systemd v249

[andir]

Motivation for this change

This updates to the latest version of systemd. I'll target staging with this as soon as testing confirms that it is good. I don't want to deal with the typical staging issues just now while working on this.

Things done

• switched my local NixOS to this PR
• write a changelog entry

[happysalada]

The error looks like it's coming from here

  procps = if stdenv.isLinux
    then callPackage ../os-specific/linux/procps-ng { }
    else unixtools.procps;

on non linux systems you can't call procps with the override.

I wonder why the ci is trying to build this for non-linux environments.

[andir]

Just to document the current status: Bootup of graphical targets works but without graphical.target being the default multi-user.target is never reached. I'll have to spawn a VM with proper serial configuration outside of our NixOS test runners to debug this properly. Hopefully this weekend will be sufficient to find a solution to the actual issue.

[andir]

Ok, so with 4912e82 we are able to build the small NixOS test set. Next step is to cleanup the history a bit and propose that patch (in a cleanup fashion) to upstream for at least commenting on it.

[delroth]

Other than the small nit I noted, LGTM for the tpm2-tss changes. Have not reviewed the rest.

[berbiche]

#134919
Would it be possible to add the option above to the networkd link section definition?

Sorry if this comment is noise, feel free to hide it.

[andir]

@ofborg eval

[andir]

#134919
Would it be possible to add the option above to the networkd link section definition?

Sorry if this comment is noise, feel free to hide it.

I would rather not make the scope of this any bigger. We can have a look at that PR separate from this.

[andir]

It appears like we have a couple of failures with the newer systemd version:

https://hydra.nixos.org/eval/1698173?filter=tests.systemd-&compare=1697597&full=

• tests.systemd-confinement.{aarch64,x86_64}-linux: https://hydra.nixos.org/build/150447115 https://hydra.nixos.org/build/150446950
• tests.systemd-journal.{aarch64,x86_64}-linux: https://hydra.nixos.org/build/150446897 https://hydra.nixos.org/build/150446721
  This seems to be due to our dlopen patching not properly working anymore:

$ strace -e openat -- journalctl --grep foo
...
openat(AT_FDCWD, "/nix/store/g53fspaj03xks0zrknm4vbng04rcl5b1-acl-2.3.1/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/pnw32sjmxaa2xjslync7gv3lyfppyd7x-kmod-27/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/wkbsmc5knp24k7y9cxhxpbcgg35bn4dg-libcap-2.49-lib/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/6dgsawl7pacs0am4cjnwb0v8c13j2k3i-libgcrypt-1.9.3/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/7f4kkyb17fi2rphs1q2053885v809zp6-util-linux-2.36.2/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/i2hdyv1slrsgyygys8zjb4q0ydq2ycr2-linux-pam-1.5.1/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/79lh7p2jjwqimzwksnpaclc3zj42zqda-openssl-1.1.1k/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/m6b9770145k2djc0pvqb6rvrfz037d4g-lz4-1.9.3/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/3yikygrl534kvcdn8nrdywwjzzq5rj3q-xz-5.2.5/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/zxhhzd7x9iv9vd409h1mrr1acpc12k85-libseccomp-2.5.1-lib/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/5n2n8n23578d0rkmn53k194yvhi3znd0-iptables-1.8.7/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/cvr0kjg2q7z2wwhjblx6c73rv422k8cm-glibc-2.33-47/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/cvr0kjg2q7z2wwhjblx6c73rv422k8cm-glibc-2.33-47/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/nix/store/cvr0kjg2q7z2wwhjblx6c73rv422k8cm-glibc-2.33-47/lib/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

• tests.systemd-boot.aarch64-linux: https://hydra.nixos.org/build/150447165

There are a few more test failures that either look unrelated or are just some weird corner cases: https://hydra.nixos.org/eval/1698173?filter=&compare=1697597&full=1

[happysalada]

There seems to be the following

                                          dhcpcd[877]: Failed to reload-or-try-restart ntpd.service: Unit ntpd.service not found.
machine # [   14.331703] dhcpcd[877]: Failed to reload-or-try-restart openntpd.service: Unit openntpd.service not found.
machine # [   14.341690] dhcpcd[877]: Failed to reload-or-try-restart chronyd.service: Unit chronyd.service not found.

perhaps not important at all.

In the confinement logs there is also the
systemd[906]: Failed to create directory at /var/empty/usr: Operation not permitted
(which seems to be the cause of the failure, or at least it's the last message that comes before the failure)

Feel free to ignore those if you think they can be skipped.

[andir]

This should definitely target staging. I know that staging cycles are slow but restarting the current one will just slow it down overall.

It was never about restarting the staging cycle. As I expressed in the staging matrix channel the intention was to have a staging cycle where this doesn't get bundled up with tons of stdenv, glibc, binutils, bash, ... changes that just make it painful to figure out why things a breaking.

I've rebased this onto staging now. I didn't test if this still works as I'm tired of rebuilding everything for days. Feel free to merge whenever you feel like it.

[vcunat]

The separate systemd-only cycle might still happen, due to darwin overload and builtins.fetchurl not getting fixed timely on the farm, but perhaps the conditions will change or a better idea will come.

[Izorkin]

Found warning on systemlog:

/nix/store/69fq5zlibddvbx46km0xcn0y3li1bnqf-systemd-249.4/lib/udev/rules.d/50-udev-default.rules:42 Unknown group 'sgx', ignoring

cat /nix/store/69fq5zlibddvbx46km0xcn0y3li1bnqf-systemd-249.4/lib/udev/rules.d/50-udev-default.rules

...
SUBSYSTEM=="misc", KERNEL=="sgx_enclave", GROUP="sgx", MODE="0660"
...