Linux News

systemd 250 improves credential support and makes it easier to migrate home

Share on Facebook Share on Twitter Pinterest LinkedIn Tumblr

systemd 250 it is already among us as the new version of init, framework system or system manager that has established itself as one of the most essential components of the Linux ecosystem, starting with most of the most popular distributions. Once again, we find a very large number of changes and news, which, apart from being complex, cover many areas.

systemd 250 added support for encrypted and authenticated credentials. This can be a key stored in ‘/ var’ or a TPM2 chip in the system whereby the credentials will be decrypted automatically when the corresponding service starts. On the other hand, a tool called ‘systemd-creds’ has been incorporated to manage credentials and that can be used for SSL certificates, passwords and similar data.

Specification of GPT partition detection has been extended with support for root (/) and ‘/ usr’ partitions on most systemd supported architectures, while ‘systemd-logind’ has a new setting for long press of the system start, restart and sleep buttons. From now on, if the user wishes, long presses of more than 5 seconds can be configured to logind.

Another new systemd 250 setting is ‘RestrictFileSystems =’, which allows you to restrict the file systems that a service can access based on their type. The per-user services manager now supports communicating with ‘systemd-oomd’ to learn out of memory removal information and several enhancements have been made to the TPM 2.0 platform module support.

Continuing with more news from systemd 250, we have the addition of new hardware databases for signal analyzers and cameras. A new unit for ‘systemd-boot-update.service’ has been added when using the ‘sd-boot’ loader to ensure that the boot loader remains up-to-date and propagates automatically from the operating system tree information in ‘ / usr ‘.

One of the most important new features of systemd 250 is the support to facilitate user directory migration between systems when using ‘systemd-homed’, a component that now uses UID mapped mounts on kernels or filesystems where files are owned by “nobody” and then maps to the UID used locally on the system. This facilitates the migration of user directories between systems by not having to recursively change the owner (chown -R / home / directoryususer).

Following a decision made by Fedora makers, ‘systemd-homed’ now uses Zstd compression over Btrfs by default for user areas. Initial support for LoongArch has also been included and ‘systemd-journald’ re-enables write copy for journal files on supported file systems.

The framework As of this release, the system can load credentials from ‘/loader/credentials/*.cred’ for things like SSH keys, rootfs encryption keys, dm integrity keys (dm-integrity), etc. Since they are not designed to be kernel or initrd specific, they should be loaded with any kernel image.

systemd 250 has incorporated a BCD (Boot Configuration Data) parser for the boot data used by Windows from Vista version. On the other hand, the systemd network generator supports link6 network configuration to have link-local connectivity over IPv6.

Since this release statically linked builds are allowed for ‘bootctl’ and ‘systemd-bless-boot’ using the new option ‘-Dlink-boot-shared = false’. The addition of this support has been pushed by the developers of CentOS / RHEL 9, systems that have a full systemd stack with the exception of ‘bootctl’ and ‘systemd-bless-boot’. Lastly, ‘systemd-network-generator’ is now enabled by default.

systemd 250 can be obtained if one is willing to go through the tortuous process of compiling the source code. As an easier alternative route, you can resort to some distribution rolling release Y bleeding edge like Arch Linux, which you should get to in a matter of time if you haven’t already. Nevertheless, updating this component is seldom critical, especially on desktop systems where the user rarely interacts directly with it. Those who want to know all the details can consult the changelog posted to GitHub releases.

Write A Comment

Exit mobile version