Skip to content

systemd: v257.9 -> v258#427968

Merged
ElvishJerricco merged 11 commits intoNixOS:stagingfrom
ElvishJerricco:systemd-258
Oct 3, 2025
Merged

systemd: v257.9 -> v258#427968
ElvishJerricco merged 11 commits intoNixOS:stagingfrom
ElvishJerricco:systemd-258

Conversation

@ElvishJerricco
Copy link
Contributor

@ElvishJerricco ElvishJerricco commented Jul 24, 2025
edited by arianvp
Loading

Closes #441918

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 2.status: merge conflict This PR has merge conflicts with the target branch labels Jul 24, 2025
@LordGrimmauld LordGrimmauld mentioned this pull request Jul 28, 2025
Merged
13 tasks
@flokli flokli mentioned this pull request Aug 4, 2025
Open
3 tasks
philiptaron
philiptaron reviewed Aug 6, 2025
View reviewed changes
@flokli
Copy link
Member

flokli commented Sep 17, 2025

258 has been released!

@oxalica oxalica mentioned this pull request Sep 17, 2025
Merged
13 tasks
@andrevmatos
Copy link
Member

andrevmatos commented Sep 18, 2025

Can this go to staging before #440130, so it rebuilds only once?

@LordGrimmauld LordGrimmauld mentioned this pull request Sep 19, 2025
Merged
13 tasks
@ElvishJerricco ElvishJerricco mentioned this pull request Sep 20, 2025
Closed
53 tasks
@arianvp
Copy link
Member

arianvp commented Sep 21, 2025

Regression in journald has been reported here: systemd/systemd#39057

@schuelermine
Copy link
Contributor

schuelermine commented Sep 22, 2025

note that this is apparently fixing an IMO serious resolved problem systemd/systemd#38951

@arianvp arianvp mentioned this pull request Sep 22, 2025
Open
@ElvishJerricco ElvishJerricco changed the title WIP: systemd: v257.7 -> v258 WIP: systemd: v257.9 -> v258 Sep 25, 2025
@nixpkgs-ci nixpkgs-ci bot added 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. and removed 2.status: merge conflict This PR has merge conflicts with the target branch labels Sep 25, 2025
@philiptaron
Copy link
Contributor

philiptaron commented Sep 28, 2025

I've been trying to build my system with this PR. Notes so far:

colord has a build break in udevCheckPhase

/nix/store/jngkccy3ib1dg8pc9308aci7cz9zazw5-colord-1.4.6/lib/udev/rules.d/69-cd-sensors.rules:105 The line has no effect, ignoring.
/nix/store/jngkccy3ib1dg8pc9308aci7cz9zazw5-colord-1.4.6/lib/udev/rules.d/69-cd-sensors.rules: udev rules check failed.

@tlvince tlvince mentioned this pull request Sep 30, 2025
Closed
philiptaron added a commit to philiptaron/flock.nix that referenced this pull request Sep 30, 2025
@philiptaron
flake.nix: test out NixOS/nixpkgs#427968, aka systemd 258
de7f089
@ElvishJerricco
Copy link
Contributor Author

ElvishJerricco commented Oct 2, 2025

@philiptaron Looks like udevCheckHook needs the same --resolve-names=late treatment.

I'm putting on the last finishing touches and running the tests, once that's done I think this will be good to go.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 1001-2500 This PR causes many rebuilds on Darwin and should most likely target the staging branches. labels Oct 3, 2025
@ElvishJerricco
nixos/systemd-stage-1: Add dmi_memory_id
280f6ac 
It's unclear why we didn't get the error message about this binary not
existing before, because the udev rule requiring it has always been in
systemd initrd.
@ElvishJerricco
nixos/tests/machinectl: Slightly changed ID shift message
c9115a3
@ElvishJerricco
nixos/tests/systemd: Slightly changed IP accounting message
95ec87a
@Frontear
Copy link
Member

Frontear commented Oct 3, 2025

Do you think you could integrate the systemd-oomd change from this PR, as well as dropping the other After= dependency? Both were added to resolve a bug with upstream, but that's been fixed and merged with this systemd version.

@Frontear Frontear mentioned this pull request Oct 3, 2025
Closed
13 tasks
@Frontear
Copy link
Member

Frontear commented Oct 3, 2025

Oh whoops, I saw you already added a closed link to the other PR. I closed it before I noticed that.

@vcunat
Copy link
Member

vcunat commented Oct 3, 2025

FYI, I think tomorrow is the last day to merge if you want this in 25.11? Sources:

