Systemd-255
systemd の概要
While systemd was installed when
building LFS, there are many features provided by the package that
were not included in the initial installation because Linux-PAM was not yet installed. The
systemd package needs to be
rebuilt to provide a working systemd-logind service, which
provides many additional features for dependent packages.
![[注記]](../images/note.png)
注記
LFS や依存パッケージが本ブックに示す最新安定バージョンでなかった場合には、BLFS
開発版においては、パッケージのビルドや処理実行が適切に行われないことがあります。
パッケージ情報
systemd の依存パッケージ
推奨
注記
Linux-PAM-1.5.3 is not strictly required to
build systemd, but the main
reason to rebuild systemd in
BLFS (it's already built in LFS anyway) is for the systemd-logind daemon and the
pam_systemd.so PAM module.
Linux-PAM-1.5.3 is required for them. All
packages in BLFS book with a dependency on systemd expects it has been rebuilt with
Linux-PAM-1.5.3.
Linux-PAM-1.5.3, Polkit-123 (実行時)
Optional
btrfs-progs-6.6.1, cURL-8.5.0,
cryptsetup-2.6.1, git-2.43.0, GnuTLS-3.8.2,
iptables-1.8.10, libgcrypt-1.10.3,
libidn2-2.3.4, libpwquality-1.4.5, libseccomp-2.5.5,
libxkbcommon-1.6.0, make-ca-1.13,
p11-kit-0.25.3, pcre2-10.42, qemu-8.2.0,
qrencode-4.1.1, rsync-3.2.7,
sphinx-7.2.6, Valgrind-3.22.0,
zsh-5.9 (for the zsh completions), AppArmor, audit-userspace,
bash-completion,
jekyll, kexec-tools,
libbpf, libdw, libfido2,
libmicrohttpd,
lz4,
pefile, pyelftools,
quota-tools,
rpm, SELinux,
systemtap, tpm2-tss and
Xen
任意 (man ページ再ビルドのため)
docbook-xml-4.5, docbook-xsl-nons-1.79.2, libxslt-1.1.39, lxml-4.9.4 (to
build the index of systemd manual pages)
Editor Notes: https://wiki.linuxfromscratch.org/blfs/wiki/Logind
systemd のインストール
Remove two unneeded groups, render
and sgx, from the default udev
rules:
sed -i -e 's/GROUP="render"/GROUP="video"/' \
-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in
Rebuild systemd by running the
following commands:
mkdir build &&
cd build &&
meson setup .. \
--prefix=/usr \
--buildtype=release \
-Ddefault-dnssec=no \
-Dfirstboot=false \
-Dinstall-tests=false \
-Dldconfig=false \
-Dman=auto \
-Dsysusers=false \
-Drpmmacrosdir=no \
-Dhomed=disabled \
-Duserdb=false \
-Dmode=release \
-Dpam=true \
-Dpamconfdir=/etc/pam.d \
-Ddev-kvm-mode=0660 \
-Dnobody-group=nogroup \
-Dsysupdate=disabled \
-Dukify=disabled \
-Ddocdir=/usr/share/doc/systemd-255 &&
ninja
注記
For the best test results, make sure you run the test suite from
a system that is booted by the same systemd version you are rebuilding.
To test the results, issue: ninja
test. The test named test-stat-util and test-netlink are known to fail if some kernel
features are not enabled. If the test suite is ran as the
root user, some other tests may
fail because they depend on various kernel configuration options.
root ユーザーになって以下を実行します。
ninja install
コマンド説明
--buildtype=release:
本パッケージの安定版リリース向けに適したビルドタイプを指定します。
デフォルトにしていると、最適化されていないバイナリを生成する場合があるためです。
-Dpamconfdir=/etc/pam.d:
Forces the PAM files to be installed in /etc/pam.d rather than
/usr/lib/pam.d.
-Duserdb=false: Removes a
daemon that does not offer any use under a BLFS configuration. If
you wish to enable the userdbd
daemon, replace "false" with "true" in the above meson command.
-Dhomed=disabled: Removes a
daemon that does not offer any use under a traditional BLFS
configuration, especially using accounts created with useradd. To
enable systemd-homed, first ensure that you have cryptsetup-2.6.1 and libpwquality-1.4.5 installed, and then
change 「disabled」 to 「enabled」 in the above
meson setup command.
-Dukify=disabled: Removes a
script for combining a kernel, an initramfs, and a kernel command
line etc. into an UEFI application which can be loaded by the UEFI
firmware to start the embedded Linux kernel. It's not needed for
booting a BLFS system with UEFI if following Using GRUB to Set
Up the Boot Process with UEFI. And, it requires the
pefile Python module at runtime,
so if it's enabled but pefile is
not installed, in the test suite one test for it will fail. To
enable systemd-ukify,
install the pefile module and then
change 「disabled」 to 「enabled」 in the above
meson setup command.
systemd の設定
The /etc/pam.d/system-session file
needs to be modified and a new file needs to be created in order
for systemd-logind to
work correctly. Run the following commands as the root user:
grep 'pam_systemd' /etc/pam.d/system-session ||
cat >> /etc/pam.d/system-session << "EOF"
# Begin Systemd addition
session required pam_loginuid.so
session optional pam_systemd.so
# End Systemd addition
EOF
cat > /etc/pam.d/systemd-user << "EOF"
# Begin /etc/pam.d/systemd-user
account required pam_access.so
account include system-account
session required pam_env.so
session required pam_limits.so
session required pam_unix.so
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session optional pam_systemd.so
auth required pam_deny.so
password required pam_deny.so
# End /etc/pam.d/systemd-user
EOF
![[警告]](../images/warning.png)
警告
If upgrading from a previous version of systemd and an initrd is
used for system boot, you should generate a new initrd before
rebooting the system.
パッケージ構成
A list of the installed files, along with their short descriptions
can be found at
../../../../lfs/view/systemd/chapter08/systemd.html#contents-systemd.
Listed below are the newly installed programs along with short
descriptions.
インストールプログラム: homectl (optional), systemd-cryptenroll (if cryptsetup-2.6.1 is installed), and
userdbctl (optional)
概略説明
|
homectl
|
is a tool to create, remove, change, or inspect a home
directory managed by systemd-homed; note
that it's useless for the classic UNIX users and home
directories which we are using in LFS/BLFS book
|
|
systemd-cryptenroll
|
Is used to enroll or remove a system from full disk
encryption, as well as set and query private keys and
recovery keys
|
|
userdbctl
|
inspects users, groups, and group memberships
|
|
pam_systemd.so
|
is a PAM module used to register user sessions with the
systemd login manager,
systemd-logind
|