X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=README;h=558b8d9195dbac1ca64f75ef7e0be99b4b12cbc3;hb=a6991726f80c299ac7275f4570e310e1dd5bce96;hp=e54c5d6efb8e785572e5b28faafd7d3272d1b769;hpb=0ceced3d9a8150042d8e69a4fa8db4fb63ef175e;p=thirdparty%2Fsystemd.git diff --git a/README b/README index e54c5d6efb8..558b8d9195d 100644 --- a/README +++ b/README @@ -30,10 +30,12 @@ LICENSE: - except src/basic/siphash24.c which is CC0 Public Domain - except src/journal/lookup3.c which is Public Domain - except src/udev/* which is (currently still) GPLv2, GPLv2+ + - except tools/chromiumos/* which is BSD-style REQUIREMENTS: Linux kernel >= 3.13 Linux kernel >= 4.2 for unified cgroup hierarchy support + Linux kernel >= 5.4 for signed Verity images support Kernel Config Options: CONFIG_DEVTMPFS @@ -69,11 +71,10 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG - Required for PrivateNetwork= and PrivateDevices= in service units: + Required for PrivateNetwork= in service units: CONFIG_NET_NS - CONFIG_DEVPTS_MULTIPLE_INSTANCES Note that systemd-localed.service and other systemd units use - PrivateNetwork and PrivateDevices so this is effectively required. + PrivateNetwork so this is effectively required. Required for PrivateUsers= in service units: CONFIG_USER_NS @@ -102,6 +103,9 @@ REQUIREMENTS: CONFIG_EFIVAR_FS CONFIG_EFI_PARTITION + Required for signed Verity images support: + CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG + We recommend to turn off Real-Time group scheduling in the kernel when using systemd. RT group scheduling effectively makes RT scheduling unavailable for most userspace, since it @@ -119,6 +123,9 @@ REQUIREMENTS: isn't. The next best thing is to make this change through a modprobe.d drop-in. This is shipped by default, see modprobe.d/systemd.conf. + Required for systemd-nspawn: + CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7 + Note that kernel auditing is broken when used with systemd's container code. When using systemd in conjunction with containers, please make sure to either turn off auditing at @@ -141,25 +148,31 @@ REQUIREMENTS: libblkid >= 2.24 (from util-linux) (optional) libkmod >= 15 (optional) PAM >= 1.1.2 (optional) - libcryptsetup (optional) + libcryptsetup (optional), >= 2.3.0 required for signed Verity images support libaudit (optional) libacl (optional) libselinux (optional) liblzma (optional) - liblz4 >= 119 (optional) + liblz4 >= 1.3.0 / 130 (optional) + libzstd >= 1.4.0 (optional) libgcrypt (optional) libqrencode (optional) libmicrohttpd (optional) libpython (optional) libidn2 or libidn (optional) + gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls) + openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl) elfutils >= 158 (optional) polkit (optional) + tzdata >= 2014f (optional) pkg-config gperf docbook-xsl (optional, required for documentation) xsltproc (optional, required for documentation) python-lxml (optional, required to build the indices) - python, meson, ninja + python >= 3.5 + meson >= 0.46 (>= 0.49 is required to build position-independent executables) + ninja gcc, awk, sed, grep, m4, and similar tools During runtime, you need the following additional @@ -170,12 +183,12 @@ REQUIREMENTS: NOTE: If using dbus < 1.9.18, you should override the default policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). dracut (optional) - PolicyKit (optional) + polkit (optional) To build in directory build/: meson build/ && ninja -C build - Any configuration options can be specfied as -Darg=value... arguments + Any configuration options can be specified as -Darg=value... arguments to meson. After the build directory is initially configured, meson will refuse to run again, and options must be changed with: mesonconf -Darg=value... @@ -202,10 +215,12 @@ REQUIREMENTS: make use of DynamicUser= now, hence enabling nss-systemd is not optional. - Note that the build prefix for systemd must be /usr. -Dsplit-usr=false - (which is the default and does not need to be specified) is the - recommended setting, and -Dsplit-usr=true should be used on systems - which have /usr on a separate partition. + Note that the build prefix for systemd must be /usr. (Moreover, + packages systemd relies on — such as D-Bus — really should use the same + prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the + default and does not need to be specified) is the recommended setting, + and -Dsplit-usr=true should be used on systems which have /usr on a + separate partition. Additional packages are necessary to run some tests: - busybox (used by test/TEST-13-NSPAWN-SMOKE) @@ -230,14 +245,11 @@ USERS AND GROUPS: groups "wheel" and "adm" will be given read-only access to journal files using systemd-tmpfiles.service. - The journal gateway daemon requires the - "systemd-journal-gateway" system user and group to + The journal remote daemon requires the + "systemd-journal-remote" system user and group to exist. During execution this network facing service will drop privileges and assume this uid/gid for security reasons. - Similarly, the NTP daemon requires the "systemd-timesync" system - user and group to exist. - Similarly, the network management daemon requires the "systemd-network" system user and group to exist. @@ -250,19 +262,19 @@ USERS AND GROUPS: NSS: systemd ships with four glibc NSS modules: - nss-myhostname resolves the local hostname to locally - configured IP addresses, as well as "localhost" to - 127.0.0.1/::1. + nss-myhostname resolves the local hostname to locally configured IP + addresses, as well as "localhost" to 127.0.0.1/::1. - nss-resolve enables DNS resolution via the systemd-resolved - DNS/LLMNR caching stub resolver "systemd-resolved". + nss-resolve enables DNS resolution via the systemd-resolved DNS/LLMNR + caching stub resolver "systemd-resolved". nss-mymachines enables resolution of all local containers registered - with machined to their respective IP addresses. It also maps UID/GIDs - ranges used by containers to useful names. + with machined to their respective IP addresses. - nss-systemd enables resolution of all dynamically allocated service - users. (See the DynamicUser= setting in unit files.) + nss-systemd enables resolution of users/group registered via the + User/Group Record Lookup API (https://systemd.io/USER_GROUP_API/), + including all dynamically allocated service users. (See the + DynamicUser= setting in unit files.) To make use of these NSS modules, please add them to the "hosts:", "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve" @@ -271,9 +283,9 @@ NSS: The four modules should be used in the following order: - passwd: compat mymachines systemd - group: compat mymachines systemd - hosts: files mymachines resolve myhostname + passwd: compat systemd + group: compat systemd + hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname SYSV INIT.D SCRIPTS: When calling "systemctl enable/disable/is-enabled" on a unit which is a @@ -304,13 +316,22 @@ WARNINGS: For more information on this issue consult https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken - To run systemd under valgrind, compile with VALGRIND defined - (e.g. CPPFLAGS='... -DVALGRIND=1' meson ) and have valgrind - development headers installed (i.e. valgrind-devel or - equivalent). Otherwise, false positives will be triggered by code which - violates some rules but is actually safe. Note that valgrind generates - nice output only on exit(), hence on shutdown we don't execve() - systemd-shutdown. + To run systemd under valgrind, compile with meson option + -Dvalgrind=true and have valgrind development headers installed + (i.e. valgrind-devel or equivalent). Otherwise, false positives will be + triggered by code which violates some rules but is actually safe. Note + that valgrind generates nice output only on exit(), hence on shutdown + we don't execve() systemd-shutdown. + +STABLE BRANCHES AND BACKPORTS: + Stable branches with backported patches are available in the + systemd-stable repo at https://github.com/systemd/systemd-stable. + + Stable branches are started for certain releases of systemd and named + after them, e.g. v238-stable. Stable branches are managed by + distribution maintainers on an as needed basis. See + https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some + more information and examples. ENGINEERING AND CONSULTING SERVICES: Kinvolk (https://kinvolk.io) offers professional engineering