]>
Commit | Line | Data |
---|---|---|
c3e270f4 FB |
1 | --- |
2 | title: Hacking on systemd | |
4cdca0af | 3 | category: Contributing |
b41a3f66 | 4 | layout: default |
0aff7b75 | 5 | SPDX-License-Identifier: LGPL-2.1-or-later |
c3e270f4 FB |
6 | --- |
7 | ||
5a8a9dee FA |
8 | # Hacking on systemd |
9 | ||
10 | We welcome all contributions to systemd. If you notice a bug or a missing | |
54080482 DDM |
11 | feature, please feel invited to fix it, and submit your work as a |
12 | [GitHub Pull Request (PR)](https://github.com/systemd/systemd/pull/new). | |
5a8a9dee | 13 | |
75e09908 ZJS |
14 | Please make sure to follow our [Coding Style](CODING_STYLE.md) when submitting |
15 | patches. Also have a look at our [Contribution Guidelines](CONTRIBUTING.md). | |
5a8a9dee FA |
16 | |
17 | When adding new functionality, tests should be added. For shared functionality | |
18 | (in `src/basic/` and `src/shared/`) unit tests should be sufficient. The general | |
19 | policy is to keep tests in matching files underneath `src/test/`, | |
20 | e.g. `src/test/test-path-util.c` contains tests for any functions in | |
21 | `src/basic/path-util.c`. If adding a new source file, consider adding a matching | |
22 | test executable. For features at a higher level, tests in `src/test/` are very | |
1e268f42 | 23 | strongly recommended. If that is not possible, integration tests in `test/` are |
5a8a9dee FA |
24 | encouraged. |
25 | ||
75e09908 ZJS |
26 | Please also have a look at our list of [code quality tools](CODE_QUALITY.md) we |
27 | have setup for systemd, to ensure our codebase stays in good shape. | |
5a8a9dee FA |
28 | |
29 | Please always test your work before submitting a PR. For many of the components | |
4bb37359 | 30 | of systemd testing is straightforward as you can simply compile systemd and |
5a8a9dee FA |
31 | run the relevant tool from the build directory. |
32 | ||
8f1a581e | 33 | For some components (most importantly, systemd/PID 1 itself) this is not |
5a8a9dee | 34 | possible, however. In order to simplify testing for cases like this we provide |
54080482 DDM |
35 | a set of `mkosi` build files directly in the source tree. |
36 | [mkosi](https://github.com/systemd/mkosi) is a tool for building clean OS images | |
37 | from an upstream distribution in combination with a fresh build of the project | |
246fd4d2 | 38 | in the local working directory. To make use of this, please install `mkosi` from |
54080482 | 39 | the [GitHub repository](https://github.com/systemd/mkosi). `mkosi` will build an |
246fd4d2 DDM |
40 | image for the host distro by default. Currently, the latest github commit is |
41 | required. `mkosi` also requires systemd v253 (unreleased) or newer. If systemd v253 | |
42 | is not available, `mkosi` will automatically use executables from the systemd build | |
47e5e128 DDM |
43 | directory if it's executed from the systemd repository root directory. First, run |
44 | `mkosi genkey` to generate a key and certificate to be used for secure boot and | |
45 | verity signing. After that is done, it is sufficient to type `mkosi` in the systemd | |
46 | project directory to generate a disk image you can boot either in `systemd-nspawn` | |
47 | or in a UEFI-capable VM: | |
5a8a9dee | 48 | |
b2c9da05 | 49 | ```sh |
2edcf8e7 | 50 | $ sudo mkosi boot # nspawn still needs sudo for now |
5a8a9dee FA |
51 | ``` |
52 | ||
53 | or: | |
54 | ||
b2c9da05 DDM |
55 | ```sh |
56 | $ mkosi qemu | |
5a8a9dee FA |
57 | ``` |
58 | ||
59 | Every time you rerun the `mkosi` command a fresh image is built, incorporating | |
2fe24ccc | 60 | all current changes you made to the project tree. |
c38667f7 | 61 | |
c38667f7 DDM |
62 | If you want to do a local build without mkosi, most distributions also provide |
63 | very simple and convenient ways to install all development packages necessary | |
b43ed972 | 64 | to build systemd: |
5a8a9dee | 65 | |
b43ed972 DDM |
66 | ```sh |
67 | # Fedora | |
68 | $ sudo dnf builddep systemd | |
69 | # Debian/Ubuntu | |
4df5799f | 70 | $ sudo apt-get build-dep systemd |
b43ed972 | 71 | # Arch |
ab13274a | 72 | $ sudo pacman -S asp |
b43ed972 DDM |
73 | $ asp checkout systemd |
74 | $ cd systemd/trunk | |
75 | $ makepkg -seoc | |
5a8a9dee FA |
76 | ``` |
77 | ||
78 | Putting this all together, here's a series of commands for preparing a patch | |
4c71f971 | 79 | for systemd: |
5a8a9dee FA |
80 | |
81 | ```sh | |
b43ed972 | 82 | # Install build dependencies (see above) |
246fd4d2 | 83 | # Install mkosi from the github repository |
5a8a9dee FA |
84 | $ git clone https://github.com/systemd/systemd.git |
85 | $ cd systemd | |
e8a68817 ZJS |
86 | $ git checkout -b <BRANCH> # where BRANCH is the name of the branch |
87 | $ vim src/core/main.c # or wherever you'd like to make your changes | |
1441a6a7 | 88 | $ meson setup build -Danalyze=true -Drepart=true -Defi=true -Dbootloader=true -Dukify=true # configure the build |
e8a68817 ZJS |
89 | $ ninja -C build # build it locally, see if everything compiles fine |
90 | $ meson test -C build # run some simple regression tests | |
246fd4d2 DDM |
91 | $ cd .. |
92 | $ git clone https://github.com/systemd/mkosi.git | |
2edcf8e7 | 93 | $ ln -s mkosi/bin/mkosi ~/.local/bin/mkosi # Make sure ~/.local/bin is in $PATH |
246fd4d2 | 94 | $ cd systemd |
2edcf8e7 DDM |
95 | $ mkosi # build the test image |
96 | $ mkosi qemu # boot up the test image in qemu | |
e8a68817 ZJS |
97 | $ git add -p # interactively put together your patch |
98 | $ git commit # commit it | |
99 | $ git push -u <REMOTE> # where REMOTE is your "fork" on GitHub | |
5a8a9dee FA |
100 | ``` |
101 | ||
102 | And after that, head over to your repo on GitHub and click "Compare & pull request" | |
103 | ||
104 | Happy hacking! | |
105 | ||
89f52a78 ZJS |
106 | ## Templating engines in .in files |
107 | ||
108 | Some source files are generated during build. We use two templating engines: | |
109 | * meson's `configure_file()` directive uses syntax with `@VARIABLE@`. | |
110 | ||
ba777d01 ZJS |
111 | See the |
112 | [Meson docs for `configure_file()`](https://mesonbuild.com/Reference-manual.html#configure_file) | |
113 | for details. | |
89f52a78 | 114 | |
c9d311c7 | 115 | {% raw %} |
89f52a78 ZJS |
116 | * most files are rendered using jinja2, with `{{VARIABLE}}` and `{% if … %}`, |
117 | `{% elif … %}`, `{% else … %}`, `{% endif … %}` blocks. `{# … #}` is a | |
118 | jinja2 comment, i.e. that block will not be visible in the rendered | |
c9d311c7 ZJS |
119 | output. `{% raw %} … `{% endraw %}`{{ '{' }}{{ '% endraw %' }}}` creates a block |
120 | where jinja2 syntax is not interpreted. | |
89f52a78 | 121 | |
ba777d01 ZJS |
122 | See the |
123 | [Jinja Template Designer Documentation](https://jinja2docs.readthedocs.io/en/stable/templates.html#synopsis) | |
89f52a78 ZJS |
124 | for details. |
125 | ||
126 | Please note that files for both template engines use the `.in` extension. | |
5a8a9dee | 127 | |
4c8e5f44 ZJS |
128 | ## Developer and release modes |
129 | ||
130 | In the default meson configuration (`-Dmode=developer`), certain checks are | |
131 | enabled that are suitable when hacking on systemd (such as internal | |
89f52a78 ZJS |
132 | documentation consistency checks). Those are not useful when compiling for |
133 | distribution and can be disabled by setting `-Dmode=release`. | |
4c8e5f44 | 134 | |
69d638e6 DDM |
135 | ## Sanitizers in mkosi |
136 | ||
137 | See [Testing systemd using sanitizers](TESTING_WITH_SANITIZERS.md) for more information | |
138 | on how to build with sanitizers enabled in mkosi. | |
139 | ||
5a8a9dee FA |
140 | ## Fuzzers |
141 | ||
142 | systemd includes fuzzers in `src/fuzz/` that use libFuzzer and are automatically | |
135a1add | 143 | run by [OSS-Fuzz](https://github.com/google/oss-fuzz) with sanitizers. |
53a42e62 | 144 | To add a fuzz target, create a new `src/fuzz/fuzz-foo.c` file with a `LLVMFuzzerTestOneInput` |
5a8a9dee FA |
145 | function and add it to the list in `src/fuzz/meson.build`. |
146 | ||
147 | Whenever possible, a seed corpus and a dictionary should also be added with new | |
148 | fuzz targets. The dictionary should be named `src/fuzz/fuzz-foo.dict` and the seed | |
149 | corpus should be built and exported as `$OUT/fuzz-foo_seed_corpus.zip` in | |
150 | `tools/oss-fuzz.sh`. | |
151 | ||
152 | The fuzzers can be built locally if you have libFuzzer installed by running | |
39e63b44 EV |
153 | `tools/oss-fuzz.sh`. You should also confirm that the fuzzers can be built and |
154 | run using | |
155 | [the OSS-Fuzz toolchain](https://google.github.io/oss-fuzz/advanced-topics/reproducing/#building-using-docker): | |
5a8a9dee FA |
156 | |
157 | ``` | |
39e63b44 EV |
158 | path_to_systemd=... |
159 | ||
160 | git clone --depth=1 https://github.com/google/oss-fuzz | |
161 | cd oss-fuzz | |
162 | ||
163 | for sanitizer in address undefined memory; do | |
164 | for engine in libfuzzer afl honggfuzz; do | |
165 | ./infra/helper.py build_fuzzers --sanitizer "$sanitizer" --engine "$engine" \ | |
166 | --clean systemd "$path_to_systemd" | |
167 | ||
168 | ./infra/helper.py check_build --sanitizer "$sanitizer" --engine "$engine" \ | |
169 | -e ALLOWED_BROKEN_TARGETS_PERCENTAGE=0 systemd | |
170 | done | |
171 | done | |
172 | ||
61ad4f25 EV |
173 | ./infra/helper.py build_fuzzers --clean --architecture i386 systemd "$path_to_systemd" |
174 | ./infra/helper.py check_build --architecture i386 -e ALLOWED_BROKEN_TARGETS_PERCENTAGE=0 systemd | |
175 | ||
39e63b44 EV |
176 | ./infra/helper.py build_fuzzers --clean --sanitizer coverage systemd "$path_to_systemd" |
177 | ./infra/helper.py coverage --no-corpus-download systemd | |
5a8a9dee FA |
178 | ``` |
179 | ||
180 | If you find a bug that impacts the security of systemd, please follow the | |
181 | guidance in [CONTRIBUTING.md](CONTRIBUTING.md) on how to report a security vulnerability. | |
182 | ||
183 | For more details on building fuzzers and integrating with OSS-Fuzz, visit: | |
184 | ||
6cec69fc LK |
185 | - [Setting up a new project - OSS-Fuzz](https://google.github.io/oss-fuzz/getting-started/new-project-guide/) |
186 | - [Tutorials - OSS-Fuzz](https://google.github.io/oss-fuzz/reference/useful-links/#tutorials) | |
4cc06b80 | 187 | |
2d92c35b DDM |
188 | ## Debugging binaries that need to run as root in vscode |
189 | ||
190 | When trying to debug binaries that need to run as root, we need to do some custom configuration in vscode to | |
191 | have it try to run the applications as root and to ask the user for the root password when trying to start | |
192 | the binary. To achieve this, we'll use a custom debugger path which points to a script that starts `gdb` as | |
193 | root using `pkexec`. pkexec will prompt the user for their root password via a graphical interface. This | |
194 | guide assumes the C/C++ extension is used for debugging. | |
195 | ||
196 | First, create a file `sgdb` in the root of the systemd repository with the following contents and make it | |
197 | executable: | |
198 | ||
199 | ``` | |
200 | #!/bin/sh | |
201 | exec pkexec gdb "$@" | |
202 | ``` | |
203 | ||
204 | Then, open launch.json in vscode, and set `miDebuggerPath` to `${workspaceFolder}/sgdb` for the corresponding | |
205 | debug configuration. Now, whenever you try to debug the application, vscode will try to start gdb as root via | |
206 | pkexec which will prompt you for your password via a graphical interface. After entering your password, | |
207 | vscode should be able to start debugging the application. | |
208 | ||
209 | For more information on how to set up a debug configuration for C binaries, please refer to the official | |
210 | vscode documentation [here](https://code.visualstudio.com/docs/cpp/launch-json-reference) | |
211 | ||
66dc9b46 DDM |
212 | ## Debugging systemd with mkosi + vscode |
213 | ||
214 | To simplify debugging systemd when testing changes using mkosi, we're going to show how to attach | |
c84d14c5 DDM |
215 | [VSCode](https://code.visualstudio.com/)'s debugger to an instance of systemd running in a mkosi image using |
216 | QEMU. | |
66dc9b46 DDM |
217 | |
218 | To allow VSCode's debugger to attach to systemd running in a mkosi image, we have to make sure it can access | |
c84d14c5 DDM |
219 | the virtual machine spawned by mkosi where systemd is running. mkosi makes this possible via a handy SSH |
220 | option that makes the generated image accessible via SSH when booted. Thus you must build the image with | |
221 | `mkosi --ssh`. The easiest way to set the option is to create a file 20-local.conf in mkosi.conf.d/ (in the | |
222 | directory you ran mkosi in) and add the following contents: | |
66dc9b46 DDM |
223 | |
224 | ``` | |
225 | [Host] | |
226 | Ssh=yes | |
227 | ``` | |
228 | ||
c84d14c5 DDM |
229 | Also make sure that the SSH agent is running on your system and that you've added your SSH key to it with |
230 | `ssh-add`. | |
231 | ||
232 | After rebuilding the image and booting it with `mkosi qemu`, you should now be able to connect to it by | |
233 | running `mkosi ssh` from the same directory in another terminal window. | |
66dc9b46 DDM |
234 | |
235 | Now we need to configure VSCode. First, make sure the C/C++ extension is installed. If you're already using | |
236 | a different extension for code completion and other IDE features for C in VSCode, make sure to disable the | |
237 | corresponding parts of the C/C++ extension in your VSCode user settings by adding the following entries: | |
238 | ||
239 | ```json | |
240 | "C_Cpp.formatting": "Disabled", | |
241 | "C_Cpp.intelliSenseEngine": "Disabled", | |
242 | "C_Cpp.enhancedColorization": "Disabled", | |
243 | "C_Cpp.suggestSnippets": false, | |
244 | ``` | |
245 | ||
246 | With the extension set up, we can create the launch.json file in the .vscode/ directory to tell the VSCode | |
026d2499 WR |
247 | debugger how to attach to the systemd instance running in our mkosi container/VM. Create the file, and possibly |
248 | the directory, and add the following contents: | |
66dc9b46 DDM |
249 | |
250 | ```json | |
251 | { | |
252 | "version": "0.2.0", | |
253 | "configurations": [ | |
254 | { | |
255 | "type": "cppdbg", | |
256 | "program": "/usr/lib/systemd/systemd", | |
3f3bc1f2 | 257 | "processId": "${command:pickRemoteProcess}", |
66dc9b46 DDM |
258 | "request": "attach", |
259 | "name": "systemd", | |
260 | "pipeTransport": { | |
261 | "pipeProgram": "mkosi", | |
262 | "pipeArgs": [ | |
263 | "-C", | |
264 | "/path/to/systemd/repo/directory/on/host/system/", | |
265 | "ssh" | |
266 | ], | |
267 | "debuggerPath": "/usr/bin/gdb" | |
268 | }, | |
269 | "MIMode": "gdb", | |
270 | "sourceFileMap": { | |
c84d14c5 | 271 | "/work/build/../src": { |
66dc9b46 DDM |
272 | "editorPath": "${workspaceFolder}", |
273 | "useForBreakpoints": false | |
274 | }, | |
c84d14c5 | 275 | "/work/build/*": { |
66dc9b46 DDM |
276 | "editorPath": "${workspaceFolder}/mkosi.builddir", |
277 | "useForBreakpoints": false | |
278 | } | |
279 | } | |
280 | } | |
281 | ] | |
282 | } | |
283 | ``` | |
284 | ||
285 | Now that the debugger knows how to connect to our process in the container/VM and we've set up the necessary | |
286 | source mappings, go to the "Run and Debug" window and run the "systemd" debug configuration. If everything | |
287 | goes well, the debugger should now be attached to the systemd instance running in the container/VM. You can | |
288 | attach breakpoints from the editor and enjoy all the other features of VSCode's debugger. | |
289 | ||
290 | To debug systemd components other than PID 1, set "program" to the full path of the component you want to | |
291 | debug and set "processId" to "${command:pickProcess}". Now, when starting the debugger, VSCode will ask you | |
292 | the PID of the process you want to debug. Run `systemctl show --property MainPID --value <component>` in the | |
293 | container to figure out the PID and enter it when asked and VSCode will attach to that process instead. | |
948d085e | 294 | |
818e46ae | 295 | ## Debugging systemd-boot |
948d085e | 296 | |
badea0d6 ZJS |
297 | During boot, systemd-boot and the stub loader will output messages like |
298 | `systemd-boot@0x0A` and `systemd-stub@0x0B`, providing the base of the loaded | |
299 | code. This location can then be used to attach to a QEMU session (provided it | |
300 | was run with `-s`). See `debug-sd-boot.sh` script in the tools folder which | |
301 | automates this processes. | |
302 | ||
303 | If the debugger is too slow to attach to examine an early boot code passage, | |
304 | the call to `DEFINE_EFI_MAIN_FUNCTION()` can be modified to enable waiting. As | |
305 | soon as the debugger has control, we can then run `set variable wait = 0` or | |
306 | `return` to continue. Once the debugger has attached, setting breakpoints will | |
307 | work like usual. | |
948d085e JJ |
308 | |
309 | To debug systemd-boot in an IDE such as VSCode we can use a launch configuration like this: | |
310 | ```json | |
311 | { | |
312 | "name": "systemd-boot", | |
313 | "type": "cppdbg", | |
314 | "request": "launch", | |
315 | "program": "${workspaceFolder}/build/src/boot/efi/systemd-bootx64.efi", | |
316 | "cwd": "${workspaceFolder}", | |
317 | "MIMode": "gdb", | |
318 | "miDebuggerServerAddress": ":1234", | |
319 | "setupCommands": [ | |
320 | { "text": "shell mkfifo /tmp/sdboot.{in,out}" }, | |
321 | { "text": "shell qemu-system-x86_64 [...] -s -serial pipe:/tmp/sdboot" }, | |
322 | { "text": "shell ${workspaceFolder}/tools/debug-sd-boot.sh ${workspaceFolder}/build/src/boot/efi/systemd-bootx64.efi /tmp/sdboot.out systemd-boot.gdb" }, | |
323 | { "text": "source /tmp/systemd-boot.gdb" }, | |
324 | ] | |
325 | } | |
326 | ``` | |
d12e9bdc DDM |
327 | |
328 | ## Hacking on the kernel + systemd | |
329 | ||
330 | If you're hacking on the kernel in tandem with systemd, you can clone a kernel repository in mkosi.kernel/ in | |
331 | the systemd repository, and mkosi will automatically build that kernel and install it into the final image. | |
332 | To prevent the distribution's kernel from being installed (which isn't necessary since we're building our | |
94c9855a | 333 | own kernel), you can add the following snippets to mkosi.conf.d/20-local.conf: |
d12e9bdc DDM |
334 | |
335 | (This snippet is for Fedora, the list of packages will need to be changed for other distributions) | |
336 | ||
337 | ``` | |
338 | [Distribution] | |
339 | CacheInitrd=no | |
340 | ||
341 | [Content] | |
342 | BasePackages=conditional | |
343 | Packages=systemd | |
344 | util-linux | |
345 | dracut | |
346 | ``` |