ProHoster > Blog > labaran intanet > Systemd System Manager release 257

Systemd System Manager release 257

Bayan watanni shida na ci gaba, an gabatar da sakin tsarin sarrafa tsarin 257: sababbin kayan aiki systemd-sbsign da systemd-keyutil, goyon baya ga MPTCP lokacin da aka kunna shi akan soket, goyon baya na farko don ginawa tare da ɗakin karatu na Musl C. updatectl mai amfani don sarrafa shigar da sabuntawa ta hanyar systemd-sysupdate, ikon ƙaddamar da ayyuka a cikin wurare daban-daban na PID, kariya daga share fayiloli na bazata lokacin amfani da "systemd-tmpfiles -purge".

Daga cikin canje-canje a cikin sabon sakin:

  • Добавлена новая утилита systemd-sbsign для заверения цифровой подписью исполняемых файлов в формате PE (Portable Executable), предназначенных для использования при загрузке в режиме EFI Secure Boot. Для формирования подписи могут использоваться движки и провайдеры, предоставляемые библиотекой OpenSSL. Systemd-sbsign может применяться в качестве альтернативы приложениям sbsigntool и pesign в утилите ukify при формировании универсальных образов ядра UKI (Unified Kernel Image), объединяющих в одном файле загрузчик для UEFI (UEFI boot stub), образ ядра Linux da kuma yanayin tsarin initrd da aka ɗora a cikin ƙwaƙwalwa.
  • An ƙara sabon mai amfani, systemd-keyutil, wanda ke aiwatar da ayyuka daban-daban akan maɓallan masu zaman kansu da takaddun shaida na X.509. Misali, ana iya amfani da systemd-keyutil don gwada ikon loda maɓallan sirri da takaddun shaida, da kuma cire maɓallan jama'a daga gare su a cikin tsarin PEM.
  • A cikin na'urorin ".socket" da ake amfani da su don tabbatar da aikin tsarin kunna soket (fara aiwatarwa lokacin ƙoƙarin kafa haɗin hanyar sadarwa), ana aiwatar da tallafi ga MPTCP (Multipath TCP), wani faɗaɗa na yarjejeniyar TCP don tsara aikin haɗin TCP tare da isar da fakiti a lokaci guda tare da hanyoyi da yawa ta hanyar hanyoyin sadarwa daban-daban da aka haɗa zuwa daban-daban Adireshin IP.
  • Ya haɗa da canje-canje masu mahimmanci don ginawa ta amfani da daidaitaccen ɗakin karatu na Musl C.
  • В различные компоненты systemd, выводящие индикаторы прогресса выполнения операций (например, systemd-repart, systemd-sysupdate/updatectl и importctl), добавлена возможность использования ANSI-последовательностей для анимирования отображения прогресса. Подобные последовательности пока поддерживаются только в Windows Terminal (предполагается, что со временем подобная возможность будет перенесена и в эмуляторы терминалов для Linux).
  • An faɗaɗa ƙarfin ɓangaren tsarin sysupdate, ana amfani da su don ganowa ta atomatik, zazzagewa da shigar da sabuntawa ta amfani da tsarin atomatik don maye gurbin ɓangarori, fayiloli ko kundayen adireshi (ana amfani da ɓangarori / fayiloli / kundayen adireshi biyu masu zaman kansu, ɗayan wanda ya ƙunshi aikin yanzu. albarkatun, da sauran shigar da na gaba) sabuntawa, bayan haka an canza sassan / fayiloli / kundayen adireshi). A aikace, an riga an yi amfani da tsarin-sysupdate a cikin GNOME OS.

    Baya ga tsarin tsarin-sysupdate, an ƙara sabis mai suna iri ɗaya wanda ke ba da damar amfani da D-Bus don sarrafa sabunta tsarin ta mai amfani mara gata. Don sarrafa sabis ɗin, ana kuma haɗa sabon kayan aikin updatectl. Ƙara tutar "--offline" zuwa tsarin tsarin-sysupdate don musaki zazzagewar metadata akan hanyar sadarwar kuma amfani da nau'ikan da aka riga aka sauke zuwa tsarin gida. Ƙara goyon baya don fitarwa a tsarin JSON don duk umarni.

  • An aiwatar da sabon kadarorin "PrivatePIDs" don ayyuka, wanda tare da shi zaku iya tsara ƙaddamar da matakai tare da PID 1 (tsarin init) a cikin keɓan wurin ganowar tsari (PID namespace). A cikin yanayin da aka ƙirƙira don aiwatar da ƙaddamarwa, matakai ne kawai daga sararin sunan da aka ƙirƙira don shi za a iya gani.
  • Ƙara goyon baya don matches marasa fahimta ga dokokin udev (misali 'ATTR{foo}==i»abcd»'). Yin amfani da udev, yana yiwuwa a samar da masu amfani na gida marasa gata tare da damar ("uaccess") zuwa na'urar / dev/udmabuf, wanda ya zama dole don aiki tare da kyamarori IPMI ta hanyar libcamera. udev yana ba da sanin walat ɗin crypto iri-iri tare da kebul na USB da saita kayan ID_HARDWARE_WALLET don su, wanda ke ba ku damar amfani da yanayin "uaccess" zuwa gare su don samun dama ga masu amfani marasa gata.
  • Sabbin filayen RELEASE_TYPE, EXPERIMENT da EXPERIMENT_URL an saka su cikin fayil ɗin /etc/os-release. "RELEASE_TYPE" na iya ɗaukar dabi'u "gwaji", "ci gaba", "stable" da "lts" don ware tsayayyen juzu'i daga haɓakawa da ginin gwaji. Abubuwan EXPERIMENT da EXPERIMENT_URL an yi niyya ne don bayyana ainihin ginin gwaji.
  • Mai amfani da run0, wanda aka haɓaka azaman maye gurbin shirin sudo, ya ƙara zaɓin "--shell-prompt-prefix", wanda ke ƙayyadaddun kirtani na prefix don faɗakarwar harsashi. Ta hanyar tsoho, ana nuna emoji “🦸” azaman prefix don haskaka wani taro mai ɗaukaka a gani.
  • A cikin systemd-tmpfiles, don guje wa share fayilolin da ba daidai ba, zaɓin "--purge" yanzu yana aiki ne kawai ga saituna a cikin tmpfiles.d/ waɗanda ke da alamar "$" a sarari. Aikin "--purge" kuma yana buƙatar tantance aƙalla fayil ɗaya daga tmpfiles.d/ directory. Don igiyoyi masu nau'in 'L', an ƙara tutar '?', lokacin da aka ƙayyade, za a ƙirƙiri hanyar haɗin kai kawai idan fayil ɗin manufa ya kasance.
  • A cikin mai sarrafa sabis da abubuwan amfani masu alaƙa, ana ci gaba da canza lambar bin tsari zuwa amfani da PIDFD maimakon PID. PIDFD yana da alaƙa da takamaiman tsari kuma baya canzawa, yayin da ana iya haɗa PID tare da wani tsari bayan tsarin na yanzu mai alaƙa da PID ɗin ya ƙare.
  • Don ayyuka, yanzu yana yiwuwa a ƙididdige ƙimar "debug" a cikin ma'aunin "RestartMode", wanda za a sake kunna sabis ɗin da ya gaza tare da kunna yanayin cirewa (an saita yanayin yanayin DEBUG_INVOCATION = 1), kuma ƙimar LogLevelMax za ta kasance. an ɗaga shi na ɗan lokaci zuwa matakin gyara kuskure.
  • Mai kula da PID 1 yana da ikon ɗora dokoki don tsarin IPE (Integrity Policy Enforcement) LSM module, wanda ke ayyana manufofin mutunci ga dukan tsarin (waɗanne ayyukan da aka ba da izini da kuma yadda ya kamata a tabbatar da sahihancin abubuwan da aka gyara).
  • An ƙara zaɓin "DeferReactivation" a cikin fayilolin naúrar ".timer", wanda ke ba ku damar tsallake kunnawar lokaci na gaba idan sabis ɗin bai gama aiwatar da shi ba tun lokacin kunnawa na ƙarshe.
  • A cikin ma'aunin fayil ɗin naúrar masu zaman kansu, yanzu yana yiwuwa a ƙididdige ƙimar “ƙimar” don ba da damar yin taswirar ID ɗin mai amfani lokacin ƙirƙirar sararin sunan mai amfani.
  • Ƙara goyon baya don ƙimar "katse" zuwa ma'aunin fayil na PrivateTmp, wanda zai yi amfani da misalan tmpfs daban don /tmp/ da /var/tmp/ kundayen adireshi.
  • An ƙara goyan baya don sabbin hanyoyin "keɓaɓɓu" da "tsattsauran ra'ayi" zuwa ma'aunin fayil ɗin naúrar ProtectControlGroups, lokacin da aka saita, an ƙirƙiri sabon filin suna don sabis ɗin kuma an ɗora ƙungiyoyin. Lokacin da aka saita zaɓin "tsakanin", ana ɗora ƙungiyoyin a cikin yanayin karantawa kawai.
  • Ma'auni na StateDirectory, RuntimeDirectory, CacheDirectory, LogsDirectory da ConfigurationDirectory sigogi suna ba da ikon yin amfani da tuta ':ro' don taƙaita samun dama ga kundayen adireshi zuwa yanayin karantawa kawai.
  • Ƙara goyon baya don ƙimar "firmware" zuwa ma'aunin layin umarni na "systemd.machine_id", wanda za a ƙididdige mai gano tsarin (ID na inji) bisa UUID daga SMBIOS/DeviceTree.
  • Добавлена поддержка системных вызовов mseal(), listmount() и statmount(), появившихся в недавних выпусках ядра Linux.
  • A resolvectl, timedatectl da systemd-inhibit utilities yanzu goyan bayan m m izini ta amfani da Polkit.
  • Mai amfani na systemctl ya ƙara ikon yin amfani da tutar "--now" a cikin umarnin "sake kunnawa".
  • Ƙara wani zaɓi na "--json" zuwa tsarin tsarin-mount don fitarwa a tsarin JSON (misali, lokacin da aka ƙayyade tare da "--list-na'urori", jerin na'urori za a fitar da su a cikin tsarin JSON).
  • An ƙara zaɓuɓɓukan "-l" da "--full" zuwa kayan aikin "localectl" don musaki datsa dogayen layi yayin fitarwa.
  • An ƙara zaɓin HibernateOnACPower zuwa sleep.conf, wanda ke ba ku damar jinkirta canzawa zuwa yanayin barci har sai an cire haɗin na'urar daga tushen wutar lantarki.
  • A cikin systemd-sysusers, an ƙara goyan bayan "!" modifier zuwa layin "u", wanda zaku iya ƙirƙirar asusun mai amfani gabaɗaya (a baya, an yi amfani da saita kalmar sirri da ba daidai ba don toshe mai amfani, misali, bai haifar da toshewa ba yayin ingantaccen maɓalli a cikin SSH).
  • Systemd-coredump yana ƙara wani zaɓi na "EnterNamespace" wanda ke ba da damar isa ga wurin tudu na kowane tsarin da ya faɗo don samun alamun gyara su. A aikace, zaɓin na iya zama da amfani don tsara bayanan baya na ainihin fayiloli daga aikace-aikacen da ke gudana a cikin keɓaɓɓen kwantena.
  • systemd-logind ya haɗa da sarrafa haɗin Ctrl-Alt-Shift-Esc don aika siginar org.freedesktop.login1.SecureAttentionKey siginar zuwa abubuwan mahalli mai amfani tare da buƙatar nuna amintaccen maganganun shiga. An aiwatar da saitin “DesignatedMaintenanceTime” don tsara aiki ta atomatik don kammalawa a ƙayyadadden lokaci. Ta hanyar kwatanci tare da goyan bayan na'urorin DRM da evdev, an ƙara tallafi don saita damar masu amfani marasa gata zuwa na'urorin ɓoye (masu kula da wasan da joysticks).
  • systemd-machined yanzu yana goyan bayan shiga cikin abokan ciniki mara gata. injunan kama-da-wane da kwantena. Ana samar da damar yin amfani da tsarin injin ta hanyar Varlink API, ban da D-Bus.
  • An ƙara sabon sashe "[IPv6AddressLabel]" zuwa fayil ɗin saitin networkd.conf don saita lakabi da prefixes don adiresoshin IPv6
  • Ƙara wani zaɓi na "-stdin" zuwa 'networkctl edit' umarni don samun abun ciki na fayil daga daidaitaccen rafi. Ƙara goyon baya don gyarawa da nuna fayilolin .netdev ta hanyar ƙididdige hanyar sadarwa ta hanyar sadarwa zuwa umarnin 'networkctl edit' da 'networkctl cat'. Ƙara wani zaɓi "--no-ask-password" don musaki izinin hulɗa.
  • Ƙara wani zaɓi na "--certificate-source" zuwa ukify, bootctl, systemd-keyutil, systemd-measure, systemd-repart, da systemd-sbsign utilities don loda takardar shaidar X.509 ta hanyar mai ba da OpenSSL maimakon yin lodi kai tsaye daga fayil.
  • systemd-boot yana ƙara ikon yin amfani da maɓallan ƙara don motsawa sama da ƙasa ta menu na taya, wanda zai iya zama da amfani akan na'urori irin su wayoyi. Taimako don shigar da bayanan UEFI Secure Boot a cikin tsarin ESL(db/dbx/…) don tsarin boot-boot an ƙara zuwa mai amfani na bootctl.
  • Ƙara wani zaɓi na "--list-invocation" zuwa journalctl don nuna jerin kira na ɗaya da zaɓin "-- kira" ("-I") don nuna rajistan ayyukan da ke da alaƙa da takamaiman kira kawai.
  • systemd-nspawn yana ƙara tallafi don amfani mara amfani na FUSE (Filesystem in Userspace) a cikin kwantena. Lokacin amfani da zaɓi na "-bind-user", ana tura maɓallan SSH na mai amfani don samun dama ta hanyar SSH zuwa akwati.
  • libsystemd ya kara sabon tsarin dubawa "sd-json" wanda ke amfani da tsarin JSON, da kuma "sd-varlink" da ke amfani da IPC Varlink.
  • An haɓaka sigar kernel da aka ba da shawarar zuwa sakin 5.4, wanda aka kafa a cikin 2019. A shekara mai zuwa suna shirin dakatar da tallafawa tsofaffin kernels kuma suna alamar sakin 5.4 a matsayin mafi ƙarancin tallafin tushe.
  • An soke tallafin gungun v1 kuma an kashe shi ta tsohuwa (don kunna shi, dole ne ku saka SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 akan layin umarni na kernel ban da kunna shi a cikin saitunan tsarin). Sakin na gaba na systemd 258 yana shirin cire gaba ɗaya rukunin rukunin v1 lambar. Tsarin tsarin 258 kuma an tsara shi don cire tallafi don rubutun sabis na System V.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster