NEWS: update for v253-rc1

1 files changed, 265 insertions, 37 deletions

diff --git a/NEWS b/NEWS
index e0466aed5b..d71f72ec76 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ CHANGES WITH 253 in spe:
           /proc being set up.)  Operation in such an environment is not fully
           supported.
 
+        * The return value of 'systemctl is-active|is-enabled|is-failed' for
+          unknown units is changed: previously 1 or 3 were returned, but now 4
+          (EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) is used as documented.
+
         * 'udevadm hwdb' subcommand is deprecated and will emit a warning.
           systemd-hwdb (added in 2014) should be used instead.
 
@@ -21,17 +25,38 @@ CHANGES WITH 253 in spe:
           has more and less specific patterns that could match the same device,
           but it is expected that the change will have no effect for most users.
 
+        * systemd-networkd-wait-online exits successfully when all interfaces
+          are ready or unmanaged. Previously, if neither '--any' nor
+          '--interface=' options were used, at least one interface had to be in
+          configured state. This change allows the case, where systemd-networkd
+          is enabled but no interfaces are configured, to be handled
+          gracefully. It may occur in particular when a different network
+          manager is also enabled and used.
+
+        * Some compatibility helpers were dropped: EmergencyAction= in the user
+          manager, measuring kernel command line into PCR 8 along with the
+          -Defi-tpm-pcr-compat compile-time option.
+
         New components:
 
-        * A tool to build, measure, and sign Unified Kernel Images (UKIs) has
-          been added. This replaces functionality provided by 'dracut --uefi'
-          and extends it with automatic calculation of offsets, insertion of
-          signed PCR policies generated by systemd-measure, support for initrd
-          concatenation, signing of the embedded Linux image and the combined
-          image with sbsign, and heuristics to autodetect the kernel uname and
-          verify the splash image.
+        * A tool 'ukify' tool to build, measure, and sign Unified Kernel Images
+          (UKIs) has been added. This replaces functionality provided by
+          'dracut --uefi' and extends it with automatic calculation of offsets,
+          insertion of signed PCR policies generated by systemd-measure,
+          support for initrd concatenation, signing of the embedded Linux image
+          and the combined image with sbsign, and heuristics to autodetect the
+          kernel uname and verify the splash image.
+
+        Changes in systemd and units:
 
-        Changes in systemd:
+        * A new unit type Type=notify-reload is defined. When such a unit is
+          reloaded via a signal, the manager will wait until it receives a
+          "READY=1" notification from the unit. Otherwise, this type is the
+          same as Type=notify.
+
+          user@.service, systemd-networkd.service, systemd-udevd.service, and
+          systemd-logind have been updated to this type; their reloads are now
+          synchronuous.
 
         * Initrd environments which are not on a temporary file system (for
           example an overlayfs combination) are now supported. Systemd will only
@@ -41,56 +66,125 @@ CHANGES WITH 253 in spe:
         * New MemoryZSwapMax= option has been added to configure
           memory.zswap.max cgroup properties (the maximum amount of zswap used).
 
+        * New LogFilterPatterns= option can be used to specify regexp
+          accept/deny patterns for log entries generated by the unit. Based on
+          the option value, the manager sets the
+          user.journald_log_filter_patterns extended attribute on the unit
+          cgroup. systemd-journald checks for this attribute when receiving
+          messages, and will filter messages by matching the MESSAGE= part.
+          Rejected messages are neither stored in the journal nor forwarded.
+          This option can be used to filter noisy or uninteresting messages
+          from units.
+
+        * The manager has a new
+          org.freedesktop.systemd1.Manager.GetUnitByPIDFD() method to query
+          process ownership via a PIDFD.
+
         * Scope units now support OOMPolicy=. Login session scopes default to
-          OOMPolicy=continue, allowing login scopes to survive the oom killer
+          OOMPolicy=continue, allowing login scopes to survive the OOM killer
           terminating some processes in the scope.
 
         * systemd-fstab-generator now supports x-systemd.makefs option for
           /sysroot (in the initrd).
 
