Systemd 251-rc2 Released With More Features
With systemd 251-rc2 among the changes are:
- PID 1 will now automatically pick up system credentials from QEMU's fw_cfg interface. This is a means of passing arbitrary data into VM systems similar to what can be currently done with systemd-nspawn containers. Initially the "systemd.set_credential=" kernel command line is the anticipated use-case when paired with VMs using the systemd-stub UEFI stub.
- The LoadCredential= option will now automatically search for credentials to import in the /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if no or a relative source filename is passed. From the docs, "The idea is that these directories are now the recommended system-wide location to place credentials for automatic pick-up by services in."
- Generators invoked by PID 1 will now have several environment variables added: $SYSTEMD_SCOPE, $SYSTEMD_IN_INITRD, $SYSTEMD_ARCHITECTURE, $SYSTEMD_FIRST_BOOT, and $SYSTEMD_VIRTUALIZATION.
- Block devices will now get a new set of device symlinks in /dev/disk/by-diskseq/[nr], which may be used to reference block device nodes via the kernel's "diskseq" value. This relates to the Linux 5.15 introduced change for systemd and brought up by Microsoft engineers as well for a global counter on block/disk changes.
- The minimum kernel version now has been bumped from Linux 3.15 to 4.15. Pre-4.15 kernels are no longer supported.
- The systemd-creds tool now has a "has-tpm2" verb for indicating if a functioning TPM 2.0 module is available.
These are on top of the other changes found already within systemd 251-rc1:
- A new component "systemd-sysupdate" has been added that automatically discovers / downloads / installs A/B style updates for the host installation itself or container images / portable service images. Systemd-sysupdate is currently considered experimental. This OS updating tool has been worked on by Red Hat / systemd developers going back to last summer.
- Like Linux 5.18, systemd 251 changes the default C standard version to C11 with GNU extensions (GNU11) though their public API headers have been limited still to C89.
- All kernels supported by systemd will now mix the RdRand instruction output (or other CPU random ISA extensions) into the entropy pool at early boot. This will mean even if /dev/urandom is not initialized, it will still return bytes that had at least as of high quality as RdRand. In turn, systemd no longer needs to invoke RdRand directly itself. RdRand usage by systemd in the past has been prone to bugs.
- Various improvements to the Boot Loader Specification and various kernel-install improvements.
- A new set of service monitor environment variables are passed to the OnFailure/OnSuccess handlers.
- Units that were killed by systemd-oomd will now have a service result of oom-kill.
- Enabling more service settings to now also work with unprivileged user services.
- busctl now uses the pcapng format for output rather than pcap.
- New hardware database (HWDB) files for handheld devices annd A/V production devices.
- systemd-networkd .netdev files can now be used to create virtual WLAN devices.
- systemd-resolved will now start earlier in the boot process.
See the full list of changes and download the sources to this systemd 251 test build via GitHub.