short option continues to work. The old --user NAME and --user=NAME
form (with and without "=") are still accepted but deprecated; a
warning is emitted suggesting --uid=NAME. The --user option (without
- an argument) has been repurposed as a standalone switch (without
- argument) to select the user service manager scope, matching
- --system.
+ an argument) has been repurposed as a standalone switch to select
+ the user service manager scope, matching --system.
* Several configuration fields in the io.systemd.Unit varlink interface
that were previously exposed as plain strings have been converted to
CGroupController, CollectMode, EmergencyAction, JobMode.
* It was discovered that systemd-stub does not measure all the events
- it measures to the TPM to the hardware CC registers (e.g. Intel TDX
- RTMRs) using EFI_CC_MEASUREMENT_PROTOCOL. In particular, devicetree,
- initrd, ucode addons and the UKI profile were only measured to the
- TPM. The missing measurements got added, however, the expected
- register values are now changed. This may need to be reflected in the
- attestation environments which use hardware CC registers and not the
- TPM quote.
+ it measures to the TPM also to the hardware CC registers (e.g. Intel
+ TDX RTMRs) using EFI_CC_MEASUREMENT_PROTOCOL. In particular,
+ devicetree, initrd, ucode addons and the UKI profile were only
+ measured to the TPM. The missing measurements for CC have now been
+ added; however, this changes the expected register values. This
+ may need to be reflected in the attestation environments which use
+ hardware CC registers (in place of TPM quotes).
* systemd-nspawn gained a new --restrict-address-families= option (and
corresponding RestrictAddressFamilies= setting in .nspawn files) to
AF_UNIX.
* The experimental "systemd-sysupdated" D-Bus API is going to be
- removed again in the next release. The plan is that in its place
+ removed in the next release. The plan is that in its place
clients should directly talk to systemd-sysupdate (i.e. the backend
of "systemd-sysupdated") via Varlink IPC. The "updatectl" tool will
be reworked along these lines.
+ * A new service unit "systemd-pcrosseparator.service" will now measure
+ a new separator measurement during early userspace into PCRs 0-7, 9,
+ 12-14, in order to isolate firmware/pre-boot measurements from host
+ measurements. This is a safety concept to protect firmware
+ measurements on systems where the regular firmware separator
+ measurement is missing. It's also useful in environments where a
+ software TPM is used, i.e. where TPM functionality is only available
+ starting with the OS, but not before. Note that this new measurement
+ has an effect on all indicated PCRs, hence might affect relevant TPM
+ policies.
+
+ * Support for udev's old database version 0 has been removed. This
+ effectively means live upgrades from versions older than v247 are not
+ supported anymore.
+
Changes in the system and service manager:
* PID1 now supports the kernel's Live Update Orchestration (LUO) /
stashed (named) file descriptors after kexec, if the kernel supports
the FD type (at the time of writing only memfds are supported).
Units can also create their own LUO Sessions by talking to the kernel
- directly, and store them in their FD Stores, and those will be also
+ directly, and store them in their FD Stores, and those will also be
preserved and passed down to the unit after kexec. Units must set
'FileDescriptorStorePreserve=yes' in order to enable this feature.
support, this lets user units persist state (e.g.: memfds) across
not only user session restarts, but also kexec reboots.
- * The hardware database now contains a new database hwdb.d/40-imds.hwdb
- that recognizes various established public clouds by their SMBIOS
- information, and provides information how to reach local IMDS
- functionality on the node. Currently, Amazon EC2, Microsoft Azure,
- Google Compute Engine, Hetzner, Oracle Cloud, Scaleway are
- recognized.
-
- * An IMDS subsystem has been added. Specifically, there's now
- systemd-imdsd which provides a local Varlink IPC API that makes IMDS
- services accessible locally. It provides both a relatively low-level
- interface for querying arbitrary fields, and a higher level interface
- for querying certain well-known keys in a generic way (which maps to
- various cloud specific keys via the hwdb). The service can be pulled
- into the boot transaction automatically if a supported cloud is
- recognized via the systemd-imds-generator functionality. This permits
- implementation of truly generic images, that can interact with IMDS
- if available, but operate without if not. A tool systemd-imds acts as
- a client to systemd-imdsd and imports various IMDS provided fields
- into local system credentials, which can then be consumed by later
- services. The acquired IMDS is measured before being imported.
