source: general/sysutils/systemd.xml@ 46ac366

trunk
Last change on this file since 46ac366 was 46ac366, checked in by Xi Ruoyao <xry111@…>, 2 months ago

update to systemd-251 (sync with LFS, #16566)

  • Property mode set to 100644
File size: 16.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- <!ENTITY systemd-download-http "http://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8 <!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9 <!ENTITY systemd-download-ftp " ">
10 <!ENTITY systemd-md5sum "8090fcccc3a2ec20995e89d56fed61b1">
11 <!ENTITY systemd-size "11 MB">
12 <!ENTITY systemd-buildsize "307 MB (with tests)">
13 <!ENTITY systemd-time "2.5 SBU (with tests)">
14
15]>
16
17<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18 <?dbhtml filename="systemd.html"?>
19
20 <sect1info>
21 <date>$Date$</date>
22 </sect1info>
23
24 <title>Systemd-&systemd-version;</title>
25 <!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
26
27 <indexterm zone="systemd">
28 <primary sortas="a-systemd">systemd</primary>
29 </indexterm>
30
31 <sect2 role="package">
32 <title>Introduction to systemd</title>
33
34 <para>
35 While <application>systemd</application> was installed when
36 building LFS, there are many features provided by the package that
37 were not included in the initial installation because
38 <application>Linux-PAM</application> was not yet installed.
39 The <application>systemd</application> package needs to be
40 rebuilt to provide a working <command>systemd-logind</command> service,
41 which provides many additional features for dependent packages.
42 </para>
43
44 &lfs111_checked;
45
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&systemd-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&systemd-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &systemd-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &systemd-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &systemd-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &systemd-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80<!-- Keep here in case a patch will be needed.
81 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
82 <itemizedlist spacing="compact">
83 <listitem>
84 <para>
85 Required patch:
86 <ulink url="&patch-root;/systemd-..."/>
87 </para>
88 </listitem>
89 </itemizedlist>
90-->
91
92 <bridgehead renderas="sect3">systemd Dependencies</bridgehead>
93
94 <bridgehead renderas="sect4">Required</bridgehead>
95 <para role="required">
96 <xref linkend="linux-pam"/>
97 </para>
98
99 <bridgehead renderas="sect4">Recommended Runtime Dependency</bridgehead>
100 <para role="recommended">
101 <xref role="runtime" linkend="polkit"/>
102 </para>
103
104 <bridgehead renderas="sect4">Optional</bridgehead>
105 <para role="optional">
106 <xref linkend="btrfs-progs"/>, <!-- homed may support it, see the C.E.-->
107 <xref linkend="curl"/>,
108 <xref linkend="cryptsetup"/>,
109 <xref linkend="git"/>,
110 <xref linkend="gnutls"/>,
111 <xref linkend="iptables"/>,
112 <xref linkend="libgcrypt"/>,
113 <xref linkend="libidn2"/>,
114 <xref linkend="libpwquality"/>,
115 <xref linkend="libseccomp"/>,
116 <xref linkend="libxkbcommon"/>,
117 <xref linkend="make-ca"/>,
118 <xref linkend="p11-kit"/>,
119 <xref linkend="pcre2"/>,
120 <xref linkend="qemu"/>,
121 <xref linkend="qrencode"/>,
122 <xref linkend="rsync"/>,
123 <xref linkend="valgrind"/>,
124 <xref linkend="zsh"/> (for the zsh completions),
125 <ulink url="https://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
126 <ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
127 <ulink url="https://github.com/libbpf/libbpf">libbpf</ulink>,
128 <ulink url="https://sourceware.org/elfutils/">libdw</ulink>,
129 <ulink url="https://developers.yubico.com/libfido2/">libfido2</ulink>,
130 <ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
131 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
132 <!--<ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,-->
133 <ulink url="https://sourceforge.net/projects/linuxquota/">quota-tools</ulink>,
134 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>, and
135 <ulink url="https://tpm2-tss.readthedocs.io/en/latest/">tpm2-tss</ulink>
136 </para>
137
138 <bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
139 <para role="optional">
140 <xref linkend="DocBook"/>,
141 <xref linkend="docbook-xsl"/>,
142 <xref linkend="libxslt"/>, and
143 <xref linkend="lxml"/> (to build the index of systemd manual pages)
144 </para>
145
146 <para condition="html" role="usernotes">User Notes:
147 <ulink url="&blfs-wiki;/systemd"/>
148 </para>
149 </sect2>
150
151 <sect2 role="installation">
152 <title>Installation of systemd</title>
153
154 <para>
155 Remove two unneeded groups,
156 <systemitem class="groupname">render</systemitem> and
157 <systemitem class="groupname">sgx</systemitem>, from the default udev
158 rules:
159 </para>
160
161<screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
162 -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
163
164 <para>
165 Rebuild <application>systemd</application> by running the
166 following commands:
167 </para>
168
169<screen><userinput>mkdir build &amp;&amp;
170cd build &amp;&amp;
171
172meson --prefix=/usr \
173 --buildtype=release \
174 -Ddefault-dnssec=no \
175 -Dfirstboot=false \
176 -Dinstall-tests=false \
177 -Dldconfig=false \
178 -Dman=auto \
179 -Dsysusers=false \
180 -Drpmmacrosdir=no \
181 -Dhomed=false \
182 -Duserdb=false \
183 -Dmode=release \
184 -Dpamconfdir=/etc/pam.d \
185 -Ddocdir=/usr/share/doc/systemd-&systemd-version; \
186 .. &amp;&amp;
187
188ninja</userinput></screen>
189<!-- Regarding homed and userdb, see the note below in Command Explanations-->
190
191 <note>
192 <para>
193 For the best test results, make sure you run the testsuite from
194 a system that is booted by the same
195 <application>systemd</application> version you are rebuilding.
196 </para>
197 </note>
198
199 <para>
200 To test the results, issue:
201 <command>PATH+=:/usr/sbin ninja test</command>.
202 <!-- One test named test-repart needs sfdisk, which is in /usr/sbin. -->
203 </para>
204
205<!--
206 <warning>
207 <para>
208 Installing the package will overwrite all files installed by
209 <application>systemd</application> in LFS. It is critical that
210 nothing uses either <application>systemd</application> or
211 <application>Udev</application> libraries during the installation.
212 The best way to ensure that these libraries are not being used is to
213 run the installation in rescue mode. To switch to rescue mode,
214 run the following command as the
215 <systemitem class="username">root</systemitem> user (from a TTY):
216 </para>
217
218<screen role="root"><userinput>systemctl isolate rescue.target</userinput></screen>
219 </warning>
220 Nobody has reported problems with this in years. Let's comment it. -->
221
222 <para>
223 Now, as the <systemitem class="username">root</systemitem> user:
224 </para>
225
226<screen role="root"><userinput>ninja install</userinput></screen>
227
228<!-- Included in the patch
229 <para>
230 Fix a problem in a systemd unit that can cause extra delays when
231 changing TTYs:
232 </para>
233
234<screen role="root"><userinput>sed -i 's/idle/simple/' /usr/lib/systemd/system/getty@.service</userinput></screen>
235-->
236 <!-- No longer needed as of systemd-244.
237 <para>
238 Remove a configuration file that causes some problems with PID files:
239 </para>
240
241<screen role="root"><userinput>rm -fv /etc/sysctl.d/50-pid-max.conf</userinput></screen>
242 -->
243 </sect2>
244
245 <sect2 role="commands">
246 <title>Command Explanations</title>
247
248<!-- Not needed with the patch
249 <para>
250 <parameter>-Dc_args=-Wno-format-overflow</parameter>: Prevents an error
251 when building with <application>GCC 10</application>. The default is
252 <option>-Werror=format-overflow</option>,
253 which generates false positives. This switch may be used with previous
254 versions of GCC too.
255 </para>
256-->
257
258 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
259 href="../../xincludes/meson-buildtype-release.xml"/>
260
261 <para>
262 <parameter>-Dpamconfdir=/etc/pam.d</parameter>: Forces the PAM files to
263 be installed in /etc/pam.d rather than /usr/lib/pam.d.
264 </para>
265
266 <para>
267 <parameter>-Duserdb=false</parameter>: Removes a daemon that does not
268 offer any use under a BLFS configuration. If you wish to enable the
269 <application>userdbd</application> daemon, replace "false" with "true"
270 in the above meson command.
271 </para>
272
273 <para>
274 <parameter>-Dhomed=false</parameter>: Removes a daemon that does not offer
275 any use under a traditional BLFS configuration, especially using accounts
276 created with useradd. To enable systemd-homed, first ensure that you have
277 <xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/> installed,
278 and then change "false" to "true" in the above meson command.
279 </para>
280
281 <!-- EDITORS NOTE: Explanation on removing userdbd and homed:
282 In BLFS, we do not fully support disk encryption. We offer instructions for
283 building 'cryptsetup' as a dependency, but we do not offer instructions for
284 actually configuring it. In addition, we generally do not include
285 functionality that could potentially conflict with other packages, or that
286 is not of any use to us (in an enterprise configuration using Thin Clients
287 or laptops with LUKS encryption, it could make sense though, but that isn't
288 the configuration that we natively support).
289
290 A few of the complications of systemd-homed include:
291 - SSH Logins
292 - Disk Space Assignments
293 - UID Assignments (chown() on login)
294 (See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
295
296 In an article I read when systemd-homed was originally unveiled, I remember
297 reading about systemd-homed causing problems with OpenSSH Private Key Auth
298 because the user would have to login at the console in order to unlock
299 their home directory, thus allowing the private key to be unlocked and
300 processed by OpenSSH. Since BLFS does not fully support encrypted disks,
301 and because systemd-homed is incompatible with our usage of useradd /
302 traditional UNIX users and groups, I advise that we take the following
303 approach to avoid any confusion:
304
305 - Leave the added Short Descriptions for homectl and userdbctl
306 - Add the above command explanations and restore the previous behavior
307
308 Should we decide to enable homed by default anytime in the future,
309 let's move cryptsetup to recommended or required.
310
311 I would be open to discussing this after the next systemd version when
312 systemd-homed has matured a bit more. -renodr -->
313
314 </sect2>
315
316 <sect2 role="configuration">
317 <title>Configuring systemd</title>
318
319 <para>
320 The <filename>/etc/pam.d/system-session</filename> file needs to
321 be modified and a new file needs to be created in order for
322 <command>systemd-logind</command> to work correctly. Run the following
323 commands as the <systemitem class="username">root</systemitem> user:
324 </para>
325
326<screen role="root"><userinput>grep 'pam_systemd' /etc/pam.d/system-session ||
327cat &gt;&gt; /etc/pam.d/system-session &lt;&lt; "EOF"
328<literal># Begin Systemd addition
329
330session required pam_loginuid.so
331session optional pam_systemd.so
332
333# End Systemd addition</literal>
334EOF
335
336cat &gt; /etc/pam.d/systemd-user &lt;&lt; "EOF"
337<literal># Begin /etc/pam.d/systemd-user
338
339account required pam_access.so
340account include system-account
341
342session required pam_env.so
343session required pam_limits.so
344session required pam_unix.so
345session required pam_loginuid.so
346session optional pam_keyinit.so force revoke
347session optional pam_systemd.so
348
349auth required pam_deny.so
350password required pam_deny.so
351
352# End /etc/pam.d/systemd-user</literal>
353EOF</userinput></screen>
354
355<!--
356 <para>
357 At this point, you should reload the systemd daemon, and reenter
358 multi-user mode with the following commands (as the
359 <systemitem class="username">root</systemitem> user). If a desktop
360 manager is installed and you wish to reenter the graphical mode,
361 replace <userinput>multi-user.target</userinput> with
362 <userinput>graphical.target</userinput>:
363 </para>
364
365<screen role="root"><userinput>systemctl daemon-reexec
366systemctl start multi-user.target</userinput></screen>-->
367
368 <warning>
369 <para>
370 If upgrading from a previous version of systemd and an
371 initrd is used for system boot, you should generate a new initrd before
372 rebooting the system.
373 </para>
374 </warning>
375
376 </sect2>
377
378 <sect2 role="content">
379 <title>Contents</title>
380
381 <para>
382 A list of the installed files, along with their short
383 descriptions can be found at
384 <ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
385 </para>
386
387 <para>
388 Listed below are the newly installed programs
389 along with short descriptions.
390 </para>
391
392 <segmentedlist>
393 <segtitle>Installed Programs</segtitle>
394
395 <seglistitem>
396 <seg>
397 <!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
398 homectl (if <xref linkend="cryptsetup"/> is installed),
399 systemd-cryptenroll (if <xref linkend="cryptsetup"/> is installed),
400 and userdbctl (optionally)
401 </seg>
402 </seglistitem>
403 </segmentedlist>
404
405 <variablelist>
406 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
407 <?dbfo list-presentation="list"?>
408 <?dbhtml list-presentation="table"?>
409
410 <varlistentry id="homectl">
411 <term><command>homectl</command></term>
412 <listitem>
413 <para>
414 is a tool to create, remove, change, or inspect a home directory
415 managed by <command>systemd-homed</command>; note that it's
416 useless for the classic UNIX users and home directories which
417 we are using in LFS/BLFS book
418 </para>
419 <indexterm zone="systemd homectl">
420 <primary sortas="b-homectl">homectl</primary>
421 </indexterm>
422 </listitem>
423 </varlistentry>
424
425 <varlistentry id="systemd-cryptenroll">
426 <term><command>systemd-cryptenroll</command></term>
427 <listitem>
428 <para>
429 Is used to enroll or remove a system from full disk encryption,
430 as well as set and query private keys and recovery keys
431 </para>
432 <indexterm zone="systemd systemd-cryptenroll">
433 <primary sortas="b-systemd-cryptenroll">systemd-cryptenroll</primary>
434 </indexterm>
435 </listitem>
436 </varlistentry>
437
438 <varlistentry id="userdbctl">
439 <term><command>userdbctl</command></term>
440 <listitem>
441 <para>
442 inspects users, groups, and group memberships
443 </para>
444 <indexterm zone="systemd userdbctl">
445 <primary sortas="b-userdbctl">userdbctl</primary>
446 </indexterm>
447 </listitem>
448 </varlistentry>
449
450 <varlistentry id="pam_systemd">
451 <term><filename class="libraryfile">pam_systemd.so</filename></term>
452 <listitem>
453 <para>
454 is a PAM module used to register user sessions with the
455 <application>systemd</application> login manager,
456 <command>systemd-logind</command>
457 </para>
458 <indexterm zone="systemd pam_systemd">
459 <primary sortas="c-pam_systemd">pam_systemd.so</primary>
460 </indexterm>
461 </listitem>
462 </varlistentry>
463
464 </variablelist>
465
466 </sect2>
467
468</sect1>
Note: See TracBrowser for help on using the repository browser.