NEWS: reorder entries a bit and add a few items
This commit is contained in:
parent
8b25484af3
commit
337f0b0094
41
NEWS
41
NEWS
|
@ -74,6 +74,18 @@ CHANGES WITH 246:
|
||||||
notation when the 0o prefix is used and binary notation if the 0b
|
notation when the 0o prefix is used and binary notation if the 0b
|
||||||
prefix is used.
|
prefix is used.
|
||||||
|
|
||||||
|
* Various command line parameters and configuration file settings that
|
||||||
|
configure key or certificate files now optionally take paths to
|
||||||
|
AF_UNIX sockets in the file system. If configured that way a stream
|
||||||
|
connection is made to the socket and the required data read from
|
||||||
|
it. This is a simple and natural extension to the existing regular
|
||||||
|
file logic, and permits other software to provide keys or
|
||||||
|
certificates via simple IPC services, for example when unencrypted
|
||||||
|
storage on disk is not desired. Specifically, systemd-networkd's
|
||||||
|
Wireguard and MACSEC key file settings as well as
|
||||||
|
systemd-journal-gatewayd's and systemd-journal-remote's PEM
|
||||||
|
key/certificate parameters support this now.
|
||||||
|
|
||||||
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
|
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
|
||||||
configuration files that support specifier expansion learnt six new
|
configuration files that support specifier expansion learnt six new
|
||||||
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
|
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
|
||||||
|
@ -100,6 +112,12 @@ CHANGES WITH 246:
|
||||||
read and even write access to all these otherwise unmappable files,
|
read and even write access to all these otherwise unmappable files,
|
||||||
which is quite likely a major security problem.
|
which is quite likely a major security problem.
|
||||||
|
|
||||||
|
* nss-mymachines lost support for resolution of users and groups, and
|
||||||
|
now only does resolution of hostnames. This functionality is now
|
||||||
|
provided by nss-systemd. Thus, the 'mymachines' entry should be
|
||||||
|
removed from the 'passwd:' and 'group:' lines in /etc/nsswitch.conf
|
||||||
|
(and 'systemd' added if it is not already there).
|
||||||
|
|
||||||
* A new kernel command line option systemd.hostname= has been added
|
* A new kernel command line option systemd.hostname= has been added
|
||||||
that allows controlling the hostname that is initialized early during
|
that allows controlling the hostname that is initialized early during
|
||||||
boot.
|
boot.
|
||||||
|
@ -259,10 +277,11 @@ CHANGES WITH 246:
|
||||||
interface. There are new "up" and "down" commands to bring specific
|
interface. There are new "up" and "down" commands to bring specific
|
||||||
interfaces up or down.
|
interfaces up or down.
|
||||||
|
|
||||||
* systemd-resolved's DNS= configuration option now optionally accepts
|
* systemd-resolved's DNS= configuration option now optionally accepts a
|
||||||
DNS server addresses suffixed by "#" followed by a host name. If
|
port number (after ":") and a host name (after "#"). When the host
|
||||||
used, the DNS-over-TLS certificate is validated to match the
|
name is specified, the DNS-over-TLS certificate is validated to match
|
||||||
specified hostname.
|
the specified hostname. Additionally, in case of IPv6 addresses, an
|
||||||
|
interface may be specified (after "%").
|
||||||
|
|
||||||
* systemd-resolved may be configured to forward single-label DNS names.
|
* systemd-resolved may be configured to forward single-label DNS names.
|
||||||
This is not standard-conformant, but may make sense in setups where
|
This is not standard-conformant, but may make sense in setups where
|
||||||
|
@ -535,17 +554,9 @@ CHANGES WITH 246:
|
||||||
LogControl1 D-Bus API which allows clients to change log level +
|
LogControl1 D-Bus API which allows clients to change log level +
|
||||||
target of the service during runtime.
|
target of the service during runtime.
|
||||||
|
|
||||||
* Various command line parameters and configuration file settings that
|
* Only relevant for developers: the mkosi.default symlink has been
|
||||||
configure key or certificate files now optionally take paths to
|
dropped from version control. Please create a symlink to one of the
|
||||||
AF_UNIX sockets in the file system. If configured that way a stream
|
distribution-specific defaults in .mkosi/ based on your preference.
|
||||||
connection is made to the socket and the required data read from
|
|
||||||
it. This is a simple and natural extension to the existing regular
|
|
||||||
file logic, and permits other software to provide keys or
|
|
||||||
certificates via simple IPC services, for example when unencrypted
|
|
||||||
storage on disk is not desired. Specifically, systemd-networkd's
|
|
||||||
Wireguard and MACSEC key file settings as well as
|
|
||||||
systemd-journal-gatewayd's and systemd-journal-remote's PEM
|
|
||||||
key/certificate parameters support this now.
|
|
||||||
|
|
||||||
Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
|
Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
|
||||||
Malafeev, Alin Popa, Alvin Šipraga, Amos Bird, Andreas Rammhold,
|
Malafeev, Alin Popa, Alvin Šipraga, Amos Bird, Andreas Rammhold,
|
||||||
|
|
Loading…
Reference in New Issue