-
- * Networking to cloud IMDS services may be locked down for recognized
- clouds. This is recommended for secure installations, but typically
- conflicts with traditional IMDS clients such as cloud-init, which
- require direct IMDS access. The new meson option "-Dimds-network="
- can be used to change the default mode to "locked" at build-time.
-
* The manager exposes a new ReloadCount property on its D-Bus and
Varlink interfaces (org.freedesktop.systemd1.Manager and
io.systemd.Manager respectively). The counter increments after
each successfully completed daemon-reload, and it is reset on
daemon-reexec.
- * A new ConditionSecurity=measured-os unit condition has been added
- that checks whether the system was booted with measured-boot
- semantics (i.e. via systemd-stub or an equivalent verified-boot
- mechanism that measured the OS to the TPM). This is very similar to
- the pre-existing ConditionSecurity=measured-uki however is a more
- generic as it can also cover environments where the firmware/UKI does
- not have a TPM but the OS has (which is for example the case if the
- TPM is implemented purely in software).
-
* A new unit setting CPUSetPartition= has been added that allows
configuring the cpuset cgroup partition type (e.g. "root",
"isolated", "member") for a service.
- * Two new optional sd_notify() messages have been introduced that
- allow services to be notified of I/O and CPU pressure events from
- PSI (Pressure Stall Information). The system manager forwards
- pressure events for the corresponding cgroup.
-
* A new RestrictFileSystemAccess= setting has been added that uses a
BPF LSM program to restrict execution to only binaries that are
stored on a signed and verified dm-verity protected filesystem.
- * The io.systemd.Unit.StartTransient() Varlink method has been extended
- to accept SetCredentials, SetCredentialsEncrypted, Environment and
- WorkingDirectory fields, on par with what is already possible via
- the legacy D-Bus interface.
+ * The io.systemd.Unit.StartTransient() Varlink method has been added
+ for invoking service units transiently.
* A new set of Varlink methods has been added to the
io.systemd.Manager interface to request system shutdown:
* A new io.systemd.Job Varlink interface exposes information about
pending and running manager jobs.
- Changes in systemd-tmpfiles, systemd-sysusers and similar early-boot
- tools:
+ * The service manager knows two new global knobs
+ EventLoopRateLimitIntervalSec=/EventLoopRateLimitBurst= to configure
+ PID1's event loop ratelimit logic. This permits fine-tuning the
+ safety logic in PID 1 that slows down operation in case PID 1 starts
+ to busy loop.
+
+ * The service manager gained new per-unit settings
+ CPUPressureWatch=/CPUPressureThresholdSec=/IOPressureWatch=/IOPressureThresholdSec=
+ which enable services to get generic notifications on CPU or IO
+ pressure events.
+
+ * A new global service manager knob MinimumUptimeSec= has been added
+ that defines a minimum uptime for the system. It defaults to 15s. If
+ the system is shut down more quickly than the specified time a delay
+ is inserted in the last part of shutdown, in order to avoid tight
+ boot loops.
+
+ IMDS (Cloud "Instance Metadata Service") Subsystem:
+
+ * The hardware database now contains a new database hwdb.d/40-imds.hwdb
+ that recognizes various established public clouds by their SMBIOS
+ information, and provides information on how to reach local IMDS
+ functionality on the node. Currently, Amazon EC2, Microsoft Azure,
+ Google Compute Engine, Hetzner, Oracle Cloud, Scaleway, Tencent
+ Cloud, and Alibaba ECS are recognized.
+
+ * An IMDS subsystem has been added. Specifically, there's now
+ systemd-imdsd which provides a local Varlink IPC API that makes IMDS
+ services accessible to local programs. It provides both a relatively
+ low-level interface for querying arbitrary fields, and a higher level
+ interface for querying certain well-known keys in a generic way
+ (which maps to various cloud-specific keys via the hwdb). The service
+ can be pulled into the boot transaction automatically if a supported
+ cloud is recognized via the systemd-imds-generator
+ functionality. This permits implementation of truly generic images
+ that can interact with IMDS if available, but operate without if
+ not. A tool systemd-imds acts as a client to systemd-imdsd and
+ imports various IMDS provided fields into local system credentials,
+ which can then be consumed by later services. The acquired IMDS data
+ is measured before being imported.
+
+ * Networking to cloud IMDS services may be locked down for recognized
+ clouds. This is recommended for secure installations, but typically
+ conflicts with traditional IMDS clients such as cloud-init, which
+ require direct IMDS access. The new meson option "-Dimds-network="
+ can be used to change the default mode to "locked" at build-time.
- * A new tmpfiles.d/root.conf has been added that sets permissions
- on the root directory (/) to 0555.
+ TPM Subsystem:
+
+ * A new ConditionSecurity=measured-os unit condition has been added
+ that checks whether the system was booted with measured-boot
+ semantics (i.e. via systemd-stub or an equivalent verified-boot
+ mechanism that measured the OS to the TPM). This is very similar to
+ the pre-existing ConditionSecurity=measured-uki, but is more
+ generic, as it can also cover environments where the firmware/UKI does
+ not have a TPM but the OS has (which is for example the case if the
+ TPM is implemented purely in software).
+
+ * A new service systemd-tpm2-swtpm.service has been added that can run
+ the IBM "swtpm" as a software TPM, for use as (optional) automatic
+ fallback for systems that lack a physical TPM but where TPM
+ functionality should be made available nonetheless. (This
+ functionality must be enabled via systemd.tpm2_software_fallback= on
+ the kernel command line.) Of course a software TPM running as part of
+ a system's userspace does not provide a security posture in any way
+ equivalent to that of a discrete hardware TPM, but in various
+ use cases it might still be preferable to having no TPM functionality
+ at all. The software TPM uses a key derived from the new "boot
+ secret" functionality for encryption, and stores its state in the
+ disk's ESP. This provides at least some protection, and reasonable
+ persistency from initrd on.
+
+ Changes in systemd-tmpfiles and systemd-sysusers:
+
+ * A new tmpfiles.d/root.conf has been added that sets permissions on
+ the root directory (/) to 0555. This is particularly useful in
+ environments where the root file system is created fresh and empty
+ with only /usr/ mounted in – but it is also useful as a general
+ safety net.
* systemd-tmpfiles gained a new --inline switch which permits passing
tmpfiles.d/ directives directly on the command line rather than via a
cannot be used to modify the resources which are used in the
early boot.
- * A kernel command line kill switch is now honored that disables
- systemd-sysext and systemd-confext merging entirely.
+ * A kernel command line kill switch that disables systemd-sysext and
+ systemd-confext merging entirely is now honoured.
Changes in systemd-networkd and networkctl:
Changes in systemd-resolved:
- * New 'DNSCacheSize=', 'MulticastDNSCacheSize=' and 'LLMNRCacheSize='
- settings are now supported to allow overriding the default caches
- sizes for the respective protocols.
-
* systemd-resolved will now read additional DNS resource record
definitions to resolve locally from JSON drop-in files in
{/etc,/run,/usr/local/lib,/usr/lib}/systemd/resolve/static.d/. This
- is a generalization of /etc/hosts in a way, but is supposed to be
+ is a generalization of /etc/hosts, but is intended to be
more flexible (i.e. other RR types than just A/AAAA + PTR can be
configured, even if right now not too many are hooked up yet) and
follow the usual drop-in pattern that avoids ownership conflicts.
