notation when the 0o prefix is used and binary notation if the 0b
prefix is used.
+ * Various command line parameters and configuration file settings that
+ configure key or certificate files now optionally take paths to
+ AF_UNIX sockets in the file system. If configured that way a stream
+ connection is made to the socket and the required data read from
+ it. This is a simple and natural extension to the existing regular
+ file logic, and permits other software to provide keys or
+ certificates via simple IPC services, for example when unencrypted
+ storage on disk is not desired. Specifically, systemd-networkd's
+ Wireguard and MACSEC key file settings as well as
+ systemd-journal-gatewayd's and systemd-journal-remote's PEM
+ key/certificate parameters support this now.
+
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
configuration files that support specifier expansion learnt six new
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
read and even write access to all these otherwise unmappable files,
which is quite likely a major security problem.
+ * nss-mymachines lost support for resolution of users and groups, and
+ now only does resolution of hostnames. This functionality is now
+ provided by nss-systemd. Thus, the 'mymachines' entry should be
+ removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
+ (and 'systemd' added if it is not already there).
+
* A new kernel command line option systemd.hostname= has been added
that allows controlling the hostname that is initialized early during
boot.
interface. There are new "up" and "down" commands to bring specific
interfaces up or down.
- * systemd-resolved's DNS= configuration option now optionally accepts
- DNS server addresses suffixed by "#" followed by a host name. If
- used, the DNS-over-TLS certificate is validated to match the
- specified hostname.
+ * systemd-resolved's DNS= configuration option now optionally accepts a
+ port number (after ":") and a host name (after "#"). When the host
+ name is specified, the DNS-over-TLS certificate is validated to match
+ the specified hostname. Additionally, in case of IPv6 addresses, an
+ interface may be specified (after "%").
* systemd-resolved may be configured to forward single-label DNS names.
This is not standard-conformant, but may make sense in setups where
has been extended by a set of environment variables that expose
select fields from the host's os-release file to the container
payload. Similarly, host's os-release files can be mounted into the
- container underneath /run/hosts. Together, those mechanisms provide a
+ container underneath /run/host. Together, those mechanisms provide a
standardized way to expose information about the host to the
container payload. Both interfaces are implemented in systemd-nspawn.
LogControl1 D-Bus API which allows clients to change log level +
target of the service during runtime.
- * Various command line parameters and configuration file settings that
- configure key or certificate files now optionally take paths to
- AF_UNIX sockets in the file system. If configured that way a stream
- connection is made to the socket and the required data read from
- it. This is a simple and natural extension to the existing regular
- file logic, and permits other software to provide keys or
- certificates via simple IPC services, for example when unencrypted
- storage on disk is not desired. Specifically, systemd-networkd's
- Wireguard and MACSEC key file settings as well as
- systemd-journal-gatewayd's and systemd-journal-remote's PEM
- key/certificate parameters support this now.
+ * Only relevant for developers: the mkosi.default symlink has been
+ dropped from version control. Please create a symlink to one of the
+ distribution-specific defaults in .mkosi/ based on your preference.
Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
- Malafeev, Alin Popa, Amos Bird, Andreas Rammhold, AndreRH, Andrew
- Doran, Anita Zhang, Ankit Jain, antznin, Arnaud Ferraris, Arthur Moraes
- do Lago, Arusekk, Balaji Punnuru, Balint Reczey, Bastien Nocera,
- bemarek, Benjamin Berg, Benjamin Dahlhoff, Benjamin Robin, Chris Down,
- Chris Kerr, Christian Göttsche, Christian Hesse, Christian Oder,
- Ciprian Hacman, codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan
- Callaghan, Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner,
- David Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo,
- Dimitri John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca,
- Emmanuel Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
- ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
- Finn, Florian Klink, Franck Bui, Frantisek Sumsal, Gaoyi, gaurav, Georg
- Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2, gogogogi,
- gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic,
- James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy
- Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg
- Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
+ Malafeev, Alin Popa, Alvin Šipraga, Amos Bird, Andreas Rammhold,
+ AndreRH, Andrew Doran, Anita Zhang, Ankit Jain, antznin, Arnaud
+ Ferraris, Arthur Moraes do Lago, Arusekk, Balaji Punnuru, Balint
+ Reczey, Bastien Nocera, bemarek, Benjamin Berg, Benjamin Dahlhoff,
+ Benjamin Robin, Chris Down, Chris Kerr, Christian Göttsche, Christian
+ Hesse, Christian Oder, Ciprian Hacman, Clinton Roy, codicodi, Corey
+ Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan, Daniel Fullmer,
+ Daniel Rusek, Dan Streetman, Dave Reisner, David Edmundson, David Wood,
+ Denis Pronin, Diego Escalante Urrelo, Dimitri John Ledkov,
+ dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel Garette, Eric
+ Anderson, Eric DeVolder, Evgeny Vereshchagin, ExtinctFire, fangxiuning,
+ Ferran Pallarès Roca, Filipe Brandenburger, Filippo Falezza, Finn,
+ Florian Klink, Florian Mayer, Franck Bui, Frantisek Sumsal, gaurav,
+ Georg Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2,
+ gogogogi, gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov
+ Smolic, James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger,
+ Jeremy Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro,
+ Joerg Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus,
Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca
BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz
Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt
Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman,
Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný,
- Michal Sekletar, Michal Sekletár, Mike Gilbert, Mike Kazantsev, ml,
+ Michal Sekletár, Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml,
Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas
Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer,
Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard
Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu,
- Sean-StarLabs, Sebastian Jennen, sterlinghughes, Susant Sahani, Thomas
- Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
- Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
- Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
- Korman, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
- Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
-
- – Warsaw, 2020-07-09
+ Sean-StarLabs, Sebastian Jennen, sterlinghughes, Surhud More, Susant
+ Sahani, szb512, Thomas Haller, Tobias Hunger, Tom, Tomáš Pospíšek,
+ Tomer Shechner, Tom Hughes, Topi Miettinen, Tudor Roman, Uwe
+ Kleine-König, Valery0xff, Vito Caputo, Vladimir Panteleev, Vladyslav
+ Tronko, Wen Yang, Yegor Vialov, Yigal Korman, Yi Gao, YmrDtnJu, Yuri
+ Chornoivan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zhu Li, Дамјан
+ Георгиевски, наб
+
+ – Warsaw, 2020-07-24
CHANGES WITH 245: