ProHoster > Блог > labaran intanet > Systemd System Manager release 250

Systemd System Manager release 250

Bayan watanni biyar na ci gaba, an gabatar da sakin mai sarrafa tsarin systemd 250. Sabon saki ya gabatar da ikon adana takardun shaida a cikin nau'i mai rufaffiyar, aiwatar da tabbatar da ɓangarorin GPT da aka gano ta atomatik ta amfani da sa hannu na dijital, ingantaccen bayani game da abubuwan da ke haifar da jinkiri lokacin da farawa sabis, da ƙarin zaɓuɓɓuka don iyakance damar sabis zuwa wasu tsarin fayil da mu'amalar hanyar sadarwa, ana ba da tallafi don sa ido kan daidaiton bangare ta amfani da ƙirar dm-mutunci, kuma ana ƙara goyan bayan sabuntawar auto-sd-boot.

Babban canje-canje:

  • Ƙarin tallafi don ɓoyayye da ingantattun takaddun shaida, waɗanda zasu iya zama masu amfani don adana mahimman bayanai kamar maɓallan SSL da samun damar kalmomin shiga. Ana yin ɓata bayanan shaidar kawai lokacin da ya cancanta kuma dangane da shigarwa ko kayan aiki na gida. Ana rufaffen bayanai ta atomatik ta amfani da algorithms ɓoyayyiyar madaidaici, maɓalli wanda za'a iya samuwa a cikin tsarin fayil, a guntuwar TPM2, ko ta amfani da tsarin haɗin gwiwa. Lokacin da sabis ɗin ya fara, ana ɓoye bayanan bayanan ta atomatik kuma su zama samuwa ga sabis ɗin a cikin tsari na yau da kullun. Don yin aiki tare da rufaffiyar takaddun shaida, an ƙara kayan aikin 'systemd-creds', kuma LoadCredentialEncrypted da SetCredentialEncrypted settings an gabatar da saitunan sabis.
  • sd-stub, mai aiwatar da EFI wanda ke ba da damar firmware na EFI don ɗaukar kernel Linux, yanzu yana goyan bayan booting kernel ta amfani da ka'idar LINUX_EFI_INITRD_MEDIA_GUID EFI. Hakanan an ƙara zuwa sd-stub shine ikon tattara takaddun shaida da fayilolin sysext a cikin ma'ajiyar cpio da canja wurin wannan tarihin zuwa kernel tare da initrd (ana sanya ƙarin fayiloli a cikin /.extra/ directory). Wannan fasalin yana ba ku damar amfani da ingantaccen mahalli na initrd mai iya canzawa, wanda ya cika ta hanyar sysexts da rufaffen bayanan tantancewa.
  • An faɗaɗa ƙayyadaddun ɓangarorin da za a iya ganowa, yana ba da kayan aiki don ganowa, hawa da kunna sassan tsarin ta amfani da GPT (Tables Partitions GUID). Idan aka kwatanta da fitowar da ta gabata, ƙayyadaddun yanzu yana goyan bayan tushen ɓangaren da / usr bangare don yawancin gine-gine, gami da dandamali waɗanda basa amfani da UEFI.

    Discoverable Partitions kuma yana ƙara tallafi ga ɓangarori waɗanda aka tabbatar da amincin su ta hanyar dm-verity module ta amfani da PKCS#7 sa hannun dijital, yana sauƙaƙa ƙirƙirar cikakkun ingantattun hotunan diski. Tallafin tabbatarwa yana haɗa cikin abubuwan amfani daban-daban waɗanda ke sarrafa hotunan diski, gami da systemd-nspawn, systemd-sysext, systemd-dissect, RootImage services, systemd-tmpfiles, da systemd-sysusers.

  • Don raka'a waɗanda ke ɗaukar lokaci mai tsawo don farawa ko tsayawa, ban da nuna mashaya ci gaba mai rai, yana yiwuwa a nuna bayanin matsayi wanda zai ba ku damar fahimtar ainihin abin da ke faruwa tare da sabis ɗin a halin yanzu kuma wane sabis ne mai sarrafa tsarin yake. a halin yanzu ana jira don kammalawa.
  • Ƙara DefaultOOMScoreAdjust siga zuwa /etc/systemd/system.conf da /etc/systemd/user.conf, wanda ke ba ka damar daidaita madaidaicin OOM-killer don ƙananan ƙwaƙwalwar ajiya, wanda ya dace da tafiyar da tsarin da aka fara don tsarin da masu amfani. Ta hanyar tsoho, nauyin ayyukan tsarin ya fi na ayyukan mai amfani, watau. Lokacin da rashin isasshen ƙwaƙwalwar ajiya, yuwuwar ƙarewar sabis ɗin mai amfani ya fi na tsarin.
  • Ƙara saitin RestrictFileSystems, wanda ke ba ku damar ƙuntata damar sabis zuwa wasu nau'ikan tsarin fayil. Don duba nau'ikan tsarin fayil da ake da su, zaku iya amfani da umarnin "systemd-analyze filesystems". Ta hanyar kwatankwacin, an aiwatar da zaɓin RestrictNetworkInterfaces, wanda ke ba ka damar taƙaita damar zuwa wasu mu'amalar cibiyar sadarwa. Aiwatar da aiwatarwa ta dogara ne akan tsarin BPF LSM, wanda ke iyakance damar yin amfani da rukuni na matakai zuwa abubuwan kwaya.
  • An ƙara sabon fayil ɗin sanyi / sauransu / integritytab da tsarin tsarin tsarin daidaitawa wanda ke saita tsarin dm-mutunci don sarrafa amincin bayanai a matakin sashe, alal misali, don tabbatar da rashin canzawar bayanan da aka rufaffen (Ingantacciyar Encryption, yana tabbatar da cewa toshe bayanai yana da ba a gyaggyara ta hanyar zagaye ba) . Tsarin fayil ɗin /etc/integritytab yayi kama da fayilolin /etc/crypttab da /etc/veritytab, sai dai ana amfani da dm-integrity maimakon dm-crypt da dm-verity.
  • An ƙara sabon fayil ɗin naúrar systemd-boot-update.service, lokacin da aka kunna kuma aka shigar da bootloader na sd-boot, systemd zai sabunta sigar sd-boot bootloader ta atomatik, yana kiyaye lambar bootloader koyaushe har zuwa yau. sd-boot kanta yanzu an gina shi ta tsohuwa tare da goyan bayan tsarin SBAT (UEFI Secure Boot Advanced Targeting), wanda ke magance matsaloli tare da soke takardar shedar don UEFI Secure Boot. Bugu da kari, sd-boot yana ba da ikon tantance saitunan taya Microsoft Windows don samar da daidaitattun sunayen sassan taya tare da Windows da kuma nuna sigar Windows.

    sd-boot kuma yana ba da ikon ayyana tsarin launi a lokacin ginawa. Yayin aiwatar da taya, ƙarin tallafi don canza ƙudurin allo ta latsa maɓallin "r". Ƙara maɓallin hotkey "f" don zuwa ƙirar ƙirar firmware. Ƙara yanayin don tada tsarin ta atomatik wanda ya dace da abin menu da aka zaɓa yayin taya na ƙarshe. An ƙara ikon ɗaukar direbobin EFI ta atomatik waɗanda ke cikin /EFI/systemd/drivers/ directory a cikin sashin ESP (EFI System Partition).

