pid_eins

pid_eins, 6 months ago to random

Did you know you could control brightness of the red dot on the i of the "ThinkPad" on the top-side of your thinkpad? I sure didn't:

this turns it off:

echo 0 | sudo tee /sys/class/leds/tpacpi::lid_logo_dot/brightness

and this turns it on:

echo 255 | sudo tee /sys/class/leds/tpacpi::lid_logo_dot/brightness

I don't really know what this information is good for, but hey, isn't it awesome to have a 1px display on the outside of your laptop?

pid_eins, 1 month ago to random

PSA: In context of the xzpocalypse we now added an example reimplementation of sd_notify() to our man page:

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes

It's pretty comprehensive (i.e. uses it for reload notification too), but still relatively short.

In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial

pid_eins, 20 days ago to random

5️⃣ Here's the 5th installment of my series of posts highlighting key new features of the upcoming v256 release of systemd.

I am pretty sure all of you are well aware of the venerable "sudo" tool that is a key component of most Linux distributions since a long time. At the surface it's a tool that allows an unprivileged user to acquire privileges temporarily, from within their existing login sessions, for just one command, or maybe for a subshell.

"sudo" is very very useful, as it…

pid_eins, 1 month ago to random

Credit where credit is due! I'd really like to take a minute and thank Jia Tan how they helped us to finally get sd_notify() support merged into OpenSSH upstream!

https://bugzilla.mindrot.org/show_bug.cgi?id=2641

Thank you, Jia, you rock!

pid_eins, 6 months ago to random

I recently implemented a fun little feature for systemd: inspired by MacOS' "target disk mode", a tiny tool called systemd-storagetm, that exposes all local block devices as NVMe-TCP devices, as they pop up. The idea is that if available in your initrd you can just boot into that (instead of into your full OS), and can access your disks via NVMe-TCP (in case you wonder what that is: it's the new hot shit for exposing block devices over the network, kinda like iSCSI, NBD, …, but cool).

pid_eins, 1 year ago to random

Here's a fun new feature we are working on in systemd: userspace-only reboot. In order to reduce grey-out times on image-based OS updates to next to nothing we are making a reboot happen where kernel stays as it is, but userspace shuts down as usual, then possibly transitions into a new rootfs, and starts up again with an initial transaction as it would on a classic system boot. During the transition selected services can pass along their fds and listening sockets, to pass "live" resources…

pid_eins, 8 months ago to random

Reminder: we maintain a kernel feature wishlist here as part of the uapi group:

https://github.com/uapi-group/kernel-features

I just added a bunch of new entries to it (at the bottom). If you are looking for something to hack on (and have some kernel expertise, or would like to acquire it), would be more than excellent to work on those!

pid_eins, 6 months ago to random

So we merged this → https://github.com/systemd/systemd/pull/28891 into systemd today. I like to believe that this is a major step towards closing the "TPM gap" we have on Linux toward other OSes. It can automatically generate an automatic TPM2 PCR policy from various inputs covering the PCRs that generally are hard to predict by the OS vendor, i.e. things like local firmware versions, extension cards and so on. It stores this in an NV index in the TPM. Things like LUKS can then be locked against that NV index.

pid_eins, 6 months ago to random

Here's a little new project of mine:

https://github.com/poettering/diskomator

It's an mkosi-built OS-in-a-single-EFI-binary whose only job is to expose all local disks via NVMe-TCP. You can write it to an USB stick, or drop it in your ESP, and if you boot it, all block devices are exposed to the network. The suggested command line to connect to this disk is shown on screen.

This makes use of the systemd-storagetm service we added for systemd v255, as well as the esp output added in mkosi v19.

pid_eins, 3 months ago (edited 3 months ago) to random

I blogged. Or well, I actually didn't. I just posted a guest post by @daandemeyer on my blog, about the excellent developments in mkosi land:

https://0pointer.net/blog/a-re-introduction-to-mkosi-a-tool-for-generating-os-images.html

Enjoy!

pid_eins, 8 months ago to random

We recently added a new document to the systemd website focussing on one specific facet of the service manager: the fdstore. A concept that people should really use more to facilitate "seamless" service restarts and various other things. Please have a look:

https://systemd.io/FILE_DESCRIPTOR_STORE/

pid_eins, 7 months ago to random

LWN just posted @bluca's summary of the image-base Linux summit in Berlin. Enjoy:

https://lwn.net/SubscriberLink/946526/a1c7bb28c62c9667/

pid_eins, 19 days ago to random

6️⃣ Here's the 6th installment of my series of posts highlighting key new features of the upcoming v256 release of systemd.

In the 2nd installment of this series we have already discussed system and service credentials in systemd a bit. Quick recap: these are smallish blobs of data that can be passed into a service in a secure way, to parameterize, configure it, and in particular to pass secrets to it (passwords, PINs, private keys, …).

pid_eins, 10 days ago to random

1️⃣3️⃣ Here's the 13th installment of posts highlighting key new features of the upcoming v256 release of systemd.

ssh is widely established as the mechanism for controlling Linux systems remotely, both interactively and with automated tools. It not only provides means for secure authentication and communication for a tty/shell, but also does this for file transfers (sftp), and IPC communication (D-Bus or Varlink).

pid_eins, 4 months ago to random

Here's another little feature we scheduled for the next systemd release. Everyone knows SSH well, and it's great to connect to hosts remotely, and even do file transfer. It's probably the single most relevant way to talk to some host for administration and various other tasks. It's a bit fragile though: it requires networking, and that even if we talk to a local VM or full OS container. But precisely networking is one of the things you might want to administer via SSH, hence you have a cyclic…

pid_eins, 4 months ago to random

Here's a fun little thing we commited to systemd the other day: the concept of .v/ directories. What do we mean by that? Many of systemd's commands that take big resource files that are often versioned (e.g. a disk image file you could pass to sysemd-nspawn's --image= switch) now learnt a magic trick if you pass a path whose last component has the suffix ".v" and is a directory. If so, the tool will iterate through the dir's contents, do a version sort and automatically pick the newest version.

pid_eins, 8 months ago to random

Busy at the Image-Based Linux Summit, Berlin!

pid_eins, 4 days ago to random

1️⃣5️⃣ Here's the 15th installment of posts highlighting key new features of the upcoming v256 release of systemd.

systemd integrates with many components of the OS. Due to this it links against various external libraries. Generic distributions – which typically enable all features a package provides – usually have to deal with relatively large dependency trees in cases like this.

pid_eins, 1 month ago to random

A while back we started to turn many of the library dependencies of systemd from regular ELF dependencies (which you can explore with tools like lddtree or readelf -d … | grep NEEDED) into dlopen() deps, in order to minimize the dep footprint of systemd. The primary reason for this was to make it easier to build small disk images without optional components, in particular for the purpose of initrds or container deployments. Recently, another reason for doing this came into focus:

pid_eins, 5 months ago to random

Regular reminder that we maintain a kernel API wishlist here:

https://uapi-group.org/kernel-features/

It gains new requests all the time (scroll to the bottom), and we even managed to cross some items of the list already.

pid_eins, 13 days ago to random

1️⃣0️⃣ Here's the 10th installment of posts highlighting key new features of the upcoming v256 release of systemd.

You might be aware of systemd-sysext: a component of systemd that can overlay immutable disk images (DDIs) on top of /usr/, to extend it in a secure, and again, immutable fashion. It has a companion tool systemd-confext that does the same over /etc/.

pid_eins, 5 months ago to random

systemd v255 has just been tagged. We are now leaving the 8bit era, brace for v256 coming up next! https://lists.freedesktop.org/archives/systemd-devel/2023-December/049745.html

pid_eins, 2 days ago to random

Kernel breaking userspace episode nr. 43858262:

https://github.com/torvalds/linux/commit/a1912f712188291f9d7d434fba155461f1ebef66

Hacking around it:

https://github.com/systemd/systemd/pull/32892