The commit 8442ac9c02 set
install_tag option to install_emptydir() calls, but it requires
meson-0.62.0. Hence, after the commit, we cannot build systemd
with older meson anymore. As using install_tag is quite useful
for building systemd package, let's bump the requirement of
meson version to 0.62.0.
Note, the current meson versions of major distributions are:
CentOS 9: 0.63.3
CentOS 10: 1.4.1
Fedora 40: 1.4.1
Fedora 41: 1.5.1
Ubuntu 20.04 LTS (focal): 0.53.2 -- EOL on 2025-04
Ubuntu 22.04 LTS (jammy): 0.61.2 -- EOL on 2027-04
Ubuntu 24.04 LTS (noble): 1.3.2
Ubuntu 24.10 (oracular): 1.5.2
Debian 11 (bullseye): 0.56.2 (1.0.0 in backports) -- EOL on 2024-08
Debian 12 (bookworm): 1.0.1 (1.5.1 in backports)
openSUSE Leap 15.6: 1.6.1
openSUSE Tumbleweed: 1.6.1
As the next version (v258) is not expected to be released before
the end of 2025-04, it is OK to cut the support of Ubuntu 20.04 LTS and
Debian 11. Also, our policy for support of distributions explicitly says
only latest Ubuntu LTS and non-LTS releases are supported.
Hence, we can also cut Ubuntu 22.04, even if it is not EOL.
Follow-up for 8442ac9c02.
Closes#35967.
The current glibc versions used by major distributions:
CentOS 9: 2.34
CentOS 10: 2.39
Fedora 40: 2.39
Fedora 41: 2.40
Fedora 42: 2.41
Ubuntu 20.04 LTS (focal): 2.31
Ubuntu 22.04 LTS (jammy): 2.35
Ubuntu 24.04 LTS (noble): 2.39
Ubuntu 24.10 (oracular): 2.40
Debian 11 (Bullseye, oldstable): 2.31
Debian 12 (Bookworm, stable): 2.36
openSUSE SLE-15-SP6: 2.38
openSUSE Tumbleweed: 2.40
Hence, based on our supporting policy, we can bump the base line to 2.31.
This commit does not change anything on our source code. But, will drop
many workarounds for supporting older glibc in later commits.
Since kernel v4.17 (1b71af6053af1bd2f849e9fda4f71c1e3f145dcf), the
attribute is always set in each netlink message for routing policy rule.
Now, our base line is v5.4. Hence, we can drop the workaround.
Added in 6140be90ec
However, when O_PATH fds are encountered we'd have to go by
/proc/self/fd/ still, since the kernel people are reluctant
to make the new syscalls work with them
(https://lore.kernel.org/linux-fsdevel/20250206-steril-raumplanung-733224062432@brauner/)
Hence getxattrat() and listxattrat() are not employed.
While at it, remove the discrepancy between path being NULL
and empty - I don't grok the "security issue" claimed earlier,
but nowadays even the kernel treats the two as identical:
e896474fe4
Enforce the quota on these two tmpfs at the same place where we mount
the per-user $XDG_RUNTIME_DIR. Conceptually these are very similar
concepts, and it makes sure to enforce the limits at the same place with
the same lifecycle.
As requested, a list of kernel version to feature mapping
for kernels older than minimum baseline is also included,
in order to ease potential backport work.
- Make fd_is_namespace() take NamespaceType
- Drop support for kernel without NS_GET_NSTYPE (< 4.11)
- Port is_our_namespace() to namespace_open_by_type()
(preparation for later commits, where the latter
would go by pidfd if available, avoiding procfs)
Plus, linux/random.h never defined getrandom(), hence remove
the custom machinery for sys/random.h vs linux/random.h
in favor of single HAVE_GETRANDOM.
The current fallback path is actually unreliable, given
the kernel *supports* setting the resume offset through
cmdline after all, but just not exposed under /sys/.
