]>
Commit | Line | Data |
---|---|---|
c3e270f4 FB |
1 | --- |
2 | title: Porting systemd To New Distributions | |
4cdca0af | 3 | category: Concepts |
c3e270f4 FB |
4 | --- |
5 | ||
1d1cb168 FB |
6 | # Porting systemd To New Distributions |
7 | ||
8 | ## HOWTO | |
9 | ||
10 | You need to make the follow changes to adapt systemd to your | |
11 | distribution: | |
12 | ||
13 | 1. Find the right configure parameters for: | |
14 | ||
15 | * `-Drootprefix=` | |
16 | * `-Dsysvinit-path=` | |
17 | * `-Dsysvrcnd-path=` | |
18 | * `-Drc-local=` | |
1d1cb168 FB |
19 | * `-Dloadkeys-path=` |
20 | * `-Dsetfont-path=` | |
21 | * `-Dtty-gid=` | |
22 | * `-Dntp-servers=` | |
23 | * `-Ddns-servers=` | |
24 | * `-Dsupport-url=` | |
25 | ||
26 | 2. Try it out. | |
27 | ||
28 | Play around (as an ordinary user) with | |
29 | `/usr/lib/systemd/systemd --test --system` for a test run | |
30 | of systemd without booting. This will read the unit files and | |
31 | print the initial transaction it would execute during boot-up. | |
32 | This will also inform you about ordering loops and suchlike. | |
33 | ||
57903f93 ZJS |
34 | ## Compilation options |
35 | ||
36 | The default configuration does not enable any optimization or hardening | |
37 | options. This is suitable for development and testing, but not for end-user | |
38 | installations. | |
39 | ||
40 | For deployment, optimization (`-O2` or `-O3` compiler options), link time | |
41 | optimization (`-Db_lto=true` meson option), and hardening (e.g. | |
42 | `-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`, | |
43 | `-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`, | |
44 | `--as-needed` linker options) are recommended. The most appropriate set of | |
45 | options depends on the architecture and distribution specifics so no default is | |
46 | provided. | |
47 | ||
1d1cb168 FB |
48 | ## NTP Pool |
49 | ||
50 | By default, systemd-timesyncd uses the Google Public NTP servers | |
51 | `time[1-4].google.com`, if no other NTP configuration is available. | |
52 | They serve time that uses a | |
53 | [leap second smear](https://developers.google.com/time/smear) | |
54 | and can be up to .5s off from servers that use stepped leap seconds. | |
55 | ||
56 | If you prefer to use leap second steps, please register your own | |
57 | vendor pool at ntp.org and make it the built-in default by | |
58 | passing `-Dntp-servers=` to meson. Registering vendor | |
59 | pools is [free](http://www.pool.ntp.org/en/vendors.html). | |
60 | ||
61 | Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback | |
62 | NTP servers. | |
63 | ||
64 | ## DNS Servers | |
65 | ||
def3c7c7 IK |
66 | By default, systemd-resolved uses Cloudflare and Google Public DNS servers |
67 | `1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844` | |
1d1cb168 FB |
68 | as fallback, if no other DNS configuration is available. |
69 | ||
70 | Use `-Ddns-servers=` to direct systemd-resolved to different fallback | |
71 | DNS servers. | |
72 | ||
73 | ## PAM | |
74 | ||
75 | The default PAM config shipped by systemd is really bare bones. | |
76 | It does not include many modules your distro might want to enable | |
77 | to provide a more seamless experience. For example, limits set in | |
78 | `/etc/security/limits.conf` will not be read unless you load `pam_limits`. | |
79 | Make sure you add modules your distro expects from user services. | |
80 | ||
81 | Pass `-Dpamconfdir=no` to meson to avoid installing this file and | |
82 | instead install your own. | |
83 | ||
84 | ## Contributing Upstream | |
85 | ||
86 | We generally do no longer accept distribution-specific patches to | |
87 | systemd upstream. If you have to make changes to systemd's source code | |
88 | to make it work on your distribution, unless your code is generic | |
89 | enough to be generally useful, we are unlikely to merge it. Please | |
90 | always consider adopting the upstream defaults. If that is not | |
91 | possible, please maintain the relevant patches downstream. | |
92 | ||
93 | Thank you for understanding. |