source: general/sysutils/systemd.xml@ 544b6a3

10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 544b6a3 was 544b6a3, checked in by Xi Ruoyao <xry111@…>, 11 months ago

remove unnecessary --sysconfdir and --localstatedir in meson commands

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23900 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 15.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- <!ENTITY systemd-download-http "http://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8 <!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9 <!ENTITY systemd-download-ftp " ">
10 <!ENTITY systemd-md5sum "a3e9efa72d0309dd26513a221cdff31b">
11 <!ENTITY systemd-size "9.1 MB">
12 <!ENTITY systemd-buildsize "256 MB (with tests)">
13 <!ENTITY systemd-time "2.4 SBU (with tests)">
14
15]>
16
17<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18 <?dbhtml filename="systemd.html"?>
19
20 <sect1info>
21 <othername>$LastChangedBy$</othername>
22 <date>$Date$</date>
23 </sect1info>
24
25 <title>Systemd-&systemd-version;</title>
26 <!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
27
28 <indexterm zone="systemd">
29 <primary sortas="a-systemd">systemd</primary>
30 </indexterm>
31
32 <sect2 role="package">
33 <title>Introduction to systemd</title>
34
35 <para>
36 While <application>systemd</application> was installed when
37 building LFS, there are many features provided by the package that
38 were not included in the initial installation because
39 <application>Linux-PAM</application> was not yet installed.
40 The <application>systemd</application> package needs to be
41 rebuilt to provide a working <command>systemd-logind</command> service,
42 which provides many additional features for dependent packages.
43 </para>
44
45 &lfs10_checked;
46
47 <bridgehead renderas="sect3">Package Information</bridgehead>
48 <itemizedlist spacing="compact">
49 <listitem>
50 <para>
51 Download (HTTP): <ulink url="&systemd-download-http;"/>
52 </para>
53 </listitem>
54 <listitem>
55 <para>
56 Download (FTP): <ulink url="&systemd-download-ftp;"/>
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download MD5 sum: &systemd-md5sum;
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Download size: &systemd-size;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Estimated disk space required: &systemd-buildsize;
72 </para>
73 </listitem>
74 <listitem>
75 <para>
76 Estimated build time: &systemd-time;
77 </para>
78 </listitem>
79 </itemizedlist>
80
81<!-- Saving for the next time that we need a patch
82 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
83 <itemizedlist spacing="compact">
84 <listitem>
85 <para>
86 Required patch:
87 <ulink url="&patch-root;/systemd-&systemd-version;-gcc_10-fixes-2.patch"/>
88 </para>
89 </listitem>
90 </itemizedlist>
91-->
92
93 <bridgehead renderas="sect3">systemd Dependencies</bridgehead>
94
95 <bridgehead renderas="sect4">Required</bridgehead>
96 <para role="required">
97 <xref linkend="linux-pam"/>
98 </para>
99
100 <bridgehead renderas="sect4">Recommended Runtime Dependencies</bridgehead>
101 <para role="recommended">
102 <xref role="runtime" linkend="polkit"/>
103 </para>
104
105 <bridgehead renderas="sect4">Optional</bridgehead>
106 <para role="optional">
107 <xref linkend="btrfs-progs"/> <!-- homed may support it, see the C.E.-->
108 <xref linkend="curl"/>,
109 <xref linkend="cryptsetup"/>,
110 <xref linkend="git"/>,
111 <xref linkend="gnutls"/>,
112 <xref linkend="iptables"/>,
113 <xref linkend="libgcrypt"/>,
114 <xref linkend="libidn2"/>,
115 <xref linkend="libpwquality"/>,
116 <xref linkend="libseccomp"/>,
117 <xref linkend="libxkbcommon"/>,
118 <xref linkend="make-ca"/>,
119 <xref linkend="pcre2"/>,
120 <xref linkend="qemu"/>,
121 <xref linkend="valgrind"/>,
122 <xref linkend="zsh"/> (for the zsh completions),
123 <ulink url="http://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
124 <ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
125 <ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
126 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
127 <ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,
128 <ulink url="http://sourceforge.net/projects/linuxquota/">quota-tools</ulink> and
129 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>
130 </para>
131
132 <bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
133 <para role="optional">
134 <xref linkend="DocBook"/>,
135 <xref linkend="docbook-xsl"/>,
136 <xref linkend="libxslt"/>, and
137 <xref linkend="lxml"/> (to build the index of systemd manual pages)
138 </para>
139
140 <para condition="html" role="usernotes">User Notes:
141 <ulink url="&blfs-wiki;/systemd"/>
142 </para>
143 </sect2>
144
145 <sect2 role="installation">
146 <title>Installation of systemd</title>
147
148<!--
149 <para>
150 Apply a patch to fix a build failure when building with GCC-10 as well as
151 a segmentation fault in systemd-udevd on some platforms:
152 </para>
153
154<screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-gcc_10-fixes-2.patch</userinput></screen>
155-->
156
157 <para>
158 Remove an unneeded group,
159 <systemitem class="groupname">render</systemitem>, from the default udev
160 rules:
161 </para>
162
163<screen><userinput remap="pre">sed -i 's/GROUP="render", //' rules.d/50-udev-default.rules.in</userinput></screen>
164
165 <para>
166 Rebuild <application>systemd</application> by running the
167 following commands:
168 </para>
169
170<screen><userinput>mkdir build &amp;&amp;
171cd build &amp;&amp;
172
173meson --prefix=/usr \
174 -Dblkid=true \
175 -Dbuildtype=release \
176 -Ddefault-dnssec=no \
177 -Dfirstboot=false \
178 -Dinstall-tests=false \
179 -Dldconfig=false \
180 -Dman=auto \
181 -Drootprefix= \
182 -Drootlibdir=/lib \
183 -Dsplit-usr=true \
184 -Dsysusers=false \
185 -Drpmmacrosdir=no \
186 -Db_lto=false \
187 -Dhomed=false \
188 -Duserdb=false \
189 -Ddocdir=/usr/share/doc/systemd-&systemd-version; \
190 .. &amp;&amp;
191
192ninja</userinput></screen>
193<!-- Regarding homed and userdb, see the note below in Command Explanations-->
194
195 <note>
196 <para>
197 For the best test results, make sure you run the testsuite from
198 a system that is booted by the same
199 <application>systemd</application> version you are rebuilding.
200 </para>
201 </note>
202
203 <para>
204 To test the results, issue: <command>ninja test</command>. <!--One test,
205 <filename>udev-test</filename> (test 273) fails due to changes in
206 the Linux 5.3+ kernel. It does not affect the package's
207 functionality. NO LONGER APPLICABLE AS OF 244 -->
208 </para>
209
210<!--
211 <warning>
212 <para>
213 Installing the package will overwrite all files installed by
214 <application>systemd</application> in LFS. It is critical that
215 nothing uses either <application>systemd</application> or
216 <application>Udev</application> libraries during the installation.
217 The best way to ensure that these libraries are not being used is to
218 run the installation in rescue mode. To switch to rescue mode,
219 run the following command as the
220 <systemitem class="username">root</systemitem> user (from a TTY):
221 </para>
222
223<screen role="root"><userinput>systemctl isolate rescue.target</userinput></screen>
224 </warning>
225 Nobody has reported problems with this in years. Let's comment it. -->
226
227 <para>
228 Now, as the <systemitem class="username">root</systemitem> user:
229 </para>
230
231<screen role="root"><userinput>ninja install</userinput></screen>
232 <!-- No longer needed as of systemd-244.
233 <para>
234 Remove a configuration file that causes some problems with PID files:
235 </para>
236
237<screen role="root"><userinput>rm -fv /etc/sysctl.d/50-pid-max.conf</userinput></screen>
238 -->
239 </sect2>
240
241 <sect2 role="commands">
242 <title>Command Explanations</title>
243
244<!-- Not needed with the patch
245 <para>
246 <parameter>-Dc_args=-Wno-format-overflow</parameter>: Prevents an error
247 when building with <application>GCC 10</application>. The default is
248 <option>-Werror=format-overflow</option>,
249 which generates false positives. This switch may be used with previous
250 versions of GCC too.
251 </para>
252-->
253
254 <para>
255 <parameter>-Duserdb=false</parameter>: Removes a daemon that does not
256 offer any use under a BLFS configuration. If you wish to enable the
257 <application>userdbd</application> daemon, replace "false" with "true"
258 in the above meson command.
259 </para>
260
261 <para>
262 <parameter>-Dhomed=false</parameter>: Remove a daemon that does not offer
263 any use under a traditional BLFS configuration, especially using accounts
264 created with useradd. To enable systemd-homed, first ensure that you have
265 <xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/>, and then
266 change "false" to "true" in the above meson command.
267 </para>
268
269 <!-- EDITORS NOTE: Explanation on removing userdbd and homed:
270 In BLFS, we do not fully support disk encryption. We offer instructions for
271 building 'cryptsetup' as a dependency, but we do not offer instructions for
272 actually configuring it. In addition, we generally do not include
273 functionality that could potentially conflict with other packages, or that
274 is not of any use to us (in an enterprise configuration using Thin Clients
275 or laptops with LUKS encryption, it could make sense though, but that isn't
276 the configuration that we natively support).
277
278 A few of the complications of systemd-homed include:
279 - SSH Logins
280 - Disk Space Assignments
281 - UID Assignments (chown() on login)
282 (See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
283
284 In an article I read when systemd-homed was originally unveiled, I remember
285 reading about systemd-homed causing problems with OpenSSH Private Key Auth
286 because the user would have to login at the console in order to unlock
287 their home directory, thus allowing the private key to be unlocked and
288 processed by OpenSSH. Since BLFS does not fully support encrypted disks,
289 and because systemd-homed is incompatible with our usage of useradd /
290 traditional UNIX users and groups, I advise that we take the following
291 approach to avoid any confusion:
292
293 - Leave the added Short Descriptions for homectl and userdbctl
294 - Add the above command explanations and restore the previous behavior
295
296 Should we decide to enable homed by default anytime in the future,
297 let's move cryptsetup to recommended or required.
298
299 I would be open to discussing this after the next systemd version when
300 systemd-homed has matured a bit more. -renodr -->
301
302 </sect2>
303
304 <sect2 role="configuration">
305 <title>Configuring systemd</title>
306
307 <para>
308 The <filename>/etc/pam.d/system-session</filename> file needs to
309 be modified and a new file needs to be created in order for
310 <command>systemd-logind</command> to work correctly. Run the following
311 commands as the <systemitem class="username">root</systemitem> user:
312 </para>
313
314<screen role="root"><userinput>cat &gt;&gt; /etc/pam.d/system-session &lt;&lt; "EOF"
315<literal># Begin Systemd addition
316
317session required pam_loginuid.so
318session optional pam_systemd.so
319
320# End Systemd addition</literal>
321EOF
322
323cat &gt; /etc/pam.d/systemd-user &lt;&lt; "EOF"
324<literal># Begin /etc/pam.d/systemd-user
325
326account required pam_access.so
327account include system-account
328
329session required pam_env.so
330session required pam_limits.so
331session required pam_unix.so
332session required pam_loginuid.so
333session optional pam_keyinit.so force revoke
334session optional pam_systemd.so
335
336auth required pam_deny.so
337password required pam_deny.so
338
339# End /etc/pam.d/systemd-user</literal>
340EOF</userinput></screen>
341
342<!--
343 <para>
344 At this point, you should reload the systemd daemon, and reenter
345 multi-user mode with the following commands (as the
346 <systemitem class="username">root</systemitem> user). If a desktop
347 manager is installed and you wish to reenter the graphical mode,
348 replace <userinput>multi-user.target</userinput> with
349 <userinput>graphical.target</userinput>:
350 </para>
351
352<screen role="root"><userinput>systemctl daemon-reexec
353systemctl start multi-user.target</userinput></screen>-->
354
355 <warning>
356 <para>
357 If upgrading from a previous version of systemd and an
358 initrd is used for system boot, you should generate a new initrd before
359 rebooting the system.
360 </para>
361 </warning>
362
363 </sect2>
364
365 <sect2 role="content">
366 <title>Contents</title>
367
368 <para>
369 A list of the installed files, along with their short
370 descriptions can be found at
371 <ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
372 </para>
373
374 <para>
375 Listed below are the newly installed libraries and directories
376 along with short descriptions.
377 </para>
378
379 <segmentedlist>
380 <segtitle>Installed Programs</segtitle>
381 <segtitle>Installed Libraries</segtitle>
382 <segtitle>Installed Directories</segtitle>
383
384 <seglistitem>
385 <seg>
386 <!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
387 homectl (if <xref linkend="cryptsetup"/> is installed)
388 and userdbctl (optionally)
389 </seg>
390 <seg>
391 pam_systemd.so
392 (in <filename class="directory">/lib/security</filename>)
393 </seg>
394 <seg>
395 None
396 </seg>
397 </seglistitem>
398 </segmentedlist>
399
400 <variablelist>
401 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
402 <?dbfo list-presentation="list"?>
403 <?dbhtml list-presentation="table"?>
404
405 <varlistentry id="homectl">
406 <term><command>homectl</command></term>
407 <listitem>
408 <para>
409 is a tool to create, remove, change, or inspect a home directory
410 managed by <command>systemd-homed</command>; note that it's
411 useless for the classic UNIX users and home directories which
412 we are using in LFS/BLFS book
413 </para>
414 <indexterm zone="systemd homectl">
415 <primary sortas="b-homectl">homectl</primary>
416 </indexterm>
417 </listitem>
418 </varlistentry>
419
420 <varlistentry id="userdbctl">
421 <term><command>userdbctl</command></term>
422 <listitem>
423 <para>
424 inspects users, groups, and group memberships
425 </para>
426 <indexterm zone="systemd userdbctl">
427 <primary sortas="b-userdbctl">userdbctl</primary>
428 </indexterm>
429 </listitem>
430 </varlistentry>
431
432 <varlistentry id="pam_systemd">
433 <term><filename class="libraryfile">pam_systemd.so</filename></term>
434 <listitem>
435 <para>
436 is a PAM module used to register user sessions with the
437 <application>systemd</application> login manager,
438 <command>systemd-logind</command>.
439 </para>
440 <indexterm zone="systemd pam_systemd">
441 <primary sortas="c-pam_systemd">pam_systemd.so</primary>
442 </indexterm>
443 </listitem>
444 </varlistentry>
445
446 </variablelist>
447
448 </sect2>
449
450</sect1>
Note: See TracBrowser for help on using the repository browser.