X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=README;h=558b8d9195dbac1ca64f75ef7e0be99b4b12cbc3;hp=8aa16fe8c906d6474a5751520bb1d614b2b2df52;hb=a6991726f80c299ac7275f4570e310e1dd5bce96;hpb=644ee2546102f9aa12b11c28b3c5e80b62beb157 diff --git a/README b/README index 8aa16fe8c90..558b8d9195d 100644 --- a/README +++ b/README @@ -35,6 +35,7 @@ LICENSE: REQUIREMENTS: Linux kernel >= 3.13 Linux kernel >= 4.2 for unified cgroup hierarchy support + Linux kernel >= 5.4 for signed Verity images support Kernel Config Options: CONFIG_DEVTMPFS @@ -102,6 +103,9 @@ REQUIREMENTS: CONFIG_EFIVAR_FS CONFIG_EFI_PARTITION + Required for signed Verity images support: + CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG + We recommend to turn off Real-Time group scheduling in the kernel when using systemd. RT group scheduling effectively makes RT scheduling unavailable for most userspace, since it @@ -144,18 +148,19 @@ REQUIREMENTS: libblkid >= 2.24 (from util-linux) (optional) libkmod >= 15 (optional) PAM >= 1.1.2 (optional) - libcryptsetup (optional) + libcryptsetup (optional), >= 2.3.0 required for signed Verity images support libaudit (optional) libacl (optional) libselinux (optional) liblzma (optional) liblz4 >= 1.3.0 / 130 (optional) + libzstd >= 1.4.0 (optional) libgcrypt (optional) libqrencode (optional) libmicrohttpd (optional) libpython (optional) libidn2 or libidn (optional) - gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls) + gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls) openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl) elfutils >= 158 (optional) polkit (optional) @@ -174,7 +179,9 @@ REQUIREMENTS: dependencies: util-linux >= v2.27.1 required - dbus >= 1.11.0 (strictly speaking optional, but recommended) + dbus >= 1.4.0 (strictly speaking optional, but recommended) + NOTE: If using dbus < 1.9.18, you should override the default + policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). dracut (optional) polkit (optional) @@ -255,19 +262,19 @@ USERS AND GROUPS: NSS: systemd ships with four glibc NSS modules: - nss-myhostname resolves the local hostname to locally - configured IP addresses, as well as "localhost" to - 127.0.0.1/::1. + nss-myhostname resolves the local hostname to locally configured IP + addresses, as well as "localhost" to 127.0.0.1/::1. - nss-resolve enables DNS resolution via the systemd-resolved - DNS/LLMNR caching stub resolver "systemd-resolved". + nss-resolve enables DNS resolution via the systemd-resolved DNS/LLMNR + caching stub resolver "systemd-resolved". nss-mymachines enables resolution of all local containers registered - with machined to their respective IP addresses. It also maps UID/GIDs - ranges used by containers to useful names. + with machined to their respective IP addresses. - nss-systemd enables resolution of all dynamically allocated service - users. (See the DynamicUser= setting in unit files.) + nss-systemd enables resolution of users/group registered via the + User/Group Record Lookup API (https://systemd.io/USER_GROUP_API/), + including all dynamically allocated service users. (See the + DynamicUser= setting in unit files.) To make use of these NSS modules, please add them to the "hosts:", "passwd:" and "group:" lines in /etc/nsswitch.conf. The "resolve" @@ -276,8 +283,8 @@ NSS: The four modules should be used in the following order: - passwd: compat mymachines systemd - group: compat mymachines systemd + passwd: compat systemd + group: compat systemd hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname SYSV INIT.D SCRIPTS: