]>
Commit | Line | Data |
---|---|---|
c3e270f4 FB |
1 | --- |
2 | title: Porting systemd To New Distributions | |
4cdca0af | 3 | category: Concepts |
b41a3f66 | 4 | layout: default |
c3e270f4 FB |
5 | --- |
6 | ||
1d1cb168 FB |
7 | # Porting systemd To New Distributions |
8 | ||
9 | ## HOWTO | |
10 | ||
11 | You need to make the follow changes to adapt systemd to your | |
12 | distribution: | |
13 | ||
14 | 1. Find the right configure parameters for: | |
15 | ||
16 | * `-Drootprefix=` | |
17 | * `-Dsysvinit-path=` | |
18 | * `-Dsysvrcnd-path=` | |
19 | * `-Drc-local=` | |
1d1cb168 FB |
20 | * `-Dloadkeys-path=` |
21 | * `-Dsetfont-path=` | |
22 | * `-Dtty-gid=` | |
23 | * `-Dntp-servers=` | |
24 | * `-Ddns-servers=` | |
25 | * `-Dsupport-url=` | |
26 | ||
27 | 2. Try it out. | |
28 | ||
29 | Play around (as an ordinary user) with | |
30 | `/usr/lib/systemd/systemd --test --system` for a test run | |
31 | of systemd without booting. This will read the unit files and | |
32 | print the initial transaction it would execute during boot-up. | |
33 | This will also inform you about ordering loops and suchlike. | |
34 | ||
57903f93 ZJS |
35 | ## Compilation options |
36 | ||
37 | The default configuration does not enable any optimization or hardening | |
38 | options. This is suitable for development and testing, but not for end-user | |
39 | installations. | |
40 | ||
41 | For deployment, optimization (`-O2` or `-O3` compiler options), link time | |
42 | optimization (`-Db_lto=true` meson option), and hardening (e.g. | |
43 | `-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`, | |
44 | `-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`, | |
45 | `--as-needed` linker options) are recommended. The most appropriate set of | |
46 | options depends on the architecture and distribution specifics so no default is | |
47 | provided. | |
48 | ||
1d1cb168 FB |
49 | ## NTP Pool |
50 | ||
51 | By default, systemd-timesyncd uses the Google Public NTP servers | |
52 | `time[1-4].google.com`, if no other NTP configuration is available. | |
53 | They serve time that uses a | |
54 | [leap second smear](https://developers.google.com/time/smear) | |
55 | and can be up to .5s off from servers that use stepped leap seconds. | |
56 | ||
57 | If you prefer to use leap second steps, please register your own | |
58 | vendor pool at ntp.org and make it the built-in default by | |
59 | passing `-Dntp-servers=` to meson. Registering vendor | |
60 | pools is [free](http://www.pool.ntp.org/en/vendors.html). | |
61 | ||
62 | Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback | |
63 | NTP servers. | |
64 | ||
65 | ## DNS Servers | |
66 | ||
def3c7c7 IK |
67 | By default, systemd-resolved uses Cloudflare and Google Public DNS servers |
68 | `1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844` | |
1d1cb168 FB |
69 | as fallback, if no other DNS configuration is available. |
70 | ||
71 | Use `-Ddns-servers=` to direct systemd-resolved to different fallback | |
72 | DNS servers. | |
73 | ||
74 | ## PAM | |
75 | ||
76 | The default PAM config shipped by systemd is really bare bones. | |
77 | It does not include many modules your distro might want to enable | |
78 | to provide a more seamless experience. For example, limits set in | |
79 | `/etc/security/limits.conf` will not be read unless you load `pam_limits`. | |
80 | Make sure you add modules your distro expects from user services. | |
81 | ||
82 | Pass `-Dpamconfdir=no` to meson to avoid installing this file and | |
83 | instead install your own. | |
84 | ||
85 | ## Contributing Upstream | |
86 | ||
87 | We generally do no longer accept distribution-specific patches to | |
88 | systemd upstream. If you have to make changes to systemd's source code | |
89 | to make it work on your distribution, unless your code is generic | |
90 | enough to be generally useful, we are unlikely to merge it. Please | |
91 | always consider adopting the upstream defaults. If that is not | |
92 | possible, please maintain the relevant patches downstream. | |
93 | ||
94 | Thank you for understanding. |