  • An haɗa sabon naúrar fayil factory-reset.target, wanda aka sarrafa a cikin systemd-logind a cikin irin wannan hanya zuwa sake yi, poweroff, dakatarwa da hibernate ayyuka, kuma ana amfani da shi don ƙirƙirar masu sarrafa don yin sake saitin masana'anta.
  • Tsarin tsarin da aka warware yanzu yana ƙirƙirar ƙarin soket na sauraro a 127.0.0.54 ban da 127.0.0.53. Bukatun da suka isa 127.0.0.54 koyaushe ana tura su zuwa uwar garken DNS na sama kuma ba a sarrafa su a cikin gida.
  • An ba da ikon gina tsarin da aka shigo da shi da kuma daidaita tsarin tare da ɗakin karatu na OpenSSL maimakon libgcrypt.
  • Ƙara tallafi na farko don gine-ginen LoongArch da aka yi amfani da shi a cikin na'urori na Loongson.
  • systemd-gpt-auto-generator yana ba da ikon daidaita tsarin musanyawa da aka ayyana ta atomatik ta tsarin tsarin LUKS2.
  • Lambar tantance hoto ta GPT da aka yi amfani da ita a cikin systemd-nspawn, systemd-dissect, da makamantan abubuwan amfani suna aiwatar da ikon yanke hotuna don sauran gine-gine, yana barin systemd-nspawn a yi amfani da shi don gudanar da hotuna akan masu kwaikwayon sauran gine-gine.
  • Lokacin duba hotunan diski, systemd-dissect yanzu yana nuna bayanai game da manufar ɓangaren, kamar dacewa don yin booting ta UEFI ko gudana a cikin akwati.
  • An ƙara filin "SYSEXT_SCOPE" zuwa tsarin-extension.d/ files, yana ba ku damar nuna iyakar hoton tsarin - "initrd", "tsarin" ko "mai ɗauka".
  • An ƙara filin "PORTABLE_PREFIXES" a cikin fayil ɗin os-release, wanda za'a iya amfani dashi a cikin hotuna masu ɗaukar hoto don tantance fa'idodin fayil ɗin raka'a masu goyan baya.
  • systemd-logind yana gabatar da sabbin saituna HandlePowerKeyLongPress, HandleRebootKeyLongPress, HandleSuspendKeyLongPress da HandleHibernateKeyLongPress, wanda za'a iya amfani dashi don tantance abin da zai faru lokacin da aka riƙe wasu maɓallai sama da daƙiƙa 5 (misali, danna maɓallin dakatarwa da sauri za a iya saita shi cikin yanayin jiran aiki da sauri. , kuma idan aka riƙe shi, zai yi barci).
  • Don raka'a, ana aiwatar da saitunan StartupAllowedCPUs da StartupAllowedMemoryNodes, waɗanda suka bambanta da saitunan makamantansu ba tare da prefix na Farawa ba saboda ana amfani da su kawai a matakin taya da rufewa, wanda ke ba ku damar saita wasu ƙuntatawa na albarkatu yayin taya.
  • Ƙara [Sharadi | Bayani [Memory|CPU|IO] Duban matsi wanda ke ba da damar kunna naúrar a tsallake ko ta gaza idan tsarin PSI ya gano nauyi mai nauyi akan ƙwaƙwalwar ajiya, CPU, da I/O a cikin tsarin.
  • An ƙara matsakaicin iyakar inode na tsoho don ɓangaren / dev daga 64k zuwa 1M, kuma don ɓangaren /tmp daga 400k zuwa 1M.
  • An gabatar da saitin ExecSearchPath don ayyuka, wanda ke ba da damar canza hanyar neman fayilolin aiwatarwa da aka ƙaddamar ta hanyar saiti kamar ExecStart.
  • An ƙara saitin RuntimeRandomizedExtraSec, wanda ke ba ku damar gabatar da karkatacciyar hanya zuwa lokacin lokacin RuntimeMaxSec, wanda ke iyakance lokacin aiwatar da naúrar.
  • An faɗaɗa tsarin haɗin RuntimeDirectory, StateDirectory, CacheDirectory da LogsDirectory saituna, wanda ta hanyar ƙayyadaddun ƙarin ƙimar da colon ya raba, yanzu zaku iya tsara ƙirƙirar hanyar haɗi ta alama zuwa littafin da aka ba don tsara hanyar shiga ta hanyoyi da yawa.
  • Don ayyuka, ana ba da saitunan TTYRows da TTYColumns don saita adadin layuka da ginshiƙai a cikin na'urar TTY.
  • An ƙara saitin ExitType, wanda ke ba ku damar canza dabaru don tantance ƙarshen sabis. Ta hanyar tsoho, systemd kawai yana lura da mutuwar babban tsari, amma idan an saita ExitType=cgroup, mai sarrafa tsarin zai jira tsari na ƙarshe a cikin ƙungiyar don kammalawa.
  • tsarin aiwatar da tsarin TPM2/FIDO2/PKCS11 na goyon bayan TPMXNUMX/FIDOXNUMX/PKCSXNUMX shi ma an gina shi azaman kayan aikin cryptsetup, yana ba da damar yin amfani da umarnin cryptsetup na yau da kullun don buɗe ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyiya.
  • Mai kula da TPM2 a cikin systemd-cryptsetup/systemd-cryptsetup yana ƙara goyan baya ga maɓallan farko na RSA ban da maɓallan ECC don haɓaka dacewa tare da kwakwalwan kwamfuta marasa ECC.
  • An ƙara zaɓin token-timeout zuwa /etc/crypttab, wanda ke ba ka damar ayyana iyakar lokacin da za a jira haɗin alamar PKCS#11/FIDO2, bayan haka za a sa ka shigar da kalmar sirri ko maɓallin dawowa.
  • systemd-timesyncd yana aiwatar da saitin SaveIntervalSec, wanda ke ba ku damar adana lokacin tsarin yanzu zuwa faifai, misali, don aiwatar da agogon monotonic akan tsarin ba tare da RTC ba.
  • An ƙara zaɓuka zuwa kayan aikin nazarin tsarin: "--image" da "--tushen" don duba fayilolin naúrar a cikin hoton da aka bayar ko tushen tushen, "--kura-kurai-recursive" don la'akari da raka'a masu dogara lokacin kuskure. an gano, "--offline" don duba fayilolin raka'a daban da aka ajiye zuwa faifai, "-json" don fitarwa a tsarin JSON, "- shiru" don musaki saƙonni marasa mahimmanci, "-profile" don ɗaure zuwa bayanin martaba mai ɗaukuwa. Hakanan an ƙara shi ne umarnin duba-elf don tantance ainihin fayiloli a cikin tsarin ELF da ikon duba fayilolin naúrar tare da sunan ɗaya da aka ba, ko da kuwa ko wannan sunan ya dace da sunan fayil ɗin.
  • systemd-networkd ya faɗaɗa tallafi ga bas ɗin Yanki na Yanki (CAN). Ƙara saitunan don sarrafa yanayin CAN: Loopback, OneShot, PresumeAck da ClassicDataLengthCode. Added TimeQuantaNSec, PropagationSegment, PhaseBufferSegment1, PhaseBufferSegment2, SyncJumpWidth, DataTimeQuantaNSec, DataPropagationSegment, DataPhaseBufferSegment1, DataPhaseBufferSegment2 da DataSyncJumpWidth zažužžukan na DataSyncJumpWidth zažužžukan don sarrafa sashe na cibiyar sadarwa.
  • Systemd-networkd ya kara wani zaɓi na Label don abokin ciniki na DHCPv4, wanda ke ba ka damar saita alamar adireshin da aka yi amfani da ita lokacin daidaita adiresoshin IPv4.
  • systemd-udevd don "ethtool" yana aiwatar da tallafi don ƙimar "max" na musamman waɗanda ke saita girman buffer zuwa matsakaicin ƙimar da kayan aikin ke tallafawa.
  • A cikin fayilolin .link don systemd-udevd yanzu zaku iya saita sigogi daban-daban don haɗa adaftar cibiyar sadarwa da haɗa masu sarrafa kayan aiki (offload).
  • systemd-networkd yana ba da sababbin fayilolin .cibiyar sadarwa ta hanyar tsoho: 80-container-vb.network don ayyana gadoji na cibiyar sadarwa da aka ƙirƙira lokacin gudanar da tsarin systemd-nspawn tare da zaɓuɓɓukan "--network-bridge" ko "--network-zone"; 80-6rd-tunnel.network don ayyana ramukan da aka ƙirƙira ta atomatik lokacin karɓar amsa DHCP tare da zaɓi na 6RD.
  • Systemd-networkd da systemd-udevd sun ƙara goyon baya don isar da IP akan hanyoyin sadarwa na InfiniBand, wanda aka ƙara sashin "[IPoIB]" zuwa fayilolin systemd.netdev, kuma an aiwatar da ƙimar "ipoib" a cikin Irin. saitin.
  • systemd-networkd yana ba da saitin hanya ta atomatik don adiresoshin da aka ƙayyade a cikin ma'aunin AllowedIPs, waɗanda za a iya daidaita su ta hanyar hanyoyin RouteTable da RouteMetric a cikin sassan [WireGuard] da [WireGuardPeer].
  • systemd-networkd yana samar da tsarar atomatik na adiresoshin MAC marasa canzawa don batadv da musaya na gada. Don musaki wannan hali, zaku iya saka MACAddress=babu a cikin fayilolin .netdev.
  • An ƙara saitin kalmar wucewa ta WakeOnLanPassword zuwa fayilolin haɗin gwiwa a cikin sashin "[Haɗi]" don ƙayyade kalmar sirri lokacin da WoL ke gudana a cikin yanayin "SecureOn".
  • Ƙara AutoRateIngress, CompensationMode, FlowIsolationMode, NAT, MPUBytes, PriorityQueueingPreset, FirewallMark, Wash, SplitGSO da UseRawPacketSize saituna zuwa sashin "[CAKE]" na .fayilolin hanyar sadarwa don ayyana ma'auni na hanyar sadarwa na CAKE (Aikace-aikacen gama gari da aka Ci gaba) .
  • Ƙara saitin IgnoreCarrierLoss zuwa sashin "[Network]" na fayilolin cibiyar sadarwa, yana ba ku damar tantance tsawon lokacin da za ku jira kafin amsa ga asarar siginar mai ɗauka.
  • Systemd-nspawn, homectl, machinectl da systemd-run sun tsawaita ma'auni na ma'aunin "--setenv" - idan kawai sunan mai canzawa (ba tare da "=") ba, za a ɗauki darajar daga madaidaicin yanayi (don). misali, lokacin da aka ƙayyade "--setenv=FOO" za a ɗauki ƙimar daga ma'aunin muhalli na $FOO kuma a yi amfani da shi a cikin canjin yanayi na sunan da aka saita a cikin akwati).
  • systemd-nspawn ya kara da wani zaɓi na "--suppress-sync" don musaki kiran tsarin daidaitawa ()/fsync()/fdatasync() tsarin kiran lokacin ƙirƙirar akwati (mai amfani lokacin da saurin ke da fifiko kuma adana kayan aikin gini idan gazawar ba ta kasance ba. mahimmanci, tunda ana iya sake ƙirƙirar su a kowane lokaci).
  • An ƙara sabon bayanan hwdb, wanda ya ƙunshi nau'ikan masu nazarin sigina daban-daban (multimeter, masu nazarin yarjejeniya, oscilloscopes, da sauransu). An faɗaɗa bayanai game da kyamarori a cikin hwdb tare da fili tare da bayani game da nau'in kamara (na yau da kullun ko infrared) da sanya ruwan tabarau (gaba ko baya).
  • An kunna ƙirƙira sunayen masu mu'amala da cibiyar sadarwa mara canzawa don na'urorin gaba da aka yi amfani da su a cikin Xen.
  • Ana yin nazarin ainihin fayilolin ta hanyar tsarin amfani na systemd-coredump dangane da ɗakunan karatu na libdw/libelf yanzu a cikin wani tsari daban, keɓe a cikin yanayin sandbox.
  • systemd-importd ya ƙara goyon baya ga masu canjin yanayi $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA, $SYSTEMD_IMPORT_SYNC, wanda tare da shi zaku iya musaki ƙarni na ɓangarori na Btrfs, da kuma daidaita ƙididdiga da daidaitawar diski.
  • A cikin tsarin-jarida, akan tsarin fayilolin da ke goyan bayan yanayin kwafi-kan-rubutu, ana sake kunna yanayin COW don mujallun da aka adana, yana ba su damar matsawa ta amfani da Btrfs.
  • systemd-journald yana aiwatar da rarrabuwar filayen iri ɗaya a cikin saƙo guda ɗaya, wanda aka yi a mataki kafin sanya saƙon a cikin jarida.
  • Ƙara zaɓin "--show" don kashe umarnin don nuna shirin kashewa.

source: budenet.ru

Add a comment