X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=NEWS;h=f52ee027a192e45990fdb41aee2105d2253ba9ad;hp=76d743a0b9493cc38ea67f3d86829253de491ba7;hb=c2fa048c4a70c8386c6d8fe939e5ea9edecf1e98;hpb=ce1dde29b92d1399ce502e0f7db790a99d14841f diff --git a/NEWS b/NEWS index 76d743a0b..f52ee027a 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,207 @@ systemd System and Service Manager +CHANGES WITH 216: + + * timedated no longer reads NTP implementation unit names from + /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP + implementations should add a + + Conflicts=systemd-timesyncd.service + + to their unit files to take over and replace systemd's NTP + default functionality. + + * systemd-sysusers gained a new line type "r" for configuring + which UID/GID ranges to allocate system users/groups + from. Lines of type "u" may now add an additional column + that specifies the home directory for the system user to be + created. Also, systemd-sysusers may now optionally read user + information from STDIN instead of a file. This is useful for + invoking it from RPM preinst scriptlets that need to create + users before the first RPM file is installed since these + files might need to be owned by them. A new + %sysusers_create_inline RPM macro has been introduced to do + just that. systemd-sysusers now updates the shadow files as + well as the user/group databases, which should enhance + compatibility with certain tools like grpck. + + * A number of bus APIs of PID 1 now optionally consult + PolicyKit to permit access for otherwise unprivileged + clients under certain conditions. Note that this currently + doesn't support interactive authentication yet, but this is + expected to be added eventually, too. + + * /etc/machine-info now has new fields for configuring the + deployment environment of the machine, as well as the + location of the machine. hostnamectl has been updated with + new command to update these fields. + + * systemd-timesyncd has been updated to automatically acquire + NTP server information from systemd-networkd, which might + have been discovered via DHCP. + + * systemd-resolved now includes a caching DNS stub resolver + and a complete LLMNR name resolution implementation. A new + NSS module "nss-resolve" has been added which can be used + instead of glibc's own "nss-dns" to resolve hostnames via + systemd-resolved. Hostnames, addresses and arbitrary RRs may + be resolved via systemd-resolved D-Bus APIs. In contrast to + the glibc internal resolver systemd-resolved is aware of + multi-homed system, and keeps DNS server and caches separate + and per-interface. Queries are sent simultaneously on all + interfaces that have DNS servers configured, in order to + properly handle VPNs and local LANs which might resolve + separate sets of domain names. systemd-resolved may acquire + DNS server information from systemd-networkd automatically, + which in turn might have discovered them via DHCP. A tool + "systemd-resolve-host" has been added that may be used to + query the DNS logic in resolved. systemd-resolved implements + IDNA and automatically uses IDNA or UTF-8 encoding depending + on whether classic DNS or LLMNR is used as transport. In the + next releases we intend to add a DNSSEC and mDNS/DNS-SD + implementation to systemd-resolved. + + * A new NSS module nss-mymachines has been added, that + automatically resolves the names of all local registered + containers to their respective IP addresses. + + * A new client tool "networkctl" for systemd-networkd has been + added. It currently is entirely passive and will query + networking configuration from udev, rtnetlink and networkd, + and present it to the user in a very friendly + way. Eventually, we hope to extend it to become a full + control utility for networkd. + + * .socket units gained a new DeferAcceptSec= setting that + controls the kernels' TCP_DEFER_ACCEPT sockopt for + TCP. Similar, support for controlling TCP keep-alive + settings has been added (KeepAliveTimeSec=, + KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for + turning off Nagle's algorithm on TCP has been added + (NoDelay=). + + * logind learned a new session type "web", for use in projects + like Cockpit which register web clients as PAM sessions. + + * timer units with at least one OnCalendar= setting will now + be started only after timer-sync.target has been + reached. This way they will not elapse before the system + clock has been corrected by a local NTP client or + similar. This is particular useful on RTC-less embedded + machines, that come up with an invalid system clock. + + * systemd-nspawn's --network-veth= switch should now result in + stable MAC addresses for both the outer and the inner side + of the link. + + * systemd-nspawn gained a new --volatile= switch for running + container instances with /etc or /var unpopulated. + + * The kdbus client code has been updated to use the new Linux + 3.17 memfd subsystem instead of the old kdbus-specific one. + + * systemd-networkd's DHCP client and server now support + FORCERENEW. There are also new configuration options to + configure the vendor client identifier and broadcast mode + for DHCP. + + * systemd will no longer inform the kernel about the current + timezone, as this is necessarily incorrect and racy as the + kernel has no understanding of DST and similar + concepts. This hence means FAT timestamps will be always + considered UTC, similar to what Android is already + doing. Also, when the RTC is configured to the local time + (rather than UTC) systemd will never synchronize back to it, + as this might confuse Windows at a later boot. + + * systemd-analyze gained a new command "verify" for offline + validation of unit files. + + * systemd-networkd gained support for a couple of additional + settings for bonding networking setups. Also, the metric for + statically configured routes may now be configured. For + network interfaces where this is appropriate the peer IP + address may now be configured. + + * systemd-networkd's DHCP client will no longer request + broadcasting by default, as this tripped up some networks. + For hardware where broadcast is required the feature should + be switched back on using RequestBroadcast=yes. + + * systemd-networkd will now set up IPv4LL addresses (when + enabled) even if DHCP is configured successfully. + + * udev will now default to respect network device names given + by the kernel when the kernel indicates that these are + predictable. This behavior can be tweaked by changing + NamePolicy= in the relevant .link file. + + * A new library systemd-terminal has been added that + implements full TTY stream parsing and rendering. This + library is supposed to be used later on for implementing a + full userspace VT subsystem, replacing the current kernel + implementation. + + * A new tool systemd-journal-upload has been added to push + journal data to a remote system running + systemd-journal-remote. + + * journald will no longer forward all local data to another + running syslog daemon. This change has been made because + rsyslog (which appears to be the most commonly used syslog + implementation these days) no longer makes use of this, and + instead pulls the data out of the journal on its own. Since + forwarding the messages to a non-existent syslog server is + more expensive than we assumed we have now turned this + off. If you run a syslog server that is not a recent rsyslog + version, you have to turn this option on again + (ForwardToSyslog= in journald.conf). + + * journald now optionally supports the LZ4 compressor for + larger journal fields. This compressor should perform much + better than XZ which was the previous default. + + * machinectl now shows the IP addresses of local containers, + if it knows them, plus the interface name of the container. + + * A new tool "systemd-escape" has been added that makes it + easy to escape strings to build unit names and similar. + + * sd_notify() messages may now include a new ERRNO= field + which is parsed and collected by systemd and shown among the + "systemctl status" output for a service. + + * A new component "systemd-firstboot" has been added that + queries the most basic systemd information (timezone, + hostname, root password) interactively on first + boot. Alternatively it may also be used to provision these + things offline on OS images installed into directories. + + * The default sysctl.d/ snippets will now set + + net.ipv4.conf.default.promote_secondaries=1 + + This has the benefit of no flushing secondary IP addresses + when primary addresses are removed. + + Contributions from: Ansgar Burchardt, Bastien Nocera, Colin + Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel + Mack, Dan Williams, Dave Reisner, David Herrmann, Denis + Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald + Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann + B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin + Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, + Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael + Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar, + Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert + Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef + Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas + Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets, + Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut + Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-08-19 + CHANGES WITH 215: * A new tool systemd-sysusers has been added. This tool @@ -55,10 +257,12 @@ CHANGES WITH 215: passed in from the server. Note that the [DHCPv4] section known in older systemd-networkd versions has been renamed to [DHCP] and is now also used by the DHCPv6 client. Existing - .network files using settings of this section need to be - updated. + .network files using settings of this section should be + updated, though compatibility is maintained. Optionally, the + client hostname may now be sent to the DHCP server. - * networkd gained support for vxlan virtual networks. + * networkd gained support for vxlan virtual networks as well + as tun/tap and dummy devices. * networkd gained support for automatic allocation of address ranges for interfaces from a system-wide pool of @@ -176,7 +380,9 @@ CHANGES WITH 215: * A new man page file-hierarchy(7) has been added that contains a minimized, modernized version of the file system layout systemd expects, similar in style to the FHS - specification or hier(5). + specification or hier(5). A new tool systemd-path(1) has + been added to query many of these paths for the local + machine and user. * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no longer done. Since the directory now has a per-user size @@ -195,6 +401,41 @@ CHANGES WITH 215: only be used for ports using the same HW address, hence the need for dev_port. + * machined has been updated to export the OS version of a + container (read from /etc/os-release and + /usr/lib/os-release) on the bus. This is now shown in + "machinectl status" for a machine. + + * A new service setting RestartForceExitStatus= has been + added. If configured to a set of exit signals or process + return values, the service will be restarted when the main + daemon process exits with any of them, regardless of the + Restart= setting. + + * systemctl's -H switch for connecting to remote systemd + machines has been extended so that it may be used to + directly connect to a specific container on the + host. "systemctl -H root@foobar:waldi" will now connect as + user "root" to host "foobar", and then proceed directly to + the container named "waldi". Note that currently you have to + authenticate as user "root" for this to work, as entering + containers is a privileged operation. + + Contributions from: Andreas Henriksson, Benjamin Steinwender, + Carl Schaefer, Christian Hesse, Colin Ian King, Cristian + Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene + Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo + Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart + Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine + Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich, + Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le + Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan, + Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe + Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar + Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek + + -- Berlin, 2014-07-03 + CHANGES WITH 214: * As an experimental feature, udev now tries to lock the @@ -253,7 +494,7 @@ CHANGES WITH 214: moved to /run/systemd/resolve/. If you have a symlink from /etc/resolv.conf, it might be necessary to correct it. - * Two new service settings, ProtectedHome= and ProtectedSystem=, + * Two new service settings, ProtectHome= and ProtectSystem=, have been added. When enabled, they will make the user data (such as /home) inaccessible or read-only and the system (such as /usr) read-only, for specific services. This allows @@ -365,7 +606,7 @@ CHANGES WITH 214: * Access modes specified in tmpfiles snippets may now be prefixed with "~", which indicates that they shall be masked - by whether the existing file or directly is currently + by whether the existing file or directory is currently writable, readable or executable at all. Also, if specified, the sgid/suid/sticky bits will be masked for all non-directories. @@ -1372,7 +1613,7 @@ CHANGES WITH 208: kernel, and on seats that are not seat0. * A new kernel command line option luks.options= is understood - now which allows specifiying LUKS options for usage for LUKS + now which allows specifying LUKS options for usage for LUKS encrypted partitions specified with luks.uuid=. * tmpfiles.d(5) snippets may now use specifier expansion in