[systemd-devel] systemd 256 released

Luna Jernberg droidbittin at gmail.com
Mon Jun 17 03:20:23 UTC 2024


https://linuxunplugged.com/567

Den tis 11 juni 2024 kl 23:45 skrev systemd tag bot
<donotreply-systemd-tag at refi64.com>:
>
> 🎆 A new, official systemd release has just 🎉 been 🎊 tagged 🍾. Please download the tarball here:
>
>         https://github.com/systemd/systemd/archive/v256.tar.gz
>
> Changes since the previous release:
>
>         Announcements of Future Feature Removals and Incompatible Changes:
>
>         * Support for automatic flushing of the nscd user/group database caches
>           will be dropped in a future release.
>
>         * Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
>           considered obsolete and systemd by default will refuse to boot under
>           it. To forcibly reenable cgroup v1 support,
>           SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
>           line. The meson option 'default-hierarchy=' is also deprecated, i.e.
>           only cgroup v2 ('unified' hierarchy) can be selected as build-time
>           default.
>
>         * Support for System V service scripts is deprecated and will be
>           removed in a future release. Please make sure to update your software
>           *now* to include a native systemd unit file instead of a legacy
>           System V script to retain compatibility with future systemd releases.
>
>         * Support for the SystemdOptions EFI variable is deprecated.
>           'bootctl systemd-efi-options' will emit a warning when used. It seems
>           that this feature is little-used and it is better to use alternative
>           approaches like credentials and confexts. The plan is to drop support
>           altogether at a later point, but this might be revisited based on
>           user feedback.
>
>         * systemd-run's switch --expand-environment= which currently is disabled
>           by default when combined with --scope, will be changed in a future
>           release to be enabled by default.
>
>         * Previously, systemd-networkd did not explicitly remove any bridge
>           VLAN IDs assigned on bridge master and ports. Since version 256, if a
>           .network file for an interface has at least one valid setting in the
>           [BridgeVLAN] section, then all assigned VLAN IDs on the interface
>           that are not configured in the .network file are removed.
>
>         * IPForward= setting in .network file is deprecated and replaced with
>           IPv4Forwarding= and IPv6Forwarding= settings. These new settings are
>           supported both in .network file and networkd.conf. If specified in a
>           .network file, they control corresponding per-link settings. If
>           specified in networkd.conf, they control corresponding global
>           settings. Note, previously IPv6SendRA= and IPMasquerade= implied
>           IPForward=, but now they imply the new per-link settings. One of the
>           simplest ways to migrate configurations, that worked as a router with
>           the previous version, is enabling both IPv4Forwarding= and
>           IPv6Forwarding= in networkd.conf. See systemd.network(5) and
>           networkd.conf(5) for more details.
>
>         * systemd-gpt-auto-generator will stop generating units for ESP or
>           XBOOTLDR partitions if it finds mount entries for or below the /boot/
>           or /efi/ hierarchies in /etc/fstab. This is to prevent the generator
>           from interfering with systems where the ESP is explicitly configured
>           to be mounted at some path, for example /boot/efi/ (this type of
>           setup is obsolete, but still commonly found).
>
>         * The behavior of systemd-sleep and systemd-homed has been updated to
>           freeze user sessions when entering the various sleep modes or when
>           locking a homed-managed home area. This is known to cause issues with
>           the proprietary NVIDIA drivers. Packagers of the NVIDIA proprietary
>           drivers may want to add drop-in configuration files that set
>           SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false for systemd-suspend.service
>           and related services, and SYSTEMD_HOME_LOCK_FREEZE_SESSION=false for
>           systemd-homed.service.
>
>         * systemd-tmpfiles and systemd-sysusers, when given a relative
>           configuration file path (with at least one directory separator '/'),
>           will open the file directly, instead of searching for the given
>           partial path in the standard locations. The old mode wasn't useful
>           because tmpfiles.d/ and sysusers.d/ configuration has a flat
>           structure with no subdirectories under the standard locations and
>           this change makes it easier to work with local files with those
>           tools.
>
>         * systemd-tmpfiles now properly applies nested configuration to 'R' and
>           'D' stanzas. For example, with the combination of 'R /foo' and 'x
>           /foo/bar', /foo/bar will now be excluded from removal.
>
>         * systemd.crash_reboot and related settings are deprecated in favor of
>           systemd.crash_action=.
>
>         General Changes and New Features:
>
>         * Various programs will now attempt to load the main configuration file
>           from locations below /usr/lib/, /usr/local/lib/, and /run/, not just
>           below /etc/. For example, systemd-logind will look for
>           /etc/systemd/logind.conf, /run/systemd/logind.conf,
>           /usr/local/lib/systemd/logind.conf, and /usr/lib/systemd/logind.conf,
>           and use the first file that is found.  This means that the search
>           logic for the main config file and for drop-ins is now the same.
>
>           Similarly, kernel-install will look for the config files in
>           /usr/lib/kernel/ and the other search locations, and now also
>           supports drop-ins.
>
>           systemd-udevd now supports drop-ins for udev.conf.
>
>         * A new 'systemd-vpick' binary has been added. It implements the new
>           vpick protocol, where a "*.v/" directory may contain multiple files
>           which have versions (following the UAPI version format specification)
>           embedded in the file name. The files are ordered by version and
>           the newest one is selected.
>
>           systemd-nspawn --image=/--directory=, systemd-dissect,
>           systemd-portabled, and the RootDirectory=, RootImage=,
>           ExtensionImages=, and ExtensionDirectories= settings for units now
>           support the vpick protocol and allow the latest version to be
>           selected automatically if a "*.v/" directory is specified as the
>           source.
>
>         * Encrypted service credentials can now be made accessible to
>           unprivileged users. systemd-creds gained new options --user/--uid=
>           for encrypting/decrypting a credential for a specific user.
>
>         * New command-line tool 'importctl' to download, import, and export
>           disk images via systemd-importd is added with the following verbs:
>           pull-tar, pull-raw, import-tar, import-raw, import-fs, export-tar,
>           export-raw, list-transfers, and cancel-transfer. This functionality
>           was previously available in "machinectl", where it was used
>           exclusively for machine images. The new "importctl" generalizes this
>           for sysext, confext, and portable service images.
>
>         * The systemd sources may now be compiled cleanly with all OpenSSL 3.0
>           deprecations removed, including the OpenSSL engine logic turned off.
>
>         Service Management:
>
>         * New system manager setting ProtectSystem= has been added. It is
>           analogous to the unit setting, but applies to the whole system. It is
>           enabled by default in the initrd.
>
>           Note that this means that code executed in the initrd cannot naively
>           expect to be able to write to /usr/ during boot. This affects
>           dracut <= 101, which wrote "hooks" to /lib/dracut/hooks/. See
>           https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380.
>
>         * New unit setting WantsMountsFor= has been added. It is analogous to
>           RequiresMountsFor=, but creates a Wants= dependency instead of
>           Requires=. This new logic is now used in various places where mounts
>           were added as dependencies for other settings (WorkingDirectory=-…,
>           PrivateTmp=yes, cryptsetup lines with 'nofail').
>
>         * New unit setting MemoryZSwapWriteback= can be used to control the new
>           memory.zswap.writeback cgroup knob added in kernel 6.8.
>
>         * The manager gained a org.freedesktop.systemd1.StartAuxiliaryScope()
>           D-Bus method to devolve some processes from a service into a new
>           scope. This new scope will remain running, even when the original
>           service unit is restarted or stopped. This allows a service unit to
>           split out some worker processes which need to continue running.
>           Control group properties of the new scope are copied from the
>           originating unit, so various limits are retained.
>
>         * Units now expose properties EffectiveMemoryMax=,
>           EffectiveMemoryHigh=, and EffectiveTasksMax=, which report the
>           most stringent limit systemd is aware of for the given unit.
>
>         * A new unit file specifier %D expands to $XDG_DATA_HOME (for user
>           services) or /usr/share/ (for system services).
>
>         * AllowedCPUs= now supports specifier expansion.
>
>         * What= setting in .mount and .swap units now accepts fstab-style
>           identifiers, for example UUID=… or LABEL=….
>
>         * RestrictNetworkInterfaces= now supports alternative network interface
>           names.
>
>         * PAMName= now implies SetLoginEnvironment=yes.
>
>         * systemd.firstboot=no can be used on the kernel command-line to
>           disable interactive queries, but allow other first boot configuration
>           to happen based on credentials.
>
>         * The system's hostname can be configured via the systemd.hostname
>           system credential.
>
>         * The systemd binary will no longer chainload sysvinit's "telinit"
>           binary when called under the init/telinit name on a system that isn't
>           booted with systemd. This previously has been supported to make sure
>           a distribution that has both init systems installed can reasonably
>           switch from one to the other via a simple reboot. Distributions
>           apparently have lost interest in this, and the functionality has not
>           been supported on the primary distribution this was still intended
>           for a long time, and hence has been removed now.
>
>         * A new concept called "capsules" has been introduced. "Capsules" wrap
>           additional per-user service managers, whose users are transient and
>           are only defined as long as the service manager is running. (This is
>           implemented via DynamicUser=1), allowing a user manager to be used to
>           manager a group of processes without needing to create an actual user
>           account. These service managers run with home directories of
>           /var/lib/capsules/<capsule-name> and can contain regular services and
>           other units. A capsule is started via a simple "systemctl start
>           capsule@<name>.service". See the capsule at .service(5) man page for
>           further details.
>
>           Various systemd tools (including, and most importantly, systemctl and
>           systemd-run) have been updated to interact with capsules via the new
>           "--capsule="/"-C" switch.
>
>         * .socket units gained a new setting PassFileDescriptorsToExec=, taking
>           a boolean value. If set to true the file descriptors the socket unit
>           encapsulates are passed to the ExecStartPost=, ExecStopPre=,
>           ExecStopPost= using the usual $LISTEN_FDS interface. This may be used
>           for doing additional initializations on the sockets once they are
>           allocated. (For example, to install an additional eBPF program on
>           them).
>
>         * The .socket setting MaxConnectionsPerSource= (which so far put a
>           limit on concurrent connections per IP in Accept=yes socket units),
>           now also has an effect on AF_UNIX sockets: it will put a limit on the
>           number of simultaneous connections from the same source UID (as
>           determined via SO_PEERCRED). This is useful for implementing IPC
>           services in a simple Accept=yes mode.
>
>         * The service manager will now maintain a counter of soft reboot cycles
>           the system went through. It may be queried via the D-Bus APIs.
>
>         * systemd's execution logic now supports the new pidfd_spawn() API
>           introduced by glibc 2.39, which allows us to invoke a subprocess in a
>           target cgroup and get a pidfd back in a single operation.
>
>         * systemd/PID 1 will now send an additional sd_notify() message to its
>           supervising VMM or container manager reporting the selected hostname
>           ("X_SYSTEMD_HOSTNAME=") and machine ID ("X_SYSTEMD_MACHINE_ID=") at
>           boot. Moreover, the service manager will send additional sd_notify()
>           messages ("X_SYSTEMD_UNIT_ACTIVE=") whenever a target unit is
>           reached. This can be used by VMMs/container managers to schedule
>           access to the system precisely. For example, the moment a system
>           reports "ssh-access.target" being reached a VMM/container manager
>           knows it can now connect to the system via SSH. Finally, a new
>           sd_notify() message ("X_SYSTEMD_SIGNALS_LEVEL=2") is sent the moment
>           PID 1 has successfully completed installation of its various UNIX
>           process signal handlers (i.e. the moment where SIGRTMIN+4 sent to
>           PID 1 will start to have the effect of shutting down the system
>           cleanly). X_SYSTEMD_SHUTDOWN= is sent shortly before the system shuts
>           down, and carries a string identifying the type of shutdown,
>           i.e. "poweroff", "halt", "reboot". X_SYSTEMD_REBOOT_PARAMETER= is
>           sent at the same time and carries the string passed to "systemctl
>           --reboot-argument=" if there was one.
>
>         * New D-Bus properties ExecMainHandoffTimestamp and
>           ExecMainHandoffTimestampMonotonic are now published by services
>           units. This timestamp is taken as the very last operation before
>           handing off control to invoked binaries. This information is
>           available for other unit types that fork off processes (i.e. mount,
>           swap, socket units), but currently only via "systemd-analyze dump".
