Ticket #1003 (closed task: fixed)

Opened 3 years ago

Last modified 5 months ago

Systemd 233 Version Upgrade

Reported by: kb0iic Owned by: clfs-commits@…
Priority: critical Milestone: CLFS Standard 3.1.0
Component: BOOK Version: CLFS Standard GIT
Keywords: Cc: berzerkula@…, jonathan@…, chris@…

Description (last modified by kb0iic) (diff)

New version

Download and Patch:  http://www.linuxfromscratch.org/~krejzi/systemd/systemd-233.tar.xz

Patch no longer needed  http://www.linuxfromscratch.org/~krejzi/systemd/systemd-229-compat-1.patch

I suggest we conform our user ids and group ids to LFS since a lot of people use BLFS rather than our ancient CBLFS.

This is what I have been using for my current builds:

cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/dev/null:/bin/false
daemon:x:6:6:Daemon User:/dev/null:/bin/false
messagebus:x:18:18:D-Bus Message Daemon User:/var/run/dbus:/bin/false
systemd-bus-proxy:x:72:72:systemd Bus Proxy:/:/bin/false
systemd-journal-gateway:x:73:73:systemd Journal Gateway:/:/bin/false
systemd-journal-remote:x:74:74:systemd Journal Remote:/:/bin/false
systemd-journal-upload:x:75:75:systemd Journal Upload:/:/bin/false
systemd-network:x:76:76:systemd Network Management:/:/bin/false
systemd-resolve:x:77:77:systemd Resolver:/:/bin/false
systemd-timesync:x:78:78:systemd Time Synchronization:/:/bin/false
nobody:x:65534:65533:Unprivileged User:/dev/null:/bin/false

cat /etc/group
root:x:0:
bin:x:1:daemon
sys:x:2:
kmem:x:3:
tape:x:4:
tty:x:5:
daemon:x:6:
floppy:x:7:
disk:x:8:
lp:x:9:
dialout:x:10:
audio:x:11:
video:x:12:
utmp:x:13:
usb:x:14:
cdrom:x:15:
adm:x:16:
messagebus:x:18:
systemd-journal:x:23:
input:x:24:
mail:x:34:
wheel:x:39:
systemd-bus-proxy:x:72:
systemd-journal-gateway:x:73:
systemd-journal-remote:x:74:
systemd-journal-upload:x:75:
systemd-network:x:76:
systemd-resolve:x:77:
systemd-timesync:x:78:
nogroup:x:65533:
users:x:1000:

Don't need users. Was just checking out what LFS has been doing.

Attachments

systemd-226-compat-1.patch Download (8.3 KB) - added by kb0iic 2 years ago.
Compat patch for Systemd 226

Change History

comment:1 Changed 3 years ago by kb0iic

  • Description modified (diff)
  • Summary changed from Systemd 216 Version Upgrade to Systemd 217 Version Upgrade

comment:4 Changed 3 years ago by kb0iic

  • Priority changed from major to critical

comment:5 Changed 3 years ago by blackadder

these are the ones i have added to users

systemd-timesync:x:41:41:systemd-timesync:/dev/null:/bin/false

systemd-network:x:42:42:systemd-network:/dev/null:/bin/false

systemd-resolve:x:43:43:systemd-resolve:/dev/null:/bin/false

systemd-bus-proxy:x:44:44:systemd-bus-proxy:/dev/null:/bin/false

systemd-journal-gateway:x:45:45:systemd-journal-gateway:/dev/null:/bin/false

systemd-journal-remote:x:46:46:systemd-journal-remote:/:/bin/false

systemd-journal-upload:x:47:47:systemd-journal-upload:/:/bin/false

and groups

input:x:19: needed by eudev and systemd

systemd-journal:x:40:

systemd-timesync:x:41:

systemd-network:x:42:

systemd-resolve:x:43:

systemd-bus-proxy:x:44:

systemd-journal-gateway:x:45:

systemd-journal-remote:x:46:

systemd-journal-upload:x:47:

comment:6 Changed 3 years ago by kb0iic

So we will need to upgrade the kernel version requirement only for the SYSTEMD book.

We will also need to fix Minimum Supported Kernel Upgrade for Systemd when upgrading and closing this ticket as fixed.

comment:9 Changed 3 years ago by kb0iic

  • Description modified (diff)
  • Summary changed from Systemd 217 Version Upgrade to Systemd 218 Version Upgrade

comment:10 Changed 2 years ago by kb0iic

  • Summary changed from Systemd 218 Version Upgrade to Systemd 219 Version Upgrade

comment:12 Changed 2 years ago by chris@…

Systemd 219 doesn't need the --with-dbus* switches anymore, since it now sets dbus directories to reasonable default locations rather than trying to use pkg-config to locate them. Also, --enable-split-usr isn't needed since it's assumed by default when prefix != rootprefix.

comment:13 Changed 2 years ago by kb0iic

  • Summary changed from Systemd 219 Version Upgrade to Systemd 221 Version Upgrade

comment:16 Changed 2 years ago by kb0iic

  • Description modified (diff)
  • Summary changed from Systemd 221 Version Upgrade to Systemd 224 Version Upgrade

comment:17 Changed 2 years ago by kb0iic

  • Description modified (diff)

comment:18 Changed 2 years ago by kb0iic

Along with the switches Chris mentioned:

--with-dbus*
--enable-split-usr

Add:

--disable-firstboot
--disable-ldconfig
--disable-sysusers
--without-python

--without-python

This switch prevents configure from trying to use Python which isn't built in LFS.

--disable-firstboot

This switch prevents installation of systemd services responsible for setting up the system for the first time. They are not useful for LFS because everything is done manually.

--disable-ldconfig (could let the user decide that)

This switch prevents installation of a systemd unit that runs ldconfig at boot, making the boot time longer. Remove it if the described feature is desired, even though it's not useful for source distributions such as LFS.

--disable-sysusers

This switch prevents installation of systemd services responsible for setting up the /etc/group and /etc/passwd files. Both files were created early in this chapter.

comment:19 Changed 2 years ago by kb0iic

Gudev has been removed from the systemd tree and is now at  https://git.gnome.org/browse/libgudev/

No longer need:

--disable-gudev

comment:20 Changed 2 years ago by kb0iic

So with removing the dbus* options we have the following for pure64:

        prefix:                  /usr
        rootprefix:              
        sysconf dir:             /etc
        datarootdir:             ${prefix}/share
        includedir:              ${prefix}/include
        lib dir:                 ${exec_prefix}/lib
        rootlib dir:             /lib
        SysV init scripts:       /etc/init.d
        SysV rc?.d directories:  /etc/rc.d
        Build Python:            
        sphinx binary:           
        PAM modules dir:         /lib/security
        PAM configuration dir:   /etc/pam.d
        D-Bus policy dir:        /etc/dbus-1/system.d
        D-Bus session dir:       ${datarootdir}/dbus-1/services
        D-Bus system dir:        ${datarootdir}/dbus-1/system-services
        Bash completions dir:    ${datarootdir}/bash-completion/completions
        Zsh completions dir:     ${datarootdir}/zsh/site-functions

comment:21 Changed 2 years ago by kb0iic

We can remove:

sed -i '/virt-install-hook /d' Makefile.in

sed -i '/timesyncd.conf/d' src/timesync/timesyncd.conf.in (man page exists now)

sed -i '/-l/d' src/fsck/fsck.c  (fixed a long time ago)

cc_cv_CFLAGS__flto=no   (not needed during configure)

Adjust the next command to move more libraries:

mv -v /usr/lib/libnss_myhostname.so.2 /lib

to

mv -v /usr/lib/libnss_{myhostname,mymachines,resolve}.so.2 /lib

comment:22 Changed 2 years ago by kb0iic

Check logs before install:

Testsuite summary for systemd 224
============================================================================
# TOTAL: 111
# PASS:  84
# SKIP:  19
# XFAIL: 0
# FAIL:  8
# XPASS: 0
# ERROR: 0
============================================================================

Check logs after install:

Testsuite summary for systemd 224
============================================================================
# TOTAL: 111
# PASS:  94
# SKIP:  15
# XFAIL: 0
# FAIL:  2
# XPASS: 0
# ERROR: 0
============================================================================

2 FAILED:

FAIL: test-bus-creds FAIL: test/udev-test.pl

FAIL: test-bus-creds ====================

Assertion 'r >= 0' failed at src/libsystemd/sd-bus/test-bus-creds.c:31, function main(). Aborting. FAIL test-bus-creds (exit status: 134)

test/ude-test.pl fails because /usr/lib/udev/rules.d doesn't exist

comment:23 Changed 2 years ago by chris@…

With version 224, systemd-python has been split to a separate package, so systemd itself no longer uses python (configure still checks for it, but even if found, it's not used during make or make install). Therefore, --without-python is not needed.

comment:25 Changed 2 years ago by kb0iic

Systemd 226 is released. Going to test that now.