+ * New 'DNSCacheSize=', 'MulticastDNSCacheSize=' and 'LLMNRCacheSize='
+ settings are now supported to allow overriding the default
+ per-interface cache sizes for the respective protocols.
+
* Insecure DNSSEC answers using unsupported signature or digest
algorithms are now correctly accepted as insecure, rather than
being rejected outright.
stale entries available.
* /etc/hosts entries are now re-read on reload (SIGHUP / D-Bus
- Reload / Varlink Reload).
+ Reload() / Varlink Reload()).
Changes in systemd-udevd, hwdb and udev rules:
* The DMI ID device (/sys/class/dmi/id) is now tagged so that
early-boot consumers can reliably order against it.
- * A new hwdb database describes basic IMDS endpoints for known
- cloud providers (see also systemd-imdsd above).
-
- Changes in systemd-boot, systemd-stub, bootctl, ukify and BLS:
+ * udev's "blkid" builtin will now set a new udev property
+ ID_PART_GPT_AUTO_ROOT_DISK_NEEDS_LOOP=1 on boot block devices where a
+ GPT partition table is detected for a sector size different from the
+ native sector size of the device. (This typically happens if a Hybrid
+ ISO9660/GPT disk image is booted as CDROM, where the native sector
+ size is 2048 but the GPT header uses 512 sector size). If this
+ happens then a systemd-loop@.service instance is automatically pulled
+ in via an udev rule that generates a loopback block device from the
+ discovered block device, exposing the device with the corrected
+ sector size. Or in other words: booting a fully valid GPT disk image
+ on a block device with a non-matching sector size will now just work,
+ and automatically result in a matching loopback device popping
+ up. The new property is also set if the boot block device carries a
+ GPT header (i.e. is partitioned) but the block device has partition
+ table processing turned off.
+
+ Changes in systemd-boot, systemd-stub, bootctl, ukify:
* systemd-stub will now maintain a "boot secret" and pass it to the OS
in the /.extra/boot-secret file in the initrd. This boot secret is
OS (i.e. only accessible in the UEFI environment). The EFI variable
is automatically initialized to a randomly generated value if not set
yet. It is intended to be used for certain fallback codepaths in case
- a local TPM is not available, but an UEFI environment is. If a TPM is
+ a local TPM is not available, but a UEFI environment is. If a TPM is
available, it's highly recommended to use it as a better source of
- per-system key material, but in absence of a TPM it often might be an
+ per-system key material, but in the absence of a TPM it often might be an
acceptable fallback for local, persistent key material. Applications
should never use the key as-is, but derive their own key from it,
through hashing.
- * systemd-stub now auto-detects the active EFI serial console
- device and appends an appropriate "console=" parameter to the
- kernel command line, simplifying serial-console UKI deployments.
-
- * A new "extra" type-1 Boot Loader Specification stanza is parsed
- and used to deliver additional initrds to a UKI without modifying
- its contents. The generic "addon" handling has been generalized
- so that all UKI sidecar artifacts (initrds, command-line
- overlays, devicetree blobs, etc.) follow the same lookup rules.
+ * systemd-stub now auto-detects the active EFI serial console device
+ and appends an appropriate "console=" parameter to the kernel command
+ line, simplifying serial-console UKI deployments: the serial console
+ output configuration of UEFI is now automatically propagated to
+ Linux.
+
+ * systemd-stub will now query the firmware's keyboard mapping and pass
+ it to the OS via the LoaderKeyboardLayout EFI variable. This variable
+ is then used by systemd-vconsole-setup as a fallback keyboard mapping
+ if no mapping is explicitly configured otherwise. On modern laptops this
+ means there's a good chance that the keyboard mapping of the built-in
+ keyboard will be automatically detected and set up without requiring
+ user intervention.
+
+ * A new "extra" type-1 Boot Loader Specification stanza is parsed and
+ used to deliver additional resources to a UKI without modifying its
+ contents. This may be used to pass confext DDIs, sysext DDIs or
+ encrypted credentials to a UKI kernel. The generic "addon" handling
+ has been generalized so that all UKI sidecar artifacts (initrds,
+ command-line overlays, devicetree blobs, etc.) follow the same lookup
+ rules.
* systemd-boot will never auto-boot a non-default UKI profile,
preventing accidental boots into alternative profiles after a
single timeout expiry.
- * El Torito CDROM boot catalog partition UUIDs are now discovered
- and exposed via the same mechanism as GPT/MBR partitions,
+ * systemd-stub: El Torito CDROM boot catalog partition UUIDs are now
+ discovered and exposed via the same mechanism as GPT/MBR partitions,
enabling unified ISO image dissection.
- * bootctl gained a new 'link' verb (with a matching Varlink API)
- that installs a UKI on the ESP by symlinking it from
- /usr/lib/modules/ instead of copying. A new
- '--print-efi-architecture' option prints the EFI architecture
- identifier of the running system, which is useful from packaging
- scripts.
+ * systemd-stub will now incorporate any initrd already configured via
+ the LINUX_INITRD_MEDIA_GUID UEFI device into the set of initrds it
+ passes to the kernel (previously it would fail if one was already
+ set). This means systemd-stub now operates in a purely incremental
+ mode regarding initrds passed in from earlier boot steps.
+
+ * bootctl gained a new '--print-efi-architecture' option that prints
+ the EFI architecture identifier of the running system, which is
+ useful from scripts.
+
+ * bootctl gained a new 'link' verb (with a matching Varlink API) that
+ installs a Type #1 boot loader entry based on a UKI in combination
+ with confext DDIs, sysext DDIs or system credentials.
+
+ * bootctl's 'unlink' verb is now also accessible via a Varlink API.
Changes in systemd-repart:
* A new VolumeName= setting allows specifying the LUKS2 volume
name independently of the on-disk partition label.
- * A new BlockDeviceReplace= setting allows partitions to
- atomically replace the contents of an existing block device.
+ * A new BlockDeviceReplace= setting allows partitions to atomically
+ migrate the contents of an existing block device to a different
+ partition. This may be used for OS installers that migrate the
+ running OS as a whole from an in-memory block device onto a disk,
+ requiring no reboot as part of the installation cycle.
* systemd-repart now supports a new --grain-size= switch to explicitly
select the desired "grain" size (i.e. alignment granularity) when
* --shrink now uses mkfs.btrfs's native minimal-filesystem support
when available.
- * A new persistent activation flag for LUKS2 partitions causes the
- allow-discards option to be persisted in the LUKS2 header.
+ * A new per-partition Discard= setting may be used to control
+ the persistent "allow-discards" flag of LUKS encrypted partitions.
Changes in systemd-sysupdate:
- * Partial-and-pending UpdateSet states are now correctly recognized
- in additional code paths, and partial versions may be returned
- as the next candidate as well as targeted by vacuuming.
-
* systemd-sysupdate now emits READY=1 via sd_notify() after the
install step completes, allowing for tighter integration with
orchestration tooling.
--forward-journal-NAME= options to forward journal entries from
the payload to specified journal sockets.
- * systemd-vmspawn gained a new --bind-volume= option that binds host
- paths into the VM.
-
- * systemd-vmspawn gained a new --cxl= option that configures CXL
- memory devices and adds support for memory hotplug.
+ * systemd-vmspawn gained a new --bind-volume= option that binds volumes
+ provided by the storage provider Varlink logic (see below) into a VM.
* systemd-vmspawn gained a new --console-transport= option that
controls how the VM console is presented (PTY, native, headless,
etc.); a PTY is now provided for the native console mode, and
headless console operation is supported.
+ * systemd-vmspawn's --console= switch gained a new value "headless" to
+ spawn a VM in truly headless mode, i.e. without a console or display.
+
* systemd-vmspawn gained a new switch --efi-nvram-state= for
controlling whether and where to persist the EFI variable NVRAM
between VM invocations. It's modelled after --tpm-state= in
- behaviour.
-
- * systemd-vmspawn's TPM logic will now ensure to install an
- endorsement certificate.
+ behaviour. There's also a new --efi-nvram-template= knob for
+ selecting a template file to initialize the EFI NVRAM state from on
+ first boot.
- * systemd-vmspawn's --console= switch gained a new value "headless" to
- spawn a VM in truly headless mode, i.e without a console or display.
+ * systemd-vmspawn's TPM logic will now ensure an endorsement
+ certificate is installed.
* systemd-vmspawn gained a new --firmware-features= option that
enables or disables individual firmware features (with a
"~feature" prefix for negation).
+ * systemd-vmspawn now searches XDG_DATA_DIRS for QEMU firmware
+ descriptors.
+
* systemd-vmspawn now supports direct kernel boot without UEFI
firmware.
* systemd-vmspawn gained support for a new --image-disk-type= switch
- for selecting the block storage type (virtio-blk, virtio-scsi, nvme)
- for block devices exposed to the VM. The --extra-drive= switch
- optionally can configure this too now.
+ for selecting the block storage type (virtio-blk, virtio-scsi, nvme,
+ scsi-cd) for block devices exposed to the VM. The --extra-drive=
+ switch can now optionally configure this too.
* The io.systemd.MachineInstance Varlink interface gained
AddStorage(), RemoveStorage() and ReplaceStorage() methods for
* systemd-vmspawn now uses the QEMU built-in vdagent (clipboard,
resolution sync) instead of spicevmc.
- * systemd-vmspawn now searches XDG_DATA_DIRS for QEMU firmware
- descriptors.
-
* systemd-vmspawn gained a new --print-profiles command that falls
back to a non-JSON representation when the output is not JSON.
* The crashing thread's TID and name are now captured and
recorded alongside the existing PID/comm metadata.
- Changes in systemd-logind:
-
- * A new io.systemd.Shutdown Varlink interface has been introduced
- to request system shutdown. The peer connection identifier of
- the requester is logged.
-
Changes in systemd-creds, systemd-cryptsetup and
systemd-cryptenroll:
* systemd-creds only locks against the public-key TPM2 PCR when
booting on UEFI firmware that supports TPMs, avoiding spurious
- errors on systems without TPM.
+ errors on systems without a TPM.
* libcryptsetup is now loaded via dlopen() in the cryptsetup
binaries, eliminating the hard runtime dependency for systems that do
not actually use it.
+ Dynamic Linking:
+
+ * libgnutls, libmicrohttpd, libcurl, libcrypto, libssl, libfdisk
+ and libcryptsetup are now consistently loaded via dlopen()
+ throughout the codebase, further reducing the set of mandatory
+ dependencies from all binaries.
+
+ * The unused dependency on libgpg-error has been dropped.
+
+ → This means all direct shared library linking against external
+ libraries has now been replaced by dlopen()-based linking, with the
+ sole exception of libc.
+
Changes in libsystemd:
* A new public 'sd-dlopen' header-only API has been added that
This header is licensed under MIT-0 to facilitate embedding it
directly in other projects.
- * A new 'sd_json_parse_fd' API is now available to facilitate parsing
- FDs out of Varlink connections.
+ * sd_json_parse() (and related calls) now supports a pair of new flags
+ SD_JSON_PARSE_MUST_BE_OBJECT and SD_JSON_PARSE_MUST_BE_ARRAY. If
+ specified, these flags cause the parser to fail if the top-level
+ parsed JSON variant is not an object/array.
- * sd-varlink gained a protocol upgrade mechanism, exposed via the
- new sd_varlink_call_and_upgrade() and
- sd_varlink_reply_and_upgrade() API. Internally the upgrade fd
- handling and MSG_PEEK semantics for upgradable sockets have
- been reworked, and the upgrade API always returns two file
- descriptors.
+ * sd-json gained a new helper sd_json_parse_fd() that parses JSON data
+ from a file referenced by a file descriptor. It works similar to
+ sd_json_parse_file(), which operates on a FILE*. Moreover, a new
+ flag SD_JSON_PARSE_SEEK0 has been added which explicitly resets the
+ file offset to 0 when parsing via sd_json_parse_file() or
+ sd_json_parse_fd().
- * The 'ret' argument of sd_varlink_idl_parse() is now optional.
+ * sd-varlink gained a new call sd_varlink_set_sentinel() that
+ simplifies generating responses to method calls that have "more" set.
- * sd-varlink's per-UID connection limit has been scaled down to
- 128.
+ * sd-varlink gained a new call sd_varlink_call_and_upgrade() that
+ permits calling a method call with the Varlink "upgrade" feature
+ enabled, i.e. that allows switching from Varlink to a different
+ protocol. varlinkctl acquired a new --upgrade switch to expose this
+ functionality. A new call sd_varlink_reply_and_upgrade() supports
+ "upgrade" mode on the server side.
- * Enumeration types have been introduced throughout the
- well-known Varlink interfaces: ManagedOOMMode in
- io.systemd.oom; class and whom in io.systemd.Machine;
- configuration, scheduling and mount settings in
- io.systemd.Unit; configuration settings in io.systemd.Manager.
+ * The 'ret' argument of sd_varlink_idl_parse() is now optional.
- * varlinkctl gained a new 'serve' verb that wraps an arbitrary
- command as a Varlink server, and a new '--upgrade' option
- (along with '--exec') to consume the protocol upgrade API.
+ * sd-varlink's per-UID connection limit has been reduced to 128.
- * sd-path now exposes an XDG 'projects' user directory.
+ * sd-event gained native support for CPU and IO pressure events, in
+ addition to the pre-existing support for memory pressure events. This
+ is useful for slowing down or pausing worker threads or so if CPU or
+ IO is under pressure.
- * sd-device gained a number of helpers, including
- sd_device_get_sysattr_safe_string(), sd_device_get_sysattr_u8(),
- and sd_device_get_sysattr_u16().
+ * sd-path now exposes the XDG 'projects' user directory.
Other changes:
- * A new systemd-imdsd service has been introduced that makes cloud
- Instance Metadata Service (IMDS) data accessible locally. It is
- accompanied by a 'systemd-imds' client tool, a generator that hooks
- IMDS retrieval into cloud guests, a hwdb database describing basic
- IMDS endpoints for known clouds (including AWS, Azure, Google
- Cloud, Oracle Cloud, Tencent Cloud and Alibaba ECS), and TPM
- measurements of the retrieved data so that IMDS-provided values can
- be used as attestation inputs. Networking to cloud IMDS services
- may also be locked down for recognized clouds; the new meson option
- "-Dimds-network=" can change the default mode to "locked" at build
- time. This is recommended for secure installations, but typically
- conflicts with traditional IMDS clients such as cloud-init, which
- require direct IMDS access.
+ * A new io.systemd.Shutdown Varlink interface has been introduced
+ to request system shutdown. The peer connection identifier of
+ the requester is logged.
+
+ * varlinkctl gained a new 'serve' verb that wraps an arbitrary
+ command as a Varlink server, and a new '--upgrade' option
+ (along with '--exec') to consume the protocol upgrade API.
* The systemd-report framework introduced in v260 has been
substantially extended. Basic system metrics
report-basic.socket activation unit. Per-cgroup metrics (CPU time,
etc.) and per-service metrics are exposed through dedicated Varlink
services. systemd-report gained the ability to upload collected
- reports via a "varlink socket directory" of HTTP destinations, and
+ reports via a Varlink socket directory or HTTP destinations, and
to inject custom HTTP headers when doing so.
* 'systemctl kexec' gained a new --kernel-cmdline= argument that
overrides the kernel command line for kexec invocations.
- * 'systemctl kexec' now prefers invoking the 'kexec_file_load' system
- call directly, and uses the 'kexec' binary only as a fallback if
- that is not available, so that on most systems the dependency on
+ * 'systemctl kexec' now prefers invoking the 'kexec_file_load()' system
+ call directly, and uses the 'kexec' binary only as a fallback if that
+ is not available, so that on most systems the dependency on
'kexec-tools' is no longer necessary.
* fstab-generator now supports swap on network block devices.
- * libgnutls, libmicrohttpd, libcurl, libcrypto, libssl, libfdisk
- and libcryptsetup are now consistently loaded via dlopen()
- throughout the code base, further reducing the set of mandatory
- dependencies from all binaries.
-
- * The unused dependency on libgpg-error has been dropped.
-
* systemd-firstboot will now honour a new "firstboot.hostname" system
credential for persistently setting the system hostname on first
- boot. This is different from the pre-existing "system.hostname" which
- sets the hostname on boot the credential is passed on only, and which
- is not made persistent.
+ boot. This is different from the pre-existing "system.hostname",
+ which sets the hostname only for the boot the credential is passed
+ on, and which is not made persistent.
* systemd-hostnamed now provides a D-Bus API to acquire arbitrary
fields from /etc/machine-info.
* systemd-hostnamed is now available in early boot too (i.e. before
basic.target). Note that D-Bus only becomes available later, and it
- hence can only be contacted via Varlink that early.
+ can hence only be contacted via Varlink that early.
* JSON user database records may now optionally carry a birth date
field. homectl gained a new switch --birth-date= to set it.
- * systemd-vconsole-setup will now gracefully handle if the
+ * systemd-vconsole-setup will now gracefully handle the case where the
setfont/loadkeys tools are not installed, and skip operation cleanly
in that case.
- * sd_json_parse() (and related calls) now supports a pair of new flags
- SD_JSON_PARSE_MUST_BE_OBJECT and SD_JSON_PARSE_MUST_BE_ARRAY. If
- specified this flags cause the parser to failure if the top-level
- parsed JSON variant is not an object/array.
+ * The _netdev pseudo mount option is now also supported for swap
+ devices, i.e. enabling correct boot time ordering to allow swapping
+ on network block devices.
- * A new service systemd-tpm2-swtpm.service has been added that can run
- the IBM "swtpm" as a software TPM, for use as (optional) automatic
- fallback for systems that lack a physical TPM but where TPM
- functionality should be made available nonetheless. (This
- functionality must be enabled via systemd.tpm2_software_fallback= on
- the kernel command line.) Of course a software TPM running as part of
- a system's userspace does not provide a security posture in any way
- equivalent to that of a discrete hardware TPM, however in various
- usecase it might still be preferable over having no TPM functionality
- at all. The software TPM uses a key derived from the new "boot
- secret" functionality for encryption, and stores its state in the
- disk's TPM. This provides at least some protection, and reasonable
- persistancy from initrd on.
+ * systemd-run gained a new --output= switch for controlling log output
+ formatting when using "-v" mode.
+
+ * A new component systemd-sysinstall has been added that implements a
+ simple, modern textual installer for an OS. It's a wrapper around
+ Varlink calls to systemd-repart (to set up a partition table and
+ stream in the OS partitions), bootctl link (to install kernel and
+ boot menu items for the OS), bootctl install (to install the
+ systemd-boot boot loader), systemd-creds (to configure the minimal
+ amount of system settings, such as keyboard mappings, locale for the
+ newly installed system), followed by a request to reboot. It operates
+ either interactively or command-line driven.
+
+ * systemd-oomd gained support for OOM rulesets. These allow fine-tuning
+ OOM policy handling, and may be defined in /etc/systemd/oomd/rules.d/
+ and then enabled on a service unit via the new OOMRule= option.
CHANGES WITH 260:
wrappers and other APIs it provides have been reimplemented directly
in systemd, which reduced the codebase and the dependency tree.
+ → In summary: all direct shared library linking is gone now from
+ systemd, with the one exception of libc.
+
systemd-machined/systemd-importd:
* systemd-machined gained support for RegisterMachineEx() +
projects / thirdparty / systemd.git / commitdiff
