sysusers: add support for a --image= switch

[thirdparty/systemd.git] / NEWS

diff --git a/NEWS b/NEWS
index a393157035e1d32daba3a13269a2eee0f9ef0688..95685ed7f71102d6bbe42f34349f008e174031d9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -74,6 +74,18 @@ CHANGES WITH 246:
           notation when the 0o prefix is used and binary notation if the 0b
           prefix is used.
 
           notation when the 0o prefix is used and binary notation if the 0b
           prefix is used.
 

+        * Various command line parameters and configuration file settings that
+          configure key or certificate files now optionally take paths to
+          AF_UNIX sockets in the file system. If configured that way a stream
+          connection is made to the socket and the required data read from
+          it. This is a simple and natural extension to the existing regular
+          file logic, and permits other software to provide keys or
+          certificates via simple IPC services, for example when unencrypted
+          storage on disk is not desired. Specifically, systemd-networkd's
+          Wireguard and MACSEC key file settings as well as
+          systemd-journal-gatewayd's and systemd-journal-remote's PEM
+          key/certificate parameters support this now.
+

         * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
           configuration files that support specifier expansion learnt six new
           specifiers: %a resolves to the current architecture, %o/%w/%B/%W
         * Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
           configuration files that support specifier expansion learnt six new
           specifiers: %a resolves to the current architecture, %o/%w/%B/%W


@@ -100,6 +112,16 @@ CHANGES WITH 246:
           read and even write access to all these otherwise unmappable files,
           which is quite likely a major security problem.
 
           read and even write access to all these otherwise unmappable files,
           which is quite likely a major security problem.
 

+        * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
+          and others) now have a size and inode limits applied (50% of RAM for
+          /tmp and /dev/shm, 10% of RAM for other mounts, etc.)
+
+        * nss-mymachines lost support for resolution of users and groups, and
+          now only does resolution of hostnames. This functionality is now
+          provided by nss-systemd. Thus, the 'mymachines' entry should be
+          removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
+          (and 'systemd' added if it is not already there).
+

         * A new kernel command line option systemd.hostname= has been added
           that allows controlling the hostname that is initialized early during
           boot.
         * A new kernel command line option systemd.hostname= has been added
           that allows controlling the hostname that is initialized early during
           boot.


@@ -163,9 +185,15 @@ CHANGES WITH 246:
           new boolean setting Assign=. If enabled an address from the prefix is
           automatically assigned to the interface.
 
           new boolean setting Assign=. If enabled an address from the prefix is
           automatically assigned to the interface.
 

-        * systemd-networkd's [Network] section gained a new setting
-          IPv6PDSubnetId= that allows explicit configuration of the preferred
-          subnet that networkd's Prefix Delegation logic assigns to interfaces.
+        * systemd-networkd gained a new section [DHCPv6PrefixDelegation] which
+          controls delegated prefixes assigned by DHCPv6 client. The section
+          has three settings: SubnetID=, Assign=, and Token=. The setting
+          SubnetID= allows explicit configuration of the preferred subnet that
+          systemd-networkd's Prefix Delegation logic assigns to interfaces. If
+          Assign= is enabled (which is the default) an address from any acquired
+          delegated prefix is automatically chosen and assigned to the
+          interface. The setting Token= specifies an optional address generation
+          mode for Assign=.

 
         * systemd-networkd's [Network] section gained a new setting
           IPv4AcceptLocal=. If enabled the interface accepts packets with local
 
         * systemd-networkd's [Network] section gained a new setting
           IPv4AcceptLocal=. If enabled the interface accepts packets with local


@@ -217,6 +245,9 @@ CHANGES WITH 246:
           Description"). Support for "MUD" URLs was also added to the LLDP
           stack, configurable in the [LLDP] section in .network files.
 
           Description"). Support for "MUD" URLs was also added to the LLDP
           stack, configurable in the [LLDP] section in .network files.
 

+        * The Mode= settings in [MACVLAN] and [MACVTAP] now support 'source'
+          mode. Also, the sections now support a new setting SourceMACAddress=.
+

         * systemd-networkd's .netdev files now support a new setting
           VLANProtocol= in the [Bridge] section that allows configuration of
           the VLAN protocol to use.
         * systemd-networkd's .netdev files now support a new setting
           VLANProtocol= in the [Bridge] section that allows configuration of
           the VLAN protocol to use.


@@ -235,11 +266,6 @@ CHANGES WITH 246:
           interface which is fully set up for host communication, simply by
           carefully picking an interface name to use.
 
           interface which is fully set up for host communication, simply by
           carefully picking an interface name to use.
 

-        * A new boolean option AssignAcquiredDelegatedPrefixAddress= has been
-          added to the [DHCPv6] section of .network files. If enabled (which is
-          the default) an address from any acquired delegated prefix is
-          automatically chosen and assigned to the interface.
-

         * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
           which sets the route priority for routes specified by the DHCP server.
 
         * systemd-networkd's [DHCPv6] section gained a new setting RouteMetric=
           which sets the route priority for routes specified by the DHCP server.
 


@@ -256,10 +282,11 @@ CHANGES WITH 246:
           interface. There are new "up" and "down" commands to bring specific
           interfaces up or down.
 
           interface. There are new "up" and "down" commands to bring specific
           interfaces up or down.
 

-        * systemd-resolved's DNS= configuration option now optionally accepts
-          DNS server addresses suffixed by "#" followed by a host name. If
-          used, the DNS-over-TLS certificate is validated to match the
-          specified hostname.
+        * systemd-resolved's DNS= configuration option now optionally accepts a
+          port number (after ":") and a host name (after "#"). When the host
+          name is specified, the DNS-over-TLS certificate is validated to match
+          the specified hostname. Additionally, in case of IPv6 addresses, an
+          interface may be specified (after "%").

 
         * systemd-resolved may be configured to forward single-label DNS names.
           This is not standard-conformant, but may make sense in setups where
 
         * systemd-resolved may be configured to forward single-label DNS names.
           This is not standard-conformant, but may make sense in setups where


@@ -326,6 +353,13 @@ CHANGES WITH 246:
           MESSAGE=. This is useful to retrieve a very specific set of fields
           without any decoration.
 
           MESSAGE=. This is useful to retrieve a very specific set of fields
           without any decoration.
 

+        * The sd-journal.h API gained two new functions:
+          sd_journal_enumerate_available_unique() and
+          sd_journal_enumerate_available_data() that operate like their
+          counterparts that lack the _available_ in the name, but skip items
+          that cannot be read and processed by the local implementation
+          (i.e. are compressed in an unsupported format or such),
+

         * coredumpctl gained a new --file= switch, matching the same one in
           journalctl: a specific journal file may be specified to read the
           coredump data from.
         * coredumpctl gained a new --file= switch, matching the same one in
           journalctl: a specific journal file may be specified to read the
           coredump data from.


@@ -435,10 +469,12 @@ CHANGES WITH 246:
           also gained a new switch --root-password-hashed= which is like
           --root-password= but accepts a pre-hashed UNIX password as
           argument. The new option --delete-root-password may be used to unset
           also gained a new switch --root-password-hashed= which is like
           --root-password= but accepts a pre-hashed UNIX password as
           argument. The new option --delete-root-password may be used to unset

-          any password for the root user (dangerous!). A new --force option may
-          be used to override any already set settings with the parameters
-          specified on the command line (by default, the tool will not override
-          what has already been set before, i.e. is purely incremental).
+          any password for the root user (dangerous!). The --root-shell= switch
+          may be used to control the shell to use for the root account. A new
+          --force option may be used to override any already set settings with
+          the parameters specified on the command line (by default, the tool
+          will not override what has already been set before, i.e. is purely
+          incremental).

 
         * systemd-firstboot gained support for a new --image= switch, which is
           similar to --root= but accepts the path to a disk image file, on
 
         * systemd-firstboot gained support for a new --image= switch, which is
           similar to --root= but accepts the path to a disk image file, on


@@ -515,7 +551,7 @@ CHANGES WITH 246:
           has been extended by a set of environment variables that expose
           select fields from the host's os-release file to the container
           payload. Similarly, host's os-release files can be mounted into the
           has been extended by a set of environment variables that expose
           select fields from the host's os-release file to the container
           payload. Similarly, host's os-release files can be mounted into the

-          container underneath /run/hosts. Together, those mechanisms provide a
+          container underneath /run/host. Together, those mechanisms provide a

           standardized way to expose information about the host to the
           container payload. Both interfaces are implemented in systemd-nspawn.
 
           standardized way to expose information about the host to the
           container payload. Both interfaces are implemented in systemd-nspawn.
 


@@ -523,44 +559,50 @@ CHANGES WITH 246:
           LogControl1 D-Bus API which allows clients to change log level +
           target of the service during runtime.
 
           LogControl1 D-Bus API which allows clients to change log level +
           target of the service during runtime.
 

+        * Only relevant for developers: the mkosi.default symlink has been
+          dropped from version control. Please create a symlink to one of the
+          distribution-specific defaults in .mkosi/ based on your preference.
+

         Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
         Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander

-        Malafeev, Alin Popa, Amos Bird, Andreas Rammhold, AndreRH, Andrew
-        Doran, Anita Zhang, Ankit Jain, antznin, Arnaud Ferraris, Arthur Moraes
-        do Lago, Arusekk, Balaji Punnuru, Balint Reczey, Bastien Nocera,
-        bemarek, Benjamin Berg, Benjamin Dahlhoff, Benjamin Robin, Chris Down,
-        Chris Kerr, Christian Göttsche, Christian Hesse, Christian Oder,
-        Ciprian Hacman, codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan
-        Callaghan, Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner,
-        David Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo,
-        Dimitri John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca,
-        Emmanuel Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
+        Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
+        Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
+        antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
+        Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
+        Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
+        Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
+        codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
+        Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
+        Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
+        John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
+        Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,

         ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
         ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,

-        Finn, Florian Klink, Franck Bui, Frantisek Sumsal, Gaoyi, gaurav, Georg
-        Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2, gogogogi,
-        gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic,
-        James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy
-        Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg
-        Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny
-        Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus,
-        Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca
-        BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz
-        Stelmach, Maciej S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel
-        Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt
-        Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman,
-        Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný,
-        Michal Sekletar, Michal Sekletár, Mike Gilbert, Mike Kazantsev, ml,
-        Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas
-        Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer,
-        Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard
-        Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu,
-        Sean-StarLabs, Sebastian Jennen, sterlinghughes, Susant Sahani, Thomas
+        Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
+        Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
+        Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
+        Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
+        Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
+        Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
+        Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
+        Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
+        Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
+        Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
+        S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
+        Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
+        Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
+        Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
+        Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
+        nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
+        Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
+        Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
+        Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
+        Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas

         Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
         Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
         Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
         Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
         Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
         Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal

-        Korman, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
+        Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew

         Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
 
         Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
 

-        – Warsaw, 2020-07-09
+        – Warsaw, 2020-07-30

 
 CHANGES WITH 245:
 
 
 CHANGES WITH 245: