#4687: systemd-246
--------------------+-----------------------
Reporter: renodr | Owner: renodr
Type: task | Status: assigned
Priority: normal | Milestone: 10.0
Component: Book | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Comment (by renodr):
{{{
systemd System and Service Manager
CHANGES WITH 246:
* The service manager gained basic support for cgroup v2 freezer.
Units
can now be suspended or resumed either using new systemctl
verbs,
freeze and thaw respectively, or via D-Bus.
* PID 1 may now automatically load pre-compiled AppArmor policies
from
/etc/apparmor/earlypolicy during early boot.
* The CPUAffinity= setting in service unit files now supports a
new
special value "numa" that causes the CPU affinity masked to be
set
based on the NUMA mask.
* systemd will now log about all left-over processes remaining in
a
unit when the unit is stopped. It will now warn about services
using
KillMode=none, as this is generally an unsafe thing to make use
of.
* Two new unit file settings
ConditionPathIsEncrypted=/AssertPathIsEncrypted= have been
added. They may be used to check whether a specific file system
path
resides on a block device that is encrypted on the block level
(i.e. using dm-crypt/LUKS).
* Another pair of new settings
ConditionEnvironment=/AssertEnvironment=
has been added that may be used for simple environment checks.
This
is particularly useful when passing in environment variables
from a
container manager (or from PAM in case of the systemd --user
instance).
* .service unit files now accept a new setting CoredumpFilter=
which
allows configuration of the memory sections coredumps of the
service's processes shall include.
* .mount units gained a new ReadWriteOnly= boolean option. If set
it will not be attempted to mount a file system read-only if
mounting
in read-write mode doesn't succeed. An option x-systemd.rw-only
is
available in /etc/fstab to control the same.
* .socket units gained a new boolean setting PassPacketInfo=. If
enabled, the kernel will attach additional per-packet metadata
to all
packets read from the socket, as an ancillary message. This
controls
the IP_PKTINFO, IPV6_RECVPKTINFO, NETLINK_PKTINFO socket
options,
depending on socket type.
* .service units gained a new setting RootHash= which may be used
to
specify the root hash for verity enabled disk images which are
specified in RootImage=. RootVerity= may be used to specify a
path to
the Verity data matching a RootImage= file system. (The latter
is
only useful for images that do not contain the Verity data
embedded
into the same image that carries a GPT partition table following
the
Discoverable Partition Specification). Similarly, systemd-nspawn
gained a new switch --verity-data= that takes a path to a file
with
the verity data of the disk image supplied in --image=, if the
image
doesn't contain the verity data itself.
* .service units gained a new setting RootHashSignature= which
takes
either a base64 encoded PKCS#7 signature of the root hash
specified
with RootHash=, or a path to a file to read the signature from.
This
allows validation of the root hash against public keys available
in
the kernel keyring, and is only supported on recent kernels
(>= 5.4)/libcryptsetup (>= 2.30). A similar switch has been
added to
systemd-nspawn and systemd-dissect (--root-hash-sig=). Support
for
this mechanism has also been added to systemd-veritysetup.
* .service unit files gained two new options
TimeoutStartFailureMode=/TimeoutStopFailureMode= that may be
used to
tune behaviour if a start or stop timeout is hit, i.e. whether
to
terminate the service with SIGTERM, SIGABRT or SIGKILL.
* Most options in systemd that accept hexadecimal values prefixed
with
0x in additional to the usual decimal notation now also support
octal
notation when the 0o prefix is used and binary notation if the
0b
prefix is used.
* Various command line parameters and configuration file settings
that
configure key or certificate files now optionally take paths to
AF_UNIX sockets in the file system. If configured that way a
stream
connection is made to the socket and the required data read from
it. This is a simple and natural extension to the existing
regular
file logic, and permits other software to provide keys or
certificates via simple IPC services, for example when
unencrypted
storage on disk is not desired. Specifically, systemd-networkd's
Wireguard and MACSEC key file settings as well as
systemd-journal-gatewayd's and systemd-journal-remote's PEM
key/certificate parameters support this now.
