1--- 2title: Porting systemd To New Distributions 3category: Concepts 4layout: default 5SPDX-License-Identifier: LGPL-2.1-or-later 6--- 7 8# Porting systemd To New Distributions 9 10## HOWTO 11 12You need to make the follow changes to adapt systemd to your 13distribution: 14 151. Find the right configure parameters for: 16 17 * `-Drootprefix=` 18 * `-Dsysvinit-path=` 19 * `-Dsysvrcnd-path=` 20 * `-Drc-local=` 21 * `-Dloadkeys-path=` 22 * `-Dsetfont-path=` 23 * `-Dtty-gid=` 24 * `-Dntp-servers=` 25 * `-Ddns-servers=` 26 * `-Dsupport-url=` 27 282. Try it out. 29 30 Play around (as an ordinary user) with 31 `/usr/lib/systemd/systemd --test --system` for a test run 32 of systemd without booting. This will read the unit files and 33 print the initial transaction it would execute during boot-up. 34 This will also inform you about ordering loops and suchlike. 35 36## Compilation options 37 38The default configuration does not enable any optimization or hardening 39options. This is suitable for development and testing, but not for end-user 40installations. 41 42For deployment, optimization (`-O2` or `-O3` compiler options), link time 43optimization (`-Db_lto=true` meson option), and hardening (e.g. 44`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`, 45`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`, 46`--as-needed` linker options) are recommended. The most appropriate set of 47options depends on the architecture and distribution specifics so no default is 48provided. 49 50## NTP Pool 51 52By default, systemd-timesyncd uses the Google Public NTP servers 53`time[1-4].google.com`, if no other NTP configuration is available. 54They serve time that uses a 55[leap second smear](https://developers.google.com/time/smear) 56and can be up to .5s off from servers that use stepped leap seconds. 57 58If you prefer to use leap second steps, please register your own 59vendor pool at ntp.org and make it the built-in default by 60passing `-Dntp-servers=` to meson. Registering vendor 61pools is [free](http://www.pool.ntp.org/en/vendors.html). 62 63Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback 64NTP servers. 65 66## DNS Servers 67 68By default, systemd-resolved uses Cloudflare and Google Public DNS servers 69`1.1.1.1`, `8.8.8.8`, `1.0.0.1`, `8.8.4.4`, `2606:4700:4700::1111`, `2001:4860:4860::8888`, `2606:4700:4700::1001`, `2001:4860:4860::8844` 70as fallback, if no other DNS configuration is available. 71 72Use `-Ddns-servers=` to direct systemd-resolved to different fallback 73DNS servers. 74 75## PAM 76 77The default PAM config shipped by systemd is really bare bones. 78It does not include many modules your distro might want to enable 79to provide a more seamless experience. For example, limits set in 80`/etc/security/limits.conf` will not be read unless you load `pam_limits`. 81Make sure you add modules your distro expects from user services. 82 83Pass `-Dpamconfdir=no` to meson to avoid installing this file and 84instead install your own. 85 86## Contributing Upstream 87 88We generally do no longer accept distribution-specific patches to 89systemd upstream. If you have to make changes to systemd's source code 90to make it work on your distribution, unless your code is generic 91enough to be generally useful, we are unlikely to merge it. Please 92always consider adopting the upstream defaults. If that is not 93possible, please maintain the relevant patches downstream. 94 95Thank you for understanding. 96