systemd-255 (and udev from it)

[Xi Ruoyao]

New major version.

[Xi Ruoyao]

• A new component "systemd-storagetm" has been added that exposes all lock block devices as NVMe-TCP. This is a very nifty feature inspired by macOS with the new systemd Storage Target Mode.

• A new component "systemd-bsod" has been added to show logged error messages full-screen if they have a "LOG_EMERG" log level. This is intended as a tool for displaying emergency log messages full-screen on boot failures. Yes, BSOD in this case short for "Blue Screen of Death". This was worked on as part of Outreachy 2023. The systemd-bsod will also display a QR code for getting more information on the error causing the boot failure.

• There's been an overhaul to the way systemd services are spawned. Rather than forking the process that shared all of the manager's memory via CoW before exec'ing the target executable, the new process is now spawned using CLONE_VM and CLONE_VFORK via posix_spawn().

• A "systemd-pcrlock" has been added that allows managing local TPM2 PCR policies for PCRs 0-7 and similar.

• A new "systemd-vmspawn" tool has been added that provides for VMs the same interfaces and functionality that systemd-nspawn provides for containers. The systemd-vmspawn tool uses QEMU as its back-end. For systemd 255, systemd-vmspawn is experimental.

• A new "varlinkctl" tool has been added to allow interfacing with Varlink services.

• SECCOMP now supports the LoongArch 64-bit CPU architecture.

• Systemd's bootctl will now show whether the system was booted from a Unified Kernel Image (UKI).

• systemd-boot has new hotkeys of "B" to reboot and "O" to poweroff from the boot menu.

• Most internal process tracking is now using PIDFDs rather than PIDs when running on a supported kernel.

• systemctl will now automatically soft-reboot into a new root file-system if found under /run/nextroot/ when a reboot operation is invoked.

• A new option "SurveFinalKillSignal" has been added to skip the final SIGTERM/SIGKILL spree on shutdown in order to survive soft-reboot operation.

• A new "ConditionSecurity=measured-uki" option for only running when the system has been booted via a measured Unified Kernel Image (UKI).

• TPM measurements are now written to an event log at /run/log/systemd/tpm2-measure.log.

• Support for split-usr has been removed.

• Support for System V service scripts has been deprecated and will be removed in the future.

• A variety of systemd TPM(2) improvements.

• Hibernation into swap files backed by Btrfs are now supported.

[Xi Ruoyao]

DEPRECATION: Option 'homed' value 'false' is replaced by 'disabled'
DEPRECATION: Option 'pam' value 'true' is replaced by 'enabled'

So we should change the LFS and BLFS instruction for them.

[Xi Ruoyao]

The systemd-ukify script needs the pefile Python module, and it's not in BLFS. This causes two test failures.

So we should disable ukify in both LFS and BLFS, and list pefile as an external dependency.

[Xi Ruoyao]

On BLFS with ukify disabled:

Ok:                 1209
Expected Fail:      0   
Fail:               0   
Unexpected Pass:    0   
Skipped:            18  
Timeout:            0   

Now rebooting and hoping the system won't blow up...

[Xi Ruoyao]

Replying to Xi Ruoyao:

Now rebooting and hoping the system won't blow up...

Back. Nothing wrong observed so far.

[Xi Ruoyao]

I've uploaded ​https://anduin.linuxfromscratch.org/LFS/systemd-man-pages-255.tar.xz.

The files and directories in this tarball are owned by 0:0, so we can remove the --no-same-owner option in tar command extracting this tarball (if we want).

[jlocash]

For the sysvinit side of this which only builds udev from it, not everything is getting built. The udev plugins ata_id, cdrom_id, dmi_memory_id, fido_id, iocost, mtd_probe, scsi_id, and v4l_id don't get built.

I worked around it by adding "ata_id cdrom_id dmi_memory_id fido_id iocost mtd_probe scsi_id v4l_id" to the ninja command. Those binaries will no longer be in src/udev but in the build directory.

[rahul]

Just updated my workstation to 255, seems to be working fine and all the tests passed for me as well (Intel). I didn't test sysv though as I don't have a system to test with as of right now.

[Xi Ruoyao]

Fixed at r12.0-116-g9afac649f.