X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=README;h=b735214e2e319c115c008742ecc48c0373313c18;hb=63554ed9073fd7e2cb95204c39e14ff7d9141d9b;hp=d3838e0cc5f5c795e30d433e3da9e44d39df6c87;hpb=e94681ad15d5f0038aad844d6735582638fc2b88;p=thirdparty%2Fsystemd.git diff --git a/README b/README index d3838e0cc5f..b735214e2e3 100644 --- a/README +++ b/README @@ -4,17 +4,14 @@ DETAILS: http://0pointer.de/blog/projects/systemd.html WEB SITE: - http://www.freedesktop.org/wiki/Software/systemd + https://www.freedesktop.org/wiki/Software/systemd GIT: git@github.com:systemd/systemd.git - https://github.com/systemd/systemd.git - -GITWEB: https://github.com/systemd/systemd MAILING LIST: - http://lists.freedesktop.org/mailman/listinfo/systemd-devel + https://lists.freedesktop.org/mailman/listinfo/systemd-devel IRC: #systemd on irc.freenode.org @@ -35,7 +32,7 @@ LICENSE: - except src/udev/* which is (currently still) GPLv2, GPLv2+ REQUIREMENTS: - Linux kernel >= 3.12 + Linux kernel >= 3.13 Linux kernel >= 4.2 for unified cgroup hierarchy support Kernel Config Options: @@ -50,6 +47,11 @@ REQUIREMENTS: CONFIG_PROC_FS CONFIG_FHANDLE (libudev, mount and bind mount handling) + Kernel crypto/hash API + CONFIG_CRYPTO_USER_API_HASH + CONFIG_CRYPTO_HMAC + CONFIG_CRYPTO_SHA256 + udev will fail to work with the legacy sysfs layout: CONFIG_SYSFS_DEPRECATED=n @@ -67,11 +69,10 @@ REQUIREMENTS: create additional symlinks in /dev/disk/ and /dev/tape: CONFIG_BLK_DEV_BSG - Required for PrivateNetwork= and PrivateDevices= in service units: + Required for PrivateNetwork= in service units: CONFIG_NET_NS - CONFIG_DEVPTS_MULTIPLE_INSTANCES Note that systemd-localed.service and other systemd units use - PrivateNetwork and PrivateDevices so this is effectively required. + PrivateNetwork so this is effectively required. Required for PrivateUsers= in service units: CONFIG_USER_NS @@ -80,7 +81,7 @@ REQUIREMENTS: CONFIG_IPV6 CONFIG_AUTOFS4_FS CONFIG_TMPFS_XATTR - CONFIG_{TMPFS,EXT4,XFS,BTRFS_FS,...}_POSIX_ACL + CONFIG_{TMPFS,EXT4_FS,XFS,BTRFS_FS,...}_POSIX_ACL CONFIG_SECCOMP CONFIG_SECCOMP_FILTER (required for seccomp support) CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall) @@ -92,6 +93,10 @@ REQUIREMENTS: Required for CPUQuota= in resource control unit settings CONFIG_CFS_BANDWIDTH + Required for IPAddressDeny= and IPAddressAllow= in resource control + unit settings + CONFIG_CGROUP_BPF + For UEFI systems: CONFIG_EFIVAR_FS CONFIG_EFI_PARTITION @@ -105,6 +110,17 @@ REQUIREMENTS: fixed, and it's best to disable group scheduling hence. CONFIG_RT_GROUP_SCHED=n + It's a good idea to disable the implicit creation of networking bonding + devices by the kernel networking bonding module, so that the + automatically created "bond0" interface doesn't conflict with any such + device created by systemd-networkd (or other tools). Ideally there + would be a kernel compile-time option for this, but there currently + isn't. The next best thing is to make this change through a modprobe.d + drop-in. This is shipped by default, see modprobe.d/systemd.conf. + + Required for systemd-nspawn: + CONFIG_DEVPTS_MULTIPLE_INSTANCES or Linux kernel >= 4.7 + Note that kernel auditing is broken when used with systemd's container code. When using systemd in conjunction with containers, please make sure to either turn off auditing at @@ -121,8 +137,8 @@ REQUIREMENTS: glibc >= 2.16 libcap - libmount >= 2.27.1 (from util-linux) - (util-linux *must* be built with --enable-libmount-force-mountinfo) + libmount >= 2.30 (from util-linux) + (util-linux *must* be built without --enable-libmount-support-mtab) libseccomp >= 2.3.1 (optional) libblkid >= 2.24 (from util-linux) (optional) libkmod >= 15 (optional) @@ -137,9 +153,16 @@ REQUIREMENTS: libqrencode (optional) libmicrohttpd (optional) libpython (optional) - libidn (optional) + libidn2 or libidn (optional) elfutils >= 158 (optional) - make, gcc, and similar tools + polkit (optional) + pkg-config + gperf + docbook-xsl (optional, required for documentation) + xsltproc (optional, required for documentation) + python-lxml (optional, required to build the indices) + python, meson, ninja + gcc, awk, sed, grep, m4, and similar tools During runtime, you need the following additional dependencies: @@ -151,21 +174,23 @@ REQUIREMENTS: dracut (optional) PolicyKit (optional) - When building from git, the following tools are needed: + To build in directory build/: + meson build/ && ninja -C build - pkg-config - docbook-xsl - xsltproc - automake - autoconf - libtool - intltool - gperf - python (optional) - python-lxml (optional, but required to build the indices) + Any configuration options can be specfied as -Darg=value... arguments + to meson. After the build directory is initially configured, meson will + refuse to run again, and options must be changed with: + mesonconf -Darg=value... + mesonconf without any arguments will print out available options and + their current values. - The build system is initialized with ./autogen.sh. A tar ball - can be created with: + Useful commands: + ninja -v some/target + ninja test + sudo ninja install + DESTDIR=... ninja install + + A tarball can be created with: git archive --format=tar --prefix=systemd-222/ v222 | xz > systemd-222.tar.xz When systemd-hostnamed is used, it is strongly recommended to @@ -174,6 +199,16 @@ REQUIREMENTS: under all circumstances. In fact, systemd-hostnamed will warn if nss-myhostname is not installed. + nss-systemd must be enabled on systemd systems, as that's required for + DynamicUser= to work. Note that we ship services out-of-the-box that + make use of DynamicUser= now, hence enabling nss-systemd is not + optional. + + Note that the build prefix for systemd must be /usr. -Dsplit-usr=false + (which is the default and does not need to be specified) is the + recommended setting, and -Dsplit-usr=true should be used on systems + which have /usr on a separate partition. + Additional packages are necessary to run some tests: - busybox (used by test/TEST-13-NSPAWN-SMOKE) - nc (used by test/TEST-12-ISSUE-3171) @@ -188,7 +223,7 @@ USERS AND GROUPS: even in the very early boot stages, where no other databases and network are available: - audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video + audio, cdrom, dialout, disk, input, kmem, kvm, lp, render, tape, tty, video During runtime, the journal daemon requires the "systemd-journal" system group to exist. New journal files will @@ -254,32 +289,41 @@ SYSV INIT.D SCRIPTS: needs to look like, and provide an implementation at the marked places. WARNINGS: - systemd will warn you during boot if /usr is on a different - file system than /. While in systemd itself very little will - break if /usr is on a separate partition, many of its - dependencies very likely will break sooner or later in one - form or another. For example, udev rules tend to refer to - binaries in /usr, binaries that link to libraries in /usr or - binaries that refer to data files in /usr. Since these - breakages are not always directly visible, systemd will warn - about this, since this kind of file system setup is not really - supported anymore by the basic set of Linux OS components. + systemd will warn during early boot if /usr is not already mounted at + this point (that means: either located on the same file system as / or + already mounted in the initrd). While in systemd itself very little + will break if /usr is on a separate, late-mounted partition, many of + its dependencies very likely will break sooner or later in one form or + another. For example, udev rules tend to refer to binaries in /usr, + binaries that link to libraries in /usr or binaries that refer to data + files in /usr. Since these breakages are not always directly visible, + systemd will warn about this, since this kind of file system setup is + not really supported anymore by the basic set of Linux OS components. systemd requires that the /run mount point exists. systemd also requires that /var/run is a symlink to /run. For more information on this issue consult - http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken + https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken To run systemd under valgrind, compile with VALGRIND defined - (e.g. ./configure CPPFLAGS='... -DVALGRIND=1'). Otherwise, - false positives will be triggered by code which violates - some rules but is actually safe. - - Currently, systemd-timesyncd defaults to use the Google NTP - servers if not specified otherwise at configure time. You - really should not ship an OS or device with this default - setting. See DISTRO_PORTING for details. + (e.g. CPPFLAGS='... -DVALGRIND=1' meson ) and have valgrind + development headers installed (i.e. valgrind-devel or + equivalent). Otherwise, false positives will be triggered by code which + violates some rules but is actually safe. Note that valgrind generates + nice output only on exit(), hence on shutdown we don't execve() + systemd-shutdown. + +STABLE BRANCHES AND BACKPORTS + + Stable branches with backported patches are available in the + systemd-stable repo at https://github.com/systemd/systemd-stable. + + Stable branches are started for certain releases of systemd and named + after them, e.g. v238-stable. Stable branches are managed by + distribution maintainers on an as needed basis. See + https://www.freedesktop.org/wiki/Software/systemd/Backports/ for some + more information and examples. ENGINEERING AND CONSULTING SERVICES: Kinvolk (https://kinvolk.io) offers professional engineering