+        * The maximum rate at which daemon reloads are executed can now be
+          limited with the new ReloadLimitIntervalSec=/ReloadLimitBurst=
+          options. (Or the equivalent on the kernel command line:
+          systemd.reload_limit_interval_sec=/systemd.reload_limit_burst=).
+          In addition, systemd now logs the originating unit and PID when
+          a reload request is received over D-Bus.
+
+        * When enabling a swap device, instead of failing, systemd will now
+          reinitialize the device when the page size of the swap space does not
+          match the page size of the running kernel.
+
+        * Systemd now executes generators in a mount namespace "sandbox" with
+          most of the file system read-only, but with write access to the
+          output directories, and with a temporary /tmp/ mount provided. This
+          provides a safeguard against programming errors in the generators,
+          but also fixes here-docs in shells, which previously didn't work in
+          early boot when /tmp/ wasn't available yet. (This feature has no
+          security implications, because the code is still privileged and can
+          trivially exit the sandbox.)
+
+        * The manager will load the vmm.notify_socket credential. If found,
+          it will send a "READY=1" notification on the specified socket after
+          boot is complete. This allows readiness notification to be sent
+          from a VM guest to the host over a VSOCK socket.
+
+        * The sample PAM configuration file for systemd-user@.service now
+          includes a call to pam_namespace. This puts children of user@.service
+          in the expected namespace. (Many distributions replace their file
+          with something custom, so this change has limited effect.)
+
         Changes in udev:
 
         * The new net naming scheme "v253" has been introduced. In the new
           scheme, ID_NET_NAME_PATH is also set for USB devices not connected via
-          a PCI bus. This extends the converage of predictable interface names
+          a PCI bus. This extends the coverage of predictable interface names
           in some embedded systems.
 
           The "amba" bus path is now included in ID_NET_NAME_PATH, resulting in
           a more informative path on some embedded systems.
 
-        Changes in sd-boot, bootctl, and the Boot Loader Specification:
+        * Block partitions will now also get symlinks in
+          /dev/disk/by-diskseq/<seq>-part<n>, which may be used to reference
+          block device nodes via the kernel's "diskseq" value. Previously those
+          symlinks were only created for the main block device.
+
+        * A new operator '-=' is supported for SYMLINK variables. This allows
+          symlinks to be unconfigured even if an earlier rule added them.
 
-	* systemd-boot now passes its random seed directly to the kernel's RNG
-	  via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
-	  means the RNG gets seeded very early in boot before userspace has
-	  started.
+        * 'udevadm --trigger --settle' now also works for network devices
+          that are being renamed.
 
-	* systemd-boot will pass a random seed when secure boot is enabled if
-	  it can additionally get a random seed from EFI itself, via EFI's RNG
-	  protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
-	  preceding bootloader.
+        Changes in sd-boot, bootctl, and the Boot Loader Specification:
 
-	* The random seed stored in the ESP is now refreshed whenever
-	  systemd-random-seed.service is run.
+        * systemd-boot now passes its random seed directly to the kernel's RNG
+          via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
+          means the RNG gets seeded very early in boot before userspace has
+          started.
 
-	* systemd-boot handles various seed inputs using a domain- and
-	  field-separated hashing scheme.
+        * systemd-boot will pass a random seed when secure boot is enabled if
+          it can additionally get a random seed from EFI itself, via EFI's RNG
+          protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
+          preceding bootloader.
 
-	* systemd-boot's 'random-seed-mode' option has been removed. A system
-	  token is now always required to be present for random seeds to be
-	  used.
+        * systemd-boot-system-token.service was renamed to
+          systemd-boot-random-seed.service and extended to always save the
+          random seed to ESP on every boot when a compatible boot loader is
+          used. This allows a refreshed random seed to be used in the boot
+          loader.
 
-	* systemd-stub now processes random seeds in the same way as
-	  systemd-boot, in case a unified kernel image is being used from a
-	  different bootloader than systemd-boot.
+        * systemd-boot handles various seed inputs using a domain- and
+          field-separated hashing scheme.
 
-	* bootctl will now generate a system token on all EFI systems, even
-	  virtualized ones, and is activated in the case that the system token
-	  is missing from either sd-boot and sd-stub booted systems.
+        * systemd-boot's 'random-seed-mode' option has been removed. A system
+          token is now always required to be present for random seeds to be
+          used.
 
         * systemd-boot now supports being loaded not from the ESP, for example
           for direct kernel boot under QEMU or when embedded into the firmware.
 
+        * systemd-boot now parses SMBIOS info to detect virtualization. This
+          information is used to skip some warnings which are not useful in a
+          VM and to conditionalize other aspects of behaviour.
+
+        * systemd-stub now processes random seeds in the same way as
+          systemd-boot, in case a unified kernel image is being used from a
+          different bootloader than systemd-boot.
+
+        * bootctl will now generate a system token on all EFI systems, even
+          virtualized ones, and is activated in the case that the system token
+          is missing from either sd-boot and sd-stub booted systems.
+
+        * bootctl now implements two new verbs: 'kernel-identify' prints the
+          type of a kernel image, and 'kernel-inspect' provides information
+          about the embedded command line and kernel version.
+
+        * bootctl now honours $KERNEL_INSTALL_CONF_ROOT with the same meaning
+          as for kernel-install.
+
         Changes in kernel-install:
 
         * A new "installation layout" can be configured as layout=uki. With this
@@ -109,6 +203,11 @@ CHANGES WITH 253 in spe:
           information. A new --no-warn option has been added that silences this
           warning.
 
+        * New option '--drop-in=' can be used to tell 'systemctl edit' the name
+          of the drop-in to edit. (Previously, 'override.conf' was always used.
+
+        * 'systemctl list-dependencies' now respects --type= and --state=.
+
         * 'systemctl kexec' now supports XEN.
 
         Changes in systemd-networkd and related tools:
@@ -140,6 +239,8 @@ CHANGES WITH 253 in spe:
           specified without its prefix length, then now systemd-networkd assumes
           /32 for IPv4 or /128 for IPv6 addresses.
 
+        * networkctl shows network and link file dropins in status output.
+
         Changes in systemd-dissect:
 
         * systemd-dissect gained a new option --list, to print the paths fo the
@@ -160,33 +261,158 @@ CHANGES WITH 253 in spe:
 
         Changes in systemd-repart:
 
-        * systemd-repart gained new options --include-partitions and
-          --exclude-partitions to filter operation on partitions by type UUID.
+        * systemd-repart gained new options --include-partitions= and
+          --exclude-partitions= to filter operation on partitions by type UUID.
           This allows systemd-repart to be used to build images in which the
           type of one partition is set based on the contents of another
           partition (for example when the boot partition shall include a verity
           hash of the root partition).
 
+        * systemd-repart also gained a --defer-partitions= option that is
+          similar to --exclude-partitions=, but the size of the partition is
+          taken into account without populating it.
+
+        * systemd-repart gained a new --sector-size= option to specify what
+          sector size should be used when an image is created.
+
         * systemd-repart now supports erofs (a read-only file system similar to
           squashfs).
 
-        Changes in systemd-homed:
+        * The Minimize= option was extended to accept "best" (which means the
+          most minimal image possible, but may require multiple attempts) and
+          "guess" (which means a reasonably small image).
+
+        Changes in journal tools:
+
+        * Various systemd tools will append extra fields to log messages when
+          in debug mode, or when SYSTEMD_ENABLE_LOG_CONTEXT=1 is set. Currently
+          this includes information about D-Bus messages when sd-bus is used,
+          e.g. DBUS_SENDER=, DBUS_DESTINATION=, and DBUS_PATH=, and information
+          about devices when sd-device is used, e.g. DEVNAME= and DRIVER=.
+          Details of what is logged and when are subject to change.
+
+        * The systemd-journald-audit.socket can now be normally disabled
+          to stop collection of audit messages.
+
+        * New options MaxUse=, KeepFree=, MaxFileSize=, and MaxFiles= can
+          be used to curtail disk use by systemd-journal-remote. This is
+          similar to the options supported by systemd-journald.
+
+        Changes in systemd-cryptenroll, systemd-cryptsetup, and related
+        components
+
+        * systemd-cryptenroll now supports unlocking via FIDO2 tokens (option
+          --unlock-fido2-device=).
+
+        * systemd-cryptsetup now supports new options tpm2-measure-pcr= and
+          tpm2-measure-bank= in crypttab(5). These allow specifying the
+          PCR bank and number into which the volume key should be measured.
+
+        * When measuring data into a PCR, an authenticated hash (HMAC) is used
+          on the CPU, to further protect the data before it leaves the CPU.
+
+        * systemd-gpt-auto-generator mounts the ESP and XBOOTLDR partions with
+          "noexec,nosuid,nodev".
+
+        * systemd-pcrphase gained new options --machine-id and --file-system=
+          to measure the machine-id and mount point information into a PCR.
+
+        * The machine-id is measured into PCR 15 during early boot.
+
+        * For the root and /var/ volumes, the mount point information and
+          options, and volume encryption keys in case encryption is used, will
+          be measured into PCR 15.
+
+        * systemd-cryptenroll now stores the user-supplied PIN with a salt,
+          making it harder to brute-force.
+
+        Changes in other tools:
 
         * systemd-homed gained support for luksPbkdfForceIterations (the
           intended number of iterations for the PBKDF operation on LUKS).
 
-        Changes in systemd-homenamed:
+        * Environment variables $SYSTEMD_HOME_MKFS_OPTIONS_BTRFS,
+          $SYSTEMD_HOME_MKFS_OPTIONS_EXT4, and $SYSTEMD_HOME_MKFS_OPTIONS_XFS
+          can be used to specify additional arguments for mkfs when
+          systemd-homed formats a file system.
 
