systemd 251 Nears Release With Last Planned Test
There have been nearly 2,500 commits for systemd 251 and it's gearing up for release quite soon. There have been a number of fixes, several systemd-resolved updates, fuzzing updates, hardware database (hwdb) additions, and other maintenance items to land in the week since systemd 251-rc2.
Recapping from my earlier articles on systemd 251, the main highlights with this new version include:
- A new component "systemd-sysupdate" has been added that automatically discovers / downloads / installs A/B style updates for the host installation itself or container images / portable service images. Systemd-sysupdate is currently considered experimental. This OS updating tool has been worked on by Red Hat / systemd developers going back to last summer.
- Systemd 251 changes the default C standard version to C11 with GNU extensions (GNU11) though their public API headers have been limited still to C89.
- All kernels supported by systemd will now mix the RdRand instruction output (or other CPU random ISA extensions) into the entropy pool at early boot. This will mean even if /dev/urandom is not initialized, it will still return bytes that had at least as of high quality as RdRand. In turn, systemd no longer needs to invoke RdRand directly itself. RdRand usage by systemd in the past has been prone to bugs.
- Various improvements to the Boot Loader Specification and various kernel-install improvements.
- A new set of service monitor environment variables are passed to the OnFailure/OnSuccess handlers.
- Units that were killed by systemd-oomd will now have a service result of oom-kill.
- Enabling more service settings to now also work with unprivileged user services.
- busctl now uses the pcapng format for output rather than pcap.
- New hardware database (HWDB) files for handheld devices annd A/V production devices.
- systemd-networkd .netdev files can now be used to create virtual WLAN devices.
- PID 1 will now automatically pick up system credentials from QEMU's fw_cfg interface. This is a means of passing arbitrary data into VM systems similar to what can be currently done with systemd-nspawn containers. Initially the "systemd.set_credential=" kernel command line is the anticipated use-case when paired with VMs using the systemd-stub UEFI stub.
- The LoadCredential= option will now automatically search for credentials to import in the /etc/credstore/, /run/credstore/, /usr/lib/credstore/ directories if no or a relative source filename is passed. From the docs, "The idea is that these directories are now the recommended system-wide location to place credentials for automatic pick-up by services in."
- Generators invoked by PID 1 will now have several environment variables added: $SYSTEMD_SCOPE, $SYSTEMD_IN_INITRD, $SYSTEMD_ARCHITECTURE, $SYSTEMD_FIRST_BOOT, and $SYSTEMD_VIRTUALIZATION.
- Block devices will now get a new set of device symlinks in /dev/disk/by-diskseq/[nr], which may be used to reference block device nodes via the kernel's "diskseq" value. This relates to the Linux 5.15 introduced change for systemd and brought up by Microsoft engineers as well for a global counter on block/disk changes.
- The systemd-creds tool now has a "has-tpm2" verb for indicating if a functioning TPM 2.0 module is available.
Systemd 251-rc3 is now available for testing via GitHub while the stable release should be out quite soon.