ProHoster > I-blog > izindaba ze-inthanethi > ukukhishwa komphathi wesistimu ye-257

ukukhishwa komphathi wesistimu ye-257

Ngemva kwezinyanga eziyisithupha zokuthuthukiswa, ukukhululwa komphathi wesistimu i-systemd 257 kwethulwa izinguquko ezibalulekile: izinsiza ezintsha ze-systemd-sbsign kanye ne-systemd-keyutil, ukusekelwa kwe-MPTCP lapho icushiwe phezu kwesokhethi, ukusekelwa kokuqala kokwakhiwa komtapo wezincwadi we-Musl C, i-MPTCP. i-updatectl yokuphatha ukufakwa kwezibuyekezo nge-systemd-sysupdate, amandla okwethula izinsizakalo ezindaweni ezihlukene ze-PID, ukuvikelwa ekususweni ngephutha kwamafayela lapho kusetshenziswa i-“systemd-tmpfiles —purge”.

Phakathi kwezinguquko ekukhishweni okusha:

  • Добавлена новая утилита systemd-sbsign для заверения цифровой подписью исполняемых файлов в формате PE (Portable Executable), предназначенных для использования при загрузке в режиме EFI Secure Boot. Для формирования подписи могут использоваться движки и провайдеры, предоставляемые библиотекой OpenSSL. Systemd-sbsign может применяться в качестве альтернативы приложениям sbsigntool и pesign в утилите ukify при формировании универсальных образов ядра UKI (Unified Kernel Image), объединяющих в одном файле загрузчик для UEFI (UEFI boot stub), образ ядра Linux kanye nendawo yesistimu ye-initrd elayishwe kwimemori.
  • Insiza entsha, i-systemd-keyutil, yengeziwe esebenzisa imisebenzi eyahlukene kokhiye abayimfihlo nezitifiketi ze-X.509. Isibonelo, i-systemd-keyutil ingasetshenziselwa ukuhlola amandla okulayisha okhiye abayimfihlo nezitifiketi, futhi kukhishwe okhiye basesidlangalaleni kubo ngefomethi ye-PEM.
  • Kumayunithi ".socket" asetshenziswa ukuqinisekisa ukusebenza kwendlela yokwenza i-socket isebenze (ukuqala izinqubo lapho uzama ukusungula uxhumano lwenethiwekhi), kusekelwa i-MPTCP (Multipath TCP), okuwukunwetshwa kwephrothokholi ye-TCP yokuhlela ukusebenza koxhumano lwe-TCP ngokulethwa kwamaphakethe ngesikhathi esisodwa emizileni eminingana ngokusebenzisa izixhumi zenethiwekhi ezahlukene eziboshwe ezinhlotsheni ezahlukene. Amakheli e-IP.
  • Kubandakanya izinguquko ezidingekayo ukuze kwakhiwe kusetshenziswa umtapo wezincwadi ojwayelekile we-Musl C.
  • В различные компоненты systemd, выводящие индикаторы прогресса выполнения операций (например, systemd-repart, systemd-sysupdate/updatectl и importctl), добавлена возможность использования ANSI-последовательностей для анимирования отображения прогресса. Подобные последовательности пока поддерживаются только в Windows Terminal (предполагается, что со временем подобная возможность будет перенесена и в эмуляторы терминалов для Linux).
  • Amandla engxenye ye-systemd-sysupdate anwetshiwe, asetshenziselwe ukuthola ngokuzenzakalelayo, ukulanda kanye nokufaka izibuyekezo kusetshenziswa indlela ye-athomu yokushintsha izingxenye, amafayela noma izinkomba (izingxenye ezimbili ezizimele/amafayela/izinkomba ziyasetshenziswa, eyodwa yazo equkethe ukusebenza kwamanje. isisetshenziswa, futhi enye ifaka okulandelayo) isibuyekezo, ngemva kwalokho izigaba/amafayela/izinkomba ziyashintshwa). Empeleni, i-systemd-sysupdate isivele isetshenziswa ku-GNOME OS.

