Beyond Linux® From Scratch (systemd Edition) - Version 11.0

Chapter 12. System Utilities

Systemd-249

Introduction to systemd

While systemd was installed when building LFS, there are many features provided by the package that were not included in the initial installation because Linux-PAM was not yet installed. The systemd package needs to be rebuilt to provide a working systemd-logind service, which provides many additional features for dependent packages.

This package is known to build and work properly using an LFS-11.0 platform.

Package Information

Additional Downloads

systemd Dependencies

Required

Jinja2-3.0.1 and Linux-PAM-1.5.1

Recommended Runtime Dependencies

Polkit-0.119

Optional

btrfs-progs-5.13.1, cURL-7.78.0, cryptsetup-2.3.6, git-2.33.0, GnuTLS-3.7.2, iptables-1.8.7, libgcrypt-1.9.4, libidn2-2.3.2, libpwquality-1.4.4, libseccomp-2.5.1, libxkbcommon-1.3.0, make-ca-1.7, p11-kit-0.24.0, pcre2-10.37, qemu-6.1.0, qrencode-4.1.1, rsync-3.2.3, Valgrind-3.17.0, zsh-5.8 (for the zsh completions), gnu-efi, kexec-tools, libdw, libfido2, libmicrohttpd, lz4, quota-tools, Sphinx, and tpm2-tss

Optional (to rebuild the manual pages)

docbook-xml-4.5, docbook-xsl-1.79.2, libxslt-1.1.34, and lxml-4.6.3 (to build the index of systemd manual pages)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/systemd

Installation of systemd

Apply a patch to fix a security vulnerability: 

patch -Np1 -i ../systemd-249-upstream_fixes-1.patch

Remove two unneeded groups, render and sgx, from the default udev rules: 

sed -i -e 's/GROUP="render"/GROUP="video"/' \
       -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in

Rebuild systemd by running the following commands: 

mkdir build &&
cd    build &&

meson --prefix=/usr                 \
      --buildtype=release           \
      -Dblkid=true                  \
      -Ddefault-dnssec=no           \
      -Dfirstboot=false             \
      -Dinstall-tests=false         \
      -Dldconfig=false              \
      -Dman=auto                    \
      -Dsysusers=false              \
      -Drpmmacrosdir=no             \
      -Db_lto=false                 \
      -Dhomed=false                 \
      -Duserdb=false                \
      -Dmode=release                \
      -Dpamconfdir=/etc/pam.d       \
      -Ddocdir=/usr/share/doc/systemd-249 \
      ..                            &&

ninja
[Note]

Note

For the best test results, make sure you run the testsuite from a system that is booted by the same systemd version you are rebuilding.

To test the results, issue: PATH+=:/usr/sbin ninja test.

Now, as the root user: 

ninja install

Command Explanations

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-Dpamconfdir=/etc/pam.d: Forces the PAM files to be installed in /etc/pam.d rather than /usr/lib/pam.d.

-Duserdb=false: Removes a daemon that does not offer any use under a BLFS configuration. If you wish to enable the userdbd daemon, replace "false" with "true" in the above meson command.

-Dhomed=false: Removes a daemon that does not offer any use under a traditional BLFS configuration, especially using accounts created with useradd. To enable systemd-homed, first ensure that you have cryptsetup-2.3.6 and libpwquality-1.4.4, and then change "false" to "true" in the above meson command.

Configuring systemd

The /etc/pam.d/system-session file needs to be modified and a new file needs to be created in order for systemd-logind to work correctly. Run the following commands as the root user: 

cat >> /etc/pam.d/system-session << "EOF"
# Begin Systemd addition
    
session  required    pam_loginuid.so
session  optional    pam_systemd.so

# End Systemd addition
EOF

cat > /etc/pam.d/systemd-user << "EOF"
# Begin /etc/pam.d/systemd-user

account  required    pam_access.so
account  include     system-account

session  required    pam_env.so
session  required    pam_limits.so
session  required    pam_unix.so
session  required    pam_loginuid.so
session  optional    pam_keyinit.so force revoke
session  optional    pam_systemd.so

auth     required    pam_deny.so
password required    pam_deny.so

# End /etc/pam.d/systemd-user
EOF
[Warning]

Warning

If upgrading from a previous version of systemd and an initrd is used for system boot, you should generate a new initrd before rebooting the system.

Contents

A list of the installed files, along with their short descriptions can be found at ../../../../lfs/view/11.0/chapter08/systemd.html#contents-systemd.

Listed below are the newly installed libraries and directories along with short descriptions.

Installed Programs: homectl (if cryptsetup-2.3.6 is installed) and userdbctl (optionally)
Installed Libraries: pam_systemd.so (in /lib/security)
Installed Directories: None

Short Descriptions

homectl

is a tool to create, remove, change, or inspect a home directory managed by systemd-homed; note that it's useless for the classic UNIX users and home directories which we are using in LFS/BLFS book

userdbctl

inspects users, groups, and group memberships

pam_systemd.so

is a PAM module used to register user sessions with the systemd login manager, systemd-logind

Last updated on