[blfs-dev] Post LFS Systemd configuration

Armin K. krejzi at email.com
Sat Dec 21 15:42:50 PST 2013


Here's a quickly written version what would BLFS systemd
instruction sort of look like:

I don't think I'll have time in next two weeks to work on anything, but
this should cover most of what's needed for BLFS.



Dependencies:

Required for BLFS, but optional for systemd:

glib-2.0 and gobject-introspection for libgudev-1.0.so and its
gobject-introspection binding. Required for any package which requires
"Udev Extras".

Linux-PAM with shadow reconfigured afterwards for pam_systemd.so which
is required for packages that require ConsoleKit, and logind is the
replacement for ConsoleKit.

Required runtime dependency if pam_systemd.so is installed and configured
is Polkit.

Note that with Polkit present and logind configured correctly
(pam_systemd.so configuration below done correctly), an user can reboot,
shut down the system without needing the root privileges. Recommendation
is that --with-authfw=shadow configuration option from Oolkit is removed
in this case, and that polkit also initializes pam for its authentication.
Don't forget to create PAM config file for Polkit.

Another note is that Polkit will rely on logind being available at runtime,
so basically any app that relies on Polkit expects logind available
and configured. Also, Polkit should be built after systemd so it will be
configured properly to use logind.

Some of the optional packages are (from BLFS)

libgcrypt (see note), libxslt along with docbook-xml and docbook-xslt to
build man pages, gtk-doc to build udev api manuals.

Some of the optional dependencies that are not part of BLFS (I have no
links available, sorry)

cryptsetup, libmicrohttpd, libselinux, audit, tcpwrappers, libqrencode

The configuration is same as in LFS, except that --without-python
and --disable-gudev statements are ommited.

./configure --prefix=/usr \
            --sysconfdir=/etc \
            --localstatedir=/var \
            --libexecdir=/usr/lib \
            --docdir=/usr/share/doc/systemd-208 \
            --with-rootprefix= \
            --with-rootlibdir=/lib \
            --enable-split-usr

sed -i s:test/udev-test.pl::g Makefile
make

The testsuite should be possible to run if the system is booted
using the same version of Systemd that is being rebuilt to include
extra stuff. The sed that is ran before make removes a test that
fails for a reason unknown to me. To run the testsuite

make check

I have ran it as root since I have no standard user on this new install.

Installing the package will override all Systemd components
installed in LFS, so it is advised that reinstall is done
in a rescue mode with no programs except basic systemd ones running
To enter rescue mode with systemd, run as root from a vt console:

systemctl start rescue.target

The install should be ran as root

make install

And then repeat some steps from LFS

mv -v /usr/lib/libnss_myhostname.so.2 /lib
sed -i "s at 0775 root lock at 0755 root root at g" /usr/lib/tmpfiles.d/legacy.conf

If libxslt, docbook-xml and docbook-xsl were installed, the manual pages
should have been built and installed my make install. LFS installs them
manually.

The sysvinit compat symlinks should still be in place.

And finally, some PAM configuration that is mandatory for logind

cat >> /etc/pam.d/system-session << "EOF"
# Begin Systemd addition

session   optional    pam_loginuid.so
session   optional    pam_systemd.so

# End Systemd addition
EOF


cat > /etc/pam.d/systemd-user << "EOF"
# Begin /etc/pam.d/systemd-user

account  required pam_access.so
account  include  system-account

session  required pam_env.so
session  required pam_limits.so
session  include  system-session

auth     required pam_deny.so
password required pam_deny.so

# End /etc/pam.d/systemd-user
EOF

You shouldn't need to run systemd-machine-id-setup, since that file is
generated once and it lasts basically forever.

After this, system should be rebooted so new changes
are taken into effect.

Note:

If libgcrypt is present at systemd build time, then
the shared library should be moved to /lib, along
with its dependency, libgpg-error:

mv -v /usr/lib/libgcrypt.so.* /usr/lib/libgpg-error.so.* /lib
ln -sfv ../../lib/$(readlink /usr/lib/libgcrypt.so) /usr/lib/libgcrypt.so
ln -sfv ../../lib/$(readlink /usr/lib/libgpg-error.so)
/usr/lib/libgpg-error.so

Newly installed stuff (required deps only)

libgudev-1.0.so shared library and GUdev-1.0.{typelib,gir} gobject
introspection
bindings in /usr/lib/girepository-1.0 and /usr/share/gir-1.0 respectively.

/usr/include/gudev-1.0 directory.

pam_systemd.so Linux-PAM module in /lib/security.

Several Python specific files in /usr/lib/python2.7/site-packages/systemd.

-- 
Note: My last name is not Krejzi.



More information about the blfs-dev mailing list