While Systemd was installed when building LFS, there are many features provided by the package that were not included in the initial installation because Linux-PAM was not yet installed. The Systemd package needs to be rebuilt to provide a working systemd-logind service, which provides many additional features for dependent packages.
For the lib32 installation instructions, they require new Meson
cross files from
MLFS, as --libdir=/usr/lib32 has been moved
to the cross files and no longer appear in the instructions.
Install the new cross files so that 32-bit libraries don't get
installed in /usr/lib.
Linux-PAM-1.7.2 is not strictly required to
build Systemd, but the main reason to rebuild Systemd in GLFS
(it's already built in LFS anyway) is for the systemd-logind daemon and the
pam_systemd.so PAM module.
Linux-PAM-1.7.2 is required for them. All
packages in GLFS book with a dependency on Systemd expect that it
has been rebuilt with Linux-PAM-1.7.2.
If a previous version of systemd has been installed, remove a
service as the root user that
will generate errors on following boots:
rm -v /usr/lib/systemd/system/systemd-update-utmp-runlevel.service
Remove two unneeded groups, render
and sgx, from the default udev
rules:
sed -i -e 's/GROUP="render"/GROUP="video"/' \
-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in
Rebuild Systemd by running the following commands:
mkdir build &&
cd build &&
meson setup --prefix=/usr \
--buildtype=release \
-D default-dnssec=no \
-D firstboot=false \
-D install-tests=false \
-D ldconfig=false \
-D man=auto \
-D sysusers=false \
-D rpmmacrosdir=no \
-D homed=disabled \
-D mode=release \
-D pam=enabled \
-D pamconfdir=/etc/pam.d \
-D dev-kvm-mode=0660 \
-D nobody-group=nogroup \
-D sysupdate=disabled \
-D ukify=disabled \
-D docdir=/usr/share/doc/systemd-259.1 \
.. &&
ninja
Now, as the root user:
ninja install
Rebuild lib32-Systemd by running the following commands:
rm -rf * &&
LANG=en_US.UTF-8 \
meson setup --prefix=/usr \
--buildtype=release \
--cross-file=lib32 \
-D default-dnssec=no \
-D firstboot=false \
-D install-tests=false \
-D ldconfig=false \
-D man=disabled \
-D sysusers=false \
-D rpmmacrosdir=no \
-D homed=disabled \
-D userdb=false \
-D mode=release \
-D pam=enabled \
-D pamconfdir=/etc/pam.d \
.. &&
LANG=en_US.UTF-8 ninja
Now, as the root user:
LANG=en_US.UTF-8 DESTDIR=$PWD/DESTDIR ninja install && cp -vR DESTDIR/usr/lib32/security /usr/lib32 && cp -va DESTDIR/usr/lib32/libsystemd.so* /usr/lib32 && cp -va DESTDIR/usr/lib32/libudev.so* /usr/lib32 && cp -v DESTDIR/usr/lib32/pkgconfig/* /usr/lib32/pkgconfig && rm -rf DESTDIR
Inspect meson_options.txt or
meson.options for a full list of
options.
--buildtype=release:
Specify a buildtype suitable for stable releases of the package, as
the default may produce unoptimized binaries.
-D pamconfdir=/etc/pam.d:
Forces the PAM files to be installed in /etc/pam.d rather than
/usr/lib/pam.d.
-D homed=disabled: Removes
a daemon that does not offer any use under a traditional GLFS
configuration, especially using accounts created with useradd. The dependencies needed
won't be installed in this book.
-D ukify=disabled: Removes
a script for combining a kernel, an initramfs, and a kernel command
line etc. into an UEFI application which can be loaded by the UEFI
firmware to start the embedded Linux kernel. It is not needed if
you followed
BLFS' Grub UEFI Setup.
The /etc/pam.d/system-session file
needs to be modified and a new file needs to be created in order
for systemd-logind to
work correctly. Run the following commands as the root user:
grep 'pam_systemd' /etc/pam.d/system-session || cat >> /etc/pam.d/system-session << "EOF"# Begin Systemd addition session required pam_loginuid.so session optional pam_systemd.so # End Systemd additionEOF cat > /etc/pam.d/systemd-user << "EOF"# Begin /etc/pam.d/systemd-user account required pam_access.so account include system-account session required pam_env.so session required pam_limits.so session required pam_loginuid.so session optional pam_keyinit.so force revoke session optional pam_systemd.so auth required pam_deny.so password required pam_deny.so # End /etc/pam.d/systemd-userEOF
As the root user, replace the
running systemd
manager (the init
process) with the systemd executable newly built
and installed:
systemctl daemon-reexec
If you're in a chroot, the above command will be ignored with a message, but it will not return an error. If running in a Bash session that exits on error, the above command won't halt it. Running it is safe.
A desktop environment often runs as a group of user services. These
services are spawned by the per-user instance, instead of the login
shell. To ensure those services get the environment variables set
from /etc/profile.d, as the
root user, install an environment
generator to dump all the relevant exported environment variables
into the per-user instance when the instance starts to run:
install -vDm755 /dev/stdin /etc/systemd/user-environment-generators/50-profile.sh << "EOF"
#!/usr/bin/env -S -i /usr/bin/bash
# SPDX-License-Identifier: MIT
. /etc/profile
# Systemd should have already set a better value for them.
unset XDG_RUNTIME_DIR
for i in $(locale); do
unset ${i%=*}
done
# Some shell magic that we don't want to expose.
unset SHLVL
# Systemd does not want to pass functions to the environment
for i in $(declare -pF | awk '{print $3}'); do
unset -f $i
done
python3 << _EOF
import os
for var in os.environ:
# Simply unsetting them in shell does not work.
if var in ['LC_CTYPE', '_']:
continue
print(var + '=' + os.environ[var])
_EOF
EOF
The above install
command(s) need some explanation. Typically in the books when
configuration files get created, cat is used. It uses a Bash
feature called “heredoc” which takes optionally multiple
lines of input until a given term, and forwards it to something.
In the cat command,
heredoc is used to feed into /dev/stdin, and cat writes from /dev/stdin to the specified file.
As for install, its
use is more in-depth and has a lot more going on. In premise, it
is doing the same thing as the cat commands. It heredocs to
/dev/stdin and is forwarded to a
file; install does
the writing. In a more straightforward way, it copies
/dev/stdin to the specified file,
which was filled by the heredoc. It has been used over
cat so that the
permissions can be set and the directory the file needs to be in
will be created in the process.
Read systemd.environment-generator(7) for details about the environment generators.
If you've edited the contents of /etc/profile.d when a desktop environment is
running, you must sync the changes as the normal user (the below
commands must be ran once for every user except root and must be ran as that user):
systemctl --user unset-environment \ $(/etc/systemd/user-environment-generators/50-profile.sh | sed 's/=.*//') systemctl --user daemon-reload
Now ensure Shadow-4.19.3 has been already rebuilt with Linux-PAM-1.7.2 support first, then logout, and login again. This ensures the running login session registered with systemd-logind and a per-user Systemd instance running for each user owning a login session. Many GLFS packages listing Systemd as a dependency need the systemd-logind integration and/or a running per-user Systemd instance.
If you are upgrading from a previous version of Systemd and an initrd is used for system boot, you should generate a new initrd before rebooting the system.
A list of the installed files, along with their short descriptions can be found at https://www.linuxfromscratch.org/mlfs/view/13.0-m32/chapter08/systemd.html#contents-systemd.
Listed below are the newly installed library along with a short description.