It helps nobody to break compatibility for a missing definition
for printing an error.
Just add the missing definition if not present, as it is already
done for thousands of others from the kernel, glibc, etc.
This partially reverts commit d8b60944f5.
Major distributions already have libfido2 >= 1.12.0.
Let's bump the required minimum version to 1.5.0, which provides
FIDO_ERR_UV_BLOCKED.
Note, libfido2 1.5.0 was released on 2020-09-01.
See also #38608.
Most compat glue has been already removed, except for several cgroup v1
specific codes. It is too late to remove the remaining things before v258.
Let's remove them after v258.
We require at least crypt_r() exists, and it is provided since glibc-2.0
(and dropped in glibc-2.39) or by libxcrypt, and the function is
provided in crypt.h regardless it is provided by glibc or libxcrypt.
Hence, we cannot fallback to unistd.h.
This makes the condition about crypt.h more strict, and stop compilation
earlier when crypt.h does not exist.
The commit 8442ac9c02 set
install_tag option to install_emptydir() calls, but it requires
meson-0.62.0. Hence, after the commit, we cannot build systemd
with older meson anymore. As using install_tag is quite useful
for building systemd package, let's bump the requirement of
meson version to 0.62.0.
Note, the current meson versions of major distributions are:
CentOS 9: 0.63.3
CentOS 10: 1.4.1
Fedora 40: 1.4.1
Fedora 41: 1.5.1
Ubuntu 20.04 LTS (focal): 0.53.2 -- EOL on 2025-04
Ubuntu 22.04 LTS (jammy): 0.61.2 -- EOL on 2027-04
Ubuntu 24.04 LTS (noble): 1.3.2
Ubuntu 24.10 (oracular): 1.5.2
Debian 11 (bullseye): 0.56.2 (1.0.0 in backports) -- EOL on 2024-08
Debian 12 (bookworm): 1.0.1 (1.5.1 in backports)
openSUSE Leap 15.6: 1.6.1
openSUSE Tumbleweed: 1.6.1
As the next version (v258) is not expected to be released before
the end of 2025-04, it is OK to cut the support of Ubuntu 20.04 LTS and
Debian 11. Also, our policy for support of distributions explicitly says
only latest Ubuntu LTS and non-LTS releases are supported.
Hence, we can also cut Ubuntu 22.04, even if it is not EOL.
Follow-up for 8442ac9c02.
Closes#35967.
The current glibc versions used by major distributions:
CentOS 9: 2.34
CentOS 10: 2.39
Fedora 40: 2.39
Fedora 41: 2.40
Fedora 42: 2.41
Ubuntu 20.04 LTS (focal): 2.31
Ubuntu 22.04 LTS (jammy): 2.35
Ubuntu 24.04 LTS (noble): 2.39
Ubuntu 24.10 (oracular): 2.40
Debian 11 (Bullseye, oldstable): 2.31
Debian 12 (Bookworm, stable): 2.36
openSUSE SLE-15-SP6: 2.38
openSUSE Tumbleweed: 2.40
Hence, based on our supporting policy, we can bump the base line to 2.31.
This commit does not change anything on our source code. But, will drop
many workarounds for supporting older glibc in later commits.
Since kernel v4.17 (1b71af6053af1bd2f849e9fda4f71c1e3f145dcf), the
attribute is always set in each netlink message for routing policy rule.
Now, our base line is v5.4. Hence, we can drop the workaround.
Added in 6140be90ec
However, when O_PATH fds are encountered we'd have to go by
/proc/self/fd/ still, since the kernel people are reluctant
to make the new syscalls work with them
(https://lore.kernel.org/linux-fsdevel/20250206-steril-raumplanung-733224062432@brauner/)
Hence getxattrat() and listxattrat() are not employed.
While at it, remove the discrepancy between path being NULL
and empty - I don't grok the "security issue" claimed earlier,
but nowadays even the kernel treats the two as identical:
e896474fe4
Enforce the quota on these two tmpfs at the same place where we mount
the per-user $XDG_RUNTIME_DIR. Conceptually these are very similar
concepts, and it makes sure to enforce the limits at the same place with
the same lifecycle.
As requested, a list of kernel version to feature mapping
for kernels older than minimum baseline is also included,
in order to ease potential backport work.
- Make fd_is_namespace() take NamespaceType
- Drop support for kernel without NS_GET_NSTYPE (< 4.11)
- Port is_our_namespace() to namespace_open_by_type()
(preparation for later commits, where the latter
would go by pidfd if available, avoiding procfs)
Plus, linux/random.h never defined getrandom(), hence remove
the custom machinery for sys/random.h vs linux/random.h
in favor of single HAVE_GETRANDOM.
The current fallback path is actually unreliable, given
the kernel *supports* setting the resume offset through
cmdline after all, but just not exposed under /sys/.
For v258 let's drop it hence.
I didn't bump the baseline to 4.17, but merely documented
new requirement in README, because there's certainly more
compat stuff to drop between 4.3 and 4.17, and README is
a useful list for things to kill. We'll get to 5.4 eventually.
Let's bump the kernel baseline a bit to 4.3 and thus require ambient
caps.
This allows us to remove support for a variety of special casing, most
importantly the ExecStart=!! hack.
In 2014, systemd started choosing fq_codel as the default_qdisc in order to fight internet bufferbloat.
e6c253e363fa98c99ea7
While the subsequent change made this change no longer trigger warnings if fq_codel wasn't present, it is still recommended to have this enabled. Add the necessary kernel configuration to the documentation.
We already use __VA_OPT__ in multiple places, which was introduced in
gcc 8 [0], so let's bump the baseline to reflect that. I chose gcc 8.4,
as that was the lowest 8.x version I could easily get my hands on when I
verified this (on Ubuntu Focal with the gcc-8 package).
Closes: #31191
[0] https://gcc.gnu.org/gcc-8/changes.html
Let's replace the "compat" module in our proposed nsswitch.conf
configuration with "files", since it is not 1995 anymore.
Fedora and other distros have deprecated and removed NIS support a while
back. While others still retain some support I am not sure we should
advertise it in our examples. Downstream can of course still use
"compat" instead of "files" if they want to, but let's not confuse
people who don't care about NIS anymore with this.
Also, bring the nsswitch.conf snippet in README in line with what our
man pages say.
Also see: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
static versions of libsystems.so are not really supportable, and
encourages mix&match which we cannot really support. Make the wording
about this stronger in the README, since people apparently don'd read to
the last paragraph.
