linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-25 07:42:13 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
f1c6a8a9f8
glfs/general/sysutils/systemd.xml
Douglas R. Reno 115de74802 Patch systemd to work with Linux-API-Headers-5.11.14 and higher as well 
as meson-0.57.2
2021-04-28 20:31:11 -05:00

457 lines
16 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!-- <!ENTITY systemd-download-http "http://anduin.linuxfromscratch.org/LFS/systemd-&systemd-version;-&systemd-stable;.tar.xz"> For whenever we move to a stable snapshot for backports -->
<!ENTITY systemd-download-http "https://github.com/systemd/systemd/archive/v&systemd-version;/systemd-&systemd-version;.tar.gz">
<!ENTITY systemd-download-ftp " ">
<!ENTITY systemd-md5sum "b0d6e603b814908acc69db29bbfb023c">
<!ENTITY systemd-size "9.4 MB">
<!ENTITY systemd-buildsize "273 MB (with tests)">
<!ENTITY systemd-time "2.1 SBU (with tests)">
]>
<sect1 id="systemd" xreflabel="Systemd-&systemd-version;" revision="systemd">
<?dbhtml filename="systemd.html"?>
<sect1info>
<date>$Date$</date>
</sect1info>
<title>Systemd-&systemd-version;</title>
<!-- Whenever we switch back to stable backports, make sure to add the systemd-stable reference back. -->
<indexterm zone="systemd">
<primary sortas="a-systemd">systemd</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to systemd</title>
<para>
While <application>systemd</application> was installed when
building LFS, there are many features provided by the package that
were not included in the initial installation because
<application>Linux-PAM</application> was not yet installed.
The <application>systemd</application> package needs to be
rebuilt to provide a working <command>systemd-logind</command> service,
which provides many additional features for dependent packages.
</para>
&lfs101_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&systemd-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&systemd-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &systemd-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &systemd-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &systemd-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &systemd-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/systemd-&systemd-version;-upstream_fixes-3.patch"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">systemd Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="linux-pam"/>
</para>
<bridgehead renderas="sect4">Recommended Runtime Dependencies</bridgehead>
<para role="recommended">
<xref role="runtime" linkend="polkit"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="btrfs-progs"/>, <!-- homed may support it, see the C.E.-->
<xref linkend="curl"/>,
<xref linkend="cryptsetup"/>,
<xref linkend="git"/>,
<xref linkend="gnutls"/>,
<xref linkend="iptables"/>,
<xref linkend="libgcrypt"/>,
<xref linkend="libidn2"/>,
<xref linkend="libpwquality"/>,
<xref linkend="libseccomp"/>,
<xref linkend="libxkbcommon"/>,
<xref linkend="make-ca"/>,
<xref linkend="pcre2"/>,
<xref linkend="qemu"/>,
<xref linkend="qrencode"/>,
<xref linkend="rsync"/>,
<xref linkend="valgrind"/>,
<xref linkend="zsh"/> (for the zsh completions),
<ulink url="https://sourceforge.net/projects/gnu-efi/">gnu-efi</ulink>,
<ulink url="https://www.kernel.org/pub/linux/utils/kernel/kexec/">kexec-tools</ulink>,
<ulink url="https://developers.yubico.com/libfido2/">libfido2</ulink>,
<ulink url="https://www.gnu.org/software/libmicrohttpd/">libmicrohttpd</ulink>,
<ulink url="http://lz4.github.io/lz4/">lz4</ulink>,
<!--<ulink url="http://fukuchi.org/works/qrencode/">qrencode</ulink>,-->
<ulink url="https://sourceforge.net/projects/linuxquota/">quota-tools</ulink> and
<ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>
</para>
<bridgehead renderas="sect4">Optional (to rebuild the manual pages)</bridgehead>
<para role="optional">
<xref linkend="DocBook"/>,
<xref linkend="docbook-xsl"/>,
<xref linkend="libxslt"/>, and
<xref linkend="lxml"/> (to build the index of systemd manual pages)
</para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/systemd"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of systemd</title>
<para>
Apply a patch to fix regressions in systemd-networkd and segmentation
faults in systemctl, as well as to allow systemd-rfkill to function under
Linux-5.11+:
</para>
<screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-upstream_fixes-3.patch</userinput></screen>
<para>
Remove an unneeded group,
<systemitem class="groupname">render</systemitem>, from the default udev
rules:
</para>
<screen><userinput remap="pre">sed -i 's/GROUP="render"/GROUP="video"/' rules.d/50-udev-default.rules.in</userinput></screen>
<para>
Rebuild <application>systemd</application> by running the
following commands:
</para>
<screen><userinput>mkdir build &amp;&amp;
cd build &amp;&amp;
meson --prefix=/usr \
-Dblkid=true \
-Dbuildtype=release \
-Ddefault-dnssec=no \
-Dfirstboot=false \
-Dinstall-tests=false \
-Dldconfig=false \
-Dman=auto \
-Drootprefix= \
-Drootlibdir=/lib \
-Dsplit-usr=true \
-Dsysusers=false \
-Drpmmacrosdir=no \
-Db_lto=false \
-Dhomed=false \
-Duserdb=false \
-Dmode=release \
-Dpamconfdir=/etc/pam.d \
-Ddocdir=/usr/share/doc/systemd-&systemd-version; \
.. &amp;&amp;
ninja</userinput></screen>
<!-- Regarding homed and userdb, see the note below in Command Explanations-->
<note>
<para>
For the best test results, make sure you run the testsuite from
a system that is booted by the same
<application>systemd</application> version you are rebuilding.
</para>
</note>
<para>
To test the results, issue: <command>ninja test</command>. <!--One test,
<filename>udev-test</filename> (test 273) fails due to changes in
the Linux 5.3+ kernel. It does not affect the package's
functionality. NO LONGER APPLICABLE AS OF 244 -->
</para>
<!--
<warning>
<para>
Installing the package will overwrite all files installed by
<application>systemd</application> in LFS. It is critical that
nothing uses either <application>systemd</application> or
<application>Udev</application> libraries during the installation.
The best way to ensure that these libraries are not being used is to
run the installation in rescue mode. To switch to rescue mode,
run the following command as the
<systemitem class="username">root</systemitem> user (from a TTY):
</para>
<screen role="root"><userinput>systemctl isolate rescue.target</userinput></screen>
</warning>
Nobody has reported problems with this in years. Let's comment it. -->
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ninja install</userinput></screen>
<!-- No longer needed as of systemd-244.
<para>
Remove a configuration file that causes some problems with PID files:
</para>
<screen role="root"><userinput>rm -fv /etc/sysctl.d/50-pid-max.conf</userinput></screen>
-->
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<!-- Not needed with the patch
<para>
<parameter>-Dc_args=-Wno-format-overflow</parameter>: Prevents an error
when building with <application>GCC 10</application>. The default is
<option>-Werror=format-overflow</option>,
which generates false positives. This switch may be used with previous
versions of GCC too.
</para>
-->
<para>
<parameter>-Dpamconfdir=/etc/pam.d</parameter>: Forces the PAM files to
be installed in /etc/pam.d rather than /usr/lib/pam.d.
</para>
<para>
<parameter>-Duserdb=false</parameter>: Removes a daemon that does not
offer any use under a BLFS configuration. If you wish to enable the
<application>userdbd</application> daemon, replace "false" with "true"
in the above meson command.
</para>
<para>
<parameter>-Dhomed=false</parameter>: Remove a daemon that does not offer
any use under a traditional BLFS configuration, especially using accounts
created with useradd. To enable systemd-homed, first ensure that you have
<xref linkend="cryptsetup"/> and <xref linkend="libpwquality"/>, and then
change "false" to "true" in the above meson command.
</para>
<!-- EDITORS NOTE: Explanation on removing userdbd and homed:
In BLFS, we do not fully support disk encryption. We offer instructions for
building 'cryptsetup' as a dependency, but we do not offer instructions for
actually configuring it. In addition, we generally do not include
functionality that could potentially conflict with other packages, or that
is not of any use to us (in an enterprise configuration using Thin Clients
or laptops with LUKS encryption, it could make sense though, but that isn't
the configuration that we natively support).
A few of the complications of systemd-homed include:
- SSH Logins
- Disk Space Assignments
- UID Assignments (chown() on login)
(See https://cfp.all-systems-go.io/media/homed-asg2019.pdf)
In an article I read when systemd-homed was originally unveiled, I remember
reading about systemd-homed causing problems with OpenSSH Private Key Auth
because the user would have to login at the console in order to unlock
their home directory, thus allowing the private key to be unlocked and
processed by OpenSSH. Since BLFS does not fully support encrypted disks,
and because systemd-homed is incompatible with our usage of useradd /
traditional UNIX users and groups, I advise that we take the following
approach to avoid any confusion:
- Leave the added Short Descriptions for homectl and userdbctl
- Add the above command explanations and restore the previous behavior
Should we decide to enable homed by default anytime in the future,
let's move cryptsetup to recommended or required.
I would be open to discussing this after the next systemd version when
systemd-homed has matured a bit more. -renodr -->
</sect2>
<sect2 role="configuration">
<title>Configuring systemd</title>
<para>
The <filename>/etc/pam.d/system-session</filename> file needs to
be modified and a new file needs to be created in order for
<command>systemd-logind</command> to work correctly. Run the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/pam.d/system-session &lt;&lt; "EOF"
<literal># Begin Systemd addition
session required pam_loginuid.so
session optional pam_systemd.so
# End Systemd addition</literal>
EOF
cat &gt; /etc/pam.d/systemd-user &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/systemd-user
account required pam_access.so
account include system-account
session required pam_env.so
session required pam_limits.so
session required pam_unix.so
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session optional pam_systemd.so
auth required pam_deny.so
password required pam_deny.so
# End /etc/pam.d/systemd-user</literal>
EOF</userinput></screen>
<!--
<para>
At this point, you should reload the systemd daemon, and reenter
multi-user mode with the following commands (as the
<systemitem class="username">root</systemitem> user). If a desktop
manager is installed and you wish to reenter the graphical mode,
replace <userinput>multi-user.target</userinput> with
<userinput>graphical.target</userinput>:
</para>
<screen role="root"><userinput>systemctl daemon-reexec
systemctl start multi-user.target</userinput></screen>-->
<warning>
<para>
If upgrading from a previous version of systemd and an
initrd is used for system boot, you should generate a new initrd before
rebooting the system.
</para>
</warning>
</sect2>
<sect2 role="content">
<title>Contents</title>
<para>
A list of the installed files, along with their short
descriptions can be found at
<ulink url="&lfs-root;/chapter08/systemd.html#contents-systemd"/>.
</para>
<para>
Listed below are the newly installed libraries and directories
along with short descriptions.
</para>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
<!-- maybe userdbd/userdbctl can go in LFS, try at next time -->
homectl (if <xref linkend="cryptsetup"/> is installed)
and userdbctl (optionally)
</seg>
<seg>
pam_systemd.so
(in <filename class="directory">/lib/security</filename>)
</seg>
<seg>
None
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="homectl">
<term><command>homectl</command></term>
<listitem>
<para>
is a tool to create, remove, change, or inspect a home directory
managed by <command>systemd-homed</command>; note that it's
useless for the classic UNIX users and home directories which
we are using in LFS/BLFS book
</para>
<indexterm zone="systemd homectl">
<primary sortas="b-homectl">homectl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="userdbctl">
<term><command>userdbctl</command></term>
<listitem>
<para>
inspects users, groups, and group memberships
</para>
<indexterm zone="systemd userdbctl">
<primary sortas="b-userdbctl">userdbctl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pam_systemd">
<term><filename class="libraryfile">pam_systemd.so</filename></term>
<listitem>
<para>
is a PAM module used to register user sessions with the
<application>systemd</application> login manager,
<command>systemd-logind</command>
</para>
<indexterm zone="systemd pam_systemd">
<primary sortas="c-pam_systemd">pam_systemd.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink