systemd (256~rc3-3) unstable; urgency=medium

  - /tmp/ is now by default a tmpfs, via the tmp.mount unit provided upstream.
    The old default setup can be retained simply by masking the unit locally
    with (do not do this if you are defining /tmp/ manually in /etc/fstab):

    systemctl mask tmp.mount

    or:

    touch /etc/systemd/system/tmp.mount

    It is recommended to check /tmp/ for any leftover files before rebooting
    after installing this update and manually cleaning up, as the directory
    will longer be cleaned up automatically on boot, as it is overmounted. It
    is always possible to remount the root filesystem in a local directory
    and remove leftovers manually after rebooting, but this will not be done
    automatically to avoid unintential removals. This situation can be easily
    detected by checking the journal after a reboot, as there will be a log
    message that says:

    tmp.mount: Directory /tmp to mount over is not empty, mounting anyway

  - /run/lock/ is no longer created with a patch before units start, but by
    a standard early-boot run-lock.mount unit that is ordered before
    local-fs.target. Any service needing to use /run/lock/ and running before
    sysinit.target (ie, they likely define DefaultDependencies=no) will need
    to be explicitly ordered with After=run-lock.mount. The two known cases
    where this happens in the archive have a bug+MR filed already.

  - On new installations, tmpfiles.d will now cleanup by default files
    that have not been changed or accessed on /tmp/ for 10 days, and /var/tmp/
    for 30 days. The legacy behaviour can be configured with a local override
    if needed:

    echo 'D /tmp 1777' > /etc/tmpfiles.d/tmp.conf

    This override will be automatically provided for upgrades of existing
    systems from previous releases to Trixie. As a reminder, individual
    files and directories can be marked for exclusion from cleanups with
    the 'x' type configuration line as described in the tmpfiles.d manpage,
    for example:

    echo 'x /tmp/my-precious' > /etc/tmpfiles.d/precious.conf

  - coredumps are now disabled by default via configuration files rather than
    an out-of-tree patch (installing the optional systemd-coredump package
    will enable them as before). As always, overriding via local drop-ins is
    possible if desired. The configuration files that respectively affect
    the system systemd instance, the user systemd instances and PAM sessions
    are:

    /usr/lib/systemd/system.conf.d/10-coredump-debian.conf
    /usr/lib/systemd/user.conf.d/10-coredump-debian.conf
    /usr/lib/sysctl.d/10-coredump-debian.conf
    /etc/security/limits.d/10-coredump-debian.conf

 -- Luca Boccassi <bluca@debian.org>  Tue, 28 May 2024 00:07:57 +0100

systemd (256~rc2-1) unstable; urgency=medium

  In the rare case a scheduled shutdown fails to be enqueued (most
  likely, D-Bus daemon/broker is not installed), the system will now
  immediately reboot, restoring the default behaviour intended upstream.

 -- Luca Boccassi <bluca@debian.org>  Wed, 15 May 2024 00:40:56 +0100

systemd (253~rc2-1) experimental; urgency=medium

  TuxOnIce is no longer supported directly (via an out-of-tree patch)
  for hibernation. TuxOnIce users should instead use the environment
  variable $SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1 (i.e.: set it on
  the kernel command line).

  The Debian-specific /etc/default/locale will now be made into a
  symlink to the distribution-agnostic /etc/locale.conf. The content
  format is compatible, so at upgrade time if /etc/default/locale
  exists it will be copied to /etc/locale.conf, if the latter does not
  exist.
  The Debian-specific /etc/timezone will no longer be supported by
  systemd-timedated, as it is no longer useful and its functionality
  has been subsumed into /etc/localtime, and tzdata will no longer
  create it.

  The journal 'audit' feature is no longer patched to be disabled by
  default, and instead we rely on the fact that the unit
  'systemd-journald-audit.socket' is disabled by default. If you enabled
  this in the past by setting 'Audit=yes' in a configuration file, you
  will also need to enable the socket unit.

 -- Luca Boccassi <bluca@debian.org>  Wed, 08 Feb 2023 20:36:58 +0000

systemd (251.3-2) unstable; urgency=medium

  systemd-resolved has been split into a separate package.
  This new systemd-resolved package will not be installed automatically on
  upgrades. If you are using systemd-resolved, please install this new
  package manually.

 -- Luca Boccassi <bluca@debian.org>  Thu, 05 Aug 2022 20:26:12 +0100

systemd (251.2-3) unstable; urgency=medium

  systemd-boot has been split into a separate package.
  This new systemd-boot package will not be installed automatically on
  upgrades. If you are using systemd-boot, please install this new
  package manually.

  The default boot loader in Debian is grub2. If you have not set up
  systemd-boot manually, no action is required on your side.

 -- Michael Biebl <biebl@debian.org>  Wed, 08 Jun 2022 21:49:47 +0200

systemd (251.1-1) unstable; urgency=medium

  systemd-journal-gatewayd and systemd-journal-remote are now built
  without the --trust option, in order to be able to switch away from
  gnutls to openssl.

 -- Luca Boccassi <bluca@debian.org>  Thu, 26 May 2022 00:55:39 +0100

systemd (247.2-2) unstable; urgency=medium

  systemd now defaults to the "unified" cgroup hierarchy (i.e. cgroupv2).
  This change reflects the fact that cgroupsv2 support has matured
  substantially in both systemd and in the kernel.
  All major container tools nowadays should support cgroupv2.
  If you run into problems with cgroupv2, you can switch back to the previous,
  hybrid setup by adding "systemd.unified_cgroup_hierarchy=false" to the
  kernel command line.
  You can read more about the benefits of cgroupv2 at
  https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html

 -- Michael Biebl <biebl@debian.org>  Mon, 21 Dec 2020 18:40:10 +0100

systemd (247.2-1) unstable; urgency=medium

  KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
  "bind" and "unbind" to the Linux device model. When this kernel
  change was made, systemd-udevd was only minimally updated to handle
  and propagate these new event types. The introduction of these new
  uevents (which are typically generated for USB devices and devices
  needing a firmware upload before being functional) resulted in a
  number of issues which we so far didn't address. We hoped the kernel
  maintainers would themselves address these issues in some form, but
  that did not happen. To handle them properly, many (if not most) udev
  rules files shipped in various packages need updating, and so do many
  programs that monitor or enumerate devices with libudev or sd-device,
  or otherwise process uevents. Please note that this incompatibility
  is not fault of systemd or udev, but caused by an incompatible kernel
  change that happened back in Linux 4.14, but is becoming more and
  more visible as the new uevents are generated by more kernel drivers.

  To learn more about the required udev rules changes please check the
  "CHANGES WITH 247" section of /usr/share/doc/systemd/NEWS.gz.

 -- Balint Reczey <rbalint@ubuntu.com>  Fri, 11 Dec 2020 18:22:42 +0100

systemd (241-4) unstable; urgency=medium

  DRM render nodes (/dev/dri/renderD*) are now owned by group "render"
  (previously group "video"). Dynamic ACLs via the "uaccess" udev tag are still
  applied, so in the common case things should just continue to work.
  If you rely on static permissions to access those devices, you need to update
  group memberships accordingly to use group "render" now.

 -- Michael Biebl <biebl@debian.org>  Fri, 17 May 2019 19:15:32 +0200

systemd (236-1) unstable; urgency=medium

  DynamicUser=yes has been enabled for systemd-journal-upload.service and
  systemd-journal-gatewayd.service.
  This means we no longer need to statically allocate a systemd-journal-upload
  and systemd-journal-gateway user and you can now safely remove those system
  users along with their associated groups.

 -- Michael Biebl <biebl@debian.org>  Sun, 17 Dec 2017 21:17:32 +0100

systemd (231-1) unstable; urgency=low

  This version drops support for running /etc/rcS.d SysV init scripts.
  These are prone to cause dependency loops, and almost all Debian packages
  with rcS scripts now ship a native systemd service. If you have custom or
  third-party rcS scripts you need to convert them or change them to run
  in rc2.d/ - rc5.d/; see this page for details:
  <https://wiki.debian.org/Teams/pkg-systemd/rcSMigration>.

 -- Martin Pitt <mpitt@debian.org>  Thu, 14 Jul 2016 12:54:34 +0200

systemd (224-2) unstable; urgency=medium

  This version splits out systemd-nspawn, systemd-machined, and machinectl
  into the new "systemd-container" package. That now also enables
  systemd-importd.

 -- Martin Pitt <mpitt@debian.org>  Sat, 22 Aug 2015 15:58:43 +0200

systemd (220-7) unstable; urgency=medium

  The mechanism for providing stable network interface names changed.
  Previously they were kept in /etc/udev/rules.d/70-persistent-net.rules
  which mapped device MAC addresses to the (arbitrary) name they got when
  they first appeared (i. e. mostly at the time of installation). As this
  had several problems and is not supported any more, this is deprecated in
  favor of the "net.ifnames" mechanism. With this most of your network
  interfaces will get location-based names. If you have ifupdown, firewall,
  or other configuration that relies on the old names, you need to update
  these by Debian 10/Ubuntu 18.04 LTS, and then remove
  /etc/udev/rules.d/70-persistent-net.rules. Please see
  /usr/share/doc/udev/README.Debian.gz for details about this.

 -- Martin Pitt <mpitt@debian.org>  Mon, 15 Jun 2015 15:30:29 +0200