[thirdparty/systemd.git] / docs / DISTRO_PORTING.md

---
title: Porting systemd To New Distributions
category: Concepts
layout: default
---

# Porting systemd To New Distributions

## HOWTO

You need to make the follow changes to adapt systemd to your
distribution:

1. Find the right configure parameters for:

   * `-Drootprefix=`
   * `-Dsysvinit-path=`
   * `-Dsysvrcnd-path=`
   * `-Drc-local=`
   * `-Dloadkeys-path=`
   * `-Dsetfont-path=`
   * `-Dtty-gid=`
   * `-Dntp-servers=`
   * `-Ddns-servers=`
   * `-Dsupport-url=`

2. Try it out.

   Play around (as an ordinary user) with
   `/usr/lib/systemd/systemd --test --system` for a test run
   of systemd without booting. This will read the unit files and
   print the initial transaction it would execute during boot-up.
   This will also inform you about ordering loops and suchlike.

## Compilation options

The default configuration does not enable any optimization or hardening
options. This is suitable for development and testing, but not for end-user
installations.

For deployment, optimization (`-O2` or `-O3` compiler options), link time
optimization (`-Db_lto=true` meson option), and hardening (e.g.
`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`,
`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`,
`--as-needed` linker options) are recommended. The most appropriate set of
options depends on the architecture and distribution specifics so no default is
provided.

## NTP Pool

By default, systemd-timesyncd uses the Google Public NTP servers
`time[1-4].google.com`, if no other NTP configuration is available.
They serve time that uses a
[leap second smear](https://developers.google.com/time/smear)
and can be up to .5s off from servers that use stepped leap seconds.

If you prefer to use leap second steps, please register your own
vendor pool at ntp.org and make it the built-in default by
passing `-Dntp-servers=` to meson. Registering vendor
pools is [free](http://www.pool.ntp.org/en/vendors.html).

Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback
NTP servers.

## DNS Servers

By default, systemd-resolved uses Cloudflare and Google Public DNS servers
`1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844`
as fallback, if no other DNS configuration is available.

Use `-Ddns-servers=` to direct systemd-resolved to different fallback
DNS servers.

## PAM

The default PAM config shipped by systemd is really bare bones.
It does not include many modules your distro might want to enable
to provide a more seamless experience. For example, limits set in
`/etc/security/limits.conf` will not be read unless you load `pam_limits`.
Make sure you add modules your distro expects from user services.

Pass `-Dpamconfdir=no` to meson to avoid installing this file and
instead install your own.

## Contributing Upstream

We generally do no longer accept distribution-specific patches to
systemd upstream. If you have to make changes to systemd's source code
to make it work on your distribution, unless your code is generic
enough to be generally useful, we are unlikely to merge it. Please
always consider adopting the upstream defaults. If that is not
possible, please maintain the relevant patches downstream.

Thank you for understanding.
Commit	Line	Data
c3e270f4 FB	1	---
c3e270f4 FB	2	title: Porting systemd To New Distributions
4cdca0af	3	category: Concepts
b41a3f66	4	layout: default
c3e270f4 FB	5	---
c3e270f4 FB	6
1d1cb168 FB	7	# Porting systemd To New Distributions
	8
	9	## HOWTO
	10
	11	You need to make the follow changes to adapt systemd to your
	12	distribution:
	13
	14	1. Find the right configure parameters for:
	15
	16	* `-Drootprefix=`
	17	* `-Dsysvinit-path=`
	18	* `-Dsysvrcnd-path=`
	19	* `-Drc-local=`
1d1cb168 FB	20	* `-Dloadkeys-path=`
	21	* `-Dsetfont-path=`
	22	* `-Dtty-gid=`
	23	* `-Dntp-servers=`
	24	* `-Ddns-servers=`
	25	* `-Dsupport-url=`
	26
	27	2. Try it out.
	28
	29	Play around (as an ordinary user) with
	30	`/usr/lib/systemd/systemd --test --system` for a test run
	31	of systemd without booting. This will read the unit files and
	32	print the initial transaction it would execute during boot-up.
	33	This will also inform you about ordering loops and suchlike.
	34
57903f93 ZJS	35	## Compilation options
	36
	37	The default configuration does not enable any optimization or hardening
	38	options. This is suitable for development and testing, but not for end-user
	39	installations.
	40
	41	For deployment, optimization (`-O2` or `-O3` compiler options), link time
	42	optimization (`-Db_lto=true` meson option), and hardening (e.g.
	43	`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`,
	44	`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`,
	45	`--as-needed` linker options) are recommended. The most appropriate set of
	46	options depends on the architecture and distribution specifics so no default is
	47	provided.
	48
1d1cb168 FB	49	## NTP Pool
	50
	51	By default, systemd-timesyncd uses the Google Public NTP servers
	52	`time[1-4].google.com`, if no other NTP configuration is available.
	53	They serve time that uses a
	54	[leap second smear](https://developers.google.com/time/smear)
	55	and can be up to .5s off from servers that use stepped leap seconds.
	56
	57	If you prefer to use leap second steps, please register your own
	58	vendor pool at ntp.org and make it the built-in default by
	59	passing `-Dntp-servers=` to meson. Registering vendor
	60	pools is [free](http://www.pool.ntp.org/en/vendors.html).
	61
	62	Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback
	63	NTP servers.
	64
	65	## DNS Servers
	66
def3c7c7 IK	67	By default, systemd-resolved uses Cloudflare and Google Public DNS servers
def3c7c7 IK	68	`1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844`
1d1cb168 FB	69	as fallback, if no other DNS configuration is available.
	70
	71	Use `-Ddns-servers=` to direct systemd-resolved to different fallback
	72	DNS servers.
	73
	74	## PAM
	75
	76	The default PAM config shipped by systemd is really bare bones.
	77	It does not include many modules your distro might want to enable
	78	to provide a more seamless experience. For example, limits set in
	79	`/etc/security/limits.conf` will not be read unless you load `pam_limits`.
	80	Make sure you add modules your distro expects from user services.
	81
	82	Pass `-Dpamconfdir=no` to meson to avoid installing this file and
	83	instead install your own.
	84
	85	## Contributing Upstream
	86
	87	We generally do no longer accept distribution-specific patches to
	88	systemd upstream. If you have to make changes to systemd's source code
	89	to make it work on your distribution, unless your code is generic
	90	enough to be generally useful, we are unlikely to merge it. Please
	91	always consider adopting the upstream defaults. If that is not
	92	possible, please maintain the relevant patches downstream.
	93
	94	Thank you for understanding.