Merge pull request #28078 from keszybz/trivial-syntax-and-wording-fixes

Trivial syntax and wording fixes

docs/CREDENTIALS.md

@@ -78,7 +78,7 @@ Within unit files, there are four settings to configure service credentials.
 2. `SetCredential=` may be used to set a credential to a literal string encoded
    in the unit file. Because unit files are world-readable (both on disk and
    via D-Bus), this should only be used for credentials that aren't sensitive,
-   i.e. public keys/certificates – but not private keys.
+   e.g. public keys or certificates, but not private keys.
 
 3. `LoadCredentialEncrypted=` is similar to `LoadCredential=` but will load an
    encrypted credential, and decrypt it before passing it to the service. For

man/systemd-nspawn.xml

@@ -1545,8 +1545,9 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
         with a focus on implementing stateless operating system images.</para></listitem>
       </varlistentry>
     </variablelist>
+  </refsect2>
 
-    </refsect2><refsect2>
+  <refsect2>
     <title>Input/Output Options</title>
 
     <variablelist>
@@ -1592,57 +1593,57 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
       </varlistentry>
     </variablelist>
 
-    </refsect2><refsect2>
-    <title>Credentials</title>
+    </refsect2>
+    <refsect2>
+      <title>Credentials</title>
 
-    <variablelist>
-      <varlistentry>
-        <term><option>--load-credential=</option><replaceable>ID</replaceable>:<replaceable>PATH</replaceable></term>
-        <term><option>--set-credential=</option><replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></term>
+      <variablelist>
+        <varlistentry>
+          <term><option>--load-credential=</option><replaceable>ID</replaceable>:<replaceable>PATH</replaceable></term>
+          <term><option>--set-credential=</option><replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></term>
 
-        <listitem><para>Pass a credential to the container. These two options correspond to the
-        <varname>LoadCredential=</varname> and <varname>SetCredential=</varname> settings in unit files. See
-        <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
-        details about these concepts, as well as the syntax of the option's arguments.</para>
+          <listitem><para>Pass a credential to the container. These two options correspond to the
+          <varname>LoadCredential=</varname> and <varname>SetCredential=</varname> settings in unit files. See
+          <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+          details about these concepts, as well as the syntax of the option's arguments.</para>
 
-        <para>Note: when <command>systemd-nspawn</command> runs as systemd system service it can propagate
-        the credentials it received via <varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
-        to the container payload. A systemd service manager running as PID 1 in the container can further
-        propagate them to the services it itself starts. It is thus possible to easily propagate credentials
-        from a parent service manager to a container manager service and from there into its payload. This
-        can even be done recursively.</para>
+          <para>Note: when <command>systemd-nspawn</command> runs as systemd system service it can propagate
+          the credentials it received via <varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
+          to the container payload. A systemd service manager running as PID 1 in the container can further
+          propagate them to the services it itself starts. It is thus possible to easily propagate credentials
+          from a parent service manager to a container manager service and from there into its payload. This
+          can even be done recursively.</para>
 
-        <para>In order to embed binary data into the credential data for <option>--set-credential=</option>
-        use C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to
-        embed a <constant>NUL</constant> byte. Note that the invoking shell might already apply unescaping
-        once, hence this might require double escaping!).</para>
+          <para>In order to embed binary data into the credential data for <option>--set-credential=</option>,
+          use C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to
+          embed a <constant>NUL</constant> byte). Note that the invoking shell might already apply unescaping
+          once, hence this might require double escaping!.</para>
 
-        <para>The
-        <citerefentry><refentrytitle>systemd-sysusers.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-        and
-        <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-        services read credentials configured this way for the purpose of configuring the container's root
-        user's password and shell, as well as system locale, keymap and timezone during the first boot
-        process of the container. This is particularly useful in combination with
-        <option>--volatile=yes</option> where every single boot appears as first boot, since configuration
-        applied to <filename>/etc/</filename> is lost on container reboot cycles. See the respective man
-        pages for details. Example:</para>
+          <para>The
+          <citerefentry><refentrytitle>systemd-sysusers.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          and
+          <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+          services read credentials configured this way for the purpose of configuring the container's root
+          user's password and shell, as well as system locale, keymap and timezone during the first boot
+          process of the container. This is particularly useful in combination with
+          <option>--volatile=yes</option> where every single boot appears as first boot, since configuration
+          applied to <filename>/etc/</filename> is lost on container reboot cycles. See the respective man
+          pages for details. Example:</para>
 
-        <programlisting># systemd-nspawn -i image.raw \
-        --volatile=yes \
-        --set-credential=firstboot.locale:de_DE.UTF-8 \
-        --set-credential=passwd.hashed-password.root:'$y$j9T$yAuRJu1o5HioZAGDYPU5d.$F64ni6J2y2nNQve90M/p0ZP0ECP/qqzipNyaY9fjGpC' \
-        -b</programlisting>
+          <programlisting># systemd-nspawn -i image.raw \
+          --volatile=yes \
+          --set-credential=firstboot.locale:de_DE.UTF-8 \
+          --set-credential=passwd.hashed-password.root:'$y$j9T$yAuRJu1o5HioZAGDYPU5d.$F64ni6J2y2nNQve90M/p0ZP0ECP/qqzipNyaY9fjGpC' \
+          -b</programlisting>
 
-        <para>The above command line will invoke the specified image file <filename>image.raw</filename> in
-        volatile mode, i.e. with empty <filename>/etc/</filename> and <filename>/var/</filename>.  The
-        container payload will recognize this as a first boot, and will invoke
-        <filename>systemd-firstboot.service</filename>, which then reads the two passed credentials to
-        configure the system's initial locale and root password.</para>
-        </listitem>
+          <para>The above command line will invoke the specified image file <filename>image.raw</filename> in
+          volatile mode, i.e. with empty <filename>/etc/</filename> and <filename>/var/</filename>.  The
+          container payload will recognize this as a first boot, and will invoke
+          <filename>systemd-firstboot.service</filename>, which then reads the two passed credentials to
+          configure the system's initial locale and root password.</para>
+          </listitem>
         </varlistentry>
-
-    </variablelist>
+      </variablelist>
 
     </refsect2><refsect2>
     <title>Other</title>

man/systemd-stub.xml

@@ -160,7 +160,7 @@
       revoked with a SBAT policy update, without requiring blocklisting via DBX/MOKX. The
       <citerefentry><refentrytitle>ukify</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool will
       add a SBAT policy by default if none is passed when building addons. For more information on SBAT see
-      <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim's documentation.</ulink>
+      <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim's documentation</ulink>.
       Addons are supposed to be used to pass additional kernel command line parameters, regardless of the
       kernel image being booted, for example to allow platform vendors to ship platform-specific
       configuration. The loaded command line addon files are sorted, loaded, measured into TPM PCR 12 (if a
@@ -179,7 +179,7 @@
       <command>cpio</command> archive and placed in the <filename>/.extra/global_credentials/</filename>
       directory of the initrd file hierarchy. This is supposed to be used to pass additional credentials to
       the initrd, regardless of the kernel being booted. The generated <command>cpio</command> archive is
-      measured into TPM PCR 12 (if a TPM is present)</para></listitem>
+      measured into TPM PCR 12 (if a TPM is present).</para></listitem>
 
       <listitem><para>Additionally, files <filename>/loader/addons/*.addon.efi</filename> are loaded and
       verified as PE binaries, and a <literal>.cmdline</literal> section is parsed from them. This is

man/systemd.exec.xml

@@ -3302,7 +3302,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
 
         <para>When multiple credentials of the same name are found, credentials found by
         <varname>LoadCredential=</varname> and <varname>LoadCredentialEncrypted=</varname> take priority over
-        credentials found by <varname>ImportCredential=</varname></para></listitem>.
+        credentials found by <varname>ImportCredential=</varname>.</para></listitem>
       </varlistentry>
 
       <varlistentry>

src/machine/machinectl.c

@@ -1705,7 +1705,7 @@ static int start_machine(int argc, char *argv[], void *userdata) {
 
         r = bus_wait_for_jobs_new(bus, &w);
         if (r < 0)
-                return log_oom();
+                return log_error_errno(r, "Could not watch jobs: %m");
 
         for (int i = 1; i < argc; i++) {
                 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;

src/shared/mount-util.c

@@ -459,7 +459,7 @@ static int mount_switch_root_pivot(int fd_newroot, const char *path) {
 
         /* Change into the new rootfs. */
         if (fchdir(fd_newroot) < 0)
-                return log_debug_errno(errno, "Failed to change into new rootfs '%s': %m", path);
+                return log_debug_errno(errno, "Failed to chdir into new rootfs '%s': %m", path);
 
         /* Let the kernel tuck the new root under the old one. */
         if (pivot_root(".", ".") < 0)
@@ -479,13 +479,13 @@ static int mount_switch_root_move(int fd_newroot, const char *path) {
 
         /* Change into the new rootfs. */
         if (fchdir(fd_newroot) < 0)
-                return log_debug_errno(errno, "Failed to change into new rootfs '%s': %m", path);
+                return log_debug_errno(errno, "Failed to chdir into new rootfs '%s': %m", path);
 
         /* Move the new root fs */
         if (mount(".", "/", NULL, MS_MOVE, NULL) < 0)
                 return log_debug_errno(errno, "Failed to move new rootfs '%s': %m", path);
 
-        /* Also change chroot dir */
+        /* Also change root dir */
         if (chroot(".") < 0)
                 return log_debug_errno(errno, "Failed to chroot to new rootfs '%s': %m", path);