For v258 let's drop it hence.
I didn't bump the baseline to 4.17, but merely documented
new requirement in README, because there's certainly more
compat stuff to drop between 4.3 and 4.17, and README is
a useful list for things to kill. We'll get to 5.4 eventually.
Let's bump the kernel baseline a bit to 4.3 and thus require ambient
caps.
This allows us to remove support for a variety of special casing, most
importantly the ExecStart=!! hack.
In 2014, systemd started choosing fq_codel as the default_qdisc in order to fight internet bufferbloat.
e6c253e363fa98c99ea7
While the subsequent change made this change no longer trigger warnings if fq_codel wasn't present, it is still recommended to have this enabled. Add the necessary kernel configuration to the documentation.
We already use __VA_OPT__ in multiple places, which was introduced in
gcc 8 [0], so let's bump the baseline to reflect that. I chose gcc 8.4,
as that was the lowest 8.x version I could easily get my hands on when I
verified this (on Ubuntu Focal with the gcc-8 package).
Closes: #31191
[0] https://gcc.gnu.org/gcc-8/changes.html
Let's replace the "compat" module in our proposed nsswitch.conf
configuration with "files", since it is not 1995 anymore.
Fedora and other distros have deprecated and removed NIS support a while
back. While others still retain some support I am not sure we should
advertise it in our examples. Downstream can of course still use
"compat" instead of "files" if they want to, but let's not confuse
people who don't care about NIS anymore with this.
Also, bring the nsswitch.conf snippet in README in line with what our
man pages say.
Also see: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
static versions of libsystems.so are not really supportable, and
encourages mix&match which we cannot really support. Make the wording
about this stronger in the README, since people apparently don'd read to
the last paragraph.
libpython was added in 2cc86f094a, it seems
because of python-systemd module that we built. But libpython by itself
is not enough for actual python programs, and now we also list python itself,
so let's drop libpython from the list.
meson requires >= 3.7. We have CI that runs on CentOS8 with Python 3.6, but
let's not provide official support for an EOL Python version. Individual
distributions can provide backports, but we don't need to mention that in
the user-facing docs. According to [1], 3.7 is on life support and 3.6 is EOL.
[1] https://devguide.python.org/versions/
This adds back sd-boot builds by using meson compile targets directly.
We can do this now, because userspace binaries use the special
dependency that allows us to easily separate flags, so that we don't
pass anything to EFI builds that shouldn't be passed.
Additionally, we pass a bunch of flags to hopefully disable/override any
distro provided flags that should not be used for EFI binaries.
Fixes: #12275
This drops all mentions of gnu-efi and its manual build machinery. A
future commit will bring bootloader builds back. A new bootloader meson
option is now used to control whether to build sd-boot and its userspace
tooling.
Most of the support for valgrind was under HAVE_VALGRIND_VALGRIND_H, i.e. we
would enable if the valgrind headers were found. The operations then we be
conditionalized on RUNNING_UNDER_VALGRIND.
But in a few places we had code which was conditionalized on VALGRIND, i.e. the
config option. I noticed because I compiled with -Dvalgrind=true on a machine
that didn't have valgrind.h, and the build failed because
RUNNING_UNDER_VALGRIND was not defined. My first idea was to add a check that
the header is present if the option is set, but it seems better to just remove
the option. The code to support valgrind is trivial, and if we're
!RUNNING_UNDER_VALGRIND, it has negligible cost. And the case of running under
valgrind is always some special testing/debugging mode, so we should just do
those extra steps to make valgrind output cleaner. Removing the option makes
things simpler and we don't have to think if something should be covered by the
one or the other configuration bit.
I had a vague recollection that in some places we used -Dvalgrind=true not
for valgrind support, but to enable additional cleanup under other sanitizers.
But that code would fail to build without the valgrind headers anyway, so
I'm not sure if that was still used. If there are uses like that, we can
extend the condition for cleanup_pools().
