Systemd developers are celebrating Halloween by releasing systemd 252.
Systemd 252 was released today as stable as the latest version of this dominant Linux init system. With systemd 252 comes the new systemd-measure command and many refinements to this ever-growing codebase. Some of the highlights of systemd 252 include:
– systemd-measure has been added as a helper to precompute PCR metrics to help facilitate TPM2 policies.
– Systemd will set a “support-end” tint flag if it detects that the OS image is past its end-of-support date. This goes hand in hand with os-release getting a new “SUPPORT_END=” field to specify a date when OS support is considered unsupported.
– New ConditionCredential= and AssertCredential= settings to ignore/fail units if a certain credential is not provided.
– DefaultDeviceTimeoutSec= can be used to specify the default timeout for devices.
– A change to allow greater isolation of resources between different user services competing for CPU.
– Support with systemd for full preset in “first boot” condition rather than just enable.
– C.UTF-8 is now used as the default locale when nothing else is configured.
– New watchdog-related D-Bus properties are now released by systemd.
– UEFI monotonous boot counter is now included in random seed as additional entropy.
– Systemd boot support for EFI mixed mode boot for 64-bit kernel with 32-bit UEFI firmware is now supported.
– Improved Parallels and KubeVirt virtualization detection.
– OpenSSL is now the default encryption backend for systemd resolution while GnuTLS is still supported.
– Systemd-repart now supports creating SquashFS partitions as well as dm-verity partitions.
– systemd-oomd now sends a D-Bus “Killed” signal when a control group is killed.
– For systemd on RISC-V, the riscv_flush_icache() system call is now added to the list of allowed system calls by default when enabling the “SystemCallFilter” option.
– Drop-ins are now allowed for transient units.
– systemd’s sd-stub will now use LoadImage / StartImage to run the kernel. The sd-stub also adds a temporary UEFI SecurityOverride to allow unsigned nested images to boot.
– Various improvements to systemd-resolved. Systemd-resolved now exposes a varlink socket for root at /run/systemd/resolve/io.systemd.Resolve.Monitor which provides processed DNS queries in JSON format for all clients connected to this socket. Systemd’s resolvectl also supports a “monitor” option to use this monitoring socket.
– Portablectl gained a “–force” flag for skipping some consistency checks.
– systemd-udev will now create infiniband/by-path and infiniband/by-ibdev links for Infiniband devices.
– The mkosi configuration in systemd now supports auto-compiling a kernel with a configuration suitable for systemd testing.
Downloads and more details on systemd version 252 via GitHub.
.
#systemd #released #systemdmeasure #improvements
