]>
Commit | Line | Data |
---|---|---|
c3e270f4 FB |
1 | --- |
2 | title: Porting systemd To New Distributions | |
4cdca0af | 3 | category: Concepts |
b41a3f66 | 4 | layout: default |
0aff7b75 | 5 | SPDX-License-Identifier: LGPL-2.1-or-later |
c3e270f4 FB |
6 | --- |
7 | ||
1d1cb168 FB |
8 | # Porting systemd To New Distributions |
9 | ||
10 | ## HOWTO | |
11 | ||
12 | You need to make the follow changes to adapt systemd to your | |
13 | distribution: | |
14 | ||
15 | 1. Find the right configure parameters for: | |
16 | ||
17 | * `-Drootprefix=` | |
18 | * `-Dsysvinit-path=` | |
19 | * `-Dsysvrcnd-path=` | |
20 | * `-Drc-local=` | |
1d1cb168 FB |
21 | * `-Dloadkeys-path=` |
22 | * `-Dsetfont-path=` | |
23 | * `-Dtty-gid=` | |
24 | * `-Dntp-servers=` | |
25 | * `-Ddns-servers=` | |
26 | * `-Dsupport-url=` | |
27 | ||
28 | 2. Try it out. | |
29 | ||
30 | Play around (as an ordinary user) with | |
31 | `/usr/lib/systemd/systemd --test --system` for a test run | |
32 | of systemd without booting. This will read the unit files and | |
33 | print the initial transaction it would execute during boot-up. | |
34 | This will also inform you about ordering loops and suchlike. | |
35 | ||
57903f93 ZJS |
36 | ## Compilation options |
37 | ||
38 | The default configuration does not enable any optimization or hardening | |
39 | options. This is suitable for development and testing, but not for end-user | |
40 | installations. | |
41 | ||
42 | For deployment, optimization (`-O2` or `-O3` compiler options), link time | |
43 | optimization (`-Db_lto=true` meson option), and hardening (e.g. | |
44 | `-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`, | |
45 | `-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`, | |
46 | `--as-needed` linker options) are recommended. The most appropriate set of | |
47 | options depends on the architecture and distribution specifics so no default is | |
48 | provided. | |
49 | ||
1d1cb168 FB |
50 | ## NTP Pool |
51 | ||
52 | By default, systemd-timesyncd uses the Google Public NTP servers | |
53 | `time[1-4].google.com`, if no other NTP configuration is available. | |
54 | They serve time that uses a | |
55 | [leap second smear](https://developers.google.com/time/smear) | |
56 | and can be up to .5s off from servers that use stepped leap seconds. | |
57 | ||
58 | If you prefer to use leap second steps, please register your own | |
59 | vendor pool at ntp.org and make it the built-in default by | |
60 | passing `-Dntp-servers=` to meson. Registering vendor | |
61 | pools is [free](http://www.pool.ntp.org/en/vendors.html). | |
62 | ||
63 | Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback | |
64 | NTP servers. | |
65 | ||
66 | ## DNS Servers | |
67 | ||
def3c7c7 IK |
68 | By default, systemd-resolved uses Cloudflare and Google Public DNS servers |
69 | `1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844` | |
1d1cb168 FB |
70 | as fallback, if no other DNS configuration is available. |
71 | ||
72 | Use `-Ddns-servers=` to direct systemd-resolved to different fallback | |
73 | DNS servers. | |
74 | ||
75 | ## PAM | |
76 | ||
77 | The default PAM config shipped by systemd is really bare bones. | |
78 | It does not include many modules your distro might want to enable | |
79 | to provide a more seamless experience. For example, limits set in | |
80 | `/etc/security/limits.conf` will not be read unless you load `pam_limits`. | |
81 | Make sure you add modules your distro expects from user services. | |
82 | ||
83 | Pass `-Dpamconfdir=no` to meson to avoid installing this file and | |
84 | instead install your own. | |
85 | ||
86 | ## Contributing Upstream | |
87 | ||
88 | We generally do no longer accept distribution-specific patches to | |
89 | systemd upstream. If you have to make changes to systemd's source code | |
90 | to make it work on your distribution, unless your code is generic | |
91 | enough to be generally useful, we are unlikely to merge it. Please | |
92 | always consider adopting the upstream defaults. If that is not | |
93 | possible, please maintain the relevant patches downstream. | |
94 | ||
95 | Thank you for understanding. |