Used the debian system to run autogen.sh and prepare for build. Didn't find a source tarball already ready generated.

 http://clfs.org/~kb0iic/patches/systemd-226-config-1.patch

Last edited 2 years ago by kb0iic (previous) (diff)

Changed 2 years ago by kb0iic

Compat patch for Systemd 226

comment:26 Changed 2 years ago by kb0iic

Following configure command and results:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
            --with-rootprefix= --with-rootlibdir=/lib --enable-split-usr \
            --disable-firstboot --disable-ldconfig --disable-sysusers \
            --without-python --docdir=/usr/share/doc/systemd-226

Results:

        systemd 226

        libcryptsetup:           no
        PAM:                     no
        AUDIT:                   no
        IMA:                     yes
        AppArmor:                no
        SELinux:                 no
        SECCOMP:                 no
        SMACK:                   yes
        ZLIB:                    yes
        XZ:                      yes
        LZ4:                     no
        BZIP2:                   yes
        ACL:                     yes
        GCRYPT:                  no
        QRENCODE:                no
        MICROHTTPD:              no
        GNUTLS:                  no
        libcurl:                 no
        libidn:                  no
        libiptc:                 no
        ELFUTILS:                no
        binfmt:                  yes
        vconsole:                yes
        bootchart:               yes
        quotacheck:              yes
        tmpfiles:                yes
        sysusers:                no
        firstboot:               no
        randomseed:              yes
        backlight:               yes
        rfkill:                  yes
        logind:                  yes
        machined:                yes
        importd:                 yes
        hostnamed:               yes
        timedated:               yes
        timesyncd:               yes
        default NTP servers:     time1.google.com time2.google.com time3.google.com time4.google.com
        time epoch:              1441713802
        localed:                 yes
        networkd:                yes
        resolved:                yes
        default DNS servers:     8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
        coredump:                yes
        polkit:                  yes
        efi:                     yes
        gnuefi:                  no
        efi arch:                x86_64
        EFI machine type:        x64
        EFI CC                   gcc
        EFI libdir:              /usr/lib
        EFI ldsdir:              /usr/lib
        EFI includedir:          /usr/include
        kmod:                    yes
        xkbcommon:               no
        blkid:                   yes
        libmount:                yes
        dbus:                    no
        nss-myhostname:          yes
        hwdb:                    yes
        kdbus:                   yes
        Python:                  no
        man pages:               yes
        test coverage:           no
        Split /usr:              yes
        SysV compatibility:      yes
        compatibility libraries: no
        utmp/wtmp support:       yes
        ldconfig support:        no
        hibernate support:       yes
        extra debugging:         none

        prefix:                  /usr
        rootprefix:              
        sysconf dir:             /etc
        datarootdir:             ${prefix}/share
        includedir:              ${prefix}/include
        lib dir:                 ${exec_prefix}/lib
        rootlib dir:             /lib
        SysV init scripts:       /etc/init.d
        SysV rc?.d directories:  /etc/rc.d
        Build Python:            
        PAM modules dir:         /lib/security
        PAM configuration dir:   /etc/pam.d
        D-Bus policy dir:        /etc/dbus-1/system.d
        D-Bus session dir:       ${datarootdir}/dbus-1/services
        D-Bus system dir:        ${datarootdir}/dbus-1/system-services
        Bash completions dir:    ${datarootdir}/bash-completion/completions
        Zsh completions dir:     ${datarootdir}/zsh/site-functions
        Extra start script:      /etc/rc.local
        Extra stop script:       /usr/sbin/halt.local
        Debug shell:             /bin/sh @ /dev/tty9
        TTY GID:                 5
        Maximum System UID:      999
        Maximum System GID:      999
        Certificate root:        /etc/ssl
        Default dkr Index        NULL

        CFLAGS:                   -pipe -Wall -Wextra -Wundef -Wformat=2 -Wformat-security -Wformat-nonliteral -Wlogical-op -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wdeclaration-after-statement -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=missing-declarations -Werror=return-type -Werror=shadow -Wstrict-prototypes -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Werror=overflow -Wdate-time -Wnested-externs -ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -fstack-protector -fstack-protector-strong -fPIE --param=ssp-buffer-size=4 -flto -ffunction-sections -fdata-sections   -g -O2
        CPPFLAGS:                 -Wp,-D_FORTIFY_SOURCE=2   
        LDFLAGS:                  -Wl,--gc-sections -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -pie -Wl,-fuse-ld=gold

Gold exists as my test build has the gold linker available.

comment:27 Changed 2 years ago by kb0iic

I give up on trying to build a source archive for systemd 226 which can be built with our CLFS build. I wish the devs would release a build ready for build with configure. Apparently they only release via github and need to use autogen.sh. Always a mismiatch of automake versions and Po issues. Anyone have ideas on how to distribute a usable systemd tarball of use with LFS/CLFS?

comment:28 Changed 2 years ago by blackadder

Does not running ./autogen.sh c, then make distcheck work ? (full environment) To get the prebuilt docs/man pages you would have to build them first and then probably do some hacking on the make files to get them installed.

comment:29 Changed 2 years ago by kb0iic

We have to roll our own tarballs. Armin has a patch to help out for creating a distributable tarball. I haven't tried it, but it is located at  http://www.linuxfromscratch.org/~krejzi/systemd-make-dist.patch

comment:30 Changed 2 years ago by kb0iic

Okay, I have rolled my own tarball and will upload it to the clfs server this evening.

comment:31 Changed 2 years ago by kb0iic

  • Summary changed from Systemd 224 Version Upgrade to Systemd 226 Version Upgrade

comment:32 Changed 2 years ago by kb0iic

I've put the tarball into ftp conglomeration. Please test the tarball and make sure all is fine. I've only tested with x86_64 pure64bit build via the boot method.

 http://ftp.clfs.org/pub/clfs/conglomeration/systemd/systemd-226.tar.xz

comment:33 follow-up: ↓ 36 Changed 2 years ago by kb0iic

Adding the following group to /etc/group file when upgrading Systemd. No longer needed in the systemd-networkd section. Add this when creating /etc/group and /etc/passwd.

12.5.2. Using Timesyncd

groupadd -g 41 systemd-timesync
useradd -g systemd-timesync -u 41 -d /dev/null -s /bin/false systemd-timesync

Systmed-networkd is enabled by default. No longer need the following

systemctl enable systemd-timesyncd

Systemd-resolved deals with network name resolution. The link for resolv.conf needs to be changed:

ln -sfv /run/systemd/resolve/resolv.conf /etc

It is no longer /run/systemd/network/resolv.conf

Last edited 22 months ago by kb0iic (previous) (diff)

comment:34 Changed 2 years ago by kb0iic

  • Summary changed from Systemd 226 Version Upgrade to Systemd 227 Version Upgrade

Moving to Systemd 227:

Announcement  http://lists.freedesktop.org/archives/systemd-devel/2015-October/034509.html

Our book will be at Util-linux-2.27 once I get past this mulitlib build.

Files we need are at:

 https://www.linuxfromscratch.org/~krejzi/systemd/

comment:35 Changed 23 months ago by kb0iic

Multilib 32bit

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" ./configure \
    --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib \
    --with-rootprefix= --with-rootlibdir=/lib --enable-split-usr --disable-firstboot \
    --disable-ldconfig --disable-sysusers --without-python \
    --docdir=/usr/share/doc/systemd-227 --with-kbd-loadkeys=/bin/loadkeys \
    --with-kbd-setfont=/bin/setfont cc_cv_CFLAGS__flto=no &&
make &&
make install-libLTLIBRARIES &&
make install-pkgconfiglibDATA &&
mv -v /usr/lib/libnss_{my{hostname,machines},resolve}.so.2 /lib

Multilib 64bit

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure \
    --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 \
    --libexecdir=/usr/lib64 --with-rootprefix= --with-rootlibdir=/lib64 \
    --enable-split-usr --disable-firstboot --disable-ldconfig --disable-sysusers \
    --without-python --docdir=/usr/share/doc/systemd-227 \
    --with-kbd-loadkeys=/bin/loadkeys --with-kbd-setfont=/bin/setfont \
    cc_cv_CFLAGS__flto=no &&
make &&
make check &&
make install

Testsuite FAILS:

===================================
   systemd 227: ./test-suite.log
===================================

# TOTAL: 113
# PASS:  86
# SKIP:  19
# XFAIL: 0
# FAIL:  8
# XPASS: 0
# ERROR: 0

FAIL: test-strv
FAIL test-strv (exit status: 134)
FAIL: test-condition
FAIL test-condition (exit status: 134)
FAIL: test-execute
FAIL test-execute (exit status: 134)
FAIL: test-copy
FAIL test-copy (exit status: 134)
FAIL: test-dhcp-client
FAIL test-dhcp-client (exit status: 134)
FAIL: test-dhcp6-client
FAIL test-dhcp6-client (exit status: 134)
FAIL: test-journal-flush
FAIL test-journal-flush (exit status: 134)
FAIL: test/udev-test.pl
FAIL test/udev-test.pl (exit status: 1)

comment:36 in reply to: ↑ 33 Changed 21 months ago by chris@…

Replying to kb0iic:

Systemd-resolved deals with network name resolution. The link for resolv.conf needs to be changed:

ln -sfv /run/systemd/resolve/resolv.conf /etc

It is no longer /run/systemd/network/resolv.conf

That link is automatically created on boot by one of systemd's installed "tmpfiles.d" conf files, so there's no need to create it manually.

comment:37 Changed 19 months ago by chris@…

Summing up installation commands for systemd 228 (on non-multilib):

patch -Np1 -i ../systemd-228-compat-1.patch
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --docdir=/usr/share/doc/systemd-228 \
    --with-rootprefix="" \
    --with-rootlibdir=/lib \
    --disable-firstboot \
    --disable-ldconfig \
    --disable-sysusers \
    --with-kbd-loadkeys=/bin/loadkeys \
    --with-kbd-setfont=/bin/setfont
make
make check
make install
install -v -m644 man/*.html /usr/share/doc/systemd-228
mv -v /usr/lib/libnss_{myhostname,mymachines,resolve}.so.2 /lib
rm -rfv /usr/lib/rpm
for tool in runlevel reboot shutdown poweroff halt telinit; do
  ln -sfv ../bin/systemctl /sbin/$tool
done
ln -sfv ../lib/systemd/systemd /sbin/init
systemd-machine-id-setup

Use the /etc/passwd and /etc/group mentioned in the first comment.

The only change I made for going from 228 to 229 was the addition of a group and user called "systemd-coredump".

comment:38 Changed 19 months ago by kb0iic

  • Description modified (diff)
  • Summary changed from Systemd 227 Version Upgrade to Systemd 229 Version Upgrade

comment:39 Changed 19 months ago by chris@…

One thing I missed: current systemd expects to use xsltproc to build manpages by default and will fail if it's not found. To prevent this, add --disable-manpages to configure.

comment:40 Changed 19 months ago by chris@…

OK, adding --disable-manpages does allow the build to continue, but manpages are also not installed. I found a fix in the LFS systemd book for this: set the XSLTPROC variable on the configure command. This way it doesn't try unsuccessfully to find xsltproc, but will still install manpages. Taking this into account, here's a revised set of commands for installing systemd 229:

patch -Np1 -i ../systemd-229-compat-1.patch
XSLTPROC=/usr/bin/xsltproc \
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --docdir=/usr/share/doc/systemd-229 \
    --with-rootprefix="" \
    --with-rootlibdir=/lib \
    --disable-firstboot \
    --disable-ldconfig \
    --disable-sysusers \
    --with-kbd-loadkeys=/bin/loadkeys \
    --with-kbd-setfont=/bin/setfont
make
make check
make install
install -v -m644 man/*.html /usr/share/doc/systemd-229
mv -v /usr/lib/libnss_{myhostname,mymachines,resolve}.so.2 /lib
rm -rfv /usr/lib/rpm
for tool in runlevel reboot shutdown poweroff halt telinit; do
  ln -sfv ../bin/systemctl /sbin/$tool
done
ln -sfv ../lib/systemd/systemd /sbin/init
systemd-machine-id-setup

comment:41 Changed 16 months ago by chris@…

Now at version 230.

CHANGES WITH 230:

        * DNSSEC is now turned on by default in systemd-resolved (in
          "allow-downgrade" mode), but may be turned off during compile time by
          passing "--with-default-dnssec=no" to "configure" (and of course,
          during runtime with DNSSEC= in resolved.conf). We recommend
          downstreams to leave this on at least during development cycles and
          report any issues with the DNSSEC logic upstream. We are very
          interested in collecting feedback about the DNSSEC validator and its
          limitations in the wild. Note however, that DNSSEC support is
          probably nothing downstreams should turn on in stable distros just
          yet, as it might create incompatibilities with a few DNS servers and
          networks. We tried hard to make sure we downgrade to non-DNSSEC mode
          automatically whenever we detect such incompatible setups, but there
          might be systems we do not cover yet. Hence: please help us testing
          the DNSSEC code, leave this on where you can, report back, but then
          again don't consider turning this on in your stable, LTS or
          production release just yet. (Note that you have to enable
          nss-resolve in /etc/nsswitch.conf, to actually use systemd-resolved
          and its DNSSEC mode for host name resolution from local
          applications.)

        * systemd-resolve conveniently resolves DANE records with the --tlsa
          option and OPENPGPKEY records with the --openpgp option. It also
          supports dumping raw DNS record data via the new --raw= switch.

        * systemd-logind will now by default terminate user processes that are
          part of the user session scope unit (session-XX.scope) when the user
          logs out. This behavior is controlled by the KillUserProcesses=
          setting in logind.conf, and the previous default of "no" is now
          changed to "yes". This means that user sessions will be properly
          cleaned up after, but additional steps are necessary to allow
          intentionally long-running processes to survive logout.

          While the user is logged in at least once, user@.service is running,
          and any service that should survive the end of any individual login
          session can be started at a user service or scope using systemd-run.
          systemd-run(1) man page has been extended with an example which shows
          how to run screen in a scope unit underneath user@.service. The same
          command works for tmux.

          After the user logs out of all sessions, user@.service will be
          terminated too, by default, unless the user has "lingering" enabled.
          To effectively allow users to run long-term tasks even if they are
          logged out, lingering must be enabled for them. See loginctl(1) for
          details. The default polkit policy was modified to allow users to
          set lingering for themselves without authentication.

          Previous defaults can be restored at compile time by the
          --without-kill-user-processes option to "configure".

        * systemd-logind gained new configuration settings SessionsMax= and
          InhibitorsMax=, both with a default of 8192. It will not register new
          user sessions or inhibitors above this limit.

        * systemd-logind will now reload configuration on SIGHUP.

        * The unified cgroup hierarchy added in Linux 4.5 is now supported.
          Use systemd.unified_cgroup_hierarchy=1 on the kernel command line to
          enable. Also, support for the "io" cgroup controller in the unified
          hierarchy has been added, so that the "memory", "pids" and "io" are
          now the controllers that are supported on the unified hierarchy.

          WARNING: it is not possible to use previous systemd versions with
          systemd.unified_cgroup_hierarchy=1 and the new kernel. Therefore it
          is necessary to also update systemd in the initramfs if using the
          unified hierarchy. An updated SELinux policy is also required.

        * LLDP support has been extended, and both passive (receive-only) and
          active (sender) modes are supported. Passive mode ("routers-only") is
          enabled by default in systemd-networkd. Active LLDP mode is enabled
          by default for containers on the internal network. The "networkctl
          lldp" command may be used to list information gathered. "networkctl
          status" will also show basic LLDP information on connected peers now.

        * The IAID and DUID unique identifier sent in DHCP requests may now be
          configured for the system and each .network file managed by
          systemd-networkd using the DUIDType=, DUIDRawData=, IAID= options.

        * systemd-networkd gained support for configuring proxy ARP support for
          each interface, via the ProxyArp= setting in .network files. It also
          gained support for configuring the multicast querier feature of
          bridge devices, via the new MulticastQuerier= setting in .netdev
          files. Similarly, snooping on the IGMP traffic can be controlled
          via the new setting MulticastSnooping=.

          A new setting PreferredLifetime= has been added for addresses
          configured in .network file to configure the lifetime intended for an
          address.

          The systemd-networkd DHCP server gained the option EmitRouter=, which
          defaults to yes, to configure whether the DHCP Option 3 (Router)
          should be emitted.

        * The testing tool /usr/lib/systemd/systemd-activate is renamed to
          systemd-socket-activate and installed into /usr/bin. It is now fully
          supported.

        * systemd-journald now uses separate threads to flush changes to disk
          when closing journal files, thus reducing impact of slow disk I/O on
          logging performance.

        * The sd-journal API gained two new calls
          sd_journal_open_directory_fd() and sd_journal_open_files_fd() which
          can be used to open journal files using file descriptors instead of
          file or directory paths. sd_journal_open_container() has been
          deprecated, sd_journal_open_directory_fd() should be used instead
          with the flag SD_JOURNAL_OS_ROOT.

        * journalctl learned a new output mode "-o short-unix" that outputs log
          lines prefixed by their UNIX time (i.e. seconds since Jan 1st, 1970
          UTC). It also gained support for a new --no-hostname setting to
          suppress the hostname column in the family of "short" output modes.

        * systemd-ask-password now optionally skips printing of the password to
          stdout with --no-output which can be useful in scripts.

        * Framebuffer devices (/dev/fb*) and 3D printers and scanners
          (devices tagged with ID_MAKER_TOOL) are now tagged with
          "uaccess" and are available to logged in users.

        * The DeviceAllow= unit setting now supports specifiers (with "%").

        * "systemctl show" gained a new --value switch, which allows print a
          only the contents of a specific unit property, without also printing
          the property's name. Similar support was added to "show*" verbs
          of loginctl and machinectl that output "key=value" lists.

        * A new unit type "generated" was added for files dynamically generated
          by generator tools. Similarly, a new unit type "transient" is used
          for unit files created using the runtime API. "systemctl enable" will
          refuse to operate on such files.

        * A new command "systemctl revert" has been added that may be used to
          revert to the vendor version of a unit file, in case local changes
          have been made by adding drop-ins or overriding the unit file.

        * "machinectl clean" gained a new verb to automatically remove all or
          just hidden container images.

        * systemd-tmpfiles gained support for a new line type "e" for emptying
          directories, if they exist, without creating them if they don't.

        * systemd-nspawn gained support for automatically patching the UID/GIDs
          of the owners and the ACLs of all files and directories in a
          container tree to match the UID/GID user namespacing range selected
          for the container invocation. This mode is enabled via the new
          --private-user-chown switch. It also gained support for automatically
          choosing a free, previously unused UID/GID range when starting a
          container, via the new --private-users=pick setting (which implies
          --private-user-chown). Together, these options for the first time
          make user namespacing for nspawn containers fully automatic and thus
          deployable. The systemd-nspaw@.service template unit file has been
          changed to use this functionality by default.

        * systemd-nspawn gained a new --network-zone= switch, that allows
          creating ad-hoc virtual Ethernet links between multiple containers,
          that only exist as long as at least one container referencing them is
          running. This allows easy connecting of multiple containers with a
          common link that implements an Ethernet broadcast domain. Each of
          these network "zones" may be named relatively freely by the user, and
          may be referenced by any number of containers, but each container may
          only reference one of these "zones". On the lower level, this is
          implemented by an automatically managed bridge network interface for
          each zone, that is created when the first container referencing its
          zone is created and removed when the last one referencing its zone
          terminates.

        * The default start timeout may now be configured on the kernel command
          line via systemd.default_timeout_start_sec=. It was already
          configurable via the DefaultTimeoutStartSec= option in
          /etc/systemd/system.conf.

        * Socket units gained a new TriggerLimitIntervalSec= and
          TriggerLimitBurst= setting to configure a limit on the activation
          rate of the socket unit.

        * The LimitNICE= setting now optionally takes normal UNIX nice values
          in addition to the raw integer limit value. If the specified
          parameter is prefixed with "+" or "-" and is in the range -20..19 the
          value is understood as UNIX nice value. If not prefixed like this it
          is understood as raw RLIMIT_NICE limit.

        * Note that the effect of the PrivateDevices= unit file setting changed
          slightly with this release: the per-device /dev file system will be
          mounted read-only from this version on, and will have "noexec"
          set. This (minor) change of behavior might cause some (exceptional)
          legacy software to break, when PrivateDevices=yes is set for its
          service. Please leave PrivateDevices= off if you run into problems
          with this.

        * systemd-bootchart has been split out to a separate repository:
          https://github.com/systemd/systemd-bootchart

        * systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
          merged into the kernel in its current form.

        * The compatibility libraries libsystemd-daemon.so,
          libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
          which have been deprecated since systemd-209 have been removed along
          with the corresponding pkg-config files. All symbols provided by
          those libraries are provided by libsystemd.so.

        * The Capabilities= unit file setting has been removed (it is ignored
          for backwards compatibility). AmbientCapabilities= and
          CapabilityBoundingSet= should be used instead.

        Contributions from: Alban Crequy, Alexander Kuleshov, Alexander Shopov,
        Alex Crawford, Andre Klärner, Andrew Eikum, Beniamino Galvani, Benjamin
        Robin, Biao Lu, Bjørnar Ness, Calvin Owens, Christian Hesse, Clemens
        Gruber, Colin Guthrie, Daniel Drake, Daniele Medri, Daniel J Walsh,
        Daniel Mack, Dan Nicholson, daurnimator, David Herrmann, David
        R. Hedges, Elias Probst, Emmanuel Gil Peyrot, EMOziko, Evgeny
        Vereshchagin, Federico, Felipe Sateler, Filipe Brandenburger, Franck
        Bui, frankheckenbach, gdamjan, Georgia Brikis, Harald Hoyer, Hendrik
        Brueckner, Hristo Venev, Iago López Galeiras, Ian Kelling, Ismo
        Puustinen, Jakub Wilk, Jaroslav Å karvada, Jeff Huang, Joel Holdsworth,
        John Paul Adrian Glaubitz, Jonathan Boulle, kayrus, Klearchos
        Chaloulos, Kyle Russell, Lars Uebernickel, Lennart Poettering, Lubomir
        Rintel, Lukáš Nykrýn, Mantas Mikulėnas, Marcel Holtmann, Martin Pitt,
        Michael Biebl, michaelolbrich, Michał Bartoszkiewicz, Michal Koutný,
        Michal Sekletar, Mike Frysinger, Mike Gilbert, Mingcong Bai, Ming Lin,
        mulkieran, muzena, Nalin Dahyabhai, Naohiro Aota, Nathan McSween,
        Nicolas Braud-Santoni, Patrik Flykt, Peter Hutterer, Peter Mattern,
        Petr Lautrbach, Petros Angelatos, Piotr DrÄ…g, Rabin Vincent, Robert
        Węcławski, Ronny Chevalier, Samuel Tardieu, Stefan Saraev, Stefan
        Schallenberg aka nafets227, Steven Siloti, Susant Sahani, Sylvain
        Plantefève, Taylor Smock, Tejun Heo, Thomas Blume, Thomas Haller,
        Thomas H. P. Andersen, Tobias Klauser, Tom Gundersen, topimiettinen,
        Torstein Husebø, Umut Tezduyar Lindskog, Uwe Kleine-König, Victor Toso,
        Vinay Kulkarni, Vito Caputo, Vittorio G (VittGam), Vladimir Panteleev,
        Wieland Hoffmann, Wouter Verhelst, Yu Watanabe, Zbigniew
        Jędrzejewski-Szmek

        — Fairfax, 2016-05-21

One of the main changes is that the compatibility libs and .pc files are now removed completely, so if you wanted to install the .pc files for them you'd need to create them from scratch. I've just left out the patch, and the only issue I've seen so far is that I've had to make a couple edits to Qt5 so it can find journald.

Another change is that systemd-bus-proxy is removed, so the systemd-bus-proxy user and group aren't needed.

comment:42 Changed 15 months ago by chris@…

  • Summary changed from Systemd 229 Version Upgrade to Systemd 230 Version Upgrade

comment:43 Changed 5 months ago by kb0iic

  • Description modified (diff)
  • Summary changed from Systemd 230 Version Upgrade to Systemd 233 Version Upgrade

comment:44 Changed 5 months ago by kb0iic

Will need to install Util-linux 2.27.1 Ticket 1038

comment:45 Changed 5 months ago by kb0iic

Final System

Add for all books:

cat > config.cache << "EOF"
KILL=/bin/kill
MOUNT_PATH=/bin/mount
UMOUNT_PATH=/bin/umount
SULOGIN="/sbin/sulogin"
XSLTPROC="/usr/bin/xsltproc"
EOF

32 bit

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --libdir=/usr/lib \
    --libexecdir=/usr/lib \
    --docdir=/usr/share/doc/systemd-233 \
    --with-rootprefix="" \
    --with-rootlibdir=/lib64 \
    --enable-split-usr \
    --disable-lto \
    --disable-ldconfig \
    --disable-sysusers \
    --with-default-dnssec=no \
    --with-kbd-loadkeys=/bin/loadkeys \
    --with-kbd-setfont=/bin/setfont \
    --with-dbuspolicydir=/etc/dbus-1/system.d \
    --with-dbussessionservicedir=/usr/share/dbus-1/services \
    --with-dbussystemservicedir=/usr/share/dbus-1/system-services \
    --config-cache

64bit/N32 (adjust libdir as required)

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --libdir=/usr/lib64 \
    --libexecdir=/usr/lib64 \
    --docdir=/usr/share/doc/systemd-233 \
    --with-rootprefix="" \
    --with-rootlibdir=/lib64 \
    --enable-split-usr \
    --disable-lto \
    --disable-ldconfig \
    --disable-sysusers \
    --with-default-dnssec=no \
    --with-kbd-loadkeys=/bin/loadkeys \
    --with-kbd-setfont=/bin/setfont \
    --with-dbuspolicydir=/etc/dbus-1/system.d \
    --with-dbussessionservicedir=/usr/share/dbus-1/services \
    --with-dbussystemservicedir=/usr/share/dbus-1/system-services \
    --config-cache

No longer need (for all books):

mv -v /usr/lib64/libnss_myhostname.so.2 /lib{,32,64}
sed -i "s@root lock@root root@g" /usr/lib/tmpfiles.d/legacy.conf

Check test suite sed commands, installed libraries, installed binaries

comment:46 Changed 5 months ago by kb0iic

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.