shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-05-30 05:05:57 +03:00
Code

update NEWS

Browse Source
This commit is contained in:
Lennart Poettering 2023-02-02 17:44:03 +01:00
parent 12850a7f2e
commit f9fdbd54ea
1 changed files with 92 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
NEWS
View File

@ -43,6 +43,16 @@ CHANGES WITH 253 in spe:
renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
integer as parameter instead of a string. integer as parameter instead of a string.
* The DDI image dissection logic (which backs RootImage= in service
unit files, the --image= switch in various tools such as
systemd-nspawn, as well as systemd-dissect) will now only mount file
systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
can be overriden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
variable. These file systems are fairly well supported and maintained
in current kernels, while others are usually more niche, exotic or
legacy and thus typically do not receive the same level of security
support and fixes.
New components: New components:
* A tool 'ukify' tool to build, measure, and sign Unified Kernel Images * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
@ -57,10 +67,12 @@ CHANGES WITH 253 in spe:
Changes in systemd and units: Changes in systemd and units:
* A new service type Type=notify-reload is defined. When such a unit is * A new service type Type=notify-reload is defined. When such a unit is
reloaded a signal (typically SIGHUP) is sent to the main service reloaded a UNIX process signal (typically SIGHUP) is sent to the main
process. The manager will then wait until it receives a "RELOADING=1" service process. The manager will then wait until it receives a
followed by a "READY=1" notification from the unit as response (via "RELOADING=1" followed by a "READY=1" notification from the unit as
sd_notify()). Otherwise, this type is the same as Type=notify. response (via sd_notify()). Otherwise, this type is the same as
Type=notify. A new setting ReloadSignal= may be used to change the
signal to send from the default of SIGHUP.
user@.service, systemd-networkd.service, systemd-udevd.service, and user@.service, systemd-networkd.service, systemd-udevd.service, and
systemd-logind have been updated to this type. systemd-logind have been updated to this type.
@ -138,6 +150,17 @@ CHANGES WITH 253 in spe:
choose the default timeout for starting/stopping/aborting system and choose the default timeout for starting/stopping/aborting system and
user units respectively. user units respectively.
* Service units gained a new setting OpenFile= which may be used to
open arbitrary files in the file system (or connect to arbitrary
AF_UNIX sockets in the file system), and pass the open file
descriptor to the invoked process via the usual file descriptor
passing protocol. This is useful to give unprivileged services access
to select files which have restrictive access modes that would
normally not allow this. It's also useful in case RootDirectory= or
RootImage= is used to allow access to files from the host environment
(which is after all not visible from the service if these two options
are used.)
Changes in udev: Changes in udev:
* The new net naming scheme "v253" has been introduced. In the new * The new net naming scheme "v253" has been introduced. In the new
@ -214,6 +237,20 @@ CHANGES WITH 253 in spe:
* bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
as for kernel-install. as for kernel-install.
* The JSON output of "bootctl list" will now contain two more fields:
isDefault and isSelected are boolean fields set to true on the
default and currently booted boot menu entries.
* bootctl gained a new verb "unlink" for removing a boot loader entry
type #1 file from disk in a safe and robust way.
* bootctl also gained a new verb "cleanup" that automatically removes
all files from the ESP's and XBOOTLDR's "entry-token" directory, that
is not referenced anymore by any installed Type #1 boot loader
specification entry. This is particulary useful in environments where
a large number of entries reference the same or partly the same
resources (for example, for snapshot-based setups).
Changes in kernel-install: Changes in kernel-install:
* A new "installation layout" can be configured as layout=uki. With * A new "installation layout" can be configured as layout=uki. With
@ -241,6 +278,10 @@ CHANGES WITH 253 in spe:
* 'systemctl kexec' now supports XEN VMM environments. * 'systemctl kexec' now supports XEN VMM environments.
* 'systemctl edit' will now tell the invoked editor to jump into the
first line with actual unit file data, skipping over synthesized
comments.
Changes in systemd-networkd and related tools: Changes in systemd-networkd and related tools:
* The [DHCPv4] section in .network file gained new SocketPriority= * The [DHCPv4] section in .network file gained new SocketPriority=
@ -295,6 +336,23 @@ CHANGES WITH 253 in spe:
* systemd-dissect now understands 2nd stage initrd images stored as a * systemd-dissect now understands 2nd stage initrd images stored as a
Discoverable Disk Image (DDI). Discoverable Disk Image (DDI).
* systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
disk UUID stored in the GPT header) among the other data it can show.
* systemd-dissect gained a new --in-memory switch to operate on an
in-memory copy of the specified DDI file. This is useful to access a
DDI with write access without persisting any changes. It's also
useful for accessing a DDI without keeping the originating file
system busy.
* The DDI dissection logic will now automatically detect the intended
sector size of disk images stored in files, based on the GPT
partition table arrangement. Loopback block devices for such DDIs
will then be configured automatically for the right sector size. This
is useful to make dealing with modern 4K sector size DDIs fully
automatic. The systemd-dissect tool will now show the detected sector
size among the other DDI information in its output.
Changes in systemd-repart: Changes in systemd-repart:
* systemd-repart gained new options --include-partitions= and * systemd-repart gained new options --include-partitions= and
@ -319,6 +377,12 @@ CHANGES WITH 253 in spe:
most minimal image possible, but may require multiple attempts) and most minimal image possible, but may require multiple attempts) and
"guess" (which means a reasonably small image). "guess" (which means a reasonably small image).
* The systemd-growfs binary now comes with a regular unit file template
systemd-growfs@.service which can be instantiated directly for any
desired file system. (Previously, the unit was generated dynamically
by various generators, but no regular unit file template was
available.)
Changes in journal tools: Changes in journal tools:
* Various systemd tools will append extra fields to log messages when * Various systemd tools will append extra fields to log messages when
@ -353,17 +417,27 @@ CHANGES WITH 253 in spe:
* systemd-cryptsetup now supports new options tpm2-measure-bank= and * systemd-cryptsetup now supports new options tpm2-measure-bank= and
tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
bank and number into which the volume key should be measured. bank and number into which the volume key should be measured. This is
automatically enabled for the encrypted root volume discovered and
activated by systemd-gpt-auto-generator.
* systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
"noexec,nosuid,nodev". "noexec,nosuid,nodev".
* systemd-gpt-auto-generator will now honour the rootfstype= and
rootflags= kernel command line switches for root file systems it
discovers, to match behaviour in case an explicit root fs is
specified via root=.
* systemd-pcrphase gained new options --machine-id and --file-system= * systemd-pcrphase gained new options --machine-id and --file-system=
to measure the machine-id and mount point information into PCR 15. New to measure the machine-id and mount point information into PCR 15. New
service unit files systemd-pcrmachine.service and service unit files systemd-pcrmachine.service and
systemd-pcrfs@.service have been added that invoke the tool with systemd-pcrfs@.service have been added that invoke the tool with
these switches during early boot. these switches during early boot.
* systemd-pcrphase gained a --graceful switch will make it exit cleanly
with a success exit code even if no TPM device is detected.
* systemd-cryptenroll now stores the user-supplied PIN with a salt, * systemd-cryptenroll now stores the user-supplied PIN with a salt,
making it harder to brute-force. making it harder to brute-force.
@ -417,13 +491,19 @@ CHANGES WITH 253 in spe:
search domains via kernel command line (nameserver=, domain=) and search domains via kernel command line (nameserver=, domain=) and
credentials (network.dns, network.search_domains). credentials (network.dns, network.search_domains).
* systemd-resolved will now synthesize host names for the DNS stub
addresses it supports. Specifically when "_localdnsstub" is resolved,
127.0.0.53 is returned, and if "_localdnsproxy" is resolved
127.0.0.54 is returned.
* systemd-notify will now send a "RELOADING=1" notification when called * systemd-notify will now send a "RELOADING=1" notification when called
with --reloading, and "STOPPING=1" when called with --stopping. This with --reloading, and "STOPPING=1" when called with --stopping. This
can be used to implement notifications from units where it's easier can be used to implement notifications from units where it's easier
to call a program than to use the sd-daemon library. to call a program than to use the sd-daemon library.
* systemd-analyze gained new --json=, --table, and --no-legend options * systemd-analyze's 'plot' command can now output its information in
that affect the output of 'plot'. JSON, controlled via the --json= switch. Also, new --table, and
--no-legend options have been added.
* 'machinectl enable' will now automatically enable machines.target * 'machinectl enable' will now automatically enable machines.target
unit in addition to adding the machine unit to the target. unit in addition to adding the machine unit to the target.
@ -469,8 +549,9 @@ CHANGES WITH 253 in spe:
SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR, SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
* sd-notify now supports AF_VSOCK, in the "vsock:CID:port" format, for * sd_notify() now supports AF_VSOCK as transport for notification
the $NOTIFY_SOCKET parameter/environment variable/credential. messages (in addition to the existing AF_UNIX support). This is
enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
* Detection of chroot() environments now works if /proc/ is not * Detection of chroot() environments now works if /proc/ is not
mounted. This affects systemd-detect-virt --chroot, but also means mounted. This affects systemd-detect-virt --chroot, but also means
@ -482,8 +563,8 @@ CHANGES WITH 253 in spe:
Changes in the build system: Changes in the build system:
* A standalone variant of systemd-repart may now be built (if * Standalone variants of systemd-repart and systemd-shutdown may now be
-Dstandalone=true). built (if -Dstandalone=true).
* systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for * systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
example, allow scripts to conditionalize execution on AC power example, allow scripts to conditionalize execution on AC power