Beyond Linux® From Scratch (systemd Edition) - Version 11.3

Chapter 12. System Utilities

Systemd-252

Introduction to systemd

While systemd was installed when building LFS, there are many features provided by the package that were not included in the initial installation because Linux-PAM was not yet installed. The systemd package needs to be rebuilt to provide a working systemd-logind service, which provides many additional features for dependent packages.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Additional Downloads

systemd Dependencies

Required

Linux-PAM-1.5.2

Recommended Runtime Dependency

Polkit-122

Optional

btrfs-progs-6.1.3, cURL-7.88.1, cryptsetup-2.4.3, git-2.39.2, GnuTLS-3.8.0, iptables-1.8.9, libgcrypt-1.10.1, libidn2-2.3.4, libpwquality-1.4.5, libseccomp-2.5.4, libxkbcommon-1.5.0, make-ca-1.12, p11-kit-0.24.1, pcre2-10.42, qemu-7.2.0, qrencode-4.1.1, rsync-3.2.7, sphinx-6.1.3, Valgrind-3.20.0, zsh-5.9 (for the zsh completions), gnu-efi, kexec-tools, libbpf, libdw, libfido2, libmicrohttpd, lz4, quota-tools, and tpm2-tss

Optional (to rebuild the manual pages)

docbook-xml-4.5, docbook-xsl-nons-1.79.2, libxslt-1.1.37, and lxml-4.9.2 (to build the index of systemd manual pages)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/systemd

Installation of systemd

First, fix a security issue in systemd-coredump: 

patch -Np1 -i ../systemd-252-security_fix-1.patch

Remove two unneeded groups, render and sgx, from the default udev rules: 

sed -i -e 's/GROUP="render"/GROUP="video"/' \
       -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in

Rebuild systemd by running the following commands: 

mkdir build &&
cd    build &&

meson --prefix=/usr                 \
      --buildtype=release           \
      -Ddefault-dnssec=no           \
      -Dfirstboot=false             \
      -Dinstall-tests=false         \
      -Dldconfig=false              \
      -Dman=auto                    \
      -Dsysusers=false              \
      -Drpmmacrosdir=no             \
      -Dhomed=false                 \
      -Duserdb=false                \
      -Dmode=release                \
      -Dpam=true                    \
      -Dpamconfdir=/etc/pam.d       \
      -Ddocdir=/usr/share/doc/systemd-252 \
      ..                            &&

ninja
[Note]

Note

For the best test results, make sure you run the test suite from a system that is booted by the same systemd version you are rebuilding.

To test the results, issue: PATH+=:/usr/sbin ninja test.

Now, as the root user: 

ninja install

Command Explanations

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-Dpamconfdir=/etc/pam.d: Forces the PAM files to be installed in /etc/pam.d rather than /usr/lib/pam.d.

-Duserdb=false: Removes a daemon that does not offer any use under a BLFS configuration. If you wish to enable the userdbd daemon, replace "false" with "true" in the above meson command.

-Dhomed=false: Removes a daemon that does not offer any use under a traditional BLFS configuration, especially using accounts created with useradd. To enable systemd-homed, first ensure that you have cryptsetup-2.4.3 and libpwquality-1.4.5 installed, and then change "false" to "true" in the above meson command.

Configuring systemd

The /etc/pam.d/system-session file needs to be modified and a new file needs to be created in order for systemd-logind to work correctly. Run the following commands as the root user: 

grep 'pam_systemd' /etc/pam.d/system-session ||
cat >> /etc/pam.d/system-session << "EOF"
# Begin Systemd addition

session  required    pam_loginuid.so
session  optional    pam_systemd.so

# End Systemd addition
EOF

cat > /etc/pam.d/systemd-user << "EOF"
# Begin /etc/pam.d/systemd-user

account  required    pam_access.so
account  include     system-account

session  required    pam_env.so
session  required    pam_limits.so
session  required    pam_unix.so
session  required    pam_loginuid.so
session  optional    pam_keyinit.so force revoke
session  optional    pam_systemd.so

auth     required    pam_deny.so
password required    pam_deny.so

# End /etc/pam.d/systemd-user
EOF
[Warning]

Warning

If upgrading from a previous version of systemd and an initrd is used for system boot, you should generate a new initrd before rebooting the system.

Contents

A list of the installed files, along with their short descriptions can be found at ../../../../lfs/view/11.3-systemd/chapter08/systemd.html#contents-systemd.

Listed below are the newly installed programs along with short descriptions.

Installed Programs: homectl (if cryptsetup-2.4.3 is installed), systemd-cryptenroll (if cryptsetup-2.4.3 is installed), and userdbctl (optionally)

Short Descriptions

homectl

is a tool to create, remove, change, or inspect a home directory managed by systemd-homed; note that it's useless for the classic UNIX users and home directories which we are using in LFS/BLFS book

systemd-cryptenroll

Is used to enroll or remove a system from full disk encryption, as well as set and query private keys and recovery keys

userdbctl

inspects users, groups, and group memberships

pam_systemd.so

is a PAM module used to register user sessions with the systemd login manager, systemd-logind