Systemd developers are celebrating Halloween by releasing systemd 252.
Systemd 252 is as stable as the newest version of this dominant Linux startup system today. With systemd 252, there is a new systemd-meas command and many improvements to this ever-growing code base. Some highlights of Systemd 252 include:
– Added systemd-measure as a helper to precalculate PCR measurements to facilitate TPM2 policies.
– Systemd will set the “end of support” blob flag if it detects that the OS image is past the end of support date. This goes hand-in-hand with an operating system release, along with the acquisition of a new “SUPPORT_END=” field to specify the date when operating system support is considered unsupported.
– New condition parameters ConditionCredential= and AssertCredential= for skip/fail units if no specified credential is provided.
– DefaultDeviceTimeoutSec= can be used to set the default timeout for devices.
– Change to allow more resource isolation between different user services competing for CPU.
– Support with systemd for full preinstallation on “first boot” rather than just enabling.
– C.UTF-8 is now used as the default language if nothing else is configured.
– New watchdog-related D-Bus properties are now published by systemd.
– UEFI monotone boot counter is now included in the random texture as additional entropy.
– System boot support for booting in EFI mixed mode for 64-bit kernel with 32-bit UEFI firmware is now supported.
– Improved detection of Parallels and KubeVirt virtualization.
– OpenSSL is now the default crypto for the system solution while GnuTLS is still supported.
– Systemd-repart now supports creating SquashFS partitions as well as dm-verity partitions.
– systemd-oomd now sends a “Killed” D-Bus signal when a group is killed.
– The riscv_flush_icache() system call for system on RISC-V is now added to the list of system calls allowed by default when enabling the “SystemCallFilter” option.
– Drops are now allowed for switch units.
– systemd’s sd-stub will now use LoadImage / StartImage to execute the kernel. SD-stub also now adds a temporary UEFI SecurityOverride to allow running unsigned nested images.
– Various improvements solved in the system made it. Systemd-resolved now exposes a varlink socket for root at /run/systemd/resolve/io.systemd.Resolve.Monitor and provides processed DNS queries in JSON format for any clients connected to this socket. Systemd’s solutionctl also now supports the “monitor” option to use this monitoring socket.
– Portablectl gained the “–force” flag to bypass certain sanity checks.
– systemd-udev will now create infiniband/by-path and infiniband/by-ibdev connections for Infiniband devices.
– The mkosi configuration in systemd now supports automatically compiling a kernel with a configuration suitable for system testing.
Downloads and more information about systemd release 252 GitHub.
