diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-06-03 17:57:23 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-06-03 17:57:27 +0200 |
commit | f973aea7404aa69af9e133c3101645df61fc5434 (patch) | |
tree | bc133a85ba65b2ed17384c6160d96d240c44db9d /NEWS | |
parent | 51df483846219c86e1e6c405f295a6b873084e0e (diff) | |
download | systemd-f973aea7404aa69af9e133c3101645df61fc5434.tar.gz |
NEWS: start putting together NEWS for v249
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 255 |
1 files changed, 255 insertions, 0 deletions
@@ -1,5 +1,260 @@ systemd System and Service Manager +CHANGES WITH 249 in spe: + + * When operating on disk images via the --image= switch of various + tools (such as systemd-nspawn or systemd-dissect), and multiple + suitable root or /usr/ partitions exist in the image, then a simple + strverscmp() inspired comparison is done on the GPT partition label, + and the newest partition picked. This permits a simple and generic + whole-file-system A/B update logic where new operating system + versions are dropped into partitions whose label is then updated with + a matching version identifier. + + * systemd-sysusers now supports querying the passwords to set for the + users it creates via the "credentials" logic introduced in v247: the + passwd.hashed-password.<user> and passwd.plaintext-password.<user> + credentials are consulted for the password to use (either in UNIX + hashed form, or literally). By default these credentials are inherited + down from PID1 (which in turn imports it from a container manager if + there is one). This permits easy configuration of user passwords + during first boot. Example: + + # systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password.root:foo + + Note that systemd-sysusers operates in purely additive mode: it + executes no operation if the declared users already exist, and hence + doesn't set any passwords as effect of the command line above if the + specified root user exists already in the image. (Note that + --volatile=yes ensures it doesn't, though.) + + * systemd-firstboot now also supports querying various system + parameters via the credential subsystems. Thus, as above this may be + used to initialize important system parameters on first boot of + previously unprovisioned images (i.e. images with a mostly empty + /etc/). + + * The systemd-ask-password now also supports reading passwords from the + credentials subsystem, via the new --credential= switch. + + * Services gained a new ExitType= setting which can configure how to + determine when a service exited: the default is "main" which defines + the runtime by the service's main process lifetime (this matches the + only behaviour implemented in v248 and before), but with "cgroup" the + runtime is defined by the existence of any process in the service's + cgroup. + + * The systemd-machine-id-setup tool now supports a --image= switch for + provisioning a machine ID file into an OS disk image, similar to how + --root= operates on an OS file tree. This matches the existing switch + of the same name to the systemd-tmpfiles, systemd-firstboot or + systemd-sysusers tools. + + * Similar, systemd-repart gained support for a --image= switch, too. In + combination with the existing --size= makes the tool particularly + useful for easily growing disk images in a single command invocation, + following the declarative rules included in the image itself. + + * systemd-repart's partition configuration files gained support for a + new switch MakeDirectories= which may be used to create arbitrary + directories inside file systems that are created, before registering + them in the partition table. This is useful in particular if root + partitions are created that way to create mount point directories for + other partitions included in the image. For example, a disk image + that is created to contain a /home/ and a /var/ partition in addition + to a root partition may MakeDirectories= to create /home/ and /var/ + as empty directories in the root file system on creation so that the + resulting image can mounted immediately, even in read-only mode. + + * systemd-repart's CopyBlocks= setting gained support for a special + value "auto". If used a suitable, matching partition on the booted OS + is found as source to copy blocks from. This is useful for + implementing replicating installers, that are booted from one medium + and then stream their own root partition on the target medium. + + * systemd-repart's partition configuration files gained support for a + Flags= and a ReadOnly= setting, allowing control of the GPT partition + flags for the created partitions: this is useful for marking newly + created partitions as read-only from the start. + + * The /etc/os-release file has been extended with two new (optional) + variables IMAGE_VERSION= and IMAGE_ID=, for carrying identification + and versioning information for OS images that are updated + consistently, comprehensively and atomically as one image. The two + new specifiers %M, %A now resolve to these two fields in the various + configuration options that resolve specifiers. + + * portablectl gained a new switch --extension= for enabling portable + service images with extensions that follow the extension image + concept introduced with v248. + + * systemd-coredump will now extract ELF build-id information from + processes dumping core and include it in the coredump + report. Moreover, if will look for ELF .note.package sections that + may carry distribution packaging meta-information about the crashing + process. This is useful to directly embed the RPM or Debian (or any + other) package name and version in the ELF files where they originate + from, making it easy to match up coredump reports with the software + versions they were found it. This is particular useful on + environments with ELF files form multiple vendors, different + distributions and versions, as it is common today, in particular in a + containerized and sand-boxed world. For further information, see: + + https://systemd.io/COREDUMP_PACKAGE_METADATA + + * A new udev hwdb has been added for Firewire audio devices + + * sd-bus' sd_bus_is_ready() and sd_bus_is_open() calls now accept a + NULL bus object, for which they will return false. Or in other words, + an unallocated bus connection is neither ready nor open. + + * The native Journal protocol has been documented. Clients may talk + this as alternative to the classic BSD syslog protocol for locally + delivering log records to the Journal. The protocol has been stable + since a long time and in fact been implemented already in a variety + of alternative client libraries. This documentation makes the support + for that official: + + https://systemd.io/JOURNAL_NATIVE_PROTOCOL + + * A new BPFProgram= setting has been added to service files. It