ProHoster > Блог > labaran intanet > Systemd System Manager release 250

Systemd System Manager release 250

Bayan watanni biyar na ci gaba, an saki tsarin sarrafa tsarin 250. Sabuwar sakin yana ƙara ikon adana bayanan sirri, aiwatar da tabbatar da sa hannu na dijital na sassan GPT da aka gano ta atomatik, inganta rahoton jinkirin fara sabis, yana ƙara zaɓuɓɓuka don ƙuntata damar sabis zuwa takamaiman tsarin fayil da mu'amalar hanyar sadarwa, yana goyan bayan sa ido kan daidaiton bangare ta amfani da dm-integrity module, kuma yana ƙara goyan baya ga sabuntawar sd-boot ta atomatik.

Babban canje-canje:

  • An ƙara tallafi don bayanan sirri da aka ɓoye da aka tabbatar, wanda zai iya zama da amfani don adana abubuwa masu mahimmanci kamar su SSL- maɓallan shiga da kalmomin shiga. Ana yin ɓoye bayanan sirri ne kawai lokacin da ya cancanta kuma ya keɓance ga shigarwa ko kayan aikin gida. Ana ɓoye bayanai ta atomatik ta amfani da algorithms na ɓoye bayanai masu daidaituwa, wanda za'a iya samun maɓallin a cikin tsarin fayil, a cikin guntu na TPM2, ko ta amfani da tsarin haɗin gwiwa. Lokacin da sabis ɗin ya fara, ana ɓoye bayanan sirri ta atomatik kuma ana samar da su ga sabis ɗin a cikin rubutu mai sauƙi. An ƙara kayan aikin 'systemd-creds' don aiki tare da bayanan sirri da aka ɓoye, kuma saitunan LoadCredentialEncrypted da SetCredentialEncrypted suna samuwa don ayyuka.
  • A cikin sd-stub, fayil ɗin aiwatarwa na EFI, wanda firmware na EFI ke ɗora kernel LinuxAn ƙara tallafi don booting kernel ta amfani da yarjejeniyar LINUX_EFI_INITRD_MEDIA_GUID EFI. Haka kuma an ƙara wa sd-stub ikon tattara bayanan sirri da fayilolin sysext cikin rumbun adana bayanai na cpio da kuma mika wannan rumbun adana bayanai zuwa ga kwaya tare da initrd (ana sanya ƙarin fayiloli a cikin kundin adireshi na /.extra/). Wannan fasalin yana ba da damar amfani da yanayin initrd mai tabbatarwa, wanda ba za a iya canzawa ba, wanda aka ƙara tare da sysexts da bayanan tantancewa na ɓoye.
  • An faɗaɗa ƙayyadaddun ɓangarorin da za a iya ganowa, samar da kayan aiki don ganowa, hawawa, da kunna sassan tsarin ta amfani da GPT (Tables Partitions GUID). Idan aka kwatanta da fitowar da ta gabata, ƙayyadaddun yanzu yana goyan bayan tushen ɓangaren da /usr bangare don yawancin gine-gine, gami da dandamali waɗanda basa amfani da UEFI.

    Abubuwan da za a iya ganowa kuma suna ƙara goyan baya ga ɓangarori waɗanda aka tabbatar da amincin su ta hanyar dm-verity module ta amfani da PKCS#7 sa hannun dijital, yana sauƙaƙe ƙirƙirar cikakkun ingantattun hotunan diski. Tallafin tabbatarwa yana haɗa cikin abubuwan amfani daban-daban waɗanda ke sarrafa hotunan diski, gami da systemd-nspawn, systemd-sysext, systemd-dissect, ayyuka tare da RootImage, systemd-tmpfiles, da systemd-sysusers.

  • Don raka'a waɗanda ke ɗaukar lokaci mai tsawo don farawa ko dakatarwa, ban da nuna mashigin ci gaba mai rai, ana ba da ikon nuna bayanan matsayi, yana ba ku damar fahimtar ainihin abin da ke faruwa tare da sabis ɗin a yanzu da kuma wane sabis ɗin mai sarrafa tsarin ke jira a halin yanzu.
  • An ƙara siginar DefaultOOMScoreAdjust zuwa /etc/systemd/system.conf da /etc/systemd/user.conf . Wannan siga yana daidaita madaidaicin-killer OOM don yanayin ƙananan ƙwaƙwalwar ajiya, wanda ya dace da tsarin da aka fara ta tsarin da masu amfani. Ta hanyar tsoho, sabis na tsarin yana da nauyi mafi girma fiye da sabis na mai amfani, ma'ana cewa sabis ɗin mai amfani yana iya ƙarewa a ƙarƙashin ƙarancin ƙwaƙwalwar ajiya fiye da ayyukan tsarin.
  • An ƙara saitin RestrictFileSystems, yana ba ku damar ƙuntata damar sabis zuwa takamaiman nau'ikan tsarin fayil. Kuna iya amfani da umarnin "systemd-analyze filesystems" don duba samuwa nau'ikan tsarin fayil. Hakazalika, an aiwatar da zaɓin RestrictNetworkInterfaces, yana ba ku damar taƙaita shiga takamaiman mu'amalar hanyar sadarwa. Wannan aiwatarwa ya dogara ne akan tsarin LSM BPF, wanda ke hana damar zuwa abubuwan kwaya don rukunin matakai.
  • An ƙara sabon fayil ɗin sanyi, /etc/integritytab, da kuma tsarin tsarin tsarin-integritysetup. Waɗannan suna saita ƙirar dm-integrity don sa ido kan amincin bayanan matakin yanki, kamar tabbatar da rashin canzawar bayanan rufaffiyar (Ingantacciyar ɓoyayyen ɓoyayyen yana tabbatar da cewa ba a canza toshe bayanai ta hanyar da ba ta da tabbas). Tsarin fayil ɗin /etc/integritytab yayi kama da /etc/crypttab da /etc/veritytab, sai dai ana amfani da dm-integrity maimakon dm-crypt da dm-verity.
  • An ƙara sabon fayil ɗin naúrar, systemd-boot-update.service. Idan aka kunna kuma aka shigar da bootloader na sd-boot, systemd zai sabunta sigar bootloader na sd-boot ta atomatik, yana kiyaye lambar bootloader koyaushe yana sabuntawa. sd-boot da kansa yanzu an gina shi ta tsohuwa tare da goyon bayan tsarin SBAT (UEFI Secure Boot Advanced Targeting), wanda ke warware matsalolin soke takardar shaida don UEFI Secure Boot. Bugu da ƙari, sd-boot yanzu yana goyan bayan nazarin saitunan boot ɗin Microsoft. Windows don ƙirƙirar sunayen sassan taya tare da Windows da kuma nuna sigar Windows.

    sd-boot kuma yana ba da ikon tantance tsarin launi yayin aikin ginin. Taimako don canza ƙudurin allo ta latsa maɓallin "r" yayin taya yana samuwa yanzu. An ƙara maɓalli mai zafi, "f," don shigar da saitin saitin firmware. An ƙara yanayin taya na atomatik, daidai da abin menu da aka zaɓa lokacin taya ta baya. An ƙara ikon ɗaukar direbobin EFI ta atomatik waɗanda ke cikin /EFI/systemd/drivers/ directory akan ESP (EFI System Partition).

  • Wani sabon fayil ɗin naúrar, factory-reset.target, an haɗa shi, wanda ake sarrafa shi ta systemd-logind a irin wannan hanyar zuwa sake kunnawa, kashe wutar lantarki, dakatarwa, da ayyukan ɓoyewa, kuma ana amfani dashi don ƙirƙirar masu sarrafa don yin sake saitin masana'anta.
  • Tsarin tsarin da aka warware yanzu yana ƙirƙirar ƙarin soket na sauraro akan 127.0.0.54 ban da 127.0.0.53. Bukatun zuwa 127.0.0.54 ana tura su zuwa uwar garken DNS na sama kuma ba a sarrafa su a cikin gida.
  • An ƙaddamar da ikon gina tsarin da aka shigo da shi da tsarin da aka warware tare da ɗakin karatu na OpenSSL maimakon libgcrypt.
  • Ƙara tallafi na farko don gine-ginen LoongArch da aka yi amfani da shi a cikin na'urori na Loongson.
  • systemd-gpt-auto-generator yana aiwatar da ikon daidaita ƙayyadaddun ɓangarorin musanyawa da aka ɓoye ta atomatik tare da tsarin tsarin LUKS2.
  • Lambar tantance hoto ta GPT da aka yi amfani da ita a cikin systemd-nspawn, systemd-dissect, da makamantan abubuwan amfani suna aiwatar da ikon yanke hotuna don sauran gine-gine, yana ba da damar yin amfani da systemd-nspawn don gudanar da hotuna a cikin masu kwaikwayo don sauran gine-gine.
  • Lokacin duba hotunan diski a cikin systemd-dissect, yanzu yana nuna bayanai game da manufar ɓangaren, kamar ko ya dace da boot ɗin UEFI ko yana gudana a cikin akwati.
  • An ƙara filin "SYSEXT_SCOPE" zuwa tsarin-extension.d/ files, yana ba ku damar tantance iyakar hoton tsarin - "initrd", "tsarin", ko "mai ɗauka".
  • An ƙara filin "PORTABLE_PREFIXES" zuwa fayil ɗin os-release, wanda za'a iya amfani da shi a cikin hotuna masu ɗaukar hoto don ayyana ma'anar fa'idodin fayil ɗin raka'a masu goyan baya.
  • systemd-logind yana aiwatar da sabbin saituna HandlePowerKeyLongPress, HandleRebootKeyLongPress, HandleSuspendKeyLongPress, da HandleHibernateKeyLongPress, waɗanda za'a iya amfani da su don ayyana ayyuka lokacin da aka riƙe wasu maɓallai sama da daƙiƙa 5 (misali, danna maɓallin Dakatar da shi za'a iya saita shi da sauri kuma ana iya saita tsarin dakatarwa. an saita shi don yin hibernate tsarin).
  • Don raka'a, an aiwatar da saitunan StartupAllowedCPUs da StartupAllowedMemoryNodes. Waɗannan sun bambanta da saitunan irin wannan ba tare da prefix na Farawa ba saboda ana amfani da su kawai a matakan taya da rufewa, yana ba ku damar saita ƙuntatawa na albarkatu daban-daban yayin taya.
  • Ƙara [Sharadi | Bayani [Memory|CPU | IO] Duban matsi wanda ke ba da damar kunna naúrar a tsallake ko kammala tare da kuskure idan babban nauyi akan ƙwaƙwalwar ajiya, CPU, da I/O a cikin tsarin an gano ta hanyar hanyar PSI.
  • An ƙara madaidaicin iyakar inode don ɓangaren /dev daga 64k zuwa 1M, da /tmp daga 400k zuwa 1M.
  • Don ayyuka, an gabatar da saitin ExecSearchPath, wanda ke ba ku damar canza hanyar neman fayilolin aiwatarwa da aka ƙaddamar ta hanyar saiti masu kama da ExecStart.
  • Ƙara saitin RuntimeRandomizedExtraSec, wanda ke ba ku damar gabatar da bambance-bambancen bazuwar cikin lokacin RuntimeMaxSec, wanda ke iyakance lokacin aiwatar da naúrar.
  • An fadada tsarin tsarin RuntimeDirectory, StateDirectory, CacheDirectory, da LogsDirectory saituna. Ta hanyar ƙididdige ƙarin ƙimar da aka raba ta hanji, yanzu zaku iya ƙirƙirar hanyar haɗi ta alama zuwa ƙayyadaddun kundin adireshi don ba da dama ta hanyoyi da yawa.
  • Don ayyuka, ana samar da saitunan TTYRows da TTYColumns don tantance adadin layuka da ginshiƙai a cikin na'urar TTY.
  • Ƙara saitin ExitType wanda ke ba ku damar canza dabaru don ƙayyade ƙarewar sabis. Ta hanyar tsoho, systemd kawai yana lura da ƙarewar babban tsari, amma lokacin da aka saita ExitType=cgroup, mai sarrafa tsarin zai jira tsari na ƙarshe a cikin ƙungiyar don ƙare.
  • TPM2/FIDO2/PKCS11 goyon bayan aiwatarwa a cikin systemd-cryptsetup an gina shi a matsayin plugin don cryptsetup, yana ba da damar yin amfani da umarnin cryptsetup na yau da kullun don buɗe ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyen.
  • An sabunta mai kula da TPM2 a cikin systemd-cryptsetup/systemd-cryptsetup don tallafawa maɓallan farko na RSA ban da maɓallan ECC don haɓaka dacewa tare da kwakwalwan kwamfuta waɗanda basa goyan bayan ECC.
  • An ƙara zaɓin token-timeout zuwa /etc/crypttab, yana ba ka damar ƙayyade iyakar lokacin da za a jira alamar PKCS#11/FIDO2 don haɗawa, bayan haka za a sa ka shigar da kalmar sirri ko maɓallin dawowa.
  • systemd-timesyncd yana aiwatar da saitin SaveIntervalSec, wanda ke ba da damar adana lokaci na tsarin na yanzu zuwa faifai, misali, don aiwatar da agogon monotonic akan tsarin ba tare da RTC ba.
  • An sabunta kayan amfani na tsarin-bincike tare da zaɓuɓɓuka masu zuwa: "--image" da "--tushen" don duba fayilolin naúrar a cikin hoton da aka bayar ko tushen tushen, "--recursive-kuskuren" don ɗaukar raka'a masu dogara lokacin da aka gano kuskure, "--offline" don duba fayilolin da aka ajiye daban, "--jsonet" don fitarwa daban-daban fayilolin naúrar, "--jsonet" don fitarwa a cikin fayil naúrar. saƙonni, da "-profile" don ɗaure zuwa bayanin martaba mai ɗaukuwa. Hakanan an ƙara umarnin binciken-elf don tantance fayilolin ELF da ikon bincika fayilolin naúrar tare da sunan naúrar, ko da sunan ya dace da sunan fayil.
  • Systemd-networkd yanzu yana goyan bayan bas ɗin Yanki na Yanki (CAN). An ƙara zaɓuɓɓukan daidaitawa don sarrafa yanayin CAN: Loopback, OneShot, PresumeAck, da ClassicDataLengthCode. An ƙara waɗannan zaɓuɓɓuka masu zuwa zuwa sashin [CAN] na fayilolin hanyar sadarwa: TimeQuantaNSec, PropagationSegment, PhaseBufferSegment1, PhaseBufferSegment2, SyncJumpWidth, DataTimeQuantaNSec, DataPropagationSegment, DataPhaseBufferSegment1, DataPhaseBufferSegment1, DataPhaseBufferSegmentCAN,DataPhaseBufferSegment2,DataPhaseBufferSegment2 aiki tare.
  • Abokin hanyar sadarwa na tsarin DHCPv4 yanzu yana da zaɓin Lakabi wanda ke ba ka damar saita alamar adireshin da aka yi amfani da ita lokacin daidaita adiresoshin IPv4.
  • systemd-udevd yana aiwatar da tallafi don ƙimar "max" na musamman don "ethtool" wanda ke saita girman buffer zuwa matsakaicin ƙimar da kayan aikin ke tallafawa.
  • A cikin fayilolin .link don systemd-udevd, yanzu zaku iya saita sigogi daban-daban don haɗa adaftar cibiyar sadarwa da haɗa masu sarrafa kayan aiki (offload).
  • systemd-networkd yana ba da sababbin fayilolin .network ta tsohuwa: 80-container-vb.network don ayyana gadojin cibiyar sadarwa da aka ƙirƙira lokacin da systemd-nspawn ya fara da zaɓin "--network-bridge" ko "--network-zone"; 80-6rd-tunnel.network don ayyana ramukan da aka ƙirƙira ta atomatik lokacin da aka karɓi amsa DHCP tare da zaɓi na 6RD.
  • An ƙara tallafi don isar da IP akan musaya na InfiniBand zuwa tsarin sadarwa na tsarin da systemd-udevd, wanda aka ƙara sashin "[IPoIB]" zuwa fayilolin systemd.netdev, kuma an sarrafa ƙimar "ipoib" a cikin Tsarin Kind.
  • systemd-networkd yana ba da saitin hanyoyi ta atomatik don adiresoshin da aka ƙayyade a cikin sigar AllowedIPs, wanda za'a iya saita shi ta hanyar sigogin RouteTable da RouteMetric a cikin [WireGuard] Kuma [WireGuardPeer].
  • systemd-networkd ta atomatik yana haifar da ƙayyadaddun adiresoshin MAC don batadv da musaya na gada. Don kashe wannan hali, saka MACAddress=babu a cikin fayilolin .netdev.
  • An ƙara saitin kalmar wucewa ta WakeOnLanPassword zuwa sashin "[Haɗi]" na fayilolin .link don ayyana kalmar sirri lokacin da WoL ke gudana a cikin yanayin "SecureOn".
  • An sabunta sashin "[CAKE]" na fayilolin cibiyar sadarwa tare da AutoRateIngress, CompensationMode, FlowIsolationMode, NAT, MPUBytes, PriorityQueueingPreset, FirewallMark, Wash, SplitGSO, da UseRawPacketSize settings don ayyana ma'auni na tsarin CAKE (Aikace-aikacen Gudanarwa na yau da kullun).
  • An ƙara saitin IgnoreCarrierLoss zuwa sashin "[Network]" na fayilolin cibiyar sadarwa, yana ba ku damar tantance tsawon lokacin jira kafin amsa ga asarar siginar mai ɗauka.
  • A cikin systemd-nspawn, homectl, machinectl, da systemd-run, an ƙaddamar da ma'auni na ma'auni na "--setenv": idan kawai sunan mai canzawa (ba tare da "=") ba, za a ɗauki darajar daga madaidaicin yanayi mai dacewa (misali, idan ka ƙayyade "--setenv = FOO", darajar za a karɓa daga madaidaicin sunan da aka yi amfani da shi a cikin mahallin mahallin $ FOO).
  • Ƙara wani zaɓi na "--suppress-sync" zuwa systemd-nspawn don musaki aiwatar da sync ()/fsync()/fdatasync() kiran tsarin lokacin ƙirƙirar akwati (mai amfani lokacin da sauri ke da fifiko da adana kayan aikin gini idan gazawar ba ta da mahimmanci, saboda ana iya sake ƙirƙira su a kowane lokaci).
  • An ƙara sabon bayanan hwdb, wanda ya ƙunshi nau'ikan masu nazarin sigina daban-daban (multimeter, masu nazarin yarjejeniya, oscilloscopes, da sauransu). An faɗaɗa bayanin kamara a cikin hwdb don haɗawa da filin don nau'in kamara (na yau da kullun ko infrared) da sanya ruwan tabarau (gaba ko baya).
  • Yana haifar da ci gaba da sunaye na cibiyar sadarwa don na'urorin gaba da aka yi amfani da su a cikin Xen.
  • Ana yin nazarin ainihin fayilolin ta hanyar tsarin tsarind-coredump dangane da ɗakunan karatu na libdw/libelf yanzu a cikin wani keɓantaccen tsari a cikin mahallin akwatin yashi.
  • systemd-importd yanzu yana goyan bayan masu canjin yanayi $SYSTEMD_IMPORT_BTRFS_SUBVOL, $SYSTEMD_IMPORT_BTRFS_QUOTA, da $SYSTEMD_IMPORT_SYNC, waɗanda za a iya amfani da su don kashe ƙarni na ƙananan maɓallan Btrfs da daidaita ƙididdiga da aiki tare.
  • A cikin tsarin-jarida, akan tsarin fayilolin da ke goyan bayan yanayin kwafi-kan-rubutu, yanayin COW yana sake kunnawa don mujallun da aka adana, wanda ke ba su damar matsawa ta Btrfs.
  • systemd-journald yana aiwatar da rarrabuwar fage iri ɗaya a cikin saƙo ɗaya, wanda ake yi kafin a sanya saƙon a cikin jarida.
  • Umurnin kashewa yanzu yana da zaɓi na "--show" don nuna tsarin rufewa.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster