NEWS: more entries and some rewordings

2019-07-30 16:21:21 +02:00 · 2019-07-30 16:21:21 +02:00 · 4860f5c2ae
parent 7c6de13f1b
commit 4860f5c2ae
1 changed files with 93 additions and 63 deletions
--- a/156
+++ b/156
@ -28,22 +28,22 @@ CHANGES WITH 243 in spe:
          killed. With this change behaviour is thus adjusted to match the
          documentation.
-        * The "kernel.pid_max" sysctl is now bumped to 4194304 by default,
+        * On 64 bit systems, the "kernel.pid_max" sysctl is now bumped to
-          i.e. the full 22bit range the kernel allows, up from the old 16bit
+          4194304 by default, i.e. the full 22bit range the kernel allows, up
-          range. This should improve security and robustness a bit, as PID
+          from the old 16bit range. This should improve security and
-          collisions are made less likely (though certainly still
+          robustness, as PID collisions are made less likely (though certainly
-          possible). There are rumours this might create compatibility
+          still possible). There are rumours this might create compatibility
          problems, though at this moment no practical ones are known to
          us. Downstream distributions are hence advised to undo this change in
          their builds if they are concerned about maximum compatibility, but
          for everybody else we recommend leaving the value bumped. Besides
          improving security and robustness this should also simplify things as
          the maximum number of allowed concurrent tasks was previously bounded
-          by both "kernel.pid_max" and "kernel.threads-max" and now only a
+          by both "kernel.pid_max" and "kernel.threads-max" and now effectively
-          single knob is left ("kernel.threads-max"). There have been concerns
+          only a single knob is left ("kernel.threads-max"). There have been
-          that usability is affected by this change because larger PID numbers
+          concerns that usability is affected by this change because larger PID
-          are harder to type, but we believe the change from 5 digit PIDs to 7
+          numbers are harder to type, but we believe the change from 5 digits
-          digit PIDs is not too hampering for usability.
+          to 7 digits doesn't hamper usability.
        * MemoryLow= and MemoryMin= gained hierarchy-aware counterparts,
          DefaultMemoryLow= and DefaultMemoryMin=, which can be used to
@ -70,13 +70,13 @@ CHANGES WITH 243 in spe:
        * Man pages are not built by default anymore (html pages were already
          disabled by default), to make development builds quicker. When
          building systemd for a full installation with documentation, meson
-          should be called with -Dman=true and/or -Dhtml=true as
+          should be called with -Dman=true and/or -Dhtml=true as appropriate.
-          appropriate. The default was changed based on the assumption that
+          The default was changed based on the assumption that quick one-off or
-          quick one-off or repeated development builds are much more common
+          repeated development builds are much more common than full optimized
-          than full optimized builds for installation, and people need to pass
+          builds for installation, and people need to pass various other
-          various other options to when doing "proper" builds anyway, so the
+          options to when doing "proper" builds anyway, so the gain from making
-          gain from making development builds quicker is bigger than the one
+          development builds quicker is bigger than the one time disruption for
-          time disruption for packagers.
+          packagers.
          Two scripts are created in the *build* directory to generate and
          preview man and html pages on demand, e.g.:
@ -85,7 +85,7 @@ CHANGES WITH 243 in spe:
          build/man/html systemd.index
        * libidn2 is used by default if both libidn2 and libidn are installed.
-          Please use -Dlibidn=true when libidn is favorable.
+          Please use -Dlibidn=true if libidn is preferred.
        * The D-Bus "wire format" of the CPUAffinity= attribute is changed on
          big-endian machines. Before, bytes were written and read in native
@ -105,11 +105,6 @@ CHANGES WITH 243 in spe:
          long number (with the length varying by architecture), so they can be
          unambiguously distinguished.
        * SuccessExitStatus=, RestartPreventExitStatus=, and
          RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
          is equivalent to "65"). systemd-analyze learnt a new 'exit-status'
          verb to display those exit status name mappings.
        * /usr/sbin/halt.local is no longer supported. Implementation in
          distributions was inconsistent and it seems this functionality was
          very rarely used.
@ -151,7 +146,7 @@ CHANGES WITH 243 in spe:
        * Services may now send a special WATCHDOG=trigger message with
          sd_notify() to trigger an immediate "watchdog missed" event, and thus
-          request service take down. This is useful both for testing watchdog
+          trigger service termination. This is useful both for testing watchdog
          handling, but also for defining error paths in services, that shall
          be handled the same way as watchdog events.
@ -196,14 +191,20 @@ CHANGES WITH 243 in spe:
        * systemd-resolved "Cache=" configuration option in resolved.conf has
          been extended to also accept the 'no-negative' value. Previously,
          only a boolean option was allowed (yes/no), having yes as the
-          default.  If this option is set to 'no-negative', negative answers
+          default. If this option is set to 'no-negative', negative answers are
-          are skipped from being cached while keeping the same cache heuristics
+          not cached while the old cache heuristics are used positive answers.
-          for positive answers.  The default remains as "yes" (i.e. caching is
+          The default remains unchanged.
          enabled).
        * The predictable naming scheme for network devices now supports
          generating predictable names for "netdevsim" devices.
          Moreover, the "en" prefix was dropped from the ID_NET_NAME_ONBOARD
          udev property.
          Those two changes form a new net.naming-policy-scheme= entry.
          Distributions which want to preserve naming stability may want to set
          the -Ddefault-net-naming-scheme= configuration option.
        * systemd-networkd now supports MACsec, nlmon, IPVTAP and Xfrm
          interfaces natively.
@ -267,6 +268,9 @@ CHANGES WITH 243 in spe:
          SpeedMeterIntervalSec=, to measure bitrate of network interfaces. The
          measured speed may be shown by 'networkctl status'.
        * "networkctl status" now displays MTU and queue lengths, and more
          detailed information about VXLAN and bridge devices.
        * systemd-networkd's .network and .link files gained a new Property=
          setting in the [Match] section, to match against devices with
          specific udev properties.
@ -281,39 +285,55 @@ CHANGES WITH 243 in spe:
        * A new tool systemd-network-generator has been added that may generate
          .network, .netdev and .link files from IP configuration specified on
-          the kernel command line, compatible with the format Dracut expects.
+          the kernel command line in the format used by Dracut.
        * The CriticalConnection= setting in .network files is now deprecated,
          and replaced by a new KeepConfiguration= setting which allows more
          detailed configuration of the IP configuration to keep in place.
-        * systemd-analyze gained a new "timestamp" verb for parsing and
+        * systemd-analyze gained a few new verbs:
-          converting timestamps. It's similar to the existing "systemd-analyze
+
-          calendar" command which does the same for recurring calendar
+          - "systemd-analyze timestamp" parses and converts timestamps. This is
-          events. It also gained a new "condition" verb for parsing and testing
+            similar to the existing "systemd-analyze calendar" command which
-          ConditionXYZ= expressions.
+            does the same for recurring calendar events.
          - "systemd-analyze timespan" parses and converts timespans (i.e.
            durations as opposed to points in time).
          - "systemd-analyze condition" will parse and test ConditionXYZ=
            expressions.
          - "systemd-analyze exit-status" will parse and convert exit status
            codes to their names and back.
          - "systemd-analyze unit-files" will print a list of all unit
            file paths and unit aliases.
        * SuccessExitStatus=, RestartPreventExitStatus=, and
          RestartForceExitStatus= now accept exit status names (e.g. "DATAERR"
          is equivalent to "65"). Those exit status name mappings may be
          displayed with the sytemd-analyze exit-status verb describe above.
        * systemd-logind now exposes a per-session SetBrightness() bus call,
          which may be used to securely change the brightness of a kernel
          brightness device, if it belongs to the session's seat. By using this
          call unprivileged clients can make changes to "backlight" and "leds"
-          devices securely with strict requirements on session
+          devices securely with strict requirements on session membership.
-          membership. Desktop environments may use this to generically make
+          Desktop environments may use this to generically make brightness
-          brightness changes to such devices without shipping private SUID
+          changes to such devices without shipping private SUID binaries or
-          binaries or specific udev rules for that purpose.
+          udev rules for that purpose.
        * "udevadm info" gained a --wait-for-initialization switch to wait for
          a device to be initialized.
        * systemd-hibernate-resume-generator will now look for resumeflags= on
          the kernel command line, which is similar to rootflags= and may be
-          used to configure device timeouts for waiting for the hibernation
+          used to configure device timeout for the hibernation device.
          device to show up.
        * sd-event learnt a new API call sd_event_source_disable_unref() for
          disabling and unref'ing an event source in a single function. A
          related call sd_event_source_disable_unrefp() has been added for use
-          with GCC's cleanup extension.
+          with gcc's cleanup extension.
        * The sd-id128.h public API gained a new definition
          SD_ID128_UUID_FORMAT_STR for formatting a 128bit ID in UUID format
@ -328,27 +348,26 @@ CHANGES WITH 243 in spe:
          kernel command line option systemd.status_unit_format=.
        * PID 1 now understands a new option KExecWatchdogSec= in
-          /etc/systemd/system.conf. It allows configuration of a watchdog
+          /etc/systemd/system.conf to set a watchdog timeout for kexec reboots.
-          timeout to write to a hardware watchdog device on kexec-based
+          Previously watchdog functionality was only available for regular
-          reboots. Previously this functionality was only available for regular
+          reboots. The new setting defaults to off, because we don't know in
-          reboots. This option defaults to off, since it depends on drivers and
+          the general case if the watchdog will be reset after kexec (some
-          software setup whether the watchdog is correctly reset again after
+          drivers do reset it, but not all), and the new userspace might not be
-          the kexec completed, and thus for the general case not clear if safe
+          configured to handle the watchdog.
-          (since it might cause unwanted watchdog reboots after the kexec
+
-          completed otherwise). Moreover, the old ShutdownWatchdogSec= setting
+          Moreover, the old ShutdownWatchdogSec= setting has been renamed to
-          has been renamed to RebootWatchdogSec= to more clearly communicate
+          RebootWatchdogSec= to more clearly communicate what it is about. The
-          what it is about. The old name of the setting is still accepted for
+          old name is still accepted for compatibility.
          compatibility.
        * The systemd.debug_shell kernel command line option now optionally
-          takes a tty name to spawn the debug shell on, which allows selecting
+          takes a tty name to spawn the debug shell on, which allows a
-          a different tty than the built-in default.
+          different tty to be selected than the built-in default.
        * Service units gained a new ExecCondition= setting which will run
          before ExecStartPre= and either continue execution of the unit (for
          clean exit codes), stop execution without marking the unit failed
          (for exit codes 1 through 254), or stop execution and fail the unit
-          (for exit code 255 or cases of abnormal termination).
+          (for exit code 255 or abnormal termination).
        * A new service systemd-pstore.service has been added that pulls data
          from /sys/fs/pstore/ and saves it to /var/lib/pstore for later
@ -368,25 +387,36 @@ CHANGES WITH 243 in spe:
          true for the service to enable this behaviour, but please consult the
          documentation first, since this comes with a couple of caveats.
-        * systemd-random-seed.service is now a synchronization point for the
+        * systemd-random-seed.service is now a synchronization point for full
-          point in time where the kernel's entropy pool is fully
+          initialization of the kernel's entropy pool. Services that require
-          initialized. Order services that require /dev/urandom to be correctly
+          /dev/urandom to be correctly initialized should be ordered after this
-          initialized after this service.
+          service.
        * The systemd-boot boot loader has been updated to optionally maintain
          a random seed file in the EFI System Partition (ESP). During the boot
          phase, this random seed is read and updated with a new seed
-          crytographically derived from it. Another derived seed is passed to
+          cryptographically derived from it. Another derived seed is passed to
          the OS. The latter seed is then credited to the kernel's entropy pool
          very early during userspace initialization (from PID 1). This allows
          systems to boot up with a fully initialized kernel entropy pool from
          earliest boot on, and thus entirely removes all entropy pool
          initialization delays from systems using systemd-boot. Special care
          is taken to ensure different seeds are derived on system images
-          replicated to multiple systems.
+          replicated to multiple systems. "bootctl status" will show whether
          a seed was received from the boot loader.
-        * bootctl gained a new verb "is-installed" that checks whether
+        * bootctl gained two new verbs:
-          systemd-boot is currently installed.
+
          - "bootctl random-seed" will generate the file in ESP and an EFI
            variable to allow a random seed to be passed to the OS as described
            above.
          - "bootctl is-installed" checks whether systemd-boot is currently
            installed.
        * bootctl will warn if it detects that boot entries are misconfigured
          (for example if the kernel image was removed without purging the
          bootloader entry).
        * A new document has been added describing systemd's use and support
          for the kernel's entropy pool subsystem: