Context Navigation

systemd.xml@ 1b46bd8c

Visit:

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/soup3 xry111/xf86-video-removal

Last change on this file since 1b46bd8c was 1b46bd8c, checked in by Xi Ruoyao <xry111@…>, 19 months ago

systemd: use -Dpam=true

The main point to rebuild systemd in BLFS is for logind. Add -Dpam=true
so meson will fail if PAM is not installed correctly, instead of
silently producing a systemd build w/o logind again.

Property mode set to 100644

File size: 14.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- <!ENTITY systemd-download-http "https://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8	<!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9	<!ENTITY systemd-download-ftp " ">
10	<!ENTITY systemd-md5sum "8090fcccc3a2ec20995e89d56fed61b1">
11	<!ENTITY systemd-size "11 MB">
12	<!ENTITY systemd-buildsize "307 MB (with tests)">
13	<!ENTITY systemd-time "2.5 SBU (with tests)">
14
15	]>
16
17	<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18	<?dbhtml filename="systemd.html"?>
19
20	<sect1info>
21	<date>$Date$</date>
22	</sect1info>
23
24	<title>Systemd-&systemd-version;</title>
25	<!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
26
27	<indexterm zone="systemd">
28	<primary sortas="a-systemd">systemd</primary>
29	</indexterm>
30
31	<sect2 role="package">
32	<title>Introduction to systemd</title>
33
34	<para>
35	While <application>systemd</application> was installed when
36	building LFS, there are many features provided by the package that
37	were not included in the initial installation because
38	<application>Linux-PAM</application> was not yet installed.
39	The <application>systemd</application> package needs to be
40	rebuilt to provide a working <command>systemd-logind</command> service,
41	which provides many additional features for dependent packages.
42	</para>
43
44	&lfs112_checked;
45
46	<bridgehead renderas="sect3">Package Information</bridgehead>
47	<itemizedlist spacing="compact">
48	<listitem>
49	<para>
50	Download (HTTP): <ulink url="&systemd-download-http;"/>
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download (FTP): <ulink url="&systemd-download-ftp;"/>
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Download MD5 sum: &systemd-md5sum;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Download size: &systemd-size;
66	</para>
67	</listitem>
68	<listitem>
69	<para>
70	Estimated disk space required: &systemd-buildsize;
71	</para>
72	</listitem>
73	<listitem>
74	<para>
75	Estimated build time: &systemd-time;
76	</para>
77	</listitem>
78	</itemizedlist>
79
80	<!-- Keep here in case a patch will be needed.-->
81	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
82	<itemizedlist spacing="compact">
83	<listitem>
84	<para>
85	Required patch:
86	<ulink url="&patch-root;/systemd-&systemd-version;-glibc_2.36_fix-1.patch"/>
87	</para>
88	</listitem>
89	</itemizedlist>
90
91	<bridgehead renderas="sect3">systemd Dependencies</bridgehead>
92
93	<bridgehead renderas="sect4">Required</bridgehead>
94	<para role="required">
95	<xref linkend="linux-pam"/>
96	</para>
97
98	<bridgehead renderas="sect4">Recommended Runtime Dependency</bridgehead>
99	<para role="recommended">
100	<xref role="runtime" linkend="polkit"/>
101	</para>
102
103	<bridgehead renderas="sect4">Optional</bridgehead>
104	<para role="optional">
105	<xref linkend="btrfs-progs"/>, <!-- homed may support it, see the C.E.-->
106	<xref linkend="curl"/>,
107	<xref linkend="cryptsetup"/>,
108	<xref linkend="git"/>,
109	<xref linkend="gnutls"/>,
110	<xref linkend="iptables"/>,
111	<xref linkend="libgcrypt"/>,
112	<xref linkend="libidn2"/>,
113	<xref linkend="libpwquality"/>,
114	<xref linkend="libseccomp"/>,
115	<xref linkend="libxkbcommon"/>,
116	<xref linkend="make-ca"/>,
117	<xref linkend="p11-kit"/>,
118	<xref linkend="pcre2"/>,
119	<xref linkend="qemu"/>,
120	<xref linkend="qrencode"/>,
121	<xref linkend="rsync"/>,
122	<xref linkend="valgrind"/>,
123	<xref linkend="zsh"/> (for the zsh completions),
124	<ulink url="https://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
125	<ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
126	<ulink url="https://github.com/libbpf/libbpf">libbpf</ulink>,
127	<ulink url="https://sourceware.org/elfutils/">libdw</ulink>,
128	<ulink url="https://developers.yubico.com/libfido2/">libfido2</ulink>,
129	<ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
130	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
131	<!--<ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,-->
132	<ulink url="https://sourceforge.net/projects/linuxquota/">quota-tools</ulink>,
133	<ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>, and
134	<ulink url="https://tpm2-tss.readthedocs.io/en/latest/">tpm2-tss</ulink>
135	</para>
136
137	<bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
138	<para role="optional">
139	<xref linkend="DocBook"/>,
140	<xref linkend="docbook-xsl"/>,
141	<xref linkend="libxslt"/>, and
142	<xref linkend="lxml"/> (to build the index of systemd manual pages)
143	</para>
144
145	<para condition="html" role="usernotes">User Notes:
146	<ulink url="&blfs-wiki;/systemd"/>
147	</para>
148	</sect2>
149
150	<sect2 role="installation">
151	<title>Installation of systemd</title>
152
153	<para>
154	First, fix building <application>systemd</application> with glibc-2.36:
155	</para>
156
157	<screen><userinput>patch -Np1 -i ../systemd-&systemd-version;-glibc_2.36_fix-1.patch</userinput></screen>
158
159	<para>
160	Remove two unneeded groups,
161	<systemitem class="groupname">render</systemitem> and
162	<systemitem class="groupname">sgx</systemitem>, from the default udev
163	rules:
164	</para>
165
166	<screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
167	-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
168
169	<para>
170	Rebuild <application>systemd</application> by running the
171	following commands:
172	</para>
173
174	<screen><userinput>mkdir build &&
175	cd build &&
176
177	meson --prefix=/usr \
178	--buildtype=release \
179	-Ddefault-dnssec=no \
180	-Dfirstboot=false \
181	-Dinstall-tests=false \
182	-Dldconfig=false \
183	-Dman=auto \
184	-Dsysusers=false \
185	-Drpmmacrosdir=no \
186	-Dhomed=false \
187	-Duserdb=false \
188	-Dmode=release \
189	-Dpam=true \
190	-Dpamconfdir=/etc/pam.d \
191	-Ddocdir=/usr/share/doc/systemd-&systemd-version; \
192	.. &&
193
194	ninja</userinput></screen>
195	<!-- Regarding homed and userdb, see the note below in Command Explanations-->
196
197	<note>
198	<para>
199	For the best test results, make sure you run the testsuite from
200	a system that is booted by the same
201	<application>systemd</application> version you are rebuilding.
202	</para>
203	</note>
204
205	<para>
206	To test the results, issue:
207	<command>PATH+=:/usr/sbin ninja test</command>.
208	<!-- One test named test-repart needs sfdisk, which is in /usr/sbin. -->
209	</para>
210
211	<para>
212	Now, as the <systemitem class="username">root</systemitem> user:
213	</para>
214
215	<screen role="root"><userinput>ninja install</userinput></screen>
216
217	</sect2>
218
219	<sect2 role="commands">
220	<title>Command Explanations</title>
221
222	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
223	href="../../xincludes/meson-buildtype-release.xml"/>
224
225	<para>
226	<parameter>-Dpamconfdir=/etc/pam.d</parameter>: Forces the PAM files to
227	be installed in /etc/pam.d rather than /usr/lib/pam.d.
228	</para>
229
230	<para>
231	<parameter>-Duserdb=false</parameter>: Removes a daemon that does not
232	offer any use under a BLFS configuration. If you wish to enable the
233	<application>userdbd</application> daemon, replace "false" with "true"
234	in the above meson command.
235	</para>
236
237	<para>
238	<parameter>-Dhomed=false</parameter>: Removes a daemon that does not offer
239	any use under a traditional BLFS configuration, especially using accounts
240	created with useradd. To enable systemd-homed, first ensure that you have
241	<xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/> installed,
242	and then change "false" to "true" in the above meson command.
243	</para>
244
245	<!-- EDITORS NOTE: Explanation on removing userdbd and homed:
246	In BLFS, we do not fully support disk encryption. We offer instructions for
247	building 'cryptsetup' as a dependency, but we do not offer instructions for
248	actually configuring it. In addition, we generally do not include
249	functionality that could potentially conflict with other packages, or that
250	is not of any use to us (in an enterprise configuration using Thin Clients
251	or laptops with LUKS encryption, it could make sense though, but that isn't
252	the configuration that we natively support).
253
254	A few of the complications of systemd-homed include:
255	- SSH Logins
256	- Disk Space Assignments
257	- UID Assignments (chown() on login)
258	(See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
259
260	In an article I read when systemd-homed was originally unveiled, I remember
261	reading about systemd-homed causing problems with OpenSSH Private Key Auth
262	because the user would have to login at the console in order to unlock
263	their home directory, thus allowing the private key to be unlocked and
264	processed by OpenSSH. Since BLFS does not fully support encrypted disks,
265	and because systemd-homed is incompatible with our usage of useradd /
266	traditional UNIX users and groups, I advise that we take the following
267	approach to avoid any confusion:
268
269	- Leave the added Short Descriptions for homectl and userdbctl
270	- Add the above command explanations and restore the previous behavior
271
272	Should we decide to enable homed by default anytime in the future,
273	let's move cryptsetup to recommended or required.
274
275	I would be open to discussing this after the next systemd version when
276	systemd-homed has matured a bit more. -renodr -->
277
278	</sect2>
279
280	<sect2 role="configuration">
281	<title>Configuring systemd</title>
282
283	<para>
284	The <filename>/etc/pam.d/system-session</filename> file needs to
285	be modified and a new file needs to be created in order for
286	<command>systemd-logind</command> to work correctly. Run the following
287	commands as the <systemitem class="username">root</systemitem> user:
288	</para>
289
290	<screen role="root"><userinput>grep 'pam_systemd' /etc/pam.d/system-session \|\|
291	cat >> /etc/pam.d/system-session << "EOF"
292	<literal># Begin Systemd addition
293
294	session required pam_loginuid.so
295	session optional pam_systemd.so
296
297	# End Systemd addition</literal>
298	EOF
299
300	cat > /etc/pam.d/systemd-user << "EOF"
301	<literal># Begin /etc/pam.d/systemd-user
302
303	account required pam_access.so
304	account include system-account
305
306	session required pam_env.so
307	session required pam_limits.so
308	session required pam_unix.so
309	session required pam_loginuid.so
310	session optional pam_keyinit.so force revoke
311	session optional pam_systemd.so
312
313	auth required pam_deny.so
314	password required pam_deny.so
315
316	# End /etc/pam.d/systemd-user</literal>
317	EOF</userinput></screen>
318
319	<warning>
320	<para>
321	If upgrading from a previous version of systemd and an
322	initrd is used for system boot, you should generate a new initrd before
323	rebooting the system.
324	</para>
325	</warning>
326
327	</sect2>
328
329	<sect2 role="content">
330	<title>Contents</title>
331
332	<para>
333	A list of the installed files, along with their short
334	descriptions can be found at
335	<ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
336	</para>
337
338	<para>
339	Listed below are the newly installed programs
340	along with short descriptions.
341	</para>
342
343	<segmentedlist>
344	<segtitle>Installed Programs</segtitle>
345
346	<seglistitem>
347	<seg>
348	<!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
349	homectl (if <xref linkend="cryptsetup"/> is installed),
350	systemd-cryptenroll (if <xref linkend="cryptsetup"/> is installed),
351	and userdbctl (optionally)
352	</seg>
353	</seglistitem>
354	</segmentedlist>
355
356	<variablelist>
357	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
358	<?dbfo list-presentation="list"?>
359	<?dbhtml list-presentation="table"?>
360
361	<varlistentry id="homectl">
362	<term><command>homectl</command></term>
363	<listitem>
364	<para>
365	is a tool to create, remove, change, or inspect a home directory
366	managed by <command>systemd-homed</command>; note that it's
367	useless for the classic UNIX users and home directories which
368	we are using in LFS/BLFS book
369	</para>
370	<indexterm zone="systemd homectl">
371	<primary sortas="b-homectl">homectl</primary>
372	</indexterm>
373	</listitem>
374	</varlistentry>
375
376	<varlistentry id="systemd-cryptenroll">
377	<term><command>systemd-cryptenroll</command></term>
378	<listitem>
379	<para>
380	Is used to enroll or remove a system from full disk encryption,
381	as well as set and query private keys and recovery keys
382	</para>
383	<indexterm zone="systemd systemd-cryptenroll">
384	<primary sortas="b-systemd-cryptenroll">systemd-cryptenroll</primary>
385	</indexterm>
386	</listitem>
387	</varlistentry>
388
389	<varlistentry id="userdbctl">
390	<term><command>userdbctl</command></term>
391	<listitem>
392	<para>
393	inspects users, groups, and group memberships
394	</para>
395	<indexterm zone="systemd userdbctl">
396	<primary sortas="b-userdbctl">userdbctl</primary>
397	</indexterm>
398	</listitem>
399	</varlistentry>
400
401	<varlistentry id="pam_systemd">
402	<term><filename class="libraryfile">pam_systemd.so</filename></term>
403	<listitem>
404	<para>
405	is a PAM module used to register user sessions with the
406	<application>systemd</application> login manager,
407	<command>systemd-logind</command>
408	</para>
409	<indexterm zone="systemd pam_systemd">
410	<primary sortas="c-pam_systemd">pam_systemd.so</primary>
411	</indexterm>
412	</listitem>
413	</varlistentry>
414
415	</variablelist>
416
417	</sect2>
418
419	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: general/sysutils/systemd.xml@ 1b46bd8c

Download in other formats: