ProHoster > Blog > internet news > systemd system manager release 251

systemd system manager release 251

After five months of development, the release of the systemd system manager 251 is presented.

Major changes:

  • Increased system requirements. The minimum supported version of the Linux kernel has been increased from 3.13 to 4.15. It requires the CLOCK_BOOTTIME timer to work. To build, you need a compiler that supports the C11 standard and GNU extensions (the C89 standard continues to be used for header files).
  • An experimental systemd-sysupdate utility has been added to automatically detect, download and install updates using the atomic mechanism for replacing partitions, files or directories (two independent partitions/files/directories are used, one of which contains the current running resource, and the next update is installed on the other, after which sections / files / directories are swapped).
  • New internal shared library libsystemd-core- introduced .so which is installed in the /usr/lib/systemd/system directory and corresponds to the existing libsystemd-shared- .so Using the shared library libsystemd-core- .so allows you to reduce the overall installation size by reusing the binary code. The version number can be specified via the 'shared-lib-tag' option in the meson build system and allows distributions to ship multiple versions of these libraries at the same time.
  • Implemented passing $MONITOR_SERVICE_RESULT, $MONITOR_EXIT_CODE, $MONITOR_EXIT_STATUS, $MONITOR_INVOCATION_ID and $MONITOR_UNIT environment variables containing information about the monitored unit to the OnFailure/OnSuccess handlers.
  • For units, the ExtensionDirectories setting is implemented, which can be used to organize the loading of System Extension components from regular directories, rather than disk images. The contents of the system expansion directory are overlaid with OverlayFS and are used to expand the /usr/ and /opt/ directory hierarchy and add additional files at run time, even if the specified directories are mounted in read-only mode. Support for specifying a directory has also been added to the 'portablectl attach --extension=' command.
  • For units forcedly terminated by the systemd-oomd handler due to lack of memory in the system, the 'oom-kill' attribute is passed and the number of forced terminations is reflected in the 'user.oomd_ooms' attribute.
  • For units, new path specifiers %y/%Y have been added, reflecting the normalized path to the unit (with symbolic link expansion). Also added specifiers %q to substitute the value of PRETTY_HOSTNAME and %d to substitute the value of CREDENTIALS_DIRECTORY.
  • Unprivileged services started by a normal user using the "--user" flag are allowed to change the settings of RootDirectory, MountAPIVFS, ExtensionDirectories, *Capabilities*, ProtectHome, *Directory, TemporaryFileSystem, PrivateTmp, PrivateDevices, PrivateNetwork, NetworkNamespacePath, PrivateIPC, IPCNamespacePath, PrivateUsers, ProtectClock , ProtectKernelTunables, ProtectKernelModules, ProtectKernelLogs, and MountFlags. This feature is only available when user namespaces are enabled in the system.
  • The LoadCredential setting allows a directory name as an argument, in which case it attempts to load credentials from all files in the specified directory.
  • In systemctl, in the "--timestamp" parameter, it was possible to specify the "unix" flag to show the time in epochal format (the number of seconds since January 1, 1970).
  • "systemctl status" implements the "old-kernel" flag, shown if the kernel loaded in the session has an older version number than the base kernel available on the system. Also added the "unmerged-usr" flag to detect that the contents of the /bin/ and /sbin/ directories are not symlinked to /usr.
  • New environment variables have been provided for generators started by the PID 1 process $SYSTEMD_SCOPE (start from a system or user service), $SYSTEMD_IN_INITRD (start from an initrd or host environment), $SYSTEMD_FIRST_BOOT (first boot indicator), $SYSTEMD_VIRTUALIZATION (presence of virtualization or run in a container ) and $SYSTEMD_ARCHITECTURE (the architecture for which the kernel is built).
  • The PID 1 handler implements the ability to load system credentials parameters from the fw_cfg QEMU interface or by specifying the systemd.set_credential parameter on the kernel command line. The LoadCredential directive automatically searches for credentials in the /etc/credstore/, /run/credstore/ and /usr/lib/credstore/ directories if a relative path is specified as an argument. Similar behavior is applied to the LoadCredentialEncrypted directive, which additionally checks the /etc/credstore.encrypted/, /run/credstore.encrypted/, and /usr/lib/credstore.encrypted/ directories.
  • Systemd-journald has stabilized the ability to export in JSON format. Support for JSON output has been added to the "journalctl --list-boots" and "bootctl list" commands (the "--json" flag).
  • New hwdb database files have been added to udev, containing information about portable devices (PDAs, calculators, etc.) and devices used to create sound and video (DJ consoles, keypads).
  • New options added to udevadm "--prioritized-subsystem" to set the priority of following systems (used in systemd-udev-trigger.service to handle block devices and TPMs first), "--type=all", "--initialized-match" and "--initialized-nomatch" to select initialized or uninitialized devices, "udevadm info --tree" to show a tree of objects in the /sys/ hierarchy. udevadm also added new "wait" and "lock" commands to wait for a device entry to appear in the database and lock the block device during formatting or writing the partition table.
  • Added a new set of symbolic links to /dev/disk/by-diskseq/ devices to identify block devices by serial number ("diskseq").
  • Support for the "Firmware" parameter has been added to .link files in the [Match] section to match a device by string with a description of the firmware.
  • In systemd-networkd, for unicast routes configured via the [Route] section, the scope value has been changed from default to "link" to match the behavior of the "ip route" command. Added the Isolated=true|false parameter to the [Bridge] section to configure the network bridges attribute of the same name in the kernel. In the [Tunnel] section, the External parameter has been added to set the tunnel type to external (metadata collection mode). Added the BootServerName, BootServerAddress, and BootFilename parameters to the [DHCPServer] section to configure the server address, server name, and boot file name sent by the DHCP server when booting in PXE mode. In the [Network] section, the L2TP parameter has been removed, instead of which in .netdev files you can use the new Local setting in relation to the L2TP interface.
  • Added new unit "systemd-networkd-wait-online@ .service" which can be used to wait for a specific network interface to come up.
  • Implemented the ability to use .netdev files to create virtual WLAN devices for the configuration of which the [WLAN] section is proposed.
  • In .link/.network files, the [Match] section implements the Kind parameter for matching by device type ("bond", "bridge", "gre", "tun", "veth").
  • Ensured that systemd-resolved is started earlier in the boot process, including starting from initrd when systemd-resolved is present in the initrd image.
  • Added --fido2-credential-algorithm option to systemd-cryptenroll to select credential encryption algorithm and --tpm2-with-pin option to control PIN entry when unlocking a partition using TPM. A similar option tpm2-pin has been added to /etc/crypttab. When unlocking devices through TPM, the settings are encrypted to protect against interception of encryption keys.
  • Added D-Bus API to systemd-timesyncd to dynamically retrieve information from an NTP server via IPC.
  • To determine the need for color output in all commands, the COLORTERM environment variable is checked in addition to the previously checked NO_COLOR, SYSTEMD_COLORS and TERM.
  • The Meson build system implements the install_tag option for custom builds and installation of required components: pam, nss, devel (pkg-config), systemd-boot, libsystemd, libudev. Added default-compression build option to select compression algorithm for systemd-journald and systemd-coredump.
  • An experimental "reboot-for-bitlocker" setting has been added to sd-boot in loader.conf to boot Microsoft Windows with BitLocker TPM.

Source: opennet.ru

Add a comment