source: general/sysutils/systemd.xml@ bdfc854

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 12.2 gimp3 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/for-12.3 xry111/intltool xry111/llvm18 xry111/soup3 xry111/spidermonkey128 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since bdfc854 was bdfc854, checked in by Douglas R. Reno <renodr@…>, 5 years ago

Update to gcc-9.3.0

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22864 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 15.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- <!ENTITY systemd-download-http "http://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8 <!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9 <!ENTITY systemd-download-ftp " ">
10 <!ENTITY systemd-md5sum "04f02d9841ea5992a16f6b03c873da28">
11 <!ENTITY systemd-size "8.6 MB">
12 <!ENTITY systemd-buildsize "246 MB (with tests)">
13 <!ENTITY systemd-time "2.1 SBU (with tests)">
14
15]>
16
17<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18 <?dbhtml filename="systemd.html"?>
19
20 <sect1info>
21 <othername>$LastChangedBy$</othername>
22 <date>$Date$</date>
23 </sect1info>
24
25 <title>Systemd-&systemd-version;</title>
26 <!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
27
28 <indexterm zone="systemd">
29 <primary sortas="a-systemd">systemd</primary>
30 </indexterm>
31
32 <sect2 role="package">
33 <title>Introduction to systemd</title>
34
35 <para>
36 While <application>systemd</application> was installed when
37 building LFS, there are many features provided by the package that
38 were not included in the initial installation because
39 <application>Linux-PAM</application> was not yet installed.
40 The <application>systemd</application> package needs to be
41 rebuilt to provide a working <command>systemd-logind</command> service,
42 which provides many additional features for dependent packages.
43 </para>
44
45 &lfs91_checked;
46
47 <bridgehead renderas="sect3">Package Information</bridgehead>
48 <itemizedlist spacing="compact">
49 <listitem>
50 <para>
51 Download (HTTP): <ulink url="&systemd-download-http;"/>
52 </para>
53 </listitem>
54 <listitem>
55 <para>
56 Download (FTP): <ulink url="&systemd-download-ftp;"/>
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download MD5 sum: &systemd-md5sum;
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Download size: &systemd-size;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Estimated disk space required: &systemd-buildsize;
72 </para>
73 </listitem>
74 <listitem>
75 <para>
76 Estimated build time: &systemd-time;
77 </para>
78 </listitem>
79 </itemizedlist>
80
81<!--
82 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
83 <itemizedlist spacing="compact">
84 <listitem>
85 <para>
86 Required patch:
87 <ulink url="&patch-root;/systemd-&systemd-version;-seccomp_and_cpuaffinity_fix-1.patch"/>
88 </para>
89 </listitem>
90 </itemizedlist>
91-->
92
93 <bridgehead renderas="sect3">systemd Dependencies</bridgehead>
94
95 <bridgehead renderas="sect4">Required</bridgehead>
96 <para role="required">
97 <xref linkend="linux-pam"/>
98 </para>
99
100 <bridgehead renderas="sect4">Recommended Runtime Dependencies</bridgehead>
101 <para role="recommended">
102 <xref role="runtime" linkend="polkit"/>
103 </para>
104
105 <bridgehead renderas="sect4">Optional</bridgehead>
106 <para role="optional">
107 <xref linkend="btrfs-progs"/> <!-- homed may support it, see the C.E.-->
108 <xref linkend="curl"/>,
109 <xref linkend="cryptsetup"/>,
110 <xref linkend="git"/>,
111 <xref linkend="gnutls"/>,
112 <xref linkend="iptables"/>,
113 <xref linkend="libgcrypt"/>,
114 <xref linkend="libidn2"/>,
115 <xref linkend="libpwquality"/>,
116 <xref linkend="libseccomp"/>,
117 <xref linkend="libxkbcommon"/>,
118 <xref linkend="make-ca"/>,
119 <xref linkend="pcre2"/>,
120 <xref linkend="qemu"/>,
121 <xref linkend="valgrind"/>,
122 <xref linkend="zsh"/> (for the zsh completions),
123 <ulink url="http://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
124 <ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
125 <ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
126 <ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
127 <ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,
128 <ulink url="http://sourceforge.net/projects/linuxquota/">quota-tools</ulink> and
129 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>
130 </para>
131
132 <bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
133 <para role="optional">
134 <xref linkend="DocBook"/>,
135 <xref linkend="docbook-xsl"/>,
136 <xref linkend="libxslt"/>, and
137 <xref linkend="lxml"/> (to build the index of systemd manual pages)
138 </para>
139
140 <para condition="html" role="usernotes">User Notes:
141 <ulink url="&blfs-wiki;/systemd"/>
142 </para>
143 </sect2>
144
145 <sect2 role="installation">
146 <title>Installation of systemd</title>
147 <!-- 243-244 is now supported, so let's comment this for now.
148 <warning>
149 <para>
150 This version of systemd is incompatible with all previous
151 releases. The BLFS team does not recommend updating in place, and
152 suggests that you do a rebuild instead.
153 </para>
154 </warning>
155 -->
156 <!--
157 <para>
158 Apply a patch to fix problems with libseccomp-2.4.2+ and Linux-5.4+:
159 </para>
160
161<screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-seccomp_and_cpuaffinity_fix-1.patch</userinput></screen>
162 -->
163
164 <!-- The above is only needed on systems with Linux 5.4+ and libseccomp-2.4.2+
165 This fix is due to syscall changes in libseccomp+Linux 5.4+.
166 The affected syscall is shmat(), which isn't implemented properly on
167 i686, and intermittently fails on x86_64. Also, there is a problem with
168 CPU Affinity + CGroups on Linux-5.4+ that causes issues with the
169 "test-execute" test. -->
170
171 <para>
172 Remove an unneeded group,
173 <systemitem class="groupname">render</systemitem>, from the default udev
174 rules:
175 </para>
176
177<screen><userinput remap="pre">sed -i 's/GROUP="render", //' rules.d/50-udev-default.rules.in</userinput></screen>
178
179 <para>
180 Rebuild <application>systemd</application> by running the
181 following commands:
182 </para>
183
184<screen><userinput>mkdir build &amp;&amp;
185cd build &amp;&amp;
186
187meson --prefix=/usr \
188 --sysconfdir=/etc \
189 --localstatedir=/var \
190 -Dblkid=true \
191 -Dbuildtype=release \
192 -Ddefault-dnssec=no \
193 -Dfirstboot=false \
194 -Dinstall-tests=false \
195 -Dldconfig=false \
196 -Dman=auto \
197 -Drootprefix= \
198 -Drootlibdir=/lib \
199 -Dsplit-usr=true \
200 -Dsysusers=false \
201 -Drpmmacrosdir=no \
202 -Db_lto=false \
203 -Dhomed=false \
204 -Duserdb=false \
205 .. &amp;&amp;
206
207ninja</userinput></screen>
208<!-- Regarding homed and userdb, see the note below in Command Explanations-->
209
210 <note>
211 <para>
212 For the best test results, make sure you run the testsuite from
213 a system that is booted by the same
214 <application>systemd</application> version you are rebuilding.
215 </para>
216 </note>
217
218 <para>
219 To test the results, issue: <command>ninja test</command>. <!--One test,
220 <filename>udev-test</filename> (test 273) fails due to changes in
221 the Linux 5.3+ kernel. It does not affect the package's
222 functionality. NO LONGER APPLICABLE AS OF 244 -->
223 </para>
224
225 <warning>
226 <para>
227 Installing the package will overwrite all files installed by
228 <application>systemd</application> in LFS. It is critical that
229 nothing uses either <application>systemd</application> or
230 <application>Udev</application> libraries during the installation.
231 The best way to ensure that these libraries are not being used is to
232 run the installation in rescue mode. To switch to rescue mode,
233 run the following command as the
234 <systemitem class="username">root</systemitem> user (from a TTY):
235 </para>
236
237<screen role="root"><userinput>systemctl isolate rescue.target</userinput></screen>
238 </warning>
239
240 <para>
241 Now, as the <systemitem class="username">root</systemitem> user:
242 </para>
243
244<screen role="root"><userinput>ninja install</userinput></screen>
245 <!-- No longer needed as of systemd-244.
246 <para>
247 Remove a configuration file that causes some problems with PID files:
248 </para>
249
250<screen role="root"><userinput>rm -fv /etc/sysctl.d/50-pid-max.conf</userinput></screen>
251 -->
252 </sect2>
253
254 <sect2 role="commands">
255 <title>Command Explanations</title>
256
257 <para>
258 <parameter>-Duserdb=false</parameter>: Removes a daemon that does not
259 offer any use under a BLFS configuration. If you wish to enable the
260 <application>userdbd</application> daemon, replace "false" with "true"
261 in the above meson command.
262 </para>
263
264 <para>
265 <parameter>-Dhomed=false</parameter>: Remove a daemon that does not offer
266 any use under a traditional BLFS configuration, especially using accounts
267 created with useradd. To enable systemd-homed, first ensure that you have
268 <xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/>, and then
269 change "false" to "true" in the above meson command.
270 </para>
271
272 <!-- EDITORS NOTE: Explanation on removing userdbd and homed:
273 In BLFS, we do not fully support disk encryption. We offer instructions for
274 building 'cryptsetup' as a dependency, but we do not offer instructions for
275 actually configuring it. In addition, we generally do not include
276 functionality that could potentially conflict with other packages, or that
277 is not of any use to us (in an enterprise configuration using Thin Clients
278 or laptops with LUKS encryption, it could make sense though, but that isn't
279 the configuration that we natively support).
280
281 A few of the complications of systemd-homed include:
282 - SSH Logins
283 - Disk Space Assignments
284 - UID Assignments (chown() on login)
285 (See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
286
287 In an article I read when systemd-homed was originally unveiled, I remember
288 reading about systemd-homed causing problems with OpenSSH Private Key Auth
289 because the user would have to login at the console in order to unlock
290 their home directory, thus allowing the private key to be unlocked and
291 processed by OpenSSH. Since BLFS does not fully support encrypted disks,
292 and because systemd-homed is incompatible with our usage of useradd /
293 traditional UNIX users and groups, I advise that we take the following
294 approach to avoid any confusion:
295
296 - Leave the added Short Descriptions for homectl and userdbctl
297 - Add the above command explanations and restore the previous behavior
298
299 Should we decide to enable homed by default anytime in the future,
300 let's move cryptsetup to recommended or required.
301
302 I would be open to discussing this after the next systemd version when
303 systemd-homed has matured a bit more. -renodr -->
304
305 </sect2>
306
307 <sect2 role="configuration">
308 <title>Configuring systemd</title>
309
310 <para>
311 The <filename>/etc/pam.d/system-session</filename> file needs to
312 be modified and a new file needs to be created in order for
313 <command>systemd-logind</command> to work correctly. Run the following
314 commands as the <systemitem class="username">root</systemitem> user:
315 </para>
316
317<screen role="root"><userinput>cat &gt;&gt; /etc/pam.d/system-session &lt;&lt; "EOF"
318<literal># Begin Systemd addition
319
320session required pam_loginuid.so
321session optional pam_systemd.so
322
323# End Systemd addition</literal>
324EOF
325
326cat &gt; /etc/pam.d/systemd-user &lt;&lt; "EOF"
327<literal># Begin /etc/pam.d/systemd-user
328
329account required pam_access.so
330account include system-account
331
332session required pam_env.so
333session required pam_limits.so
334session required pam_unix.so
335session required pam_loginuid.so
336session optional pam_keyinit.so force revoke
337session optional pam_systemd.so
338
339auth required pam_deny.so
340password required pam_deny.so
341
342# End /etc/pam.d/systemd-user</literal>
343EOF</userinput></screen>
344
345 <para>
346 At this point, you should reload the systemd daemon, and reenter
347 multi-user mode with the following commands (as the
348 <systemitem class="username">root</systemitem> user). If a desktop
349 manager is installed and you wish to reenter the graphical mode,
350 replace <userinput>multi-user.target</userinput> with
351 <userinput>graphical.target</userinput>:
352 </para>
353
354<screen role="root"><userinput>systemctl daemon-reexec
355systemctl start multi-user.target</userinput></screen>
356
357 <warning>
358 <para>
359 If upgrading from a previous version of systemd and an
360 initrd is used for system boot, you should generate a new initrd before
361 rebooting the system.
362 </para>
363 </warning>
364
365 </sect2>
366
367 <sect2 role="content">
368 <title>Contents</title>
369
370 <para>
371 A list of the installed files, along with their short
372 descriptions can be found at
373 <ulink url="&lfs-root;/chapter06/systemd.html#contents-systemd"/>.
374 </para>
375
376 <para>
377 Listed below are the newly installed libraries and directories
378 along with short descriptions.
379 </para>
380
381 <segmentedlist>
382 <segtitle>Installed Programs</segtitle>
383 <segtitle>Installed Libraries</segtitle>
384 <segtitle>Installed Directories</segtitle>
385
386 <seglistitem>
387 <seg>
388 <!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
389 homectl (if <xref linkend="cryptsetup"/> is installed)
390 and userdbctl (optionally)
391 </seg>
392 <seg>
393 pam_systemd.so
394 (in <filename class="directory">/lib/security</filename>)
395 </seg>
396 <seg>
397 None
398 </seg>
399 </seglistitem>
400 </segmentedlist>
401
402 <variablelist>
403 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
404 <?dbfo list-presentation="list"?>
405 <?dbhtml list-presentation="table"?>
406
407 <varlistentry id="homectl">
408 <term><command>homectl</command></term>
409 <listitem>
410 <para>
411 is a tool to create, remove, change, or inspect a home directory
412 managed by <command>systemd-homed</command>; note that it's
413 useless for the classic UNIX users and home directories which
414 we are using in LFS/BLFS book
415 </para>
416 <indexterm zone="systemd homectl">
417 <primary sortas="b-homectl">homectl</primary>
418 </indexterm>
419 </listitem>
420 </varlistentry>
421
422 <varlistentry id="userdbctl">
423 <term><command>userdbctl</command></term>
424 <listitem>
425 <para>
426 inspect users, groups, and group memberships
427 </para>
428 <indexterm zone="systemd userdbctl">
429 <primary sortas="b-userdbctl">userdbctl</primary>
430 </indexterm>
431 </listitem>
432 </varlistentry>
433
434 <varlistentry id="pam_systemd">
435 <term><filename class="libraryfile">pam_systemd.so</filename></term>
436 <listitem>
437 <para>
438 is a PAM module used to register user sessions with the
439 <application>systemd</application> login manager,
440 <command>systemd-logind</command>.
441 </para>
442 <indexterm zone="systemd pam_systemd">
443 <primary sortas="c-pam_systemd">pam_systemd.so</primary>
444 </indexterm>
445 </listitem>
446 </varlistentry>
447
448 </variablelist>
449
450 </sect2>
451
452</sect1>
Note: See TracBrowser for help on using the repository browser.