system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-07 00:30:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

update NEWS

Browse source
This commit is contained in:
Lennart Poettering 2023-02-02 17:44:03 +01:00
parent 12850a7f2e
commit f9fdbd54ea
1 changed files with 92 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
NEWS
View file

@ -43,6 +43,16 @@ CHANGES WITH 253 in spe:
renamed to '-Dupdate-helper-user-timeout-sec=', and now takes an
integer as parameter instead of a string.
* The DDI image dissection logic (which backs RootImage= in service
unit files, the --image= switch in various tools such as
systemd-nspawn, as well as systemd-dissect) will now only mount file
systems of types btrfs, ext4, xfs, erofs, squashfs, vfat. This list
can be overriden via the $SYSTEMD_DISSECT_FILE_SYSTEMS environment
variable. These file systems are fairly well supported and maintained
in current kernels, while others are usually more niche, exotic or
legacy and thus typically do not receive the same level of security
support and fixes.
New components:
* A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
@ -57,10 +67,12 @@ CHANGES WITH 253 in spe:
Changes in systemd and units:
* A new service type Type=notify-reload is defined. When such a unit is
reloaded a signal (typically SIGHUP) is sent to the main service
process. The manager will then wait until it receives a "RELOADING=1"
followed by a "READY=1" notification from the unit as response (via
sd_notify()). Otherwise, this type is the same as Type=notify.
reloaded a UNIX process signal (typically SIGHUP) is sent to the main
service process. The manager will then wait until it receives a
"RELOADING=1" followed by a "READY=1" notification from the unit as
response (via sd_notify()). Otherwise, this type is the same as
Type=notify. A new setting ReloadSignal= may be used to change the
signal to send from the default of SIGHUP.
user@.service, systemd-networkd.service, systemd-udevd.service, and
systemd-logind have been updated to this type.
@ -138,6 +150,17 @@ CHANGES WITH 253 in spe:
choose the default timeout for starting/stopping/aborting system and
user units respectively.
* Service units gained a new setting OpenFile= which may be used to
open arbitrary files in the file system (or connect to arbitrary
AF_UNIX sockets in the file system), and pass the open file
descriptor to the invoked process via the usual file descriptor
passing protocol. This is useful to give unprivileged services access
to select files which have restrictive access modes that would
normally not allow this. It's also useful in case RootDirectory= or
RootImage= is used to allow access to files from the host environment
(which is after all not visible from the service if these two options
are used.)
Changes in udev:
* The new net naming scheme "v253" has been introduced. In the new
@ -214,6 +237,20 @@ CHANGES WITH 253 in spe:
* bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
as for kernel-install.
* The JSON output of "bootctl list" will now contain two more fields:
isDefault and isSelected are boolean fields set to true on the
default and currently booted boot menu entries.
* bootctl gained a new verb "unlink" for removing a boot loader entry
type #1 file from disk in a safe and robust way.
* bootctl also gained a new verb "cleanup" that automatically removes
all files from the ESP's and XBOOTLDR's "entry-token" directory, that
is not referenced anymore by any installed Type #1 boot loader
specification entry. This is particulary useful in environments where
a large number of entries reference the same or partly the same
resources (for example, for snapshot-based setups).
Changes in kernel-install:
* A new "installation layout" can be configured as layout=uki. With
@ -241,6 +278,10 @@ CHANGES WITH 253 in spe:
* 'systemctl kexec' now supports XEN VMM environments.
* 'systemctl edit' will now tell the invoked editor to jump into the
first line with actual unit file data, skipping over synthesized
comments.
Changes in systemd-networkd and related tools:
* The [DHCPv4] section in .network file gained new SocketPriority=
@ -295,6 +336,23 @@ CHANGES WITH 253 in spe:
* systemd-dissect now understands 2nd stage initrd images stored as a
Discoverable Disk Image (DDI).
* systemd-dissect will now display the main UUID of GPT DDIs (i.e. the
disk UUID stored in the GPT header) among the other data it can show.
* systemd-dissect gained a new --in-memory switch to operate on an
in-memory copy of the specified DDI file. This is useful to access a
DDI with write access without persisting any changes. It's also
useful for accessing a DDI without keeping the originating file
system busy.
* The DDI dissection logic will now automatically detect the intended
sector size of disk images stored in files, based on the GPT
partition table arrangement. Loopback block devices for such DDIs
will then be configured automatically for the right sector size. This
is useful to make dealing with modern 4K sector size DDIs fully
automatic. The systemd-dissect tool will now show the detected sector
size among the other DDI information in its output.
Changes in systemd-repart:
* systemd-repart gained new options --include-partitions= and
@ -319,6 +377,12 @@ CHANGES WITH 253 in spe:
most minimal image possible, but may require multiple attempts) and
"guess" (which means a reasonably small image).
* The systemd-growfs binary now comes with a regular unit file template
systemd-growfs@.service which can be instantiated directly for any
desired file system. (Previously, the unit was generated dynamically
by various generators, but no regular unit file template was
available.)
Changes in journal tools:
* Various systemd tools will append extra fields to log messages when
@ -353,17 +417,27 @@ CHANGES WITH 253 in spe:
* systemd-cryptsetup now supports new options tpm2-measure-bank= and
tpm2-measure-pcr= in crypttab(5). These allow specifying the TPM2 PCR
bank and number into which the volume key should be measured.
bank and number into which the volume key should be measured. This is
automatically enabled for the encrypted root volume discovered and
activated by systemd-gpt-auto-generator.
* systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partitions with
"noexec,nosuid,nodev".
* systemd-gpt-auto-generator will now honour the rootfstype= and
rootflags= kernel command line switches for root file systems it
discovers, to match behaviour in case an explicit root fs is
specified via root=.
* systemd-pcrphase gained new options --machine-id and --file-system=
to measure the machine-id and mount point information into PCR 15. New
service unit files systemd-pcrmachine.service and
systemd-pcrfs@.service have been added that invoke the tool with
these switches during early boot.
* systemd-pcrphase gained a --graceful switch will make it exit cleanly
with a success exit code even if no TPM device is detected.
* systemd-cryptenroll now stores the user-supplied PIN with a salt,
making it harder to brute-force.
@ -417,13 +491,19 @@ CHANGES WITH 253 in spe:
search domains via kernel command line (nameserver=, domain=) and
credentials (network.dns, network.search_domains).
* systemd-resolved will now synthesize host names for the DNS stub
addresses it supports. Specifically when "_localdnsstub" is resolved,
127.0.0.53 is returned, and if "_localdnsproxy" is resolved
127.0.0.54 is returned.
* systemd-notify will now send a "RELOADING=1" notification when called
with --reloading, and "STOPPING=1" when called with --stopping. This
can be used to implement notifications from units where it's easier
to call a program than to use the sd-daemon library.
* systemd-analyze gained new --json=, --table, and --no-legend options
that affect the output of 'plot'.
* systemd-analyze's 'plot' command can now output its information in
JSON, controlled via the --json= switch. Also, new --table, and
--no-legend options have been added.
* 'machinectl enable' will now automatically enable machines.target
unit in addition to adding the machine unit to the target.
@ -469,8 +549,9 @@ CHANGES WITH 253 in spe:
SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
* sd-notify now supports AF_VSOCK, in the "vsock:CID:port" format, for
the $NOTIFY_SOCKET parameter/environment variable/credential.
* sd_notify() now supports AF_VSOCK as transport for notification
messages (in addition to the existing AF_UNIX support). This is
enabled if $NOTIFY_SOCKET is set in a "vsock:CID:port" format.
* Detection of chroot() environments now works if /proc/ is not
mounted. This affects systemd-detect-virt --chroot, but also means
@ -482,8 +563,8 @@ CHANGES WITH 253 in spe:
Changes in the build system:
* A standalone variant of systemd-repart may now be built (if
-Dstandalone=true).
* Standalone variants of systemd-repart and systemd-shutdown may now be
built (if -Dstandalone=true).
* systemd-ac-power has been moved from /usr/lib/ to /usr/bin/, to, for
example, allow scripts to conditionalize execution on AC power