Systemd developers are celebrating Halloween by releasing systemd 252.
Systemd 252 is out today as stable as the newest version of this dominant Linux init system. With systemd 252 there is the new systemd-measure command and many refinements throughout this continuously growing codebase. Some of the systemd 252 highlights include:
– systemd-measure has been added as a helper to precalculate PCR measurements to make it easier facilitating TPM2 policies.
– Systemd will set a “support-ended” taint flag if it detects the OS image is past its end-of-support date. This goes along with os-release gaining a new “SUPPORT_END=” field for specifying a date when the OS support is considered then unsupported.
– New settings of ConditionCredential= and AssertCredential= for skipping/failing units if a certain credential is not provided.
– DefaultDeviceTimeoutSec= can be used for specifying the default timeout for devices.
– A change to allow for more resource isolation between different user services competing for the CPU.
– Support with systemd for a full preset in the “first boot” condition rather than just enable-only.
– C.UTF-8 is now used as the default locale when nothing else is configured.
– New watchdog-related D-Bus properties are now published by systemd.
– The UEFI monotonic boot counter is now included in the random seed as additional entropy.
– Systemd boot support for booting in EFI mixed mode for a 64-bit kernel with 32-bit UEFI firmware is now supported.
– Improved detection of Parallels and KubeVirt virtualization.
– OpenSSL is now the default crypto back-end for systemd-resolved while GnuTLS is still supported.
– Systemd-repart now supports creating SquashFS partitions as well as dm-verity partitions.
– systemd-oomd now sends a “Killed” D-Bus signal when a cgroup is killed.
– For systemd on RISC-V, the riscv_flush_icache() system call is now added to the list of system calls allowed by default when engaging the “SystemCallFilter” option.
– Drop-ins are now allowed for transient units.
– systemd’s sd-stub will now use LoadImage / StartImage for executing the kernel. The sd-stub also now adds a temporary UEFI SecurityOverride to allow unsigned nested images to be booted.
– Various improvements to systemd-resolved made it in. Systemd-resolved now exposes a varlink socket for root at /run/systemd/resolve/io.systemd.Resolve.Monitor that provides processed DNS requests in a JSON format for any clients connected to this socket. Systemd’s resolvectl also now supports a “monitor” option to make use of this monitoring socket.
– Portablectl gained a “–force” flag for skipping certain sanity checks.
– systemd-udev will now create infiniband/by-path and infiniband/by-ibdev links for Infiniband devices.
– The mkosi config in systemd now has support for automatically compiling a kernel with a configuration suitable for systemd testing.
Downloads and more details on the systemd 252 release via GitHub.