A further bug to our strange multi-user.target depending on
network-online.target issue is that systemd recently changed the
behaviour of systemd-networkd-wait-online to no longer consider the
absence of interfaces with RequiredForOnline to be sufficient to be
online: https://github.com/systemd/systemd/pull/27825
On the advice of the systemd developers
(https://github.com/systemd/systemd/issues/29388), this commit changes
the configuration of systemd-networkd-wait-online to pass --any by
default, and lets the default DHCP interfaces be RequiredForOnline
as they would be by default if the option is omitted.
It is plausible that systemd-networkd-wait-online may still fail if
there are no interfaces at all. However, that probably cannot be
avoided.
Fixes#228141, which describes an issue where detaching Yubikey during the boot process
causes cryptsetup to write empty passphrase instead of the challenge-response salt stored
on the boot drive.
This fixes notably the fact that /dev/zfs was not usable anymore as a user,
and potentially other things.
Tracked in systemd upstream under issue number 28653, 28765.
This is an early preparation for systemd v254 which causes some patch reflows
and EFI-related cleanups to their new build system with elf2efi, requiring pyelftools
as a Python packge.
Historically, we allowed downgrade of DNSSEC, but some folks argue
this may decrease actually the security posture to do opportunistic DNSSEC.
In addition, the current implementation of (opportunistic) DNSSEC validation
is broken against "in the wild" servers which are usually slightly non-compliant.
systemd upstream recommended to me (in personal communication surrounding
the All Systems Go 2023 conference) to disable DNSSEC validation until
they work on it in a significant capacity, ideally, by next year.
it should be checking that it is not a broken symlink but bash
conditionals are difficult
-d was causing the directory to not be created if it does not exist
```
$ install -m 0755 -d $PWD/hello
$ ls
hello/
$ ln -s something notexist
'notexist' -> 'something'
$ ls -l
lrwxrwxrwx artturin artturin 9 B Sat Sep 9 06:59:44 2023 notexist@ ⇒ something
drwxr-xr-x artturin artturin 2 B Sat Sep 9 06:59:36 2023 hello/
$ install -m 0755 -d $PWD/notexist
install: cannot change permissions of ‘/home/artturin/nixgits/my-nixpkgs/test/notexist’: No such file or directory
```
RequiredForOnline takes a boolean or a minimum operational state and an
optional maximum operational state. In the latter case, range values are
separated with colon.
Underneath, systemd-networkd’s reload is just `networkctl reload`. Per
`man networkctl`, calling `reload` is expected to fully handle new,
modified, and removed .network files, but it only handles *new* .netdev
files. For simplicity, assume .network -> reload and .netdev -> restart.
It’s desirable to perform reload instead of restart, as restart has the
potential to bring down interfaces, resulting in a loss of network
connectivity.
Just like with system-wide tmpfiles, call `systemd-tmpfiles --create
--remove` for users during activation. This fixes an issue where new
entries in a user's tmpfiles are not reflected after activation, only at
boot when the user service systemd-tmpfiles-setup.service runs or only
after running systemd-tmpfiles manually.
