NEWS: reword things, change ordering, remove one duplicate

2024-10-06 16:21:34 +00:00 · 2023-11-03 15:41:55 +01:00 · 2023-11-03 15:41:55 +01:00 · 427ddaf60c
parent 4f5278eead
commit 427ddaf60c
1 changed files with 79 additions and 78 deletions
--- a/157
+++ b/157
@ -34,12 +34,13 @@ CHANGES WITH 255 in spe:
          release to be enabled by default.

        * "systemctl switch-root" is now restricted to initrd transitions only.
-          Transitions between real systems should be done with "systemctl soft-reboot"
-          instead.

-        * The ip=off and ip=none kernel command line options interpreted by
+          Transitions between real systems should be done with
+          "systemctl soft-reboot" instead.
+
+        * The "ip=off" and "ip=none" kernel command line options interpreted by
          systemd-network-generator will now result in IPv6RA + link-local
-          addressing to be disabled, too. Previously DHCP was turned off, but
+          addressing being disabled, too. Previously DHCP was turned off, but
          IPv6RA and IPv6 link-local addressing was left enabled.

        * The NAMING_BRIDGE_MULTIFUNCTION_SLOT naming scheme has been deprecated
@ -55,16 +56,16 @@ CHANGES WITH 255 in spe:

        * The way services are spawned has been overhauled. Previously, a
          process was forked that shared all of the manager's memory (via
-          copy-on-write) while doing all the required set ups (e.g.: mount
+          copy-on-write) while doing all the required setup (e.g.: mount
          namespaces, CGroup configuration, etc.) before exec'ing the target
          executable. This was problematic for various reasons: several glibc
          APIs were called that are not supposed to be used after a fork but
          before an exec, copy-on-write meant that if either process (the
          manager or the child) touched a memory page a copy was triggered, and
          also the memory footprint of the child process was that of the
-          manager but with the memory limits of the service.  From this version
+          manager, but with the memory limits of the service. From this version
          onward, the new process is spawned using CLONE_VM and CLONE_VFORK
-          semantics via posix_spawn(), and it immediately execs a new internal
+          semantics via posix_spawn(3), and it immediately execs a new internal
          binary, systemd-executor, that receives the configuration to apply
          via memfd, and sets up the process before exec'ing the target
          executable.
@ -73,10 +74,10 @@ CHANGES WITH 255 in spe:
          instead of PIDs when the kernel supports it, to improve robustness
          and reliability.

-        * A new option SurviveFinalKillSignal= is now supported to configure a
-          unit to skip units on the final SIGTERM/SIGKILL spree on shutdown. This
-          is part of the required configuration to let a unit's processes survive
-          a soft-reboot operation without being interrupted.
+        * A new option SurviveFinalKillSignal= can be used to configure the
+          unit to be skipped in the final SIGTERM/SIGKILL spree on shutdown.
+          This is part of the required configuration to let a unit's processes
+          survive a soft-reboot operation.

        * System extension images (sysext) can now set
          EXTENSION_RELOAD_MANAGER=1 in their extension-release files to
@ -88,19 +89,20 @@ CHANGES WITH 255 in spe:
        * The ExtensionImages= and ExtensionDirectories= options now support
          confexts images/directories.

-        * A new option NFTSet= provides a method for integrating dynamic cgroup IDs
-          into firewall rules with NFT sets. The benefit of using this setting is to be
-          able to use control group as a selector in firewall rules easily and this in
-          turn allows more fine grained filtering. Also, NFT rules for cgroup matching
-          use numeric cgroup IDs, which change every time a service is restarted, making
-          them hard to use in a systemd environment.
+        * A new option NFTSet= provides a method for integrating dynamic cgroup
+          IDs into firewall rules with NFT sets. The benefit of using this
+          setting is to be able to use control group as a selector in firewall
+          rules easily and this in turn allows more fine grained filtering.
+          Also, NFT rules for cgroup matching use numeric cgroup IDs, which
+          change every time a service is restarted, making them hard to use in
+          systemd environment.

        * A new option CoredumpReceive= can be set for service and scope units,
          together with Delegate=yes, to make systemd-coredump on the host
-          forward core files from processes crashed inside the delegated CGroup
-          subtree to systemd-coredump running in the container. This new option
-          is by default used by systemd-nspawn containers that use the "--boot"
-          switch, i.e. are fully booted up.
+          forward core files from processes crashing inside the delegated
+          CGroup subtree to systemd-coredump running in the container. This new
+          option is by default used by systemd-nspawn containers that use the
+          "--boot" switch.

        * A new ConditionSecurity=measured-uki option is now available, to ensure
          a unit can only run when the system has been booted from a measured UKI.
@ -111,22 +113,22 @@ CHANGES WITH 255 in spe:
        * The $USER environment variable is now always set for services, while
          previously it was only set if User= was specified. A new option
          SetLoginEnvironment= is now supported to determine whether to also set
-          $HOME, $LOGNAME and $SHELL.
+          $HOME, $LOGNAME, and $SHELL.

        * Socket units now support a new pair of
          PollLimitBurst=/PollLimitInterval= options to configure a limit on
          how often polling events on the file descriptors backing this unit
          will be considered within a time window.

-        * Scope units can now be created passing PIDFDs instead of PIDs to select
+        * Scope units can now be created using PIDFDs instead of PIDs to select
          the processes they should include.

        * Sending SIGRTMIN+18 with 0x500 as sigqueue() value will now cause the
          manager to dump the list of currently pending jobs.

-        * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and machinectl
-          bind and mount-image verbs will now cause the new mount to to replace
-          the old mount (if any), instead of overmounting it.
+        * If the kernel supports MOVE_MOUNT_BENEATH, the systemctl and
+          machinectl bind and mount-image verbs will now cause the new mount to
+          replace the old mount (if any), instead of overmounting it.

        TPM2 Support + Disk Encryption & Authentication:

@ -181,14 +183,6 @@ CHANGES WITH 255 in spe:

        systemd-boot, systemd-stub, ukify, bootctl, kernel-install:

-        * The 90-loaderentry kernel-install hook now supports installing device
-          trees.
-
-        * ukify is no longer considered experimental, and now ships in /usr/bin/.
-
-        * ukify gained a new verb, inspect, that describes the sections of a UKI
-          and print the content of the well-known sections.
-
        * bootctl will now show whether the system was booted from a UKI in its
          status output.

@ -225,18 +219,29 @@ CHANGES WITH 255 in spe:
          passed from systemd-boot when running inside Confidential VMs with UEFI
          SecureBoot enabled.

+        * ukify is no longer considered experimental, and now ships in /usr/bin/.
+
+        * ukify gained a new verb inspect to describe the sections of a UKI and
+          print the contents of the well-known sections.
+
+        * ukify gained a new verb genkey to generate a set of of key pairs for
+          signing UKIs and their PCR data.
+
+        * The 90-loaderentry kernel-install hook now supports installing device
+          trees.
+
        systemd-repart:

-        * A new option --copy-from= that synthesizes partition definitions from
-          the given image, which are then applied to the systemd-repart algorithm,
-          has been added.
+        * A new option --copy-from= has been added that synthesizes partition
+          definitions from the given image, which are then applied by the
+          systemd-repart algorithm.

        * A new option --copy-source= has been added, which can be used to specify
          a directory to which CopyFiles= is considered relative to.

-        * New --make-ddi=confext, --make-ddi=sysext and --make-ddi=portable options
-          have been added to make it easier to generate these types of DDIs,
-          without having to provide repart.d definitions for them.
+        * New --make-ddi=confext, --make-ddi=sysext, and --make-ddi=portable
+          options have been added to make it easier to generate these types of
+          DDIs, without having to provide repart.d definitions for them.

        * The dm-verity salt and UUID will now be derived from the specified
          seed value.
@ -258,11 +263,11 @@ CHANGES WITH 255 in spe:
        * udev will now create symlinks to loopback block devices in the
          /dev/disk/by-loop-ref/ directory that are based on the .lo_file_name
          string field selected during allocation. The systemd-dissect tool and
-          the util-linux losetup command now supports a complementing new
-          switch --loop-ref= for selecting the string. This means a loopback
-          block device may now be allocated under a caller-chosen reference and
-          can subsequently be referenced by that without first having to look
-          up the block device name the caller ended up with.
+          the util-linux losetup command now supports a complementing new switch
+          --loop-ref= for selecting the string. This means a loopback block
+          device may now be allocated under a caller-chosen reference and can
+          subsequently be referenced without first having to look up the block
+          device name the caller ended up with.

        * udev also creates symlinks to loopback block devices in the
          /dev/disk/by-loop-inode/ directory based on the .st_dev/st_ino fields
@ -299,16 +304,16 @@ CHANGES WITH 255 in spe:
          is now dropped, as it never worked, hence it should not be used by
          anyone.

-        * The 'prefixstable' ipv6 address generation mode now considers the
-          SSID when generating stable addresses, so that a different stable
-          address is used when roaming between wireless networks. If you
-          already use 'prefixstable' addresses with wireless networks, the
-          stable address chosen will be changed by the update.
+        * The 'prefixstable' ipv6 address generation mode now considers the SSID
+          when generating stable addresses, so that a different stable address
+          is used when roaming between wireless networks. If you already use
+          'prefixstable' addresses with wireless networks, the stable address
+          will be changed by the update.

-        * The DHCPv4 client gained a RapidCommit= option, default true, which
+        * The DHCPv4 client gained a RapidCommit option, true by default, which
          enables RFC4039 Rapid Commit behavior to obtain a lease in a
          simplified 2-message exchange instead of the typical 4-message
-          exchange if also supported by the DHCP server.
+          exchange, if also supported by the DHCP server.

        * The DHCPv4 client gained new InitialCongestionWindow= and
          InitialAdvertisedReceiveWindow= options for route configurations.
@ -320,7 +325,7 @@ CHANGES WITH 255 in spe:
          (RFC8925).

        * The SendHostname= and Hostname= options are now available for the
-          DHCPv6 client, independent of the DHCPv4 option, so that these
+          DHCPv6 client, independently of the DHCPv4= option, so that these
          configuration values can be set independently for each client.

        * The DHCPv4 and DHCPv6 client state can now be queried via D-Bus,
@ -345,10 +350,10 @@ CHANGES WITH 255 in spe:
          indirection of NFT set types.

        * The [IPv6AcceptRA] section supports the following new options:
-          UsePREF64=, UseHopLimit=, UseICMP6RateLimit= and NFTSet=.
+          UsePREF64=, UseHopLimit=, UseICMP6RateLimit=, and NFTSet=.

        * The [IPv6SendRA] section supports the following new options:
-          RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec= and
+          RetransmitSec=, HopLimit=, HomeAgent=, HomeAgentLifetimeSec=, and
          HomeAgentPreference=.

        * A new [IPv6PREF64Prefix] set of options, containing Prefix= and
@ -356,7 +361,7 @@ CHANGES WITH 255 in spe:
          advertisements (RFC8781).

        * The network generator now configures the interfaces with only
-          link-local addressing if ip=link-local is specified on the kernel
+          link-local addressing if "ip=link-local" is specified on the kernel
          command line.

        * The prefix of the configuration files generated by the network
@ -381,20 +386,19 @@ CHANGES WITH 255 in spe:
        * systemctl is-failed now checks the system state if no unit is
          specified.

-        * systemctl will now automatically soft-reboot if a new root file
-          system has been setup in /run/nextroot/ when a reboot operation
-          is invoked.
+        * systemctl will now automatically soft-reboot if a new root file system
+          is found under /run/nextroot/ when a reboot operation is invoked.

        Login management:

-        * wall messages now work even when utmp support is disabled, using
+        * Wall messages now work even when utmp support is disabled, using
          systemd-logind to query the necessary information.

        * systemd-logind now sends a new PrepareForShutdownWithMetadata D-Bus
-          signal before shutdown/reboot/soft-reboot, that includes additional
-          information with respect to what PrepareForShutdown has. Currently
-          the additional information is the type of operation that is about to
-          be executed.
+          signal before shutdown/reboot/soft-reboot that includes additional
+          information compared to the PrepareForShutdown signal. Currently the
+          additional information is the type of operation that is about to be
+          executed.

        Hibernation & Suspend:

@ -432,9 +436,9 @@ CHANGES WITH 255 in spe:
          transient unit.

        * systemd-analyze, systemd-tmpfiles, systemd-sysusers, systemd-sysctl,
-          and systemd-binfmt gained a new --tldr option that can be used in
-          combination with --cat-config to suppress uninteresting configuration
-          lines, such as comments.
+          and systemd-binfmt gained a new --tldr option that can be used instead
+          of --cat-config to suppress uninteresting configuration lines, such as
+          comments and whitespace.

        * resolvectl gained a new "show-server-state" command that shows
          current statistics of the resolver. This is backed by a new
@ -448,19 +452,19 @@ CHANGES WITH 255 in spe:

        * seccomp now supports the LoongArch64 architecture.

-        * systemd-id128 now supports a new -P option to show only values, and
-          combining --app with the show verb.
+        * systemd-id128 now supports a new -P option to show only values. The
+          combination of -P and --app options is also supported.

-        * A new pam_systemd_loadkey.so PAM module is now available, which
-          allows automatically fetching the passphrase used by cryptsetup to
-          unlock the root file system and setting it as the PAM authtok. This
-          enables, among other things, configuring auto-unlock of the GNOME
-          Keyring / KDE Wallet when autologin is configured.
+        * A new pam_systemd_loadkey.so PAM module is now available, which will
+          automatically fetch the passphrase used by cryptsetup to unlock the
+          root file system and set it as the PAM authtok. This enables, among
+          other things, configuring auto-unlock of the GNOME Keyring / KDE
+          Wallet when autologin is configured.

        * Many meson options now use the 'feature' type, which means they
          take enabled/disabled/auto as values.

-        * A new meson option configfiledir can be used to change where
+        * A new meson option -Dconfigfiledir= can be used to change where
          configuration files with default values are installed to.

        * Options and verbs in man pages are now tagged with the version they
@ -905,9 +909,6 @@ CHANGES WITH 254:
        * ukify has been updated to allow building these UEFI PE "add-on"
          images, using the new 'addon<EFI-ARCH>.efi.stub'.

-        * ukify gained a new "genkey" verb for generating a set of of key pairs
-          to sign UKIs and their PCR data with.
-
        * ukify now accepts SBAT information to place in the .sbat PE section
          of UKIs and addons. If a UKI is built the SBAT information from the
          inner kernel is merged with any SBAT information associated with