Context Navigation

source: general/sysutils/systemd.xml@ 6406b296

Visit:

11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/soup3 xry111/xf86-video-removal

Last change on this file since 6406b296 was 6406b296, checked in by Pierre Labastie <pierre.labastie@…>, 2 years ago
systemd: add patch for kernel 5.17 headers
Property mode set to `100644`
File size: 17.2 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- <!ENTITY systemd-download-http "http://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8	<!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9	<!ENTITY systemd-download-ftp " ">
10	<!ENTITY systemd-md5sum "8929beb037c587ada4ed201f19756fe2">
11	<!ENTITY systemd-size "11 MB">
12	<!ENTITY systemd-buildsize "307 MB (with tests)">
13	<!ENTITY systemd-time "2.5 SBU (with tests)">
14
15	]>
16
17	<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18	<?dbhtml filename="systemd.html"?>
19
20	<sect1info>
21	<date>$Date$</date>
22	</sect1info>
23
24	<title>Systemd-&systemd-version;</title>
25	<!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
26
27	<indexterm zone="systemd">
28	<primary sortas="a-systemd">systemd</primary>
29	</indexterm>
30
31	<sect2 role="package">
32	<title>Introduction to systemd</title>
33
34	<para>
35	While <application>systemd</application> was installed when
36	building LFS, there are many features provided by the package that
37	were not included in the initial installation because
38	<application>Linux-PAM</application> was not yet installed.
39	The <application>systemd</application> package needs to be
40	rebuilt to provide a working <command>systemd-logind</command> service,
41	which provides many additional features for dependent packages.
42	</para>
43
44	&lfs111_checked;
45
46	<bridgehead renderas="sect3">Package Information</bridgehead>
47	<itemizedlist spacing="compact">
48	<listitem>
49	<para>
50	Download (HTTP): <ulink url="&systemd-download-http;"/>
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download (FTP): <ulink url="&systemd-download-ftp;"/>
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Download MD5 sum: &systemd-md5sum;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Download size: &systemd-size;
66	</para>
67	</listitem>
68	<listitem>
69	<para>
70	Estimated disk space required: &systemd-buildsize;
71	</para>
72	</listitem>
73	<listitem>
74	<para>
75	Estimated build time: &systemd-time;
76	</para>
77	</listitem>
78	</itemizedlist>
79
80
81	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
82	<itemizedlist spacing="compact">
83	<listitem>
84	<para>
85	Required patch:
86	<ulink url="&patch-root;/systemd-&systemd-version;-upstream_fixes-1.patch"/>
87	</para>
88	</listitem>
89	<listitem>
90	<para>
91	Required patch:
92	<ulink url="&patch-root;/systemd-&systemd-version;-kernel_5.17_fixes-1.patch"/>
93	</para>
94	</listitem>
95	</itemizedlist>
96
97
98	<bridgehead renderas="sect3">systemd Dependencies</bridgehead>
99
100	<bridgehead renderas="sect4">Required</bridgehead>
101	<para role="required">
102	<xref linkend="Jinja2"/> and
103	<xref linkend="linux-pam"/>
104	</para>
105
106	<bridgehead renderas="sect4">Recommended Runtime Dependencies</bridgehead>
107	<para role="recommended">
108	<xref role="runtime" linkend="polkit"/>
109	</para>
110
111	<bridgehead renderas="sect4">Optional</bridgehead>
112	<para role="optional">
113	<xref linkend="btrfs-progs"/>, <!-- homed may support it, see the C.E.-->
114	<xref linkend="curl"/>,
115	<xref linkend="cryptsetup"/>,
116	<xref linkend="git"/>,
117	<xref linkend="gnutls"/>,
118	<xref linkend="iptables"/>,
119	<xref linkend="libgcrypt"/>,
120	<xref linkend="libidn2"/>,
121	<xref linkend="libpwquality"/>,
122	<xref linkend="libseccomp"/>,
123	<xref linkend="libxkbcommon"/>,
124	<xref linkend="make-ca"/>,
125	<xref linkend="p11-kit"/>,
126	<xref linkend="pcre2"/>,
127	<xref linkend="qemu"/>,
128	<xref linkend="qrencode"/>,
129	<xref linkend="rsync"/>,
130	<xref linkend="valgrind"/>,
131	<xref linkend="zsh"/> (for the zsh completions),
132	<ulink url="https://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
133	<ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
134	<ulink url="https://github.com/libbpf/libbpf">libbpf</ulink>,
135	<ulink url="https://sourceware.org/elfutils/">libdw</ulink>,
136	<ulink url="https://developers.yubico.com/libfido2/">libfido2</ulink>,
137	<ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
138	<ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
139	<!--<ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,-->
140	<ulink url="https://sourceforge.net/projects/linuxquota/">quota-tools</ulink>,
141	<ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>, and
142	<ulink url="https://tpm2-tss.readthedocs.io/en/latest/">tpm2-tss</ulink>
143	</para>
144
145	<bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
146	<para role="optional">
147	<xref linkend="DocBook"/>,
148	<xref linkend="docbook-xsl"/>,
149	<xref linkend="libxslt"/>, and
150	<xref linkend="lxml"/> (to build the index of systemd manual pages)
151	</para>
152
153	<para condition="html" role="usernotes">User Notes:
154	<ulink url="&blfs-wiki;/systemd"/>
155	</para>
156	</sect2>
157
158	<sect2 role="installation">
159	<title>Installation of systemd</title>
160
161	<para>
162	First, apply a patch to fix a security vulnerability and fix issues with the
163	default hostname on some systems:
164	</para>
165
166	<screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-upstream_fixes-1.patch</userinput></screen>
167
168	<para>
169	Now, apply a patch to fix a problem with the linux kernel headers in
170	versions 5.17 and above:
171	</para>
172
173	<screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-kernel_5.17_fixes-1.patch</userinput></screen>
174
175	<para>
176	Remove two unneeded groups,
177	<systemitem class="groupname">render</systemitem> and
178	<systemitem class="groupname">sgx</systemitem>, from the default udev
179	rules:
180	</para>
181
182	<screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
183	-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
184
185	<para>
186	Rebuild <application>systemd</application> by running the
187	following commands:
188	</para>
189
190	<screen><userinput>mkdir build &&
191	cd build &&
192
193	meson --prefix=/usr \
194	--buildtype=release \
195	-Dblkid=true \
196	-Ddefault-dnssec=no \
197	-Dfirstboot=false \
198	-Dinstall-tests=false \
199	-Dldconfig=false \
200	-Dman=auto \
201	-Dsysusers=false \
202	-Drpmmacrosdir=no \
203	-Db_lto=false \
204	-Dhomed=false \
205	-Duserdb=false \
206	-Dmode=release \
207	-Dpamconfdir=/etc/pam.d \
208	-Ddocdir=/usr/share/doc/systemd-&systemd-version; \
209	.. &&
210
211	ninja</userinput></screen>
212	<!-- Regarding homed and userdb, see the note below in Command Explanations-->
213
214	<note>
215	<para>
216	For the best test results, make sure you run the testsuite from
217	a system that is booted by the same
218	<application>systemd</application> version you are rebuilding.
219	</para>
220	</note>
221
222	<para>
223	To test the results, issue:
224	<command>PATH+=:/usr/sbin ninja test</command>.
225	<!-- One test named test-repart needs sfdisk, which is in /usr/sbin. -->
226	</para>
227
228	<!--
229	<warning>
230	<para>
231	Installing the package will overwrite all files installed by
232	<application>systemd</application> in LFS. It is critical that
233	nothing uses either <application>systemd</application> or
234	<application>Udev</application> libraries during the installation.
235	The best way to ensure that these libraries are not being used is to
236	run the installation in rescue mode. To switch to rescue mode,
237	run the following command as the
238	<systemitem class="username">root</systemitem> user (from a TTY):
239	</para>
240
241	<screen role="root"><userinput>systemctl isolate rescue.target</userinput></screen>
242	</warning>
243	Nobody has reported problems with this in years. Let's comment it. -->
244
245	<para>
246	Now, as the <systemitem class="username">root</systemitem> user:
247	</para>
248
249	<screen role="root"><userinput>ninja install</userinput></screen>
250
251	<!-- Included in the patch
252	<para>
253	Fix a problem in a systemd unit that can cause extra delays when
254	changing TTYs:
255	</para>
256
257	<screen role="root"><userinput>sed -i 's/idle/simple/' /usr/lib/systemd/system/getty@.service</userinput></screen>
258	-->
259	<!-- No longer needed as of systemd-244.
260	<para>
261	Remove a configuration file that causes some problems with PID files:
262	</para>
263
264	<screen role="root"><userinput>rm -fv /etc/sysctl.d/50-pid-max.conf</userinput></screen>
265	-->
266	</sect2>
267
268	<sect2 role="commands">
269	<title>Command Explanations</title>
270
271	<!-- Not needed with the patch
272	<para>
273	<parameter>-Dc_args=-Wno-format-overflow</parameter>: Prevents an error
274	when building with <application>GCC 10</application>. The default is
275	<option>-Werror=format-overflow</option>,
276	which generates false positives. This switch may be used with previous
277	versions of GCC too.
278	</para>
279	-->
280
281	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
282	href="../../xincludes/meson-buildtype-release.xml"/>
283
284	<para>
285	<parameter>-Dpamconfdir=/etc/pam.d</parameter>: Forces the PAM files to
286	be installed in /etc/pam.d rather than /usr/lib/pam.d.
287	</para>
288
289	<para>
290	<parameter>-Duserdb=false</parameter>: Removes a daemon that does not
291	offer any use under a BLFS configuration. If you wish to enable the
292	<application>userdbd</application> daemon, replace "false" with "true"
293	in the above meson command.
294	</para>
295
296	<para>
297	<parameter>-Dhomed=false</parameter>: Removes a daemon that does not offer
298	any use under a traditional BLFS configuration, especially using accounts
299	created with useradd. To enable systemd-homed, first ensure that you have
300	<xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/> installed,
301	and then change "false" to "true" in the above meson command.
302	</para>
303
304	<!-- EDITORS NOTE: Explanation on removing userdbd and homed:
305	In BLFS, we do not fully support disk encryption. We offer instructions for
306	building 'cryptsetup' as a dependency, but we do not offer instructions for
307	actually configuring it. In addition, we generally do not include
308	functionality that could potentially conflict with other packages, or that
309	is not of any use to us (in an enterprise configuration using Thin Clients
310	or laptops with LUKS encryption, it could make sense though, but that isn't
311	the configuration that we natively support).
312
313	A few of the complications of systemd-homed include:
314	- SSH Logins
315	- Disk Space Assignments
316	- UID Assignments (chown() on login)
317	(See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
318
319	In an article I read when systemd-homed was originally unveiled, I remember
320	reading about systemd-homed causing problems with OpenSSH Private Key Auth
321	because the user would have to login at the console in order to unlock
322	their home directory, thus allowing the private key to be unlocked and
323	processed by OpenSSH. Since BLFS does not fully support encrypted disks,
324	and because systemd-homed is incompatible with our usage of useradd /
325	traditional UNIX users and groups, I advise that we take the following
326	approach to avoid any confusion:
327
328	- Leave the added Short Descriptions for homectl and userdbctl
329	- Add the above command explanations and restore the previous behavior
330
331	Should we decide to enable homed by default anytime in the future,
332	let's move cryptsetup to recommended or required.
333
334	I would be open to discussing this after the next systemd version when
335	systemd-homed has matured a bit more. -renodr -->
336
337	</sect2>
338
339	<sect2 role="configuration">
340	<title>Configuring systemd</title>
341
342	<para>
343	The <filename>/etc/pam.d/system-session</filename> file needs to
344	be modified and a new file needs to be created in order for
345	<command>systemd-logind</command> to work correctly. Run the following
346	commands as the <systemitem class="username">root</systemitem> user:
347	</para>
348
349	<screen role="root"><userinput>grep 'pam_systemd' /etc/pam.d/system-session \|\|
350	cat >> /etc/pam.d/system-session << "EOF"
351	<literal># Begin Systemd addition
352
353	session required pam_loginuid.so
354	session optional pam_systemd.so
355
356	# End Systemd addition</literal>
357	EOF
358
359	cat > /etc/pam.d/systemd-user << "EOF"
360	<literal># Begin /etc/pam.d/systemd-user
361
362	account required pam_access.so
363	account include system-account
364
365	session required pam_env.so
366	session required pam_limits.so
367	session required pam_unix.so
368	session required pam_loginuid.so
369	session optional pam_keyinit.so force revoke
370	session optional pam_systemd.so
371
372	auth required pam_deny.so
373	password required pam_deny.so
374
375	# End /etc/pam.d/systemd-user</literal>
376	EOF</userinput></screen>
377
378	<!--
379	<para>
380	At this point, you should reload the systemd daemon, and reenter
381	multi-user mode with the following commands (as the
382	<systemitem class="username">root</systemitem> user). If a desktop
383	manager is installed and you wish to reenter the graphical mode,
384	replace <userinput>multi-user.target</userinput> with
385	<userinput>graphical.target</userinput>:
386	</para>
387
388	<screen role="root"><userinput>systemctl daemon-reexec
389	systemctl start multi-user.target</userinput></screen>-->
390
391	<warning>
392	<para>
393	If upgrading from a previous version of systemd and an
394	initrd is used for system boot, you should generate a new initrd before
395	rebooting the system.
396	</para>
397	</warning>
398
399	</sect2>
400
401	<sect2 role="content">
402	<title>Contents</title>
403
404	<para>
405	A list of the installed files, along with their short
406	descriptions can be found at
407	<ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
408	</para>
409
410	<para>
411	Listed below are the newly installed programs
412	along with short descriptions.
413	</para>
414
415	<segmentedlist>
416	<segtitle>Installed Programs</segtitle>
417
418	<seglistitem>
419	<seg>
420	<!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
421	homectl (if <xref linkend="cryptsetup"/> is installed),
422	systemd-cryptenroll (if <xref linkend="cryptsetup"/> is installed),
423	and userdbctl (optionally)
424	</seg>
425	</seglistitem>
426	</segmentedlist>
427
428	<variablelist>
429	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
430	<?dbfo list-presentation="list"?>
431	<?dbhtml list-presentation="table"?>
432
433	<varlistentry id="homectl">
434	<term><command>homectl</command></term>
435	<listitem>
436	<para>
437	is a tool to create, remove, change, or inspect a home directory
438	managed by <command>systemd-homed</command>; note that it's
439	useless for the classic UNIX users and home directories which
440	we are using in LFS/BLFS book
441	</para>
442	<indexterm zone="systemd homectl">
443	<primary sortas="b-homectl">homectl</primary>
444	</indexterm>
445	</listitem>
446	</varlistentry>
447
448	<varlistentry id="systemd-cryptenroll">
449	<term><command>systemd-cryptenroll</command></term>
450	<listitem>
451	<para>
452	Is used to enroll or remove a system from full disk encryption,
453	as well as set and query private keys and recovery keys
454	</para>
455	<indexterm zone="systemd systemd-cryptenroll">
456	<primary sortas="b-systemd-cryptenroll">systemd-cryptenroll</primary>
457	</indexterm>
458	</listitem>
459	</varlistentry>
460
461	<varlistentry id="userdbctl">
462	<term><command>userdbctl</command></term>
463	<listitem>
464	<para>
465	inspects users, groups, and group memberships
466	</para>
467	<indexterm zone="systemd userdbctl">
468	<primary sortas="b-userdbctl">userdbctl</primary>
469	</indexterm>
470	</listitem>
471	</varlistentry>
472
473	<varlistentry id="pam_systemd">
474	<term><filename class="libraryfile">pam_systemd.so</filename></term>
475	<listitem>
476	<para>
477	is a PAM module used to register user sessions with the
478	<application>systemd</application> login manager,
479	<command>systemd-logind</command>
480	</para>
481	<indexterm zone="systemd pam_systemd">
482	<primary sortas="c-pam_systemd">pam_systemd.so</primary>
483	</indexterm>
484	</listitem>
485	</varlistentry>
486
487	</variablelist>
488
489	</sect2>
490
491	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: