Context Navigation

source: general/sysutils/systemd.xml@ 1db852a

Visit:

12.0 12.1 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since 1db852a was a17f6a03, checked in by Xi Ruoyao <xry111@…>, 13 months ago
systemd: Sync grammar fix from LFS
Property mode set to `100644`
File size: 15.7 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- <!ENTITY systemd-download-http "https://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8	<!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9	<!ENTITY systemd-download-ftp " ">
10	<!ENTITY systemd-md5sum "7cf12ee8a91a04306fc6cf290eed42e8">
11	<!ENTITY systemd-size "12 MB">
12	<!ENTITY systemd-buildsize "297 MB (with tests)">
13	<!ENTITY systemd-time "3.7 SBU (with tests using 4 cores)">
14
15	]>
16
17	<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18	<?dbhtml filename="systemd.html"?>
19
20
21	<title>Systemd-&systemd-version;</title>
22	<!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
23
24	<indexterm zone="systemd">
25	<primary sortas="a-systemd">systemd</primary>
26	</indexterm>
27
28	<sect2 role="package">
29	<title>Introduction to systemd</title>
30
31	<para>
32	While <application>systemd</application> was installed when
33	building LFS, there are many features provided by the package that
34	were not included in the initial installation because
35	<application>Linux-PAM</application> was not yet installed.
36	The <application>systemd</application> package needs to be
37	rebuilt to provide a working <command>systemd-logind</command> service,
38	which provides many additional features for dependent packages.
39	</para>
40
41	&lfs113_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&systemd-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&systemd-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &systemd-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &systemd-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &systemd-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &systemd-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<!-- Keep here in case a patch will be needed.-->
78	<!--
79	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
80	<itemizedlist spacing="compact">
81	<listitem>
82	<para>
83	Required patch:
84	<ulink url="&patch-root;/systemd-&systemd-version;-security_fix-1.patch"/>
85	</para>
86	</listitem>
87	</itemizedlist>
88	-->
89	<bridgehead renderas="sect3">systemd Dependencies</bridgehead>
90
91	<bridgehead renderas="sect4">Recommended</bridgehead>
92
93	<note>
94	<para>
95	<xref linkend='linux-pam'/> is not strictly required to build
96	<application>systemd</application>, but the main reason to rebuild
97	<application>systemd</application> in BLFS (it's already built in
98	LFS anyway) is for the <command>systemd-logind</command> daemon and
99	the
100	<filename class='libraryfile'>pam_systemd.so</filename> PAM module.
101	<xref linkend='linux-pam'/> is required for them. All packages in
102	BLFS book with a dependency on <application>systemd</application>
103	expects it has been rebuilt with <xref linkend='linux-pam'/>.
104	</para>
105	</note>
106
107	<para role="recommended">
108	<xref linkend="linux-pam"/> and
109	<xref role="runtime" linkend="polkit"/> (runtime)
110	</para>
111
112	<bridgehead renderas="sect4">Optional</bridgehead>
113	<para role="optional">
114	<xref linkend="btrfs-progs"/>, <!-- homed may support it, see the C.E.-->
115	<xref linkend="curl"/>,
116	<xref linkend="cryptsetup"/>,
117	<xref linkend="git"/>,
118	<xref linkend="gnutls"/>,
119	<xref linkend="iptables"/>,
120	<xref linkend="libgcrypt"/>,
121	<xref linkend="libidn2"/>,
122	<xref linkend="libpwquality"/>,
123	<xref linkend="libseccomp"/>,
124	<xref linkend="libxkbcommon"/>,
125	<xref linkend="make-ca"/>,
126	<xref linkend="p11-kit"/>,
127	<xref linkend="pcre2"/>,
128	<xref linkend="qemu"/>,
129	<xref linkend="qrencode"/>,
130	<xref linkend="rsync"/>,
131	<xref linkend="sphinx"/>,
132	<xref linkend="valgrind"/>,
133	<xref linkend="zsh"/> (for the zsh completions),
134	<ulink url="https://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
135	<ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
136	<ulink url="https://github.com/libbpf/libbpf">libbpf</ulink>,
137	<ulink url="https://sourceware.org/elfutils/">libdw</ulink>,
138	<ulink url="https://developers.yubico.com/libfido2/">libfido2</ulink>,
139	<ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
140	<ulink url="https://lz4.github.io/lz4/">lz4</ulink>,
141	<!--<ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,-->
142	<ulink url="https://sourceforge.net/projects/linuxquota/">quota-tools</ulink>, and
143	<ulink url="https://tpm2-tss.readthedocs.io/en/latest/">tpm2-tss</ulink>
144	</para>
145
146	<bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
147	<para role="optional">
148	<xref linkend="DocBook"/>,
149	<xref linkend="docbook-xsl"/>,
150	<xref linkend="libxslt"/>, and
151	<xref linkend="lxml"/> (to build the index of systemd manual pages)
152	</para>
153
154	<para condition="html" role="usernotes">User Notes:
155	<ulink url="&blfs-wiki;/systemd"/>
156	</para>
157	</sect2>
158
159	<sect2 role="installation">
160	<title>Installation of systemd</title>
161	<!--
162	<para>
163	First, fix a security issue in systemd-coredump:
164	</para>
165
166	<screen><userinput>patch -Np1 -i ../systemd-&systemd-version;-security_fix-1.patch</userinput></screen>
167	-->
168
169	<para>
170	Remove several inappropriate uses of the <literal>pure</literal>
171	attribute that cause runtime issues when the package is built
172	with gcc-13 or later:
173	</para>
174
175	<screen><userinput>sed '/bus_message_type_from_string/s/_pure_//' \
176	-i src/libsystemd/sd-bus/bus-internal.h &&
177	sed '/devt_hash_func/s/_pure_//' \
178	-i src/basic/hash-funcs.h &&
179	sed '/job_get_timeout/s/_pure_//' \
180	-i src/core/job.h</userinput></screen>
181
182	<para>
183	Remove two unneeded groups,
184	<systemitem class="groupname">render</systemitem> and
185	<systemitem class="groupname">sgx</systemitem>, from the default udev
186	rules:
187	</para>
188
189	<screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
190	-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
191
192	<para>
193	Rebuild <application>systemd</application> by running the
194	following commands:
195	</para>
196
197	<screen><userinput>mkdir build &&
198	cd build &&
199
200	meson setup .. \
201	--prefix=/usr \
202	--buildtype=release \
203	-Ddefault-dnssec=no \
204	-Dfirstboot=false \
205	-Dinstall-tests=false \
206	-Dldconfig=false \
207	-Dman=auto \
208	-Dsysusers=false \
209	-Drpmmacrosdir=no \
210	-Dhomed=false \
211	-Duserdb=false \
212	-Dmode=release \
213	-Dpam=true \
214	-Dpamconfdir=/etc/pam.d \
215	-Ddev-kvm-mode=0660 \
216	-Ddocdir=/usr/share/doc/systemd-&systemd-version; &&
217
218	ninja</userinput></screen>
219	<!-- Regarding homed and userdb, see the note below in Command Explanations-->
220
221	<note>
222	<para>
223	For the best test results, make sure you run the test suite from
224	a system that is booted by the same
225	<application>systemd</application> version you are rebuilding.
226	</para>
227	</note>
228
229	<para>
230	To test the results, issue:
231	<command>PATH+=:/usr/sbin ninja test</command>.
232	<!-- One test named test-repart needs sfdisk, which is in /usr/sbin. -->
233	The test named <filename>test-stat-util</filename> is known to fail
234	if the support for some namespaces is not enabled in the kernel
235	configuration. If the test suite is ran as the &root; user, some
236	other tests may fail because they depend on various kernel
237	configuration options.
238	</para>
239
240	<para>
241	Now, as the <systemitem class="username">root</systemitem> user:
242	</para>
243
244	<screen role="root"><userinput>ninja install</userinput></screen>
245
246	</sect2>
247
248	<sect2 role="commands">
249	<title>Command Explanations</title>
250
251	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
252	href="../../xincludes/meson-buildtype-release.xml"/>
253
254	<para>
255	<parameter>-Dpamconfdir=/etc/pam.d</parameter>: Forces the PAM files to
256	be installed in /etc/pam.d rather than /usr/lib/pam.d.
257	</para>
258
259	<para>
260	<parameter>-Duserdb=false</parameter>: Removes a daemon that does not
261	offer any use under a BLFS configuration. If you wish to enable the
262	<application>userdbd</application> daemon, replace "false" with "true"
263	in the above meson command.
264	</para>
265
266	<para>
267	<parameter>-Dhomed=false</parameter>: Removes a daemon that does not offer
268	any use under a traditional BLFS configuration, especially using accounts
269	created with useradd. To enable systemd-homed, first ensure that you have
270	<xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/> installed,
271	and then change "false" to "true" in the above meson command.
272	</para>
273
274	<!-- EDITORS NOTE: Explanation on removing userdbd and homed:
275	In BLFS, we do not fully support disk encryption. We offer instructions for
276	building 'cryptsetup' as a dependency, but we do not offer instructions for
277	actually configuring it. In addition, we generally do not include
278	functionality that could potentially conflict with other packages, or that
279	is not of any use to us (in an enterprise configuration using Thin Clients
280	or laptops with LUKS encryption, it could make sense though, but that isn't
281	the configuration that we natively support).
282
283	A few of the complications of systemd-homed include:
284	- SSH Logins
285	- Disk Space Assignments
286	- UID Assignments (chown() on login)
287	(See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
288
289	In an article I read when systemd-homed was originally unveiled, I remember
290	reading about systemd-homed causing problems with OpenSSH Private Key Auth
291	because the user would have to login at the console in order to unlock
292	their home directory, thus allowing the private key to be unlocked and
293	processed by OpenSSH. Since BLFS does not fully support encrypted disks,
294	and because systemd-homed is incompatible with our usage of useradd /
295	traditional UNIX users and groups, I advise that we take the following
296	approach to avoid any confusion:
297
298	- Leave the added Short Descriptions for homectl and userdbctl
299	- Add the above command explanations and restore the previous behavior
300
301	Should we decide to enable homed by default anytime in the future,
302	let's move cryptsetup to recommended or required.
303
304	I would be open to discussing this after the next systemd version when
305	systemd-homed has matured a bit more. -renodr -->
306
307	</sect2>
308
309	<sect2 role="configuration">
310	<title>Configuring systemd</title>
311
312	<para>
313	The <filename>/etc/pam.d/system-session</filename> file needs to
314	be modified and a new file needs to be created in order for
315	<command>systemd-logind</command> to work correctly. Run the following
316	commands as the <systemitem class="username">root</systemitem> user:
317	</para>
318
319	<screen role="root"><userinput>grep 'pam_systemd' /etc/pam.d/system-session \|\|
320	cat >> /etc/pam.d/system-session << "EOF"
321	<literal># Begin Systemd addition
322
323	session required pam_loginuid.so
324	session optional pam_systemd.so
325
326	# End Systemd addition</literal>
327	EOF
328
329	cat > /etc/pam.d/systemd-user << "EOF"
330	<literal># Begin /etc/pam.d/systemd-user
331
332	account required pam_access.so
333	account include system-account
334
335	session required pam_env.so
336	session required pam_limits.so
337	session required pam_unix.so
338	session required pam_loginuid.so
339	session optional pam_keyinit.so force revoke
340	session optional pam_systemd.so
341
342	auth required pam_deny.so
343	password required pam_deny.so
344
345	# End /etc/pam.d/systemd-user</literal>
346	EOF</userinput></screen>
347
348	<warning>
349	<para>
350	If upgrading from a previous version of systemd and an
351	initrd is used for system boot, you should generate a new initrd before
352	rebooting the system.
353	</para>
354	</warning>
355
356	</sect2>
357
358	<sect2 role="content">
359	<title>Contents</title>
360
361	<para>
362	A list of the installed files, along with their short
363	descriptions can be found at
364	<ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
365	</para>
366
367	<para>
368	Listed below are the newly installed programs
369	along with short descriptions.
370	</para>
371
372	<segmentedlist>
373	<segtitle>Installed Programs</segtitle>
374
375	<seglistitem>
376	<seg>
377	<!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
378	homectl (optional),
379	systemd-cryptenroll (if <xref linkend="cryptsetup"/> is installed),
380	and userdbctl (optional)
381	</seg>
382	</seglistitem>
383	</segmentedlist>
384
385	<variablelist>
386	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
387	<?dbfo list-presentation="list"?>
388	<?dbhtml list-presentation="table"?>
389
390	<varlistentry id="homectl">
391	<term><command>homectl</command></term>
392	<listitem>
393	<para>
394	is a tool to create, remove, change, or inspect a home directory
395	managed by <command>systemd-homed</command>; note that it's
396	useless for the classic UNIX users and home directories which
397	we are using in LFS/BLFS book
398	</para>
399	<indexterm zone="systemd homectl">
400	<primary sortas="b-homectl">homectl</primary>
401	</indexterm>
402	</listitem>
403	</varlistentry>
404
405	<varlistentry id="systemd-cryptenroll">
406	<term><command>systemd-cryptenroll</command></term>
407	<listitem>
408	<para>
409	Is used to enroll or remove a system from full disk encryption,
410	as well as set and query private keys and recovery keys
411	</para>
412	<indexterm zone="systemd systemd-cryptenroll">
413	<primary sortas="b-systemd-cryptenroll">systemd-cryptenroll</primary>
414	</indexterm>
415	</listitem>
416	</varlistentry>
417
418	<varlistentry id="userdbctl">
419	<term><command>userdbctl</command></term>
420	<listitem>
421	<para>
422	inspects users, groups, and group memberships
423	</para>
424	<indexterm zone="systemd userdbctl">
425	<primary sortas="b-userdbctl">userdbctl</primary>
426	</indexterm>
427	</listitem>
428	</varlistentry>
429
430	<varlistentry id="pam_systemd">
431	<term><filename class="libraryfile">pam_systemd.so</filename></term>
432	<listitem>
433	<para>
434	is a PAM module used to register user sessions with the
435	<application>systemd</application> login manager,
436	<command>systemd-logind</command>
437	</para>
438	<indexterm zone="systemd pam_systemd">
439	<primary sortas="c-pam_systemd">pam_systemd.so</primary>
440	</indexterm>
441	</listitem>
442	</varlistentry>
443
444	</variablelist>
445
446	</sect2>
447
448	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: