Context Navigation

source: general/sysutils/systemd.xml@ df6f75d8

Visit:

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since df6f75d8 was df6f75d8, checked in by Xi Ruoyao <xry111@…>, 3 years ago
systemd: append /usr/sbin into $PATH for test
Property mode set to `100644`
File size: 16.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- <!ENTITY systemd-download-http "http://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
8	<!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
9	<!ENTITY systemd-download-ftp " ">
10	<!ENTITY systemd-md5sum "8e8adf909c255914dfc10709bd372e69">
11	<!ENTITY systemd-size "10 MB">
12	<!ENTITY systemd-buildsize "287 MB (with tests)">
13	<!ENTITY systemd-time "2.5 SBU (with tests)">
14
15	]>
16
17	<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
18	<?dbhtml filename="systemd.html"?>
19
20	<sect1info>
21	<date>$Date$</date>
22	</sect1info>
23
24	<title>Systemd-&systemd-version;</title>
25	<!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
26
27	<indexterm zone="systemd">
28	<primary sortas="a-systemd">systemd</primary>
29	</indexterm>
30
31	<sect2 role="package">
32	<title>Introduction to systemd</title>
33
34	<para>
35	While <application>systemd</application> was installed when
36	building LFS, there are many features provided by the package that
37	were not included in the initial installation because
38	<application>Linux-PAM</application> was not yet installed.
39	The <application>systemd</application> package needs to be
40	rebuilt to provide a working <command>systemd-logind</command> service,
41	which provides many additional features for dependent packages.
42	</para>
43
44	&lfs101_checked;
45
46	<bridgehead renderas="sect3">Package Information</bridgehead>
47	<itemizedlist spacing="compact">
48	<listitem>
49	<para>
50	Download (HTTP): <ulink url="&systemd-download-http;"/>
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download (FTP): <ulink url="&systemd-download-ftp;"/>
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Download MD5 sum: &systemd-md5sum;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Download size: &systemd-size;
66	</para>
67	</listitem>
68	<listitem>
69	<para>
70	Estimated disk space required: &systemd-buildsize;
71	</para>
72	</listitem>
73	<listitem>
74	<para>
75	Estimated build time: &systemd-time;
76	</para>
77	</listitem>
78	</itemizedlist>
79
80	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
81	<itemizedlist spacing="compact">
82	<listitem>
83	<para>
84	Required patch:
85	<ulink url="&patch-root;/systemd-&systemd-version;-upstream_fixes-1.patch"/>
86	</para>
87	</listitem>
88	</itemizedlist>
89
90	<bridgehead renderas="sect3">systemd Dependencies</bridgehead>
91
92	<bridgehead renderas="sect4">Required</bridgehead>
93	<para role="required">
94	<xref linkend="Jinja2"/> and
95	<xref linkend="linux-pam"/>
96	</para>
97
98	<bridgehead renderas="sect4">Recommended Runtime Dependencies</bridgehead>
99	<para role="recommended">
100	<xref role="runtime" linkend="polkit"/>
101	</para>
102
103	<bridgehead renderas="sect4">Optional</bridgehead>
104	<para role="optional">
105	<xref linkend="btrfs-progs"/>, <!-- homed may support it, see the C.E.-->
106	<xref linkend="curl"/>,
107	<xref linkend="cryptsetup"/>,
108	<xref linkend="git"/>,
109	<xref linkend="gnutls"/>,
110	<xref linkend="iptables"/>,
111	<xref linkend="libgcrypt"/>,
112	<xref linkend="libidn2"/>,
113	<xref linkend="libpwquality"/>,
114	<xref linkend="libseccomp"/>,
115	<xref linkend="libxkbcommon"/>,
116	<xref linkend="make-ca"/>,
117	<xref linkend="pcre2"/>,
118	<xref linkend="qemu"/>,
119	<xref linkend="qrencode"/>,
120	<xref linkend="rsync"/>,
121	<xref linkend="valgrind"/>,
122	<xref linkend="zsh"/> (for the zsh completions),
123	<ulink url="https://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
124	<ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
125	<ulink url="https://sourceware.org/elfutils/">libdw</ulink>,
126	<ulink url="https://developers.yubico.com/libfido2/">libfido2</ulink>,
127	<ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
128	<ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
129	<!--<ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,-->
130	<ulink url="https://sourceforge.net/projects/linuxquota/">quota-tools</ulink>,
131	<ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>, and
132	<ulink url="https://tpm2-tss.readthedocs.io/en/latest/">tpm2-tss</ulink>
133	</para>
134
135	<bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
136	<para role="optional">
137	<xref linkend="DocBook"/>,
138	<xref linkend="docbook-xsl"/>,
139	<xref linkend="libxslt"/>, and
140	<xref linkend="lxml"/> (to build the index of systemd manual pages)
141	</para>
142
143	<para condition="html" role="usernotes">User Notes:
144	<ulink url="&blfs-wiki;/systemd"/>
145	</para>
146	</sect2>
147
148	<sect2 role="installation">
149	<title>Installation of systemd</title>
150
151	<para>
152	Apply a patch to fix a security vulnerability:
153	</para>
154
155	<screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-upstream_fixes-1.patch</userinput></screen>
156
157	<para>
158	Remove two unneeded groups,
159	<systemitem class="groupname">render</systemitem> and
160	<systemitem class="groupname">sgx</systemitem>, from the default udev
161	rules:
162	</para>
163
164	<screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
165	-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
166
167	<para>
168	Rebuild <application>systemd</application> by running the
169	following commands:
170	</para>
171
172	<screen><userinput>mkdir build &&
173	cd build &&
174
175	meson --prefix=/usr \
176	--sysconfdir=/etc \
177	--localstatedir=/var \
178	--buildtype=release \
179	-Dblkid=true \
180	-Ddefault-dnssec=no \
181	-Dfirstboot=false \
182	-Dinstall-tests=false \
183	-Dldconfig=false \
184	-Dman=auto \
185	-Dsysusers=false \
186	-Drpmmacrosdir=no \
187	-Db_lto=false \
188	-Dhomed=false \
189	-Duserdb=false \
190	-Dmode=release \
191	-Dpamconfdir=/etc/pam.d \
192	-Ddocdir=/usr/share/doc/systemd-&systemd-version; \
193	.. &&
194
195	ninja</userinput></screen>
196	<!-- Regarding homed and userdb, see the note below in Command Explanations-->
197
198	<note>
199	<para>
200	For the best test results, make sure you run the testsuite from
201	a system that is booted by the same
202	<application>systemd</application> version you are rebuilding.
203	</para>
204	</note>
205
206	<para>
207	To test the results, issue:
208	<command>PATH+=:/usr/sbin ninja test</command>.
209	<!-- One test named test-repart needs sfdisk, which is in /usr/sbin. -->
210	</para>
211
212	<!--
213	<warning>
214	<para>
215	Installing the package will overwrite all files installed by
216	<application>systemd</application> in LFS. It is critical that
217	nothing uses either <application>systemd</application> or
218	<application>Udev</application> libraries during the installation.
219	The best way to ensure that these libraries are not being used is to
220	run the installation in rescue mode. To switch to rescue mode,
221	run the following command as the
222	<systemitem class="username">root</systemitem> user (from a TTY):
223	</para>
224
225	<screen role="root"><userinput>systemctl isolate rescue.target</userinput></screen>
226	</warning>
227	Nobody has reported problems with this in years. Let's comment it. -->
228
229	<para>
230	Now, as the <systemitem class="username">root</systemitem> user:
231	</para>
232
233	<screen role="root"><userinput>ninja install</userinput></screen>
234	<!-- No longer needed as of systemd-244.
235	<para>
236	Remove a configuration file that causes some problems with PID files:
237	</para>
238
239	<screen role="root"><userinput>rm -fv /etc/sysctl.d/50-pid-max.conf</userinput></screen>
240	-->
241	</sect2>
242
243	<sect2 role="commands">
244	<title>Command Explanations</title>
245
246	<!-- Not needed with the patch
247	<para>
248	<parameter>-Dc_args=-Wno-format-overflow</parameter>: Prevents an error
249	when building with <application>GCC 10</application>. The default is
250	<option>-Werror=format-overflow</option>,
251	which generates false positives. This switch may be used with previous
252	versions of GCC too.
253	</para>
254	-->
255
256	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
257	href="../../xincludes/meson-buildtype-release.xml"/>
258
259	<para>
260	<parameter>-Dpamconfdir=/etc/pam.d</parameter>: Forces the PAM files to
261	be installed in /etc/pam.d rather than /usr/lib/pam.d.
262	</para>
263
264	<para>
265	<parameter>-Duserdb=false</parameter>: Removes a daemon that does not
266	offer any use under a BLFS configuration. If you wish to enable the
267	<application>userdbd</application> daemon, replace "false" with "true"
268	in the above meson command.
269	</para>
270
271	<para>
272	<parameter>-Dhomed=false</parameter>: Removes a daemon that does not offer
273	any use under a traditional BLFS configuration, especially using accounts
274	created with useradd. To enable systemd-homed, first ensure that you have
275	<xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/>, and then
276	change "false" to "true" in the above meson command.
277	</para>
278
279	<!-- EDITORS NOTE: Explanation on removing userdbd and homed:
280	In BLFS, we do not fully support disk encryption. We offer instructions for
281	building 'cryptsetup' as a dependency, but we do not offer instructions for
282	actually configuring it. In addition, we generally do not include
283	functionality that could potentially conflict with other packages, or that
284	is not of any use to us (in an enterprise configuration using Thin Clients
285	or laptops with LUKS encryption, it could make sense though, but that isn't
286	the configuration that we natively support).
287
288	A few of the complications of systemd-homed include:
289	- SSH Logins
290	- Disk Space Assignments
291	- UID Assignments (chown() on login)
292	(See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
293
294	In an article I read when systemd-homed was originally unveiled, I remember
295	reading about systemd-homed causing problems with OpenSSH Private Key Auth
296	because the user would have to login at the console in order to unlock
297	their home directory, thus allowing the private key to be unlocked and
298	processed by OpenSSH. Since BLFS does not fully support encrypted disks,
299	and because systemd-homed is incompatible with our usage of useradd /
300	traditional UNIX users and groups, I advise that we take the following
301	approach to avoid any confusion:
302
303	- Leave the added Short Descriptions for homectl and userdbctl
304	- Add the above command explanations and restore the previous behavior
305
306	Should we decide to enable homed by default anytime in the future,
307	let's move cryptsetup to recommended or required.
308
309	I would be open to discussing this after the next systemd version when
310	systemd-homed has matured a bit more. -renodr -->
311
312	</sect2>
313
314	<sect2 role="configuration">
315	<title>Configuring systemd</title>
316
317	<para>
318	The <filename>/etc/pam.d/system-session</filename> file needs to
319	be modified and a new file needs to be created in order for
320	<command>systemd-logind</command> to work correctly. Run the following
321	commands as the <systemitem class="username">root</systemitem> user:
322	</para>
323
324	<screen role="root"><userinput>cat >> /etc/pam.d/system-session << "EOF"
325	<literal># Begin Systemd addition
326
327	session required pam_loginuid.so
328	session optional pam_systemd.so
329
330	# End Systemd addition</literal>
331	EOF
332
333	cat > /etc/pam.d/systemd-user << "EOF"
334	<literal># Begin /etc/pam.d/systemd-user
335
336	account required pam_access.so
337	account include system-account
338
339	session required pam_env.so
340	session required pam_limits.so
341	session required pam_unix.so
342	session required pam_loginuid.so
343	session optional pam_keyinit.so force revoke
344	session optional pam_systemd.so
345
346	auth required pam_deny.so
347	password required pam_deny.so
348
349	# End /etc/pam.d/systemd-user</literal>
350	EOF</userinput></screen>
351
352	<!--
353	<para>
354	At this point, you should reload the systemd daemon, and reenter
355	multi-user mode with the following commands (as the
356	<systemitem class="username">root</systemitem> user). If a desktop
357	manager is installed and you wish to reenter the graphical mode,
358	replace <userinput>multi-user.target</userinput> with
359	<userinput>graphical.target</userinput>:
360	</para>
361
362	<screen role="root"><userinput>systemctl daemon-reexec
363	systemctl start multi-user.target</userinput></screen>-->
364
365	<warning>
366	<para>
367	If upgrading from a previous version of systemd and an
368	initrd is used for system boot, you should generate a new initrd before
369	rebooting the system.
370	</para>
371	</warning>
372
373	</sect2>
374
375	<sect2 role="content">
376	<title>Contents</title>
377
378	<para>
379	A list of the installed files, along with their short
380	descriptions can be found at
381	<ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
382	</para>
383
384	<para>
385	Listed below are the newly installed libraries and directories
386	along with short descriptions.
387	</para>
388
389	<segmentedlist>
390	<segtitle>Installed Programs</segtitle>
391	<segtitle>Installed Libraries</segtitle>
392	<segtitle>Installed Directories</segtitle>
393
394	<seglistitem>
395	<seg>
396	<!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
397	homectl (if <xref linkend="cryptsetup"/> is installed)
398	and userdbctl (optionally)
399	</seg>
400	<seg>
401	pam_systemd.so
402	(in <filename class="directory">/lib/security</filename>)
403	</seg>
404	<seg>
405	None
406	</seg>
407	</seglistitem>
408	</segmentedlist>
409
410	<variablelist>
411	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
412	<?dbfo list-presentation="list"?>
413	<?dbhtml list-presentation="table"?>
414
415	<varlistentry id="homectl">
416	<term><command>homectl</command></term>
417	<listitem>
418	<para>
419	is a tool to create, remove, change, or inspect a home directory
420	managed by <command>systemd-homed</command>; note that it's
421	useless for the classic UNIX users and home directories which
422	we are using in LFS/BLFS book
423	</para>
424	<indexterm zone="systemd homectl">
425	<primary sortas="b-homectl">homectl</primary>
426	</indexterm>
427	</listitem>
428	</varlistentry>
429
430	<varlistentry id="userdbctl">
431	<term><command>userdbctl</command></term>
432	<listitem>
433	<para>
434	inspects users, groups, and group memberships
435	</para>
436	<indexterm zone="systemd userdbctl">
437	<primary sortas="b-userdbctl">userdbctl</primary>
438	</indexterm>
439	</listitem>
440	</varlistentry>
441
442	<varlistentry id="pam_systemd">
443	<term><filename class="libraryfile">pam_systemd.so</filename></term>
444	<listitem>
445	<para>
446	is a PAM module used to register user sessions with the
447	<application>systemd</application> login manager,
448	<command>systemd-logind</command>
449	</para>
450	<indexterm zone="systemd pam_systemd">
451	<primary sortas="c-pam_systemd">pam_systemd.so</primary>
452	</indexterm>
453	</listitem>
454	</varlistentry>
455
456	</variablelist>
457
458	</sect2>
459
460	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: