Systemd-256.4

Introduction to systemd

While systemd was installed when building LFS, there are many features provided by the package that were not included in the initial installation because Linux-PAM was not yet installed. The systemd package needs to be rebuilt to provide a working systemd-logind service, which provides many additional features for dependent packages.

This package is known to build and work properly using an LFS 12.2 platform.

Package Information

systemd Dependencies

Recommended

[Note]

Note

Linux-PAM-1.6.1 is not strictly required to build systemd, but the main reason to rebuild systemd in BLFS (it's already built in LFS anyway) is for the systemd-logind daemon and the pam_systemd.so PAM module. Linux-PAM-1.6.1 is required for them. All packages in BLFS book with a dependency on systemd expects it has been rebuilt with Linux-PAM-1.6.1.

Optional

btrfs-progs-6.10.1, cURL-8.9.1, cryptsetup-2.7.4, git-2.46.0, GnuTLS-3.8.7.1, iptables-1.8.10, libgcrypt-1.11.0, libidn2-2.3.7, libpwquality-1.4.5, libseccomp-2.5.5, libxkbcommon-1.7.0, make-ca-1.14, p11-kit-0.25.5, pcre2-10.44, qemu-9.0.2, qrencode-4.1.1, rsync-3.3.0, sphinx-8.0.2, Valgrind-3.23.0, zsh-5.9 (for the zsh completions), AppArmor, audit-userspace, bash-completion, jekyll, kexec-tools, libbpf, libdw, libfido2, libmicrohttpd, pefile, pyelftools, quota-tools, rpm, SELinux, systemtap, tpm2-tss and Xen

Optional (to rebuild the manual pages)

docbook-xml-4.5, docbook-xsl-nons-1.79.2, libxslt-1.1.42, and lxml-5.3.0 (to build the index of systemd manual pages)

Editor Notes: https://wiki.linuxfromscratch.org/blfs/wiki/Logind

Installation of systemd

Remove two unneeded groups, render and sgx, from the default udev rules:

sed -i -e 's/GROUP="render"/GROUP="video"/' \
       -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in

Rebuild systemd by running the following commands:

mkdir build &&
cd    build &&

meson setup ..                 \
      --prefix=/usr            \
      --buildtype=release      \
      -D default-dnssec=no     \
      -D firstboot=false       \
      -D install-tests=false   \
      -D ldconfig=false        \
      -D man=auto              \
      -D sysusers=false        \
      -D rpmmacrosdir=no       \
      -D homed=disabled        \
      -D userdb=false          \
      -D mode=release          \
      -D pam=enabled           \
      -D pamconfdir=/etc/pam.d \
      -D dev-kvm-mode=0660     \
      -D nobody-group=nogroup  \
      -D sysupdate=disabled    \
      -D ukify=disabled        \
      -D docdir=/usr/share/doc/systemd-256.4 &&

ninja
[Note]

Note

For the best test results, make sure you run the test suite from a system that is booted by the same systemd version you are rebuilding.

To test the results, issue: ninja test. The test named test-stat-util is known to fail if some kernel features are not enabled. If the test suite is run as the root user, some other tests may fail because they depend on various kernel configuration options.

Now, as the root user:

ninja install

Command Explanations

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-D pamconfdir=/etc/pam.d: Forces the PAM files to be installed in /etc/pam.d rather than /usr/lib/pam.d.

-D userdb=false: Removes a daemon that does not offer any use under a BLFS configuration. If you wish to enable the userdbd daemon, replace "false" with "true" in the above meson command.

-D homed=disabled: Removes a daemon that does not offer any use under a traditional BLFS configuration, especially using accounts created with useradd. To enable systemd-homed, first ensure that you have cryptsetup-2.7.4 and libpwquality-1.4.5 installed, and then change disabled to enabled in the above meson setup command.

-D ukify=disabled: Removes a script for combining a kernel, an initramfs, and a kernel command line etc. into an UEFI application which can be loaded by the UEFI firmware to start the embedded Linux kernel. It's not needed for booting a BLFS system with UEFI if following Using GRUB to Set Up the Boot Process with UEFI. And, it requires the pefile Python module at runtime, so if it's enabled but pefile is not installed, in the test suite one test for it will fail. To enable systemd-ukify, install the pefile module and then change disabled to enabled in the above meson setup command.

Configuring systemd

The /etc/pam.d/system-session file needs to be modified and a new file needs to be created in order for systemd-logind to work correctly. Run the following commands as the root user:

grep 'pam_systemd' /etc/pam.d/system-session ||
cat >> /etc/pam.d/system-session << "EOF"
# Begin Systemd addition

session  required    pam_loginuid.so
session  optional    pam_systemd.so

# End Systemd addition
EOF

cat > /etc/pam.d/systemd-user << "EOF"
# Begin /etc/pam.d/systemd-user

account  required    pam_access.so
account  include     system-account

session  required    pam_env.so
session  required    pam_limits.so
session  required    pam_loginuid.so
session  optional    pam_keyinit.so force revoke
session  optional    pam_systemd.so

auth     required    pam_deny.so
password required    pam_deny.so

# End /etc/pam.d/systemd-user
EOF

As the root user, replace the running systemd manager (the init process) with the systemd executable newly built and installed:

systemctl daemon-reexec
[Important]

Important

Now ensure Shadow-4.16.0 has been already rebuilt with Linux-PAM-1.6.1 support first, then logout, and login again. This ensures the running login session registered with systemd-logind and a per-user systemd instance running for each user owning a login session. Many BLFS packages listing Systemd as a dependency needs the systemd-logind integration and/or a running per-user systemd instance.

[Warning]

Warning

If upgrading from a previous version of systemd and an initrd is used for system boot, you should generate a new initrd before rebooting the system.

Contents

A list of the installed files, along with their short descriptions can be found at ../../../../lfs/view/12.2-systemd/chapter08/systemd.html#contents-systemd.

Listed below are the newly installed programs along with short descriptions.

Installed Programs: homectl (optional), systemd-cryptenroll (if cryptsetup-2.7.4 is installed), and userdbctl (optional)

Short Descriptions

homectl

is a tool to create, remove, change, or inspect a home directory managed by systemd-homed; note that it's useless for the classic UNIX users and home directories which we are using in LFS/BLFS book

systemd-cryptenroll

Is used to enroll or remove a system from full disk encryption, as well as set and query private keys and recovery keys

userdbctl

inspects users, groups, and group memberships

pam_systemd.so

is a PAM module used to register user sessions with the systemd login manager, systemd-logind