shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-08 20:58:20 +03:00
Code

NEWS: start putting together NEWS for v249

Browse Source
This commit is contained in:
Lennart Poettering 2021-06-03 17:57:23 +02:00
parent 51df483846
commit f973aea740
1 changed files with 255 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

255
NEWS
View File

@ -1,5 +1,260 @@
systemd System and Service Manager
CHANGES WITH 249 in spe:
* When operating on disk images via the --image= switch of various
tools (such as systemd-nspawn or systemd-dissect), and multiple
suitable root or /usr/ partitions exist in the image, then a simple
strverscmp() inspired comparison is done on the GPT partition label,
and the newest partition picked. This permits a simple and generic
whole-file-system A/B update logic where new operating system
versions are dropped into partitions whose label is then updated with
a matching version identifier.
* systemd-sysusers now supports querying the passwords to set for the
users it creates via the "credentials" logic introduced in v247: the
passwd.hashed-password.<user> and passwd.plaintext-password.<user>
credentials are consulted for the password to use (either in UNIX
hashed form, or literally). By default these credentials are inherited
down from PID1 (which in turn imports it from a container manager if
there is one). This permits easy configuration of user passwords
during first boot. Example:
# systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo
Note that systemd-sysusers operates in purely additive mode: it
executes no operation if the declared users already exist, and hence
doesn't set any passwords as effect of the command line above if the
specified root user exists already in the image. (Note that
--volatile=yes ensures it doesn't, though.)
* systemd-firstboot now also supports querying various system
parameters via the credential subsystems. Thus, as above this may be
used to initialize important system parameters on first boot of
previously unprovisioned images (i.e. images with a mostly empty
/etc/).
* The systemd-ask-password now also supports reading passwords from the
credentials subsystem, via the new --credential= switch.
* Services gained a new ExitType= setting which can configure how to
determine when a service exited: the default is "main" which defines
the runtime by the service's main process lifetime (this matches the
only behaviour implemented in v248 and before), but with "cgroup" the
runtime is defined by the existence of any process in the service's
cgroup.
* The systemd-machine-id-setup tool now supports a --image= switch for
provisioning a machine ID file into an OS disk image, similar to how
--root= operates on an OS file tree. This matches the existing switch
of the same name to the systemd-tmpfiles, systemd-firstboot or
systemd-sysusers tools.
* Similar, systemd-repart gained support for a --image= switch, too. In
combination with the existing --size= makes the tool particularly
useful for easily growing disk images in a single command invocation,
following the declarative rules included in the image itself.
* systemd-repart's partition configuration files gained support for a
new switch MakeDirectories= which may be used to create arbitrary
directories inside file systems that are created, before registering
them in the partition table. This is useful in particular if root
partitions are created that way to create mount point directories for
other partitions included in the image. For example, a disk image
that is created to contain a /home/ and a /var/ partition in addition
to a root partition may MakeDirectories= to create /home/ and /var/
as empty directories in the root file system on creation so that the
resulting image can mounted immediately, even in read-only mode.
* systemd-repart's CopyBlocks= setting gained support for a special
value "auto". If used a suitable, matching partition on the booted OS
is found as source to copy blocks from. This is useful for
implementing replicating installers, that are booted from one medium
and then stream their own root partition on the target medium.
* systemd-repart's partition configuration files gained support for a
Flags= and a ReadOnly= setting, allowing control of the GPT partition
flags for the created partitions: this is useful for marking newly
created partitions as read-only from the start.
* The /etc/os-release file has been extended with two new (optional)
variables IMAGE_VERSION= and IMAGE_ID=, for carrying identification
and versioning information for OS images that are updated
consistently, comprehensively and atomically as one image. The two
new specifiers %M, %A now resolve to these two fields in the various
configuration options that resolve specifiers.
* portablectl gained a new switch --extension= for enabling portable
service images with extensions that follow the extension image
concept introduced with v248.
* systemd-coredump will now extract ELF build-id information from
processes dumping core and include it in the coredump
report. Moreover, if will look for ELF .note.package sections that
may carry distribution packaging meta-information about the crashing
process. This is useful to directly embed the RPM or Debian (or any
other) package name and version in the ELF files where they originate
from, making it easy to match up coredump reports with the software
versions they were found it. This is particular useful on
environments with ELF files form multiple vendors, different
distributions and versions, as it is common today, in particular in a
containerized and sand-boxed world. For further information, see:
https://systemd.io/COREDUMP_PACKAGE_METADATA
* A new udev hwdb has been added for Firewire audio devices
* sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a
NULL bus object, for which they will return false. Or in other words,
an unallocated bus connection is neither ready nor open.
* The native Journal protocol has been documented. Clients may talk
this as alternative to the classic BSD syslog protocol for locally
delivering log records to the Journal. The protocol has been stable
since a long time and in fact been implemented already in a variety
of alternative client libraries. This documentation makes the support
for that official:
https://systemd.io/JOURNAL_NATIVE_PROTOCOL
* A new BPFProgram= setting has been added to service files. It may be
set to a path to a loaded kernel BPF program, i.e. a path to a bpffs
file, or a bind mount or symlink to one. This may be used to upload
and manage BPF programs externally and then hook arbitrary systemd
services into them.
* The "home.arpa" domain that has been officially declared as the
choice for domain for local home networks per RFC 8375 has been added
to the default NTA list of resolved, since DNSSEC is generally not
available on private domains.
* The CPUAffinity= setting of unit files now resolves "%" specifiers.
* A new ManageForeignRoutingPolicyRules= setting has been added to
.network files which may be used to exclude foreign-created routing
policy rules from systemd-networkd management.
* systemd-network-wait-online gained two new switches -4 and -6 that
may be used to tweak whether to wait for only IPv4 or only IPv6
connectivity.
* .network files gained a new RequiredFamilyForOnline= setting to
fine-tune whether to require an IPv4 or IPv6 address in order to
consider an interface "online".
* The RestrictAddressFamilies= setting in service files now supports a
new special value "none". If specified sockets of all address
families will be made unavailable to services configured that way.
* The DHCP server logic configured in .network files gained a new
setting RelayTarget= that turns the server into a DHCP server relay.
* The sd-device API acquired a new API function
sd_device_get_usec_initialized() that returns the monotonic timestamp
when a udev device appeared in the database first.
* systemd-fstab-generator and systemd-repart have been updated to
support booting from disks that carry only a /usr/ partition but no
root partition yet, but where systemd-repart can add them in on first
boot. This is useful for implementing systems that ship with a single
/usr/ file system and whose root file system shall be set up on a
LUKS encrypted volume whose key is generated locally (and possibly
enrolled in TPM), and which is set up and formatted during first
boot.
* The [Address] section of .network files now accepts a new
RouteMetric= setting that configures the routing metric to use for
the prefix route created as effect of the address
configuration. Similar, the [DHCPv6PrefixDelegation] and [IPv6Prefix]
sections gained matching settings for their prefix routes. (The
option of the same name of the [DHCPv6] section is moved to
[IPv6AcceptRA], since it conceptually belongs there; the old option
is still understood for compatibility.)
* The DHCPv6 IAID and DUID are now explicitly configurable in .network
files.
* A new udev property ID_NET_DHCP_BROADCAST on network interface
devices is not honoured by systemd-networkd, that controls whether to
issue DHCP offers via broadcasting. This is used to ensure that s390
layer 3 network interfaces work out-of-the-box with systemd-networkd.
* nss-myhostname and systemd-resolved will now synthesize address
records for a new special hostname "_outbound". The name will always
resolve to the local IP addresses most likely used for outbound
connections towards the default route. On multi-homed hosts this is
useful to have a stable handle referring to "the" local IP address
that matters most, to the point where this is defined.
* The Discoverable Partition Specification has been updated with a new
GPT partition flag defined its partition types: a "growfs"
flag. Whenever partitions with this flag set are automatically
mounted (i.e. via systemd-gpt-auto-generator or the --image= switch
of systemd-nspawn or other tools; and as opposed to explicit mounting
via /etc/fstab), the file system within the partition is
automatically grown to the full size of the partition should it be
smaller. If the file system size already matches the partition size
this flag has no effect. Previously, this functionality has been
available via the explicit x-systemd.growfs mount option, and this
new flag extends this to automatically discovered mounts. A new
GrowFileSystem= setting has been added to systemd-repart drop-in
files that allows configuring this partition flag. This new flag
defaults to on for partitions automatically created by
systemd-repart, except if they are marked read-only. See the
specification for further details:
https://systemd.io/DISCOVERABLE_PARTITIONS
* .network files gained a new setting RoutToNTP= in the [DHCPv4]
section. If enabled (which is the default), and an NTP server address
is acquired through a DHCP lease on this interface an explicit route
to this address is created on this interface to ensure that NTP
traffic to the NTP server acquired on an interface is also routed
trough that interface. The pre-existing RoutesToDNS= setting that
implements the same for DNS servers is now enabled by default.
* A pair of service settings SocketBindAllow= + SocketBindDeny= have
been added that may be used to restrict the network interfaces
sockets created by the service may be bound to. This is implemented
via BPF.
* A new ConditionFirmware= condition type has been added to unit
files. It may be used to detect certain firmware features. At the
moment it may check whether running on an UEFI system, a device.tree
system or if the system is compatible with some specified device-tree
feature.
* hostnamed gained a new Describe() D-Bus method that returns a JSON
serialization of the host data it exposes. This is exposed via
"hostnamectl --json=" to acquire a host identity description in
JSON. It's our intention to add a similar concept to most services
and objects systemd manages, in order to simplify integration with
program code the consumes JSON.
* hostnamectl's various set-xyz verbs (e.g. "hostnamectl set-hostname")
have been renamed to just xyz (e.g. "hostnamectl hostname") and may
now be used to acquire the indicated data in terse form, instead of
only setting it. The old names continue to be supported for
compatibility.
* systemd-detect-virt and ConditionVirtualization= are now able to
correctly identify Amazon EC2 environments.
* The LogLevelMax= setting of unit files now applies not only to log
messages generated *by* the service, but also to log messages
generated *about* the service by PID 1. To suppress logs concerning a
specific service comprehensively, set this option to a high log
level.
* bootctl gained support for a new --make-machine-id-directory= switch
that allows precise control on whether to create the top-level
per-machine directory in the boot partition that typically contain
Type #1 boot loader entries.
CHANGES WITH 248:
* A concept of system extension images is introduced. Such images may