-        * systemd-homed now exports the contents of
+        * systemd-hostnamed now exports the contents of
           /sys/class/dmi/id/bios_vendor and /sys/class/dmi/id/bios_date via two
           new D-Bus properties: FirmwareVendor and FirmwareDate. This allows
           unprivileged code to access those values.
 
+          systemd-hostnamed also exports the SUPPORT_END= field from
+          os-release(5) as OperatingSystemSupportEnd. timedatectl make uses of
+          this to show the status of the installed system.
+
+        * systemd-measure gained an --append= option to sign multiple phase
+          paths with different signing keys. This allows secrets to be
+          accessible only in certain parts of the boot sequence. Note that
+          'ukify' provides similar functionality in a more accessible form.
+
+        * systemd-timesyncd will now write a structured log message with
+          MESSAGE_ID set to SD_MESSAGE_TIME_BUMP when it bumps the clock based
+          on a disk timestamp, similarly to what it did when reaching
+          synchronization via NTP.
+
+          systemd-timesyncd will now also update the timestamp file on each
+          boot, making it more likely that the system time increases in
+          subsequent boots.
+
+        * systemd-vconsole-setup gained support for credentials:
+          vconsole.keymap/vconsole.keymap_toggle and
+          vconsole.font/vconsole.font_map/vconsole.font_unimap are analogous
+          the similarly-named options in vconsole.conf.
+
+        * systemd-localed will now save the XKB keyboard configuration to
+          /etc/vconsole.conf, and also read it from there with a higher
+          preference than the /etc/X11/xorg.conf.d/00-keyboard.conf config
+          file. Previously, this information was stored in the former file in
+          converted form, and only in latter file in the original form. Tools
+          which want to access keyboard configuration can now do so from a
+          standard location.
+
+        * systemd-resolved gained support for configuring the nameservers and
+          search domains via kernel command line (nameserver=, domain=) and
+          credentials (network.dns, network.search_domains).
+
+        * systemd-notify will now send a "RELOADING=1" notification when called
+          with --reloading, and "STOPPING=1" when called with --stopping. This
+          can be used to implement notifications from units where it's easier
+          to call a program than to use the sd-daemon library.
+
+        * systemd-analyze gained new --json=, --table, and --no-legend options
+          that affect the output of 'plot'.
+
+        * 'machinectl enable' will now automatically enable machines.target
+          unit in addition to adding the machine unit to the target.
+
+          Similarly, 'machinectl start|stop' gained a --now option to enable or
+          disable the machine unit when starting or stopping it.
+
         Changes in libsystemd and shared code:
 
         * sd-bus gained new convenience functions sd_bus_emit_signal_to(),
           sd_bus_emit_signal_tov(), and sd_bus_message_new_signal_to().
 
+        * sd-id128 functions now return -EUCLEAN (instead of -EIO) when the
+          id128_t parameter has an invalid format. They also accept NULL as
+          output parameter in more places, which is useful when the caller only
+          wants to check the inputs and does not need the output value.
+
+        * sd-login gained new functions sd_pidfd_get_session(),
+          sd_pidfd_get_owner_uid(), sd_pidfd_get_unit(),
+          sd_pidfd_get_user_unit(), sd_pidfd_get_slice(),
+          sd_pidfd_get_user_slice(), sd_pidfd_get_machine_name(), and
+          sd_pidfd_get_cgroup(), that are analogous to sd_pid_get_*(),
+          but accept a PIDFD instead of a PID.
+
+        * sd-path (and systemd-path) now export four new paths:
+          SD_PATH_SYSTEMD_SYSTEM_ENVIRONMENT_GENERATOR,
+          SD_PATH_SYSTEMD_USER_ENVIRONMENT_GENERATOR,
+          SD_PATH_SYSTEMD_SEARCH_SYSTEM_ENVIRONMENT_GENERATOR, and
+          SD_PATH_SYSTEMD_SEARCH_USER_ENVIRONMENT_GENERATOR,
+
         * Detection of chroot environments now works if /proc/ is not mounted.
           This affects systemd-detect-virt --chroot, but also means that systemd
           tools will silently skip various operations in such an environment.
@@ -201,6 +427,8 @@ CHANGES WITH 253 in spe:
         * systemd-ac-power has been moved to /usr/bin/, to, for example, allow
           scripts to conditionalize execution on AC power supply.
 
+        * The libp11kit library is now loaded through dlopen(3).
+
         Changes in the documentation:
 
         * Specifications that are not closely tied to systemd have moved to