    Ngokungeziwe kunqubo ye-systemd-sysupdate, isevisi yegama elifanayo yengeziwe evumela ukuthi i-D-Bus isetshenziselwe ukuphatha izibuyekezo zesistimu ngumsebenzisi ongenamalungelo. Ukuze uphathe insizakalo, insiza entsha ye-updatectl nayo ifakiwe. Kwengezwe ifulegi elithi "--offline" ku-systemd-sysupdate ukuze ukhubaze ukulandwa kwemethadatha ngenethiwekhi futhi usebenzise kuphela izinguqulo esezilandiwe kusistimu yendawo. Kwengezwe usekelo lokukhiphayo ngefomethi ye-JSON kuyo yonke imiyalo.

  • Indawo entsha ethi “PrivatePIDs” isetshenziswe kumasevisi, ongahlela ngayo ukwethulwa kwezinqubo nge-PID 1 (inqubo ye-init) endaweni ehlukile yokokuhlonza inqubo (i-PID namespace). Endaweni edalelwe inqubo eqalisiwe, izinqubo kuphela ezisuka endaweni yegama ezidalelwe yona ezizobonakala.
  • Kwengezwe usekelo lokufanayo okungenazwelo emithethweni ye-udev (isb. 'ATTR{foo}==i»abcd»'). Ngokusebenzisa i-udev, kungenzeka ukunikeza abasebenzisi bendawo abangenamalungelo ngokufinyelela (“uaccess”) kudivayisi/dev/udmabuf, okudingekayo ekusebenzeni namakhamera we-IPMI nge-libcamera. i-udev inikeza ukuqashelwa kwezikhwama ze-crypto zehadiwe ehlukahlukene ngesixhumi esibonakalayo se-USB futhi izibekele impahla ye-ID_HARDWARE_WALLET, okukuvumela ukuthi usebenzise imodi "uaccess" kuzo ukuze zifinyelelwe ngabasebenzisi abangenamalungelo.
  • Izinkambu ezintsha RELEASE_TYPE, EXPERIMENT kanye ne-EXPERIMENT_URL zengezwe kufayela /etc/os-release. I-"RELEASE_TYPE" ingathatha amanani "okuhlola", "ukuthuthukiswa", "izinzile" kanye "nama-lts" ukuze ihlukanise izinguqulo ezinzile kusukela ekuthuthukisweni kanye nezakhiwo zokuhlola. Amapharamitha we-EXPERIMENT kanye ne-EXPERIMENT_URL ahloselwe ukuchaza ingqikithi yesakhiwo sokuhlola.
  • Insiza ye-run0, ethuthukiswe njengokungena esikhundleni sohlelo lwe-sudo, yengeze inketho ethi “--shell-prompt-prefix”, ecacisa umucu wesiqalo weshell shell yomyalo. Ngokuzenzakalela, i-emoji “🦸” iboniswa njengesiqalo ukuze kugqanyiswe isikhathi esengeziwe.
  • Ku-systemd-tmpfiles, ukuze ugweme ukususa ngephutha amafayela angalungile, inketho ethi "--purge" manje isebenza kuphela kuzilungiselelo eziku-tmpfiles.d/ ezinefulegi elithi "$" elisethwe ngokucacile. Umsebenzi "--purge" nawo manje udinga ukucacisa okungenani ifayela elilodwa ku-tmpfiles.d/ directory. Ezintanjeni ezinohlobo lwe-'L', ifulegi lengeziwe, uma licacisiwe, isixhumanisi esingokomfanekiso sizodalwa kuphela uma ifayela eliqondiwe likhona.
  • Kumphathi wesevisi nezinsiza ezihlobene, ikhodi yokulandelela inqubo iyaqhubeka nokuguqulwa ukuze isebenzise i-PIDFD esikhundleni se-PID. I-PIDFD ihlotshaniswa nenqubo ethile futhi ayishintshi, kuyilapho i-PID ingahlotshaniswa nenye inqubo ngemva kokuthi inqubo yamanje ehlotshaniswa naleyo PID inqanyuliwe.
  • Ezinsizeni, manje sekungenzeka ukuthi ucacise inani elithi “debug” kupharamitha ethi “RestartMode”, lapho isevisi ehlulekile izoqalwa kabusha ngemodi yokususa iphutha evuliwe (okuguquguqukayo kwemvelo DEBUG_INVOCATION=1 kusethiwe), futhi inani le-LogLevelMax lizoba inyuswe okwesikhashana ileveli yokususa iphutha.
  • Isibambi se-PID 1 sinamandla okulayisha imithetho yemojuli ye-IPE (Integrity Policy Enforcement) LSM, echaza inqubomgomo yobuqotho yayo yonke isistimu (imisebenzi evunyelwe nokuthi ubuqiniso bezingxenye kufanele buqinisekiswe kanjani).
  • Inketho ye-“DeferReactivation” yengezwe kumafayela eyunithi ethi “.timer”, okukuvumela ukuthi weqe ukwenza kusebenze isibali sikhathi esilandelayo uma isevisi ingakaqedi ukusetshenziswa kwayo kusukela ekusetshenzisweni kokugcina.
  • Kupharamitha yeyunithi yeyunithi ye-PrivateUsers, manje sekungenzeka ukuthi ucacise inani elithi "identity" ukuze unike amandla ukumepha ama-ID wabasebenzisi lapho udala indawo yegama lomsebenzisi.
  • Usekelo olungeziwe lwevelu "enqanyuliwe" kupharamitha yeyunithi yeyunithi ye-PrivateTmp, ezosebenzisa izimo ze-tmpfs ezihlukene zezinkomba /tmp/ kanye /var/tmp/.
  • Usekelo lwezindlela ezintsha “eziyimfihlo” kanye “neziqinile” zengezwe kupharamitha yeyunithi yeyunithi ye-ProtectControlGroups, uma isethiwe, kwakhiwa indawo yamagama yeqembu elisha lesevisi futhi ama-cgroupf ayakhwezwa. Uma inketho "eqinile" isethiwe, i-cgroupfs ikhwezwa kumodi yokufunda kuphela.
  • I-StateDirectory, i-RuntimeDirectory, i-CacheDirectory, i-LogsDirectory kanye nemingcele ye-ConfigurationDirectory inikeza ikhono lokusebenzisa ifulegi elithi ':ro' ukukhawulela ukufinyelela kuzinkhombandlela ezihambisanayo kumodi yokufunda kuphela.
  • Usekelo olungeziwe lwevelu ye-“firmware” kupharamitha yomugqa womyalo we-kernel “systemd.machine_id”, lapho isihlonzi sesistimu (i-ID yomshini) sizobalwa ngokusekelwe ku-UUID evela ku-SMBIOS/DeviceTree.
  • Добавлена поддержка системных вызовов mseal(), listmount() и statmount(), появившихся в недавних выпусках ядра Linux.
  • I-solventctl, timedatectl kanye ne-systemd-inhibit izinsiza manje zisekela ukugunyazwa okusebenzisanayo kusetshenziswa i-Polkit.
  • Kwengezwe amandla okusebenzisa ifulegi elithi “--now” kumyalo othi “vula kabusha” kunsiza ye-systemctl.
  • Kwengezwe inketho ethi "--json" kusisetshenziswa se-systemd-mount sokukhipha ngefomethi ye-JSON (isibonelo, uma kucaciswe kanye "--list-devices", uhlu lwamadivayisi luzokhishwa ngefomethi ye-JSON).
  • Kwengezwe okukhethwa kukho okuthi "-l" kanye "--full" kusisetshenziswa se-"localectl" ukuze ukhubaze ukusikwa kwemigqa emide phakathi nokukhiphayo.
  • Inketho ye-HibernateOnACPower yengezwe ku-sleep.conf, ekuvumela ukuthi ubambezele ukushintshela kumodi yokulala kuze kube yilapho idivayisi inqanyulwa kumthombo wamandla omile.
  • Kuma-systemd-sysusers, ukusekelwa kwesilungisi “!” kwengezwe emigqeni ethi “u”, ongakha ngayo ama-akhawunti omsebenzisi akhiywe ngokuphelele (ngaphambilini, ukusetha iphasiwedi engalungile bekusetshenziselwa ukuvimba umsebenzisi, okuthi, ngokwesibonelo, akuholelanga ekuvinjweni ngesikhathi sokufakazela ubuqiniso kokhiye ku-SSH ).
  • I-Systemd-coredump ingeza inketho ethi "EnterNamespace" evumela ukufinyelela endaweni yephoyinti lokukhweza lanoma yiziphi izinqubo eziphahlazekile ukuze kutholwe izimpawu zazo zokususa iphutha. Empeleni, inketho ingaba usizo ekuhleleni i-backtrace yamafayela angumongo kusuka ezinhlelweni ezisebenza ezitsheni ezingazodwa.
  • i-systemd-logind ihlanganisa ukucutshungulwa kwenhlanganisela ye-Ctrl-Alt-Shift-Esc ukuze uthumele isignali ethi org.freedesktop.login1.SecureAttentionKey ezingxenyeni zendawo yomsebenzisi ngesicelo sokubonisa ibhokisi lokungena elivikelekile. Kusetshenziswe ukulungiselelwa kwe-“DesignatedMaintenanceTime” ukuze kuhlelwe ngokuzenzakalelayo umsebenzi ozoqedwa ngesikhathi esithile. Ngokufanisa nokusekelwa kwamadivayisi we-DRM ne-evdev, ukwesekwa kungeziwe ukuze kulungiselelwe ukufinyelela kwabasebenzisi abangenamalungelo ukuze bafihle amadivayisi (izilawuli zegeyimu nezinti zokujabula).
  • i-systemd-machined manje isekela ukungena ngemvume kwamakhasimende angenamalungelo. imishini ebonakalayo kanye neziqukathi. Ukufinyelela ekusebenzeni kwe-systemd-machined kunikezwa nge-Varlink API, ngaphezu kwe-D-Bus.
  • Isigaba esisha “[IPv6AddressLabel]” sengezwe kufayela lokucushwa le-networkd.conf ukuze kulungiselelwe amalebula neziqalo zamakheli e-IPv6.
  • Kwengezwe inketho ethi "--stdin" kumyalo we-'networkctl edit' ukuze uthole okuqukethwe kwefayela ekusakazweni okujwayelekile. Kwengezwe usekelo lokuhlela nokubonisa amafayela e-.netdev ngokucacisa isixhumi esibonakalayo senethiwekhi kumiyalo ethi 'networkctl edit' kanye 'ne-networkctl cat'. Inketho engeziwe "--no-ask-password" ukuze ukhubaze ukugunyazwa okusebenzisanayo.
  • Kwengezwe inketho ethi "--certificate-source" ku-ukify, bootctl, systemd-keyutil, systemd-measure, systemd-repart, kanye nezinsiza ze-systemd-sbsign ukuze kulayishwe isitifiketi se-X.509 ngomhlinzeki we-OpenSSL esikhundleni sokulayisha ngokuqondile kusuka ku- ifayela.
  • i-systemd-boot yengeza amandla okusebenzisa izinkinobho zevolumu ukuya phezulu naphansi kumenyu yokuqalisa, engaba usizo kumadivayisi afana nama-smartphone. Usekelo lokufaka isizindalwazi se-UEFI Secure Boot ngefomethi ye-ESL(db/dbx/…) ye-systemd-boot yengezwe kunsiza ye-bootctl.
  • Kwengezwe inketho ethi "--list-invocation" ku-journalctl ukuze ubonise uhlu lwamakholi weyunithi kanye nenketho ethi "--invocation" ("-I") ukuze ubonise amalogi ahlotshaniswa nocingo oluthile kuphela.
  • i-systemd-nspawn yengeza ukusekelwa kokusetshenziswa okungenanjongo kwe-FUSE (Isistimu yefayela ku-Userspace) ezitsheni. Uma usebenzisa inketho ethi "--bind-user", okhiye be-SSH bomsebenzisi abadingekayo ukuze kufinyelelwe nge-SSH badluliselwa esitsheni.
  • I-libsystemd yengeze isixhumi esibonakalayo esisha esithi "sd-json" esebenzisa ifomethi ye-JSON, kanye nesixhumi esibonakalayo "sd-varlink" esebenzisa i-IPC Varlink.
  • Inguqulo ye-base kernel enconyiwe ithuthukisiwe ukuze ikhulule i-5.4, eyakhiwe ngo-2019. Ngonyaka ozayo bahlela ukuyeka ukusekela izikhwebu ezindala futhi bamake ukukhishwa okungu-5.4 njengenguqulo encane esekelwe esekelwe.
  • Ukusekelwa kwamaqoqo v1 kwehlisiwe futhi kukhutshaziwe ngokuzenzakalela (ukuze uyivule, kufanele ucacise SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 emugqeni womyalo we-kernel ngaphezu kokuyivumela kuzilungiselelo ze-systemd). Ukukhishwa okulandelayo kwe-systemd 258 kuhlela ukususa ngokuphelele amakhodi ahlobene we-v1. Inguqulo ye-Systemd 258 nayo ihlelelwe ukususa usekelo lwemibhalo yesevisi ye-System V.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster