| 2019-09-12 16:50:12 |
Gianfranco Costamagna |
description |
Eoan currently has 241-7ubuntu1, Debian stable has 241 and Debian testing moved to 242 last week.
While version 241 is the safer choice for Eoan (from v241 and v242) since it is widely tested updating to v242 will allow us to carry fewer patches in Eoan and makes moving to the next release easier.
The proposed package is tested in Bileto and all tests are passing (except for a few unrelated failures):
https://bileto.ubuntu.com/#/ticket/3797
The final version will be 242-6ubuntu1 and I'm tidying up the changelog, too.
I plan merging 242-7, too, going forward but this will not need an FFe. |
Eoan currently has 241-7ubuntu1, Debian stable has 241 and Debian testing moved to 242 last week.
While version 241 is the safer choice for Eoan (from v241 and v242) since it is widely tested updating to v242 will allow us to carry fewer patches in Eoan and makes moving to the next release easier.
The proposed package is tested in Bileto and all tests are passing (except for a few unrelated failures):
https://bileto.ubuntu.com/#/ticket/3797
The final version will be 242-6ubuntu1 and I'm tidying up the changelog, too.
I plan merging 242-7, too, going forward but this will not need an FFe.
CHANGES WITH 242:
* In .link files, MACAddressPolicy=persistent (the default) is changed
to cover more devices. For devices like bridges, tun, tap, bond, and
similar interfaces that do not have other identifying information,
the interface name is used as the basis for persistent seed for MAC
and IPv4LL addresses. The way that devices that were handled
previously is not changed, and this change is about covering more
devices then previously by the "persistent" policy.
MACAddressPolicy=random may be used to force randomized MACs and
IPv4LL addresses for a device if desired.
Hint: the log output from udev (at debug level) was enhanced to
clarify what policy is followed and which attributes are used.
`SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
may be used to view this.
Hint: if a bridge interface is created without any slaves, and gains
a slave later, then now the bridge does not inherit slave's MAC.
To inherit slave's MAC, for example, create the following file:
```
# /etc/systemd/network/98-bridge-inherit-mac.link
[Match]
Type=bridge
[Link]
MACAddressPolicy=none
```
* The .device units generated by systemd-fstab-generator and other
generators do not automatically pull in the corresponding .mount unit
as a Wants= dependency. This means that simply plugging in the device
will not cause the mount unit to be started automatically. But please
note that the mount unit may be started for other reasons, in
particular if it is part of local-fs.target, and any unit which
(transitively) depends on local-fs.target is started.
* networkctl list/status/lldp now accept globbing wildcards for network
interface names to match against all existing interfaces.
* The $PIDFILE environment variable is set to point the absolute path
configured with PIDFile= for processes of that service.
* The fallback DNS server list was augmented with Cloudflare public DNS
servers. Use `-Ddns-servers=` to set a different fallback.
* A new special target usb-gadget.target will be started automatically
when a USB Device Controller is detected (which means that the system
is a USB peripheral).
* A new unit setting CPUQuotaPeriodSec= assigns the time period
relatively to which the CPU time quota specified by CPUQuota= is
measured.
* A new unit setting ProtectHostname= may be used to prevent services
from modifying hostname information (even if they otherwise would
have privileges to do so).
* A new unit setting NetworkNamespacePath= may be used to specify a
namespace for service or socket units through a path referring to a
Linux network namespace pseudo-file.
* The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
have an effect on .socket units: when used the listening socket is
created within the configured network namespace instead of the host
namespace.
* ExecStart= command lines in unit files may now be prefixed with ':'
in which case environment variable substitution is
disabled. (Supported for the other ExecXYZ= settings, too.)
* .timer units gained two new boolean settings OnClockChange= and
OnTimezoneChange= which may be used to also trigger a unit when the
system clock is changed or the local timezone is
modified. systemd-run has been updated to make these options easily
accessible from the command line for transient timers.
* Two new conditions for units have been added: ConditionMemory= may be
used to conditionalize a unit based on installed system
RAM. ConditionCPUs= may be used to conditionalize a unit based on
installed CPU cores.
* The @default system call filter group understood by SystemCallFilter=
has been updated to include the new rseq() system call introduced in
kernel 4.15.
* A new time-set.target has been added that indicates that the system
time has been set from a local source (possibly imprecise). The
existing time-sync.target is stronger and indicates that the time has
been synchronized with a precise external source. Services where
approximate time is sufficient should use the new target.
* "systemctl start" (and related commands) learnt a new
--show-transaction option. If specified brief information about all
jobs queued because of the requested operation is shown.
* systemd-networkd recognizes a new operation state 'enslaved', used
(instead of 'degraded' or 'carrier') for interfaces which form a
bridge, bond, or similar, and an new 'degraded-carrier' operational
state used for the bond or bridge master interface when one of the
enslaved devices is not operational.
* .network files learnt the new IgnoreCarrierLoss= option for leaving
networks configured even if the carrier is lost.
* The RequiredForOnline= setting in .network files may now specify a
minimum operational state required for the interface to be considered
"online" by systemd-networkd-wait-online. Related to this
systemd-networkd-wait-online gained a new option --operational-state=
to configure the same, and its --interface= option was updated to
optionally also take an operational state specific for an interface.
* systemd-networkd-wait-online gained a new setting --any for waiting
for only one of the requested interfaces instead of all of them.
* systemd-networkd now implements L2TP tunnels.
* Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
may be used to cause autonomous and onlink prefixes received in IPv6
Router Advertisements to be ignored.
* New MulticastFlood=, NeighborSuppression=, and Learning= .network
file settings may be used to tweak bridge behaviour.
* The new TripleSampling= option in .network files may be used to
configure CAN triple sampling.
* A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
used to point to private or preshared key for a WireGuard interface.
* /etc/crypttab now supports the same-cpu-crypt and
submit-from-crypt-cpus options to tweak encryption work scheduling
details.
* systemd-tmpfiles will now take a BSD file lock before operating on a
contents of directory. This may be used to temporarily exclude
directories from aging by taking the same lock (useful for example
when extracting a tarball into /tmp or /var/tmp as a privileged user,
which might create files with really old timestamps, which
nevertheless should not be deleted). For further details, see:
https://systemd.io/TEMPORARY_DIRECTORIES
* systemd-tmpfiles' h line type gained support for the
FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
controlling project quota inheritance.
* sd-boot and bootctl now implement support for an Extended Boot Loader
(XBOOTLDR) partition, that is intended to be mounted to /boot, in
addition to the ESP partition mounted to /efi or /boot/efi.
Configuration file fragments, kernels, initrds and other EFI images
to boot will be loaded from both the ESP and XBOOTLDR partitions.
The XBOOTLDR partition was previously described by the Boot Loader
Specification, but implementation was missing in sd-boot. Support for
this concept allows using the sd-boot boot loader in more
conservative scenarios where the boot loader itself is placed in the
ESP but the kernels to boot (and their metadata) in a separate
partition.
* A system may now be booted with systemd.volatile=overlay on the
kernel command line, which causes the root file system to be set up
an overlayfs mount combining the root-only root directory with a
writable tmpfs. In this setup, the underlying root device is not
modified, and any changes are lost at reboot.
* Similar, systemd-nspawn can now boot containers with a volatile
overlayfs root with the new --volatile=overlay switch.
* systemd-nspawn can now consume OCI runtime bundles using a new
--oci-bundle= option. This implementation is fully usable, with most
features in the specification implemented, but since this a lot of
new code and functionality, this feature should most likely not
be used in production yet.
* systemd-nspawn now supports various options described by the OCI
runtime specification on the command-line and in .nspawn files:
--inaccessible=/Inaccessible= may be used to mask parts of the file
system tree, --console=/--pipe may be used to configure how standard
input, output, and error are set up.
* busctl learned the `emit` verb to generate D-Bus signals.
* systemd-analyze cat-config may be used to gather and display
configuration spread over multiple files, for example system and user
presets, tmpfiles.d, sysusers.d, udev rules, etc.
* systemd-analyze calendar now takes an optional new parameter
--iterations= which may be used to show a maximum number of iterations
the specified expression will elapse next.
* The sd-bus C API gained support for naming method parameters in the
introspection data.
* systemd-logind gained D-Bus APIs to specify the "reboot parameter"
the reboot() system call expects.
* journalctl learnt a new --cursor-file= option that points to a file
from which a cursor should be loaded in the beginning and to which
the updated cursor should be stored at the end.
* ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
detected by systemd-detect-virt (and may also be used in
ConditionVirtualization=).
* The behaviour of systemd-logind may now be modified with environment
variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
skip the relevant operation completely (when set to false), or to
create a flag file in /run/systemd (when set to true), instead of
actually commencing the real operation when requested. The presence
of /run/systemd/reboot-to-firmware-setup,
/run/systemd/reboot-to-boot-loader-menu, and
/run/systemd/reboot-to-boot-loader-entry, may be used by alternative
boot loader implementations to replace some steps logind performs
during reboot with their own operations.
* systemctl can be used to request a reboot into the boot loader menu
or a specific boot loader entry with the new --boot-load-menu= and
--boot-loader-entry= options to a reboot command. (This requires a
boot loader that supports this, for example sd-boot.)
* kernel-install will no longer unconditionally create the output
directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
snippets, but will do only if the machine-specific parent directory
(i.e. /efi/<machine-id>/) already exists. bootctl has been modified
to create this parent directory during sd-boot installation.
This makes it easier to use kernel-install with plugins which support
a different layout of the bootloader partitions (for example grub2).
* During package installation (with `ninja install`), we would create
symlinks for getty@tty1.service, systemd-networkd.service,
systemd-networkd.socket, systemd-resolved.service,
remote-cryptsetup.target, remote-fs.target,
systemd-networkd-wait-online.service, and systemd-timesyncd.service
in /etc, as if `systemctl enable` was called for those units, to make
the system usable immediately after installation. Now this is not
done anymore, and instead calling `systemctl preset-all` is
recommended after the first installation of systemd.
* A new boolean sandboxing option RestrictSUIDSGID= has been added that
is built on seccomp. When turned on creation of SUID/SGID files is
prohibited.
* The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
implied if DynamicUser= is turned on for a service. This hardens
these services, so that they neither can benefit from nor create
SUID/SGID executables. This is a minor compatibility breakage, given
that when DynamicUser= was first introduced SUID/SGID behaviour was
unaffected. However, the security benefit of these two options is
substantial, and the setting is still relatively new, hence we opted
to make it mandatory for services with dynamic users.
Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Warsaw, 2019-04-11 |
|
| 2019-09-12 16:51:39 |
Gianfranco Costamagna |
description |
Eoan currently has 241-7ubuntu1, Debian stable has 241 and Debian testing moved to 242 last week.
While version 241 is the safer choice for Eoan (from v241 and v242) since it is widely tested updating to v242 will allow us to carry fewer patches in Eoan and makes moving to the next release easier.
The proposed package is tested in Bileto and all tests are passing (except for a few unrelated failures):
https://bileto.ubuntu.com/#/ticket/3797
The final version will be 242-6ubuntu1 and I'm tidying up the changelog, too.
I plan merging 242-7, too, going forward but this will not need an FFe.
CHANGES WITH 242:
* In .link files, MACAddressPolicy=persistent (the default) is changed
to cover more devices. For devices like bridges, tun, tap, bond, and
similar interfaces that do not have other identifying information,
the interface name is used as the basis for persistent seed for MAC
and IPv4LL addresses. The way that devices that were handled
previously is not changed, and this change is about covering more
devices then previously by the "persistent" policy.
MACAddressPolicy=random may be used to force randomized MACs and
IPv4LL addresses for a device if desired.
Hint: the log output from udev (at debug level) was enhanced to
clarify what policy is followed and which attributes are used.
`SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
may be used to view this.
Hint: if a bridge interface is created without any slaves, and gains
a slave later, then now the bridge does not inherit slave's MAC.
To inherit slave's MAC, for example, create the following file:
```
# /etc/systemd/network/98-bridge-inherit-mac.link
[Match]
Type=bridge
[Link]
MACAddressPolicy=none
```
* The .device units generated by systemd-fstab-generator and other
generators do not automatically pull in the corresponding .mount unit
as a Wants= dependency. This means that simply plugging in the device
will not cause the mount unit to be started automatically. But please
note that the mount unit may be started for other reasons, in
particular if it is part of local-fs.target, and any unit which
(transitively) depends on local-fs.target is started.
* networkctl list/status/lldp now accept globbing wildcards for network
interface names to match against all existing interfaces.
* The $PIDFILE environment variable is set to point the absolute path
configured with PIDFile= for processes of that service.
* The fallback DNS server list was augmented with Cloudflare public DNS
servers. Use `-Ddns-servers=` to set a different fallback.
* A new special target usb-gadget.target will be started automatically
when a USB Device Controller is detected (which means that the system
is a USB peripheral).
* A new unit setting CPUQuotaPeriodSec= assigns the time period
relatively to which the CPU time quota specified by CPUQuota= is
measured.
* A new unit setting ProtectHostname= may be used to prevent services
from modifying hostname information (even if they otherwise would
have privileges to do so).
* A new unit setting NetworkNamespacePath= may be used to specify a
namespace for service or socket units through a path referring to a
Linux network namespace pseudo-file.
* The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
have an effect on .socket units: when used the listening socket is
created within the configured network namespace instead of the host
namespace.
* ExecStart= command lines in unit files may now be prefixed with ':'
in which case environment variable substitution is
disabled. (Supported for the other ExecXYZ= settings, too.)
* .timer units gained two new boolean settings OnClockChange= and
OnTimezoneChange= which may be used to also trigger a unit when the
system clock is changed or the local timezone is
modified. systemd-run has been updated to make these options easily
accessible from the command line for transient timers.
* Two new conditions for units have been added: ConditionMemory= may be
used to conditionalize a unit based on installed system
RAM. ConditionCPUs= may be used to conditionalize a unit based on
installed CPU cores.
* The @default system call filter group understood by SystemCallFilter=
has been updated to include the new rseq() system call introduced in
kernel 4.15.
* A new time-set.target has been added that indicates that the system
time has been set from a local source (possibly imprecise). The
existing time-sync.target is stronger and indicates that the time has
been synchronized with a precise external source. Services where
approximate time is sufficient should use the new target.
* "systemctl start" (and related commands) learnt a new
--show-transaction option. If specified brief information about all
jobs queued because of the requested operation is shown.
* systemd-networkd recognizes a new operation state 'enslaved', used
(instead of 'degraded' or 'carrier') for interfaces which form a
bridge, bond, or similar, and an new 'degraded-carrier' operational
state used for the bond or bridge master interface when one of the
enslaved devices is not operational.
* .network files learnt the new IgnoreCarrierLoss= option for leaving
networks configured even if the carrier is lost.
* The RequiredForOnline= setting in .network files may now specify a
minimum operational state required for the interface to be considered
"online" by systemd-networkd-wait-online. Related to this
systemd-networkd-wait-online gained a new option --operational-state=
to configure the same, and its --interface= option was updated to
optionally also take an operational state specific for an interface.
* systemd-networkd-wait-online gained a new setting --any for waiting
for only one of the requested interfaces instead of all of them.
* systemd-networkd now implements L2TP tunnels.
* Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
may be used to cause autonomous and onlink prefixes received in IPv6
Router Advertisements to be ignored.
* New MulticastFlood=, NeighborSuppression=, and Learning= .network
file settings may be used to tweak bridge behaviour.
* The new TripleSampling= option in .network files may be used to
configure CAN triple sampling.
* A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
used to point to private or preshared key for a WireGuard interface.
* /etc/crypttab now supports the same-cpu-crypt and
submit-from-crypt-cpus options to tweak encryption work scheduling
details.
* systemd-tmpfiles will now take a BSD file lock before operating on a
contents of directory. This may be used to temporarily exclude
directories from aging by taking the same lock (useful for example
when extracting a tarball into /tmp or /var/tmp as a privileged user,
which might create files with really old timestamps, which
nevertheless should not be deleted). For further details, see:
https://systemd.io/TEMPORARY_DIRECTORIES
* systemd-tmpfiles' h line type gained support for the
FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
controlling project quota inheritance.
* sd-boot and bootctl now implement support for an Extended Boot Loader
(XBOOTLDR) partition, that is intended to be mounted to /boot, in
addition to the ESP partition mounted to /efi or /boot/efi.
Configuration file fragments, kernels, initrds and other EFI images
to boot will be loaded from both the ESP and XBOOTLDR partitions.
The XBOOTLDR partition was previously described by the Boot Loader
Specification, but implementation was missing in sd-boot. Support for
this concept allows using the sd-boot boot loader in more
conservative scenarios where the boot loader itself is placed in the
ESP but the kernels to boot (and their metadata) in a separate
partition.
* A system may now be booted with systemd.volatile=overlay on the
kernel command line, which causes the root file system to be set up
an overlayfs mount combining the root-only root directory with a
writable tmpfs. In this setup, the underlying root device is not
modified, and any changes are lost at reboot.
* Similar, systemd-nspawn can now boot containers with a volatile
overlayfs root with the new --volatile=overlay switch.
* systemd-nspawn can now consume OCI runtime bundles using a new
--oci-bundle= option. This implementation is fully usable, with most
features in the specification implemented, but since this a lot of
new code and functionality, this feature should most likely not
be used in production yet.
* systemd-nspawn now supports various options described by the OCI
runtime specification on the command-line and in .nspawn files:
--inaccessible=/Inaccessible= may be used to mask parts of the file
system tree, --console=/--pipe may be used to configure how standard
input, output, and error are set up.
* busctl learned the `emit` verb to generate D-Bus signals.
* systemd-analyze cat-config may be used to gather and display
configuration spread over multiple files, for example system and user
presets, tmpfiles.d, sysusers.d, udev rules, etc.
* systemd-analyze calendar now takes an optional new parameter
--iterations= which may be used to show a maximum number of iterations
the specified expression will elapse next.
* The sd-bus C API gained support for naming method parameters in the
introspection data.
* systemd-logind gained D-Bus APIs to specify the "reboot parameter"
the reboot() system call expects.
* journalctl learnt a new --cursor-file= option that points to a file
from which a cursor should be loaded in the beginning and to which
the updated cursor should be stored at the end.
* ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
detected by systemd-detect-virt (and may also be used in
ConditionVirtualization=).
* The behaviour of systemd-logind may now be modified with environment
variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
skip the relevant operation completely (when set to false), or to
create a flag file in /run/systemd (when set to true), instead of
actually commencing the real operation when requested. The presence
of /run/systemd/reboot-to-firmware-setup,
/run/systemd/reboot-to-boot-loader-menu, and
/run/systemd/reboot-to-boot-loader-entry, may be used by alternative
boot loader implementations to replace some steps logind performs
during reboot with their own operations.
* systemctl can be used to request a reboot into the boot loader menu
or a specific boot loader entry with the new --boot-load-menu= and
--boot-loader-entry= options to a reboot command. (This requires a
boot loader that supports this, for example sd-boot.)
* kernel-install will no longer unconditionally create the output
directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
snippets, but will do only if the machine-specific parent directory
(i.e. /efi/<machine-id>/) already exists. bootctl has been modified
to create this parent directory during sd-boot installation.
This makes it easier to use kernel-install with plugins which support
a different layout of the bootloader partitions (for example grub2).
* During package installation (with `ninja install`), we would create
symlinks for getty@tty1.service, systemd-networkd.service,
systemd-networkd.socket, systemd-resolved.service,
remote-cryptsetup.target, remote-fs.target,
systemd-networkd-wait-online.service, and systemd-timesyncd.service
in /etc, as if `systemctl enable` was called for those units, to make
the system usable immediately after installation. Now this is not
done anymore, and instead calling `systemctl preset-all` is
recommended after the first installation of systemd.
* A new boolean sandboxing option RestrictSUIDSGID= has been added that
is built on seccomp. When turned on creation of SUID/SGID files is
prohibited.
* The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
implied if DynamicUser= is turned on for a service. This hardens
these services, so that they neither can benefit from nor create
SUID/SGID executables. This is a minor compatibility breakage, given
that when DynamicUser= was first introduced SUID/SGID behaviour was
unaffected. However, the security benefit of these two options is
substantial, and the setting is still relatively new, hence we opted
to make it mandatory for services with dynamic users.
Contributions from: Adam Jackson, Alexander Tsoy, Andrey Yashkin,
Andrzej Pietrasiewicz, Anita Zhang, Balint Reczey, Beniamino Galvani,
Ben Iofel, Benjamin Berg, Benjamin Dahlhoff, Chris, Chris Morin,
Christopher Wong, Claudius Ellsel, Clemens Gruber, dana, Daniel Black,
Davide Cavalca, David Michael, David Rheinsberg, emersion, Evgeny
Vereshchagin, Filipe Brandenburger, Franck Bui, Frantisek Sumsal,
Giacinto Cifelli, Hans de Goede, Hugo Kindel, Ignat Korchagin, Insun
Pyo, Jan Engelhardt, Jonas Dorel, Jonathan Lebon, Jonathon Kowalski,
Jörg Sommer, Jörg Thalheim, Jussi Pakkanen, Kai-Heng Feng, Lennart
Poettering, Lubomir Rintel, Luís Ferreira, Martin Pitt, Matthias
Klumpp, Michael Biebl, Michael Niewöhner, Michael Olbrich, Michal
Sekletar, Mike Lothian, Paul Menzel, Piotr Drąg, Riccardo Schirone,
Robin Elvedi, Roman Kulikov, Ronald Tschalär, Ross Burton, Ryan
Gonzalez, Sebastian Krzyszkowiak, Stephane Chazelas, StKob, Susant
Sahani, Sylvain Plantefève, Szabolcs Fruhwald, Taro Yamada, Theo
Ouzhinski, Thomas Haller, Tobias Jungel, Tom Yan, Tony Asleson, Topi
Miettinen, unixsysadmin, Van Laser, Vesa Jääskeläinen, Yu, Li-Yu,
Yu Watanabe, Zbigniew Jędrzejewski-Szmek
— Warsaw, 2019-04-11 |
Eoan currently has 241-7ubuntu1, Debian stable has 241 and Debian testing moved to 242 last week.
While version 241 is the safer choice for Eoan (from v241 and v242) since it is widely tested updating to v242 will allow us to carry fewer patches in Eoan and makes moving to the next release easier.
The proposed package is tested in Bileto and all tests are passing (except for a few unrelated failures):
https://bileto.ubuntu.com/#/ticket/3797
The final version will be 242-6ubuntu1 and I'm tidying up the changelog, too.
I plan merging 242-7, too, going forward but this will not need an FFe.
CHANGES WITH 242:
* In .link files, MACAddressPolicy=persistent (the default) is changed
to cover more devices. For devices like bridges, tun, tap, bond, and
similar interfaces that do not have other identifying information,
the interface name is used as the basis for persistent seed for MAC
and IPv4LL addresses. The way that devices that were handled
previously is not changed, and this change is about covering more
devices then previously by the "persistent" policy.
MACAddressPolicy=random may be used to force randomized MACs and
IPv4LL addresses for a device if desired.
Hint: the log output from udev (at debug level) was enhanced to
clarify what policy is followed and which attributes are used.
`SYSTEMD_LOG_LEVEL=debug udevadm test-builtin net_setup_link /sys/class/net/<name>`
may be used to view this.
Hint: if a bridge interface is created without any slaves, and gains
a slave later, then now the bridge does not inherit slave's MAC.
To inherit slave's MAC, for example, create the following file:
```
# /etc/systemd/network/98-bridge-inherit-mac.link
[Match]
Type=bridge
[Link]
MACAddressPolicy=none
```
* The .device units generated by systemd-fstab-generator and other
generators do not automatically pull in the corresponding .mount unit
as a Wants= dependency. This means that simply plugging in the device
will not cause the mount unit to be started automatically. But please
note that the mount unit may be started for other reasons, in
particular if it is part of local-fs.target, and any unit which
(transitively) depends on local-fs.target is started.
* networkctl list/status/lldp now accept globbing wildcards for network
interface names to match against all existing interfaces.
* The $PIDFILE environment variable is set to point the absolute path
configured with PIDFile= for processes of that service.
* The fallback DNS server list was augmented with Cloudflare public DNS
servers. Use `-Ddns-servers=` to set a different fallback.
* A new special target usb-gadget.target will be started automatically
when a USB Device Controller is detected (which means that the system
is a USB peripheral).
* A new unit setting CPUQuotaPeriodSec= assigns the time period
relatively to which the CPU time quota specified by CPUQuota= is
measured.
* A new unit setting ProtectHostname= may be used to prevent services
from modifying hostname information (even if they otherwise would
have privileges to do so).
* A new unit setting NetworkNamespacePath= may be used to specify a
namespace for service or socket units through a path referring to a
Linux network namespace pseudo-file.
* The PrivateNetwork= setting and JoinsNamespaceOf= dependencies now
have an effect on .socket units: when used the listening socket is
created within the configured network namespace instead of the host
namespace.
* ExecStart= command lines in unit files may now be prefixed with ':'
in which case environment variable substitution is
disabled. (Supported for the other ExecXYZ= settings, too.)
* .timer units gained two new boolean settings OnClockChange= and
OnTimezoneChange= which may be used to also trigger a unit when the
system clock is changed or the local timezone is
modified. systemd-run has been updated to make these options easily
accessible from the command line for transient timers.
* Two new conditions for units have been added: ConditionMemory= may be
used to conditionalize a unit based on installed system
RAM. ConditionCPUs= may be used to conditionalize a unit based on
installed CPU cores.
* The @default system call filter group understood by SystemCallFilter=
has been updated to include the new rseq() system call introduced in
kernel 4.15.
* A new time-set.target has been added that indicates that the system
time has been set from a local source (possibly imprecise). The
existing time-sync.target is stronger and indicates that the time has
been synchronized with a precise external source. Services where
approximate time is sufficient should use the new target.
* "systemctl start" (and related commands) learnt a new
--show-transaction option. If specified brief information about all
jobs queued because of the requested operation is shown.
* systemd-networkd recognizes a new operation state 'enslaved', used
(instead of 'degraded' or 'carrier') for interfaces which form a
bridge, bond, or similar, and an new 'degraded-carrier' operational
state used for the bond or bridge master interface when one of the
enslaved devices is not operational.
* .network files learnt the new IgnoreCarrierLoss= option for leaving
networks configured even if the carrier is lost.
* The RequiredForOnline= setting in .network files may now specify a
minimum operational state required for the interface to be considered
"online" by systemd-networkd-wait-online. Related to this
systemd-networkd-wait-online gained a new option --operational-state=
to configure the same, and its --interface= option was updated to
optionally also take an operational state specific for an interface.
* systemd-networkd-wait-online gained a new setting --any for waiting
for only one of the requested interfaces instead of all of them.
* systemd-networkd now implements L2TP tunnels.
* Two new .network settings UseAutonomousPrefix= and UseOnLinkPrefix=
may be used to cause autonomous and onlink prefixes received in IPv6
Router Advertisements to be ignored.
* New MulticastFlood=, NeighborSuppression=, and Learning= .network
file settings may be used to tweak bridge behaviour.
* The new TripleSampling= option in .network files may be used to
configure CAN triple sampling.
* A new .netdev settings PrivateKeyFile= and PresharedKeyFile= may be
used to point to private or preshared key for a WireGuard interface.
* /etc/crypttab now supports the same-cpu-crypt and
submit-from-crypt-cpus options to tweak encryption work scheduling
details.
* systemd-tmpfiles will now take a BSD file lock before operating on a
contents of directory. This may be used to temporarily exclude
directories from aging by taking the same lock (useful for example
when extracting a tarball into /tmp or /var/tmp as a privileged user,
which might create files with really old timestamps, which
nevertheless should not be deleted). For further details, see:
https://systemd.io/TEMPORARY_DIRECTORIES
* systemd-tmpfiles' h line type gained support for the
FS_PROJINHERIT_FL ('P') file attribute (introduced in kernel 4.5),
controlling project quota inheritance.
* sd-boot and bootctl now implement support for an Extended Boot Loader
(XBOOTLDR) partition, that is intended to be mounted to /boot, in
addition to the ESP partition mounted to /efi or /boot/efi.
Configuration file fragments, kernels, initrds and other EFI images
to boot will be loaded from both the ESP and XBOOTLDR partitions.
The XBOOTLDR partition was previously described by the Boot Loader
Specification, but implementation was missing in sd-boot. Support for
this concept allows using the sd-boot boot loader in more
conservative scenarios where the boot loader itself is placed in the
ESP but the kernels to boot (and their metadata) in a separate
partition.
* A system may now be booted with systemd.volatile=overlay on the
kernel command line, which causes the root file system to be set up
an overlayfs mount combining the root-only root directory with a
writable tmpfs. In this setup, the underlying root device is not
modified, and any changes are lost at reboot.
* Similar, systemd-nspawn can now boot containers with a volatile
overlayfs root with the new --volatile=overlay switch.
* systemd-nspawn can now consume OCI runtime bundles using a new
--oci-bundle= option. This implementation is fully usable, with most
features in the specification implemented, but since this a lot of
new code and functionality, this feature should most likely not
be used in production yet.
* systemd-nspawn now supports various options described by the OCI
runtime specification on the command-line and in .nspawn files:
--inaccessible=/Inaccessible= may be used to mask parts of the file
system tree, --console=/--pipe may be used to configure how standard
input, output, and error are set up.
* busctl learned the `emit` verb to generate D-Bus signals.
* systemd-analyze cat-config may be used to gather and display
configuration spread over multiple files, for example system and user
presets, tmpfiles.d, sysusers.d, udev rules, etc.
* systemd-analyze calendar now takes an optional new parameter
--iterations= which may be used to show a maximum number of iterations
the specified expression will elapse next.
* The sd-bus C API gained support for naming method parameters in the
introspection data.
* systemd-logind gained D-Bus APIs to specify the "reboot parameter"
the reboot() system call expects.
* journalctl learnt a new --cursor-file= option that points to a file
from which a cursor should be loaded in the beginning and to which
the updated cursor should be stored at the end.
* ACRN hypervisor and Windows Subsystem for Linux (WSL) are now
detected by systemd-detect-virt (and may also be used in
ConditionVirtualization=).
* The behaviour of systemd-logind may now be modified with environment
variables $SYSTEMD_REBOOT_TO_FIRMWARE_SETUP,
$SYSTEMD_REBOOT_TO_BOOT_LOADER_MENU, and
$SYSTEMD_REBOOT_TO_BOOT_LOADER_ENTRY. They cause logind to either
skip the relevant operation completely (when set to false), or to
create a flag file in /run/systemd (when set to true), instead of
actually commencing the real operation when requested. The presence
of /run/systemd/reboot-to-firmware-setup,
/run/systemd/reboot-to-boot-loader-menu, and
/run/systemd/reboot-to-boot-loader-entry, may be used by alternative
boot loader implementations to replace some steps logind performs
during reboot with their own operations.
* systemctl can be used to request a reboot into the boot loader menu
or a specific boot loader entry with the new --boot-load-menu= and
--boot-loader-entry= options to a reboot command. (This requires a
boot loader that supports this, for example sd-boot.)
* kernel-install will no longer unconditionally create the output
directory (e.g. /efi/<machine-id>/<kernel-version>) for boot loader
snippets, but will do only if the machine-specific parent directory
(i.e. /efi/<machine-id>/) already exists. bootctl has been modified
to create this parent directory during sd-boot installation.
This makes it easier to use kernel-install with plugins which support
a different layout of the bootloader partitions (for example grub2).
* During package installation (with `ninja install`), we would create
symlinks for getty@tty1.service, systemd-networkd.service,
systemd-networkd.socket, systemd-resolved.service,
remote-cryptsetup.target, remote-fs.target,
systemd-networkd-wait-online.service, and systemd-timesyncd.service
in /etc, as if `systemctl enable` was called for those units, to make
the system usable immediately after installation. Now this is not
done anymore, and instead calling `systemctl preset-all` is
recommended after the first installation of systemd.
* A new boolean sandboxing option RestrictSUIDSGID= has been added that
is built on seccomp. When turned on creation of SUID/SGID files is
prohibited.
* The NoNewPrivileges= and the new RestrictSUIDSGID= options are now
implied if DynamicUser= is turned on for a service. This hardens
these services, so that they neither can benefit from nor create
SUID/SGID executables. This is a minor compatibility breakage, given
that when DynamicUser= was first introduced SUID/SGID behaviour was
unaffected. However, the security benefit of these two options is
substantial, and the setting is still relatively new, hence we opted
to make it mandatory for services with dynamic users. |
|
