systemd System and Service Manager
+CHANGES WITH 230 in spe:
+
+ * DNSSEC is now turned on by default in systemd-resolved (in
+ "allow-downgrade" mode), but may be turned off during compile time by
+ passing "--with-default-dnssec=no" to "configure" (and of course,
+ during runtime with DNSSEC= in resolved.conf). We recommend
+ downstreams to leave this on at least during development cycles and
+ report any issues with the DNSSEC logic upstream. We are very
+ interested in collecting feedback about the DNSSEC validator and its
+ limitations in the wild. Note however, that DNSSEC support is
+ probably nothing downstreams should turn on in stable distros just
+ yet, as it might create incompabilities with a few DNS servers and
+ networks. We tried hard to make sure we downgrade to non-DNSSEC mode
+ automatically whenever we detect such incompatible setups, but there
+ might be systems we do not cover yet. Hence: please help us testing
+ the DNSSEC code, leave this on where you can, report back, but then
+ again don't consider turning this on in your stable, LTS or
+ production release just yet.
+
+ * Testing tool /usr/lib/systemd/systemd-activate is renamed to
+ systemd-socket-activate and installed into /usr/bin. It is now fully
+ supported.
+
CHANGES WITH 229:
* The systemd-resolved DNS resolver service has gained a substantial
set of new features, most prominently it may now act as a DNSSEC
validating stub resolver. DNSSEC mode is currently turned off by
- default, but it is expected that this is turned on by default in one
- of the next releases. For now, we invite everybody to test the DNSSEC
- logic by setting DNSSEC=allow-downgrade in
- /etc/systemd/resolved.conf. The service also gained a full set of
- D-Bus interfaces, including calls to configure DNS and DNSSEC
- settings per link (for consumption by external network management
- software). systemd-resolved (and systemd-networkd along with it) now
- know to distinguish between "search" and "routing" domains. The
- former are used to qualify single-label names, the latter are purely
- used for routing lookups within certain domains to specific
- links. resolved will now also synthesize RRs for all entries from
- /etc/hosts.
+ default, but is expected to be turned on by default in one of the
+ next releases. For now, we invite everybody to test the DNSSEC logic
+ by setting DNSSEC=allow-downgrade in /etc/systemd/resolved.conf. The
+ service also gained a full set of D-Bus interfaces, including calls
+ to configure DNS and DNSSEC settings per link (for use by external
+ network management software). systemd-resolved and systemd-networkd
+ now distinguish between "search" and "routing" domains. The former
+ are used to qualify single-label names, the latter are used purely
+ for routing lookups within certain domains to specific links.
+ resolved now also synthesizes RRs for all entries from /etc/hosts.
* The systemd-resolve tool (which is a client utility for
- systemd-resolved, and previously experimental) has been improved
- considerably and is now fully supported and documented. Hence it has
- moved from /usr/lib/systemd to /usr/bin.
+ systemd-resolved) has been improved considerably and is now fully
+ supported and documented. Hence it has moved from /usr/lib/systemd to
+ /usr/bin.
* /dev/disk/by-path/ symlink support has been (re-)added for virtio
devices.
* systemd-nspawn gained a new --as-pid2 switch that invokes any
specified command line as PID 2 rather than PID 1 in the
- container. In this mode PID 1 will be a minimal stub init process
- that implements the special POSIX and Linux semantics of PID 1
- regarding signal and child process management. Note that this stub
- init process is implemented in nspawn itself and requires no support
- from the container image. This new logic is useful to support running
- arbitrary command lines in the container, as normal processes are
+ container. In this mode PID 1 is a minimal stub init process that
+ implements the special POSIX and Linux semantics of PID 1 regarding
+ signal and child process management. Note that this stub init process
+ is implemented in nspawn itself and requires no support from the
+ container image. This new logic is useful to support running
+ arbitrary commands in the container, as normal processes are
generally not prepared to run as PID 1.
* systemd-nspawn gained a new --chdir= switch for setting the current
working directory for the process started in the container.
- * "journalctl /dev/sda" will now output all kernel log messages from
- the specified device, in addition to all devices that are parents of
- it. This should make log output about devices pretty useful, as long
- as kernel drivers attach enough metadata to the log messages. (The
- usual SATA drivers do.)
+ * "journalctl /dev/sda" will now output all kernel log messages for
+ specified device from the current boot, in addition to all devices
+ that are parents of it. This should make log output about devices
+ pretty useful, as long as kernel drivers attach enough metadata to
+ the log messages. (The usual SATA drivers do.)
* The sd-journal API gained two new calls
sd_journal_has_runtime_files() and sd_journal_has_persistent_files()
in addition to timesyncd during early boot-up, so that it is enforced
before the first process is spawned by systemd. Note that the logic
in timesyncd remains, as it is more comprehensive and ensures
- montonic clocks by maintaining a persistant timestamp file in
+ clock monotonicity by maintaining a persistent timestamp file in
/var. Since /var is generally not available in earliest boot or the
initrd, this part of the logic remains in timesyncd, and is not done
by PID 1.
to configure hard and soft limits individually.
* The various libsystemd APIs such as sd-bus or sd-event now publicly
- expose support for gcc's __attribute__((cleanup())) C
- extension. Specifically, for many object destructor functions
- alternative versions whose names are suffixed with "p" have been
- added, which take a pointer to a pointer to the object to destroy,
- instead of just a pointer to the object itself. This is useful because
- these destructor functions may be used directly as parameters to the
- cleanup construct. Internally, systemd has been a heavy user of the
- GCC extension since a long time, and with this change similar support
- is now available to consumers of the library outside of systemd. Note
+ expose support for gcc's __attribute__((cleanup())) C extension.
+ Specifically, for many object destructor functions alternative
+ versions have been added that have names suffixed with "p" and take a
+ pointer to a pointer to the object to destroy, instead of just a
+ pointer to the object itself. This is useful because these destructor
+ functions may be used directly as parameters to the cleanup
+ construct. Internally, systemd has been a heavy user of this GCC
+ extension for a long time, and with this change similar support is
+ now available to consumers of the library outside of systemd. Note
that by using this extension in your sources compatibility with old
- and strictly ANSI compatible C compilers is lost. However, any gcc or
- LLVM version of recent years have supported this extension.
+ and strictly ANSI compatible C compilers is lost. However, all gcc or
+ LLVM versions of recent years support this extension.
* Timer units gained support for a new setting RandomizedDelaySec= that
allows configuring some additional randomized delay to the configured
d /run/lock/lockdev 0775 root lock -
- Contributions from: ...
-
- -- Berlin, 2016-MM-DD
+ Contributions from: Abdo Roig-Maranges, Alban Crequy, Aleksander
+ Adamowski, Alexander Kuleshov, Andreas Pokorny, Andrei Borzenkov,
+ Andrew Wilcox, Arthur Clement, Beniamino Galvani, Casey Schaufler,
+ Chris Atkinson, Chris Mayo, Christian Hesse, Damjan Georgievski, Dan
+ Dedrick, Daniele Medri, Daniel J Walsh, Daniel Korostil, Daniel Mack,
+ David Herrmann, Dimitri John Ledkov, Dominik Hannen, Douglas Christman,
+ Evgeny Vereshchagin, Filipe Brandenburger, Franck Bui, Gabor Kelemen,
+ Harald Hoyer, Hayden Walles, Helmut Grohne, Henrik Kaare Poulsen,
+ Hristo Venev, Hui Wang, Indrajit Raychaudhuri, Ismo Puustinen, Jakub
+ Wilk, Jan Alexander Steffens (heftig), Jan Engelhardt, Jan Synacek,
+ Joost Bremmer, Jorgen Schaefer, Karel Zak, Klearchos Chaloulos,
+ lc85446, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel
+ Holtmann, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Scherer,
+ Michał Górny, Michal Sekletar, Nicolas Cornu, Nicolas Iooss, Nils
+ Carlson, nmartensen, nnz1024, Patrick Ohly, Peter Hutterer, Phillip Sz,
+ Ronny Chevalier, Samu Kallio, Shawn Landden, Stef Walter, Susant
+ Sahani, Sylvain Plantefève, Tadej Janež, Thomas Hindoe Paaboel
+ Andersen, Tom Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Vito
+ Caputo, WaLyong Cho, Yu Watanabe, Zbigniew Jędrzejewski-Szmek
+
+ -- Berlin, 2016-02-11
CHANGES WITH 228: