morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

NEWS: the first big batch for v257

Browse Source
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
2024-09-12 13:25:12 +02:00
parent 58e359604f
commit dcc359010c
1 changed files with 228 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

230
NEWS
View File

@@ -44,18 +44,244 @@ CHANGES WITH 257 in spe:
but it should make the inhibitor logic easier to use and understand,
and also help avoiding accidental reboots and shutdowns. New 'delay-weak'
and 'block-weak' inhibitor modes were added, if taken they will make
the inhibitor lock work as in the previous versions.
the inhibitor lock work as in the previous versions. Inhibitor locks
can also be taken by remote users (subject to polkit policy).
* systemd-nspawn will now mount the unified cgroup hierarchy into a
container if no systemd installation is found in a container's root
filesystem. `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0` can be used to override
this behavior.
libsystemd:
* New sd-json component is now available as part of libsystemd. The
goal of the library is to allow structures to be conveniently
created in C code and serialized to JSON, and for JSON to
conveniently deserialized into in-memory structures, using callbacks
to handle specific keys. Various data types like integers, floats,
booleans, strings, UUIDs, hex-encoded strings, and arrays are
supported natively.
Service and system management:
* Environment variable $REMOTE_ADDR is now set when using socket
activation for AF_UNIX sockets.
* Multipath TCP (MPTCP) is now supported as a socket protocol.
* New crypttab options fido2-pin=, fido2-up=, fido2-uv= can be used to
enable/disable the PIN query, User Presence check, and User
Verification.
* New crypttab option password-cache=yes|no|read-only can be used to
customize password caching.
* New fstab option x-systemd.wants= creates "Wants" dependencies.
(This is similar to the previously available x-systemd.requires=.)
* The initialization of the system clock during boot and updates has
been simplified: either pid1 or systemd-timesyncd will pick the
latest time as indicated by the compiled-in epoch,
/usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
systemd(1) for an detailed updated description.
* Ctrl-Alt-Delete is reenabled during late shutdown, so that the user
can still initiate a reboot if the system freezes.
* Unit option PrivateUsers=identity can be used to request a user
namespace with an identity mapping for the first 65536 UIDs/GIDs.
This is analogous to the systemd-nspawn's --private-users=identity.
* Unit option PrivateTmp=disconnected can be used to specify that a
separate tmpfs instance should be used for /tmp and /var/tmp for the
unit.
* A new sleep.conf HibernateOnACPower= option can be used to enable
hibernation in suspend-then-hibernate mode even when connected to a
power source.
* udev rules now set 'uaccess' for /dev/udmabuf, giving locally
logged-in users access to the hardware. This is necessary to support
IPMI cameras with libcamera.
* New RELEASE_TYPE= and EXPERIMENT= fields are documented for the
os-release file. For example, "RELEASE_TYPE=development|stable|lts"
can be used to indicate various stages of the release life cycle,
and "RELEASE_TYPE=experimental" can indicate experimental builds,
with the EXPERIMENT= field providing a human-readable description of
the nature of the experiment.
* The manager (and various other tools too) use pidfds in more places
to refer to processes.
* A bunch of patches to ease building against musl have been merged.
* A build option -D link-executor-shared=false can be used to build
the systemd-executor binary (added in the previous release) in a way
where it does not link to shared libsystemd-shared-….so library.
PID1 holds a reference to the executor binary that was on disk when
the manager was started or restarted, but the shared libraries it is
linked to are not loaded until the executor binary needs to be used.
This partial static linking is a workaround for the issue where,
during upgrades, the old libsystemd-shared-….so may have already
been removed and the pinned executor binary will just fail to
execute.
systemd-logind:
* New DesignatedMaintenanceTime= configuration option allows
shutdowns to be automatically scheduled at the specified time.
* logind now reacts to Ctrl-Alt-Shift-Esc being pressed. It will send
out a org.freedesktop.login1.SecureAttentionKey signal, indicating a
request by the user for the system to display a secure login dialog.
The handling of SAK can be suppressed in logind configuration.
systemd-machined:
* Unprivileged clients are now allowed to register VMs and containers.
Machines started via the systemd-vmspawn@.service unit will now be
registered with systemd-machined.
systemd-resolved:
* 'resolvconf' command now supports '-p' switch. If specified, the
* resolvconf command now supports '-p' switch. If specified, the
interface will not be used as the default route.
* resolvectl now allows interactive polkit authorization. It gained a
--no-ask-password option to suppress it.
systemd-networkd and networkctl:
* IPv6 address labels can be configured in a new [IPv6AddressLabel]
section with Prefix= and Label= settings.
* 'networkctl edit' can now read the new contents from standard input
with the new --stdin option.
* networkctl gained a --no-ask-password option to suppress interactive
polkit authorization.
systemd-boot, systemd-stub, and related tools:
* The EFI stub now supports loading of .ucode sections with microcode
from addons.
* A new .profile PE section type is now documented and supported in
systemd-measure, ukify, systemd-stub and systemd-boot. Those new
sections allow multiple "profiles" to be stored together in the UKI,
with .profile sections creating groupings the UKI, allowing some
sections to be shared and other sections like .cmdline or .initrd
unique to the profile.
* ukify gained an --extend switch to import an existing UKI to
be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs.
The journal:
* journalctl can now list invocations of a unit with the
--list-invocation options and show logs for a specific invocation
with the new --invocation/-I option. (This is analogous to the
--list-boots/--boot/-b options.)
systemd-sysupdate and related tools:
* systemd-sysupdate can be run as system service, allowing
unprivileged clients to update the system via D-Bus calls.
A new updatectl command-line tool can be used to control the
service.
* systemd-sysupdate gained a new --offline option to force it to
operate locally. This is useful when listing locally installed
versions.
* systemd-sysupdate gained a new --transfer-source= option to set the
directory to which transfer sources cofigured with
PathRelativeTo=explicit will be interpreted.
Miscellaneous:
* systemctl now supports the --now option with the 'reenable' verb.
* systemd-analyze will now show the SMBIOS #11 vendor strings set for
the machine with a new 'smbios11' verb.
* systemd-analyze gained a new --instance= option that can be used to
provide an instance name to analyze multiple templates instantiated
with the same instance name.
* The 'tpm2' verb which lists usable TPM2 devices has been moved from
systemd-creds to systemd-analyze.
* varlinkctl gained a new verb 'list-methods' to show a list of
methods implemented by a service.
* varlinkctl gained a --quiet/-q option to suppress method call
replies.
* varlinkctl gained a --graceful= option to suppress specified Varlink
errors.
* varlinkctl gained a --timeout= option to limit how long the
invocation can take.
* varlinkctl allows remote invocations over ssh, via the new
"ssh-exec:" address specification. It'll make an ssh connection,
start the specified executable on the remote, and communicate with
the remote process using the Varlink protocol.
"ssh:" address specification has been renamed to "ssh-unix:".
(The old syntax is still supported for backwards compatibility.)
* bootctl gained a --random-seed=yes|no option to control provisioning
of the random seed file in ESP. (This is useful when producing an
image that will be used multiple times.)
* systemd-cryptenroll gained new options -fido2-salt-file= and
--fido2-parameters-in-header= to simplify manual enrollment of FIDO2
tokens.
* systemd-cryptenroll, systemd-repart, and systemd-storagetm gained a
new --list-devices option to list appropriate candidate block
devices.
* systemd-repart's CopyBlocks= directive can now use a char device as
source (in addition to previously supported regular files and block
devices).
* systemd-repart gained a new Compression= and CompressionLevel=
settings to enable internal compression in filesystems created
offline.
* systemd-repart understands a new MakeSymlinks= option to create one
or more symlinks (each specified as a symlink name and target).
* systemd-mount can now output JSON with a new --json= switch.
* A new generator sytemd-import-generator has been added to
synthetisize image download jobs. This provides functionality
similar to importctl, but configured via the kernel command line and
system credentials.
* systemd-inhibit now allows interactive polkit authorization. It
gained a --no-ask-password option to suppress it.
* systemd-id128 gained a new 'var-partition-uuid' verb to calculate
the DPS UUID for /var/ keyed by the local machine-id.
* locatectl gained a -l/--full option to show output without
ellipsization.
* 'busctl monitor' gained new options --num-matches= and --timeout=
to set the number of matches or limit the runtime of the command.
This is intended to be used in scripts.
* systemd-run can output some data as JSON via the new --json= option.
* timedatectl now supports interactive polkit authorization.
— <place>, <date>
CHANGES WITH 256: