- except src/basic/siphash24.c which is CC0 Public Domain
- except src/journal/lookup3.c which is Public Domain
- except src/udev/* which is (currently still) GPLv2, GPLv2+
+ - except tools/chromiumos/* which is BSD-style
REQUIREMENTS:
Linux kernel >= 3.13
Linux kernel >= 4.2 for unified cgroup hierarchy support
+ Linux kernel >= 5.4 for signed Verity images support
Kernel Config Options:
CONFIG_DEVTMPFS
CONFIG_EFIVAR_FS
CONFIG_EFI_PARTITION
+ Required for signed Verity images support:
+ CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
+
We recommend to turn off Real-Time group scheduling in the
kernel when using systemd. RT group scheduling effectively
makes RT scheduling unavailable for most userspace, since it
libblkid >= 2.24 (from util-linux) (optional)
libkmod >= 15 (optional)
PAM >= 1.1.2 (optional)
- libcryptsetup (optional)
+ libcryptsetup (optional), >= 2.3.0 required for signed Verity images support
libaudit (optional)
libacl (optional)
libselinux (optional)
liblzma (optional)
- liblz4 >= 119 (optional)
+ liblz4 >= 1.3.0 / 130 (optional)
+ libzstd >= 1.4.0 (optional)
libgcrypt (optional)
libqrencode (optional)
libmicrohttpd (optional)
libpython (optional)
libidn2 or libidn (optional)
+ gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls)
+ openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
elfutils >= 158 (optional)
polkit (optional)
+ tzdata >= 2014f (optional)
pkg-config
gperf
docbook-xsl (optional, required for documentation)
xsltproc (optional, required for documentation)
python-lxml (optional, required to build the indices)
- python, meson, ninja
+ python >= 3.5
+ meson >= 0.46 (>= 0.49 is required to build position-independent executables)
+ ninja
gcc, awk, sed, grep, m4, and similar tools
During runtime, you need the following additional
NOTE: If using dbus < 1.9.18, you should override the default
policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
dracut (optional)
- PolicyKit (optional)
+ polkit (optional)
To build in directory build/:
meson build/ && ninja -C build
- Any configuration options can be specfied as -Darg=value... arguments
+ Any configuration options can be specified as -Darg=value... arguments
to meson. After the build directory is initially configured, meson will
refuse to run again, and options must be changed with:
mesonconf -Darg=value...
make use of DynamicUser= now, hence enabling nss-systemd is not
optional.
- Note that the build prefix for systemd must be /usr. -Dsplit-usr=false
- (which is the default and does not need to be specified) is the
- recommended setting, and -Dsplit-usr=true should be used on systems
- which have /usr on a separate partition.
+ Note that the build prefix for systemd must be /usr. (Moreover,
+ packages systemd relies on — such as D-Bus — really should use the same
+ prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the
+ default and does not need to be specified) is the recommended setting,
+ and -Dsplit-usr=true should be used on systems which have /usr on a
+ separate partition.
Additional packages are necessary to run some tests:
- busybox (used by test/TEST-13-NSPAWN-SMOKE)
groups "wheel" and "adm" will be given read-only access to
journal files using systemd-tmpfiles.service.
- The journal gateway daemon requires the
- "systemd-journal-gateway" system user and group to
+ The journal remote daemon requires the
+ "systemd-journal-remote" system user and group to
exist. During execution this network facing service will drop
privileges and assume this uid/gid for security reasons.
- Similarly, the NTP daemon requires the "systemd-timesync" system
- user and group to exist.
-
Similarly, the network management daemon requires the
"systemd-network" system user and group to exist.
NSS:
systemd ships with four glibc NSS modules:
- nss-myhostname resolves the local hostname to locally
- configured IP addresses, as well as "localhost" to
- 127.0.0.1/::1.
+ nss-myhostname resolves the local hostname to locally configured IP
+ addresses, as well as "localhost" to 127.0.0.1/::1.
- nss-resolve enables DNS resolution via the systemd-resolved
- DNS/LLMNR caching stub resolver "systemd-resolved".
+ nss-resolve enables DNS resolution via the systemd-resolved DNS/LLMNR
+ caching stub resolver "systemd-resolved".
nss-mymachines enables resolution of all local containers registered
- with machined to their respective IP addresses. It also maps UID/GIDs
- ranges used by containers to useful names.
+ with machined to their respective IP addresses.
- nss-systemd enables resolution of all dynamically allocated service
- users. (See the DynamicUser= setting in unit files.)
+ nss-systemd enables resolution of users/group registered via the
+ User/Group Record Lookup API (https://systemd.io/USER_GROUP_API/),
+ including all dynamically allocated service users. (See the
+ DynamicUser= setting in unit files.)
To make use of these NSS modules, please add them to the "hosts:",
"passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve"
The four modules should be used in the following order:
- passwd: compat mymachines systemd
- group: compat mymachines systemd
- hosts: files mymachines resolve myhostname
+ passwd: compat systemd
+ group: compat systemd
+ hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
SYSV INIT.D SCRIPTS:
When calling "systemctl enable/disable/is-enabled" on a unit which is a
For more information on this issue consult
https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
- To run systemd under valgrind, compile with VALGRIND defined
- (e.g. CPPFLAGS='... -DVALGRIND=1' meson <options>) and have valgrind
- development headers installed (i.e. valgrind-devel or
- equivalent). Otherwise, false positives will be triggered by code which
- violates some rules but is actually safe. Note that valgrind generates
- nice output only on exit(), hence on shutdown we don't execve()
- systemd-shutdown.
-
-STABLE BRANCHES AND BACKPORTS
+ To run systemd under valgrind, compile with meson option
+ -Dvalgrind=true and have valgrind development headers installed
+ (i.e. valgrind-devel or equivalent). Otherwise, false positives will be
+ triggered by code which violates some rules but is actually safe. Note
+ that valgrind generates nice output only on exit(), hence on shutdown
+ we don't execve() systemd-shutdown.
+STABLE BRANCHES AND BACKPORTS:
Stable branches with backported patches are available in the
systemd-stable repo at https://github.com/systemd/systemd-stable.