* Unit files, tmpfiles.d/ snippets, sysusers.d/ snippets and other
configuration files that support specifier expansion learnt six
new
specifiers: %a resolves to the current architecture, %o/%w/%B/%W
resolve to the various ID fields from /etc/os-release, %l
resolves to
the "short" hostname of the system, i.e. the hostname configured
in
the kernel truncated at the first dot.
* Support for the .include syntax in unit files has been removed.
The
concept has been obsolete for 6 years and we started warning
about
its pending removal 2 years ago (also see NEWS file below). It's
finally gone now.
* StandardError= and StandardOutput= in unit files no longer
support
the "syslog" and "syslog-console" switches. They were long
removed
from the documentation, but will now result in warnings when
used,
and be converted to "journal" and "journal+console"
automatically.
* If the service setting User= is set to the "nobody" user, a
warning
message is now written to the logs (but the value is nonetheless
accepted). Setting User=nobody is unsafe, since the primary
purpose
of the "nobody" user is to own all files whose owner cannot be
mapped
locally. It's in particular used by the NFS subsystem and in
user
namespacing. By running a service under this user's UID it might
get
read and even write access to all these otherwise unmappable
files,
which is quite likely a major security problem.
* tmpfs mounts automatically created by systemd (/tmp, /run,
/dev/shm,
and others) now have a size and inode limits applied (50% of RAM
for
/tmp and /dev/shm, 10% of RAM for other mounts, etc.)
* nss-mymachines lost support for resolution of users and groups,
and
now only does resolution of hostnames. This functionality is now
provided by nss-systemd. Thus, the 'mymachines' entry should be
removed from the 'passwd:' and 'group:' lines in
/etc/nsswitch.conf
(and 'systemd' added if it is not already there).
* A new kernel command line option systemd.hostname= has been
added
that allows controlling the hostname that is initialized early
during
boot.
* A kernel command line option "udev.blockdev_read_only" has been
added. If specified all hardware block devices that show up are
immediately marked as read-only by udev. This option is useful
for
making sure that a specific boot under no circumstances modifies
data
on disk. Use "blockdev --setrw" to undo the effect of this, per
device.
* A new boolean kernel command line option systemd.swap= has been
added, which may be used to turn off automatic activation of
swap
devices listed in /etc/fstab.
* New kernel command line options systemd.condition-needs-update=
and
systemd.condition-first-boot= have been added, which override
the
result of the ConditionNeedsUpdate= and ConditionFirstBoot=
conditions.
* A new kernel command line option systemd.clock-usec= has been
added
that allows setting the system clock to the specified time in µs
since Jan 1st, 1970 early during boot. This is in particular
useful
in order to make test cases more reliable.
* The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This
allows
systemd-coredump to save core files for suid processes. When
saving
the core file, systemd-coredump will use the effective uid and
gid of
the process that faulted.
* The /sys/module/kernel/parameters/crash_kexec_post_notifiers
file is
now automatically set to "Y" at boot, in order to enable pstore
generation for collection with systemd-pstore.
* A new 'hwdb' file has been added that collects information about
PCI
and USB devices that correctly support auto-suspend, on top of
the
databases for this we import from the ChromiumOS project. If you
have
a device that supports auto-suspend correctly and where it
should be
enabled by default, please submit a patch that adds it to the
database (see /usr/lib/udev/hwdb.d/60-autosuspend.hwdb).
* systemd-udevd gained the new configuration option
timeout_signal= as well
as a corresponding kernel command line option
udev.timeout_signal=.
The option can be used to configure the UNIX signal that the
main
daemon sends to the worker processes on timeout. Setting the
signal
to SIGABRT is useful for debugging.
* .link files managed by systemd-udevd gained options
RxFlowControl=,
TxFlowControl=, AutoNegotiationFlowControl= in the [Link]
section, in
order to configure various flow control parameters. They also
gained
RxMiniBufferSize= and RxJumboBufferSize= in order to configure
jumbo
frame ring buffer sizes.
* networkd.conf gained a new boolean setting ManageForeignRoutes=.
If
enabled systemd-networkd manages all routes configured by other
tools.
* .network files managed by systemd-networkd gained a new section
[SR-IOV], in order to configure SR-IOV capable network devices.
* systemd-networkd's [IPv6Prefix] section in .network files gained
a
new boolean setting Assign=. If enabled an address from the
prefix is
automatically assigned to the interface.
* systemd-networkd gained a new section [DHCPv6PrefixDelegation]
which
controls delegated prefixes assigned by DHCPv6 client. The
section
has three settings: SubnetID=, Assign=, and Token=. The setting
SubnetID= allows explicit configuration of the preferred subnet
that
systemd-networkd's Prefix Delegation logic assigns to
interfaces. If
Assign= is enabled (which is the default) an address from any
acquired
delegated prefix is automatically chosen and assigned to the
interface. The setting Token= specifies an optional address
generation
mode for Assign=.
* systemd-networkd's [Network] section gained a new setting
IPv4AcceptLocal=. If enabled the interface accepts packets with
local
source addresses.
* systemd-networkd gained support for configuring the HTB queuing
discipline in the [HierarchyTokenBucket] and
[HierarchyTokenBucketClass] sections. Similar the "pfifo" qdisc
may
be configured in the [PFIFO] section, "GRED" in
[GenericRandomEarlyDetection], "SFB" in [StochasticFairBlue],
"cake"
in [CAKE], "PIE" in [PIE], "DRR" in [DeficitRoundRobinScheduler]
and
[DeficitRoundRobinSchedulerClass], "BFIFO" in [BFIFO],
"PFIFOHeadDrop" in [PFIFOHeadDrop], "PFIFOFast" in [PFIFOFast],
"HHF"
in [HeavyHitterFilter], "ETS" in [EnhancedTransmissionSelection]
and
"QFQ" in [QuickFairQueueing] and [QuickFairQueueingClass].
* systemd-networkd gained support for a new Termination= setting
in the
[CAN] section for configuring the termination resistor. It also
gained a new ListenOnly= setting for controlling whether to only
listen on CAN interfaces, without interfering with traffic
otherwise
(which is useful for debugging/monitoring CAN network
traffic). DataBitRate=, DataSamplePoint=, FDMode=, FDNonISO=
have
been added to configure various CAN-FD aspects.
* systemd-networkd's [DHCPv6] section gained a new option
WithoutRA=.
When enabled, DHCPv6 will be attempted right-away without
requiring an
Router Advertisement packet suggesting it first (i.e. without
the 'M'
or 'O' flags set). The [IPv6AcceptRA] section gained a boolean
option
DHCPv6Client= that may be used to turn off the DHCPv6 client
even if
the RA packets suggest it.
* systemd-networkd's [DHCPv4] section gained a new setting
UseGateway=
which may be used to turn off use of the gateway information
provided
by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may
be
used to configure how to process leases that lack a lifetime
option.
* systemd-networkd's [DHCPv4] and [DHCPServer] sections gained a
new
setting SendVendorOption= allowing configuration of additional
vendor
options to send in the DHCP requests/responses. The [DHCPv6]
section
gained a new SendOption= setting for sending arbitrary DHCP
options. RequestOptions= has been added to request arbitrary
options
from the server. UserClass= has been added to set the DHCP user
class
field.
* systemd-networkd's [DHCPServer] section gained a new set of
options
EmitPOP3=/POP3=, EmitSMTP=/SMTP=, EmitLPR=/LPR= for including
server
information about these three protocols in the DHCP lease. It
also
gained support for including "MUD" URLs ("Manufacturer Usage
Description"). Support for "MUD" URLs was also added to the LLDP
stack, configurable in the [LLDP] section in .network files.
* The Mode= settings in [MACVLAN] and [MACVTAP] now support
'source'
mode. Also, the sections now support a new setting
SourceMACAddress=.
* systemd-networkd's .netdev files now support a new setting
VLANProtocol= in the [Bridge] section that allows configuration
of
the VLAN protocol to use.
* systemd-networkd supports a new Group= setting in the [Link]
section
of the .network files, to control the link group.
* systemd-networkd's [Network] section gained a new
IPv6LinkLocalAddressGenerationMode= setting, which specifies how
IPv6
link local address is generated.
* A new default .network file is now shipped that matches TUN/TAP
devices that begin with "vt-" in their name. Such interfaces
will
have IP routing onto the host links set up automatically. This
is
supposed to be used by VM managers to trivially acquire a
network
interface which is fully set up for host communication, simply
by
carefully picking an interface name to use.
