From af2a7ac568af7b8ecf1002023dd9d07135c3c9c2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 25 Apr 2024 04:54:54 +0200 Subject: Merging upstream version 255.5. Signed-off-by: Daniel Baumann --- docs/DISTRO_PORTING.md | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) (limited to 'docs/DISTRO_PORTING.md') diff --git a/docs/DISTRO_PORTING.md b/docs/DISTRO_PORTING.md index c95a829..cb23093 100644 --- a/docs/DISTRO_PORTING.md +++ b/docs/DISTRO_PORTING.md @@ -9,8 +9,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later ## HOWTO -You need to make the follow changes to adapt systemd to your -distribution: +You need to make the follow changes to adapt systemd to your distribution: 1. Find the right configure parameters for: @@ -27,23 +26,22 @@ distribution: 2. Try it out. Play around (as an ordinary user) with - `/usr/lib/systemd/systemd --test --system` for a test run - of systemd without booting. This will read the unit files and - print the initial transaction it would execute during boot-up. + `/usr/lib/systemd/systemd --test --system` for a test run of systemd without booting. + This will read the unit files and print the initial transaction it would execute during boot-up. This will also inform you about ordering loops and suchlike. ## Compilation options -The default configuration does not enable any optimization or hardening -options. This is suitable for development and testing, but not for end-user +The default configuration does not enable any optimization or hardening options. +This is suitable for development and testing, but not for end-user installations. For deployment, optimization (`-O2` or `-O3` compiler options), link time optimization (`-Db_lto=true` meson option), and hardening (e.g. `-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`, `-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`, -`--as-needed` linker options) are recommended. The most appropriate set of -options depends on the architecture and distribution specifics so no default is +`--as-needed` linker options) are recommended. +The most appropriate set of options depends on the architecture and distribution specifics so no default is provided. ## NTP Pool @@ -56,8 +54,9 @@ and can be up to .5s off from servers that use stepped leap seconds. If you prefer to use leap second steps, please register your own vendor pool at ntp.org and make it the built-in default by -passing `-Dntp-servers=` to meson. Registering vendor -pools is [free](http://www.pool.ntp.org/en/vendors.html). +passing `-Dntp-servers=` to meson. +Registering vendor pools is +[free](http://www.pool.ntp.org/en/vendors.html). Use `-Dntp-servers=` to direct systemd-timesyncd to different fallback NTP servers. @@ -75,8 +74,8 @@ DNS servers. The default PAM config shipped by systemd is really bare bones. It does not include many modules your distro might want to enable -to provide a more seamless experience. For example, limits set in -`/etc/security/limits.conf` will not be read unless you load `pam_limits`. +to provide a more seamless experience. +For example, limits set in `/etc/security/limits.conf` will not be read unless you load `pam_limits`. Make sure you add modules your distro expects from user services. Pass `-Dpamconfdir=no` to meson to avoid installing this file and @@ -85,10 +84,9 @@ instead install your own. ## Contributing Upstream We generally no longer accept distribution-specific patches to -systemd upstream. If you have to make changes to systemd's source code -to make it work on your distribution, unless your code is generic -enough to be generally useful, we are unlikely to merge it. Please -always consider adopting the upstream defaults. If that is not -possible, please maintain the relevant patches downstream. +systemd upstream. +If you have to make changes to systemd's source code to make it work on your distribution, unless your code is generic enough to be generally useful, we are unlikely to merge it. +Please always consider adopting the upstream defaults. +If that is not possible, please maintain the relevant patches downstream. Thank you for understanding. -- cgit v1.2.3