Systemd 251 Released With systemd-sysupdate Introduced, Many Other Additions
As with most systemd feature releases, systemd 251 is another hefty release with it continuing to add new features to enhance workflows and modernize other low-level areas of the Linux stack beyond its conventional init system duties.
When looking at the systemd Git repository from v250 to v251, there were 79,853 lines of new code and 34,624 lines deleted over the past six months. Systemd is up to roughly 706k lines of detected code, another 71k lines of comments, and 188k blank lines.
Among the key changes for systemd 251 are:
- A new component "systemd-sysupdate" has been added that automatically discovers / downloads / installs A/B style updates for the host installation itself or container images / portable service images. Systemd-sysupdate is currently considered experimental. This OS updating tool has been worked on by Red Hat / systemd developers going back to last summer.
- Systemd 251 changes the default C standard version to C11 with GNU extensions (GNU11) though their public API headers have been limited still to C89.
- All kernels supported by systemd will now mix the RdRand instruction output (or other CPU random ISA extensions) into the entropy pool at early boot. This will mean even if /dev/urandom is not initialized, it will still return bytes that had at least as of high quality as RdRand. In turn, systemd no longer needs to invoke RdRand directly itself. RdRand usage by systemd in the past has been prone to bugs.
- Various improvements to the Boot Loader Specification and various kernel-install improvements.
- A new set of service monitor environment variables are passed to the OnFailure/OnSuccess handlers.
- Units that were killed by systemd-oomd will now have a service result of oom-kill.
- Enabling more service settings to now also work with unprivileged user services.
- busctl now uses the pcapng format for output rather than pcap.
- New hardware database (HWDB) files for handheld devices annd A/V production devices.
- systemd-networkd .netdev files can now be used to create virtual WLAN devices.
- PID 1 will now automatically pick up system credentials from QEMU's fw_cfg interface. This is a means of passing arbitrary data into VM systems similar to what can be currently done with systemd-nspawn containers. Initially the "systemd.set_credential=" kernel command line is the anticipated use-case when paired with VMs using the systemd-stub UEFI stub.
- The LoadCredential= option will now automatically search for credentials to import in the /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if no or a relative source filename is passed. From the docs, "The idea is that these directories are now the recommended system-wide location to place credentials for automatic pick-up by services in."
- Generators invoked by PID 1 will now have several environment variables added: $SYSTEMD_SCOPE, $SYSTEMD_IN_INITRD, $SYSTEMD_ARCHITECTURE, $SYSTEMD_FIRST_BOOT, and $SYSTEMD_VIRTUALIZATION.
- Block devices will now get a new set of device symlinks in /dev/disk/by-diskseq/[nr], which may be used to reference block device nodes via the kernel's "diskseq" value. This relates to the Linux 5.15 introduced change for systemd and brought up by Microsoft engineers as well for a global counter on block/disk changes.
- The systemd-creds tool now has a "has-tpm2" verb for indicating if a functioning TPM 2.0 module is available.
For the systemd sources and the lengthy list of systemd 251 changes overall, visit GitHub.