* systemd-networkd's [DHCPv6] section gained a new setting
RouteMetric=
which sets the route priority for routes specified by the DHCP
server.
* systemd-networkd's [DHCPv6] section gained a new setting
VendorClass=
which configures the vendor class information sent to DHCP
server.
* The BlackList= settings in .network files' [DHCPv4] and
[IPv6AcceptRA] sections have been renamed DenyList=. The old
names
are still understood to provide compatibility.
* networkctl gained the new "forcerenew" command for forcing all
DHCP
server clients to renew their lease. The interface "status"
output
will now show numerous additional fields of information about an
interface. There are new "up" and "down" commands to bring
specific
interfaces up or down.
* systemd-resolved's DNS= configuration option now optionally
accepts a
port number (after ":") and a host name (after "#"). When the
host
name is specified, the DNS-over-TLS certificate is validated to
match
the specified hostname. Additionally, in case of IPv6 addresses,
an
interface may be specified (after "%").
* systemd-resolved may be configured to forward single-label DNS
names.
This is not standard-conformant, but may make sense in setups
where
public DNS servers are not used.
* systemd-resolved's DNS-over-TLS support gained SNI validation.
* systemd-nspawn's --resolv-conf= switch gained a number of new
supported values. Specifically, options starting with "replace-"
are
like those prefixed "copy-" but replace any existing resolv.conf
file. And options ending in "-uplink" and "-stub" can now be
used to
propagate other flavours of resolv.conf into the container (as
defined by systemd-resolved).
* The various programs included in systemd can now optionally
output
their log messages on stderr prefixed with a timestamp,
controlled by
the $SYSTEMD_LOG_TIME environment variable.
* systemctl gained a new "-P" switch that is a shortcut for "--
value
--property=…".
* "systemctl list-units" and "systemctl list-machines" no longer
hide
their first output column with --no-legend. To hide the first
column,
use --plain.
* "systemctl reboot" takes the option "--reboot-argument=".
The optional positional argument to "systemctl reboot" is now
being deprecated in favor of this option.
* systemd-run gained a new switch --slice-inherit. If specified
the
unit it generates is placed in the same slice as the systemd-run
process itself.
* systemd-journald gained support for zstd compression of large
fields
in journal files. The hash tables in journal files have been
hardened
against hash collisions. This is an incompatible change and
means
that journal files created with new systemd versions are not
readable
with old versions. If the $SYSTEMD_JOURNAL_KEYED_HASH boolean
environment variable for systemd-journald.service is set to 0
this
new hardening functionality may be turned off, so that generated
journal files remain compatible with older journalctl
implementations.
* journalctl will now include a clickable link in the default
output for
each log message for which an URL with further documentation is
known. This is only supported on terminal emulators that support
clickable hyperlinks, and is turned off if a pager is used
(since
"less" still doesn't support hyperlinks,
unfortunately). Documentation URLs may be included in log
messages
either by including a DOCUMENTATION= journal field in it, or by
associating a journal message catalog entry with the log
message's
MESSAGE_ID, which then carries a "Documentation:" tag.
* journald.conf gained a new boolean setting Audit= that may be
used to
control whether systemd-journald will enable audit during
initialization.
* when systemd-journald's log stream is broken up into multiple
lines
because the PID of the sender changed this is indicated in the
generated log records via the _LINE_BREAK=pid-change field.
* journalctl's "-o cat" output mode will now show one or more
journal
fields specified with --output-fields= instead of
unconditionally
MESSAGE=. This is useful to retrieve a very specific set of
fields
without any decoration.
* The sd-journal.h API gained two new functions:
sd_journal_enumerate_available_unique() and
sd_journal_enumerate_available_data() that operate like their
counterparts that lack the _available_ in the name, but skip
items
that cannot be read and processed by the local implementation
(i.e. are compressed in an unsupported format or such),
* coredumpctl gained a new --file= switch, matching the same one
in
journalctl: a specific journal file may be specified to read the
coredump data from.
* coredumps collected by systemd-coredump may now be compressed
using
the zstd algorithm.
* systemd-binfmt gained a new switch --unregister for
unregistering all
registered entries at once. This is now invoked automatically at
shutdown, so that binary formats registered with the "F" flag
will
not block clean file system unmounting.
* systemd-notify's --pid= switch gained new values: "parent",
"self",
"auto" for controlling which PID to send to the service manager:
the
systemd-notify process' PID, or the one of the process invoking
it.
* systemd-logind's Session bus object learnt a new method call
SetType() for temporarily updating the session type of an
already
allocated session. This is useful for upgrading tty sessions to
graphical ones once a compositor is invoked.
* systemd-socket-proxy gained a new switch --exit-idle-time= for
configuring an exit-on-idle time.
* systemd-repart's --empty= setting gained a new value "create".
If
specified a new empty regular disk image file is created under
the
specified name. Its size may be specified with the new --size=
option. The latter is also supported without the "create" mode,
in
order to grow existing disk image files to the specified size.
These
two new options are useful when creating or manipulating disk
images
instead of operating on actual block devices.
* systemd-repart drop-ins now support a new UUID= setting to
control
the UUID to assign to a newly created partition.
* systemd-repart's SizeMin= per-partition parameter now defaults
to 10M
instead of 0.
* systemd-repart's Label= setting now support the usual, simple
specifier expansion.
* systemd-homed's LUKS backend gained the ability to discard empty
file
system blocks automatically when the user logs out. This is
enabled
by default to ensure that home directories take minimal space
when
logged out but get full size guarantees when logged in. This may
be
controlled with the new --luks-offline-discard= switch to
homectl.
* If systemd-homed detects that /home/ is encrypted as a whole it
will
now default to the directory or subvolume backends instead of
the
LUKS backend, in order to avoid double encryption. The default
storage and file system may now be configured explicitly, too,
via
the new /etc/systemd/homed.conf configuration file.
* systemd-homed now supports unlocking home directories with FIDO2
security tokens that support the 'hmac-secret' extension, in
addition
to the existing support for PKCS#11 security token unlocking
support. Note that many recent hardware security tokens support
both
interfaces. The FIDO2 support is accessible via homectl's
--fido2-device= option.
* homectl's --pkcs11-uri= setting now accepts two special
parameters:
if "auto" is specified and only one suitable PKCS#11 security
token
is plugged in, its URL is automatically determined and enrolled
for
unlocking the home directory. If "list" is specified a brief
table of
suitable PKCS#11 security tokens is shown. Similar, the new
--fido2-device= option also supports these two special values,
for
automatically selecting and listing suitable FIDO2 devices.
* The /etc/crypttab tmp option now optionally takes an argument
selecting the file system to use. Moreover, the default is now
changed from ext2 to ext4.
* There's a new /etc/crypttab option "keyfile-erase". If specified
the
key file listed in the same line is removed after use,
regardless if
volume activation was successful or not. This is useful if the
key
file is only acquired transiently at runtime and shall be erased
before the system continues to boot.
* There's also a new /etc/crypttab option "try-empty-password". If
specified, before asking the user for a password it is attempted
to
unlock the volume with an empty password. This is useful for
installing encrypted images whose password shall be set on first
boot
instead of at installation time.
* systemd-cryptsetup will now attempt to load the keys to unlock
volumes with automatically from files in
/etc/cryptsetup-keys.d/<volume>.key and
/run/cryptsetup-keys.d/<volume>.key, if any of these files
exist.
* systemd-cryptsetup may now activate Microsoft BitLocker volumes
via
/etc/crypttab, during boot.
* logind.conf gained a new RuntimeDirectoryInodesMax= setting to
control the inode limit for the per-user $XDG_RUNTIME_DIR tmpfs
instance.
* A new generator systemd-xdg-autostart-generator has been added.
It
generates systemd unit files from XDG autostart .desktop files,
and
may be used to let the systemd user instance manage services
that are
started automatically as part of the desktop session.
* "bootctl" gained a new verb "reboot-to-firmware" that may be
used
to query and change the firmware's 'reboot into firmware' setup
flag.
* systemd-firstboot gained a new switch --kernel-command-line=
that may
be used to initialize the /etc/kernel/cmdline file of the image.
It
also gained a new switch --root-password-hashed= which is like
--root-password= but accepts a pre-hashed UNIX password as
argument. The new option --delete-root-password may be used to
unset
any password for the root user (dangerous!). The --root-shell=
switch
may be used to control the shell to use for the root account. A
new
--force option may be used to override any already set settings
with
the parameters specified on the command line (by default, the
tool
will not override what has already been set before, i.e. is
purely
incremental).
* systemd-firstboot gained support for a new --image= switch,
which is
similar to --root= but accepts the path to a disk image file, on
which it then operates.
* A new sd-path.h API has been added to libsystemd. It provides a
simple API for retrieving various search paths and primary
directories for various resources.
* A new call sd_notify_barrier() has been added to the sd-daemon.h
API. The call will block until all previously sent sd_notify()
messages have been processed by the service manager. This is
useful
to remove races caused by a process already having disappeared
at the
time a notification message is processed by the service manager,
making correct attribution impossible. The systemd-notify tool
will
now make use of this call implicitly, but this can be turned off
again
via the new --no-block switch.
* When sending a file descriptor (fd) to the service manager to
keep
track of, using the sd_notify() mechanism, a new parameter
FDPOLL=0
may be specified. If passed the service manager will refrain
from
poll()ing on the file descriptor. Traditionally (and when the
parameter is not specified), the service manager will poll it
for
POLLHUP or POLLERR events, and immediately close the fds in that
case.
* The service manager (PID1) gained a new D-Bus method call
SetShowStatus() which may be used to control whether it shall
show
boot-time status output on the console. This method has a
similar
effect to sending SIGRTMIN+20/SIGRTMIN+21 to PID 1.
* The sd-bus API gained a number of convenience functions that
take
va_list arguments rather than "...". For example, there's now
sd_bus_call_methodv() to match sd_bus_call_method(). Those calls
make
it easier to build wrappers that accept variadic arguments and
want
to pass a ready va_list structure to sd-bus.
* sd-bus vtable entries can have a new
SD_BUS_VTABLE_ABSOLUTE_OFFSET
flag which alters how the userdata pointer to pass to the
callbacks
is determined. When the flag is set, the offset field is
converted
as-is into a pointer, without adding it to the object pointer
the
vtable is associated with.
* sd-bus now exposes four new functions:
sd_bus_interface_name_is_valid() +
sd_bus_service_name_is_valid() +
sd_bus_member_name_is_valid() + sd_bus_object_path_is_valid()
will
validate strings to check if they qualify as various D-Bus
concepts.
* The sd-bus API gained the SD_BUS_METHOD_WITH_ARGS(),
SD_BUS_METHOD_WITH_ARGS_OFFSET() and SD_BUS_SIGNAL_WITH_ARGS()
macros
that simplify adding argument names to D-Bus methods and
signals.
* The man pages for the sd-bus and sd-hwdb APIs have been
completed.
* Various D-Bus APIs of systemd daemons now have man pages that
document the methods, signals and properties.
* The expectations on user/group name syntax are now documented in
detail; documentation on how classic home directories may be
converted into home directories managed by homed has been added;
documentation regarding integration of homed/userdb
functionality in
desktops has been added:
https://systemd.io/USER_NAMES
https://systemd.io/CONVERTING_TO_HOMED
https://systemd.io/USERDB_AND_DESKTOPS
* Documentation for the on-disk Journal file format has been
updated
and has now moved to:
https://systemd.io/JOURNAL_FILE_FORMAT
* The interface for containers
(https://systemd.io/CONTAINER_INTERFACE)
has been extended by a set of environment variables that expose
select fields from the host's os-release file to the container
payload. Similarly, host's os-release files can be mounted into
the
container underneath /run/host. Together, those mechanisms
provide a
standardized way to expose information about the host to the
container payload. Both interfaces are implemented in systemd-
nspawn.
* All D-Bus services shipped in systemd now implement the generic
LogControl1 D-Bus API which allows clients to change log level +
target of the service during runtime.
* Only relevant for developers: the mkosi.default symlink has been
dropped from version control. Please create a symlink to one of
the
distribution-specific defaults in .mkosi/ based on your
preference.
}}}
Nothing in here is too noteworthy to mention outside of the NEWS, from
what I can see.
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4687#comment:5>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