>
>         * An additional timestamp is now taken by the service manager when a
>           system shutdown operation is initiated. It can be queried via D-Bus
>           during the shutdown phase. It's passed to the following service
>           manager invocation on soft reboots, which will then use it to log the
>           overall "grey-out" time of the soft reboot operation, i.e. the time
>           when the shutdown began until the system is fully up again.
>
>         * "systemctl status" will now display the invocation ID in its usual
>           output, i.e. the 128bit ID uniquely assigned to the current runtime
>           cycle of the unit. The ID has been supported for a long time, but is
>           now more prominently displayed, as it is a very useful handle to a
>           specific invocation of a service.
>
>         * systemd now generates a new "taint" string "unmerged-bin" for systems
>           that have /usr/bin/ and /usr/sbin/ separate. It's generally
>           recommended to make the latter a symlink to the former these days.
>
>         * A new systemd.crash_action= kernel command line option has been added
>           that configures what to do after the system manager (PID 1) crashes.
>           This can also be configured through CrashAction= in systemd.conf.
>
>         * "systemctl kill" now supports --wait which will make the command wait
>           until the signalled services terminate.
>
>         Journal:
>
>         * systemd-journald can now forward journal entries to a socket
>           (AF_INET, AF_INET6, AF_UNIX, or AF_VSOCK). The socket can be
>           specified in journald.conf via a new option ForwardToSocket= or via
>           the 'journald.forward_to_socket' credential. Log records are sent in
>           the Journal Export Format. A related setting MaxLevelSocket= has been
>           added to control the maximum log levels for the messages sent to this
>           socket.
>
>         * systemd-journald now also reads the journal.storage credential when
>           determining where to store journal files.
>
>         * systemd-vmspawn gained a new --forward-journal= option to forward the
>           virtual machine's journal entries to the host. This is done over a
>           AF_VSOCK socket, i.e. it does not require networking in the guest.
>
>         * journalctl gained option '-i' as a shortcut for --file=.
>
>         * journalctl gained a new -T/--exclude-identifier= option to filter
>           out certain syslog identifiers.
>
>         * journalctl gained a new --list-namespaces option.
>
>         * systemd-journal-remote now also accepts AF_VSOCK and AF_UNIX sockets
>           (so it can be used to receive entries forwarded by systemd-journald).
>
>         * systemd-journal-gatewayd allows restricting the time range of
>           retrieved entries with a new "realtime=[<since>]:[<until>]" URL
>           parameter.
>
>         * systemd-cat gained a new option --namespace= to specify the target
>           journal namespace to which the output shall be connected.
>
>         * systemd-bsod gained a new option --tty= to specify the output TTY
>
>         Device Management:
>
>         * /dev/ now contains symlinks that combine by-path and by-{label,uuid}
>           information:
>
>               /dev/disk/by-path/<path>/by-<label|uuid|…>/<label|uuid|…>
>
>           This allows distinguishing partitions with identical contents on
>           multiple storage devices. This is useful, for example, when copying
>           raw disk contents between devices.
>
>         * systemd-udevd now creates persistent /dev/media/by-path/ symlinks for
>           media controllers. For example, the uvcvideo driver may create
>           /dev/media0 which will be linked as
>           /dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller.
>
>         * A new unit systemd-udev-load-credentials.service has been added
>           to pick up udev.conf drop-ins and udev rules from credentials.
>
>         * An allowlist/denylist may be specified to filter which sysfs
>           attributes are used when crafting network interface names. Those
>           lists are stored as hwdb entries
>             ID_NET_NAME_ALLOW_<sysfsattr>=0|1
>           and
>             ID_NET_NAME_ALLOW=0|1.
>
>           The goal is to avoid unexpected changes to interface names when the
>           kernel is updated and new sysfs attributes become visible.
>
>         * A new unit tpm2.target has been added to provide a synchronization
>           point for units which expect the TPM hardware to be available. A new
>           generator "systemd-tpm2-generator" has been added that will insert
>           this target whenever it detects that the firmware has initialized a
>           TPM, but Linux hasn't loaded a driver for it yet.
>
>         * systemd-backlight now properly supports numbered devices which the
>           kernel creates to avoid collisions in the leds subsystem.
>
>         * systemd-hwdb update operation can be disabled with a new environment
>           variable SYSTEMD_HWDB_UPDATE_BYPASS=1.
>
>         systemd-hostnamed:
>
>         * systemd-hostnamed now exposes the machine ID and boot ID via
>           D-Bus. It also exposes the hosts AF_VSOCK CID, if available.
>
>         * systemd-hostnamed now provides a basic Varlink interface.
>
>         * systemd-hostnamed exports the full data in os-release(5) and
>           machine-info(5) via D-Bus and Varlink.
>
>         * hostnamectl now shows the system's product UUID and hardware serial
>           number if known.
>
>         Network Management:
>
>         * systemd-networkd now provides a basic Varlink interface.
>
>         * systemd-networkd's ARP proxy support gained a new option to configure
>           a private VLAN variant of the proxy ARP supported by the kernel under
>           the name IPv4ProxyARPPrivateVLAN=.
>
>         * systemd-networkd now exports the NamespaceId and NamespaceNSID
>           properties via D-Bus and Varlink. (which expose the inode and NSID of
>           the network namespace the networkd instance manages)
>
>         * systemd-networkd now supports IPv6RetransmissionTimeSec= and
>           UseRetransmissionTime= settings in .network files to configure
>           retransmission time for IPv6 neighbor solicitation messages.
>
>         * networkctl gained new verbs 'mask' and 'unmask' for masking networkd
>           configuration files such as .network files.
>
>         * 'networkctl edit --runtime' allows editing volatile configuration
>           under /run/systemd/network/.
>
>         * The implementation behind TTLPropagate= network setting has been
>           removed and the setting is now ignored.
>
>         * systemd-network-generator will now pick up .netdev/.link/.network/
>           networkd.conf configuration from system credentials.
>
>         * systemd-networkd will now pick up wireguard secrets from
>           credentials.
>
>         * systemd-networkd's Varlink API now supports enumerating LLDP peers.
>
>         * .link files now support new Property=, ImportProperty=,
>           UnsetProperty= fields for setting udev properties on a link.
>
>         * The various .link files that systemd ships for interfaces that are
>           supposed to be managed by systemd-networkd only now carry a
>           ID_NET_MANAGED_BY=io.systemd.Network udev property ensuring that
>           other network management solutions honouring this udev property do
>           not come into conflict with networkd, trying to manage these
>           interfaces.
>
>         * .link files now support a new ReceivePacketSteeringCPUMask= setting
>           for configuring which CPUs to steer incoming packets to.
>
>         * The [Network] section in .network files gained a new setting
>           UseDomains=, which is a single generic knob for controlling the
>           settings of the same name in the [DHCPv4], [DHCPv6] and
>           [IPv6AcceptRA].
>
>         * The 99-default.link file we ship by default (that defines the policy
>           for all network devices to which no other .link file applies) now
>           lists "mac" among AlternativeNamesPolicy=. This means that network
>           interfaces will now by default gain an additional MAC-address based
>           alternative device name. (i.e. enx…)
>
>         systemd-nspawn:
>
>         * systemd-nspawn now provides a /run/systemd/nspawn/unix-export/
>           directory where the container payload can expose AF_UNIX sockets to
>           allow them to be accessed from outside.
>
>         * systemd-nspawn will tint the terminal background for containers in a
>           blueish color. This can be controller with the new --background=
>           switch or the new $SYSTEMD_TINT_BACKGROUND environment variable.
>
>         * systemd-nspawn gained support for the 'owneridmap' option for --bind=
>           mounts to map the target directory owner from inside the container to
>           the owner of the directory bound from the host filesystem.
>
>         * systemd-nspawn now supports moving Wi-Fi network devices into a
>           container, just like other network interfaces.
>
>         systemd-resolved:
>
>         * systemd-resolved now reads RFC 8914 EDE error codes provided by
>           upstream DNS services.
>
>         * systemd-resolved and resolvectl now support RFC 9460 SVCB and HTTPS
>           records, as well as RFC 2915 NAPTR records.
>
>         * resolvectl gained a new option --relax-single-label= to allow
>           querying single-label hostnames via unicast DNS on a per-query basis.
>
>         * systemd-resolved's Varlink IPC interface now supports resolving
>           DNS-SD services as well as an API for resolving raw DNS RRs.
>
>         * systemd-resolved's .dnssd DNS_SD service description files now
>           support DNS-SD "subtypes" via the new SubType= setting.
>
>         * systemd-resolved's configuration may now be reloaded without
>           restarting the service. (i.e. "systemctl reload systemd-resolved" is
>           now supported)
>
>         SSH Integration:
>
>         * An sshd config drop-in to allow ssh keys acquired via userdbctl (for
>           example expose by homed accounts) to be used for authorization of
>           incoming SSH connections.
>
>         * A small new unit generator "systemd-ssh-generator" has been added. It
>           checks if the sshd binary is installed. If so, it binds it via
>           per-connection socket activation to various sockets depending on the
>           execution context:
>
>             • If the system is run in a VM providing AF_VSOCK support, it
>               automatically binds sshd to AF_VSOCK port 22.
>
>             • If the system is invoked as a full-OS container and the container
>               manager pre-mounts a directory /run/host/unix-export/, it will
>               bind sshd to an AF_UNIX socket /run/host/unix-export/ssh. The
>               idea is the container manager bind mounts the directory to an
>               appropriate place on the host as well, so that the AF_UNIX socket
>               may be used to easily connect from the host to the container.
>
>             • sshd is also bound to an AF_UNIX socket
>               /run/ssh-unix-local/socket, which may be to use ssh/sftp in a
>               "sudo"-like fashion to access resources of other local users.
>
>             • Via the kernel command line option "systemd.ssh_listen=" and the
>               system credential "ssh.listen" sshd may be bound to additional,
>               explicitly configured options, including AF_INET/AF_INET6 ports.
>
>           In particular the first two mechanisms should make dealing with local
>           VMs and full OS containers a lot easier, as SSH connections will
>           *just* *work* from the host – even if no networking is available
>           whatsoever.
>
>           systemd-ssh-generator optionally generates a per-connection
>           socket activation service file wrapping sshd. This is only done if
>           the distribution does not provide one on its own under the name
>           "sshd at .service". The generated unit only works correctly if the SSH
>           privilege separation ("privsep") directory exists. Unfortunately
>           distributions vary wildly where they place this directory. An
>           incomprehensive list:
>
>             • /usr/share/empty.sshd/  (new fedora)
>             • /var/empty/
>             • /var/empty/sshd/
>             • /run/sshd/              (debian/ubuntu?)
>
>           If the SSH privsep directory is placed below /var/ or /run/ care
>           needs to be taken that the directory is created automatically at boot
>           if needed, since these directories possibly or always come up
>           empty. This can be done via a tmpfiles.d/ drop-in. You may use the
>           "sshdprivsepdir" meson option provided by systemd to configure the
>           directory, in case you want systemd to create the directory as needed
>           automatically, if your distribution does not cover this natively.
>
>           Recommendations to distributions, in order to make things just work:
>
>             • Please provide a per-connection SSH service file under the name
>               "sshd at .service".
>
>             • Please move the SSH privsep dir into /usr/ (so that it is truly
>               immutable on image-based operating systems, is strictly under
>               package manager control, and never requires recreation if the
>               system boots up with an empty /run/ or /var/).
>
>             • As an extension of this: please consider following Fedora's lead
>               here, and use /usr/share/empty.sshd/ to minimize needless
>               differences between distributions.
>
>             • If your distribution insists on placing the directory in /var/ or
>               /run/ then please at least provide a tmpfiles.d/ drop-in to
>               recreate it automatically at boot, so that the sshd binary just
>               works, regardless in which context it is called.
>
>         * A small tool "systemd-ssh-proxy" has been added, which is supposed to
>           act as counterpart to "systemd-ssh-generator". It's a small plug-in
>           for the SSH client (via ProxyCommand/ProxyUseFdpass) to allow it to
>           connect to AF_VSOCK or AF_UNIX sockets. Example: "ssh vsock/4711"
>           connects to a local VM with cid 4711, or "ssh
>           unix/run/ssh-unix-local/socket" to connect to the local host via the
>           AF_UNIX socket /run/ssh-unix-local/socket.
>
>         systemd-boot and systemd-stub and Related Tools:
>
>         * TPM 1.2 PCR measurement support has been removed from systemd-stub.
>           TPM 1.2 is obsolete and – due to the (by today's standards) weak
>           cryptographic algorithms it only supports – does not actually provide
>           the security benefits it's supposed to provide. Given that the rest
>           of systemd's codebase never supported TPM 1.2, the support has now
>           been removed from systemd-stub as well.
>
>         * systemd-stub will now measure its payload via the new EFI
>           Confidential Computing APIs (CC), in addition to the pre-existing
>           measurements to TPM.
>
>         * confexts are loaded by systemd-stub from the ESP as well.
>
>         * kernel-install gained support for --root= for the 'list' verb.
>
>         * bootctl now provides a basic Varlink interface and can be run as a
>           daemon via a template unit.
>
>         * systemd-measure gained new options --certificate=, --private-key=,
>           and --private-key-source= to allow using OpenSSL's "engines" or
>           "providers" as the signing mechanism to use when creating signed
>           TPM2 PCR measurement values.
>
>         * ukify gained support for signing of PCR signatures via OpenSSL's
>           engines and providers.
>
>         * ukify now supports zboot kernels.
>
>         * systemd-boot now supports passing additional kernel command line
>           switches to invoked kernels via an SMBIOS Type #11 string
>           "io.systemd.boot.kernel-cmdline-extra". This is similar to the
>           pre-existing support for this in systemd-stub, but also applies to
>           Type #1 Boot Loader Specification Entries.
>
>         * systemd-boot's automatic SecureBoot enrollment support gained support
>           for enrolling "dbx" too (Previously, only db/KEK/PK enrollment was
>           supported). It also now supports UEFI "Custom" and "Audit" modes.
>
>         * The pcrlock policy is saved in an unencrypted credential file
>           "pcrlock.<entry-token>.cred" under XBOOTLDR/ESP in the
>           /loader/credentials/ directory. It will be picked up at boot by
>           systemd-stub and passed to the initrd, where it can be used to unlock
>           the root file system.
>
>         * systemd-pcrlock gained an --entry-token= option to configure the
>           entry-token.
>
>         * systemd-pcrlock now provides a basic Varlink interface and can be run
>           as a daemon via a template unit.
>
>         * systemd-pcrlock's TPM nvindex access policy has been modified, this
>           means that previous pcrlock policies stored in nvindexes are
>           invalidated. They must be removed (systemd-pcrlock remove-policy) and
>           recreated (systemd-pcrlock make-policy). For the time being
>           systemd-pcrlock remains an experimental feature, but it is expected
>           to become stable in the next release, i.e. v257.
>
>         * systemd-pcrlock's --recovery-pin= switch now takes three values:
>           "hide", "show", "query". If "show" is selected the automatically
>           generated recovery PIN is shown to the user. If "query" is selected
>           then the PIN is queried from the user.
>
>         * sd-stub gained support for the new ".ucode" PE section in UKIs, that
>           may contain CPU microcode data. When control is handed over to the
>           Linux kernel this data is prepended to the set of initrds passed.
>
>         systemd-run/run0:
>
>         * systemd-run is now a multi-call binary. When invoked as 'run0', it
>           provides as interface similar to 'sudo', with all arguments starting
>           at the first non-option parameter being treated the command to invoke
>           as root. Unlike 'sudo' and similar tools, it does not make use of
>           setuid binaries or other privilege escalation methods, but instead
>           runs the specified command as a transient unit, which is started by
>           the system service manager, so privileges are dropped, rather than
>           gained, thus implementing a much more robust and safe security
>           model. As usual, authorization is managed via Polkit.
>
>         * systemd-run/run0 will now tint the terminal background on supported
>           terminals: in a reddish tone when invoking a root service, in a
>           yellowish tone otherwise. This may be controlled and turned off via
>           the new --background= switch or the new $SYSTEMD_TINT_BACKGROUND
>           environment variable.
>
>         * systemd-run gained a new option '--ignore-failure' to suppress
>           command failures.
>
>         Command-line tools:
>
>         * 'systemctl edit --stdin' allows creation of unit files and drop-ins
>           with contents supplied via standard input. This is useful when creating
>           configuration programmatically; the tool takes care of figuring out
>           the file name, creating any directories, and reloading the manager
>           afterwards.
>
>         * 'systemctl disable --now' and 'systemctl mask --now' now work
>           correctly with template units.
>
>         * 'systemd-analyze architectures' lists known CPU architectures.
>
>         * 'systemd-analyze --json=…' is supported for 'architectures',
>           'capability', 'exit-status'.
>
>         * 'systemd-tmpfiles --purge' will purge (remove) all files and
>           directories created via tmpfiles.d configuration.
>
>         * systemd-id128 gained new options --no-pager, --no-legend, and
>           -j/--json=.
>
>         * hostnamectl gained '-j' as shortcut for '--json=pretty' or
>           '--json=short'.
>
>         * loginctl now supports -j/--json=.
>
>         * resolvectl now supports -j/--json= for --type=.
>
>         * systemd-tmpfiles gained a new option --dry-run to print what would be
>           done without actually taking action.
>
>         * varlinkctl gained a new --collect switch to collect all responses of
>           a method call that supports multiple replies and turns it into a
>           single JSON array.
>
>         * systemd-dissect gained a new --make-archive option to generate an
>           archive file (tar.gz and similar) from a disk image.
>
>         systemd-vmspawn:
>
>         * systemd-vmspawn gained a new --firmware= option to configure or list
>           firmware definitions for Qemu, a new --tpm= option to enable or
>           disable the use of a software TPM, a new --linux= option to specify a
>           kernel binary for direct kernel boot, a new --initrd= option to
>           specify an initrd for direct kernel boot, a new -D/--directory option
>           to use a plain directory as the root file system, a new
>           --private-users option similar to the one in systemd-nspawn, new
>           options --bind= and --bind-ro= to bind part of the host's file system
>           hierarchy into the guest, a new --extra-drive= option to attach
>           additional storage, and -n/--network-tap/--network-user-mode to
>           configure networking.
>
>         * A new systemd-vmspawn at .service can be used to launch systemd-vmspawn
>           as a service.
>
>         * systemd-vmspawn gained the new --console= and --background= switches
>           that control how to interact with the VM. As before, by default an
>           interactive terminal interface is provided, but now with a background
>           tinted with a greenish hue.
>
>         * systemd-vmspawn can now register its VMs with systemd-machined,
>           controlled via the --register= switch.
>
>         * machinectl's start command (and related) can now invoke images either
>           as containers via `systemd-nspawn` (switch is --runner=nspawn, the
>           default) or as VMs via `systemd-vmspawn` (switch is --runner=vmspawn,
>           or short -V).
>
>         * systemd-vmspawn now supports two switches --pass-ssh-key= and
>           --ssh-key-type= to optionally set up transient SSH keys to pass to the
>           invoked VMs in order to be able to SSH into them once booted.
>
>         * systemd-vmspawn will now enable various "HyperV enlightenments" and
>           the "VM Generation ID" on the VMs.
>
>         * A new environment variable $SYSTEMD_VMSPAWN_QEMU_EXTRA may carry
>           additional qemu command line options to pass to qemu.
>
>         * systemd-machined gained a new GetMachineSSHInfo() D-Bus method that is
>           used by systemd-vmspawn to fetch the information needed to ssh into the
>           machine.
>
>         * systemd-machined gained a new Varlink interface that is used by
>           systemd-vmspawn to register machines with additional information and
>           metadata.
>
>         systemd-repart:
>
>         * systemd-repart gained new options --generate-fstab= and
>           --generate-crypttab= to write out fstab and crypttab files matching the
>           generated partitions.
>
>         * systemd-repart gained a new option --private-key-source= to allow
>           using OpenSSL's "engines" or "providers" as the signing mechanism to
>           use when creating verity signature partitions.
>
>         * systemd-repart gained a new DefaultSubvolume= setting in repart.d/
>           drop-ins that allow configuring the default btrfs subvolume for newly
>           formatted btrfs file systems.
>
>         Libraries:
>
>         * libsystemd gained new call sd_bus_creds_new_from_pidfd() to get a
>           credentials object for a pidfd and sd_bus_creds_get_pidfd_dup() to
>           retrieve the pidfd from a credentials object.
>
>         * sd-bus' credentials logic will now also acquire peer's UNIX group
>           lists and peer's pidfd if supported and requested.
>
>         * RPM macro %_kernel_install_dir has been added with the path
>           to the directory for kernel-install plugins.
>
>         * The liblz4, libzstd, liblzma, libkmod, libgcrypt dependencies have
>           been changed from regular shared library dependencies into dlopen()
>           based ones.
>
>           Note that this means that those libraries might not be automatically
>           pulled in when ELF dependencies are resolved. In particular lack of
>           libkmod might cause problems with boot. This affects dracut <= 101,
>           see https://github.com/dracut-ng/dracut-ng/commit/04b362d713235459cf.
>
>         * systemd ELF binaries that use libraries via dlopen() are now built with
>           a new ELF header note section, following a new specification defined at
>           docs/ELF_DLOPEN_METADATA.md, that provides information about which
>           sonames are loaded and used if found at runtime. This allows tools and
>           packagers to programmatically discover the list of optional
>           dependencies used by all systemd ELF binaries. A parser with packaging
>           integration tools is available at
>           https://github.com/systemd/package-notes
>
>         * The sd-journal API gained a new call
>           sd_journal_stream_fd_with_namespace() which is just like
>           sd_journal_stream_fd() but creates a log stream targeted at a
>           specific log namespace.
>
>         * The sd-id128 API gained a new API call
>           sd_id128_get_invocation_app_specific() for acquiring an app-specific
>           ID that is derived from the service invocation ID.
>
>         * The sd-event API gained a new API call
>           sd_event_source_get_inotify_path() that returns the file system path
>           an inotify event source was created for.
>
>         systemd-cryptsetup/systemd-cryptenroll:
>
>         * The device node argument to systemd-cryptenroll is now optional. If
>           omitted it will be derived automatically from the backing block
>           device of /var/ (which quite likely is the same as the root file
>           system, hence effectively means if you don't specify things otherwise
>           the tool will now default to enrolling a key into the root file
>           system's LUKS device).
>
>         * systemd-cryptenroll can now enroll directly with a PKCS11 public key
>           (instead of a certificate).
>
>         * systemd-cryptsetup/systemd-cryptenroll now may lock a disk against a
>           PKCS#11 provided EC key (before it only supported RSA).
>
>         * systemd-cryptsetup gained support for crypttab option
>           link-volume-key= to link the volume key into the kernel keyring when
>           the volume is opened.
>
>         * systemd-cryptenroll will no longer enable Dictionary Attack
>           Protection (i.e. turn on NO_DA) for TPM enrollments that do not
>           involve a PIN. DA should not be necessary in that case (since key
>           entropy is high enough to make this unnecessary), but risks
>           accidental lock-out in case of unexpected PCR changes.
>
>         * systemd-cryptenroll now supports enrolling a new slot while unlocking
>           the old slot via TPM2 (previously unlocking only worked via password
>           or FIDO2).
>
>         Documentation:
>
>         * The remaining documentation that was on
>           https://freedesktop.org/wiki/Software/systemd/ has been moved to
>           https://systemd.io/.
>
>         * A new text describing the VM integration interfaces of systemd has
>           been added:
>
>           https://systemd.io/VM_INTERFACE
>
>         * The sd_notify() man page has gained examples with C and Python code
>           that shows how to implement the interface in those languages without
>           involving libsystemd.
>
>         systemd-homed, systemd-logind, systemd-userdbd:
>
>         * systemd-homed now supports unlocking of home directories when logging
>           in via SSH. Previously home directories needed to be unlocked before
>           an SSH login is attempted.
>
>         * JSON User Records have been extended with a separate public storage
>           area called "User Record Blob Directories". This is intended to store
>           the user's background image, avatar picture, and other similar items
>           which are too large to fit into the User Record itself.
>
>           systemd-homed, userdbctl, and homectl gained support for blob
>           directories. homectl gained --avatar= and --login-background= to
>           control two specific items of the blob directories.
>
>         * A new "additionalLanguages" field has been added to JSON user records
>           (as supported by systemd-homed and systemd-userdbd), which is closely
>           related to the pre-existing "preferredLanguage", and allows
>           specifying multiple additional languages for the user account. It is
>           used to initialize the $LANGUAGES environment variable when used.
>
>         * A new pair of "preferredSessionType" and "preferredSessionLauncher"
>           fields have been added to JSON user records, that may be used to
>           control which kind of desktop session to preferable activate on
>           logins of the user.
>
>         * homectl gained a new verb 'firstboot', and a new
>           systemd-homed-firstboot.service unit uses this verb to create users
>           in a first boot environment, either from system credentials or by
>           querying interactively.
>
>         * systemd-logind now supports a new "background-light" session class
>           which does not pull in the user at .service unit. This is intended in
>           particular for lighter weight per-user cron jobs which do require any
>           per-user service manager to be around.
>
>         * The per-user service manager will now be tracked as a distinct "manager"
>           session type among logind sessions of each user.
>
>         * homectl now supports an --offline mode, by which certain account
>           properties can be changed without unlocking the home directory.
>
>         * systemd-logind gained a new
>           org.freedesktop.login1.Manager.ListSessionsEx() method that provides
>           additional metadata compared to ListSessions(). loginctl makes use of
>           this to list additional fields in list-sessions.
>
>         * systemd-logind gained a new org.freedesktop.login1.Manager.Sleep()
>           method that automatically redirects to SuspendThenHibernate(),
>           Suspend(), HybridSleep(), or Hibernate(), depending on what is
>           supported and configured, a new configuration setting SleepOperation=,
>           and an accompanying helper method
>           org.freedesktop.login1.Manager.CanSleep() and property
>           org.freedesktop.login1.Manager.SleepOperation.
>
>           'systemctl sleep' calls the new method to automatically put the
>           machine to sleep in the most appropriate way.
>
>         Credential Management:
>
>         * systemd-creds now provides a Varlink IPC API for encrypting and
>           decrypting credentials.
>
>         * systemd-creds' "tpm2-absent" key selection has been renamed to
>           "null", since that's what it actually does: "encrypt" and "sign"
>           with a fixed null key. --with-key=null should only be used in very
>           specific cases, as it provides zero integrity or confidentiality
>           protections. (i.e. it's only safe to use as fallback in environments
>           lacking both a TPM and access to the root fs to use the host
>           encryption key, or when integrity is provided some other way.)
>
>         * systemd-creds gained a new switch --allow-null. If specified, the
>           "decrypt" verb will decode encrypted credentials that use the "null"
>           key (by default this is refused, since using the "null" key defeats
>           the authenticated encryption normally done).
>
>         Suspend & Hibernate:
>
>         * The sleep.conf configuration file gained a new MemorySleepMode=
>           setting for configuring the sleep mode in more detail.
>
>         * A tiny new service systemd-hibernate-clear.service has been added
>           which clears hibernation information from the HibernateLocation EFI
>           variable, in case the resume device is gone. Normally, this variable
>           is supposed to be cleaned up by the code that initiates the resume
>           from hibernation image. But when the device is missing and that code
>           doesn't run, this service will now do the necessary work, ensuring
>           that no outdated hibernation image information remains on subsequent
>           boots.
>
>         Unprivileged User Namespaces & Mounts:
>
>         * A small new service systemd-nsresourced.service has been added. It
>           provides a Varlink IPC API that assigns a free, transiently allocated
>           64K UID/GID range to an uninitialized user namespace a client
>           provides. It may be used to implement unprivileged container managers
>           and other programs that need dynamic user ID ranges. It also provides
>           interfaces to then delegate mount file descriptors, control groups
>           and network interfaces to user namespaces set up this way.
>
>         * A small new service systemd-mountfsd.service has been added. It
>           provides a Varlink IPC API for mounting DDI images, and returning a set
>           of mount file descriptors for it. If a user namespace fd is provided
>           as input, then the mounts are registered with the user namespace. To
>           ensure trust in the image it must provide Verity information (or
>           alternatively interactive polkit authentication is required).
>
>         * The systemd-dissect tool now can access DDIs fully unprivileged by
>           using systemd-nsresourced/systemd-mountfsd.
>
>         * If the service manager runs unprivileged (i.e. systemd --user) it now
>           supports RootImage= for accessing DDI images, also implemented via
>           the systemd-nsresourced/systemd-mountfsd.
>
>         * systemd-nspawn may now operate without privileges, if a suitable DDI
>           is provided via --image=, again implemented via
>           systemd-nsresourced/systemd-mountfsd.
>
>         Other:
>
>         * timedatectl and machinectl gained option '-P', an alias for
>           '--value --property=…'.
>
>         * Various tools that pretty-print config files will now highlight
>           configuration directives.
>
>         * varlinkctl gained support for the "ssh:" transport. This requires
>           OpenSSH 9.4 or newer.
>
>         * systemd-sysext gained support for enabling system extensions in
>           mutable fashion, where a writeable upperdir is stored under
>           /var/lib/extensions.mutable/, and a new --mutable= option to
>           configure this behaviour. An "ephemeral" mode is not also supported
>           where the mutable layer is configured to be a tmpfs that is
>           automatically released when the system extensions are reattached.
>
>         * Coredumps are now retained for two weeks by default (instead of three
>           days, as before).
>
>         * portablectl --copy= parameter gained a new 'mixed' argument, that will
>           result in resources owned by the OS (e.g.: portable profiles) to be linked
>           but resources owned by the portable image (e.g.: the unit files and the
>           images themselves) to be copied.
>
>         * systemd will now register MIME types for various of its file types
>           (e.g. journal files, DDIs, encrypted credentials …) via the XDG
>           shared-mime-info infrastructure. (Files of these types will thus be
>           recognized as their own thing in desktop file managers such as GNOME
>           Files.)
>
>         * systemd-dissect will now show the detected sector size of a given DDI
>           in its default output.
>
>         * systemd-portabled now generates recognizable structured log messages
>           whenever a portable service is attached or detached.
>
>         * Verity signature checking in userspace (i.e. checking against
>           /etc/verity.d/ keys) when activating DDIs can now be turned on/off
>           via a kernel command line option systemd.allow_userspace_verity= and
>           an environment variable SYSTEMD_ALLOW_USERSPACE_VERITY=.
>
>         * ext4/xfs file system quota handling has been reworked, so that
>           quotacheck and quotaon are now invoked as per-file-system templated
>           services (as opposed to single system-wide singletons), similar in
>           style to the fsck, growfs, pcrfs logic. This means file systems with
>           quota enabled can now be reasonably enabled at runtime of the system,
>           not just at boot.
>
>         * "systemd-analyze dot" will now also show BindsTo= dependencies.
>
>         * systemd-debug-generator gained the ability add in arbitrary units
>           based on them being passed in via system credentials.
>
>         * A new kernel command-line option systemd.default_debug_tty= can be
>           used to specify the TTY for the debug shell, independently of
>           enabling or disabling it.
>
>         * portablectl gained a new --clean switch that clears a portable
>           service's data (cache, logs, state, runtime, fdstore) when detaching
>           it.
>
>         Contributions from: A S Alam, AKHIL KUMAR,
>         Abraham Samuel Adekunle, Adrian Vovk, Adrian Wannenmacher,
>         Alan Liang, Alberto Planas, Alexander Zavyalov, Anders Jonsson,
>         Andika Triwidada, Andres Beltran, Andrew Sayers,
>         Antonio Alvarez Feijoo, Arian van Putten, Arthur Zamarin,
>         Artur Pak, AtariDreams, Benjamin Franzke, Bernhard M. Wiedemann,
>         Black-Hole1, Bryan Jacobs, Burak Gerz, Carlos Garnacho,
>         Chandra Pratap, Chris Hofstaedtler, Chris Packham, Chris Simons,
>         Christian Göttsche, Christian Wesselhoeft, Clayton Craft,
>         Colin Geniet, Colin Walters, Colin Watson, Costa Tsaousis,
>         Cristian Rodríguez, Daan De Meyer, Damien Challet, Dan Streetman,
>         Daniel Winzen, Daniele Medri, David Seifert, David Tardon,
>         David Venhoek, Diego Viola, Dionna Amalie Glaze,
>         Dmitry Konishchev, Dmitry V. Levin, Edson Juliano Drosdeck,
>         Eisuke Kawashima, Eli Schwartz, Emanuele Giuseppe Esposito,
>         Eric Daigle, Evgeny Vereshchagin, Felix Riemann,
>         Fernando Fernandez Mancera, Florian Fainelli, Florian Schmaus,
>         Franck Bui, Frantisek Sumsal, Friedrich Altheide,
>         Gabríel Arthúr Pétursson, Gaël Donval, Georges Basile Stavracas Neto,
>         Gerd Hoffmann, GNOME Foundation, Guido Leenders,
>         Guilhem Lettron, Göran Uddeborg, Hans de Goede, Harald Brinkmann,
>         Heinrich Schuchardt, Helmut Grohne, Henry Li, Heran Yang,
>         Holger Assmann, Ivan Kruglov, Ivan Shapovalov, Jakub Sitnicki,
>         James Muir, Jan Engelhardt, Jan Macku, Jarne Förster, Jeff King,
>         Jian-Hong Pan, JmbFountain, Joakim Nohlgård, Jonathan Conder,
>         Julius Alexandre, Jörg Behrmann, Kai Lueke, Kamil Szczęk,
>         KayJay7, Keian, Kirk, Kristian Klausen, Krzesimir Nowak,
>         Lain "Fearyncess" Yang, Lars Ellenberg, Lennart Poettering,
>         Leonard, Luca Boccassi, Lucas Salles, Ludwig Nussel,
>         Lukáš Nykrýn, Luna Jernberg, Luxiter, Maanya Goenka,
>         Maciej S. Szmigiero, Mariano Giménez, Markus Merklinger,
>         Martin Ivicic, Martin Srebotnjak, Martin Trigaux, Martin Wilck,
>         Mathias Lang, Matt Layher, Matt Muggeridge, Matteo Croce,
>         Matthias Lisin, Max Gautier, Max Staudt, MaxHearnden,
>         Michael Biebl, Michal Koutný, Michal Sekletár, Michał Kopeć,
>         Mike Gilbert, Mike Yuan, Mikko Ylinen, MkfsSion, Moritz Sanft,
>         MrSmör, Nandakumar Raghavan, Nicholas Little, Nick Cao,
>         Nick Rosbrook, Nicolas Bouchinet, Norbert Lange,
>         Ole Peder Brandtzæg, Ondrej Kozina, Oğuz Ersen,
>         Pablo Méndez Hernández, Pierre GRASSER, Piotr Drąg, QuonXF,
>         Radoslav Kolev, Rafaël Kooi, Raito Bezarius, Rasmus Villemoes,
>         Reid Wahl, Renjaya Raga Zenta, Richard Maw, Roland Hieber,
>         Ronan Pigott, Rose, Ross Burton, Saliba-san, Sam Leonard,
>         Samuel BF, Sarvajith Adyanthaya, Scrambled 777,
>         Sebastian Pucilowski, Sergei Zhmylev, Sergey A, Shulhan,
>         SidhuRupinder, Simon Fowler, Skia, Sludge, Stuart Hayhurst,
>         Susant Sahani, Takashi Sakamoto, Temuri Doghonadze, Thayne McCombs,
>         Thilo Fromm, Thomas Blume, Tiago Rocha Cunha, Timo Rothenpieler,
>         TobiPeterG, Tobias Fleig, Tomáš Pecka, Topi Miettinen,
>         Tycho Andersen, Unique-Usman, Usman Akinyemi, Vasiliy Kovalev,
>         Vasiliy Stelmachenok, Victor Berchet, Vishal Chillara Srinivas,
>         Vitaly Kuznetsov, Vito Caputo, Vladimir Stoiakin, Werner Sembach,
>         Will Springer, Winterhuman, Xiaotian Wu, Yu Watanabe,
>         Yuri Chornoivan, Zbigniew Jędrzejewski-Szmek, Zmyeir, anphir,
>         aslepykh, chenjiayi, cpackham-atlnz, cunshunxia, djantti, drewbug,
>         hanjinpeng, hfavisado, hulkoba, hydrargyrum, ksaleem, mburucuyapy,
>         medusalix, mille-feuille, mkubiak, mooo, msizanoen, networkException,
>         nl6720, r-vdp, runiq, sam-leonard-ct, samuelvw01, sharad3001, spdfnet,
>         sushmbha, wangyuhang, zeroskyx, zzywysm, İ. Ensar Gülşen,
>         Łukasz Stelmach, Štěpán Němec, 我超厉害, 김인수
>
>         — Edinburgh, 2024-06-11


More information about the systemd-devel mailing list