@arianvp
Copy link
Member

arianvp commented Oct 3, 2025
edited
Loading

journal-gatewayd fails to start up. Seems that the --trust flag is not supported when not linking with gnutls

https://github.com/systemd/systemd/blob/main/src/journal-remote/journal-gatewayd.c#L1197-L1200

vm-test-run-systemd-journal-gateway> client # [   17.549901] systemd[1]: Started Journal Gateway Service.
vm-test-run-systemd-journal-gateway> client # [   17.649900] systemd-journal-gatewayd[994]: Option --trust= is not available.
vm-test-run-systemd-journal-gateway> client # [   17.655780] systemd[1]: systemd-journal-gatewayd.service: Main process exited, code=exited, status=1/FAILURE
vm-test-run-systemd-journal-gateway> client # [   17.658722] systemd[1]: systemd-journal-gatewayd.service: Failed with result 'exit-code'.
vm-test-run-systemd-journal-gateway> client # [   17.661488] systemd[1]: systemd-journal-gatewayd.service: Start request repeated too quickly.
vm-test-run-systemd-journal-gateway> client # [   17.662462] systemd[1]: systemd-journal-gatewayd.service: Failed with result 'exit-code'.
vm-test-run-systemd-journal-gateway> client #   0     0    0     0    0  [   17.664753] systemd[1]: Failed to start Journal Gateway Service.
vm-test-run-systemd-journal-gateway> client # [   17.665378] systemd[1]: systemd-journal-gatewayd.socket: Failed with result 'service-start-limit-hit'.

I think this has to do with the removal of gnutls ?

I'm fine with dropping the option from the module

@arianvp

This comment was marked as outdated.

Sign in to view
@Frontear Frontear mentioned this pull request Oct 3, 2025
Closed
3 tasks
arianvp added 2 commits October 3, 2025 21:17
@arianvp
nixos/tests/systemd-initrd-luks-tpm2: Fix on aarch64-linux
4dd4e54 
Systemd wants you to run tpm unlock on a machine with the TCG
bits of OVMF enabled. If not it just bails out with

No TPM2 hardware discovered and EFI firmware does not see it either, falling back to traditional unlocking
@arianvp
systemd: remove systemd-lock-handler from passthru.tests
506887d 
it's not an official systemd thing and we're not the maintainers of it.
Also the test is broken. But that is not our problem
@arianvp
Copy link
Member

arianvp commented Oct 3, 2025

Alright I tested this on aarch64-linux and don't see any unexpected failing tests. This seems ready to go from my side

@ElvishJerricco ElvishJerricco merged commit 70ca21d into NixOS:staging Oct 3, 2025
29 of 32 checks passed
@timschumi timschumi mentioned this pull request Oct 16, 2025
Merged
13 tasks
@Ma27 Ma27 mentioned this pull request Oct 18, 2025
Open
13 tasks
@RossComputerGuy RossComputerGuy mentioned this pull request Oct 22, 2025
Merged
13 tasks
Ma27 added a commit to Ma27/nixpkgs that referenced this pull request Oct 22, 2025
@Ma27
nixos/test-driver: use vhost-device-vsock for SSH backdoor
1271c48 
`vhost-device-vsock`[1] is a custom implementation of AF_VSOCK, but the
application on the host-side uses a UNIX domain-socket. This gives us
the following nice properties:

* We don't need to do `--arg sandbox-paths /dev/vhost-vsock` anymore for
  debugging builds within the sandbox. That means, untrusted users can
  also debug these kinds of tests now.

* This prevents CID conflicts on the host-side, i.e. there's no need for
  using `sshBackdoor.vsockOffset` for tests anymore.

A big shout-out goes to Allison Karlitskaya, the developer of test.thing[2]
who talked about this approach to do AF_VSOCK on All Systems Go 2025.

This patch requires systemd 258[3] because this contains `vhost-mux` in
its SSH config which is needed to connect to the VMs from now on.

To not blow up the patches even more, this only uses AF_VSOCK for the
debugger. A potential follow-up for the future would be a removal of the
current `backdoor.service` and replace it entirely by this
functionality.

The internal implementation tries to be consistent with how VLANs and
machines are handled, i.e. the processes are started when the Driver's
context is entered and cleaned up in __exit__().

I decided to push the process management and creation of sockets for
vhost-device-vsock into its own class, that's an implementation detail
and not a concern for the test-driver. In fact, `vhost-device-vsock` is
something we can drop once QEMU implements native support for using
AF_UNIX on the host-side[4]. `VsockPair` is its own class since
returning e.g. a triple of `(Path, Path, Int)` would be ambiguous in
what is the guest and what the host path (and frankly, I found it hard
to distinguish the two when reading the docs of `vhost-device-vsock`
initially).

Finally, now that we can do the SSH backdoor without adding additional
devices to the sandbox, I figured, it's time to write a test-case for
it.

[1] https://github.com/rust-vmm/vhost-device/blob/main/vhost-device-vsock/README.md
[2] https://codeberg.org/lis/test.thing
[3] NixOS#427968
[4] https://gitlab.com/qemu-project/qemu/-/issues/2095
@benaryorg benaryorg mentioned this pull request Oct 23, 2025
Merged
13 tasks
@dniku dniku mentioned this pull request Dec 29, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philiptaron philiptaron philiptaron left review comments

@arianvp arianvp arianvp approved these changes

@flokli flokli Awaiting requested review from flokli

@aanderse aanderse Awaiting requested review from aanderse

@r-vdp r-vdp Awaiting requested review from r-vdp

@LordGrimmauld LordGrimmauld Awaiting requested review from LordGrimmauld

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 1001-2500 This PR causes many rebuilds on Darwin and should most likely target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@ElvishJerricco @flokli @andrevmatos @arianvp @schuelermine @philiptaron @Frontear @vcunat