%general-entities; ]> systemd While systemd was installed when building LFS, there are many features provided by the package that were not included in the initial installation because Linux-PAM was not yet installed. The systemd package needs to be rebuilt to provide a working systemd-logind service, which provides many additional features for dependent packages. &lfs121_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &systemd-md5sum; Download size: &systemd-size; Estimated disk space required: &systemd-buildsize; Estimated build time: &systemd-time; Additional Downloads Required patch: systemd Dependencies Recommended is not strictly required to build systemd, but the main reason to rebuild systemd in BLFS (it's already built in LFS anyway) is for the systemd-logind daemon and the pam_systemd.so PAM module. is required for them. All packages in BLFS book with a dependency on systemd expects it has been rebuilt with . and (runtime) Optional , , , , , , , , , , , , , , , , , , , (for the zsh completions), AppArmor, audit-userspace, bash-completion, jekyll, kexec-tools, libbpf, libdw, libfido2, libmicrohttpd, lz4, pefile, pyelftools, quota-tools, rpm, SELinux, systemtap, tpm2-tss and Xen Optional (to rebuild the manual pages) , , , and (to build the index of systemd manual pages) Editor Notes: Remove two unneeded groups, render and sgx, from the default udev rules: sed -i -e 's/GROUP="render"/GROUP="video"/' \ -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in Now fix a security vulnerability in the DNSSEC verification of systemd-resolved and a bug breaking running systemd-analyze verify on an instantiated systemd unit: patch -Np1 -i ../systemd-&systemd-version;-upstream_fixes-1.patch Rebuild systemd by running the following commands: mkdir build && cd build && meson setup .. \ --prefix=/usr \ --buildtype=release \ -Ddefault-dnssec=no \ -Dfirstboot=false \ -Dinstall-tests=false \ -Dldconfig=false \ -Dman=auto \ -Dsysusers=false \ -Drpmmacrosdir=no \ -Dhomed=disabled \ -Duserdb=false \ -Dmode=release \ -Dpam=enabled \ -Dpamconfdir=/etc/pam.d \ -Ddev-kvm-mode=0660 \ -Dnobody-group=nogroup \ -Dsysupdate=disabled \ -Dukify=disabled \ -Ddocdir=/usr/share/doc/systemd-&systemd-version; && ninja For the best test results, make sure you run the test suite from a system that is booted by the same systemd version you are rebuilding. To test the results, issue: ninja test. The test named test-stat-util and test-netlink are known to fail if some kernel features are not enabled. If the test suite is ran as the &root; user, some other tests may fail because they depend on various kernel configuration options. Now, as the root user: ninja install -Dpamconfdir=/etc/pam.d: Forces the PAM files to be installed in /etc/pam.d rather than /usr/lib/pam.d. -Duserdb=false: Removes a daemon that does not offer any use under a BLFS configuration. If you wish to enable the userdbd daemon, replace "false" with "true" in the above meson command. -Dhomed=disabled: Removes a daemon that does not offer any use under a traditional BLFS configuration, especially using accounts created with useradd. To enable systemd-homed, first ensure that you have and installed, and then change disabled to enabled in the above meson setup command. -Dukify=disabled: Removes a script for combining a kernel, an initramfs, and a kernel command line etc. into an UEFI application which can be loaded by the UEFI firmware to start the embedded Linux kernel. It's not needed for booting a BLFS system with UEFI if following . And, it requires the pefile Python module at runtime, so if it's enabled but pefile is not installed, in the test suite one test for it will fail. To enable systemd-ukify, install the pefile module and then change disabled to enabled in the above meson setup command. The /etc/pam.d/system-session file needs to be modified and a new file needs to be created in order for systemd-logind to work correctly. Run the following commands as the root user: grep 'pam_systemd' /etc/pam.d/system-session || cat >> /etc/pam.d/system-session << "EOF" # Begin Systemd addition session required pam_loginuid.so session optional pam_systemd.so # End Systemd addition EOF cat > /etc/pam.d/systemd-user << "EOF" # Begin /etc/pam.d/systemd-user account required pam_access.so account include system-account session required pam_env.so session required pam_limits.so session required pam_loginuid.so session optional pam_keyinit.so force revoke session optional pam_systemd.so auth required pam_deny.so password required pam_deny.so # End /etc/pam.d/systemd-user EOF As the &root; user, replace the running systemd manager (the init process) with the systemd executable newly built and installed: systemctl daemon-reexec Now ensure has been already rebuilt with support first, then logout, and login again. This ensures the running login session registered with systemd-logind and a per-user systemd instance running for each user owning a login session. Many BLFS packages listing Systemd as a dependency needs the systemd-logind integration and/or a running per-user systemd instance. If upgrading from a previous version of systemd and an initrd is used for system boot, you should generate a new initrd before rebooting the system. A list of the installed files, along with their short descriptions can be found at . Listed below are the newly installed programs along with short descriptions. Installed Programs homectl (optional), systemd-cryptenroll (if is installed), and userdbctl (optional) Short Descriptions homectl is a tool to create, remove, change, or inspect a home directory managed by systemd-homed; note that it's useless for the classic UNIX users and home directories which we are using in LFS/BLFS book homectl systemd-cryptenroll Is used to enroll or remove a system from full disk encryption, as well as set and query private keys and recovery keys systemd-cryptenroll userdbctl inspects users, groups, and group memberships userdbctl pam_systemd.so is a PAM module used to register user sessions with the systemd login manager, systemd-logind pam_systemd.so