[thirdparty/systemd.git] / docs / DISTRO_PORTING.md

---
title: Porting systemd To New Distributions
category: Concepts
layout: default
SPDX-License-Identifier: LGPL-2.1-or-later
---

# Porting systemd To New Distributions

## HOWTO

You need to make the follow changes to adapt systemd to your distribution:

1. Find the right configure parameters for:

   * `-Dsysvinit-path=`
   * `-Dsysvrcnd-path=`
   * `-Drc-local=`
   * `-Dloadkeys-path=`
   * `-Dsetfont-path=`
   * `-Dtty-gid=`
   * `-Dntp-servers=`
   * `-Ddns-servers=`
   * `-Dsupport-url=`

2. Try it out.

   Play around (as an ordinary user) with
   `/usr/lib/systemd/systemd --test --system` for a test run of systemd without booting.
   This will read the unit files and print the initial transaction it would execute during boot-up.
   This will also inform you about ordering loops and suchlike.

## Compilation options

The default configuration does not enable any optimization or hardening options.
This is suitable for development and testing, but not for end-user
installations.

For deployment, optimization (`-O2` or `-O3` compiler options), link time
optimization (`-Db_lto=true` meson option), and hardening (e.g.
`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`,
`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`,
`--as-needed` linker options) are recommended.
The most appropriate set of options depends on the architecture and distribution specifics so no default is
provided.

## NTP Pool

By default, systemd-timesyncd uses the Google Public NTP servers
`time[1-4].google.com`, if no other NTP configuration is available.
They serve time that uses a
[leap second smear](https://developers.google.com/time/smear)
and can be up to .5s off from servers that use stepped leap seconds.

If you prefer to use leap second steps, please register your own
vendor pool at ntp.org and make it the built-in default by
passing `-Dntp-servers=` to meson.
Registering vendor pools is
[free](http://www.pool.ntp.org/en/vendors.html).

Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback
NTP servers.

## DNS Servers

By default, systemd-resolved uses Cloudflare and Google Public DNS servers
`1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844`
as fallback, if no other DNS configuration is available.

Use `-Ddns-servers=` to direct systemd-resolved to different fallback
DNS servers.

## PAM

The default PAM config shipped by systemd is really bare bones.
It does not include many modules your distro might want to enable
to provide a more seamless experience.
For example, limits set in `/etc/security/limits.conf` will not be read unless you load `pam_limits`.
Make sure you add modules your distro expects from user services.

Pass `-Dpamconfdir=no` to meson to avoid installing this file and
instead install your own.

## Contributing Upstream

We generally no longer accept distribution-specific patches to
systemd upstream.
If you have to make changes to systemd's source code to make it work on your distribution, unless your code is generic enough to be generally useful, we are unlikely to merge it.
Please always consider adopting the upstream defaults.
If that is not possible, please maintain the relevant patches downstream.

Thank you for understanding.
Commit	Line	Data
c3e270f4 FB	1	---
c3e270f4 FB	2	title: Porting systemd To New Distributions
4cdca0af	3	category: Concepts
b41a3f66	4	layout: default
0aff7b75	5	SPDX-License-Identifier: LGPL-2.1-or-later
c3e270f4 FB	6	---
c3e270f4 FB	7
1d1cb168 FB	8	# Porting systemd To New Distributions
	9
	10	## HOWTO
	11
345115d6	12	You need to make the follow changes to adapt systemd to your distribution:
1d1cb168 FB	13
	14	1. Find the right configure parameters for:
	15
1d1cb168 FB	16	* `-Dsysvinit-path=`
	17	* `-Dsysvrcnd-path=`
	18	* `-Drc-local=`
1d1cb168 FB	19	* `-Dloadkeys-path=`
	20	* `-Dsetfont-path=`
	21	* `-Dtty-gid=`
	22	* `-Dntp-servers=`
	23	* `-Ddns-servers=`
	24	* `-Dsupport-url=`
	25
	26	2. Try it out.
	27
	28	Play around (as an ordinary user) with
345115d6	29	`/usr/lib/systemd/systemd --test --system` for a test run of systemd without booting.
345115d6	30	This will read the unit files and print the initial transaction it would execute during boot-up.
1d1cb168 FB	31	This will also inform you about ordering loops and suchlike.
1d1cb168 FB	32
57903f93 ZJS	33	## Compilation options
57903f93 ZJS	34
345115d6	35	The default configuration does not enable any optimization or hardening options.
345115d6	36	This is suitable for development and testing, but not for end-user
57903f93 ZJS	37	installations.
	38
	39	For deployment, optimization (`-O2` or `-O3` compiler options), link time
	40	optimization (`-Db_lto=true` meson option), and hardening (e.g.
	41	`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`,
	42	`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`,
345115d6	43	`--as-needed` linker options) are recommended.
345115d6	44	The most appropriate set of options depends on the architecture and distribution specifics so no default is
57903f93 ZJS	45	provided.
57903f93 ZJS	46
1d1cb168 FB	47	## NTP Pool
	48
	49	By default, systemd-timesyncd uses the Google Public NTP servers
	50	`time[1-4].google.com`, if no other NTP configuration is available.
	51	They serve time that uses a
	52	[leap second smear](https://developers.google.com/time/smear)
	53	and can be up to .5s off from servers that use stepped leap seconds.
	54
	55	If you prefer to use leap second steps, please register your own
	56	vendor pool at ntp.org and make it the built-in default by
345115d6	57	passing `-Dntp-servers=` to meson.
	58	Registering vendor pools is
	59	[free](http://www.pool.ntp.org/en/vendors.html).
1d1cb168 FB	60
	61	Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback
	62	NTP servers.
	63
	64	## DNS Servers
	65
def3c7c7 IK	66	By default, systemd-resolved uses Cloudflare and Google Public DNS servers
def3c7c7 IK	67	`1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844`
1d1cb168 FB	68	as fallback, if no other DNS configuration is available.
	69
	70	Use `-Ddns-servers=` to direct systemd-resolved to different fallback
	71	DNS servers.
	72
	73	## PAM
	74
	75	The default PAM config shipped by systemd is really bare bones.
	76	It does not include many modules your distro might want to enable
345115d6	77	to provide a more seamless experience.
345115d6	78	For example, limits set in `/etc/security/limits.conf` will not be read unless you load `pam_limits`.
1d1cb168 FB	79	Make sure you add modules your distro expects from user services.
	80
	81	Pass `-Dpamconfdir=no` to meson to avoid installing this file and
	82	instead install your own.
	83
	84	## Contributing Upstream
	85
e347d53a	86	We generally no longer accept distribution-specific patches to
345115d6	87	systemd upstream.
	88	If you have to make changes to systemd's source code to make it work on your distribution, unless your code is generic enough to be generally useful, we are unlikely to merge it.
	89	Please always consider adopting the upstream defaults.
	90	If that is not possible, please maintain the relevant patches downstream.
1d1cb168 FB	91
1d1cb168 FB	92	Thank you for understanding.