systemd 250 Is Coming For Christmas With A Boat Load Of New Features
It's been a half-year since systemd 249 and now systemd 250 is preparing to set sail for powering 2022 Linux distributions. Systemd 250 has many notable changes from systemd-homed defaulting to Btrfs with Zstd compression to UID mapped mounts to ease home directory migration among systems. There is also support for encrypted and authenticated credentials, many new settings for unit files, and much more.
Some of the highlights with systemd 250 include:
- Support for encrypted and authenticated credentials. This can be a key stored on /var/ or a TPM2 chip on the system whereby credentials will be automatically decrypted when the service is started. There is also a new tool called systemd-creds for dealing with the credentials. This can be used for SSL certificates, passwords, and other similar data.
- Expanding the GPT Discoverable Partitions Specification with support for root and /usr/ partitions on the majority of architectures supported by systemd, among other changes.
- Systemd-logind has new settings for long presses to the power, reboot, or suspend keys on the system. The long press (greater than 5 second) presses to those buttons can now be configured for logind if wanting to manipulate the behavior.
- A new per-service setting of RestrictFileSystems= for restricting the file-systems a service can access based on their type.
- Services also have a new setting RestrictNetworkInterfaces= for restricting access of services to specific network interfaces.
- The default maximum number of inodes has been raised from 64k to 1M for /dev and from 400k to 1M for /tmp.
- The per-user service manager now supports communicating with systemd-oomd for learning of out-of-memory kill information.
- Various TPM 2.0 trusted platform module support improvements.
- Support for activating dm-integrity volumes at boot using a new /etc/integritytab file.
- New hardware databases for signal analyzers and cameras. The camera hardware database keeps track whether cameras point forward/backward and of different types such as infrared.
- A new unit systemd-boot-update.service is added for when using sd-boot loader to ensure the boot-loader remains up-to-date and automatically propagated from OS tree information in /usr.
- Easier support for migrating home directories between systems when running systemd-homed. Systemd-homed now is using UID mapped mounts on supported kernels/file-systems where files are now internally owned by "nobody" and then mapped to the UID used locally on the system via the UID mapped mounts interface. This improves migrating home directories between systems by no longer having to recursively chown files.
- Systemd-homed now defaults to using Btrfs Zstd compression for home areas, following Fedora's recent decision to do so.
- Initial support for the LoongArch architecture.
- Systemd-journald now re-enables copy-on-write for archived journal files on supported file-systems.
There is also a wide variety of other new settings added for systemd units and improvements to various systemd components like networkd, sd-boot, systemd-homed, etc. There is a hell of a lot of changes this cycle. Sd-boot in particular seems to be a lot more capable with systemd 250 for competing with other open-source boot-loaders.
Those were just the systemd 250 changes to catch my attention... See the extensive list via the NEWS for all that is coming to v250.
Released today was systemd 250-rc1 followed quickly by systemd 250-rc2 as the test release ahead of the official update coming out soon.