http://0pointer.de/blog/projects/systemd.html
WEB SITE:
- http://www.freedesktop.org/wiki/Software/systemd
+ https://www.freedesktop.org/wiki/Software/systemd
GIT:
git@github.com:systemd/systemd.git
- https://github.com/systemd/systemd.git
-
-GITWEB:
https://github.com/systemd/systemd
MAILING LIST:
- http://lists.freedesktop.org/mailman/listinfo/systemd-devel
+ https://lists.freedesktop.org/mailman/listinfo/systemd-devel
IRC:
#systemd on irc.freenode.org
- except src/udev/* which is (currently still) GPLv2, GPLv2+
REQUIREMENTS:
- Linux kernel >= 3.12
+ Linux kernel >= 3.13
Linux kernel >= 4.2 for unified cgroup hierarchy support
Kernel Config Options:
CONFIG_PROC_FS
CONFIG_FHANDLE (libudev, mount and bind mount handling)
+ Kernel crypto/hash API
+ CONFIG_CRYPTO_USER_API_HASH
+ CONFIG_CRYPTO_HMAC
+ CONFIG_CRYPTO_SHA256
+
udev will fail to work with the legacy sysfs layout:
CONFIG_SYSFS_DEPRECATED=n
create additional symlinks in /dev/disk/ and /dev/tape:
CONFIG_BLK_DEV_BSG
- Required for PrivateNetwork and PrivateDevices in service units:
+ Required for PrivateNetwork= and PrivateDevices= in service units:
CONFIG_NET_NS
CONFIG_DEVPTS_MULTIPLE_INSTANCES
Note that systemd-localed.service and other systemd units use
PrivateNetwork and PrivateDevices so this is effectively required.
+ Required for PrivateUsers= in service units:
+ CONFIG_USER_NS
+
Optional but strongly recommended:
CONFIG_IPV6
CONFIG_AUTOFS4_FS
CONFIG_TMPFS_XATTR
CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL
CONFIG_SECCOMP
+ CONFIG_SECCOMP_FILTER (required for seccomp support)
CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall)
Required for CPUShares= in resource control unit settings
fixed, and it's best to disable group scheduling hence.
CONFIG_RT_GROUP_SCHED=n
+ It's a good idea to disable the implicit creation of networking bonding
+ devices by the kernel networking bonding module, so that the
+ automatically created "bond0" interface doesn't conflict with any such
+ device created by systemd-networkd (or other tools). Ideally there
+ would be a kernel compile-time option for this, but there currently
+ isn't. The next best thing is to make this change through a modprobe.d
+ drop-in. This is shipped by default, see modprobe.d/systemd.conf.
+
Note that kernel auditing is broken when used with systemd's
container code. When using systemd in conjunction with
containers, please make sure to either turn off auditing at
glibc >= 2.16
libcap
- libmount >= 2.27.1 (from util-linux)
- libseccomp >= 1.0.0 (optional)
+ libmount >= 2.30 (from util-linux)
+ (util-linux *must* be built without --enable-libmount-support-mtab)
+ libseccomp >= 2.3.1 (optional)
libblkid >= 2.24 (from util-linux) (optional)
libkmod >= 15 (optional)
PAM >= 1.1.2 (optional)
libqrencode (optional)
libmicrohttpd (optional)
libpython (optional)
- libidn (optional)
+ libidn2 or libidn (optional)
elfutils >= 158 (optional)
- make, gcc, and similar tools
+ pkg-config
+ gperf
+ docbook-xsl (optional, required for documentation)
+ xsltproc (optional, required for documentation)
+ python-lxml (optional, required to build the indices)
+ python, meson, ninja
+ gcc, awk, sed, grep, m4, and similar tools
During runtime, you need the following additional
dependencies:
util-linux >= v2.27.1 required
dbus >= 1.4.0 (strictly speaking optional, but recommended)
+ NOTE: If using dbus < 1.9.18, you should override the default
+ policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
dracut (optional)
PolicyKit (optional)
- When building from git, the following tools are needed:
+ To build in directory build/:
+ meson build/ && ninja -C build
- pkg-config
- docbook-xsl
- xsltproc
- automake
- autoconf
- libtool
- intltool
- gperf
- python (optional)
- python-lxml (optional, but required to build the indices)
+ Any configuration options can be specfied as -Darg=value... arguments
+ to meson. After the build directory is initially configured, meson will
+ refuse to run again, and options must be changed with:
+ mesonconf -Darg=value...
+ mesonconf without any arguments will print out available options and
+ their current values.
+
+ Useful commands:
+ ninja -v some/target
+ ninja test
+ sudo ninja install
+ DESTDIR=... ninja install
- The build system is initialized with ./autogen.sh. A tar ball
- can be created with:
+ A tarball can be created with:
git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz
When systemd-hostnamed is used, it is strongly recommended to
under all circumstances. In fact, systemd-hostnamed will warn
if nss-myhostname is not installed.
+ Additional packages are necessary to run some tests:
+ - busybox (used by test/TEST-13-NSPAWN-SMOKE)
+ - nc (used by test/TEST-12-ISSUE-3171)
+ - python3-pyparsing
+ - python3-evdev (used by hwdb parsing tests)
+ - strace (used by test/test-functions)
+ - capsh (optional, used by test-execute)
+
USERS AND GROUPS:
Default udev rules use the following standard system group
names, which need to be resolvable by getgrnam() at any time,
"systemd-coredump" system user and group to exist.
NSS:
- systemd ships with three NSS modules:
+ systemd ships with four glibc NSS modules:
nss-myhostname resolves the local hostname to locally
configured IP addresses, as well as "localhost" to
nss-resolve enables DNS resolution via the systemd-resolved
DNS/LLMNR caching stub resolver "systemd-resolved".
- nss-mymachines enables resolution of all local containers
- registered with machined to their respective IP addresses.
+ nss-mymachines enables resolution of all local containers registered
+ with machined to their respective IP addresses. It also maps UID/GIDs
+ ranges used by containers to useful names.
+
+ nss-systemd enables resolution of all dynamically allocated service
+ users. (See the DynamicUser= setting in unit files.)
- To make use of these NSS modules, please add them to the
- "hosts: " line in /etc/nsswitch.conf. The "resolve" module
- should replace the glibc "dns" module in this file.
+ To make use of these NSS modules, please add them to the "hosts:",
+ "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
+ module should replace the glibc "dns" module in this file (and don't
+ worry, it chain-loads the "dns" module if it can't talk to resolved).
- The three modules should be used in the following order:
+ The four modules should be used in the following order:
+ passwd: compat mymachines systemd
+ group: compat mymachines systemd
hosts: files mymachines resolve myhostname
SYSV INIT.D SCRIPTS:
requires that /var/run is a symlink to /run.
For more information on this issue consult
- http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
+ https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
To run systemd under valgrind, compile with VALGRIND defined
- (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise,
- false positives will be triggered by code which violates
- some rules but is actually safe.
-
- Currently, systemd-timesyncd defaults to use the Google NTP
- servers if not specified otherwise at configure time. You
- really should not ship an OS or device with this default
- setting. See DISTRO_PORTING for details.
+ (e.g. CPPFLAGS='... -DVALGRIND=1' meson <options>) and have valgrind
+ development headers installed (i.e. valgrind-devel or
+ equivalent). Otherwise, false positives will be triggered by code which
+ violates some rules but is actually safe. Note that valgrind generates
+ nice output only on exit(), hence on shutdown we don't execve()
+ systemd-shutdown.
ENGINEERING AND CONSULTING SERVICES:
Kinvolk (https://kinvolk.io) offers professional engineering