systemd: 254.6 -> 255.2

[nikstur]

Description of changes

• Enable password quality by default. We could have done this a long time ago via libpwquality. systemd only introduced passwdqc as an alternative over libpwquality in v254, but it still prefers libpwquality.
• Enable qrencode by default. This also enables building systemd-bsod.
• Convert mesonFlags to use lib.meson* options to remove deprecation warnings and reorganize them.
• Enable vmspawn by default (this is a new experimental component in v255)

Upstream Changelog: https://github.com/systemd/systemd/releases/tag/v255

I discussed with @RaitoBezarius about creating a new systemd-next attribute that contains the release candidate of the next systemd release. Although I agree with him that this attribute would make testing easier, I think it will be a lot of work to maintain both versions.

For this release I decided against the systemd-next route. But I would want to pursue this for the next systemd release since I have been convinced that the benefits outweigh the costs.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[SuperSandro2000]

Although I agree with him that we need this attribute for better testing I think it will be a lot of work to maintain both versions.

Normally we do not add prerelease versions exactly because of this reason unless the last release is really far in the past. Also see the recent removal of chromium/chrome dev/beta.

[RaitoBezarius]

My belief is that we have 4-5 systems maintainers around here, it's not the same as chromium.

systemd is also on the critical path.

Also, we have the option to not make this built by Hydra either case.

[lilyinstarlight]

Shouldn't this target staging?

[ElvishJerricco]

I haven't built this myself yet to check, but the release notes for systemd 255 say that systemd-cryptsetup was moved to $out/bin, so we'll have to update the path that's pulled from in systemd stage 1.

[nikstur]

Shouldn't this target staging?

It should.

For early testing, however, targeting master is easier because more things are cached afaik.

If we go the systemd-next route, we can merge this into master.

[nikstur]

Now targets staging. I will not pursue the systemd-next route for this release but I am interested in doing it for the next release.

[nikstur]

I'm currently testing this on my machine. I created a branch that bases these changes on nixos-unstable so it is easier to generate a patch set that applies cleanly: https://github.com/nikstur/nixpkgs/tree/systemd-255-unstable

You can use this to test locally.

[ElvishJerricco]

@nikstur This is looking good to me. Let's merge this very soon. But first, can we bump to 255.2?

[nikstur]

But first, can we bump to 255.2?

Done

Changes of the last force push:

• Use finalAttrs to refer to the qrencode package instead of pulling it in as a callPackage input
• Inlcude the timesync patch that was on staging and now has reached master

[nikstur]

I don't understand why the ofborg Check whether nix files are parseable job fails. Can someone help me out here?

[wahjava]

I don't understand why the ofborg Check whether nix files are parseable job fails. Can someone help me out here?

| jq '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \

in the preceding step of the task outputs quoted file names, e.g. "nixos/modules/system/boot/luksroot.nix" which are passed to nix-instantiate verbatim. To reproduce:

❯ file='"nixos/modules/system/boot/luksroot.nix"'
❯ foo="$(nix-instantiate --parse "$file")"
error: path '/nixpkgs/"nixos/modules/system/boot/luksroot.nix"' does not exist

For a fix, s/jq/jq -r/

[nikstur]

Ah ok, so this has nothing to do with my changes. This commit fixes it on master: 2ccf45e

This commit probably won't reach stagin anytime soon. So it should be safe to ignore it.

[SuperSandro2000]

I tested 255.0 on WSL2 without any issues.

[RaitoBezarius]

Once CI is green, I will merge.

[JohnRTitor]

Looks like systemd-bsod support was part of the v255 release, and v256 is around the corner, but I don't see a module/option to enable this feature. Am I missing something or this feature is not yet available on NixOS?

[arianvp]

Contributions welcome. We don't enable all systemd features by default.