ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa komphathi wenkqubo ye-257

Ukukhutshwa komphathi wenkqubo ye-257

Emva kweenyanga ezintandathu zophuhliso, ukukhutshwa komphathi wenkqubo systemd 257 kwaboniswa utshintsho olungundoqo: izixhobo ezintsha ze-systemd-sbsign kunye ne-systemd-keyutil, inkxaso ye-MPTCP xa ivuliwe phezu kwe-socket, inkxaso yokuqala yokwakha kunye nethala leencwadi le-Musl C, i i-updatectl utility yokulawula ukufakela uhlaziyo nge-systemd-sysupdate, ukukwazi ukuqalisa iinkonzo kwiindawo zamagama ze-PID ezahlukileyo, ukukhuselwa ekucinyweni ngengozi kweefayile xa usebenzisa "i-systemd-tmpfiles -purge".

Phakathi kotshintsho kukhupho olutsha:

  • Добавлена новая утилита systemd-sbsign для заверения цифровой подписью исполняемых файлов в формате PE (Portable Executable), предназначенных для использования при загрузке в режиме EFI Secure Boot. Для формирования подписи могут использоваться движки и провайдеры, предоставляемые библиотекой OpenSSL. Systemd-sbsign может применяться в качестве альтернативы приложениям sbsigntool и pesign в утилите ukify при формировании универсальных образов ядра UKI (Unified Kernel Image), объединяющих в одном файле загрузчик для UEFI (UEFI boot stub), образ ядра Linux kunye nemeko-bume yenkqubo ye-initrd efakwe kwimemori.
  • Umsebenzi omtsha, i-systemd-keyutil, yongezwe ukuba iphumeze imisebenzi eyahlukeneyo kwizitshixo zabucala kunye nezatifikethi ze-X.509. Umzekelo, i-systemd-keyutil ingasetyenziselwa ukuvavanya ukukwazi ukulayisha izitshixo zabucala kunye nezatifikethi, kunye nokukhupha izitshixo zikawonkewonke kuzo kwifomathi ye-PEM.
  • Kwiiyunithi ze-".socket" ezisetyenziselwa ukuqinisekisa ukusebenza kwendlela yokusebenza kwe-socket (ukuqala iinkqubo xa uzama ukuseka uqhagamshelo lwenethiwekhi), inkxaso iyasebenza kwi-MPTCP (Multipath TCP), ulwandiso lweprotocol ye-TCP yokulungiselela ukusebenza koqhagamshelo lwe-TCP ngokuhanjiswa kweepakethi ngaxeshanye kwiindlela ezahlukeneyo ngokusebenzisa ii-interfaces zenethiwekhi ezahlukeneyo ezibotshelelwe kwiindlela ezahlukeneyo. Idilesi yam ye-IP.
  • Kubandakanya utshintsho oluyimfuneko ekwakheni kusetyenziswa ithala leencwadi elisemgangathweni leMusl C.
  • В различные компоненты systemd, выводящие индикаторы прогресса выполнения операций (например, systemd-repart, systemd-sysupdate/updatectl и importctl), добавлена возможность использования ANSI-последовательностей для анимирования отображения прогресса. Подобные последовательности пока поддерживаются только в Windows Terminal (предполагается, что со временем подобная возможность будет перенесена и в эмуляторы терминалов для Linux).
  • Izakhono zecandelo le-systemd-sysupdate zandisiwe, zisetyenziselwa ukufumanisa ngokuzenzekelayo, ukukhuphela kunye nokufakela uhlaziyo kusetyenziswa indlela yeathom yokutshintsha izahlulelo, iifayile okanye iirejista (izahlulo ezibini ezizimeleyo/iifayile/abalawuli basetyenziswa, enye iqulethe ukusebenza kwangoku. resource, kwaye enye ihlohla elandelayo) uhlaziyo, emva koko amacandelo/iifayile/abalawuli bayatshintshwa). Ngokwesiqhelo, i-systemd-sysupdate sele isetyenziswa kwi-GNOME OS.

    Ukongeza kwinkqubo ye-systemd-sysupdate, inkonzo yegama elifanayo iye yongezwa evumela ukuba i-D-Bus isetyenziswe ukulawula ukuhlaziywa kwenkqubo ngumsebenzisi ongenamalungelo. Ukulawula inkonzo, into entsha ye-updatectl nayo ibandakanyiwe. Kongezwe iflegi "--offline" kwi-systemd-sysupdate ukuvala ukhuphelo lwemetadata kwinethiwekhi kwaye usebenzise kuphela iinguqulelo esele zikhutshelwe kwisistim yasekhaya. Inkxaso eyongeziweyo yemveliso kwifomati ye-JSON kuyo yonke imiyalelo.

  • Ipropati entsha "I-PrivatePIDs" iphunyezwe kwiinkonzo, apho unokuququzelela ukuqaliswa kweenkqubo kunye ne-PID 1 (inkqubo ye-init) kwindawo yokuchonga inkqubo eyahlukileyo (indawo yegama le-PID). Kwimeko-bume eyenzelwe inkqubo yokusungulwa, kuphela iinkqubo ezivela kwindawo yamagama eyenzelwe yona eziya kubonakala.
  • Inkxaso eyongeziweyo yongqamaniso olungakhathaliyo kwimithetho ye-udev (umzekelo 'ATTR{foo}==i»abcd»'). Ukusebenzisa i-udev, kunokwenzeka ukubonelela abasebenzisi bendawo abangenanto yokufikelela ("uaccess") kwisixhobo / dev / udmabuf, okuyimfuneko ekusebenzeni kunye neekhamera ze-IPMI nge-libcamera. i-udev inikezela ngokuqatshelwa kwee-wallets ze-crypto ze-hardware kunye ne-interface ye-USB kunye nokumisela ipropathi ye-ID_HARDWARE_WALLET kubo, ekuvumela ukuba usebenzise imowudi "uaccess" kubo ukufikelela kubasebenzisi abangenalungelo.
  • Imimandla emitsha RELEASE_TYPE, EXPERIMENT kunye ne-EXPERIMENT_URL yongezwe kwifayile /etc/os-release. "RELEASE_TYPE" inokuthatha amaxabiso "yovavanyo", "uphuhliso", "stable" kunye ne "lts" ukwahlula iinguqulelo ezizinzileyo kuphuhliso kunye nolwakhiwo lovavanyo. I-EXPERIMENT kunye ne-EXPERIMENT_URL iiparamitha zenzelwe ukucacisa undoqo wolwakhiwo lovavanyo.
  • Usetyenziso lwe-run0, oluphuhliswe njengolwenzeko lwenkqubo ye-sudo, yongeze i-“--shell-prompt-prefix” ukhetho, oluchaza umtya wesimaphambili somyalelo weqokobhe lomyalelo. Ngokungagqibekanga, i-emoji "🦸" iboniswa njengesimaphambili sokuqaqambisa iseshoni ephakamileyo.
  • Kwi-systemd-tmpfiles, ukunqanda ukucima ngempazamo iifayile ezingalunganga, ukhetho "--purge" ngoku lusebenza kuphela kwiisetingi ezikwi-tmpfiles.d/ ezine "$" iflegi ebekwe ngokucacileyo. Umsebenzi ka-"--purge" nawo ngoku ufuna ukukhankanya nokuba yifayile enye kwi-tmpfiles.d/ directory. Kwimitya enodidi 'L', iflegi yongeziwe, xa ikhankanyiwe, ikhonkco lomfuziselo liyakwenziwa kuphela ukuba ifayile ekujoliswe kuyo ikhona.
  • Kumphathi wenkonzo kunye nezixhobo ezihambelanayo, ikhowudi yokulandelela inkqubo iyaqhubeka nokuguqulwa ukuze isebenzise i-PIDFD endaweni ye-PID. I-PIDFD inxulumene nenkqubo ethile kwaye ayitshintshi, ngelixa i-PID inokudibaniswa nenye inkqubo emva kokuba inkqubo yangoku ehambelana ne-PID iphelile.
  • Kwiinkonzo, ngoku kuyenzeka ukukhankanya ixabiso “debug” kwi “RestartMode” iparameter, apho inkonzo engaphumelelanga iyakuphinda iqalwe ngemo yedebug yenziwe (imeko-bume eguquguqukayo DEBUG_INVOCATION=1 iseti), kunye nexabiso leLogLevelMax liya kuba inyuswe okwethutyana kwinqanaba lolungiso.
  • Umphathi we-PID 1 unamandla okulayisha imithetho ye-IPE (i-Integrity Policy Enforcement) imodyuli ye-LSM, echaza umgaqo-nkqubo wengqibelelo kuyo yonke inkqubo (eyiphi imisebenzi evunyelweyo kunye nendlela ukunyaniseka kwamacandelo kufuneka kuqinisekiswe ngayo).
  • Inketho ethi "DeferReactivation" yongezwe kwiifayile zeyunithi ".timer", ekuvumela ukuba weqe ukuqaliswa kwexesha elilandelayo ukuba inkonzo ayikagqibi ukuphunyezwa kwayo ukususela ekugqibeleni.
  • Kwiparameter yefayile yeyunithi yaBasebenzisi abaBucala, ngoku kunokwenzeka ukucacisa ixabiso elithi "identity" ukwenza imephu yee-ID zabasebenzisi xa usenza indawo yegama lomsebenzisi.
  • Inkxaso eyongeziweyo yexabiso "elicinyiweyo" kwi-PrivateTmp yefayile yefayile yeparamitha, eya kusebenzisa imizekelo yetmpfs eyahlukileyo ye /tmp/ kunye /var/tmp/ abalawuli.
  • Inkxaso yeendlela ezintsha "zabucala" kunye "nezingqongqo" zongezwe kwifayile yefayile yeyunithi yeProtectControlGroups, xa isetyenzisiwe, indawo entsha yegama leqela lenzelwe inkonzo kwaye i-cgroupfs ifakwe. Xa ukhetho "olungqongqo" lusetiwe, i-cgroupfs ixhonywe kwindlela yokufunda kuphela.
  • I-StateDirectory, i-RuntimeDirectory, i-CacheDirectory, i-LogsDirectory kunye ne-ConfigurationDirectory parameters zibonelela ngokukwazi ukusebenzisa ':ro' iflegi ukunqanda ufikelelo kubalawuli abahambelanayo kwindlela yokufunda-kuphela.
  • Inkxaso eyongeziweyo yexabiso "lwe-firmware" kwi-"systemd.machine_id" ye-kernel yomgca womyalelo wepharamitha, apho isibonisi senkqubo (i-ID yomatshini) iya kubalwa ngokusekelwe kwi-UUID esuka kwi-SMBIOS/DeviceTree.
  • Добавлена поддержка системных вызовов mseal(), listmount() и statmount(), появившихся в недавних выпусках ядра Linux.
  • I-solventctl, timedatectl kunye ne-systemd-inhibit eziluncedo ngoku zixhasa ugunyaziso olusebenzisanayo kusetyenziswa i-Polkit.
  • Umsebenzi we-systemctl wongeze amandla okusebenzisa iflegi ethi "--ngoku" kumyalelo othi "reenable".
  • Yongezwa "--json" ukhetho kwinkqubo-yokunyuka into eluncedo yemveliso kwifomathi ye-JSON (umzekelo, xa ikhankanyiwe kunye ne- "--list-devices", uluhlu lwezixhobo luya kukhutshwa kwifomathi ye-JSON).
  • Kongezwe u-"-l" kunye "--full" iinketho kwi "localectl" into eluncedo ukuvala ukusikwa kwemigca emide ngexesha lemveliso.
  • Inketho ye-HibernateOnACPower yongezwe kwi-sleep.conf, ekuvumela ukuba ulibazise ukutshintshela kwimodi yokulala de ifowuni ikhutshwe kumthombo wamandla omileyo.
  • Kwi-systemd-sysusers, inkxaso yesilungisi “!” yongezwe kwimigca ethi “u”, onokuthi ngayo wenze ii-akhawunti zomsebenzisi ezitshixiweyo ngokupheleleyo (ngaphambili, ukuseta igama eligqithisiweyo elingachanekanga kwakusetyenziswa ukubhloka komsebenzisi, oko kukuthi, umzekelo. khange ikhokelele ekuthinteleni ngexesha loqinisekiso olungundoqo kwi-SSH ).
  • I-Systemd-coredump yongeza i-"EnterNamespace" ukhetho oluvumela ufikelelo kwindawo yencopho yazo naziphi na iinkqubo ezingqushiweyo ukufumana iisimboli zabo zokulungisa. Ngokwesiqhelo, ukhetho lunokuba luncedo ekulungiseleleni umva weefayile eziphambili ukusuka kwizicelo ezisebenza kwizikhongozeli ezizimeleyo.
  • systemd-logind iquka ukuqhubekekiswa kweCtrl-Alt-Shift-Esc indibaniselwano ukuthumela i org.freedesktop.login1.SecureAttentionUphawu lwesitshixo kumalungu okusingqongileyo ngesicelo sokubonisa incoko yababini ekhuselekileyo yokungena. Kuphunyezwe i-“DesignatedMaintenanceTime” ukucwangcisa ngokuzenzekelayo umsebenzi ukuze ugqitywe ngexesha elithile. Ngokulinganisa kunye nenkxaso ye-DRM kunye nezixhobo ze-evdev, inkxaso yongezwe ukulungiselela ukufikelela kubasebenzisi abangenalungelo lokufihla izixhobo (abalawuli bomdlalo kunye nezinti zovuyo).
  • i-systemd-machined ngoku ixhasa ukungena kwabathengi abangenamalungelo. oomatshini bokwenene kunye nezikhongozeli. Ukufikelela kumsebenzi we-systemd-machined kunikezelwa nge-Varlink API, ukongeza kwi-D-Bus.
  • Icandelo elitsha "[IPv6AddressLabel]" yongezwe kwifayile yoqwalaselo ye-networkd.conf ukulungiselela iilebhile kunye nezimaphambili zeedilesi ze-IPv6.
  • Kongezwe "--stdin" ukhetho 'ku-networkctl edit' umyalelo wokufumana imixholo yefayile kumsinga oqhelekileyo. Inkxaso eyongeziweyo yokuhlela kunye nokubonisa iifayile ze-.netdev ngokukhankanya ujongano lomsebenzi wothungelwano 'kuhlelo lwe-networkctl' kunye nemiyalelo ye-'networkctl cat'. Inketho eyongeziweyo "-akukho-kubuza-iphasiwedi" ukuvala ugunyaziso olusebenzisanayo.
  • Yongeza "--yesiqinisekiso-umthombo" ukhetho kwi ukify, bootctl, systemd-keyutil, systemd-measure, systemd-repart, kunye ne systemd-sbsign eziluncedo ukulayisha isatifikethi se-X.509 ngomboneleli we-OpenSSL endaweni yokulayisha ngokuthe ngqo kwi ifayile.
  • I-systemd-boot yongeza amandla okusebenzisa amaqhosha evolyum ukuya phezulu kwaye ezantsi kwimenyu yokuqalisa, enokuba luncedo kwizixhobo ezinjengee-smartphones. Inkxaso yokuhlohla idatabase ye-UEFI eKhuselekileyo yokuQalisa kwi-ESL(db/dbx/…) ifomathi ye-systemd-boot yongezwe kusetyenziso lwe-bootctl.
  • Kongezwe ukhetho "--list-invocation" kwijenali ukubonisa uluhlu lweeyunithi zefowuni kunye "--invocation" ukhetho ("-I") ukubonisa iilogi ezinxulumene kuphela nomnxeba othile.
  • i-systemd-nspawn yongeza inkxaso yokusetyenziswa ngokungekho sikweni kweFUSE (Inkqubo yeefayile kwindawo yoMsebenzisi) kwizikhongozeli. Xa usebenzisa "--bophelela-umsebenzisi" ukhetho, izitshixo ze-SSH zomsebenzisi ezifunekayo ukufikelela nge-SSH zithunyelwa kwisikhongozeli.
  • i-libsystemd yongeze ujongano olutsha lwenkqubo "sd-json" esebenzisa ifomati ye-JSON, kunye ne-interface "sd-varlink" esebenzisa i-IPC Varlink.
  • I-base kernel version ecetyiswayo iye yaphuculwa ukukhulula i-5.4, eyenziwe ngo-2019. Kunyaka ozayo baceba ukuyeka ukuxhasa ii-kernels ezindala kwaye baphawule ukukhululwa kwe-5.4 njengesiseko esisisiseko esixhaswayo.
  • Inkxaso yamaqela v1 iye yarhoxiswa kwaye ivaliwe ngokungagqibekanga (ukuze uyenze, kufuneka ukhankanye SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 kumgca womyalelo we kernel ukongeza ukuyivula kwizicwangciso zenkqubo). Ukukhutshwa okulandelayo kwe-systemd 258 izicwangciso zokususa ngokupheleleyo amaqela e-v1 ikhowudi ehambelanayo. Uguqulelo lwe-Systemd 258 lukwatyatyelwe ukususa inkxaso yeskripthi senkonzo yeNkqubo yeV.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster