anymore. This didn't provide any
          significant security benefits and would conflict with the executable
          mappings used with /dev/sgx device nodes. The previous behaviour can
          be restored for individual services with NoExecPaths=/dev (or by allow-
          listing and excluding /dev from ExecPaths=).
        * Permissions for /dev/vsock are now set to 0o666, and /dev/vhost-vsock
          and /dev/vhost-net are owned by the kvm group.
        * The hardware database has been extended with a list of fingerprint
          readers that correctly support USB auto-suspend using data from
          libfprint.
        * systemd-resolved can now answer DNSSEC questions through the stub
          resolver interface in a way that allows local clients to do DNSSEC
          validation themselves. For a question with DO+CD set, it'll proxy the
          DNS query and respond with a mostly unmodified packet received from
          the upstream server.
        * systemd-resolved learnt a new boolean option CacheFromLocalhost= in
          resolved.conf. If true the service will provide caching even for DNS
          lookups made to an upstream DNS server on the 127.0.0.1/::1
          addresses. By default (and when the option is false) systemd-resolved
          will not cache such lookups, in order to avoid duplicate local
          caching, under the assumption the local upstream server caches
          anyway.
        * systemd-resolved now implements RFC5001 NSID in its local DNS
          stub. This may be used by local clients to determine whether they are
          talking to the DNS resolver stub or a different DNS server.
        * When resolving host names and other records resolvectl will now
          report where the data was acquired from (i.e. the local cache, the
          network, locally synthesized, …) and whether the network traffic it
          effected was encrypted or not. Moreover the tool acquired a number of
          new options --cache=, --synthesize=, --network=, --zone=,
          --trust-anchor=, --validate= that take booleans and may be used to
          tweak a lookup, i.e. whether it may be answered from cached
          information, locally synthesized information, information acquired
          through the network, the local mDNS/LLMNR zone, the DNSSEC trust
          anchor, and whether DNSSEC validation shall be executed for the
          lookup.
        * systemd-nspawn gained a new --ambient-capability= setting
          (AmbientCapability= in .nspawn files) to configure ambient
          capabilities passed to the container payload.
        * systemd-nspawn gained the ability to configure the firewall using the
          nftables subsystem (in addition to the existing iptables
          support). Similarly, systemd-networkd's IPMasquerade= option now
          supports nftables as back-end, too. In both cases NAT on IPv6 is now
          supported too, in addition to IPv4 (the iptables back-end still is
          IPv4-only).
          "IPMasquerade=yes", which was the same as "IPMasquerade=ipv4" before,
          retains its meaning, but has been deprecated. Please switch to either
          "ivp4" or "both" (if covering IPv6 is desired).
        * systemd-importd will now download .verity and .roothash.p7s files
          along with the machine image (as exposed via machinectl pull-raw).
        * systemd-oomd now gained a new DefaultMemoryPressureDurationSec=
          setting to configure the time a unit's cgroup needs to exceed memory
          pressure limits before action will be taken, and a new
          ManagedOOMPreference=none|avoid|omit setting to avoid killing certain
          units.
          systemd-oomd is now considered fully supported (the usual
          backwards-compatiblity promises apply). Swap is not required for
          operation, but it is still recommended.
        * systemd-timesyncd gained a new ConnectionRetrySec= setting which
          configures the retry delay when trying to contact servers.
        * systemd-stdio-bridge gained --system/--user options to connect to the
          system bus (previous default) or the user session bus.
        * systemd-localed may now call locale-gen to generate missing locales
          on-demand (UTF-8-only). This improves integration with Debian-based
          distributions (Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
        * systemctl --check-inhibitors=true may now be used to obey inhibitors
          even when invoked non-interactively. The old --ignore-inhibitors
          switch is now deprecated and replaced by --check-inhibitors=false.
        * systemctl import-environment will now emit a warning when called
          without any arguments (i.e. to import the full environment block of
          the called program). This command will usually be invoked from a
          shell, which means that it'll inherit a bunch of variables which are
          specific to that shell, and usually to the TTY the shell is connected
          to, and don't have any meaning in the global context of the system or
          user service manager. Instead, only specific variables should be
          imported into the manager environment block.
          Similarly, programs which update the manager environment block by
          directly calling the D-Bus API of the manager, should also push
          specific variables, and not the full inherited environment.
        * systemctl's status output now shows unit state with a more careful
          choice of Unicode characters: units in maintenance show a "○" symbol
          instead of the usual "●", failed units show "×", and services being
          reloaded "↻".
        * coredumpctl gained a --debugger-arguments= switch to pass arguments
          to the debugger. It also gained support for showing coredump info in
          a simple JSON format.
        * systemctl/loginctl/machinectl's --signal= option now accept a special
          value "list", which may be used to show a brief table with known
          process signals and their numbers.
        * networkctl now shows the link activation policy in status.
        * Various tools gained --pager/--no-pager/--json= switches to
          enable/disable the pager and provide JSON output.
        * Various tools now accept two new values for the SYSTEMD_COLORS
          environment variable: "16" and "256", to configure how many terminal
          colors are used in output.
        * less 568 or newer is now required for the auto-paging logic of the
          various tools. Hyperlink ANSI sequences in terminal output are now
          used even if a pager is used, and older versions of less are not able
          to display these sequences correctly. SYSTEMD_URLIFY=0 may be used to
          disable this output again.
        * Builds with support for separate / and /usr/ hierarchies ("split-usr"
          builds, non-merged-usr builds) are now officially deprecated. A
          warning is emitted during build. Support is slated to be removed in
          about a year (when the Debian Bookworm release development starts).
        * Systems with the legacy cgroup v1 hierarchy are now marked as
          "tainted", to make it clearer that using the legacy hierarchy is not
          recommended.
        * systemd-localed will now refuse to configure a keymap which is not
          installed in the file system. This is intended as a bug fix, but
          could break cases where systemd-localed was used to configure the
          keymap in advanced of it being installed. It is necessary to install
          the keymap file first.
        * The main git development branch has been renamed to 'main'.
        * mmcblk[0-9]boot[0-9] devices will no longer be probed automatically
          for partitions, as in the vast majority of cases they contain none
          and are used internally by the bootloader (eg: uboot).
        * systemd will now set the $SYSTEMD_EXEC_PID environment variable for
          spawned processes to the PID of the process itself. This may be used
          by programs for detecting whether they were forked off by the service
          manager itself or are a process forked off further down the tree.
        * The sd-device API gained four new calls: sd_device_get_action() to
          determine the uevent add/remove/change/… action the device object has
          been seen for, sd_device_get_seqno() to determine the uevent sequence
          number, sd_device_new_from_stat_rdev() to allocate a new sd_device
          object from stat(2) data of a device node, and sd_device_trigger() to
          write to the 'uevent' attribute of a device.
        * For most tools the --no-legend= switch has been replaced by
          --legend=no and --legend=yes, to force whether tables are shown with
          headers/legends.
        * Units acquired a new property "Markers" that takes a list of zero,
          one or two of the following strings: "needs-reload" and
          "needs-restart". These markers may be set via "systemctl
          set-property". Once a marker is set, "systemctl reload-or-restart
          --marked" may be invoked to execute the operation the units are
          marked for. This is useful for package managers that want to mark
          units for restart/reload while updating, but effect the actual
          operations at a later step at once.
        * The sd_bus_message_read_strv() API call of sd-bus may now also be
          used to parse arrays of D-Bus signatures and D-Bus paths, in addition
          to regular strings.
        * bootctl will now report whether the UEFI firmware used a TPM2 device
          and measured the boot process into it.
        * systemd-tmpfiles learnt support for a new environment variable
          $SYSTEMD_TMPFILES_FORCE_SUBVOL which takes a boolean value. If true
          the v/q/Q lines in tmpfiles.d/ snippets will create btrfs subvolumes
          even if the root fs of the system is not itself a btrfs volume.
        * systemd-detect-virt/ConditionVirtualization= will now explicitly
          detect Docker/Podman environments where possible. Moreover, they
          should be able to generically detect any container manager as long as
          it assigns the container a cgroup.
        * portablectl gained a new "reattach" verb for detaching/reattaching a
          portable service image, useful for updating images on-the-fly.
        * Intel SGX enclave device nodes (which expose a security feature of
          newer Intel CPUs) will now be owned by a new system group "sgx".
        Contributions from: Adam Nielsen, Adrian Vovk, AJ Jordan, Alan Perry,
        Alastair Pharo, Alexander Batischev, Ali Abdallah, Andrew Balmos,
        Anita Zhang, Annika Wickert, Ansgar Burchardt, Antonio Terceiro,
        Antonius Frie, Ardy, Arian van Putten, Ariel Fermani, Arnaud T,
        A S Alam, Bastien Nocera, Benjamin Berg, Benjamin Robin, Björn Daase,
        caoxia, Carlo Wood, Charles Lee, ChopperRob, chri2, Christian Ehrhardt,
        Christian Hesse, Christopher Obbard, clayton craft, corvusnix, cprn,
        Daan De Meyer, Daniele Medri, Daniel Rusek, Dan Sanders, Dan Streetman,
        Darren Ng, David Edmundson, David Tardon, Deepak Rawat, Devon Pringle,
        Dmitry Borodaenko, dropsignal, Einsler Lee, Endre Szabo,
        Evgeny Vereshchagin, Fabian Affolter, Fangrui Song, Felipe Borges,
        feliperodriguesfr, Felix Stupp, Florian Hülsmann, Florian Klink,
        Florian Westphal, Franck Bui, Frantisek Sumsal, Gablegritule,
        Gaël PORTAY, Gaurav, Giedrius Statkevičius, Greg Depoire-Ferrer,
        Gustavo Costa, Hans de Goede, Hela Basa, heretoenhance, hide,
        Iago López Galeiras, igo95862, Ilya Dmitrichenko, Jameer Pathan,
        Jan Tojnar, Jiehong, Jinyuan Si, Joerg Behrmann, John Slade,
        Jonathan G. Underwood, Jonathan McDowell, Josh Triplett, Joshua Watt,
        Julia Cartwright, Julien Humbert, Kairui Song, Karel Zak,
        Kevin Backhouse, Kevin P. Fleming, Khem Raj, Konomi, krissgjeng,
        l4gfcm, Lajos Veres, Lennart Poettering, Lincoln Ramsay, Luca Boccassi,
        Luca BRUNO, Lucas Werkmeister, Luka Kudra, Luna Jernberg,
        Marc-André Lureau, Martin Wilck, Matthias Klumpp, Matt Turner,
        Michael Gisbers, Michael Marley, Michael Trapp, Michal Fabik,
        Michał Kopeć, Michal Koutný, Michal Sekletár, Michele Guerini Rocco,
        Mike Gilbert, milovlad, moson-mo, Nick, nihilix-melix, Oğuz Ersen,
        Ondrej Mosnacek, pali, Pavel Hrdina, Pavel Sapezhko, Perry Yuan,
        Peter Hutterer, Pierre Dubouilh, Piotr Drąg, Pjotr Vertaalt,
        Richard Laager, RussianNeuroMancer, Sam Lunt, Sebastiaan van Stijn,
        Sergey Bugaev, shenyangyang4, simmon, Simonas Kazlauskas,
        Slimane Selyan Amiri, Stefan Agner, Steve Ramage, Susant Sahani,
        Sven Mueller, Tad Fisher, Takashi Iwai, Thomas Haller, Tom Shield,
        Topi Miettinen, Torsten Hilbrich, tpgxyz, Tyler Hicks, ulf-f,
        Ulrich Ölmann, Vincent Pelletier, Vinnie Magro, Vito Caputo, Vlad,
        walbit-de, Whired Planck, wouter bolsterlee, Xℹ Ruoyao, Yangyang Shen,
        Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew Jędrzejewski-Szmek,
        Zmicer Turok, Дамјан Георгиевски
        — Berlin, 2021-03-30
 CHANGES WITH 247:
        * KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
@ -3809,7 +4289,7 @@ CHANGES WITH 237:
          by default even when owned by root and read-only. This behaviour was
          inherited from older tools, but there have been requests to remove
          it, and it's not obvious why this restriction was made in the first
-          place. Please speak up now, if you are aware of software that reqires
+          place. Please speak up now, if you are aware of software that requires
          this behaviour, otherwise we'll remove the restriction in v238.
        * A new environment variable $SYSTEMD_OFFLINE is now understood by
@ -5049,7 +5529,7 @@ CHANGES WITH 232:
        * Support for dynamically creating users for the lifetime of a service
          has been added. If DynamicUser=yes is specified, user and group IDs
-          will be allocated from the range 61184..65519 for the lifetime of the
+          will be allocated from the range 61184…65519 for the lifetime of the
          service. They can be resolved using the new nss-systemd.so NSS
          module. The module must be enabled in /etc/nsswitch.conf. Services
          started in this way have PrivateTmp= and RemoveIPC= enabled, so that
@ -5791,7 +6271,7 @@ CHANGES WITH 230:
        * The LimitNICE= setting now optionally takes normal UNIX nice values
          in addition to the raw integer limit value. If the specified
-          parameter is prefixed with "+" or "-" and is in the range -20..19 the
+          parameter is prefixed with "+" or "-" and is in the range -20…19 the
          value is understood as UNIX nice value. If not prefixed like this it
          is understood as raw RLIMIT_NICE limit.
@ -6129,10 +6609,10 @@ CHANGES WITH 228:
          individual indexes.
        * The various memory-related resource limit settings (such as
-          LimitAS=) now understand the usual K, M, G, ... suffixes to
+          LimitAS=) now understand the usual K, M, G, … suffixes to
          the base of 1024 (IEC). Similar, the time-related resource
-          limit settings understand the usual min, h, day, ...
+          limit settings understand the usual min, h, day, … suffixes
-          suffixes now.
+          now.
        * There's a new system.conf setting DefaultTasksMax= to
          control the default TasksMax= setting for services and
@ -6907,7 +7387,7 @@ CHANGES WITH 220:
        * New /etc/fstab options x-systemd.requires= and
          x-systemd.requires-mounts-for= are now supported to express
          additional dependencies for mounts. This is useful for
-          journalling file systems that support external journal
+          journaling file systems that support external journal
          devices or overlay file systems that require underlying file
          systems to be mounted.
@ -7066,7 +7546,7 @@ CHANGES WITH 220:
        * /usr/lib/os-release gained a new optional field VARIANT= for
          distributions that support multiple variants (such as a
-          desktop edition, a server edition, ...)
+          desktop edition, a server edition, …)
        Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
        Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
@ -7521,7 +8001,7 @@ CHANGES WITH 218:
        * nspawn's --link-journal= switch gained two new values
          "try-guest" and "try-host" that work like "guest" and
          "host", but do not fail if the host has no persistent
-          journalling enabled. -j is now equivalent to
+          journaling enabled. -j is now equivalent to
          --link-journal=try-guest.
        * macvlan network devices created by nspawn will now have
@ -7565,7 +8045,7 @@ CHANGES WITH 218:
          into account when storing rfkill state on disk, as the name
          might be dynamically assigned and not stable. Instead, the
          ID_PATH udev variable combined with the rfkill type (wlan,
-          bluetooth, ...) is used.
+          bluetooth, …) is used.
        * A new service systemd-machine-id-commit.service has been
          added. When used on systems where /etc is read-only during
@ -7795,7 +8275,7 @@ CHANGES WITH 217:
        * Calendar time specifications in .timer units now also
          understand the strings "semi-annually", "quarterly" and
          "minutely" as shortcuts (in addition to the preexisting
-          "annually", "hourly", ...).
+          "annually", "hourly", …).
        * systemd-tmpfiles will now correctly create files in /dev
          at boot which are marked for creation only at boot. It is
@ -9015,7 +9495,7 @@ CHANGES WITH 209:
          match against MAC address, device path, driver name and type,
          and will apply attributes like the naming policy, link speed,
          MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
-          address assignment policy (randomized, ...).
+          address assignment policy (randomized, …).
        * The configuration of network interface naming rules for
          "permanent interface names" has changed: a new NamePolicy=
@ -9092,7 +9572,7 @@ CHANGES WITH 209:
          recent boots with their times and boot IDs.
        * The various tools like systemctl, loginctl, timedatectl,
-          busctl, systemd-run, ... have gained a new switch "-M" to
+          busctl, systemd-run, … have gained a new switch "-M" to
          connect to a specific, local OS container (as direct
          connection, without requiring SSH). This works on any
          container that is registered with machined, such as those
@ -9841,7 +10321,7 @@ CHANGES WITH 205:
        * If a privileged process logs a journal message with the
          OBJECT_PID= field set, then journald will automatically
          augment this with additional OBJECT_UID=, OBJECT_GID=,
-          OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
+          OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
          system services want to log events about specific client
          processes. journactl/systemctl has been updated to make use
          of this information if all log messages regarding a specific
@ -10045,7 +10525,7 @@ CHANGES WITH 201:
        * 'systemctl status' will also shown information about any
          drop-in configuration file for units. (Drop-In configuration
          files in this context are files such as
-          /etc/systemd/systemd/foobar.service.d/*.conf)
+          /etc/systemd/system/foobar.service.d/*.conf)
        * systemd-cgtop now optionally shows summed up CPU times of
          cgroups. Press '%' while running cgtop to switch between
@ -10981,7 +11461,7 @@ CHANGES WITH 190:
          inhibitors during their runtime. A simple way to achieve
          that is to invoke the DE wrapped in an invocation of:
-          systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch ...
+          systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …
        * Access to unit operations is now checked via SELinux taking
          the unit file label and client process label into account.
@ -11388,7 +11868,7 @@ CHANGES WITH 183:
          should be used to create dead device nodes as workarounds for broken
          subsystems.
-        * udev: RUN+="socket:..."  and udev_monitor_new_from_socket() is
+        * udev: RUN+="socket:…"  and udev_monitor_new_from_socket() is
          no longer supported. udev_monitor_new_from_netlink() needs to be
          used to subscribe to events.
--- a/24
+++ b/24
@ -44,7 +44,7 @@ REQUIREMENTS:
          CONFIG_SIGNALFD
          CONFIG_TIMERFD
          CONFIG_EPOLL
-          CONFIG_NET
+          CONFIG_UNIX (it requires CONFIG_NET, but every other flag in it is not necessary)
          CONFIG_SYSFS
          CONFIG_PROC_FS
          CONFIG_FHANDLE (libudev, mount and bind mount handling)
@ -126,6 +126,9 @@ REQUIREMENTS:
        Required for systemd-nspawn:
          CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7
        Required for systemd-oomd:
          CONFIG_PSI
        Note that kernel auditing is broken when used with systemd's
        container code. When using systemd in conjunction with
        containers, please make sure to either turn off auditing at
@ -187,7 +190,7 @@ REQUIREMENTS:
        polkit (optional)
        To build in directory build/:
-          meson build/ && ninja -C build
+          meson setup build/ && meson compile -C build/
        Any configuration options can be specified as -Darg=value... arguments
        to meson. After the build directory is initially configured, meson will
@ -197,10 +200,10 @@ REQUIREMENTS:
        their current values.
        Useful commands:
-          ninja -v some/target
+          meson compile -v -C build/ some/target
-          ninja test
+          meson test -C build/
-          sudo ninja install
+          sudo meson install -C build/
-          DESTDIR=... ninja install
+          DESTDIR=... meson install -C build/
        A tarball can be created with:
          git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
@ -219,9 +222,10 @@ REQUIREMENTS:
        Note that the build prefix for systemd must be /usr. (Moreover,
        packages systemd relies on — such as D-Bus — really should use the same
        prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the
-        default and does not need to be specified) is the recommended setting,
+        default and does not need to be specified) is the recommended setting.
-        and -Dsplit-usr=true should be used on systems which have /usr on a
+        -Dsplit-usr=true can be used to give a semblance of support for systems
-        separate partition.
+        with programs installed split between / and /usr. Moving everything
        under /usr is strongly encouraged.
        Additional packages are necessary to run some tests:
        - busybox            (used by test/TEST-13-NSPAWN-SMOKE)
@ -273,7 +277,7 @@ NSS:
        with machined to their respective IP addresses.
        nss-systemd enables resolution of users/group registered via the
-        User/Group Record Lookup API (https://systemd.io/USER_GROUP_API/),
+        User/Group Record Lookup API (https://systemd.io/USER_GROUP_API),
        including all dynamically allocated service users. (See the
        DynamicUser= setting in unit files.)
--- a/README.md
+++ b/README.md
@ -4,18 +4,16 @@ System and Service Manager
 <a href="https://in.waw.pl/systemd-github-state/systemd-systemd-issues.svg"><img align="right" src="https://in.waw.pl/systemd-github-state/systemd-systemd-issues-small.svg" alt="Count of open issues over time"></a>
 <a href="https://in.waw.pl/systemd-github-state/systemd-systemd-pull-requests.svg"><img align="right" src="https://in.waw.pl/systemd-github-state/systemd-systemd-pull-requests-small.svg" alt="Count of open pull requests over time"></a>
-[![Semaphore CI Build Status](https://semaphoreci.com/api/v1/projects/28a5a3ca-3c56-4078-8b5e-7ed6ef912e14/443470/shields_badge.svg)](https://semaphoreci.com/systemd/systemd)<br/>
+[![Semaphore CI 2.0 Build Status](https://the-real-systemd.semaphoreci.com/badges/systemd/branches/main.svg?style=shields)](https://the-real-systemd.semaphoreci.com/projects/systemd)<br/>
 [![Coverity Scan Status](https://scan.coverity.com/projects/350/badge.svg)](https://scan.coverity.com/projects/350)<br/>
 [![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/systemd.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#systemd)<br/>
 [![CIFuzz](https://github.com/systemd/systemd/workflows/CIFuzz/badge.svg)](https://github.com/systemd/systemd/actions)<br/>
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1369/badge)](https://bestpractices.coreinfrastructure.org/projects/1369)<br/>
 [![Travis CI Build Status](https://travis-ci.org/systemd/systemd.svg?branch=master)](https://travis-ci.org/systemd/systemd)<br/>
 [![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/systemd/systemd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/systemd/systemd/context:cpp)<br/>
 [![CentOS CI - CentOS 7](https://jenkins-systemd.apps.ocp.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20CentOS%207&job=upstream-centos7)](https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-centos7/)<br/>
 [![CentOS CI - Arch](https://jenkins-systemd.apps.ocp.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch&job=upstream-vagrant-archlinux)](https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-vagrant-archlinux/)<br/>
 [![CentOS CI - Arch (sanitizers)](https://jenkins-systemd.apps.ocp.ci.centos.org/buildStatus/icon?subject=CentOS%20CI%20-%20Arch%20(sanitizers)&job=upstream-vagrant-archlinux-sanitizers)](https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/)<br/>
-[![Build Status](https://dev.azure.com/evvers/systemd-systemd/_apis/build/status/systemd.systemd?branchName=master)](https://dev.azure.com/evvers/systemd-systemd/_build/latest?definitionId=1&branchName=master)<br/>
+[![Fossies codespell report](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.svg)](https://fossies.org/linux/test/systemd-main.tar.gz/codespell.html)</br>
 [![Fossies codespell report](https://fossies.org/linux/test/systemd-master.tar.gz/codespell.svg)](https://fossies.org/linux/test/systemd-master.tar.gz/codespell.html)</br>
 [![Packaging status](https://repology.org/badge/tiny-repos/systemd.svg)](https://repology.org/project/systemd/versions)
 ## Details
--- a/166
+++ b/166
@ -7,6 +7,8 @@ Bugfixes:
 * userdbctl: "Password OK: yes" is shown even when there are no passwords
  or the password is locked.
 * Get rid of nftw(). We should refuse to use such useless APIs on principle.
 External:
 * Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
@ -20,8 +22,139 @@ Janitorial Clean-ups:
 Features:
 * maybe add a tool that displays most recent journal logs as QR code to scan
  off screen and run it automatically on boot failures, emergency logs and
  such. Use DRM APIs directly, see
  https://github.com/dvdhrm/docs/blob/master/drm-howto/modeset.c for an example
  for doing that.
 * pass systemd-detect-virt result to generators as env var. Modifying behaviour
  based on whether we are virtualized or not is a pretty common thing, hence
  maybe just pass that info along for free in an env var. We cache the result
  anyway, so it's basically free.
 * systemd-repart: read LUKS encryption key from $CREDENTIALS_PATH
 * introduce /dev/disk/root/* symlinks that allow referencing partitions on the
  disk the rootfs is on in a reasonably secure way.
 * systemd-repart: add a switch to factory reset the partition table without
  immediately applying the new configuration again. i.e. --factory-reset=leave
  or so. (this is useful to factory reset an image, then putting it into
  another machine, ensuring that luks key is generated on new machine, not old)
 * move logind udev rules to top-level rule.d/ directory
 * move multiseat vid/pid matches from logind udev rule to hwdb
 * nspawn: default to 1:1 userns
 * Provide a reasonably bespoke solution for mounting host $HOME directories
  into containers:
  • add new option --mount-user=$USER for mounting $HOME of the user into the
    container at the same place
  • check /etc/passwd for UID or user name clashes. If UID clash pick a different
    UID in container, and map via userns. If user name clash, refuse. If
    matching user already exists use that.
  • otherwise: write user record of specified user into /run/host/passwd or so
  • in nss-systemd pick up user record from there and make available to system
  With all that in place if nspawn host and container payload are up-to-date
  enough we have a very simple way to make host users available in containers.
 * systemd-sysusers: pick up passwords from credentials logic, so that users can
  easily set root user pw. enable cred inheriting for root user from PID 1, so
  that for containers we can configure the root pw automatically via nspawn's
  --set-credential= switch. (Also do this for systemd-firstboot)
 * whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
  reception limit the kernel silently enforces.
 * add an Open= setting to service unit files that can open arbitrary file
  system paths at service startup time and pass them to the service process via
  our usual socket activation protocol. If passed path refers to AF_UNIX
  socket: connect() to it.
 * add a ConnectSocket= setting to service unit files, that may reference a
  socket unit, and which will connect to the socket defined therein, and pass
  the resulting fd to the service program via socket activation proto.
 * Add a concept of ListenStream=anonymous to socket units: listen on a socket
  that is deleted in the fs. Usecase would be with ConnectSocket= above.
 * Hook up journald's FSS logic with TPM2: seal the verification disk by
  time-based policy, so that the verification key can remain on host and ve
  validated via TPM.
 * sd-boot: define a drop-in dir in the ESP that may contain X.509
  certificates. If the firmware is detected to be in setup mode, automatically
  enroll them as PK/KEK/db, turn off setup mode and proceed. Optionally,
  instead of auto-enrolling them add them to the sd-boot menu, giving the user
  the option to manually enroll them, after selecting the menu entry. This way,
  installer images can just drop the certfiicates in the ESP, and on first boot
  can easily enroll the keys without ever booting up.
 * efi stub: optionally, load initrd from disk as a separate file, HMAC check it
  with key from TPM, bound to PCR, refusing if failing. This would then allow
  traditional distros that generate initrds locally to secure them with TPM:
  after generating the initrd, do the HMAC calculation, put result in initrd
  filename, done. This would then bind the validity of the initrd to the local
  host, and used kernel, and means people cannot change initrd or kernel
  without booting the kernel + initrd.
 * importd: add ability download images for portabled + sysext
 * importd: support image signature verification with PKCS#7 + OpenBSD signify
  logic, as alternative to crummy gpg
 * sd-boot: add service that automatically runs "bootctl update" on every boot,
  in a graceful way, so that updated /usr trees automatically propagate into
  updated boot loaders on reboot.
 * sysext: optionally, if the merged trees allow it use bind mounts instead of
  overlayfs
 * nspawn: add support for sysext extensions, too. i.e. a new --extension=
  switch that takes one or more arguments, and applies the extensions already
  during startup.
 * add "systemd-analyze debug" + AttachDebugger= in unit files: The former
  specifies a command to execute; the latter specifies that an already running
  "systemd-analyze debug" instance shall be contacted and execution paused
  until it gives an OK. That way, tools like gdb or strace can be safely be
  invoked on processes forked off PID 1.
 * expose MS_NOSYMFOLLOW in various places
 * tpm2: support a PIN policy, i.e. allowing windows-style short authentication
  passwords by using the TPM2 to enforce ratelimiting and such, use for
  cryptsetup and homed
 * Add concept for upgrading TPM2 enrollments, maybe a new switch
  --pcrs=4:<hash> or so, i.e. select a PCR to include in the hash, and then
  override its hash
 * homed: store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
  systemd-cryptsetup, so that it can unlock homed volumes
 * cryptenroll: politely refuse enrolling new keys to homed volumes, since we
  we cannot update identity info
 * TPM2: auto-reenroll in cryptsetup, as fallback for hosed firmware upgrades
  and such
 * cryptsetup: if only recovery keys are registered and no regular passphrases,
  ask user for "recovery key", not "passphrase"
 * cyptsetup: add option for automatically removing empty password slot on boot
 * cryptsetup: optionally, when run during boot-up and password is never
-  entered, and we are on AC power (or so), power off machine again
+  entered, and we are on battery power (or so), power off machine again
 * cryptsetup: when FIDO2/PKCS#11/TPM2 token/chip didn't show up after some
  time, abort the attempt, fallback to asking for pw
 * cryptsetup: when waiting for FIDO2/PKCS#11 token, tell plymouth that, and
  allow plymouth to abort the waiting and enter pw instead
 * when configuring loopback netif, and it fails due to EPERM, eat up error if
  it happens to be set up alright already.
@ -76,9 +209,6 @@ Features:
 * make use of new glibc 2.32 APIs sigabbrev_np() and strerrorname_np().
 * cryptsetup: if keyfile specified in crypttab is AF_UNIX socket, connect to it
  and read from it (like we do elsewhere with READ_FULL_FILE_CONNECT_SOCKET)
 * when main nspawn supervisor process gets suspended due to SIGSTOP/SIGTTOU or
  so, freeze the payload too.
@ -107,17 +237,11 @@ Features:
  client UID, so that synthetic hash table collisions can slow down a specific
  user's journal stream down but not the others.
 * add "throttling" to sd-event event sources: optionally, when we wake up too
  often for one, let's turn it off entirely for a while. Use that for the
  /proc/self/mountinfo logic.
 * nspawn: support time namespaces
 * systemd-firstboot: make sure to always use chase_symlinks() before
  reading/writing files
 * add ConditionSecurity=tpm2
 * Remove any support for booting without /usr pre-mounted in the initrd entirely.
  Update INITRD_INTERFACE.md accordingly.
@ -140,10 +264,6 @@ Features:
  o move into separate libsystemd-shared-iptables.so .so
    - iptables-libs (only used by nspawn + networkd)
 * seccomp: when SystemCallArchitectures=native is set then don't install any
  other seccomp filters for any of the other archs, in order to reduce the
  number of seccomp filters we install needlessly.
 * seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can.
  Apparently kernel performance is much better with fewer larger seccomp
  filters than with more smaller seccomp filters.
@ -207,9 +327,6 @@ Features:
  thus allows defining OS images which can be A/B updated and we default to the
  newest version automatically, both in nspawn and in sd-boot
 * cryptsetup: support FIDO2 tokens for deriving keys (i.e. do what homed can do
  also in plain cryptsetup)
 * systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
  creates
@ -248,12 +365,6 @@ Features:
 * add growvol and makevol options for /etc/crypttab, similar to
  x-systemd.growfs and x-systemd-makefs.
 * hook up the TPM to /etc/crypttab, with a new option that is similar to the
  new PKCS#11 option in crypttab, and allows unlocking a LUKS volume via a key
  unsealed from the TPM. Optionally, if TPM is not available fall back to
  TPM-less mode, and set up linear DM mapping instead (inspired by kpartx), so
  that the device paths stay the same, regardless if crypto is used or not.
 * systemd-repart: by default generate minimized partition tables (i.e. tables
  that only cover the space actually used, excluding any free space at the
  end), in order to maximize dd'ability. Requires libfdisk work, see
@ -304,7 +415,7 @@ Features:
  initrd had set.
 * sd-event: add native support for P_ALL waitid() watching, then move PID 1 to
-  it fo reaping assigned but unknown children. This needs to some special care
+  it for reaping assigned but unknown children. This needs to some special care
  to operate somewhat sensibly in light of priorities: P_ALL will return
  arbitrary processes, regardless of the priority we want to watch them with,
  hence on each event loop iteration check all processes which we shall watch
@ -800,9 +911,6 @@ Features:
  picked up by systemd unless they contain a medium. This would mirror
  the behaviour we already have for CD drives.
 * networkd/udev: implement SR_IOV configuration in .link files:
  http://lists.freedesktop.org/archives/systemd-devel/2015-January/027451.html
 * hostnamectl: show root image uuid
 * Find a solution for SMACK capabilities stuff:
@ -1017,7 +1125,7 @@ Features:
  - logind: when the power button is pressed short, just popup a
    logout dialog. If it is pressed for 1s, do the usual
    shutdown. Inspiration are Macs here.
-  - expose "Locked" property on logind sesison objects
+  - expose "Locked" property on logind session objects
  - maybe allow configuration of the StopTimeout for session scopes
  - rename session scope so that it includes the UID. THat way
    the session scope can be arranged freely in slices and we don't have
@ -1210,6 +1318,7 @@ Features:
  - creating new directories/subvolumes/fifos/device nodes
    should not follow symlinks. None of the other adjustment or creation
    calls follow symlinks.
  - add --test mode
 * make sure systemd-ask-password-wall does not shutdown systemd-ask-password-console too early
@ -1311,7 +1420,6 @@ Features:
     for all routes to it. possibly a second default for DHCP routes.
   - allow Name= to be specified repeatedly in the [Match] section. Maybe also
     support Name=foo*|bar*|baz ?
   - duplicate address check for static IPs (like ARPCHECK in network-scripts)
   - whenever uplink info changes, make DHCP server send out FORCERENEW
 * Figure out how to do unittests of networkd's state serialization
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@ -1,15 +0,0 @@
 trigger:
 - master
 jobs:
 - job: FuzzBuzz
  displayName: FuzzBuzz
  pool:
    vmImage: 'ubuntu-latest'
  steps:
  - script: |
      set -e
      ./travis-ci/managers/fuzzbuzz.sh
    displayName: 'This is where it gets darker'
--- a/coccinelle/errno.cocci
+++ b/coccinelle/errno.cocci
@ -25,6 +25,13 @@ expression e;
 - return r;
@@
 identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
 local idexpression r;
@@
 + return
  log_LEVEL_errno(r, ...);
 - return r;
@@
 identifier log_LEVEL_errno =~ "^log_(debug|info|notice|warning|error|emergency)_errno$";
 expression e;
@@
 + return
@ -39,3 +46,57 @@ local idexpression r;
 - log_LEVEL_errno(e, args);
 - r = e;
 + r = log_LEVEL_errno(e, args);
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 local idexpression r;
 expression e;
 expression u;
@@
 - r = -e;
 + r =
  log_UNIT_LEVEL_errno(u, e, ...);
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 local idexpression r;
 expression e;
 expression u;
@@
 + r =
  log_UNIT_LEVEL_errno(u, e, ...);
 - r = -e;
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 local idexpression r;
 expression e;
 expression u;
@@
 - r =
 + return
  log_UNIT_LEVEL_errno(u, e, ...);
 - return r;
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 local idexpression r;
 expression u;
@@
 + return
  log_UNIT_LEVEL_errno(u, r, ...);
 - return r;
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 expression e;
 expression u;
@@
 + return
  log_UNIT_LEVEL_errno(u, e, ...);
 - return -e;
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|netdev|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 expression list args;
 expression e;
 expression u;
 local idexpression r;
@@
 - log_UNIT_LEVEL_errno(u, e, args);
 - r = e;
 + r = log_UNIT_LEVEL_errno(u, e, args);
--- a/coccinelle/flags-set.cocci
+++ b/coccinelle/flags-set.cocci
@ -8,7 +8,8 @@ position p : script:python() {
                 p[0].current_element == "log_set_max_level_realm" or
                 p[0].current_element == "unichar_is_valid")
        };
-expression x, y;
+expression x;
 constant y;
@@
 (
 - ((x@p) & (y)) == (y)
--- a/coccinelle/run-coccinelle.sh
+++ b/coccinelle/run-coccinelle.sh
@ -7,6 +7,7 @@ EXCLUDED_PATHS=(
    "src/basic/linux/*"
    # Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
    "src/libsystemd/sd-bus/test-bus-vtable.c"
    "src/libsystemd/sd-journal/lookup3.c"
 )
 top="$(git rev-parse --show-toplevel)"
--- a/coccinelle/strjoina.cocci
+++ b/coccinelle/strjoina.cocci
@ -1,6 +1,7 @@
@@
 position p : script:python() { p[0].current_element != "test_strjoina" };
 expression n, m;
 expression list s;
@@
- n = strjoina(m, s, NULL);
+- n = strjoina@p(m, s, NULL);
 + n = strjoina(m, s);
--- a/coccinelle/synthetic-errno.cocci
+++ b/coccinelle/synthetic-errno.cocci
@ -15,9 +15,15 @@ log_debug("Found no default boot entry :(");
 expression e;
 expression list args;
@@
 (
 /* Ignore specific cases in src/import/{export,import,pull}.c where we want to return positive value on success. */
 log_info("Exiting.");
 return -r;
 |
 - log_info(args);
 - return -e;
 + return log_info_errno(SYNTHETIC_ERRNO(e), args);
 )
@@
 expression e;
 expression list args;
@ -46,3 +52,211 @@ expression list args;
@@
 - log_LEVEL_errno(ERRNO, args);
 + log_LEVEL_errno(SYNTHETIC_ERRNO(ERRNO), args);
@@
 identifier log_UNIT_LEVEL_errno =~ "^log_(unit|link|device|token)_(debug|info|notice|warning|error|emergency)_errno$";
 identifier ERRNO =~ "^E[A-Z]+$";
 expression u;
 expression list args;
@@
 - log_UNIT_LEVEL_errno(u, ERRNO, args);
 + log_UNIT_LEVEL_errno(u, SYNTHETIC_ERRNO(ERRNO), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_unit_debug(u, args);
 - return -e;
 + return log_unit_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_unit_info(u, args);
 - return -e;
 + return log_unit_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_unit_notice(u, args);
 - return -e;
 + return log_unit_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_unit_error(u, args);
 - return -e;
 + return log_unit_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_unit_emergency(u, args);
 - return -e;
 + return log_unit_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_link_debug(u, args);
 - return -e;
 + return log_link_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_link_info(u, args);
 - return -e;
 + return log_link_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_link_notice(u, args);
 - return -e;
 + return log_link_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_link_error(u, args);
 - return -e;
 + return log_link_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_link_emergency(u, args);
 - return -e;
 + return log_link_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_netdev_debug(u, args);
 - return -e;
 + return log_netdev_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_netdev_info(u, args);
 - return -e;
 + return log_netdev_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_netdev_notice(u, args);
 - return -e;
 + return log_netdev_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_netdev_error(u, args);
 - return -e;
 + return log_netdev_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_netdev_emergency(u, args);
 - return -e;
 + return log_netdev_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_device_debug(u, args);
 - return -e;
 + return log_device_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_device_info(u, args);
 - return -e;
 + return log_device_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_device_notice(u, args);
 - return -e;
 + return log_device_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_device_error(u, args);
 - return -e;
 + return log_device_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_device_emergency(u, args);
 - return -e;
 + return log_device_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_token_debug(u, args);
 - return -e;
 + return log_token_debug_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_token_info(u, args);
 - return -e;
 + return log_token_info_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_token_notice(u, args);
 - return -e;
 + return log_token_notice_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_token_error(u, args);
 - return -e;
 + return log_token_error_errno(u, SYNTHETIC_ERRNO(e), args);
@@
 expression e;
 expression u;
 expression list args;
@@
 - log_token_emergency(u, args);
 - return -e;
 + return log_token_emergency_errno(u, SYNTHETIC_ERRNO(e), args);
--- a/1
+++ b/1
@ -1,4 +1,5 @@
 #!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 cflags=CFLAGS="$CFLAGS"
--- a/docs/CODE_QUALITY.md
+++ b/docs/CODE_QUALITY.md
@ -10,13 +10,15 @@ The systemd project has a number of code quality tools set up in the source
 tree and on the github infrastructure. Here's an incomprehensive list of the
 available functionality:
-1. Use `ninja -C build test` to run the unit tests. Some tests are skipped if
+1. Use `meson test -C build` to run the unit tests. Some tests are skipped if
   no privileges are available, hence consider also running them with `sudo
-   ninja -C build test`. A couple of unit tests are considered "unsafe" (as
+   meson test -C build`. A couple of unit tests are considered "unsafe" (as
-   they change system state); to run those too, build with `meson
+   they change system state); to run those too, build with `meson setup
   -Dtests=unsafe`. Finally, some unit tests are considered to be very slow,
-   build them too with `meson -Dslow-tests=true`. (Note that there are a couple
+   build them too with `meson setup -Dslow-tests=true`. (Note that there are a
-   of manual tests in addition to these unit tests.)
+   couple of manual tests in addition to these unit tests.) (Also note: you can
   change these flags for an already set up build tree, too, with "meson
   configure -C build -D…".)
 2. Use `./test/run-integration-tests.sh` to run the full integration test
   suite. This will build OS images with a number of integration tests and run
@ -35,14 +37,14 @@ available functionality:
   `./tools/find-tabs.sh recpatch` to fix them. (Again, grain of salt, foreign
   headers should usually be left unmodified.)
-6. Use `ninja -C build check-api-docs` to compare the list of exported
+6. Use `meson compile -C build check-api-docs` to compare the list of exported
   symbols of `libsystemd.so` and `libudev.so` with the list of man pages. Symbols
   lacking documentation are highlighted.
-7. Use `ninja -C build hwdb-update` to automatically download and import the
+7. Use `meson compile -C build update-hwdb` to automatically download and import the
   PCI, USB and OUI databases into hwdb.
-8. Use `ninja -C build man/update-man-rules` to update the meson rules for
+8. Use `meson compile -C build update-man-rules` to update the meson rules for
   building man pages automatically from the docbook XML files included in
   `man/`.
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@ -587,6 +587,12 @@ layout: default
  time you need that please immediately undefine `basename()`, and add a
  comment about it, so that no code ever ends up using the POSIX version!
 - Never use `FILENAME_MAX`. Use `PATH_MAX` instead (for checking maximum size
  of paths) and `NAME_MAX` (for checking maximum size of filenames).
  `FILENAME_MAX` is not POSIX, and is a confusingly named alias for `PATH_MAX`
  on Linux. Note the `NAME_MAX` does not include space for a trailing `NUL`,
  but `PATH_MAX` does. UNIX FTW!
 ## Committing to git
 - Commit message subject lines should be prefixed with an appropriate component
--- a/docs/DISCOVERABLE_PARTITIONS.md
+++ b/docs/DISCOVERABLE_PARTITIONS.md
@ -99,7 +99,7 @@ partitions, the partition flag bit 63 ("*no-auto*") may be used to turn off
 auto-discovery for the specific partition.  If set, the partition will not be
 automatically mounted or enabled.
-For the root, `/usr/` server data, home, variable data and temporary data
+For the root, `/usr/`, server data, home, variable data and temporary data
 partitions, the partition flag bit 60 ("*read-only*") may be used to mark a
 partition for read-only mounts only.  If set, the partition will be mounted
 read-only instead of read-write. Note that the variable data partition and the
@ -225,10 +225,12 @@ appliance-like installations.
 ### What partitioning tools will create a DPS-compliant partition table?
-As of util-linux 2.25.2, the fdisk tool provides type codes to create the root,
+As of util-linux 2.25.2, the `fdisk` tool provides type codes to create the
-home, and swap partitions that the DPS expects, but the gdisk tool (version
+root, home, and swap partitions that the DPS expects. By default, `fdisk` will
-0.8.10) and its variants do not support creation of a root file system with a
+create an old-style MBR, not a GPT, so typing `l` to list partition types will
-matching type code.  By default, fdisk will create an old-style MBR, not a GPT,
+not show the choices to let you set the correct UUID. Make sure to first create
-so typing 'l' to list partition types will not show the choices that the root
+an empty GPT, then type `l` in order for the DPS-compliant type codes to be
-partition with the correct UUID.  You must first create an empty GPT and then
+available.
-type 'l' in order for the DPS-compliant type codes to be available.
+
 The `gdisk` tool (from version 1.0.5 onward) and its variants (`sgdisk`,
 `cgdisk`) also support creation of partitions with a matching type code.
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -19,18 +19,17 @@ documented in the proper man pages.
 All tools:
-* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will
+* `$SYSTEMD_OFFLINE=[0|1]` — if set to `1`, then `systemctl` will refrain from
-  refrain from talking to PID 1; this has the same effect as the historical
+  talking to PID 1; this has the same effect as the historical detection of
-  detection of `chroot()`.  Setting this variable to `0` instead has a similar
+  `chroot()`. Setting this variable to `0` instead has a similar effect as
-  effect as `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to
+  `SYSTEMD_IGNORE_CHROOT=1`; i.e. tools will try to communicate with PID 1 even
-  communicate with PID 1 even if a `chroot()` environment is detected.
+  if a `chroot()` environment is detected. You almost certainly want to set
-  You almost certainly want to set this to `1` if you maintain a package build system
+  this to `1` if you maintain a package build system or similar and are trying
-  or similar and are trying to use a modern container system and not plain
+  to use a modern container system and not plain `chroot()`.
  `chroot()`.
 * `$SYSTEMD_IGNORE_CHROOT=1` — if set, don't check whether being invoked in a
  `chroot()` environment. This is particularly relevant for systemctl, as it
-  will not alter its behaviour for `chroot()` environments if set.  Normally it
+  will not alter its behaviour for `chroot()` environments if set. Normally it
  refrains from talking to PID 1 in such a case; turning most operations such
  as `start` into no-ops.  If that's what's explicitly desired, you might
  consider setting `SYSTEMD_OFFLINE=1`.
@ -39,22 +38,35 @@ All tools:
  will print latency information at runtime.
 * `$SYSTEMD_PROC_CMDLINE` — if set, the contents are used as the kernel command
-  line instead of the actual one in /proc/cmdline. This is useful for
+  line instead of the actual one in `/proc/cmdline`. This is useful for
  debugging, in order to test generators and other code against specific kernel
  command lines.
-* `$SYSTEMD_FSTAB` — if set, use this path instead of /etc/fstab. Only useful
+* `$SYSTEMD_FSTAB` — if set, use this path instead of `/etc/fstab`. Only useful
  for debugging.
-* `$SYSTEMD_CRYPTTAB` — if set, use this path instead of /etc/crypttab. Only
+* `$SYSTEMD_CRYPTTAB` — if set, use this path instead of `/etc/crypttab`. Only
-  useful for debugging. Currently only supported by systemd-cryptsetup-generator.
+  useful for debugging. Currently only supported by
  `systemd-cryptsetup-generator`.
 * `$SYSTEMD_VERITYTAB` — if set, use this path instead of
  `/etc/veritytab`. Only useful for debugging. Currently only supported by
  `systemd-veritysetup-generator`.
 * `$SYSTEMD_EFI_OPTIONS` — if set, used instead of the string in the
-  SystemdOptions EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
+  `SystemdOptions` EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
-* `$SYSTEMD_IN_INITRD` — takes a boolean. If set, overrides initrd detection.
+* `$SYSTEMD_DEFAULT_HOSTNAME` — override the compiled-in fallback hostname
-  This is useful for debugging and testing initrd-only programs in the main
+  (relevant in particular for the system manager and `systemd-hostnamed`).
-  system.
+  Must be a valid hostname (either a single label or a FQDN).
 * `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection
  method. Defaults to `auto`. Behavior is defined as follows:
  `auto`: Checks if `/etc/initrd-release` exists, and a temporary fs is mounted
          on `/`. If both conditions meet, then it's in initrd.
  `lenient`: Similar to `auto`, but the rootfs check is skipped.
  `0|1`: Simply overrides initrd detection. This is useful for debugging and
         testing initrd-only programs in the main system.
 * `$SYSTEMD_BUS_TIMEOUT=SECS` — specifies the maximum time to wait for method call
  completion. If no time unit is specified, assumes seconds. The usual other units
@ -62,23 +74,23 @@ All tools:
  to 0, then the built-in default is used.
 * `$SYSTEMD_MEMPOOL=0` — if set, the internal memory caching logic employed by
-  hash tables is turned off, and libc malloc() is used for all allocations.
+  hash tables is turned off, and libc `malloc()` is used for all allocations.
-* `$SYSTEMD_EMOJI=0` — if set, tools such as "systemd-analyze security" will
+* `$SYSTEMD_EMOJI=0` — if set, tools such as `systemd-analyze security` will
  not output graphical smiley emojis, but ASCII alternatives instead. Note that
  this only controls use of Unicode emoji glyphs, and has no effect on other
  Unicode glyphs.
 * `$RUNTIME_DIRECTORY` — various tools use this variable to locate the
-  appropriate path under /run. This variable is also set by the manager when
+  appropriate path under `/run/`. This variable is also set by the manager when
-  RuntimeDirectory= is used, see systemd.exec(5).
+  `RuntimeDirectory=` is used, see systemd.exec(5).
 * `$SYSTEMD_CRYPT_PREFIX` — if set configures the hash method prefix to use for
-  UNIX crypt() when generating passwords. By default the system's "preferred
+  UNIX `crypt()` when generating passwords. By default the system's "preferred
-  method" is used, but this can be overridden with this environment
+  method" is used, but this can be overridden with this environment variable.
-  variable. Takes a prefix such as `$6$` or `$y$`. (Note that this is only
+  Takes a prefix such as `$6$` or `$y$`. (Note that this is only honoured on
-  honoured on systems built with libxcrypt and is ignored on systems using
+  systems built with libxcrypt and is ignored on systems using glibc's
-  glibc's original, internal crypt() implementation.)
+  original, internal `crypt()` implementation.)
 * `$SYSTEMD_RDRAND=0` — if set, the RDRAND instruction will never be used,
  even if the CPU supports it.
@ -87,10 +99,10 @@ All tools:
  support for it is compiled in and available in the kernel.
 * `$SYSTEMD_LOG_SECCOMP=1` — if set, system calls blocked by seccomp filtering,
-  for example in systemd-nspawn, will be logged to the audit log, if the current
+  for example in `systemd-nspawn`, will be logged to the audit log, if the
-  kernel version supports this.
+  kernel supports this.
-systemctl:
+`systemctl`:
 * `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
  listener, and instead always connect through the dbus-daemon D-bus broker.
@ -98,16 +110,16 @@ systemctl:
 * `$SYSTEMCTL_INSTALL_CLIENT_SIDE=1` — if set, enable or disable unit files on
  the client side, instead of asking PID 1 to do this.
-* `$SYSTEMCTL_SKIP_SYSV=1` — if set, do not call out to SysV compatibility hooks.
+* `$SYSTEMCTL_SKIP_SYSV=1` — if set, do not call SysV compatibility hooks.
-systemd-nspawn:
+`systemd-nspawn`:
-* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force nspawn into unified
+* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force `systemd-nspawn` into
-  cgroup hierarchy mode.
+  unified cgroup hierarchy mode.
-* `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make /sys and /proc/sys and
+* `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make `/sys/`, `/proc/sys/`,
-  friends writable in the container. If set to "network", leave only
+  and friends writable in the container. If set to "network", leave only
-  /proc/sys/net writable.
+  `/proc/sys/net/` writable.
 * `$SYSTEMD_NSPAWN_CONTAINER_SERVICE=…` — override the "service" name nspawn
  uses to register with machined. If unset defaults to "nspawn", but with this
@ -118,52 +130,41 @@ systemd-nspawn:
 * `$SYSTEMD_NSPAWN_LOCK=0` — if set, do not lock container images when running.
-* `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount /tmp in the
+* `$SYSTEMD_NSPAWN_TMPFS_TMP=0` — if set, do not overmount `/tmp/` in the
  container with a tmpfs, but leave the directory from the image in place.
-systemd-logind:
+`systemd-logind`:
 * `$SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1` — if set, report that
  hibernation is available even if the swap devices do not provide enough room
  for it.
-systemd-udevd:
+* `$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP` — if set, overrides `systemd-logind`'s
-
+  built-in EFI logic of requesting a reboot into the firmware. Takes a boolean.
-* `$NET_NAMING_SCHEME=` – if set, takes a network naming scheme (i.e. one of
+  If set to false, the functionality is turned off entirely. If set to true,
-  "v238", "v239", "v240"…, or the special value "latest") as parameter. If
+  instead of requesting a reboot into the firmware setup UI through EFI a file,
-  specified udev's net_id builtin will follow the specified naming scheme when
+  `/run/systemd/reboot-to-firmware-setup` is created whenever this is
  determining stable network interface names. This may be used to revert to
  naming schemes of older udev versions, in order to provide more stable naming
  across updates. This environment variable takes precedence over the kernel
  command line option `net.naming-scheme=`, except if the value is prefixed
  with `:` in which case the kernel command line option takes precedence, if it
  is specified as well.
 * `$SYSTEMD_REBOOT_TO_FIRMWARE_SETUP` — if set overrides systemd-logind's
  built-in EFI logic of requesting a reboot into the firmware. Takes a
  boolean. If set to false the functionality is turned off entirely. If set to
  true instead of requesting a reboot into the firmware setup UI through EFI a
  file `/run/systemd/reboot-to-firmware-setup` is created whenever this is
  requested. This file may be checked for by services run during system
  shutdown in order to request the appropriate operation from the firmware in
  an alternative fashion.
 * `$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU` — similar to the above, allows
-  overriding of systemd-logind's built-in EFI logic of requesting a reboot into
+  overriding of `systemd-logind`'s built-in EFI logic of requesting a reboot
-  the boot loader menu. Takes a boolean. If set to false the functionality is
+  into the boot loader menu. Takes a boolean. If set to false, the
-  turned off entirely. If set to true instead of requesting a reboot into the
+  functionality is turned off entirely. If set to true, instead of requesting a
-  boot loader menu through EFI a file `/run/systemd/reboot-to-boot-loader-menu`
+  reboot into the boot loader menu through EFI, the file
-  is created whenever this is requested. The file contains the requested boot
+  `/run/systemd/reboot-to-boot-loader-menu` is created whenever this is
-  loader menu timeout in µs, formatted in ASCII decimals, or zero in case no
+  requested. The file contains the requested boot loader menu timeout in µs,
-  timeout is requested. This file may be checked for by services run during
+  formatted in ASCII decimals, or zero in case no timeout is requested. This
-  system shutdown in order to request the appropriate operation from the boot
+  file may be checked for by services run during system shutdown in order to
-  loader in an alternative fashion.
+  request the appropriate operation from the boot loader in an alternative
  fashion.
 * `$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY` — similar to the above, allows
-  overriding of systemd-logind's built-in EFI logic of requesting a reboot into
+  overriding of `systemd-logind`'s built-in EFI logic of requesting a reboot
-  a specific boot loader entry. Takes a boolean. If set to false the
+  into a specific boot loader entry. Takes a boolean. If set to false, the
-  functionality is turned off entirely. If set to true instead of requesting a
+  functionality is turned off entirely. If set to true, instead of requesting a
-  reboot into a specific boot loader entry through EFI a file
+  reboot into a specific boot loader entry through EFI, the file
  `/run/systemd/reboot-to-boot-loader-entry` is created whenever this is
  requested. The file contains the requested boot loader entry identifier. This
  file may be checked for by services run during system shutdown in order to
@ -178,18 +179,31 @@ systemd-udevd:
  `/run/boot-loader-entries/loader/entries/*.conf`, and the files referenced by
  the drop-ins (including the kernels and initrds) somewhere else below
  `/run/boot-loader-entries/`. Note that all these files may be (and are
-  supposed to be) symlinks. systemd-logind will load these files on-demand,
+  supposed to be) symlinks. `systemd-logind` will load these files on-demand,
  these files can hence be updated (ideally atomically) whenever the boot
  loader configuration changes. A foreign boot loader installer script should
  hence synthesize drop-in snippets and symlinks for all boot entries at boot
-  or whenever they change if it wants to integrate with systemd-logind's APIs.
+  or whenever they change if it wants to integrate with `systemd-logind`'s
  APIs.
 `systemd-udevd`:
 * `$NET_NAMING_SCHEME=` – if set, takes a network naming scheme (i.e. one of
  "v238", "v239", "v240"…, or the special value "latest") as parameter. If
  specified udev's `net_id` builtin will follow the specified naming scheme
  when determining stable network interface names. This may be used to revert
  to naming schemes of older udev versions, in order to provide more stable
  naming across updates. This environment variable takes precedence over the
  kernel command line option `net.naming-scheme=`, except if the value is
  prefixed with `:` in which case the kernel command line option takes
  precedence, if it is specified as well.
 installed systemd tests:
 * `$SYSTEMD_TEST_DATA` — override the location of test data. This is useful if
  a test executable is moved to an arbitrary location.
-nss-systemd:
+`nss-systemd`:
 * `$SYSTEMD_NSS_BYPASS_SYNTHETIC=1` — if set, `nss-systemd` won't synthesize
  user/group records for the `root` and `nobody` users if they are missing from
@ -203,20 +217,20 @@ nss-systemd:
  dynamic user lookups. This is primarily useful to make `nss-systemd` work
  safely from within `dbus-daemon`.
-systemd-timedated:
+`systemd-timedated`:
 * `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of
  NTP client services. If set, `timedatectl set-ntp on` enables and starts the
  first existing unit listed in the environment variable, and
  `timedatectl set-ntp off` disables and stops all listed units.
-systemd-sulogin-shell:
+`systemd-sulogin-shell`:
 * `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
  root password is not available (such as when the root account is locked).
  See `sulogin(8)` for more details.
-bootctl and other tools that access the EFI System Partition (ESP):
+`bootctl` and other tools that access the EFI System Partition (ESP):
 * `$SYSTEMD_RELAX_ESP_CHECKS=1` — if set, the ESP validation checks are
  relaxed. Specifically, validation checks that ensure the specified ESP path
@ -225,11 +239,11 @@ bootctl and other tools that access the EFI System Partition (ESP):
 * `$SYSTEMD_ESP_PATH=…` — override the path to the EFI System Partition. This
  may be used to override ESP path auto detection, and redirect any accesses to
-  the ESP to the specified directory. Not that unlike with bootctl's --path=
+  the ESP to the specified directory. Note that unlike with `bootctl`'s
-  switch only very superficial validation of the specified path is done when
+  `--path=` switch only very superficial validation of the specified path is
-  this environment variable is used.
+  done when this environment variable is used.
-systemd itself:
+`systemd` itself:
 * `$SYSTEMD_ACTIVATION_UNIT` — set for all NSS and PAM module invocations that
  are done by the service manager on behalf of a specific unit, in child
@ -247,16 +261,55 @@ systemd itself:
  it is either set to `system` or `user` depending on whether the NSS/PAM
  module is called by systemd in `--system` or `--user` mode.
-systemd-remount-fs:
+`systemd-remount-fs`:
 * `$SYSTEMD_REMOUNT_ROOT_RW=1` — if set and no entry for the root directory
-  exists in /etc/fstab (this file always takes precedence), then the root
+  exists in `/etc/fstab` (this file always takes precedence), then the root
  directory is remounted writable. This is primarily used by
-  systemd-gpt-auto-generator to ensure the root partition is mounted writable
+  `systemd-gpt-auto-generator` to ensure the root partition is mounted writable
  in accordance to the GPT partition flags.
-systemd-firstboot and localectl:
+`systemd-firstboot` and `localectl`:
-* `SYSTEMD_LIST_NON_UTF8_LOCALES=1` – if set non-UTF-8 locales are listed among
+* `SYSTEMD_LIST_NON_UTF8_LOCALES=1` – if set, non-UTF-8 locales are listed among
  the installed ones. By default non-UTF-8 locales are suppressed from the
  selection, since we are living in the 21st century.
 `systemd-sysext`:
 * `SYSTEMD_SYSEXT_HIERARCHIES` – this variable may be used to override which
  hierarchies are managed by `systemd-sysext`. By default only `/usr/` and
  `/opt/` are managed, and directories may be added or removed to that list by
  setting this environment variable to a colon-separated list of absolute
  paths. Only "real" file systems and directories that only contain "real" file
  systems as submounts should be used. Do not specify API file systems such as
  `/proc/` or `/sys/` here, or hierarchies that have them as submounts. In
  particular, do not specify the root directory `/` here.
 `systemd-tmpfiles`:
 * `SYSTEMD_TMPFILES_FORCE_SUBVOL` — if unset, `v`/`q`/`Q` lines will create
  subvolumes only if the OS itself is installed into a subvolume. If set to `1`
  (or another value interpreted as true), these lines will always create
  subvolumes if the backing filesystem supports them. If set to `0`, these
  lines will always create directories.
 `systemd-sysv-generator`:
 * `$SYSTEMD_SYSVINIT_PATH` — Controls where `systemd-sysv-generator` looks for
  SysV init scripts.
 * `$SYSTEMD_SYSVRCND_PATH` — Controls where `systemd-sysv-generator` looks for
  SysV init script runlevel link farms.
 fuzzers:
 * `$SYSTEMD_FUZZ_OUTPUT` — A boolean that specifies whether to write output to
  stdout. Setting to true is useful in manual invocations, since all output is
  suppressed by default.
 * `$SYSTEMD_FUZZ_RUNS` — The number of times execution should be repeated in
  manual invocations.
 Note that is may be also useful to set `$SYSTEMD_LOG_LEVEL`, since all logging
 is suppressed by default.
--- a/docs/GROUP_RECORD.md
+++ b/docs/GROUP_RECORD.md
@ -7,7 +7,7 @@ layout: default
 # JSON Group Records
 Long story short: JSON Group Records are to `struct group` what [JSON User
-Records](https://systemd.io/USER_RECORD.md) are to `struct passwd`.
+Records](https://systemd.io/USER_RECORD) are to `struct passwd`.
 Conceptually, much of what applies to JSON user records also applies to JSON
 group records. They also consist of seven sections, with similar properties and
--- a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
+++ b/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
@ -1,5 +1,10 @@
-How we use GVariant for serializing D-Bus messages
+---
--------------------------------------------------
+title: GVariant D-Bus Message Serialization
 category: Interfaces
 layout: default
 ---
 # GVariant D-Bus Message Serialization
 We stay close to the original dbus1 framing as possible, but make
 certain changes to adapt for GVariant. dbus1 has the following
--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@ -44,28 +44,37 @@ generate a disk image `image.raw` you can boot either in `systemd-nspawn` or in
 an UEFI-capable VM:
 ```
-# systemd-nspawn -bi image.raw
+# mkosi boot
 ```
 or:
 ```
-# qemu-system-x86_64 -enable-kvm -m 512 -smp 2 -bios /usr/share/edk2/ovmf/OVMF_CODE.fd -hda image.raw
+# mkosi qemu
 ```
 Every time you rerun the `mkosi` command a fresh image is built, incorporating
-all current changes you made to the project tree.
+all current changes you made to the project tree. To save time when rebuilding,
 you can use mkosi's incremental mode (`-i`). This instructs mkosi to build a set
 of cache images that make future builds a lot faster. Note that the `-i` flag
 both instructs mkosi to build cached images if they don't exist yet and to use
 cached images if they already exist so make sure to always specify `-i` if you
 want mkosi to use the cached images.
-Alternatively, you may install the systemd version from your git check-out
+If you're going to build mkosi images that use the same distribution and release
-directly on top of your host system's directory tree. This mostly works fine,
+that you're currently using, you can speed up the initial mkosi run by having it
-but of course you should know what you are doing as you might make your system
+reuse the host's package cache. To do this, create a mkosi override file in
-unbootable in case of a bug in your changes. Also, you might step into your
+mkosi.default.d/ (e.g 20-local.conf) and add the following contents:
 package manager's territory with this. Be careful!
-And never forget: most distributions provide very simple and convenient ways to
+```
-install all development packages necessary to build systemd. For example, on
+[Packages]
-Fedora the following command line should be sufficient to install all of
+Cache=<full-path-to-package-manager-cache> # (e.g. /var/cache/dnf)
-systemd's build dependencies:
+```
 If you want to do a local build without mkosi, most distributions also provide
 very simple and convenient ways to install all development packages necessary
 to build systemd. For example, on Fedora the following command line should be
 sufficient to install all of systemd's build dependencies:
 ```
 # dnf builddep systemd
@ -81,12 +90,11 @@ $ git clone https://github.com/systemd/systemd.git
 $ cd systemd
 $ vim src/core/main.c                     # or wherever you'd like to make your changes
 $ meson build                             # configure the build
-$ ninja -C build                          # build it locally, see if everything compiles fine
+$ meson compile -C build                  # build it locally, see if everything compiles fine
-$ ninja -C build test                     # run some simple regression tests
+$ meson test -C build                     # run some simple regression tests
 $ ln -s .mkosi/mkosi.fedora mkosi.default # Configure mkosi to build a fedora image
 $ (umask 077; echo 123 > mkosi.rootpw)    # set root password used by mkosi
 $ sudo mkosi                              # build a test image
-$ sudo systemd-nspawn -bi image.raw       # boot up the test image
+$ sudo mkosi boot                         # boot up the test image
 $ git add -p                              # interactively put together your patch
 $ git commit                              # commit it
 $ git push REMOTE HEAD:refs/heads/BRANCH
@ -136,3 +144,83 @@ For more details on building fuzzers and integrating with OSS-Fuzz, visit:
 - [Setting up a new project - OSS-Fuzz](https://google.github.io/oss-fuzz/getting-started/new-project-guide/)
 - [Tutorials - OSS-Fuzz](https://google.github.io/oss-fuzz/reference/useful-links/#tutorials)
 ## mkosi + clangd
 [clangd](https://clangd.llvm.org/) is a language server that provides code completion, diagnostics and more
 right in your editor of choice (with the right plugin installed). When using mkosi, we can run clangd in the
 mkosi build container to avoid needing to build systemd on the host machine just to make clangd work. To
 achieve this, create a script with the following contents in systemd's project directory on the host:
 ```sh
 #!/usr/bin/env sh
 tee mkosi-clangd.build > /dev/null << EOF
 #!/usr/bin/env sh
 exec clangd \\
        --compile-commands-dir=/root/build \\
        --path-mappings=\\
 "\\
 $(pwd)=/root/src,\\
 $(pwd)/mkosi.builddir=/root/build,\\
 $(pwd)/mkosi.includedir=/usr/include,\\
 $(pwd)/mkosi.installdir=/root/dest\\
 " \\
        --header-insertion=never
 EOF
 chmod +x mkosi-clangd.build
 exec sudo mkosi --source-file-transfer=mount --incremental --skip-final-phase --build-script mkosi-clangd.build build
 ```
 Next, mark the script as executable and point your editor plugin to use this script to start clangd. For
 vscode's clangd extension, this is done via setting the `clangd.path` option to the path of the
 mkosi-clangd.sh script.
 To be able to navigate to include files of systemd's dependencies, we need to make the /usr/include folder of
 the build image available on the host. mkosi supports this by setting the `IncludeDirectory` option in
 mkosi's config. The easiest way to set the option is to create a file 20-local.conf in mkosi.default.d/ and
 add the following contents:
 ```
 [Packages]
 IncludeDirectory=mkosi.includedir
 ```
 This will make the contents of /usr/include available in mkosi.includedir in the systemd project directory.
 We already configured clangd to map any paths in /usr/include in the build image to mkosi.includedir/ on the
 host in the mkosi-clangd.sh script.
 We also need to make sure clangd is installed in the build image. To have mkosi install clangd in the build
 image, edit the 20-local.conf file we created earlier and add the following contents under the `[Packages]`
 section:
 ```
 BuildPackages=<clangd-package>
 ```
 Note that the exact package containing clangd will differ depending on the distribution used. Some
 distributions have a separate clangd package, others put the clangd binary in a clang-tools-extra package and
 some bundle clangd in the clang package.
 Because mkosi needs to run as root, we also need to make sure we can enter the root password when the editor
 plugin tries to run the mkosi-clangd.sh script. To be able to enter the root password in non-interactive
 scripts, we use an askpass provider. This is a program that sudo will launch if it detects it's being
 executed from a non-interactive shell so that the root password can still be entered. There are multiple
 implementations such as gnome askpass and KDE askpass. Install one of the askpass packages your distro
 provides and set the `SUDO_ASKPASS` environment variable to the path of the askpass binary you want to use.
 If configured correctly, a window will appear when your editor plugin tries to run the mkosi-clangd.sh script
 allowing you to enter the root password.
 Due to a bug in btrfs, it's currently impossible to mount two mkosi btrfs images at the same time. Because of
 this, trying to do a regular build while the clangd image is running will fail. To circumvent this, use ext4
 instead of btrfs for the images by adding the following contents to 20-local.conf:
 ```
 [Output]
 Format=gpt_ext4
 ```
 Finally, to ensure clangd starts up quickly in the editor, run an incremental build with mkosi to make sure
 the cached images are initialized (`mkosi -i`).
 Now, your editor will start clangd in the mkosi build image and all of clangd's features will work as
 expected.
--- a/docs/PORTABILITY_AND_STABILITY.md
+++ b/docs/PORTABILITY_AND_STABILITY.md
@ -82,7 +82,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | [hostnamed](https://www.freedesktop.org/wiki/Software/systemd/hostnamed) | D-Bus | yes | yes | GNOME | yes | [Ubuntu](https://launchpad.net/ubuntu/+source/ubuntu-system-service), [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
 | [localed](https://www.freedesktop.org/wiki/Software/systemd/localed) | D-Bus | yes | yes | GNOME | yes | [Ubuntu](https://launchpad.net/ubuntu/+source/ubuntu-system-service), [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
 | [timedated](https://www.freedesktop.org/wiki/Software/systemd/timedated) | D-Bus | yes | yes | GNOME | yes | [Gentoo](http://www.gentoo.org/proj/en/desktop/gnome/openrc-settingsd.xml), [BSD](http://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systembsd.git;a=summary) | partially |
-| [initrd interface](https://systemd.io/INITRD_INTERFACE/) | Environment, flag files | yes | yes | dracut, ArchLinux | yes | ArchLinux | no |
+| [initrd interface](https://systemd.io/INITRD_INTERFACE) | Environment, flag files | yes | yes | dracut, ArchLinux | yes | ArchLinux | no |
 | [Container interface](https://systemd.io/CONTAINER_INTERFACE) | Environment, Mounts | yes | yes | libvirt/LXC | yes | - | no |
 | [Boot Loader interface](https://systemd.io/BOOT_LOADER_INTERFACE) | EFI variables | yes | yes | gummiboot | yes | - | no |
 | [Service bus API](https://www.freedesktop.org/wiki/Software/systemd/dbus) | D-Bus | yes | yes | system-config-services | no | - | no |
@ -94,14 +94,14 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | [$XDG_RUNTIME_DIR](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html) | Environment | yes | yes | glib, GNOME | yes | - | no |
 | [$LISTEN_FDS $LISTEN_PID FD Passing](https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html) | Environment | yes | yes | numerous (via sd-daemon.h) | yes | - | no |
 | [$NOTIFY_SOCKET Daemon Notifications](https://www.freedesktop.org/software/systemd/man/sd_notify.html) | Environment | yes | yes | a few, including udev | yes | - | no |
-| [argv&#91;0&#93;&#91;0&#93;='@' Logic](https://systemd.io/ROOT_STORAGE_DAEMONS/) | `/proc` marking | yes | yes | mdadm | yes | - | no |
+| [argv&#91;0&#93;&#91;0&#93;='@' Logic](https://systemd.io/ROOT_STORAGE_DAEMONS) | `/proc` marking | yes | yes | mdadm | yes | - | no |
 | [Unit file format](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) | File format | yes | yes | numerous | no | - | no |
 | [Network](https://www.freedesktop.org/software/systemd/man/systemd.network.html) & [Netdev file format](https://www.freedesktop.org/software/systemd/man/systemd.netdev.html) | File format | yes | yes | no | no | - | no |
 | [Link file format](https://www.freedesktop.org/software/systemd/man/systemd.link.html) | File format | yes | yes | no | no | - | no |
 | [Journal File Format](https://systemd.io/JOURNAL_FILE_FORMAT) | File format | yes | yes | - | maybe | - | no |
 | [Journal Export Format](https://www.freedesktop.org/wiki/Software/systemd/export) | File format | yes | yes | - | yes | - | no |
 | [Cooperation in cgroup tree](https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups) | Treaty | yes | yes | libvirt | yes | libvirt | no |
-| [Password Agents](https://systemd.io/PASSWORD_AGENTS/) | Socket+Files | yes | yes | - | yes | - | no |
+| [Password Agents](https://systemd.io/PASSWORD_AGENTS) | Socket+Files | yes | yes | - | yes | - | no |
 | [udev multi-seat properties](https://www.freedesktop.org/software/systemd/man/sd-login.html) | udev Property | yes | yes | X11, gdm | no | - | no |
 | udev session switch ACL properties | udev Property | no | no | - | no | - | no |
 | [CLI of systemctl,...](https://www.freedesktop.org/software/systemd/man/systemctl.html) | CLI | yes | yes | numerous | no | - | no |
@ -120,7 +120,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
 | `/run` | File hierarchy change | yes | yes | numerous | yes | OpenSUSE, Debian, ArchLinux | no |
 | [Generators](https://www.freedesktop.org/software/systemd/man/systemd.generator.html) | Subprocess | yes | yes | - | no | - | no |
 | [System Updates](https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html) | System Mode | yes | yes | - | no | - | no |
-| [Presets](https://freedesktop.org/wiki/Software/systemd/Preset) | File format | yes | yes | - | no | - | no |
+| [Presets](https://www.freedesktop.org/software/systemd/man/systemd.preset.html) | File format | yes | yes | - | no | - | no |
 | Udev rules | File format | yes | yes | numerous | no | no | partially |
--- a/docs/RELEASE.md
+++ b/docs/RELEASE.md
@ -7,16 +7,17 @@ layout: default
 # Steps to a Successful Release
 1. Add all items to NEWS
-2. Update the contributors list in NEWS (`ninja -C build git-contrib`)
+2. Update the contributors list in NEWS (`meson compile -C build git-contrib`)
 3. Update the time and place in NEWS
-4. [RC1] Update version and library numbers in `meson.build`
+4. Update hwb (`meson compile -C build update-hwdb update-hwdb-autosuspend`)
-5. Check dbus docs with `ninja -C build man/update-dbus-docs`
+5. [RC1] Update version and library numbers in `meson.build`
-6. Tag the release: `version=vXXX-rcY && git tag -s "${version}" -m "systemd ${version}"`
+6. Check dbus docs with `meson compile -C build update-dbus-docs`
-7. Do `ninja -C build`
+7. Tag the release: `version=vXXX-rcY && git tag -s "${version}" -m "systemd ${version}"`
-8. Make sure that the version string and package string match: `build/systemctl --version`
+8. Do `meson compile -C build`
-9. Upload the documentation: `ninja -C build doc-sync`
+9. Make sure that the version string and package string match: `build/systemctl --version`
-10. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
+10. Upload the documentation: `meson compile -C build doc-sync`
-11. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
+11. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
-12. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
+12. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
-13. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
+13. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
-14. [FINAL] Push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
+14. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
 15. [FINAL] Push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
--- a/docs/ROOT_STORAGE_DAEMONS.md
+++ b/docs/ROOT_STORAGE_DAEMONS.md
@ -108,7 +108,7 @@ to find a different solution to your problem._
 The recommended way to distinguish between run-from-initrd and run-from-rootfs
 for a daemon is to check for `/etc/initrd-release` (which exists on all modern
 initrd implementations, see the [initrd
-Interface](https://systemd.io/INITRD_INTERFACE/) for details) which when exists
+Interface](https://systemd.io/INITRD_INTERFACE) for details) which when exists
 results in `argv[0][0]` being set to `@`, and otherwise doesn't. Something like
 this:
@ -190,4 +190,4 @@ few additional notes for supporting these setups:
  program consult this blog story: [Socket
  Activation](http://0pointer.de/blog/projects/socket-activation.html)
-* Consider having a look at the [initrd Interface of systemd](https://systemd.io/INITRD_INTERFACE/).
+* Consider having a look at the [initrd Interface of systemd](https://systemd.io/INITRD_INTERFACE).
--- a/docs/TRANSIENT-SETTINGS.md
+++ b/docs/TRANSIENT-SETTINGS.md
@ -272,7 +272,8 @@ All cgroup/resource control settings are available for transient units
 ✓ IPAddressDeny=
 ✓ ManagedOOMSwap=
 ✓ ManagedOOMMemoryPressure=
-✓ ManagedOOMMemoryPressureLimitPercent=
+✓ ManagedOOMMemoryPressureLimit=
 ✓ ManagedOOMPreference=
 ```
 ## Process Killing Settings
--- a/docs/TRANSLATORS.md
+++ b/docs/TRANSLATORS.md
@ -26,7 +26,7 @@ To create a translation to a language not yet available, start by creating the
 initial template:
 ```
-$ ninja -C build/ systemd-pot
+$ meson compile -C build/ systemd-pot
 ```
 This will generate file `po/systemd.pot` in the source tree.
@ -50,7 +50,7 @@ using the `poedit` GUI editor.)
 Start by updating the `*.po` files from the latest template:
 ```
-$ ninja -C build/ systemd-update-po
+$ meson compile -C build/ systemd-update-po
 ```
 This will touch all the `*.po` files, so you'll want to pay attention when
@ -74,7 +74,7 @@ using `git checkout -- po/` after you commit the changes you do want to keep.)
 You can recompile the `*.po` files using the following command:
 ```
-$ ninja -C build/ systemd-gmo
+$ meson compile -C build/ systemd-gmo
 ```
 The resulting files will be saved in the `build/po/` directory.
--- a/docs/USER_GROUP_API.md
+++ b/docs/USER_GROUP_API.md
@ -247,7 +247,7 @@ user is a member of the group. If both arguments are specified the specified
 membership will be tested for, but no others, and the pair is returned if it is
 defined. Unless both arguments are specified the method call needs to be made
 with `more` set, so that multiple replies can be returned (since typically
-there are are multiple members per group and also multiple groups a user is
+there are multiple members per group and also multiple groups a user is
 member of). As with `GetUserRecord` and `GetGroupRecord` the `service`
 parameter needs to contain the name of the service being talked to, in order to
 allow implementation of multiple service within the same IPC socket. In case no
--- a/docs/USER_NAMES.md
+++ b/docs/USER_NAMES.md
@ -87,8 +87,8 @@ hyphen. A size limit is enforced: the minimum of `sysconf(_SC_LOGIN_NAME_MAX)`
 (typically 256 on Linux; rationale: this is how POSIX suggests to detect the
 limit), `UT_NAMESIZE-1` (typically 31 on Linux; rationale: names longer than
 this cannot correctly appear in `utmp`/`wtmp` and create ambiguity with login
-accounting) and `FILENAME_MAX` (4096 on Linux; rationale: user names typically
+accounting) and `NAME_MAX` (255 on Linux; rationale: user names typically
-appear in directory names, i.e. the home directory), thus MIN(256, 31, 4096) =
+appear in directory names, i.e. the home directory), thus MIN(256, 31, 255) =
 31.
 Note that these rules are both more strict and more relaxed than all of the
--- a/docs/_includes/footer.html
+++ b/docs/_includes/footer.html
@ -1,5 +1,5 @@
 <footer class="site-footer">
-  <p>&copy; systemd, 2020</p>
+  <p>&copy; systemd, 2021</p>
-  <p><a href="https://github.com/systemd/systemd">Website source</a></p>
+  <p><a href="https://github.com/systemd/systemd/tree/main/docs">Website source</a></p>
 </footer>
--- a/docs/style.css
+++ b/docs/style.css
@ -116,6 +116,11 @@ footer {
  margin-top: 4rem;
 }
 /* Make tables vertically aligned to the top */
 tbody td {
  vertical-align: top;
 }
 /* Github Code Highlighting */
 .highlight table td { padding: 5px; }
 .highlight table pre { margin: 0; }
--- a/hwdb.d/20-OUI.hwdb
+++ b/hwdb.d/20-OUI.hwdb
--- a/hwdb.d/20-acpi-vendor.hwdb
+++ b/hwdb.d/20-acpi-vendor.hwdb
@ -51,6 +51,9 @@ acpi:ATML*:
 acpi:AUTH*:
 ID_VENDOR_FROM_DATABASE=AuthenTec
 acpi:BABA*:
 ID_VENDOR_FROM_DATABASE=Alibaba Co., Ltd.
 acpi:BOOT*:
 ID_VENDOR_FROM_DATABASE=Coreboot Project
@ -93,6 +96,9 @@ acpi:ESSX*:
 acpi:EXAR*:
 ID_VENDOR_FROM_DATABASE=Exar Corporation
 acpi:FRMW*:
 ID_VENDOR_FROM_DATABASE=Framework Computer LLC
 acpi:FRSC*:
 ID_VENDOR_FROM_DATABASE=Freescale, Inc
@ -168,6 +174,9 @@ acpi:IP3T*:
 acpi:IPHI*:
 ID_VENDOR_FROM_DATABASE=Inphi Corporation
 acpi:JSYS*:
 ID_VENDOR_FROM_DATABASE=Juniper Systems, Inc.
 acpi:KIOX*:
 ID_VENDOR_FROM_DATABASE=Kionix, Inc.
@ -228,6 +237,9 @@ acpi:PHYT*:
 acpi:PIXA*:
 ID_VENDOR_FROM_DATABASE=PixArt imaging inc.
 acpi:PNSO*:
 ID_VENDOR_FROM_DATABASE=Pensando Systems, Inc.
 acpi:QCOM*:
 ID_VENDOR_FROM_DATABASE=Qualcomm Inc
@ -243,6 +255,9 @@ acpi:RKCP*:
 acpi:RZSN*:
 ID_VENDOR_FROM_DATABASE=Rozsnyó, s.r.o.
 acpi:SECC*:
 ID_VENDOR_FROM_DATABASE=Seiko Epson Corporation
 acpi:SHRP*:
 ID_VENDOR_FROM_DATABASE=Sharp Corporation
@ -592,7 +607,7 @@ acpi:ALO*:
 ID_VENDOR_FROM_DATABASE=Algolith Inc.
 acpi:ALP*:
- ID_VENDOR_FROM_DATABASE=Alps Electric Company Ltd
+ ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
 acpi:ALR*:
 ID_VENDOR_FROM_DATABASE=Advanced Logic
@ -718,7 +733,7 @@ acpi:APD*:
 ID_VENDOR_FROM_DATABASE=AppliAdata
 acpi:APE*:
- ID_VENDOR_FROM_DATABASE=Alpine Electronics, Inc.
+ ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
 acpi:APG*:
 ID_VENDOR_FROM_DATABASE=Horner Electric Inc
@ -883,7 +898,7 @@ acpi:AUG*:
 ID_VENDOR_FROM_DATABASE=August Home, Inc.
 acpi:AUI*:
- ID_VENDOR_FROM_DATABASE=Alps Electric Inc
+ ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
 acpi:AUO*:
 ID_VENDOR_FROM_DATABASE=AU Optronics
@ -1473,6 +1488,9 @@ acpi:CLM*:
 acpi:CLO*:
 ID_VENDOR_FROM_DATABASE=Clone Computers
 acpi:CLR*:
 ID_VENDOR_FROM_DATABASE=Clover Electronics
 acpi:CLT*:
 ID_VENDOR_FROM_DATABASE=automated computer control systems
@ -1521,6 +1539,9 @@ acpi:CNB*:
 acpi:CNC*:
 ID_VENDOR_FROM_DATABASE=Alvedon Computers Ltd
 acpi:CND*:
 ID_VENDOR_FROM_DATABASE=Micro-Star Int'l Co., Ltd.
 acpi:CNE*:
 ID_VENDOR_FROM_DATABASE=Cine-tal
@ -1620,6 +1641,9 @@ acpi:CRI*:
 acpi:CRL*:
 ID_VENDOR_FROM_DATABASE=Creative Logic
 acpi:CRM*:
 ID_VENDOR_FROM_DATABASE=CORSAIR MEMORY Inc.
 acpi:CRN*:
 ID_VENDOR_FROM_DATABASE=Cornerstone Imaging
@ -3891,6 +3915,9 @@ acpi:KTK*:
 acpi:KTN*:
 ID_VENDOR_FROM_DATABASE=Katron Tech Inc
 acpi:KTS*:
 ID_VENDOR_FROM_DATABASE=Kyokko Communication System Co., Ltd.
 acpi:KUR*:
 ID_VENDOR_FROM_DATABASE=Kurta Corporation
@ -4986,6 +5013,9 @@ acpi:NVT*:
 acpi:NWC*:
 ID_VENDOR_FROM_DATABASE=NW Computer Engineering
 acpi:NWL*:
 ID_VENDOR_FROM_DATABASE=Newline Interactive Inc.
 acpi:NWP*:
 ID_VENDOR_FROM_DATABASE=NovaWeb Technologies Inc
@ -6732,6 +6762,9 @@ acpi:TGS*:
 acpi:TGV*:
 ID_VENDOR_FROM_DATABASE=Grass Valley Germany GmbH
 acpi:TGW*:
 ID_VENDOR_FROM_DATABASE=TECHNOGYM S.p.A.
 acpi:THN*:
 ID_VENDOR_FROM_DATABASE=Thundercom Holdings Sdn. Bhd.
@ -6813,6 +6846,9 @@ acpi:TMI*:
 acpi:TMM*:
 ID_VENDOR_FROM_DATABASE=Time Management, Inc.
 acpi:TMO*:
 ID_VENDOR_FROM_DATABASE=Terumo Corporation
 acpi:TMR*:
 ID_VENDOR_FROM_DATABASE=Taicom International Inc
--- a/hwdb.d/20-acpi-vendor.hwdb.patch
+++ b/hwdb.d/20-acpi-vendor.hwdb.patch
@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base	2020-11-26 13:49:35.243482590 +0100
+--- 20-acpi-vendor.hwdb.base	2021-03-30 13:03:54.632421502 +0200
-+++ 20-acpi-vendor.hwdb	2020-11-26 13:49:35.260482675 +0100
+++ 20-acpi-vendor.hwdb	2021-03-30 13:03:54.650421692 +0200
@@ -3,6 +3,8 @@
 # Data imported from:
 #     https://uefi.org/uefi-pnp-export
@ -19,7 +19,7 @@
 acpi:AMDI*:
  ID_VENDOR_FROM_DATABASE=AMD
-@@ -295,6 +294,9 @@
+@@ -310,6 +309,9 @@
 acpi:AAA*:
  ID_VENDOR_FROM_DATABASE=Avolites Ltd
@ -29,7 +29,7 @@
 acpi:AAE*:
  ID_VENDOR_FROM_DATABASE=Anatek Electronics Inc.
-@@ -322,6 +324,9 @@
+@@ -337,6 +339,9 @@
 acpi:ABO*:
  ID_VENDOR_FROM_DATABASE=D-Link Systems Inc
@ -39,7 +39,7 @@
 acpi:ABS*:
  ID_VENDOR_FROM_DATABASE=Abaco Systems, Inc.
-@@ -367,7 +372,7 @@
+@@ -382,7 +387,7 @@
 acpi:ACO*:
  ID_VENDOR_FROM_DATABASE=Allion Computer Inc.
@ -48,7 +48,7 @@
  ID_VENDOR_FROM_DATABASE=Aspen Tech Inc
 acpi:ACR*:
-@@ -640,6 +645,9 @@
+@@ -655,6 +660,9 @@
 acpi:AMT*:
  ID_VENDOR_FROM_DATABASE=AMT International Industry
@ -58,7 +58,7 @@
 acpi:AMX*:
  ID_VENDOR_FROM_DATABASE=AMX LLC
-@@ -688,6 +696,9 @@
+@@ -703,6 +711,9 @@
 acpi:AOA*:
  ID_VENDOR_FROM_DATABASE=AOpen Inc.
@ -68,7 +68,7 @@
 acpi:AOE*:
  ID_VENDOR_FROM_DATABASE=Advanced Optics Electronics, Inc.
-@@ -697,6 +708,9 @@
+@@ -712,6 +723,9 @@
 acpi:AOT*:
  ID_VENDOR_FROM_DATABASE=Alcatel
@ -78,8 +78,8 @@
 acpi:APC*:
  ID_VENDOR_FROM_DATABASE=American Power Conversion
-@@ -872,7 +886,7 @@
+@@ -887,7 +901,7 @@
-  ID_VENDOR_FROM_DATABASE=Alps Electric Inc
+  ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
 acpi:AUO*:
 - ID_VENDOR_FROM_DATABASE=DO NOT USE - AUO
@ -87,7 +87,7 @@
 acpi:AUR*:
  ID_VENDOR_FROM_DATABASE=Aureal Semiconductor
-@@ -952,6 +966,9 @@
+@@ -967,6 +981,9 @@
 acpi:AXE*:
  ID_VENDOR_FROM_DATABASE=Axell Corporation
@ -97,7 +97,7 @@
 acpi:AXI*:
  ID_VENDOR_FROM_DATABASE=American Magnetics
-@@ -1102,6 +1119,9 @@
+@@ -1117,6 +1134,9 @@
 acpi:BML*:
  ID_VENDOR_FROM_DATABASE=BIOMED Lab
@ -107,7 +107,7 @@
 acpi:BMS*:
  ID_VENDOR_FROM_DATABASE=BIOMEDISYS
-@@ -1114,6 +1134,9 @@
+@@ -1129,6 +1149,9 @@
 acpi:BNO*:
  ID_VENDOR_FROM_DATABASE=Bang & Olufsen
@ -117,7 +117,7 @@
 acpi:BNS*:
  ID_VENDOR_FROM_DATABASE=Boulder Nonlinear Systems
-@@ -1357,6 +1380,9 @@
+@@ -1372,6 +1395,9 @@
 acpi:CHA*:
  ID_VENDOR_FROM_DATABASE=Chase Research PLC
@ -127,7 +127,7 @@
 acpi:CHD*:
  ID_VENDOR_FROM_DATABASE=ChangHong Electric Co.,Ltd
-@@ -1513,6 +1539,9 @@
+@@ -1534,6 +1560,9 @@
 acpi:COD*:
  ID_VENDOR_FROM_DATABASE=CODAN Pty. Ltd.
@ -137,7 +137,7 @@
 acpi:COI*:
  ID_VENDOR_FROM_DATABASE=Codec Inc.
-@@ -1919,7 +1948,7 @@
+@@ -1943,7 +1972,7 @@
  ID_VENDOR_FROM_DATABASE=Dragon Information Technology
 acpi:DJE*:
@ -146,7 +146,7 @@
 acpi:DJP*:
  ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd
-@@ -2251,6 +2280,9 @@
+@@ -2275,6 +2304,9 @@
 acpi:EIN*:
  ID_VENDOR_FROM_DATABASE=Elegant Invention
@ -156,7 +156,7 @@
 acpi:EKA*:
  ID_VENDOR_FROM_DATABASE=MagTek Inc.
-@@ -2512,6 +2544,9 @@
+@@ -2536,6 +2568,9 @@
 acpi:FCG*:
  ID_VENDOR_FROM_DATABASE=First International Computer Ltd
@ -166,7 +166,7 @@
 acpi:FCS*:
  ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc.
-@@ -2885,7 +2920,7 @@
+@@ -2909,7 +2944,7 @@
  ID_VENDOR_FROM_DATABASE=General Standards Corporation
 acpi:GSM*:
@ -175,7 +175,7 @@
 acpi:GSN*:
  ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc.
-@@ -2986,6 +3021,9 @@
+@@ -3010,6 +3045,9 @@
 acpi:HEC*:
  ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd.
@ -185,7 +185,7 @@
 acpi:HEL*:
  ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd
-@@ -3115,6 +3153,9 @@
+@@ -3139,6 +3177,9 @@
 acpi:HSD*:
  ID_VENDOR_FROM_DATABASE=HannStar Display Corp
@ -195,7 +195,7 @@
 acpi:HSM*:
  ID_VENDOR_FROM_DATABASE=AT&T Microelectronics
-@@ -3238,6 +3279,9 @@
+@@ -3262,6 +3303,9 @@
 acpi:ICI*:
  ID_VENDOR_FROM_DATABASE=Infotek Communication Inc
@ -205,7 +205,7 @@
 acpi:ICM*:
  ID_VENDOR_FROM_DATABASE=Intracom SA
-@@ -3334,6 +3378,9 @@
+@@ -3358,6 +3402,9 @@
 acpi:IKE*:
  ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd.
@ -215,7 +215,7 @@
 acpi:IKS*:
  ID_VENDOR_FROM_DATABASE=Ikos Systems Inc
-@@ -3379,6 +3426,9 @@
+@@ -3403,6 +3450,9 @@
 acpi:IMT*:
  ID_VENDOR_FROM_DATABASE=Inmax Technology Corporation
@ -225,7 +225,7 @@
 acpi:INA*:
  ID_VENDOR_FROM_DATABASE=Inventec Corporation
-@@ -3886,6 +3936,9 @@
+@@ -3913,6 +3963,9 @@
 acpi:LAN*:
  ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc
@ -235,7 +235,7 @@
 acpi:LAS*:
  ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S
-@@ -3931,6 +3984,9 @@
+@@ -3958,6 +4011,9 @@
 acpi:LED*:
  ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc
@ -245,7 +245,7 @@
 acpi:LEG*:
  ID_VENDOR_FROM_DATABASE=Legerity, Inc
-@@ -3946,6 +4002,9 @@
+@@ -3973,6 +4029,9 @@
 acpi:LGC*:
  ID_VENDOR_FROM_DATABASE=Logic Ltd
@ -255,7 +255,7 @@
 acpi:LGI*:
  ID_VENDOR_FROM_DATABASE=Logitech Inc
-@@ -4000,6 +4059,9 @@
+@@ -4027,6 +4086,9 @@
 acpi:LND*:
  ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd
@ -265,7 +265,7 @@
 acpi:LNK*:
  ID_VENDOR_FROM_DATABASE=Link Tech Inc
-@@ -4034,7 +4096,7 @@
+@@ -4061,7 +4123,7 @@
  ID_VENDOR_FROM_DATABASE=Design Technology
 acpi:LPL*:
@ -274,7 +274,7 @@
 acpi:LSC*:
  ID_VENDOR_FROM_DATABASE=LifeSize Communications
-@@ -4210,6 +4272,9 @@
+@@ -4237,6 +4299,9 @@
 acpi:MCX*:
  ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc.
@ -284,7 +284,7 @@
 acpi:MDA*:
  ID_VENDOR_FROM_DATABASE=Media4 Inc
-@@ -4450,6 +4515,9 @@
+@@ -4477,6 +4542,9 @@
 acpi:MOM*:
  ID_VENDOR_FROM_DATABASE=Momentum Data Systems
@ -294,7 +294,7 @@
 acpi:MOS*:
  ID_VENDOR_FROM_DATABASE=Moses Corporation
-@@ -4678,6 +4746,9 @@
+@@ -4705,6 +4773,9 @@
 acpi:NAL*:
  ID_VENDOR_FROM_DATABASE=Network Alchemy
@ -304,7 +304,7 @@
 acpi:NAT*:
  ID_VENDOR_FROM_DATABASE=NaturalPoint Inc.
-@@ -5185,6 +5256,9 @@
+@@ -5215,6 +5286,9 @@
 acpi:PCX*:
  ID_VENDOR_FROM_DATABASE=PC Xperten
@ -314,7 +314,7 @@
 acpi:PDM*:
  ID_VENDOR_FROM_DATABASE=Psion Dacom Plc.
-@@ -5248,9 +5322,6 @@
+@@ -5278,9 +5352,6 @@
 acpi:PHE*:
  ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH
@ -324,7 +324,7 @@
 acpi:PHL*:
  ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company
-@@ -5338,9 +5409,6 @@
+@@ -5368,9 +5439,6 @@
 acpi:PNL*:
  ID_VENDOR_FROM_DATABASE=Panelview, Inc.
@ -334,7 +334,7 @@
 acpi:PNR*:
  ID_VENDOR_FROM_DATABASE=Planar Systems, Inc.
-@@ -5476,15 +5544,9 @@
+@@ -5506,15 +5574,9 @@
 acpi:PTS*:
  ID_VENDOR_FROM_DATABASE=Plain Tree Systems Inc
@ -350,7 +350,7 @@
 acpi:PVG*:
  ID_VENDOR_FROM_DATABASE=Proview Global Co., Ltd
-@@ -5800,9 +5862,6 @@
+@@ -5830,9 +5892,6 @@
 acpi:RTI*:
  ID_VENDOR_FROM_DATABASE=Rancho Tech Inc
@ -360,7 +360,7 @@
 acpi:RTL*:
  ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd
-@@ -5968,9 +6027,6 @@
+@@ -5998,9 +6057,6 @@
 acpi:SEE*:
  ID_VENDOR_FROM_DATABASE=SeeColor Corporation
@ -370,7 +370,7 @@
 acpi:SEI*:
  ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc
-@@ -6430,6 +6486,9 @@
+@@ -6460,6 +6516,9 @@
 acpi:SVD*:
  ID_VENDOR_FROM_DATABASE=SVD Computer
@ -380,7 +380,7 @@
 acpi:SVI*:
  ID_VENDOR_FROM_DATABASE=Sun Microsystems
-@@ -6514,6 +6573,9 @@
+@@ -6544,6 +6603,9 @@
 acpi:SZM*:
  ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd
@ -390,7 +390,7 @@
 acpi:TAA*:
  ID_VENDOR_FROM_DATABASE=Tandberg
-@@ -6604,6 +6666,9 @@
+@@ -6634,6 +6696,9 @@
 acpi:TDG*:
  ID_VENDOR_FROM_DATABASE=Six15 Technologies
@ -400,7 +400,7 @@
 acpi:TDM*:
  ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc
-@@ -6646,6 +6711,9 @@
+@@ -6676,6 +6741,9 @@
 acpi:TEV*:
  ID_VENDOR_FROM_DATABASE=Televés, S.A.
@ -410,7 +410,7 @@
 acpi:TEZ*:
  ID_VENDOR_FROM_DATABASE=Tech Source Inc.
-@@ -6760,9 +6828,6 @@
+@@ -6796,9 +6864,6 @@
 acpi:TNC*:
  ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd
@ -420,7 +420,7 @@
 acpi:TNM*:
  ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA
-@@ -7069,14 +7134,14 @@
+@@ -7105,14 +7170,14 @@
 acpi:UNC*:
  ID_VENDOR_FROM_DATABASE=Unisys Corporation
@ -441,7 +441,7 @@
 acpi:UNI*:
  ID_VENDOR_FROM_DATABASE=Uniform Industry Corp.
-@@ -7111,6 +7176,9 @@
+@@ -7147,6 +7212,9 @@
 acpi:USA*:
  ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG
@ -451,7 +451,7 @@
 acpi:USD*:
  ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation
-@@ -7357,9 +7425,6 @@
+@@ -7393,9 +7461,6 @@
 acpi:WAL*:
  ID_VENDOR_FROM_DATABASE=Wave Access
@ -461,7 +461,7 @@
 acpi:WAV*:
  ID_VENDOR_FROM_DATABASE=Wavephore
-@@ -7484,7 +7549,7 @@
+@@ -7520,7 +7585,7 @@
  ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC
 acpi:WYS*:
@ -470,7 +470,7 @@
 acpi:WYT*:
  ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd.
-@@ -7498,9 +7563,6 @@
+@@ -7534,9 +7599,6 @@
 acpi:XDM*:
  ID_VENDOR_FROM_DATABASE=XDM Ltd.
@ -480,7 +480,7 @@
 acpi:XES*:
  ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc.
-@@ -7531,9 +7593,6 @@
+@@ -7567,9 +7629,6 @@
 acpi:XNT*:
  ID_VENDOR_FROM_DATABASE=XN Technologies, Inc.
@ -490,7 +490,7 @@
 acpi:XQU*:
  ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD
-@@ -7600,6 +7659,9 @@
+@@ -7636,6 +7695,9 @@
 acpi:ZBX*:
  ID_VENDOR_FROM_DATABASE=Zebax Technologies
--- a/hwdb.d/20-dmi-id.hwdb
+++ b/hwdb.d/20-dmi-id.hwdb
@ -0,0 +1,6 @@
 # This file is part of systemd
 # Fix "Lenovo" capitalization in /sys/class/dmi/id/sys_vendor
 dmi:bvnLENOVO*
    ID_SYSFS_ATTRIBUTE_MODEL=product_version
    ID_VENDOR_FROM_DATABASE=Lenovo
--- a/hwdb.d/20-pci-vendor-model.hwdb
+++ b/hwdb.d/20-pci-vendor-model.hwdb
--- a/hwdb.d/20-usb-vendor-model.hwdb
+++ b/hwdb.d/20-usb-vendor-model.hwdb
@ -4511,6 +4511,9 @@ usb:v0421p0156*
 usb:v0421p0157*
 ID_MODEL_FROM_DATABASE=5800 XpressMusic (Imaging mode)
 usb:v0421p0189*
 ID_MODEL_FROM_DATABASE=N810 Internet Tablet WiMAX
 usb:v0421p0199*
 ID_MODEL_FROM_DATABASE=6700 Classic (msc)
@ -4533,7 +4536,7 @@ usb:v0421p01C7*
 ID_MODEL_FROM_DATABASE=N900 (Storage Mode)
 usb:v0421p01C8*
- ID_MODEL_FROM_DATABASE=N900 (PC-Suite Mode)
+ ID_MODEL_FROM_DATABASE=N900/N950 (PC-Suite Mode)
 usb:v0421p0228*
 ID_MODEL_FROM_DATABASE=5530 XpressMusic
@ -4593,7 +4596,10 @@ usb:v0421p03CD*
 ID_MODEL_FROM_DATABASE=C7-00 (Nokia Suite mode)
 usb:v0421p03D1*
- ID_MODEL_FROM_DATABASE=N950
+ ID_MODEL_FROM_DATABASE=N950 (Storage Mode)
 usb:v0421p03D2*
 ID_MODEL_FROM_DATABASE=N950 (PC Suite mode)
 usb:v0421p0400*
 ID_MODEL_FROM_DATABASE=7600 Phone Parent
@ -4686,7 +4692,7 @@ usb:v0421p0429*
 ID_MODEL_FROM_DATABASE=6230i MultiMedia Card
 usb:v0421p0431*
- ID_MODEL_FROM_DATABASE=770 Internet Tablet
+ ID_MODEL_FROM_DATABASE=770/N800 Internet Tablet
 usb:v0421p0432*
 ID_MODEL_FROM_DATABASE=N90 Phone Parent
@ -4788,7 +4794,13 @@ usb:v0421p0509*
 ID_MODEL_FROM_DATABASE=E65 (Storage mode)
 usb:v0421p0518*
- ID_MODEL_FROM_DATABASE=N9 Phone
+ ID_MODEL_FROM_DATABASE=N9 (Storage mode)
 usb:v0421p0519*
 ID_MODEL_FROM_DATABASE=N9 (RNDIS/Ethernet mode)
 usb:v0421p051A*
 ID_MODEL_FROM_DATABASE=N9 (PC Suite mode)
 usb:v0421p054D*
 ID_MODEL_FROM_DATABASE=C2-01
@ -26198,6 +26210,9 @@ usb:v05FCp0001*
 usb:v05FCp0010*
 ID_MODEL_FROM_DATABASE=Soundcraft Si MADI combo card
 usb:v05FCp0021*
 ID_MODEL_FROM_DATABASE=Soundcraft Signature 12 MTK
 usb:v05FCp7849*
 ID_MODEL_FROM_DATABASE=Harman/Kardon SoundSticks
@ -67280,6 +67295,15 @@ usb:v32B3pD1A6*
 usb:v32B3pD1A7*
 ID_MODEL_FROM_DATABASE=TXT Multihub
 usb:v3310*
 ID_VENDOR_FROM_DATABASE=MUDITA Sp. z o.o.
 usb:v3310p0100*
 ID_MODEL_FROM_DATABASE=Pure
 usb:v3310p0101*
 ID_MODEL_FROM_DATABASE=Pure tethering
 usb:v3333*
 ID_VENDOR_FROM_DATABASE=InLine
@ -67313,6 +67337,15 @@ usb:v3344*
 usb:v3344p3744*
 ID_MODEL_FROM_DATABASE=OEM PC Remote
 usb:v3384*
 ID_VENDOR_FROM_DATABASE=System76
 usb:v3384p0000*
 ID_MODEL_FROM_DATABASE=Thelio Io (thelio-io)
 usb:v3384p0001*
 ID_MODEL_FROM_DATABASE=Launch Configurable Keyboard (launch_1)
 usb:v348F*
 ID_VENDOR_FROM_DATABASE=ISY
--- a/hwdb.d/60-autosuspend-fingerprint-reader.hwdb
+++ b/hwdb.d/60-autosuspend-fingerprint-reader.hwdb
@ -0,0 +1,277 @@
 # This file is part of systemd.
 #
 # Rules to autosuspend known fingerprint readers (pulled from libfprint).
 #
 # SPDX-License-Identifier: LGPL-2.1-or-later
 # This file has been generated using fprint-list-udev-hwdb with all drivers enabled
 # Supported by libfprint driver aes1610
 usb:v08FFp1600*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver aes1660
 usb:v08FFp1660*
 usb:v08FFp1680*
 usb:v08FFp1681*
 usb:v08FFp1682*
 usb:v08FFp1683*
 usb:v08FFp1684*
 usb:v08FFp1685*
 usb:v08FFp1686*
 usb:v08FFp1687*
 usb:v08FFp1688*
 usb:v08FFp1689*
 usb:v08FFp168A*
 usb:v08FFp168B*
 usb:v08FFp168C*
 usb:v08FFp168D*
 usb:v08FFp168E*
 usb:v08FFp168F*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver aes2501
 usb:v08FFp2500*
 usb:v08FFp2580*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver aes2550
 usb:v08FFp2550*
 usb:v08FFp2810*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver aes2660
 usb:v08FFp2660*
 usb:v08FFp2680*
 usb:v08FFp2681*
 usb:v08FFp2682*
 usb:v08FFp2683*
 usb:v08FFp2684*
 usb:v08FFp2685*
 usb:v08FFp2686*
 usb:v08FFp2687*
 usb:v08FFp2688*
 usb:v08FFp2689*
 usb:v08FFp268A*
 usb:v08FFp268B*
 usb:v08FFp268C*
 usb:v08FFp268D*
 usb:v08FFp268E*
 usb:v08FFp268F*
 usb:v08FFp2691*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver aes3500
 usb:v08FFp5731*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver aes4000
 usb:v5501p08FF*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver elan
 usb:v04F3p0903*
 usb:v04F3p0907*
 usb:v04F3p0C01*
 usb:v04F3p0C02*
 usb:v04F3p0C03*
 usb:v04F3p0C04*
 usb:v04F3p0C05*
 usb:v04F3p0C06*
 usb:v04F3p0C07*
 usb:v04F3p0C08*
 usb:v04F3p0C09*
 usb:v04F3p0C0A*
 usb:v04F3p0C0B*
 usb:v04F3p0C0C*
 usb:v04F3p0C0D*
 usb:v04F3p0C0E*
 usb:v04F3p0C0F*
 usb:v04F3p0C10*
 usb:v04F3p0C11*
 usb:v04F3p0C12*
 usb:v04F3p0C13*
 usb:v04F3p0C14*
 usb:v04F3p0C15*
 usb:v04F3p0C16*
 usb:v04F3p0C17*
 usb:v04F3p0C18*
 usb:v04F3p0C19*
 usb:v04F3p0C1A*
 usb:v04F3p0C1B*
 usb:v04F3p0C1C*
 usb:v04F3p0C1D*
 usb:v04F3p0C1E*
 usb:v04F3p0C1F*
 usb:v04F3p0C20*
 usb:v04F3p0C21*
 usb:v04F3p0C22*
 usb:v04F3p0C23*
 usb:v04F3p0C24*
 usb:v04F3p0C25*
 usb:v04F3p0C26*
 usb:v04F3p0C27*
 usb:v04F3p0C28*
 usb:v04F3p0C29*
 usb:v04F3p0C2A*
 usb:v04F3p0C2B*
 usb:v04F3p0C2C*
 usb:v04F3p0C2D*
 usb:v04F3p0C2E*
 usb:v04F3p0C2F*
 usb:v04F3p0C30*
 usb:v04F3p0C31*
 usb:v04F3p0C32*
 usb:v04F3p0C33*
 usb:v04F3p0C42*
 usb:v04F3p0C4D*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver etes603
 usb:v1C7Ap0603*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver goodixmoc
 usb:v27C6p5840*
 usb:v27C6p6496*
 usb:v27C6p60A2*
 usb:v27C6p63AC*
 usb:v27C6p639C*
 usb:v27C6p6594*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver synaptics
 usb:v06CBp00BD*
 usb:v06CBp00E9*
 usb:v06CBp00DF*
 usb:v06CBp00F9*
 usb:v06CBp00FC*
 usb:v06CBp00C2*
 usb:v06CBp00C9*
 usb:v06CBp0100*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver upeksonly
 usb:v147Ep2016*
 usb:v147Ep1000*
 usb:v147Ep1001*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver upektc
 usb:v0483p2015*
 usb:v147Ep3001*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver upektc_img
 usb:v147Ep2020*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver uru4000
 usb:v045Ep00BC*
 usb:v045Ep00BD*
 usb:v045Ep00CA*
 usb:v05BAp0007*
 usb:v05BAp0008*
 usb:v05BAp000A*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver vcom5s
 usb:v061Ap0110*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver vfs0050
 usb:v138Ap0050*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver vfs101
 usb:v138Ap0001*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver vfs301
 usb:v138Ap0005*
 usb:v138Ap0008*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver vfs5011
 usb:v138Ap0010*
 usb:v138Ap0011*
 usb:v138Ap0015*
 usb:v138Ap0017*
 usb:v138Ap0018*
 ID_AUTOSUSPEND=1
 # Supported by libfprint driver vfs7552
 usb:v138Ap0091*
 ID_AUTOSUSPEND=1
 # Known unsupported devices
 usb:v04F3p036B*
 usb:v04F3p0C00*
 usb:v04F3p0C4B*
 usb:v04F3p0C4C*
 usb:v04F3p0C4F*
 usb:v04F3p0C57*
 usb:v04F3p0C5E*
 usb:v04F3p2706*
 usb:v06CBp0081*
 usb:v06CBp0088*
 usb:v06CBp008A*
 usb:v06CBp009A*
 usb:v06CBp009B*
 usb:v06CBp00A2*
 usb:v06CBp00B7*
 usb:v06CBp00BB*
 usb:v06CBp00BE*
 usb:v06CBp00C4*
 usb:v06CBp00CB*
 usb:v06CBp00D8*
 usb:v06CBp00DA*
 usb:v0A5Cp5801*
 usb:v0A5Cp5805*
 usb:v0A5Cp5834*
 usb:v0A5Cp5840*
 usb:v0A5Cp5841*
 usb:v0A5Cp5842*
 usb:v0A5Cp5843*
 usb:v0A5Cp5845*
 usb:v10A5p0007*
 usb:v1188p9545*
 usb:v138Ap0007*
 usb:v138Ap003A*
 usb:v138Ap003C*
 usb:v138Ap003D*
 usb:v138Ap003F*
 usb:v138Ap0090*
 usb:v138Ap0092*
 usb:v138Ap0094*
 usb:v138Ap0097*
 usb:v138Ap009D*
 usb:v138Ap00AB*
 usb:v147Ep1002*
 usb:v1491p0088*
 usb:v16D1p1027*
 usb:v1C7Ap0300*
 usb:v1C7Ap0570*
 usb:v1C7Ap0575*
 usb:v27C6p5042*
 usb:v27C6p5110*
 usb:v27C6p5117*
 usb:v27C6p5201*
 usb:v27C6p521D*
 usb:v27C6p5301*
 usb:v27C6p530C*
 usb:v27C6p532D*
 usb:v27C6p533C*
 usb:v27C6p5381*
 usb:v27C6p5385*
 usb:v27C6p538C*
 usb:v27C6p538D*
 usb:v27C6p5395*
 usb:v27C6p5584*
 usb:v27C6p55A2*
 usb:v27C6p55A4*
 usb:v27C6p55B4*
 usb:v27C6p5740*
 usb:v2808p9338*
 usb:v298Dp2033*
 usb:v3538p0930*
 ID_AUTOSUSPEND=1
--- a/hwdb.d/60-evdev.hwdb
+++ b/hwdb.d/60-evdev.hwdb
@ -38,6 +38,15 @@
 # Sort by brand, model
 #########################################
 # ACECAD
 #########################################
 # Acecad Flair / Pentagram Quadpen
 evdev:input:b0003v0460p0004*
 EVDEV_ABS_00=::40
 EVDEV_ABS_01=::40
 #########################################
 # AIPTEK
 #########################################
@ -226,6 +235,13 @@ evdev:name:SynPS/2 Synaptics TouchPad:dmi:*bvn*:bvr*:bd*:svnDellInc.:pnMM061:*
 EVDEV_ABS_00=1008:5793:66
 EVDEV_ABS_01=687:5176:107
 # Dell Latitude E5510
 evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnDellInc.:pnLatitudeE5510:*
 EVDEV_ABS_00=73:1828:26
 EVDEV_ABS_01=101:1319:27
 EVDEV_ABS_35=73:1828:26
 EVDEV_ABS_36=101:1319:27
 # Dell Latitude E6220
 evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE6220:*
 EVDEV_ABS_00=76:1815:22
@ -249,10 +265,10 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE725
 # Dell Latitude E7470
 evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470:*
- EVDEV_ABS_00=29:2930:30
+ EVDEV_ABS_00=29:2930:30:16
- EVDEV_ABS_01=26:1533:29
+ EVDEV_ABS_01=26:1533:29:16
- EVDEV_ABS_35=29:2930:30
+ EVDEV_ABS_35=29:2930:30:16
- EVDEV_ABS_36=26:1533:29
+ EVDEV_ABS_36=26:1533:29:16
 # Dell Precision 5510
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510:*
@ -544,8 +560,9 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoYoga500-14IBD:*
 EVDEV_ABS_35=117:3952:36
 EVDEV_ABS_36=105:1960:26
-# Lenovo Thinkpad T490
+# Lenovo Thinkpad T490 and T14 Gen1
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT490:*
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*:svnLENOVO:*pvrThinkPadT14Gen1:*
 EVDEV_ABS_00=::44
 EVDEV_ABS_01=::52
 EVDEV_ABS_35=::44
@ -558,6 +575,15 @@ evdev:name:MSFT0001:02 04F3:304B Touchpad:dmi:*svnLENOVO:*pvrLenovoLegionY9000X2
 EVDEV_ABS_35=::31
 EVDEV_ABS_36=::30
 #########################################
 # NEWYES
 #########################################
 # NEWYES 10" LCD writing tablet
 evdev:input:b0003v6161p4D15*
 EVDEV_ABS_00=::152
 EVDEV_ABS_01=::244
 #########################################
 # Razer
 #########################################
@ -657,7 +683,12 @@ evdev:input:b0003v172Fp0031*
 EVDEV_ABS_00=0:10000:400
 EVDEV_ABS_01=0:6250:400
-#WALTOP International Corp. Graphics Tablet
+# WALTOP International Corp. Graphics Tablet
 evdev:input:b0003v172Fp0047*
 EVDEV_ABS_00=0:20000:80
 EVDEV_ABS_01=0:12500:80
 # WALTOP International Corp. Batteryless Tablet
 evdev:input:b0003v172Fp0505*
 EVDEV_ABS_00=::160
 EVDEV_ABS_01=::160
--- a/hwdb.d/60-input-id.hwdb
+++ b/hwdb.d/60-input-id.hwdb
@ -72,3 +72,7 @@ id-input:modalias:input:b0003v04B3p301Ee0100-e0,1,2,4*
 # Logitech Ultrathin Touch Mouse
 id-input:modalias:input:b0005v046DpB00De0700*
 ID_INPUT_MOUSE=1
 # Logitech MX Keys
 id-input:modalias:input:b0003v046Dp408Ae0111*
 ID_INPUT_MOUSE=0 
--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@ -323,6 +323,13 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1110:*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1210:*
 KEYBOARD_KEY_84=wlan
 # Dell Inspiron 11 3168
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron11-3168:pvr*
 KEYBOARD_KEY_c7=!home                                 # Fn-LeftArrow
 KEYBOARD_KEY_cf=!end                                  # Fn-RightArrow
 KEYBOARD_KEY_c9=!pageup                               # Fn-UpArrow
 KEYBOARD_KEY_d1=!pagedown                             # Fn-DownArrow
 # Dell Inspiron 1520 and Latitude 2110
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1520:*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*2110:*
@ -376,7 +383,7 @@ evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnPrecision*:*
 KEYBOARD_KEY_100150=f20                                # Mic mute toggle, should be micmute
 # Dell Latitude privacy microphone mute
-evdev:name:Dell Privacy Driver:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*:sku0A3E:*
+evdev:name:Dell Privacy Driver:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*:*
 KEYBOARD_KEY_12001=f20                                 # Mic mute toggle, should be micmute
 ###########################################################
@ -540,19 +547,21 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pn*[sS][pP][eE][cC][tT][rR][eE]*x360Convert
 # Spectre x360 13
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPSpectrex360Convertible13*:*
- KEYBOARD_KEY_82=f20                                    # Fn+F12; Microphone mute button, should be micmute
+# ENVY x360 13
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPENVYx360Convertible13*:*
 KEYBOARD_KEY_82=f20                                    # Microphone mute button, should be micmute
 # HP Elite x2 1013 G3
 evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHPElitex21013G3:*
-  KEYBOARD_KEY_f8=unknown                               # rfkill is also reported by HP Wireless hotkeys
+ KEYBOARD_KEY_f8=unknown                               # rfkill is also reported by HP Wireless hotkeys
-  KEYBOARD_KEY_64=calendar
+ KEYBOARD_KEY_64=calendar
-  KEYBOARD_KEY_81=f20                                   # Microphone mute button
+ KEYBOARD_KEY_81=f20                                   # Microphone mute button
-  KEYBOARD_KEY_ee=switchvideomode                       # Switch display outputs
+ KEYBOARD_KEY_ee=switchvideomode                       # Switch display outputs
-  KEYBOARD_KEY_92=brightnessdown
+ KEYBOARD_KEY_92=brightnessdown
-  KEYBOARD_KEY_97=brightnessup
+ KEYBOARD_KEY_97=brightnessup
 evdev:name:Intel HID events:dmi:bvn*:bvr*:svnHP*:pnHPElitex21013G3:*
-  KEYBOARD_KEY_08=unknown                               # rfkill is also reported by HP Wireless hotkeys
+ KEYBOARD_KEY_08=unknown                               # rfkill is also reported by HP Wireless hotkeys
 # Elitebook
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*Compaq*:*
@ -653,7 +662,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBookFolio1040G2:*
 # HP EliteBook Folio G1
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP:pnHPEliteBookFolioG1:*
 KEYBOARD_KEY_64=calendar
- KEYBOARD_KEY_81=micmute
+ KEYBOARD_KEY_81=f20
 # HP ProBook 650
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP*ProBook*650*:*
@ -691,12 +700,14 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:23:dmi:*:svnHewlett-Packard:pnHPSt
 evdev:name:Huawei WMI hotkeys:dmi:bvn*:bvr*:bd*:svnHUAWEI:*
 KEYBOARD_KEY_287=f20                                   # Microphone mute button, should be micmute
-# Huawei MACH-WX9
+# Huawei MACH-WX9 and EUL-WX9
 evdev:atkbd:dmi:bvn*:bvr*:svnHUAWEI*:pnMACH-WX9:*
 evdev:atkbd:dmi:bvn*:bvr*:svnHUAWEI*:pnEUL-WX9:*
 KEYBOARD_KEY_f7=unknown
 KEYBOARD_KEY_f8=fn
 evdev:name:Huawei WMI hotkeys:dmi:bvn*:bvr*:bd*:svnHUAWEI*:pnMACH-WX9:*
 evdev:name:Huawei WMI hotkeys:dmi:bvn*:bvr*:bd*:svnHUAWEI*:pnEUL-WX9:*
 KEYBOARD_KEY_281=unknown                               # Brightness Down, also emitted by acpi-video, ignore
 KEYBOARD_KEY_282=unknown                               # Brightness Up, also emitted by acpi-video, ignore
@ -1269,6 +1280,16 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnMicro-Star*:pn*A10SC*:*
 KEYBOARD_KEY_f1=f20
 KEYBOARD_KEY_f2=f21
 # MSI Modern series
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnMicro-StarInternational*:pnModern*:*
 KEYBOARD_KEY_f1=f20                                    # Fn+F5 micmute
 KEYBOARD_KEY_76=f21                                    # Fn+F4 touchpad, becomes meta+ctrl+toggle
 KEYBOARD_KEY_91=prog1                                  # Fn+F7 Creation Center, sometime F7
 KEYBOARD_KEY_f2=prog2                                  # Fn+F12 screen rotation
 KEYBOARD_KEY_97=unknown                                # lid close
 KEYBOARD_KEY_98=unknown                                # lid open
                                                        #Fn+PrntScr sends meta+shif+s
 ###########################################################
 # MSI
 ###########################################################
@ -1442,17 +1463,29 @@ evdev:input:b0003v047FpC006*
 # Purism
 ###########################################################
-# Purism Librem 13 V2
+# If you're using an us layout keyboard in one of the below models of
-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v2*:*
+# Purism Librem 13 consider copying this file to /etc/systemd/hwdb.d/
- KEYBOARD_KEY_56=backslash
+# to enable the following rule acording to your model.
-
+#
-# Purism Librem 13 V3
+# There's a bug in the keyboards firmware and the additional rule
-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v3*:*
+# will make your keyboard behave as expected.
- KEYBOARD_KEY_56=backslash
+#
-
+# More info:
-# Purism Librem 13 V4
+# - https://github.com/systemd/systemd/issues/15360
-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v4*:*
+# - https://github.com/systemd/systemd/pull/11516
- KEYBOARD_KEY_56=backslash
+# - https://tracker.pureos.net/T888
 #
 # # Purism Librem 13 V2
 # evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v2*:*
 #  KEYBOARD_KEY_56=backslash
 #
 # # Purism Librem 13 V3
 # evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v3*:*
 #  KEYBOARD_KEY_56=backslash
 #
 # # Purism Librem 13 V4
 # evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v4*:*
 #  KEYBOARD_KEY_56=backslash
 ###########################################################
 # Quanta
@ -1488,6 +1521,20 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*300E[457]*:*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*200E[45]*:*
 KEYBOARD_KEY_ce=!                                      # Fn+F1  launch control setting
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*356V[45]*:pvr*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*355V[45]*:pvr*
 KEYBOARD_KEY_ce=!prog1                  # Fn+F1  launch control setting
 KEYBOARD_KEY_89=!brightnessdown         # Fn+F2  brightness down
 KEYBOARD_KEY_88=!brightnessup           # Fn+F3  brightness up
 KEYBOARD_KEY_82=!switchvideomode        # Fn+F4  display toggle
 KEYBOARD_KEY_f7=!f22                    # Fn+F5  touchpad on
 KEYBOARD_KEY_f9=!f23                    # Fn+F5  touchpad off
 KEYBOARD_KEY_a0=!mute                   # Fn+F6  mute
 KEYBOARD_KEY_ae=!volumedown             # Fn+F7  volume down
 KEYBOARD_KEY_b0=!volumeup               # Fn+F8  volume up
 KEYBOARD_KEY_b3=!prog2                  # Fn+F11 toggle fan/cool mode
 KEYBOARD_KEY_d5=!wlan                   # Fn+F12 toggle wifi
 # Series 5
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*530U*:*
 KEYBOARD_KEY_ce=!prog1                                 # Fn+F1 launch settings
@ -1514,7 +1561,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*940X3G*:*
 KEYBOARD_KEY_96=!kbdillumup                            # Fn+F10 keyboard backlight up
 KEYBOARD_KEY_b3=!prog3                                 # Fn+F11 fan/cooling mode changer
-evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*900X[34][AB]*:*
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svn[sS][aA][mM][sS][uU][nN][gG]*:pn*900X3A*:*
 KEYBOARD_KEY_ce=!                                      # Fn+F8 keyboard backlight up
 KEYBOARD_KEY_8d=!                                      # Fn+F7 keyboard backlight down
 KEYBOARD_KEY_96=!                                      # Fn+F1 performance mode (?)
--- a/hwdb.d/60-sensor.hwdb
+++ b/hwdb.d/60-sensor.hwdb
@ -251,16 +251,11 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
 sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
-# Cube i7 Stylus
+# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B)
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 # Cube i7 Book (i16)
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 # Cube i7 Stylus I8L Model
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 # Cube iWork 10 Flagship
@ -307,6 +302,14 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnDell*:pnVenue10Pro5055:*
 sensor:modalias:acpi:SMO8500*:dmi:*svn*DEXP*:*pn*DEXPOEM:*
 ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
 #########################################
 # Digibras
 #########################################
 # Digibras F10-30
 sensor:modalias:acpi:SMO8500*:dmi:*:svnDigibras:pnF10-30:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 #########################################
 # DIGMA
 #########################################
@ -321,6 +324,12 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:svnDigma:pnCITIE203ES2010EW:*
 sensor:modalias:acpi:ACCE0001*:dmi:*svnEndless*:*pnELT-NL3:*
 ACCEL_MOUNT_MATRIX=0, 1, 0; 0, 0, -1; -1, 0, 0
 #########################################
 # Estar
 #########################################
 sensor:modalias:acpi:SMO8500*:dmi:*:svnEstar:pneSTARBEAUTYHDIntelQuadcore:*
 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
 #########################################
 # Eve Technology
 #########################################
@ -445,6 +454,10 @@ sensor:modalias:acpi:BOSC0200*:dmi:bvnINSYDECorp.:bvrjumperx.T87.KFBNEE:*
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnJumper:pnEZpad:*:rvr.A006:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1
 # EZpad 7
 sensor:modalias:acpi:KIOX0009*:dmi:*:bvrJumper12x.WJ2012.bsBKRCP*:svnJumper:pnEZpad:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 # EZpad Go
 sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:*:svnjumper:pnEZpad:*:ct31:*
 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
@ -484,8 +497,9 @@ sensor:modalias:acpi:BMA250E*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-1030:*
 sensor:modalias:acpi:SMO8500*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-830:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
-# IdeaPad D330
+# IdeaPad D330 and D330-10IGM
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnLENOVO:pn81H3:*
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnLENOVO:*:cvrLenovoideapadD330-10IGM:*
 ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
 # IdeaPad Miix 300
@ -517,13 +531,18 @@ sensor:modalias:acpi:*BOSC0200*:dmi:*:svnLENOVO*:pn80U1:*
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnLINX*:pnLINX1010B:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, -1
-# Linx 12X64 and 12V64
+# Linx 12X64, 12V64 and Vision 8
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnLINX*:pnLINX12*64:*
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnLINX:pnVISION004:*
 ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
 #########################################
 # Medion
 #########################################
 # Medion Akoya E2228T MD61900
 sensor:modalias:acpi:KIOX020A*:dmi:*:svnMEDION:pnE2228TMD61900:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
 ACCEL_LOCATION=base
 # Medion Akoya E1239T MD60568
 sensor:modalias:acpi:KIOX0009*:dmi:*:svnMEDION:pnE1239TMD60568:*
@ -580,6 +599,10 @@ sensor:modalias:acpi:SMO8500*:dmi:*:svnMicro-StarInternationalCo.,Ltd.:pnS100:*
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnCompletElectroServ:pnMY8307:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 # MY8312
 sensor:modalias:acpi:KIOX010A*:dmi:*:svnCompletElectroServSA:pnMY8312:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1
 #########################################
 # Nuvision (TMax)
 #########################################
@ -680,6 +703,14 @@ sensor:modalias:acpi:BOSC0200*:dmi:bvnINSYDECorp.:bvrMx.WT107.KUBNGEA*svnInsyde:
 sensor:modalias:acpi:SMO8500*:dmi:*:svnProwise:pnPT301:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
 #########################################
 # Reeder
 #########################################
 # A8iW-Rev.A
 sensor:modalias:acpi:SMO8500*:dmi:*:rvnReeder:rnA8iW-Rev.A:*
 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
 #########################################
 # Schneider
 #########################################
@ -747,6 +778,10 @@ sensor:modalias:acpi:BMA250*:dmi:*:bvrTREK.G.WI71C.JGBMRBA*:*:svnInsyde:pnST7041
 sensor:modalias:acpi:BMA250*:dmi:*:bvrTREK.G.WI71C.JGBMRBA*:*:svnTrekStor:pnSurfTabwintron7.0ST70416-6:*
 ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
 # SurfTab Wintron 10.1 ST10432-3, generic DMI string, use partial BIOS version match
 sensor:modalias:acpi:SMO8500*:dmi:*:bvrWintron.R25M.02.0*:*:svnInsyde:pnBayTrail:*
 ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
 sensor:modalias:acpi:KIOX000A*:dmi:*:svnTrekStor:pnSurfTabtwin10.1:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
@ -761,11 +796,15 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:bvrTP15-VT5.2.1.3:*:svnTrekStor*:pnSurfTabt
 sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPrimebookC11B:*
 sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
 sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnYourbookC11B:*
 sensor:modalias:acpi:KIOX010A*:dmi:*:svnTREKSTOR:pnYOURBOOKC11B:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, -1
 ACCEL_LOCATION=display
 sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnPrimebookC11B:*
 sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnPRIMEBOOKC11B:*
 sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnYourbookC11B:*
 sensor:modalias:acpi:KIOX020A*:dmi:*:svnTREKSTOR:pnYOURBOOKC11B:*
 ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
 ACCEL_LOCATION=base
--- a/hwdb.d/70-mouse.hwdb
+++ b/hwdb.d/70-mouse.hwdb
@ -190,6 +190,14 @@ mouse:usb:v413cp301a:name:PixArt Dell MS116 USB Optical Mouse:*
 mouse:usb:v0461p4d46:name:USB Optical Mouse:*
 MOUSE_DPI=1000@125
 ##########################################
 # Elecom
 #########################################
 # Elecom HUGE TrackBall (M-HT1DR)
 mouse:usb:v056ep010d:name:ELECOM TrackBall Mouse HUGE TrackBall:*
 MOUSE_DPI=500@125 *1000@125 1500@125
 ##########################################
 # Fujitsu Siemens
 ##########################################
@ -267,6 +275,7 @@ mouse:usb:v04b3p3107:name:*
 # Kensington Expert Mouse trackball
 mouse:usb:v047dp1020:*Kensington Expert Mouse*:*
 ID_INPUT_TRACKBALL=1
 MOUSE_DPI=400@125
 ##########################################
 # Lenovo
@ -424,6 +433,10 @@ mouse:usb:v046dpc51a:name:Logitech USB Receiver:*
 mouse:usb:v046dpc01e:name:Logitech USB-PS/2 Optical Mouse:*
 MOUSE_DPI=400@125 *800@125 1600@125
 # Logitech MX 518 Legendary (HERO sensor)
 mouse:usb:v046dpc08e:name:Logitech MX518 Gaming Mouse:*
 MOUSE_DPI=400@1000 *800@1000 1600@1000 3200@1000 6400@1000
 # Logitech MX1000 Laser Cordless Mouse
 mouse:bluetooth:v046dpb003:name:Logitech MX1000 mouse:*
 MOUSE_DPI=800@80
@ -478,7 +491,9 @@ mouse:bluetooth:v046dpb019:name:MX Master 2S Mouse:*
 MOUSE_WHEEL_CLICK_COUNT=24
 MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL=14
-# Logitech MX Ergo (via Bluetooth)
+# Logitech MX Ergo
 mouse:usb:v046dp406f:name:Logitech MX Ergo:*
 mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:406f:*
 mouse:bluetooth:v046dpb01d:name:MX Ergo Mouse:*
 ID_INPUT_TRACKBALL=1
--- a/hwdb.d/README
+++ b/hwdb.d/README
@ -0,0 +1,11 @@
 Files in this directory specify a description of hardware devices, in the form
 of mappings from modalias-like keys (which identify specific hardware devices)
 to udev properties.
 Files in this directory are not read by udev directly. Instead,
 man:systemd-hwdb(8) compiles them into a binary database.
 See man:hwdb(7) for an overview of the configuration file format, and
 man:systemd-udevd.service(8) for a description of the udev daemon.
 Use 'systemd-analyze cat-config udev/hwdb.d' to display the effective config.
--- a/hwdb.d/acpi_id_registry.html
+++ b/hwdb.d/acpi_id_registry.html
@ -100,6 +100,11 @@
 <tr class="even"><td>CHENGDU HAIGUANG IC DESIGN CO., LTD</td><td>HYGO</td><td>07/15/2020</td> </tr>
 <tr class="odd"><td>PixArt imaging inc.</td><td>PIXA</td><td>07/15/2020</td> </tr>
 <tr class="even"><td>Loongson Technology Corporation Limited</td><td>LOON</td><td>09/10/2020</td> </tr>
 <tr class="odd"><td>Seiko Epson Corporation</td><td>SECC</td><td>02/16/2021</td> </tr>
 <tr class="even"><td>Alibaba Co., Ltd.</td><td>BABA</td><td>02/02/2021</td> </tr>
 <tr class="odd"><td>Juniper Systems, Inc.</td><td>JSYS</td><td>03/18/2021</td> </tr>
 <tr class="even"><td>Framework Computer LLC</td><td>FRMW</td><td>03/22/2021</td> </tr>
 <tr class="odd"><td>Pensando Systems, Inc.</td><td>PNSO</td><td>03/24/2021</td> </tr>
      </tbody>
    </table>
  </body>
--- a/hwdb.d/ma-large.txt
+++ b/hwdb.d/ma-large.txt
--- a/hwdb.d/ma-medium.txt
+++ b/hwdb.d/ma-medium.txt
--- a/hwdb.d/ma-small.txt
+++ b/hwdb.d/ma-small.txt
--- a/hwdb.d/meson.build
+++ b/hwdb.d/meson.build
@ -4,6 +4,8 @@
 # they are very long but quite repetitive and the parser is not very fast.
 # So we don't "test" them.
 hwdb_files_notest = files('''
        README
        20-dmi-id.hwdb
        20-pci-vendor-model.hwdb
        20-pci-classes.hwdb
        20-usb-vendor-model.hwdb
@ -19,6 +21,7 @@ hwdb_files_notest = files('''
 hwdb_files_test = files('''
        60-autosuspend.hwdb
        60-autosuspend-fingerprint-reader.hwdb
        60-evdev.hwdb
        60-input-id.hwdb
        60-keyboard.hwdb
@ -64,9 +67,9 @@ endif
 ############################################################
 run_target(
-        'hwdb-update',
+        'update-hwdb',
-        command : [hwdb_update_sh, meson.current_source_dir()])
+        command : [update_hwdb_sh, meson.current_source_dir()])
 run_target(
-        'autosuspend-update',
+        'update-hwdb-autosuspend',
-        command : [autosuspend_update_sh, project_source_root + '/tools/chromiumos'])
+        command : [update_hwdb_autosuspend_sh, project_source_root])
--- a/hwdb.d/parse_hwdb.py
+++ b/hwdb.d/parse_hwdb.py
@ -33,7 +33,7 @@ try:
                           OneOrMore, Combine, Or, Optional, Suppress, Group,
                           nums, alphanums, printables,
                           stringEnd, pythonStyleComment,
-                           ParseBaseException)
+                           ParseBaseException, __diag__)
 except ImportError:
    print('pyparsing is not available')
    sys.exit(77)
@ -50,6 +50,12 @@ except ImportError:
    # don't do caching on old python
    lru_cache = lambda: (lambda f: f)
 __diag__.warn_multiple_tokens_in_named_alternation = True
 __diag__.warn_ungrouped_named_tokens_in_collection = True
 __diag__.warn_name_set_on_empty_Forward = True
 __diag__.warn_on_multiple_string_args_to_oneof = True
 __diag__.enable_debug_on_named_expressions = True
 EOL = LineEnd().suppress()
 EMPTYLINE = LineEnd()
 COMMENTLINE = pythonStyleComment + EOL
@ -111,9 +117,9 @@ def hwdb_grammar():
 def property_grammar():
    ParserElement.setDefaultWhitespaceChars(' ')
-    dpi_setting = (Optional('*')('DEFAULT') + INTEGER('DPI') + Suppress('@') + INTEGER('HZ'))('SETTINGS*')
+    dpi_setting = Group(Optional('*')('DEFAULT') + INTEGER('DPI') + Suppress('@') + INTEGER('HZ'))('SETTINGS*')
    mount_matrix_row = SIGNED_REAL + ',' + SIGNED_REAL + ',' + SIGNED_REAL
-    mount_matrix = (mount_matrix_row + ';' + mount_matrix_row + ';' + mount_matrix_row)('MOUNT_MATRIX')
+    mount_matrix = Group(mount_matrix_row + ';' + mount_matrix_row + ';' + mount_matrix_row)('MOUNT_MATRIX')
    xkb_setting = Optional(Word(alphanums + '+-/@._'))
    props = (('MOUSE_DPI', Group(OneOrMore(dpi_setting))),
@ -121,20 +127,20 @@ def property_grammar():
             ('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', INTEGER),
             ('MOUSE_WHEEL_CLICK_COUNT', INTEGER),
             ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER),
-             ('ID_AUTOSUSPEND', Literal('1')),
+             ('ID_AUTOSUSPEND', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT', Literal('1')),
+             ('ID_INPUT', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_ACCELEROMETER', Literal('1')),
+             ('ID_INPUT_ACCELEROMETER', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_JOYSTICK', Literal('1')),
+             ('ID_INPUT_JOYSTICK', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_KEY', Literal('1')),
+             ('ID_INPUT_KEY', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_KEYBOARD', Literal('1')),
+             ('ID_INPUT_KEYBOARD', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_MOUSE', Literal('1')),
+             ('ID_INPUT_MOUSE', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_POINTINGSTICK', Literal('1')),
+             ('ID_INPUT_POINTINGSTICK', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_SWITCH', Literal('1')),
+             ('ID_INPUT_SWITCH', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_TABLET', Literal('1')),
+             ('ID_INPUT_TABLET', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_TABLET_PAD', Literal('1')),
+             ('ID_INPUT_TABLET_PAD', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_TOUCHPAD', Literal('1')),
+             ('ID_INPUT_TOUCHPAD', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_TOUCHSCREEN', Literal('1')),
+             ('ID_INPUT_TOUCHSCREEN', Or((Literal('0'), Literal('1')))),
-             ('ID_INPUT_TRACKBALL', Literal('1')),
+             ('ID_INPUT_TRACKBALL', Or((Literal('0'), Literal('1')))),
             ('POINTINGSTICK_SENSITIVITY', INTEGER),
             ('POINTINGSTICK_CONST_ACCEL', REAL),
             ('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))),
@ -240,10 +246,19 @@ def check_one_keycode(prop, value):
                'KBD_LCD_MENU' in key):
            error('Keycode {} unknown', key)
 def check_wheel_clicks(properties):
    pairs = (('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', 'MOUSE_WHEEL_CLICK_COUNT'),
             ('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', 'MOUSE_WHEEL_CLICK_ANGLE'),
             ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', 'MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL'),
             ('MOUSE_WHEEL_CLICK_COUNT', 'MOUSE_WHEEL_CLICK_ANGLE'))
    for pair in pairs:
        if pair[0] in properties and pair[1] not in properties:
            error('{} requires {} to be specified', *pair)
 def check_properties(groups):
    grammar = property_grammar()
    for matches, props in groups:
-        prop_names = set()
+        seen_props = {}
        for prop in props:
            # print('--', prop)
            prop = prop.partition('#')[0].rstrip()
@ -253,9 +268,9 @@ def check_properties(groups):
                error('Failed to parse: {!r}', prop)
                continue
            # print('{!r}'.format(parsed))
-            if parsed.NAME in prop_names:
+            if parsed.NAME in seen_props:
                error('Property {} is duplicated', parsed.NAME)
-            prop_names.add(parsed.NAME)
+            seen_props[parsed.NAME] = parsed.VALUE
            if parsed.NAME == 'MOUSE_DPI':
                check_one_default(prop, parsed.VALUE.SETTINGS)
            elif parsed.NAME == 'ACCEL_MOUNT_MATRIX':
@ -264,6 +279,8 @@ def check_properties(groups):
                val = parsed.VALUE if isinstance(parsed.VALUE, str) else parsed.VALUE[0]
                check_one_keycode(prop, val)
        check_wheel_clicks(seen_props)
 def print_summary(fname, groups):
    n_matches = sum(len(matches) for matches, props in groups)
    n_props = sum(len(props) for matches, props in groups)
--- a/hwdb.d/pci.ids
+++ b/hwdb.d/pci.ids
--- a/hwdb.d/pnp_id_registry.html
+++ b/hwdb.d/pnp_id_registry.html
@ -108,9 +108,9 @@
 <tr class="even"><td>Alpha Telecom Inc</td><td>ATD</td><td>09/26/1997</td> </tr>
 <tr class="odd"><td>Alpha-Top Corporation</td><td>ATP</td><td>12/04/1996</td> </tr>
 <tr class="even"><td>AlphaView LCD</td><td>ALV</td><td>11/01/2008</td> </tr>
- <tr class="odd"><td>Alpine Electronics, Inc.</td><td>APE</td><td>01/22/2013</td> </tr>
+ <tr class="odd"><td>ALPS ALPINE CO., LTD.</td><td>APE</td><td>01/22/2013</td> </tr>
- <tr class="even"><td>Alps Electric Company Ltd</td><td>ALP</td><td>11/29/1996</td> </tr>
+ <tr class="even"><td>ALPS ALPINE CO., LTD.</td><td>ALP</td><td>11/29/1996</td> </tr>
- <tr class="odd"><td>Alps Electric Inc</td><td>AUI</td><td>11/29/1996</td> </tr>
+ <tr class="odd"><td>ALPS ALPINE CO., LTD.</td><td>AUI</td><td>11/29/1996</td> </tr>
 <tr class="even"><td>Alta Research Corporation</td><td>ARC</td><td>11/29/1996</td> </tr>
 <tr class="odd"><td>Altec Corporation</td><td>ALC</td><td>08/04/1998</td> </tr>
 <tr class="even"><td>Altec Lansing</td><td>ALJ</td><td>01/13/2000</td> </tr>
@ -2465,6 +2465,13 @@
 <tr class="odd"><td>MILCOTS</td><td>MLC</td><td>07/15/2020</td> </tr>
 <tr class="even"><td>NZXT (PNP same EDID)_</td><td>NXT</td><td>07/15/2020</td> </tr>
 <tr class="odd"><td>Unicompute Technology Co., Ltd.</td><td>UTC</td><td>10/19/2020</td> </tr>
 <tr class="even"><td>TECHNOGYM S.p.A.</td><td>TGW</td><td>01/08/2021</td> </tr>
 <tr class="odd"><td>Clover Electronics</td><td>CLR</td><td>02/02/2021</td> </tr>
 <tr class="even"><td>Kyokko Communication System Co., Ltd.</td><td>KTS</td><td>02/18/2021</td> </tr>
 <tr class="odd"><td>Terumo Corporation</td><td>TMO</td><td>02/02/2021</td> </tr>
 <tr class="even"><td>Micro-Star Int&#039;l Co., Ltd.</td><td>CND</td><td>02/17/2021</td> </tr>
 <tr class="odd"><td>Newline Interactive Inc.</td><td>NWL</td><td>12/03/2020</td> </tr>
 <tr class="even"><td>CORSAIR MEMORY Inc.</td><td>CRM</td><td>02/05/2021</td> </tr>
      </tbody>
    </table>
  </body>
--- a/hwdb.d/usb.ids
+++ b/hwdb.d/usb.ids
@ -9,8 +9,8 @@
 #	The latest version can be obtained from
 #		http://www.linux-usb.org/usb.ids
 #
-# Version: 2020.08.26
+# Version: 2021.02.19
-# Date:    2020-08-26 20:34:09
+# Date:    2021-02-19 20:34:10
 #
 # Vendors, devices and interfaces. Please keep sorted.
@ -1523,6 +1523,7 @@
 	0155  5800 XpressMusic (Multimedia mode)
 	0156  5800 XpressMusic (Storage mode)
 	0157  5800 XpressMusic (Imaging mode)
 	0189  N810 Internet Tablet WiMAX
 	0199  6700 Classic (msc)
 	019a  6700 Classic (PC Suite)
 	019b  6700 Classic (mtp)
@ -1530,7 +1531,7 @@
 	01b1  6303 classic Phone (Mass storage mode)
 	01b2  6303 classic Phone (Printing and media mode)
 	01c7  N900 (Storage Mode)
-	01c8  N900 (PC-Suite Mode)
+	01c8  N900/N950 (PC-Suite Mode)
 	0228  5530 XpressMusic
 	023a  6730 Classic
 	026a  N97 (mass storage)
@ -1550,7 +1551,8 @@
 	03c1  C7-00 (Media transfer mode)
 	03c2  Sim
 	03cd  C7-00 (Nokia Suite mode)
-	03d1  N950
+	03d1  N950 (Storage Mode)
 	03d2  N950 (PC Suite mode)
 	0400  7600 Phone Parent
 	0401  6650 GSM Phone
 	0402  6255 Phone Parent
@ -1581,7 +1583,7 @@
 	0423  6682 Phone Parent
 	0428  6230i Modem
 	0429  6230i MultiMedia Card
-	0431  770 Internet Tablet
+	0431  770/N800 Internet Tablet
 	0432  N90 Phone Parent
 	0435  E70 (IP Passthrough/RNDIS mode)
 	0436  E60 (IP Passthrough/RNDIS mode)
@ -1615,7 +1617,9 @@
 	04f9  6300 (PC Suite mode)
 	0508  E65 (PC Suite mode)
 	0509  E65 (Storage mode)
-	0518  N9 Phone
+	0518  N9 (Storage mode)
 	0519  N9 (RNDIS/Ethernet mode)
 	051a  N9 (PC Suite mode)
 	054d  C2-01
 	0600  Digital Pen SU-1B
 	0610  CS-15 (Internet Stick 3G modem)
@ -8752,6 +8756,7 @@
 05fc  Harman
 	0001  Soundcraft Si Multi Digital Card
 	0010  Soundcraft Si MADI combo card
 	0021  Soundcraft Signature 12 MTK
 	7849  Harman/Kardon SoundSticks
 05fd  InterAct, Inc.
 	0239  SV-239 HammerHead Digital
@ -22447,6 +22452,9 @@
 32b3  TEXA
 	d1a6  TXT Multihub
 	d1a7  TXT Multihub
 3310  MUDITA Sp. z o.o.
 	0100  Pure
 	0101  Pure tethering
 3333  InLine
 	3333  2 port KVM switch model 60652K
 3334  AEI
@ -22458,6 +22466,9 @@
 	ffff  Mio DigiWalker Sync
 3344  Leaguer Microelectronics (LME)
 	3744  OEM PC Remote
 3384  System76
 	0000  Thelio Io (thelio-io)
 	0001  Launch Configurable Keyboard (launch_1)
 348f  ISY
 	2322  Wireless Presenter
 3504  Micro Star
--- a/man/bootup.xml
+++ b/man/bootup.xml
@ -92,10 +92,10 @@
    <!-- note: do not use unicode ellipsis here, because docbook will replace that
         with three dots anyway, messing up alignment -->
-<programlisting>                                     cryptsetup-pre.target
+<programlisting>                             cryptsetup-pre.target veritysetup-pre.target
                                                  |
 (various low-level                                v
- API VFS mounts:                 (various cryptsetup devices...)
+ API VFS mounts:             (various cryptsetup/veritysetup devices...)
 mqueue, configfs,                                |    |
 debugfs, ...)                                    v    |
 |                                  cryptsetup.target  |
@ -105,7 +105,7 @@
 |    v                       local-fs-pre.target |    |     |  (network file systems)
 |  swap.target                       |           |    v     v                 |
 |    |                               v           |  remote-cryptsetup.target  |
- |    |  (various low-level  (various mounts and  |             |              |
+ |    |  (various low-level  (various mounts and  |  remote-veritysetup.target |
 |    |   services: udevd,    fsck services...)   |             |    remote-fs.target
 |    |   tmpfiles, random            |           |             |             /
 |    |   seed, sysctl, ...)          v           |             |            /
@ -303,7 +303,8 @@ emergency.service    |              |              |
 <programlisting>                                  (conflicts with  (conflicts with
                                    all system     all file system
                                     services)     mounts, swaps,
-                                         |           cryptsetup
+                                         |           cryptsetup/
                                         |           veritysetup
                                         |          devices, ...)
                                         |                |
                                         v                v
--- a/man/common-variables.xml
+++ b/man/common-variables.xml
@ -7,6 +7,80 @@
  <title>Environment</title>
  <variablelist class='environment-variables'>
    <varlistentry id='log-level'>
      <term><varname>$SYSTEMD_LOG_LEVEL</varname></term>
      <listitem><para id='log-level-body'>The maximum log level of emitted messages (messages with a higher
      log level, i.e. less important ones, will be suppressed). Either one of (in order of decreasing
      importance) <constant>emerg</constant>, <constant>alert</constant>, <constant>crit</constant>,
      <constant>err</constant>, <constant>warning</constant>, <constant>notice</constant>,
      <constant>info</constant>, <constant>debug</constant>, or an integer in the range 0…7. See
      <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
      for more information.</para>
      </listitem>
    </varlistentry>
    <varlistentry id='log-color'>
      <term><varname>$SYSTEMD_LOG_COLOR</varname></term>
      <listitem><para id='log-color-body'>A boolean. If true, messages written to the tty will be colored
      according to priority.</para>
      <para>This setting is only useful when messages are written directly to the terminal, because
      <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
      other tools that display logs will color messages based on the log level on their own.</para>
      </listitem>
    </varlistentry>
    <varlistentry id='log-time'>
      <term><varname>$SYSTEMD_LOG_TIME</varname></term>
      <listitem><para id='log-time-body'>A boolean. If true, log messages will be prefixed with a
      timestamp.</para>
      <para>This setting is only useful when messages are written directly to the terminal or a file, because
      <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
      other tools that display logs will attach timestamps based on the entry metadata on their own.</para>
      </listitem>
    </varlistentry>
    <varlistentry id='log-location'>
      <term><varname>$SYSTEMD_LOG_LOCATION</varname></term>
      <listitem><para id='log-location-body'>A boolean. If true, messages will be prefixed with a filename
      and line number in the source code where the message originates.</para>
      <para>Note that the log location is often attached as metadata to journal entries anyway. Including it
      directly in the message text can nevertheless be convenient when debugging programs.</para>
      </listitem>
    </varlistentry>
    <varlistentry id='log-tid'>
      <term><varname>$SYSTEMD_LOG_TID</varname></term>
      <listitem><para id='log-tid-body'>A boolean. If true, messages will be prefixed with the current
      numerical thread ID (TID).</para>
      <para>Note that the this information is attached as metadata to journal entries anyway. Including it
      directly in the message text can nevertheless be convenient when debugging programs.</para>
      </listitem>
    </varlistentry>
    <varlistentry id='log-target'>
      <term><varname>$SYSTEMD_LOG_TARGET</varname></term>
      <listitem><para id='log-target-body'>The destination for log messages. One of
      <constant>console</constant> (log to the attached tty), <constant>console-prefixed</constant> (log to
      the attached tty but with prefixes encoding the log level and "facility", see <citerefentry
      project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <constant>kmsg</constant> (log to the kernel circular log buffer), <constant>journal</constant> (log to
      the journal), <constant>journal-or-kmsg</constant> (log to the journal if available, and to kmsg
      otherwise), <constant>auto</constant> (determine the appropriate log target automatically, the default),
      <constant>null</constant> (disable log output).</para>
      <!-- <constant>syslog</constant>, <constant>syslog-or-kmsg</constant> are deprecated -->
      </listitem>
    </varlistentry>
    <varlistentry id='pager'>
      <term><varname>$SYSTEMD_PAGER</varname></term>
@ -69,15 +143,15 @@
      <listitem><para>Takes a boolean argument. When true, the "secure" mode of the pager is enabled; if
      false, disabled. If <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, secure mode is enabled
-      if the effective UID is not the same as the owner of the login session, see <citerefentry
+      if the effective UID is not the same as the owner of the login session, see
-      project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry> and
+      <citerefentry project='man-pages'><refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-      <citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+      and <citerefentry><refentrytitle>sd_pid_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
      In secure mode, <option>LESSSECURE=1</option> will be set when invoking the pager, and the pager shall
      disable commands that open or create new files or start new subprocesses. When
      <varname>$SYSTEMD_PAGERSECURE</varname> is not set at all, pagers which are not known to implement
      secure mode will not be used. (Currently only
-      <citerefentry><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry> implements
+      <citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-      secure mode.)</para>
+      implements secure mode.)</para>
      <para>Note: when commands are invoked with elevated privileges, for example under <citerefentry
      project='man-pages'><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
@ -94,10 +168,11 @@
    <varlistentry id='colors'>
      <term><varname>$SYSTEMD_COLORS</varname></term>
-      <listitem><para>The value must be a boolean. Controls whether colorized output should be
+      <listitem><para>Takes a boolean argument. When true, <command>systemd</command> and related utilities
-      generated. This can be specified to override the decision that <command>systemd</command> makes based
+      will use colors in their output, otherwise the output will be monochrome. Additionally, the variable can
-      on <varname>$TERM</varname> and what the console is connected to.</para>
+      take one of the following special values: <literal>16</literal>, <literal>256</literal> to restrict the use
-      </listitem>
+      of colors to the base 16 or 256 ANSI colors, respectively. This can be specified to override the automatic
      decision based on <varname>$TERM</varname> and what the console is connected to.</para></listitem>
    </varlistentry>
    <!-- This is not documented on purpose, because it is not clear if $NO_COLOR will become supported
--- a/man/coredumpctl.xml
+++ b/man/coredumpctl.xml
@ -137,7 +137,8 @@
        <citerefentry project='man-pages'><refentrytitle>gdb</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        will be used. This may be changed using the <option>--debugger=</option>
        option or the <varname>$SYSTEMD_DEBUGGER</varname> environment
-        variable.</para></listitem>
+        variable. Use the <option>--debugger-arguments=</option> option to pass extra
        command line arguments to the debugger.</para></listitem>
      </varlistentry>
    </variablelist>
@ -153,20 +154,22 @@
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
      <varlistentry>
        <term><option>--no-legend</option></term>
        <listitem><para>Do not print column headers.</para></listitem>
      </varlistentry>
      <xi:include href="standard-options.xml" xpointer="no-pager" />
      <xi:include href="standard-options.xml" xpointer="no-legend" />
      <xi:include href="standard-options.xml" xpointer="json" />
      <varlistentry>
        <term><option>-1</option></term>
-        <listitem><para>Show information of a single core dump only, instead of listing
+        <listitem><para>Show information of the most recent core dump only, instead of listing all known core
-        all known core dumps.</para></listitem>
+        dumps. (Equivalent to <option>--reverse -n 1</option></para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>-n</option> <replaceable>INT</replaceable></term>
        <listitem><para>Show at most the specified number of entries. The specified parameter must be an
        integer greater or equal to 1.</para></listitem>
      </varlistentry>
      <varlistentry>
@ -217,6 +220,15 @@
        will be used. </para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>-A</option> <replaceable>ARGS</replaceable></term>
        <term><option>--debugger-arguments=</option><replaceable>ARGS</replaceable></term>
        <listitem><para>Pass the given <replaceable>ARGS</replaceable> as extra command line arguments
        to the debugger. Quote as appropriate when <replaceable>ARGS</replaceable> contain whitespace.
        (See Examples.)</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--file=<replaceable>GLOB</replaceable></option></term>
@ -312,29 +324,47 @@
    <title>Examples</title>
    <example>
-      <title>List all the core dumps of a program named foo</title>
+      <title>List all the core dumps of a program</title>
-      <programlisting># coredumpctl list foo</programlisting>
+      <programlisting>$ coredumpctl list /usr/lib64/firefox/firefox
 TIME     PID  UID  GID SIG     COREFILE EXE                         SIZE
 Tue …   8018 1000 1000 SIGSEGV missing  /usr/lib64/firefox/firefox   n/a
 Wed … 251609 1000 1000 SIGTRAP missing  /usr/lib64/firefox/firefox   n/a
 Fri … 552351 1000 1000 SIGSEGV present  /usr/lib64/firefox/firefox 28.7M
 </programlisting>
       <para>The journal has three entries pertaining to <filename>/usr/lib64/firefox/firefox</filename>, and
       only the last entry still has an available core file (in external storage on disk).</para>
       <para>Note that <filename>coredumpctl</filename> needs access to the journal files to retrieve the
       relevant entries from the journal. Thus, an unprivileged user will normally only see information about
       crashing programs of this user.</para>
    </example>
    <example>
-      <title>Invoke gdb on the last core dump</title>
+      <title>Invoke <command>gdb</command> on the last core dump</title>
-      <programlisting># coredumpctl debug</programlisting>
+      <programlisting>$ coredumpctl debug</programlisting>
    </example>
    <example>
      <title>Use <command>gdb</command> to display full register info from the last core dump</title>
      <programlisting>$ coredumpctl debug --debugger-arguments="-batch -ex 'info all-registers'"</programlisting>
    </example>
    <example>
      <title>Show information about a process that dumped core,
      matching by its PID 6654</title>
-      <programlisting># coredumpctl info 6654</programlisting>
+      <programlisting>$ coredumpctl info 6654</programlisting>
    </example>
    <example>
      <title>Extract the last core dump of /usr/bin/bar to a file named
      <filename index="false">bar.coredump</filename></title>
-      <programlisting># coredumpctl -o bar.coredump dump /usr/bin/bar</programlisting>
+      <programlisting>$ coredumpctl -o bar.coredump dump /usr/bin/bar</programlisting>
    </example>
  </refsect1>
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@ -45,33 +45,98 @@
    The first two fields are mandatory, the remaining two are
    optional.</para>
-    <para>Setting up encrypted block devices using this file supports
+    <para>Setting up encrypted block devices using this file supports four encryption modes: LUKS, TrueCrypt,
-    three encryption modes: LUKS, TrueCrypt and plain. See
+    BitLocker and plain. See <citerefentry
-    <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
-    for more information about each mode. When no mode is specified in
+    more information about each mode. When no mode is specified in the options field and the block device
-    the options field and the block device contains a LUKS signature,
+    contains a LUKS signature, it is opened as a LUKS device; otherwise, it is assumed to be in raw dm-crypt
-    it is opened as a LUKS device; otherwise, it is assumed to be in
+    (plain mode) format.</para>
    raw dm-crypt (plain mode) format.</para>
-    <para>The first field contains the name of the resulting encrypted volume; its block device is set up
+    <para>The four fields of <filename>/etc/crypttab</filename> are defined as follows:</para>
    below <filename>/dev/mapper/</filename>.</para>
-    <para>The second field contains a path to the underlying block
+    <orderedlist>
    device or file, or a specification of a block device via
    <literal>UUID=</literal> followed by the UUID.</para>
-    <para>The third field specifies an absolute path to a file with the encryption key. Optionally,
+      <listitem><para>The first field contains the name of the resulting volume with decrypted data; its
-    the path may be followed by <literal>:</literal> and an fstab device specification (e.g. starting with
+      block device is set up below <filename>/dev/mapper/</filename>.</para></listitem>
    <literal>LABEL=</literal> or similar); in which case the path is taken relative to the device file system
    root. If the field is not present or is <literal>none</literal> or <literal>-</literal>, a key file
    named after the volume to unlock (i.e. the first column of the line), suffixed with
    <filename>.key</filename> is automatically loaded from the <filename>/etc/cryptsetup-keys.d/</filename>
    and <filename>/run/cryptsetup-keys.d/</filename> directories, if present. Otherwise, the password has to
    be manually entered during system boot. For swap encryption, <filename>/dev/urandom</filename> may be
    used as key file.</para>
-    <para>The fourth field, if present, is a comma-delimited list of
+      <listitem><para>The second field contains a path to the underlying block
-    options. The following options are recognized:</para>
+      device or file, or a specification of a block device via
      <literal>UUID=</literal> followed by the UUID.</para></listitem>
      <listitem><para>The third field specifies an absolute path to a file with the encryption
      key. Optionally, the path may be followed by <literal>:</literal> and an
      <filename>/etc/fstab</filename> style device specification (e.g. starting with
      <literal>LABEL=</literal> or similar); in which case the path is taken relative to the specified
      device's file system root. If the field is not present or is <literal>none</literal> or
      <literal>-</literal>, a key file named after the volume to unlock (i.e. the first column of the line),
      suffixed with <filename>.key</filename> is automatically loaded from the
      <filename>/etc/cryptsetup-keys.d/</filename> and <filename>/run/cryptsetup-keys.d/</filename>
      directories, if present. Otherwise, the password has to be manually entered during system boot. For
      swap encryption, <filename>/dev/urandom</filename> may be used as key file, resulting in a randomized
      key.</para>
      <para>If the specified key file path refers to an <constant>AF_UNIX</constant> stream socket in the
      file system, the key is acquired by connecting to the socket and reading it from the connection. This
      allows the implementation of a service to provide key information dynamically, at the moment when it is
      needed. For details see below.</para></listitem>
      <listitem><para>The fourth field, if present, is a comma-delimited list of options. The supported
      options are listed below.</para></listitem>
    </orderedlist>
  </refsect1>
  <refsect1>
    <title>Key Acquisition</title>
    <para>Six different mechanisms for acquiring the decryption key or passphrase unlocking the encrypted
    volume are supported. Specifically:</para>
    <orderedlist>
      <listitem><para>Most prominently, the user may be queried interactively during volume activation
      (i.e. typically at boot), asking them to type in the necessary passphrase(s).</para></listitem>
      <listitem><para>The (unencrypted) key may be read from a file on disk, possibly on removable media. The third field
      of each line encodes the location, for details see above.</para></listitem>
      <listitem><para>The (unencrypted) key may be requested from another service, by specifying an
      <constant>AF_UNIX</constant> file system socket in place of a key file in the third field. For details
      see above and below.</para></listitem>
      <listitem><para>The key may be acquired via a PKCS#11 compatible hardware security token or
      smartcard. In this case an encrypted key is stored on disk/removable media, acquired via
      <constant>AF_UNIX</constant>, or stored in the LUKS2 JSON token metadata header. The encrypted key is
      then decrypted by the PKCS#11 token with an RSA key stored on it, and then used to unlock the encrypted
      volume. Use the <option>pkcs11-uri=</option> option described below to use this mechanism.</para></listitem>
      <listitem><para>Similar, the key may be acquired via a FIDO2 compatible hardware security token (which
      must implement the "hmac-secret" extension). In this case a (during enrollment) randomly generated key
      is stored on disk/removable media, acquired via <constant>AF_UNIX</constant>, or stored in the LUKS2
      JSON token metadata header. The random key is hashed via a keyed hash function (HMAC) on the FIDO2
      token, using a secret key stored on the token that never leaves it. The resulting hash value is then
      used as key to unlock the encrypted volume. Use the <option>fido2-device=</option> option described
      below to use this mechanism.</para></listitem>
      <listitem><para>Similar, the key may be acquired via a TPM2 security chip. In this case a (during
      enrollment) randomly generated key — encrypted by an asymmetric key derived from the TPM2 chip's seed
      key — is stored on disk/removable media, acquired via <constant>AF_UNIX</constant>, or stored in the
      LUKS2 JSON token metadata header. Use the <option>tpm2-device=</option> option described below to use
      this mechanism.</para></listitem>
    </orderedlist>
    <para>For the latter five mechanisms the source for the key material used for unlocking the volume is
    primarily configured in the third field of each <filename>/etc/crypttab</filename> line, but may also
    configured in <filename>/etc/cryptsetup-keys.d/</filename> and
    <filename>/run/cryptsetup-keys.d/</filename> (see above) or in the LUKS2 JSON token header (in case of
    the latter three). Use the
    <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    tool to enroll PKCS#11, FIDO2 and TPM2 devices in LUKS2 volumes.</para>
  </refsect1>
  <refsect1>
    <title>Supported Options</title>
    <para>The following options may be used in the fourth field of each line:</para>
    <variablelist class='fstab-options'>
@ -114,10 +179,10 @@
        for possible values and the default value of this
        option.</para>
-        <para>Optionally, the path may be followed by <literal>:</literal> and an fstab device specification
+        <para>Optionally, the path may be followed by <literal>:</literal> and an
-        (e.g. starting with <literal>UUID=</literal> or similar); in which case, the path is relative to the
+        <filename>/etc/fstab</filename> device specification (e.g. starting with <literal>UUID=</literal> or
-        device file system root. The device gets mounted automatically for LUKS device activation duration only.
+        similar); in which case, the path is relative to the device file system root. The device gets mounted
-        </para></listitem>
+        automatically for LUKS device activation duration only.</para></listitem>
      </varlistentry>
      <varlistentry>
@ -187,8 +252,8 @@
      <varlistentry>
        <term><option>bitlk</option></term>
-        <listitem><para>Decrypt Bitlocker drive. Encryption parameters
+        <listitem><para>Decrypt BitLocker drive. Encryption parameters
-        are deduced by cryptsetup from Bitlocker header.</para></listitem>
+        are deduced by cryptsetup from BitLocker header.</para></listitem>
      </varlistentry>
      <varlistentry>
@ -258,7 +323,7 @@
      <varlistentry>
        <term><option>same-cpu-crypt</option></term>
-        <listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
+        <listitem><para>Perform encryption using the same CPU that IO was submitted on. The default is to use
        an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
        <para>This requires kernel 4.0 or newer.</para>
@ -459,15 +524,134 @@
      <varlistentry>
        <term><option>pkcs11-uri=</option></term>
-        <listitem><para>Takes a <ulink url="https://tools.ietf.org/html/rfc7512">RFC7512 PKCS#11 URI</ulink>
+        <listitem><para>Takes either the special value <literal>auto</literal> or an <ulink
-        pointing to a private RSA key which is used to decrypt the key specified in the third column of the
+        url="https://tools.ietf.org/html/rfc7512">RFC7512 PKCS#11 URI</ulink> pointing to a private RSA key
-        line. This is useful for unlocking encrypted volumes through security tokens or smartcards. See below
+        which is used to decrypt the encrypted key specified in the third column of the line. This is useful
-        for an example how to set up this mechanism for unlocking a LUKS volume with a YubiKey security
+        for unlocking encrypted volumes through PKCS#11 compatible security tokens or smartcards. See below
-        token. The specified URI can refer directly to a private RSA key stored on a token or alternatively
+        for an example how to set up this mechanism for unlocking a LUKS2 volume with a YubiKey security
        token.</para>
        <para>If specified as <literal>auto</literal> the volume must be of type LUKS2 and must carry PKCS#11
        security token metadata in its LUKS2 JSON token section. In this mode the URI and the encrypted key
        are automatically read from the LUKS2 JSON token header. Use
        <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        as simple tool for enrolling PKCS#11 security tokens or smartcards in a way compatible with
        <literal>auto</literal>. In this mode the third column of the line should remain empty (that is,
        specified as <literal>-</literal>).</para>
        <para>The specified URI can refer directly to a private RSA key stored on a token or alternatively
        just to a slot or token, in which case a search for a suitable private RSA key will be performed.  In
-        this case if multiple suitable objects are found the token is refused. The key configured in the
+        this case if multiple suitable objects are found the token is refused. The encrypted key configured
-        third column is passed as is to RSA decryption. The resulting decrypted key is then base64 encoded
+        in the third column of the line is passed as is (i.e. in binary form, unprocessed) to RSA
-        before it is used to unlock the LUKS volume.</para></listitem>
+        decryption. The resulting decrypted key is then Base64 encoded before it is used to unlock the LUKS
        volume.</para>
        <para>Use <command>systemd-cryptenroll --pkcs11-token-uri=list</command> to list all suitable PKCS#11
        security tokens currently plugged in, along with their URIs.</para>
        <para>Note that many newer security tokens that may be used as PKCS#11 security token typically also
        implement the newer and simpler FIDO2 standard. Consider using <option>fido2-device=</option>
        (described below) to enroll it via FIDO2 instead. Note that a security token enrolled via PKCS#11
        cannot be used to unlock the volume via FIDO2, unless also enrolled via FIDO2, and vice
        versa.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>fido2-device=</option></term>
        <listitem><para>Takes either the special value <literal>auto</literal> or the path to a
        <literal>hidraw</literal> device node (e.g. <filename>/dev/hidraw1</filename>) referring to a FIDO2
        security token that implements the <literal>hmac-secret</literal> extension (most current hardware
        security tokens do). See below for an example how to set up this mechanism for unlocking an encrypted
        volume with a FIDO2 security token.</para>
        <para>If specified as <literal>auto</literal> the FIDO2 token device is automatically discovered, as
        it is plugged in.</para>
        <para>FIDO2 volume unlocking requires a client ID hash (CID) to be configured via
        <option>fido2-cid=</option> (see below) and a key to pass to the security token's HMAC functionality
        (configured in the line's third column) to operate. If not configured and the volume is of type
        LUKS2, the CID and the key are read from LUKS2 JSON token metadata instead. Use
        <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        as simple tool for enrolling FIDO2 security tokens, compatible with this automatic mode, which is
        only available for LUKS2 volumes.</para>
        <para>Use <command>systemd-cryptenroll --fido2-device=list</command> to list all suitable FIDO2
        security tokens currently plugged in, along with their device nodes.</para>
        <para>This option implements the following mechanism: the configured key is hashed via they HMAC
        keyed hash function the FIDO2 device implements, keyed by a secret key embedded on the device. The
        resulting hash value is Base64 encoded and used to unlock the LUKS2 volume. As it should not be
        possible to extract the secret from the hardware token, it should not be possible to retrieve the
        hashed key given the configured key — without possessing the hardware token.</para>
        <para>Note that many security tokens that implement FIDO2 also implement PKCS#11, suitable for
        unlocking volumes via the <option>pkcs11-uri=</option> option described above. Typically the newer,
        simpler FIDO2 standard is preferable.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>fido2-cid=</option></term>
        <listitem><para>Takes a Base64 encoded FIDO2 client ID to use for the FIDO2 unlock operation. If
        specified, but <option>fido2-device=</option> is not, <option>fido2-device=auto</option> is
        implied. If <option>fido2-device=</option> is used but <option>fido2-cid=</option> is not, the volume
        must be of LUKS2 type, and the CID is read from the LUKS2 JSON token header. Use
        <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for enrolling a FIDO2 token in the LUKS2 header compatible with this automatic
        mode.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>fido2-rp=</option></term>
        <listitem><para>Takes a string, configuring the FIDO2 Relying Party (rp) for the FIDO2 unlock
        operation. If not specified <literal>io.systemd.cryptsetup</literal> is used, except if the the LUKS2
        JSON token header contains a different value. It should normally not be necessary to override
        this.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>tpm2-device=</option></term>
        <listitem><para>Takes either the special value <literal>auto</literal> or the path to a device node
        (e.g. <filename>/dev/tpmrm0</filename>) referring to a TPM2 security chip. See below for an example
        how to set up this mechanism for unlocking an encrypted volume with a TPM2 chip.</para>
        <para>Use <option>tpm2-pcrs=</option> (see below) to configure the set of TPM2 PCRs to bind the
        volume unlocking to. Use
        <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        as simple tool for enrolling TPM2 security chips in LUKS2 volumes.</para>
        <para>If specified as <literal>auto</literal> the TPM2 device is automatically discovered. Use
        <command>systemd-cryptenroll --tpm2-device=list</command> to list all suitable TPM2 devices currently
        available, along with their device nodes.</para>
        <para>This option implements the following mechanism: when enrolling a TPM2 device via
        <command>systemd-cryptenroll</command> on a LUKS2 volume, a randomized key unlocking the volume is
        generated on the host and loaded into the TPM2 chip where it is encrypted with an asymmetric
        "primary" key pair derived from the TPM2's internal "seed" key. Neither the seed key nor the primary
        key are permitted to ever leave the TPM2 chip — however, the now encrypted randomized key may. It is
        saved in the LUKS2 volume JSON token header. When unlocking the encrypted volume, the primary key
        pair is generated on the TPM2 chip again (which works as long as the chip's seed key is correctly
        maintained by the TPM2 chip), which is then used to decrypt (on the TPM2 chip) the encrypted key from
        the LUKS2 volume JSON token header saved there during enrollment. The resulting decrypted key is then
        used to unlock the volume. When the randomized key is encrypted the current values of the selected
        PCRs (see below) are included in the operation, so that different PCR state results in different
        encrypted keys and the decrypted key can only be recovered if the same PCR state is
        reproduced.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>tpm2-pcrs=</option></term>
        <listitem><para>Takes a comma separated list of numeric TPM2 PCR (i.e. "Platform Configuration
        Register") indexes to bind the TPM2 volume unlocking to. This option is only useful when TPM2
        enrollment metadata is not available in the LUKS2 JSON token header already, the way
        <command>systemd-cryptenroll</command> writes it there. If not used (and no metadata in the LUKS2
        JSON token header defines it), defaults to a list of a single entry: PCR 7. Assign an empty string to
        encode a policy that binds the key to no PCRs, making the key accessible to local programs regardless
        of the current PCR state.</para></listitem>
      </varlistentry>
      <varlistentry>
@ -518,6 +702,36 @@
    <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
  </refsect1>
  <refsect1>
    <title><constant>AF_UNIX</constant> Key Files</title>
    <para>If the key file path (as specified in the third column of <filename>/etc/crypttab</filename>
    entries, see above) refers to an <constant>AF_UNIX</constant> stream socket in the file system, the key
    is acquired by connecting to the socket and reading the key from the connection. The connection is made
    from an <constant>AF_UNIX</constant> socket name in the abstract namespace, see <citerefentry
    project='man-pages'><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
    details. The source socket name is chosen according the following format:</para>
    <programlisting><constant>NUL</constant> <replaceable>RANDOM</replaceable> <literal>/cryptsetup/</literal> <replaceable>VOLUME</replaceable></programlisting>
    <para>In other words: a <constant>NUL</constant> byte (as required for abstract namespace sockets),
    followed by a random string (consisting of alphanumeric characters only), followed by the literal
    string <literal>/cryptsetup/</literal>, followed by the name of the volume to acquire they key
    for. Example (for a volume <literal>myvol</literal>):</para>
    <example><programlisting>\0d7067f78d9827418/cryptsetup/myvol</programlisting></example>
    <para>Services listening on the <constant>AF_UNIX</constant> stream socket may query the source socket
    name with <citerefentry
    project='man-pages'><refentrytitle>getpeername</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
    and use it to determine which key to send, allowing a single listening socket to serve keys for a
    multitude of volumes. If the PKCS#11 logic is used (see above) the socket source name is picked in
    identical fashion, except that the literal string <literal>/cryptsetup-pkcs11/</literal> is used (similar
    for FIDO2: <literal>/cryptsetup-fido2/</literal> and TPM2: <literal>/cryptsetup-tpm2/</literal>). This is
    done so that services providing key material know that not a secret key is requested but an encrypted key
    that will be decrypted via the PKCS#11/FIDO2/TPM2 logic to acquire the final secret key.</para>
  </refsect1>
  <refsect1>
    <title>Examples</title>
    <example>
@ -536,26 +750,48 @@ external   /dev/sda3       keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac
    </example>
    <example>
-      <title>Yubikey-based Volume Unlocking Example</title>
+      <title>Yubikey-based PKCS#11 Volume Unlocking Example</title>
      <para>The PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
-      decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
+      decryption keys for unlocking an encrypted volume. Here's an example how to set up a Yubikey security
-      <citerefentry project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+      token for this purpose on a LUKS2 volume, using <citerefentry
-      from the yubikey-manager project:</para>
+      project='debian'><refentrytitle>ykmap</refentrytitle><manvolnum>1</manvolnum></citerefentry> from the
      yubikey-manager project to initialize the token and
      <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
      to add it in the LUKS2 volume:</para>
 <programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>
-<para>A few notes on the above:</para>
+      <para>A few notes on the above:</para>
-<itemizedlist>
+      <itemizedlist>
-  <listitem><para>We use RSA (and not ECC), since Yubikeys support PKCS#11 Decrypt() only for RSA keys</para></listitem>
+        <listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem>
-  <listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem>
+        <listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes,
-  <listitem><para>LUKS key size must be shorter than 2048bit due to RSA padding, hence we use 128 bytes</para></listitem>
+        <ulink url="https://developers.yubico.com/PIV/Introduction/Certificate_slots.html">see
-  <listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes,
+        documentation</ulink>.</para></listitem>
-  <ulink url="https://developers.yubico.com/PIV/Introduction/Certificate_slots.html">see
+      </itemizedlist>
-  documentation</ulink>.</para></listitem>
+    </example>
 </itemizedlist>
    <example>
      <title>FIDO2 Volume Unlocking Example</title>
      <para>The FIDO2 logic allows using any compatible FIDO2 security token that implements the
      <literal>hmac-secret</literal> extension for unlocking an encrypted volume. Here's an example how to
      set up a FIDO2 security token for this purpose for a LUKS2 volume, using
      <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
 <programlisting><xi:include href="fido2-crypttab.sh" parse="text" /></programlisting>
    </example>
    <example>
      <title>TPM2 Volume Unlocking Example</title>
      <para>The TPM2 logic allows using any TPM2 chip supported by the Linux kernel for unlocking an
      encrypted volume. Here's an example how to set up a TPM2 chip for this purpose for a LUKS2 volume,
      using
      <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
 <programlisting><xi:include href="tpm2-crypttab.sh" parse="text" /></programlisting>
    </example>
  </refsect1>
@ -565,6 +801,7 @@ external   /dev/sda3       keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
--- a/man/directives-template.xml
+++ b/man/directives-template.xml
@ -94,7 +94,8 @@
  </refsect1>
  <refsect1>
-    <title><filename>/etc/crypttab</filename> and
+    <title><filename>/etc/crypttab</filename>,
    <filename>/etc/veritytab</filename> and
    <filename>/etc/fstab</filename> options</title>
    <para>Options which influence mounted filesystems and encrypted volumes.</para>
--- a/man/fido2-crypttab.sh
+++ b/man/fido2-crypttab.sh
@ -0,0 +1,10 @@
 # Enroll the security token in the LUKS2 volume. Replace /dev/sdXn by the
 # partition to use (e.g. /dev/sda1).
 sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn
 # Test: Let's run systemd-cryptsetup to test if this worked.
 sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
 # If that worked, let's now add the same line persistently to /etc/crypttab,
 # for the future.
 sudo bash -c 'echo "mytest /dev/sdXn - fido2-device=auto" >> /etc/crypttab'
--- a/man/homectl.xml
+++ b/man/homectl.xml
@ -515,7 +515,7 @@
      <varlistentry>
        <term><option>--tasks-max=</option><replaceable>TASKS</replaceable></term>
-        <listitem><para>Takes a non-zero unsigned integer as argument. Configures the maximum numer of tasks
+        <listitem><para>Takes a non-zero unsigned integer as argument. Configures the maximum number of tasks
        (i.e. threads, where each process is at least one thread) the user may have at any given time. This
        limit applies to all tasks forked off the user's sessions, even if they change user identity via
        <citerefentry project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -848,7 +848,7 @@
    <para>On success, 0 is returned, a non-zero failure code otherwise.</para>
  </refsect1>
-  <xi:include href="less-variables.xml" />
+  <xi:include href="common-variables.xml" />
  <refsect1>
    <title>Examples</title>
--- a/man/hostname.xml
+++ b/man/hostname.xml
@ -1,6 +1,9 @@
 <?xml version='1.0'?> <!--*-nxml-*-->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
 <!ENTITY % entities SYSTEM "custom-entities.ent" >
 %entities;
 ]>
 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
 <refentry id="hostname">
@ -26,23 +29,65 @@
  <refsect1>
    <title>Description</title>
-    <para>The <filename>/etc/hostname</filename> file configures the
+    <para>The <filename>/etc/hostname</filename> file configures the name of the local system. Unless
-    name of the local system that is set during boot using the
+    overridden as described in the next section,
-    <citerefentry><refentrytitle>sethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will set this
-    system call. It should contain a single newline-terminated
+    hostname during boot using the
-    hostname string.  Comments (lines starting with a `#') are ignored.
+    <citerefentry><refentrytitle>sethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry> system
-    The hostname may be a free-form string up to 64 characters in length;
+    call.</para>
-    however, it is recommended that it consists only of 7-bit ASCII lower-case
+
-    characters and no spaces or dots, and limits itself to the format allowed
+    <para>The file should contain a single newline-terminated hostname string. Comments (lines starting with
-    for DNS domain name labels, even though this is not a strict
+    a <literal>#</literal>) are ignored. The hostname should be composed of up to 64 7-bit ASCII lower-case
-    requirement.</para>
+    alphanumeric characters or hyphens forming a valid DNS domain name. It is recommended that this name
    contains only a single label, i.e. without any dots. Invalid characters will be filtered out in an
    attempt to make the name valid, but obviously it is recommended to use a valid name and not rely on this
    filtering.</para>
    <para>You may use
-    <citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    <citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to change
-    to change the value of this file during runtime from the command
+    the value of this file during runtime from the command line. Use
-    line. Use
+    <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry> to
-    <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    initialize it on mounted (but not booted) system images.</para>
-    to initialize it on mounted (but not booted) system images.</para>
+  </refsect1>
  <refsect1>
    <title>Hostname semantics</title>
    <para><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and the
    associated tools will obtain the hostname in the following ways:</para>
    <itemizedlist>
      <listitem><para>If the kernel commandline parameter <varname>systemd.hostname=</varname> specifies a
      valid hostname,
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> will use it
      to set the hostname during early boot, see
      <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      </para></listitem>
      <listitem><para>Otherwise, the "static" hostname specified by <filename>/etc/hostname</filename> as
      described above will be used.</para></listitem>
      <listitem><para>Otherwise, a transient hostname may be set during runtime, for example based on
      information in a DHCP lease, see
      <citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
      Both <ulink url="https://developer.gnome.org/NetworkManager/stable/">NetworkManager</ulink> and
      <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      allow this. Note that
      <citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      gives higher priority to the static hostname, so the transient hostname will only be used if the static
      hostname is not configured.</para></listitem>
      <listitem><para>Otherwise, a fallback hostname configured at compilation time will be used
      (<literal>&FALLBACK_HOSTNAME;</literal>).</para></listitem>
      <!-- what about the "linux" fallback fallback? -->
    </itemizedlist>
    <para>Effectively, the static hostname has higher priority than a transient hostname, which has higher
    priority than the fallback hostname. Transient hostnames are equivalent, so setting a new transient
    hostname causes the previous transient hostname to be forgotten. The hostname specified on the kernel
    command line is like a transient hostname, with the exception that it has higher priority when the
    machine boots. Also note that those are the semantics implemented by systemd tools, but other programs
    may also set the hostname.</para>
  </refsect1>
  <refsect1>
--- a/man/hostnamectl.xml
+++ b/man/hostnamectl.xml
@ -1,6 +1,9 @@
 <?xml version='1.0'?> <!--*-nxml-*-->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
 <!ENTITY % entities SYSTEM "custom-entities.ent" >
 %entities;
 ]>
 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
 <refentry id="hostnamectl" conditional='ENABLE_HOSTNAMED'
@ -32,33 +35,23 @@
  <refsect1>
    <title>Description</title>
-    <para><command>hostnamectl</command> may be used to query and
+    <para><command>hostnamectl</command> may be used to query and change the system hostname and related
-    change the system hostname and related settings.</para>
+    settings.</para>
-    <para>This tool distinguishes three different hostnames: the
+    <para><citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-    high-level "pretty" hostname which might include all kinds of
+    and this tool distinguish three different hostnames: the high-level "pretty" hostname which might include
-    special characters (e.g. "Lennart's Laptop"), the static hostname
+    all kinds of special characters (e.g. "Lennart's Laptop"), the "static" hostname which is the
-    which is used to initialize the kernel hostname at boot (e.g.
+    user-configured hostname (e.g. "lennarts-laptop"), and the transient hostname which is a fallback value
-    "lennarts-laptop"), and the transient hostname which is a fallback
+    received from network configuration (e.g. "node12345678"). If a static hostname is set to a valid value,
-    value received from network configuration. If a static hostname is
+    then the transient hostname is not used.</para>
    set, and is valid (something other than localhost), then the
    transient hostname is not used.</para>
    <para>Note that the pretty hostname has little restrictions on the characters and length used, while the static and
    transient hostnames are limited to the usually accepted characters of Internet domain names, and 64 characters at
    maximum (the latter being a Linux limitation).</para>
    <para>The static hostname is stored in
    <filename>/etc/hostname</filename>, see
    <citerefentry><refentrytitle>hostname</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for more information. The pretty hostname, chassis type, and icon
    name are stored in <filename>/etc/machine-info</filename>, see
    <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
    <para>Use
-    <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry> to
-    to initialize the system hostname for mounted (but not booted)
+    initialize the system hostname for mounted (but not booted) system images.</para>
    system images.</para>
  </refsect1>
  <refsect1>
@ -86,9 +79,13 @@
        still following the validity rules of the specific name. This simplification of the hostname string is not done
        if only the transient and/or static hostnames are set, and the pretty hostname is left untouched.</para>
-        <para>Pass the empty string <literal></literal> as the
+        <para>The static and transient hostnames must each be either a single DNS label (a string composed of
-        hostname to reset the selected hostnames to their default
+        7-bit ASCII lower-case characters and no spaces or dots, limited to the format allowed for DNS domain
-        (usually <literal>localhost</literal>).</para></listitem>
+        name labels), or a sequence of such labels separated by single dots that forms a valid DNS FQDN. The
        hostname must be at most 64 characters, which is a Linux limitation (DNS allows longer names).</para>
        <para>Pass the empty string <literal></literal> as the hostname to reset the selected hostnames to
        their default (usually <literal>&FALLBACK_HOSTNAME;</literal>).</para></listitem>
      </varlistentry>
      <varlistentry>
--- a/man/html.in
+++ b/man/html.in
@ -6,7 +6,7 @@ if [ -z "$1" ]; then
    exit 1
 fi
-# make sure the rules have been regenerated (in case man/update-man-rules was just run)
+# make sure the rules have been regenerated (in case update-man-rules was just run)
 ninja -C "@BUILD_ROOT@" version.h
 target="man/$1.html"
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@ -992,7 +992,7 @@
    code is returned.</para>
  </refsect1>
-  <xi:include href="less-variables.xml" />
+  <xi:include href="common-variables.xml" />
  <refsect1>
    <title>Examples</title>
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@ -28,6 +28,9 @@
    <para><filename>/run/systemd/journald.conf.d/*.conf</filename></para>
    <para><filename>/usr/lib/systemd/journald.conf.d/*.conf</filename></para>
    <para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename></para>
    <para><filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
    <para><filename>/run/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
    <para><filename>/usr/lib/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf.d/*.conf</filename></para>
  </refsynopsisdiv>
  <refsect1>
@ -41,8 +44,9 @@
    <para>The <command>systemd-journald</command> instance managing the default namespace is configured by
    <filename>/etc/systemd/journald.conf</filename> and associated drop-ins. Instances managing other
-    namespaces read <filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename> with
+    namespaces read <filename>/etc/systemd/journald@<replaceable>NAMESPACE</replaceable>.conf</filename>
-    the namespace identifier filled in. This allows each namespace to carry a distinct configuration. See
+    and associated drop-ins with the namespace identifier filled in. This allows each namespace to carry
    a distinct configuration. See
    <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    for details about journal namespaces.</para>
  </refsect1>
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@ -356,11 +356,14 @@
      </varlistentry>
      <varlistentry>
        <term><varname>veritytab=</varname></term>
        <term><varname>rd.veritytab=</varname></term>
        <term><varname>roothash=</varname></term>
        <term><varname>systemd.verity=</varname></term>
        <term><varname>rd.systemd.verity=</varname></term>
        <term><varname>systemd.verity_root_data=</varname></term>
        <term><varname>systemd.verity_root_hash=</varname></term>
        <term><varname>systemd.verity.root_options=</varname></term>
        <listitem>
          <para>Configures the integrity protection root hash for the root file system, and other related
          parameters. For details, see
--- a/man/localectl.xml
+++ b/man/localectl.xml
@ -185,7 +185,7 @@
    otherwise.</para>
  </refsect1>
-  <xi:include href="less-variables.xml" />
+  <xi:include href="common-variables.xml" />
  <refsect1>
    <title>See Also</title>
--- a/man/loginctl.xml
+++ b/man/loginctl.xml
@ -334,13 +334,14 @@
        <term><option>-s</option></term>
        <term><option>--signal=</option></term>
-        <listitem><para>When used with <command>kill-session</command>
+        <listitem><para>When used with <command>kill-session</command> or <command>kill-user</command>,
-        or <command>kill-user</command>, choose which signal to send
+        choose which signal to send to selected processes. Must be one of the well known signal specifiers,
-        to selected processes. Must be one of the well known signal
+        such as <constant>SIGTERM</constant>, <constant>SIGINT</constant> or <constant>SIGSTOP</constant>.
-        specifiers, such as <constant>SIGTERM</constant>,
+        If omitted, defaults to <constant>SIGTERM</constant>.</para>
-        <constant>SIGINT</constant> or <constant>SIGSTOP</constant>.
+
-        If omitted, defaults to
+        <para>The special value <literal>help</literal> will list the known values and the program will exit
-        <constant>SIGTERM</constant>.</para></listitem>
+        immediately, and the special value <literal>list</literal> will list known values along with the
        numerical signal numbers and the program will exit immediately.</para></listitem>
      </varlistentry>
      <varlistentry>
@ -414,7 +415,7 @@ Apr 09 14:40:30 laptop login[2325]: LOGIN ON tty3 BY fatima
    </example>
  </refsect1>
-  <xi:include href="less-variables.xml" />
+  <xi:include href="common-variables.xml" />
  <refsect1>
    <title>See Also</title>
--- a/man/machine-info.xml
+++ b/man/machine-info.xml
@ -37,12 +37,10 @@
    file without implementing a shell compatible execution
    engine.</para>
-    <para><filename>/etc/machine-info</filename> contains metadata
+    <para><filename>/etc/machine-info</filename> contains metadata about the machine that is set by the user
-    about the machine that is set by the user or administrator.</para>
+    or administrator. The settings configured here have the highest precedence. When not set, appropriate
-
+    values may be determined automatically, based on the information about the hardware or other
-    <para>Depending on the operating system other configuration files
+    configuration files. It is thus completely fine for this file to not be present.</para>
    might be checked for machine information as well, however only as
    fallback.</para>
    <para>You may use
    <citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
@ -102,13 +100,11 @@
        as well as the special chassis types
        <literal>vm</literal> and
        <literal>container</literal> for
-        virtualized systems that lack an immediate physical chassis.
+        virtualized systems that lack an immediate physical chassis.</para>
-        Note that many systems allow detection of the chassis type
+
-        automatically (based on firmware information or suchlike).
+        <para>Note that most systems allow detection of the chassis type automatically (based on firmware
-        This setting (if set) shall take precedence over automatically
+        information or suchlike). This setting should only be used to override a misdetection or to manually
-        detected information and is useful to override misdetected
+        configure the chassis type where automatic detection is not available.</para></listitem>
        configuration or to manually configure the chassis type where
        automatic detection is not available.</para></listitem>
      </varlistentry>
      <varlistentry>
--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@ -699,17 +699,7 @@
        <option>all</option>.</para></listitem>
      </varlistentry>
-      <varlistentry>
+      <xi:include href="standard-options.xml" xpointer="signal" />
        <term><option>-s</option></term>
        <term><option>--signal=</option></term>
        <listitem><para>When used with <command>kill</command>, choose
        which signal to send to selected processes. Must be one of the
        well-known signal specifiers, such as
        <constant>SIGTERM</constant>, <constant>SIGINT</constant> or
        <constant>SIGSTOP</constant>. If omitted, defaults to
        <constant>SIGTERM</constant>.</para></listitem>
      </varlistentry>
      <varlistentry>
         <term><option>--uid=</option></term>
@ -990,7 +980,7 @@
    otherwise.</para>
  </refsect1>
-  <xi:include href="less-variables.xml" />
+  <xi:include href="common-variables.xml" />
  <refsect1>
    <title>See Also</title>
--- a/man/man.in
+++ b/man/man.in
@ -6,7 +6,7 @@ if [ -z "$1" ]; then
    exit 1
 fi
-# make sure the rules have been regenerated (in case man/update-man-rules was just run)
+# make sure the rules have been regenerated (in case update-man-rules was just run)
 ninja -C "@BUILD_ROOT@" version.h
 page="$(echo "$1" | sed 's/\./\\./')"
--- a/man/meson.build
+++ b/man/meson.build
@ -198,38 +198,6 @@ run_target(
 ############################################################
 if dbus_docs.length() > 0
        custom_target(
                'update-dbus-docs',
                output : 'update-dbus-docs',
                command : [update_dbus_docs_py,
                           '--build-dir=@0@'.format(project_build_root),
                           '@INPUT@'],
                input : dbus_docs)
        if conf.get('BUILD_MODE') == 'BUILD_MODE_DEVELOPER'
                test('dbus-docs-fresh',
                     update_dbus_docs_py,
                     args : ['--build-dir=@0@'.format(project_build_root),
                             '--test'] + dbus_docs)
        endif
 endif
 ############################################################
 if git.found()
        custom_target(
                'update-man-rules',
                output : 'update-man-rules',
                command : ['sh', '-c',
                           'cd @0@ && '.format(meson.build_root()) +
                           'python3 @0@/tools/update-man-rules.py $(git ls-files ":/man/*.xml") >t && '.format(project_source_root) +
                           'mv t @0@/rules/meson.build'.format(meson.current_source_dir())],
                depend_files : custom_entities_ent)
 endif
 ############################################################
 configure_file(
        input : 'man.in',
        output : 'man',
--- a/man/networkctl.xml
+++ b/man/networkctl.xml
@ -104,7 +104,7 @@
                <term>carrier</term>
                <listitem>
                  <para>the link has a carrier, or for bond or bridge master, all bonding or bridge slave
-                  network interfaces are enslaved to the master.</para>
+                  network interfaces are enslaved to the master</para>
                </listitem>
              </varlistentry>
              <varlistentry>
--- a/man/networkd.conf.xml
+++ b/man/networkd.conf.xml
@ -70,6 +70,18 @@
        is false. Defaults to yes.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><varname>RouteTable=</varname></term>
        <listitem><para>Defines the route table name. Takes a whitespace-separated list of the pairs of
        route table name and number. The route table name and number in each pair are separated with a
        colon, i.e., <literal><replaceable>name</replaceable>:<replaceable>number</replaceable></literal>.
        The route table name must not be <literal>default</literal>, <literal>main</literal>, or
        <literal>local</literal>, as these route table names are predefined with route table number 253,
        254, and 255, respectively. The route table number must be an integer in the range 1…4294967295.
        This setting can be specified multiple times. If an empty string is specified, then the list
        specified earlier are cleared. Defaults to unset.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
--- a/man/oomd.conf.xml
+++ b/man/oomd.conf.xml
@ -48,28 +48,40 @@
    <variablelist class='config-directives'>
      <varlistentry>
-        <term><varname>SwapUsedLimitPercent=</varname></term>
+        <term><varname>SwapUsedLimit=</varname></term>
-        <listitem><para>Sets the limit for swap usage on the system before <command>systemd-oomd</command> will
+        <listitem><para>Sets the limit for swap usage on the system before <command>systemd-oomd</command>
-        take action. If the percentage of swap used on the system is more than what is defined here,
+        will take action. If the fraction of swap used on the system is more than what is defined here,
-        <command>systemd-oomd</command> will act on eligible descendant cgroups, starting from the ones with the
+        <command>systemd-oomd</command> will act on eligible descendant control groups, starting from the
-        highest swap usage to the lowest swap usage. Which cgroups are monitored and what
+        ones with the highest swap usage to the lowest swap usage. Which control groups are monitored and
-        action gets taken depends on what the unit has configured for <varname>ManagedOOMSwap=</varname>.
+        what action gets taken depends on what the unit has configured for
-        Takes a percentage value between 0% and 100%, inclusive. Defaults to 90%.</para></listitem>
+        <varname>ManagedOOMSwap=</varname>.  Takes a value specified in percent (when suffixed with "%"),
        permille ("‰") or permyriad ("‱"), between 0% and 100%, inclusive. Defaults to 90%.</para></listitem>
      </varlistentry>
      <varlistentry>
-        <term><varname>DefaultMemoryPressureLimitPercent=</varname></term>
+        <term><varname>DefaultMemoryPressureLimit=</varname></term>
-        <listitem><para>Sets the limit for memory pressure on the unit's cgroup before <command>systemd-oomd</command>
+        <listitem><para>Sets the limit for memory pressure on the unit's control group before
-        will take action. A unit can override this value with <varname>ManagedOOMMemoryPressureLimitPercent=</varname>.
+        <command>systemd-oomd</command> will take action. A unit can override this value with
-        The memory pressure for this property represents the fraction of time in a 10 second window in which all tasks
+        <varname>ManagedOOMMemoryPressureLimit=</varname>.  The memory pressure for this property represents
-        in the cgroup were delayed. For each monitored cgroup, if the memory pressure on that cgroup exceeds the
+        the fraction of time in a 10 second window in which all tasks in the control group were delayed. For
-        limit set for more than 30 seconds, <command>systemd-oomd</command> will act on eligible descendant cgroups,
+        each monitored control group, if the memory pressure on that control group exceeds the limit set for
-        starting from the ones with the most reclaim activity to the least reclaim activity. Which cgroups are
+        longer than the duration set by <varname>DefaultMemoryPressureDurationSec=</varname>,
-        monitored and what action gets taken depends on what the unit has configured for
+        <command>systemd-oomd</command> will act on eligible descendant control groups, starting from the
-        <varname>ManagedOOMMemoryPressure=</varname>. Takes a percentage value between 0% and 100%, inclusive.
+        ones with the most reclaim activity to the least reclaim activity. Which control groups are monitored
-        Defaults to 60%.</para></listitem>
+        and what action gets taken depends on what the unit has configured for
        <varname>ManagedOOMMemoryPressure=</varname>. Takes a fraction specified in the same way as
        <varname>SwapUsedLimit=</varname> above. Defaults to 60%.</para></listitem>
      </varlistentry>
      <varlistentry>
        <term><varname>DefaultMemoryPressureDurationSec=</varname></term>
        <listitem><para>Sets the amount of time a unit's control group needs to have exceeded memory pressure
        limits before <command>systemd-oomd</command> will take action. Memory pressure limits are defined by
        <varname>DefaultMemoryPressureLimit=</varname> and <varname>ManagedOOMMemoryPressureLimit=</varname>.
        Defaults to 30 seconds when this property is unset or set to 0.</para></listitem>
      </varlistentry>
    </variablelist>
--- a/man/org.freedesktop.hostname1.xml
+++ b/man/org.freedesktop.hostname1.xml
@ -62,6 +62,9 @@ node /org/freedesktop/hostname1 {
      readonly s Hostname = '...';
      readonly s StaticHostname = '...';
      readonly s PrettyHostname = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s DefaultHostname = '...';
      readonly s HostnameSource = '...';
      readonly s IconName = '...';
      readonly s Chassis = '...';
      readonly s Deployment = '...';
@ -78,6 +81,10 @@ node /org/freedesktop/hostname1 {
      readonly s OperatingSystemCPEName = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s HomeURL = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s HardwareVendor = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly s HardwareModel = '...';
  };
  interface org.freedesktop.DBus.Peer { ... };
  interface org.freedesktop.DBus.Introspectable { ... };
@ -85,6 +92,10 @@ node /org/freedesktop/hostname1 {
 };
    </programlisting>
    <!--property HardwareVendor is not documented!-->
    <!--property HardwareModel is not documented!-->
    <!--Autogenerated cross-references for systemd.directives, do not edit-->
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.hostname1"/>
@ -113,6 +124,10 @@ node /org/freedesktop/hostname1 {
    <variablelist class="dbus-property" generated="True" extra-ref="PrettyHostname"/>
    <variablelist class="dbus-property" generated="True" extra-ref="DefaultHostname"/>
    <variablelist class="dbus-property" generated="True" extra-ref="HostnameSource"/>
    <variablelist class="dbus-property" generated="True" extra-ref="IconName"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Chassis"/>
@ -133,6 +148,10 @@ node /org/freedesktop/hostname1 {
    <variablelist class="dbus-property" generated="True" extra-ref="HomeURL"/>
    <variablelist class="dbus-property" generated="True" extra-ref="HardwareVendor"/>
    <variablelist class="dbus-property" generated="True" extra-ref="HardwareModel"/>
    <!--End of Autogenerated section-->
    <para>Whenever the hostname or other metadata is changed via the daemon,
@ -144,55 +163,63 @@ node /org/freedesktop/hostname1 {
  <refsect1>
    <title>Semantics</title>
-    <para>The <emphasis>static (configured) hostname</emphasis> is the one configured in
+    <para>The <varname>StaticHostname</varname> property exposes the "static" hostname configured in
-    <filename>/etc/hostname</filename>. It is chosen by the local user. It is not always in sync with the
+    <filename>/etc/hostname</filename>. It is not always in sync with the current hostname as returned by the
    current hostname as returned by the
    <citerefentry project="man-pages"><refentrytitle>gethostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-    system call. If no hostname is configured this property will be the empty string. Setting this property
+    system call. If no static hostname is configured this property will be the empty string.</para>
    to the empty string will remove <filename>/etc/hostname</filename>. This property should be an
    internet-style hostname, 7-bit lowercase ASCII, no special chars/spaces.</para>
-    <para>The <emphasis>transient (dynamic) hostname</emphasis> is the one configured via the kernel's
+    <para>When <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> or
    <citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    set the hostname, this static hostname <emphasis>has the highest priority</emphasis>.</para>
    <para>The <varname>Hostname</varname> property exposes the actual hostname configured in the kernel via
    <citerefentry project="man-pages"><refentrytitle>sethostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-    It can be different from the static hostname if DHCP or mDNS have been configured to change the name
+    It can be different from the static hostname. This property is never empty.</para>
    based on network information. <!-- FIXME: it's not DHCP that configures this... -->
    This property is never empty. If no hostname is set this will default to
    <literal>&FALLBACK_HOSTNAME;</literal> (configurable at compilation time). Setting this property to the
    empty string will reset the dynamic hostname to the static hostname. If no static hostname is
    configured the dynamic hostname will be reset to <literal>&FALLBACK_HOSTNAME;</literal>. This property
    should be an internet-style hostname, 7-bit lowercase ASCII, no special chars/spaces.</para>
-    <para>The <emphasis>pretty hostname</emphasis> is a free-form UTF-8 hostname for presentation to the
+    <para>The <varname>PrettyHostname</varname> property exposes the <emphasis>pretty hostname</emphasis>
-    user. User interfaces should ensure that the pretty hostname and the static hostname stay in sync.
+    which is a free-form UTF-8 hostname for presentation to the user. User interfaces should ensure that the
-    I.e. when the former is <literal>Lennart’s Computer</literal> the latter should be
+    pretty hostname and the static hostname stay in sync. E.g. when the former is <literal>Lennart’s
-    <literal>lennarts-computer</literal>. If no pretty hostname is set this setting will be the empty
+    Computer</literal> the latter should be <literal>lennarts-computer</literal>. If no pretty hostname is
-    string. Applications should then find a suitable fallback, such as the dynamic hostname.</para>
+    set this setting will be the empty string. Applications should then find a suitable fallback, such as the
    dynamic hostname.</para>
-    <para>The <emphasis>icon name</emphasis> is a name following the XDG icon naming spec. If not set,
+    <para>The <varname>DefaultHostname</varname> property exposes the default hostname (configured through
-    information such as the chassis type (see below) is used to find a suitable fallback icon name
+    <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>, or a
-    (i.e. <literal>computer-laptop</literal> vs. <literal>computer-desktop</literal> is picked based on the
+    fallback set at compilation time).</para>
    chassis information). If no such data is available, the empty string is returned. In that case an application
    should fall back to a replacement icon, for example <literal>computer</literal>. If this property is set
    to the empty string, the automatic fallback name selection is enabled again.</para>
-    <para>The <emphasis>chassis type</emphasis> should be one of the currently defined chassis types:
+    <para>The <varname>HostnameSource</varname> property exposes the origin of the currently configured
-    <literal>desktop</literal>, <literal>laptop</literal>, <literal>server</literal>,
+    hostname. One of <literal>static</literal> (set from <filename>/etc/hostname</filename>),
-    <literal>tablet</literal>, <literal>handset</literal>, as well as the special chassis types
+    <literal>transient</literal> (a non-permanent hostname from an external source),
-    <literal>vm</literal> and <literal>container</literal> for virtualized systems. Note that in most cases
+    <literal>default</literal> (the value from <filename>os-release</filename> or the the compiled-in
-    the chassis type will be determined automatically from DMI/SMBIOS/ACPI firmware information. Writing to
+    fallback).</para>
-    this setting is hence useful only to override misdetected chassis types, or to configure the chassis type if
+
-    it could not be auto-detected. Set this property to the empty string to reenable the automatic detection of
+    <para>The <varname>IconName</varname> property exposes the <emphasis>icon name</emphasis> following the
-    the chassis type from firmware information.</para>
+    XDG icon naming spec. If not set, information such as the chassis type (see below) is used to find a
    suitable fallback icon name (i.e. <literal>computer-laptop</literal>
    vs. <literal>computer-desktop</literal> is picked based on the chassis information). If no such data is
    available, the empty string is returned. In that case an application should fall back to a replacement
    icon, for example <literal>computer</literal>. If this property is set to the empty string, the automatic
    fallback name selection is enabled again.</para>
    <para>The <varname>Chassis</varname> property exposes a <emphasis>chassis type</emphasis>, one of the
    currently defined chassis types: <literal>desktop</literal>, <literal>laptop</literal>,
    <literal>server</literal>, <literal>tablet</literal>, <literal>handset</literal>, as well as the special
    chassis types <literal>vm</literal> and <literal>container</literal> for virtualized systems. Note that
    in most cases the chassis type will be determined automatically from DMI/SMBIOS/ACPI firmware
    information. Writing to this setting is hence useful only to override misdetected chassis types, or to
    configure the chassis type if it could not be auto-detected. Set this property to the empty string to
    reenable the automatic detection of the chassis type from firmware information.</para>
    <para>Note that <filename>systemd-hostnamed</filename> starts only on request and terminates after a
    short idle period. This effectively means that <function>PropertyChanged</function> messages are not sent
    out for changes made directly on the files (as in: administrator edits the files with vi). This is
    the intended behavior: manual configuration changes should require manual reloading.</para>
-    <para>The transient (dynamic) hostname maps directly to the kernel hostname. This hostname should be
+    <para>The transient (dynamic) hostname exposed by the <varname>Hostname</varname> property maps directly
-    assumed to be highly dynamic, and hence should be watched directly, without depending on
+    to the kernel hostname. This hostname should be assumed to be highly dynamic, and hence should be watched
-    <function>PropertyChanged</function> messages from <filename>systemd-hostnamed</filename>. To accomplish
+    directly, without depending on <function>PropertyChanged</function> messages from
-    this, open <filename>/proc/sys/kernel/hostname</filename> and
+    <filename>systemd-hostnamed</filename>. To accomplish this, open
    <filename>/proc/sys/kernel/hostname</filename> and
    <citerefentry project="man-pages"><refentrytitle>poll</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    for <constant>SIGHUP</constant> which is triggered by the kernel every time the hostname changes. Again:
    this is special for the transient (dynamic) hostname, and does not apply to the configured (fixed)
@ -206,15 +233,17 @@ node /org/freedesktop/hostname1 {
    for that. For more information on these files and syscalls see the respective man pages.</para>
    <refsect2>
-      <title>Methods and Properties</title>
+      <title>Methods</title>
-      <para><function>SetHostname()</function> sets the transient (dynamic) hostname which is exposed by the
+      <para><function>SetHostname()</function> sets the transient (dynamic) hostname, which is used if no
-      <varname>Hostname</varname> property. If empty, the transient hostname is set to the static hostname.
+      static hostname is set. This value must be an internet-style hostname, 7-bit lowercase ASCII, no
-      </para>
+      special chars/spaces. An empty string will unset the transient hostname.</para>
      <para><function>SetStaticHostname()</function> sets the static hostname which is exposed by the
-      <varname>StaticHostname</varname> property. If empty, the built-in default of
+      <varname>StaticHostname</varname> property. When called with an empty argument, the static
-      <literal>&FALLBACK_HOSTNAME;</literal> is used.</para>
+      configuration in <filename>/etc/hostname</filename> is removed. Since the static hostname has the
      highest priority, calling this function usually affects also the <varname>Hostname</varname> property
      and the effective hostname configured in the kernel.</para>
      <para><function>SetPrettyHostname()</function> sets the pretty hostname which is exposed by the
      <varname>PrettyHostname</varname> property.</para>
@ -287,10 +316,6 @@ node /org/freedesktop/hostname1 {
    with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    </para>
    <para>A client that wants to change the local hostname for DHCP/mDNS should invoke
    <code>SetHostname("newname", false)</code> as soon as the name is available and afterwards reset it via
    <code>SetHostname("")</code>.</para>
    <para>Here are some recommendations to follow when generating a static (internet) hostname from a pretty
    name:
    <itemizedlist>
@ -309,8 +334,8 @@ node /org/freedesktop/hostname1 {
      <listitem><para>Limit the hostname to 63 chars, which is the length of a DNS label.</para></listitem>
      <listitem><para>If after stripping special chars the empty string is the result, you can pass this
-      as-is to <filename>systemd-hostnamed</filename> in which case it will automatically use
+      as-is to <filename>systemd-hostnamed</filename> in which case it will automatically use a suitable
-      <literal>&FALLBACK_HOSTNAME;</literal>.</para></listitem>
+      fallback.</para></listitem>
      <listitem><para>Uppercase charaacters should be replaced with their lowercase equivalents.
      </para></listitem>
--- a/man/org.freedesktop.login1.xml
+++ b/man/org.freedesktop.login1.xml
@ -102,12 +102,19 @@ node /org/freedesktop/login1 {
                   in  b interactive);
      FlushDevices(in  b interactive);
      PowerOff(in  b interactive);
      PowerOffWithFlags(in  t flags);
      Reboot(in  b interactive);
      RebootWithFlags(in  t flags);
      Halt(in  b interactive);
      HaltWithFlags(in  t flags);
      Suspend(in  b interactive);
      SuspendWithFlags(in  t flags);
      Hibernate(in  b interactive);
      HibernateWithFlags(in  t flags);
      HybridSleep(in  b interactive);
      HybridSleepWithFlags(in  t flags);
      SuspendThenHibernate(in  b interactive);
      SuspendThenHibernateWithFlags(in  t flags);
      CanPowerOff(out s result);
      CanReboot(out s result);
      CanHalt(out s result);
@ -291,18 +298,32 @@ node /org/freedesktop/login1 {
    <variablelist class="dbus-method" generated="True" extra-ref="PowerOff()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="PowerOffWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Reboot()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="RebootWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Halt()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="HaltWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Suspend()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="SuspendWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Hibernate()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="HibernateWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="HybridSleep()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="HybridSleepWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="SuspendThenHibernate()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="SuspendThenHibernateWithFlags()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="CanPowerOff()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="CanReboot()"/>
@ -525,8 +546,19 @@ node /org/freedesktop/login1 {
      using an RTC timer and hibernated. The only argument is the polkit interactivity boolean
      <varname>interactive</varname> (see below). The main purpose of these calls is that they enforce
      polkit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
-      users. They also enforce inhibition locks. UIs should expose these calls as the primary mechanism to
+      users. They also enforce inhibition locks for non-privileged users. UIs should expose these calls
-      poweroff/reboot/suspend/hibernate the machine.</para>
+      as the primary mechanism to poweroff/reboot/suspend/hibernate the machine. Methods
      <function>PowerOffWithFlags()</function>, <function>RebootWithFlags()</function>,
      <function>HaltWithFlags()</function>, <function>SuspendWithFlags()</function>,
      <function>HibernateWithFlags()</function>, <function>HybridSleepWithFlags()</function> and
      <function>SuspendThenHibernateWithFlags()</function> add <varname>flags</varname> to allow for
      extendability, defined as follows:</para>
      <programlisting>
 #define SD_LOGIND_ROOT_CHECK_INHIBITORS  (UINT64_C(1) &lt;&lt; 0)
      </programlisting>
      <para> When the <varname>flags</varname> is 0 then these methods behave just like the versions
      without flags. When <constant>SD_LOGIND_ROOT_CHECK_INHIBITORS</constant> (0x01) is set, active
      inhibitors are honoured for privileged users too.</para>
      <para><function>SetRebootParameter()</function> sets a parameter for a subsequent reboot operation.
      See the description of <command>reboot</command> in
--- a/man/org.freedesktop.portable1.xml
+++ b/man/org.freedesktop.portable1.xml
@ -0,0 +1,427 @@
 <?xml version='1.0'?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" >
 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
 <refentry id="org.freedesktop.portable1" conditional='ENABLE_PORTABLED'
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>org.freedesktop.portable1</title>
    <productname>systemd</productname>
  </refentryinfo>
  <refmeta>
    <refentrytitle>org.freedesktop.portable1</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>org.freedesktop.portable1</refname>
    <refpurpose>The D-Bus interface of systemd-portabled</refpurpose>
  </refnamediv>
  <refsect1>
    <title>Introduction</title>
    <para>
    <citerefentry><refentrytitle>systemd-portabled.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    is a system service that may be used to attach, detach and inspect portable services. This page describes the
    D-Bus interface.</para>
  </refsect1>
  <refsect1>
    <title>The Manager Object</title>
    <para>The service exposes the following interfaces on the Manager object on the bus:</para>
    <programlisting executable="systemd-portabled" node="/org/freedesktop/portable1" interface="org.freedesktop.portable1.Manager">
 node /org/freedesktop/portable1 {
  interface org.freedesktop.portable1.Manager {
    methods:
      GetImage(in  s image,
               out o object);
      ListImages(out a(ssbtttso) UNNAMED);
      GetImageOSRelease(in  s image,
                        out a{ss} os_release);
      GetImageMetadata(in  s image,
                       in  as matches,
                       out s image,
                       out ay os_release,
                       out a{say} units);
      GetImageState(in  s image,
                    out s state);
      AttachImage(in  s image,
                  in  as matches,
                  in  s profile,
                  in  b runtime,
                  in  s copy_mode,
                  out a(sss) changes);
      DetachImage(in  s image,
                  in  b runtime,
                  out a(sss) changes);
      ReattachImage(in  s image,
                    in  as matches,
                    in  s profile,
                    in  b runtime,
                    in  s copy_mode,
                    out a(sss) changes_removed,
                    out a(sss) changes_updated);
      RemoveImage(in  s image);
      MarkImageReadOnly(in  s image,
                        in  b read_only);
      SetImageLimit(in  s image,
                    in  t limit);
      SetPoolLimit(in  t limit);
    properties:
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s PoolPath = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t PoolUsage = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t PoolLimit = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly as Profiles = ['...', ...];
  };
  interface org.freedesktop.DBus.Peer { ... };
  interface org.freedesktop.DBus.Introspectable { ... };
  interface org.freedesktop.DBus.Properties { ... };
 };
    </programlisting>
    <!--Autogenerated cross-references for systemd.directives, do not edit-->
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Manager"/>
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Manager"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetImage()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="ListImages()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetImageOSRelease()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetImageMetadata()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetImageState()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="AttachImage()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="DetachImage()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="ReattachImage()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="RemoveImage()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="MarkImageReadOnly()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="SetImageLimit()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="SetPoolLimit()"/>
    <variablelist class="dbus-property" generated="True" extra-ref="PoolPath"/>
    <variablelist class="dbus-property" generated="True" extra-ref="PoolUsage"/>
    <variablelist class="dbus-property" generated="True" extra-ref="PoolLimit"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Profiles"/>
    <!--End of Autogenerated section-->
    <refsect2>
      <title>Methods</title>
      <para><function>GetImage()</function> may be used to get the image object path of the image with the
      specified name.</para>
      <para><function>ListImages()</function> returns an array of all currently known images. The
      structures in the array consist of the following fields: image name, type, read-only flag, creation
      time, modification time, current disk space, usage and image object path.</para>
      <para><function>GetImageOSRelease()</function> retrieves the OS release information of an image.
      This method returns an array of key value pairs read from the
      <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file in
      the image and is useful to identify the operating system used in a portable service.</para>
      <para><function>GetImageMetadata()</function> retrieves metadata associated with an image.
      This method returns the image name, the image's <citerefentry><refentrytitle>os-release</refentrytitle>
      <manvolnum>5</manvolnum></citerefentry> content in the form of a (streamable) array of bytes,
      and a list of portable units contained in the image, in the form of a string (unit name) and
      an array of bytes with the content.</para>
      <para><function>GetImageState()</function> retrieves the image state as one of the following
      strings:
      <itemizedlist>
        <listitem><para>detached</para></listitem>
        <listitem><para>attached</para></listitem>
        <listitem><para>attached-runtime</para></listitem>
        <listitem><para>enabled</para></listitem>
        <listitem><para>enabled-runtime</para></listitem>
        <listitem><para>running</para></listitem>
        <listitem><para>running-runtime</para></listitem>
      </itemizedlist></para>
      <para><function>AttachImage()</function> attaches a portable image to the system.
      This method takes an image path or name, a list of strings that will be used to search for
      unit files inside the image (partial or complete matches), a string indicating which
      portable profile to use for the image (see <varname>Profiles</varname> property for
      a list of available profiles), a boolean indicating whether to attach the image only
      for the current boot session, and a string representing the preferred copy mode
      (whether to copy the image or to just symlink it) with the following possible values:
      <itemizedlist>
        <listitem><para>(null)</para></listitem>
        <listitem><para>copy</para></listitem>
        <listitem><para>symlink</para></listitem>
      </itemizedlist>
      This method returns the list of changes applied to the system (for example, which unit was
      added and is now available as a system service). Each change is represented as a triplet of
      strings: the type of change applied, the path on which it was applied, and the source
      (if any). The type of change applied will be one of the following possible values:
      <itemizedlist>
        <listitem><para>copy</para></listitem>
        <listitem><para>symlink</para></listitem>
        <listitem><para>write</para></listitem>
        <listitem><para>mkdir</para></listitem>
      </itemizedlist>
      Note that an image cannot be attached if a unit that it contains is already present
      on the system.</para>
      <para><function>DetachImage()</function> detaches a portable image from the system.
      This method takes an image path or name, and a boolean indicating whether the image to
      detach was attached only for the current boot session or persistently. This method
      returns the list of changes applied to the system (for example, which unit was removed
      and is no longer available as a system service). Each change is represented as a triplet of
      strings: the type of change applied, the path on which it was applied, and the source
      (if any). The type of change applied will be one of the following possible values:
      <itemizedlist>
        <listitem><para>unlink</para></listitem>
      </itemizedlist>
      Note that an image cannot be detached if a unit that it contains is running.</para>
      <para><function>ReattachImage()</function> combines the effects of the
      <function>AttachImage()</function> method and the <function>DetachImage()</function> method.
      The difference is that it is allowed to reattach an image while one or more of its units
      are running. The reattach operation will fail if no matching image is attached.
      The input parameters match the <function>AttachImage()</function> method, and the return
      parameters are the combination of the return parameters of the
      <function>DetachImage()</function> method (first array, units that were removed) and the
      <function>AttachImage()</function> method (second array, units that were updated or added).</para>
      <para><function>RemoveImage()</function> removes the image with the specified name.</para>
      <para><function>MarkImageReadOnly()</function> toggles the read-only flag of an image.</para>
      <para><function>SetPoolLimit()</function> sets an overall quota limit on the pool of images.</para>
      <para><function>SetImageLimit()</function> sets a per-image quota limit.</para>
    </refsect2>
    <refsect2>
      <title>Properties</title>
      <para><varname>PoolPath</varname> specifies the file system path where images are written to.</para>
      <para><varname>PoolUsage</varname> specifies the current usage size of the image pool in bytes.</para>
      <para><varname>PoolLimit</varname> specifies the size limit of the image pool in bytes.</para>
      <para><varname>Profiles</varname> specifies the available runtime profiles for portable services.</para>
    </refsect2>
  </refsect1>
  <refsect1>
    <title>The Image Object</title>
    <para>The service exposes the following interfaces on the Image object on the bus:</para>
    <programlisting executable="systemd-portabled" node="/org/freedesktop/portable1" interface="org.freedesktop.portable1.Image">
 node /org/freedesktop/portable1 {
  interface org.freedesktop.portable1.Image {
    methods:
      GetOSRelease(out a{ss} UNNAMED);
      GetMetadata(in  as matches,
                  out s image,
                  out ay os_release,
                  out a{say} units);
      GetState(out s UNNAMED);
      Attach(in  as matches,
             in  s profile,
             in  b runtime,
             in  s copy_mode,
             out a(sss) changes);
      Detach(in  b runtime,
             out a(sss) changes);
      Reattach(in  as matches,
               in  s profile,
               in  b runtime,
               in  s copy_mode,
               out a(sss) changes_removed,
               out a(sss) changes_updated);
      Remove();
      MarkReadOnly(in  b read_only);
      SetLimit(in  t limit);
    properties:
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s Name = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s Path = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s Type = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b ReadOnly = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t CreationTimestamp = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t ModificationTimestamp = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t Usage = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t Limit = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t UsageExclusive = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t LimitExclusive = ...;
  };
  interface org.freedesktop.DBus.Peer { ... };
  interface org.freedesktop.DBus.Introspectable { ... };
  interface org.freedesktop.DBus.Properties { ... };
 };
    </programlisting>
    <!--method GetOSRelease is not documented!-->
    <!--method GetMetadata is not documented!-->
    <!--method GetState is not documented!-->
    <!--method Attach is not documented!-->
    <!--method Detach is not documented!-->
    <!--method Reattach is not documented!-->
    <!--method Remove is not documented!-->
    <!--method MarkReadOnly is not documented!-->
    <!--method SetLimit is not documented!-->
    <!--Autogenerated cross-references for systemd.directives, do not edit-->
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Image"/>
    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.portable1.Image"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetOSRelease()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetMetadata()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="GetState()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Attach()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Detach()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Reattach()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="Remove()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="MarkReadOnly()"/>
    <variablelist class="dbus-method" generated="True" extra-ref="SetLimit()"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Name"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Path"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Type"/>
    <variablelist class="dbus-property" generated="True" extra-ref="ReadOnly"/>
    <variablelist class="dbus-property" generated="True" extra-ref="CreationTimestamp"/>
    <variablelist class="dbus-property" generated="True" extra-ref="ModificationTimestamp"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Usage"/>
    <variablelist class="dbus-property" generated="True" extra-ref="Limit"/>
    <variablelist class="dbus-property" generated="True" extra-ref="UsageExclusive"/>
    <variablelist class="dbus-property" generated="True" extra-ref="LimitExclusive"/>
    <!--End of Autogenerated section-->
    <refsect2>
      <title>Methods</title>
      <para>The following methods implement the same operation as the respective methods on the
      <interfacename>Manager</interfacename> object (see above). However, these methods operate on the image
      object and hence does not take an image name parameter. Invoking the methods directly on the Manager
      object has the advantage of not requiring a <function>GetImage()</function> call to get the image object
      for a specific image name. Calling the methods on the Manager object is hence a round trip
      optimization. List of methods:
      <itemizedlist>
        <listitem><para>GetOSRelease()</para></listitem>
        <listitem><para>GetMetadata()</para></listitem>
        <listitem><para>GetState()</para></listitem>
        <listitem><para>Attach()</para></listitem>
        <listitem><para>Detach()</para></listitem>
        <listitem><para>Reattach()</para></listitem>
        <listitem><para>Remove()</para></listitem>
        <listitem><para>MarkReadOnly()</para></listitem>
        <listitem><para>SetLimit()</para></listitem>
      </itemizedlist></para>
    </refsect2>
    <refsect2>
      <title>Properties</title>
      <para><varname>Name</varname> specifies the image name.</para>
      <para><varname>Path</varname> specifies the file system path where image is stored.</para>
      <para><varname>Type</varname> specifies the image type.</para>
      <para><varname>ReadOnly</varname> specifies whether the image is read-only.</para>
      <para><varname>CreationTimestamp</varname> specifies the image creation timestamp.</para>
      <para><varname>ModificationTimestamp</varname> specifies the image modification timestamp.</para>
      <para><varname>Usage</varname> specifies the image disk usage.</para>
      <para><varname>Limit</varname> specifies the image disk usage limit.</para>
      <para><varname>UsageExclusive</varname> specifies the image disk usage (exclusive).</para>
      <para><varname>LimitExclusive</varname> specifies the image disk usage limit (exclusive).</para>
    </refsect2>
  </refsect1>
  <refsect1>
    <title>Versioning</title>
    <para>These D-Bus interfaces follow <ulink url="http://0pointer.de/blog/projects/versioning-dbus.html">
    the usual interface versioning guidelines</ulink>.</para>
  </refsect1>
 </refentry>
--- a/man/org.freedesktop.resolve1.xml
+++ b/man/org.freedesktop.resolve1.xml
@ -329,7 +329,7 @@ node /org/freedesktop/resolve1 {
        <listitem><para>Alternatively, leave both the service name and type empty and specify the full
        domain name of the SRV record (i.e. prefixed with the service type) in the domain parameter. (No IDNA
-        coversion is applied in this mode.)</para></listitem>
+        conversion is applied in this mode.)</para></listitem>
      </orderedlist>
      <para>The <varname>family</varname> parameter of the <function>ResolveService()</function> method encodes
--- a/Show More
+++ b/Show More
`@ -1 +1,2 @@`
	`*.[ch] whitespace=tab-in-indent,trailing-space`	`*.[ch] whitespace=tab-in-indent,trailing-space`
		`test/dmidecode-dumps/*.bin binary`