may be + set to a path to a loaded kernel BPF program, i.e. a path to a bpffs + file, or a bind mount or symlink to one. This may be used to upload + and manage BPF programs externally and then hook arbitrary systemd + services into them. + + * The "home.arpa" domain that has been officially declared as the + choice for domain for local home networks per RFC 8375 has been added + to the default NTA list of resolved, since DNSSEC is generally not + available on private domains. + + * The CPUAffinity= setting of unit files now resolves "%" specifiers. + + * A new ManageForeignRoutingPolicyRules= setting has been added to + .network files which may be used to exclude foreign-created routing + policy rules from systemd-networkd management. + + * systemd-network-wait-online gained two new switches -4 and -6 that + may be used to tweak whether to wait for only IPv4 or only IPv6 + connectivity. + + * .network files gained a new RequiredFamilyForOnline= setting to + fine-tune whether to require an IPv4 or IPv6 address in order to + consider an interface "online". + + * The RestrictAddressFamilies= setting in service files now supports a + new special value "none". If specified sockets of all address + families will be made unavailable to services configured that way. + + * The DHCP server logic configured in .network files gained a new + setting RelayTarget= that turns the server into a DHCP server relay. + + + * The sd-device API acquired a new API function + sd_device_get_usec_initialized() that returns the monotonic timestamp + when a udev device appeared in the database first. + + * systemd-fstab-generator and systemd-repart have been updated to + support booting from disks that carry only a /usr/ partition but no + root partition yet, but where systemd-repart can add them in on first + boot. This is useful for implementing systems that ship with a single + /usr/ file system and whose root file system shall be set up on a + LUKS encrypted volume whose key is generated locally (and possibly + enrolled in TPM), and which is set up and formatted during first + boot. + + * The [Address] section of .network files now accepts a new + RouteMetric= setting that configures the routing metric to use for + the prefix route created as effect of the address + configuration. Similar, the [DHCPv6PrefixDelegation] and [IPv6Prefix] + sections gained matching settings for their prefix routes. (The + option of the same name of the [DHCPv6] section is moved to + [IPv6AcceptRA], since it conceptually belongs there; the old option + is still understood for compatibility.) + + + * The DHCPv6 IAID and DUID are now explicitly configurable in .network + files. + + * A new udev property ID_NET_DHCP_BROADCAST on network interface + devices is not honoured by systemd-networkd, that controls whether to + issue DHCP offers via broadcasting. This is used to ensure that s390 + layer 3 network interfaces work out-of-the-box with systemd-networkd. + + * nss-myhostname and systemd-resolved will now synthesize address + records for a new special hostname "_outbound". The name will always + resolve to the local IP addresses most likely used for outbound + connections towards the default route. On multi-homed hosts this is + useful to have a stable handle referring to "the" local IP address + that matters most, to the point where this is defined. + + * The Discoverable Partition Specification has been updated with a new + GPT partition flag defined its partition types: a "growfs" + flag. Whenever partitions with this flag set are automatically + mounted (i.e. via systemd-gpt-auto-generator or the --image= switch + of systemd-nspawn or other tools; and as opposed to explicit mounting + via /etc/fstab), the file system within the partition is + automatically grown to the full size of the partition should it be + smaller. If the file system size already matches the partition size + this flag has no effect. Previously, this functionality has been + available via the explicit x-systemd.growfs mount option, and this + new flag extends this to automatically discovered mounts. A new + GrowFileSystem= setting has been added to systemd-repart drop-in + files that allows configuring this partition flag. This new flag + defaults to on for partitions automatically created by + systemd-repart, except if they are marked read-only. See the + specification for further details: + + https://systemd.io/DISCOVERABLE_PARTITIONS + + * .network files gained a new setting RoutToNTP= in the [DHCPv4] + section. If enabled (which is the default), and an NTP server address + is acquired through a DHCP lease on this interface an explicit route + to this address is created on this interface to ensure that NTP + traffic to the NTP server acquired on an interface is also routed + trough that interface. The pre-existing RoutesToDNS= setting that + implements the same for DNS servers is now enabled by default. + + * A pair of service settings SocketBindAllow= + SocketBindDeny= have + been added that may be used to restrict the network interfaces + sockets created by the service may be bound to. This is implemented + via BPF. + + * A new ConditionFirmware= condition type has been added to unit + files. It may be used to detect certain firmware features. At the + moment it may check whether running on an UEFI system, a device.tree + system or if the system is compatible with some specified device-tree + feature. + + * hostnamed gained a new Describe() D-Bus method that returns a JSON + serialization of the host data it exposes. This is exposed via + "hostnamectl --json=" to acquire a host identity description in + JSON. It's our intention to add a similar concept to most services + and objects systemd manages, in order to simplify integration with + program code the consumes JSON. + + * hostnamectl's various set-xyz verbs (e.g. "hostnamectl set-hostname") + have been renamed to just xyz (e.g. "hostnamectl hostname") and may + now be used to acquire the indicated data in terse form, instead of + only setting it. The old names continue to be supported for + compatibility. + + * systemd-detect-virt and ConditionVirtualization= are now able to + correctly identify Amazon EC2 environments. + + * The LogLevelMax= setting of unit files now applies not only to log + messages generated *by* the service, but also to log messages + generated *about* the service by PID 1. To suppress logs concerning a + specific service comprehensively, set this option to a high log + level. + + * bootctl gained support for a new --make-machine-id-directory= switch + that allows precise control on whether to create the top-level + per-machine directory in the boot partition that typically contain + Type #1 boot loader entries. + + … + CHANGES WITH 248: * A concept of system extension images is introduced. Such images may |