i-systemd 252 ifika nokusekelwa kwe-UKI, ukuthuthukiswa nokunye

Darkcrizt

Imizuzu ye-5

i-systemd

i-systemd iqoqo lamadaemoni okuphatha uhlelo, imitapo yolwazi, namathuluzi aklanywe njengendawo emaphakathi yokucushwa kanye nenkundla yokuphatha yokuhlangana ne-kernel yesistimu. 

Ngemuva kwezinyanga ezinhlanu zentuthuko ukukhishwa kwenguqulo entsha ye-systemd 252 imenyezelwe, inguqulo lapho ushintsho olubalulekile enguqulweni entsha kwaba ukuhlanganiswa kwe ukusekelwa kwe- inqubo ye-boot eyenziwe yesimanje, okuvumela ukuqinisekiswa hhayi kuphela i-kernel ne-bootloader, kodwa futhi izingxenye zemvelo yesistimu engaphansi usebenzisa amasignesha edijithali.

Indlela ehlongozwayo ibandakanya ukusetshenziswa kwesithombe se-kernel esihlanganisiwe se-UKI (Isithombe se-kernel esihlanganisiwe) silayishiwe, esihlanganisa umshayeli wokulayisha i-kernel esuka ku-UEFI (UEFI boot stub), isithombe se-Linux kernel, kanye nemvelo yesistimu ye-initrd elayishwe kumemori, esetshenziselwa ukuqaliswa kokuqala esigabeni sangaphambilini ku-FS root mount. .

I-Boot Ethembekile
I-athikili ehlobene:
Bahlongoza ukwenza inqubo ye-Linux boot ibe yesimanje

Ikakhulukazi, izinzuzo i-systemd-cryptsetup, systemd-cryptenroll kanye ne-systemd-cred ishintshiwe ukusebenzisa lolu lwazi, ukuze uqiniseke ukuthi izingxenye zediski ezibethelwe ziboshelwe ku-kernel esayiniwe ngokwedijithali (kulokhu, ukufinyelela kuhlukanisa okubethelwe kunikezwa kuphela uma isithombe se-UKI siphumelele ukuqinisekiswa okusekelwe kusiginesha yedijithali). ku-TPM).

Ngaphezu kwalokho, insiza ye-systemd-pcrphase ifakiwe, ekuvumela ukuthi ulawule ukuboshwa kwezigaba zokuqalisa ezahlukahlukene kumapharamitha abekwe enkumbulweni ngama-cryptoprocessors asekela ukucaciswa kwe-TPM 2.0 (isibonelo, ungenza ukhiye wokuhlukanisa we-LUKS2 utholakale kuphela esithombeni sokuqala futhi uvimbele ukufinyelela kukho ekulandiseni okulandelayo).

Izici ezintsha eziyinhloko ze-systemd 252

Ezinye izinguquko ezigqamayo ku-systemd 252, ukuthi sngenze isiqiniseko sokuthi indawo ezenzakalelayo ithi C.UTF-8 uma kungekho enye indawo eshiwo ekucushweni.

Ngaphezu kwalokho ku-systemd 252 futhi isebenzise ikhono lokwenza umsebenzi ogcwele wokusetha kabusha isevisi ("i-systemctl preset") ngesikhathi sokuqalisa kokuqala. Ukunika amandla ukusetha ngaphambilini ngesikhathi sokuqalisa kudinga ukwakhiwa ngenketho ethi "-Dfirst-boot-full-preset", kodwa kuhlelwe ukuthi kunikwe amandla ngokuzenzakalela ekukhishweni okuzayo.

Kumayunithi okuphatha abasebenzisi sebenzisa isilawuli sensiza ye-CPU, okwenze kwaba nokwenzeka ukuqinisekisa ukuthi isilungiselelo se-CPUWeight sisetshenziswa kuwo wonke amayunithi ocezu asetshenziselwa ukuhlukanisa isistimu ibe izingcezu (app.slice, background.slice, session.slice) ukuze kuhlukaniswe izinsiza phakathi kwamasevisi ahlukahlukene abasebenzisi, aqhudelana nezinsiza ze-CPU. I-CPUWeight futhi isekela inani "elingenzi lutho" ukuze liqalise imodi yokuqashisa efanele.

Ngakolunye uhlangothi, kunqubo yokuqalisa (PID 1), yengeze ikhono lokungenisa izifakazelo kusuka ezinkambini ze-SMBIOS (Uhlobo 11, "amaketango abahlinzeki be-OEM") kanye nokuwachaza nge-qemu_fwcfg, okwenza kube lula ukunikeza izifakazelo emishinini ebonakalayo futhi eqeda isidingo samathuluzi ezinkampani zangaphandle njenge-cloud -init kanye nokubasa.

Phakathi nokuvala shaqa, ingqondo yokwehliswa kwezinhlelo zamafayela abonakalayo (i-proc, i-sys) yashintshwa, futhi ulwazi olumayelana nezinqubo ezivimbela ukwehliswa kwesistimu yefayela lulondolozwa kulogi.

I-sd bootloader yengeze amandla okuqalisa ngemodi exubile, isebenzisa i-64-bit Linux kernel kusuka ku-32-bit UEFI firmware. Kwengezwe amandla okuhlola ukuze usebenzise ngokuzenzakalelayo okhiye be-SecureBoot kusukela kumafayela atholakala ku-ESP (EFI System Partition).

Kwengezwe izinketho ezintsha ku-bootctl utility "-all-architectures" ukufaka amabhanari azo zonke izakhiwo ze-EFI ezisekelwayo, «-impande=” kanye “–isithombe=»ukusebenza ngohla lwemibhalo noma ngesithombe sediski, «--faka-umthombo=»ukuchaza ifonti ezofakwa, «-efi-boot-option-description=»ukulawula amagama okufakwa ebhuthini.

Kwezinye izinguquko lokho kuphuma ku-systemd 252:

  • i-systemd-nspawn ivumela ukusetshenziswa kwemizila yefayela ehlobene kuzinketho ze-“-bind=" kanye ne-“–overlay=". Kwengezwe usekelo lwenketho ye-'rootidmap' kunketho ethi "–bind=" ukuze ubophe i-ID yomsebenzisi oyimpande esitsheni kumnikazi wohla lwemibhalo olufakwe kuhlangothi losokhaya.
  • i-systemd-resolved isebenzisa iphakheji ye-OpenSSL njengesipele sokubethela ngokuzenzakalelayo (usekelo lwe-gnutls lugcinwa njengenketho). Ama-algorithms we-DNSSEC angasekelwe manje athathwa njengokungavikelekile esikhundleni sokubuyisela iphutha (SERVFAIL).
  • i-systemd-sysusers, i-systemd-tmpfiles, ne-systemd-sysctl zisebenzisa ikhono lokudlulisa ukucushwa ngendlela yokugcina imininingwane.
  • Kwengezwe umyalo 'wokuqhathanisa izinguqulo' ukuze kuhlaziywe i-systemd ukuze kuqhathaniswe iyunithi yezinhlamvu nezinombolo zenguqulo (ezifana ne-'rpmdev-vercmp' kanye ne-'dpkg -compare-versions').
  • Kwengezwe amandla okuhlunga amadrayivu ngemaski kumyalo we-'systemd-analyze dump'.
  • Uma ukhetha imodi yokulala yezigaba eziningi (lala bese ulala ubuthongo, ulale ubuthongo ngemva kokulala), isikhathi esichithwa kumodi yokulinda manje sesikhethiwe ngokusekelwe esibikezelweni sempilo yebhethri esisele.
  • Ushintsho olusheshayo lwemodi yokulala lwenziwa uma kunokushajwa kwebhethri okungaphansi kuka-5%.

Kuyafaneleka futhi ukukusho lokho ngo-2024, i-systemd ihlela ukuyeka ukusekela i-cgroup v1 resource capping mechanism, yehliswe kunguqulo 248 ye-systemd. Abalawuli bayelulekwa ukuthi banakekele izinsiza ezihambayo ezixhunywe ku-cgroup v1 ukuze baqoqe i-v2 kusengaphambili.

Umehluko oyinhloko phakathi kwamaqoqo v2 kanye ne-v1 ukusetshenziswa kwesigaba esivamile samaqembu kuzo zonke izinhlobo zensiza, esikhundleni sezigaba ezihlukene zokwabiwa kwensiza ye-CPU, ukuphathwa kwenkumbulo, kanye ne-I/O. Izigaba ezihlukene ziholela ebunzimeni ekuhleleni ukusebenzisana phakathi kwabashayeli kanye nezindleko ezengeziwe zensiza ye-kernel lapho kusetshenziswa imithetho yenqubo eqanjwe ngezigaba ezahlukene.

Engxenyeni yesibili ka-2023, kuhlelwe ukuthi kumiswe ukusekela uhla lwemibhalo ehlukanisiwe, lapho /usr ifakwe ngokuhlukana nempande, noma /bin kanye /usr/bin, /lib kanye /usr/lib izinkomba zihlukaniswa.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   luix kusho
    kwenza Unyaka we-1

    udoti omningi ovela ku-lennart..

    Phendula ku-luix
  2.   engaziwa kusho
    kwenza Unyaka we-1

    Umfana uyisisebenzi…futhi uyisisebenzi esihle…uvumelana ngokuphelele nomphathi wakhe.

    Phendula ongaziwa