Systemd-250

Introduction to systemd

While systemd was installed when building LFS, there are many features provided by the package that were not included in the initial installation because Linux-PAM was not yet installed. The systemd package needs to be rebuilt to provide a working systemd-logind service, which provides many additional features for dependent packages.

This package is known to build and work properly using an LFS-11.1 platform.

Package Information

Additional Downloads

systemd Dependencies

Required

Jinja2-3.0.3 and Linux-PAM-1.5.2

Recommended Runtime Dependencies

Optional

btrfs-progs-5.16.2, cURL-7.81.0, cryptsetup-2.4.3, git-2.35.1, GnuTLS-3.7.3, iptables-1.8.7, libgcrypt-1.10.0, libidn2-2.3.2, libpwquality-1.4.4, libseccomp-2.5.3, libxkbcommon-1.4.0, make-ca-1.10, p11-kit-0.24.1, pcre2-10.39, qemu-6.2.0, qrencode-4.1.1, rsync-3.2.3, Valgrind-3.18.1, zsh-5.8.1 (for the zsh completions), gnu-efi, kexec-tools, libbpf, libdw, libfido2, libmicrohttpd, lz4, quota-tools, Sphinx, and tpm2-tss

Optional (to rebuild the manual pages)

docbook-xml-4.5, docbook-xsl-1.79.2, libxslt-1.1.35, and lxml-4.7.1 (to build the index of systemd manual pages)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/systemd

Installation of systemd

Apply a patch to fix a security vulnerability and fix issues with the default hostname on some systems:

patch -Np1 -i ../systemd-250-upstream_fixes-1.patch

Remove two unneeded groups, render and sgx, from the default udev rules:

sed -i -e 's/GROUP="render"/GROUP="video"/' \
       -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in

Rebuild systemd by running the following commands:

mkdir build &&
cd    build &&

meson --prefix=/usr                 \
      --buildtype=release           \
      -Dblkid=true                  \
      -Ddefault-dnssec=no           \
      -Dfirstboot=false             \
      -Dinstall-tests=false         \
      -Dldconfig=false              \
      -Dman=auto                    \
      -Dsysusers=false              \
      -Drpmmacrosdir=no             \
      -Db_lto=false                 \
      -Dhomed=false                 \
      -Duserdb=false                \
      -Dmode=release                \
      -Dpamconfdir=/etc/pam.d       \
      -Ddocdir=/usr/share/doc/systemd-250 \
      ..                            &&

ninja
[Note]

Note

For the best test results, make sure you run the testsuite from a system that is booted by the same systemd version you are rebuilding.

To test the results, issue: PATH+=:/usr/sbin ninja test.

Now, as the root user:

ninja install

Command Explanations

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-Dpamconfdir=/etc/pam.d: Forces the PAM files to be installed in /etc/pam.d rather than /usr/lib/pam.d.

-Duserdb=false: Removes a daemon that does not offer any use under a BLFS configuration. If you wish to enable the userdbd daemon, replace "false" with "true" in the above meson command.

-Dhomed=false: Removes a daemon that does not offer any use under a traditional BLFS configuration, especially using accounts created with useradd. To enable systemd-homed, first ensure that you have cryptsetup-2.4.3 and libpwquality-1.4.4 installed, and then change "false" to "true" in the above meson command.

Configuring systemd

The /etc/pam.d/system-session file needs to be modified and a new file needs to be created in order for systemd-logind to work correctly. Run the following commands as the root user:

grep 'pam_systemd' /etc/pam.d/system-session ||
cat >> /etc/pam.d/system-session << "EOF"
# Begin Systemd addition

session  required    pam_loginuid.so
session  optional    pam_systemd.so

# End Systemd addition
EOF

cat > /etc/pam.d/systemd-user << "EOF"
# Begin /etc/pam.d/systemd-user

account  required    pam_access.so
account  include     system-account

session  required    pam_env.so
session  required    pam_limits.so
session  required    pam_unix.so
session  required    pam_loginuid.so
session  optional    pam_keyinit.so force revoke
session  optional    pam_systemd.so

auth     required    pam_deny.so
password required    pam_deny.so

# End /etc/pam.d/systemd-user
EOF
[Warning]

Warning

If upgrading from a previous version of systemd and an initrd is used for system boot, you should generate a new initrd before rebooting the system.

Contents

A list of the installed files, along with their short descriptions can be found at ../../../../lfs/view/11.1-systemd/chapter08/systemd.html#contents-systemd.

Listed below are the newly installed programs along with short descriptions.

Installed Programs: homectl (if cryptsetup-2.4.3 is installed), systemd-cryptenroll (if cryptsetup-2.4.3 is installed), and userdbctl (optionally)

Short Descriptions

homectl

is a tool to create, remove, change, or inspect a home directory managed by systemd-homed; note that it's useless for the classic UNIX users and home directories which we are using in LFS/BLFS book

systemd-cryptenroll

Is used to enroll or remove a system from full disk encryption, as well as set and query private keys and recovery keys

userdbctl

inspects users, groups, and group memberships

pam_systemd.so

is a PAM module used to register user sessions with the systemd login manager, systemd-logind

Last updated on