systemd/meson_options.txt
Lennart Poettering faacf1807e boot: stop making TPM PCR to measure kernel command line into configurable
Everyone appears to use PCR 8 for this, hence I think it's safe to
hardcode that in systemd too.

It's also documented, like here:

https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html

or here:

https://github.com/rhboot/shim/blob/main/README.tpm

(And the previous name was a bit confusing, since we don't actually just
measure one thing anymore, but mutliple things into multiple PCRs...)
2021-09-23 17:24:09 +02:00

477 lines
26 KiB
Meson

# -*- mode: meson -*-
# SPDX-License-Identifier: LGPL-2.1-or-later
option('version-tag', type : 'string',
description : 'override the git version string')
option('mode', type : 'combo', choices : ['developer', 'release'],
description : 'autoenable features suitable for systemd development/release builds')
option('split-usr', type : 'combo', choices : ['auto', 'true', 'false'],
description : '''/bin, /sbin aren't symlinks into /usr''')
option('split-bin', type : 'combo', choices : ['auto', 'true', 'false'],
description : '''sbin is not a symlink to bin''')
option('rootlibdir', type : 'string',
description : '''[/usr]/lib/x86_64-linux-gnu or such''')
option('rootprefix', type : 'string',
description : '''override the root prefix [default '/' if split-usr and '/usr' otherwise]''')
option('link-udev-shared', type : 'boolean',
description : 'link systemd-udev and its helpers to libsystemd-shared.so')
option('link-systemctl-shared', type: 'boolean',
description : 'link systemctl against libsystemd-shared.so')
option('link-networkd-shared', type: 'boolean',
description : 'link systemd-networkd and its helpers to libsystemd-shared.so')
option('link-timesyncd-shared', type: 'boolean',
description : 'link systemd-timesyncd and its helpers to libsystemd-shared.so')
option('static-libsystemd', type : 'combo',
choices : ['false', 'true', 'pic', 'no-pic'],
description : '''install a static library for libsystemd''')
option('static-libudev', type : 'combo',
choices : ['false', 'true', 'pic', 'no-pic'],
description : 'install a static library for libudev')
option('standalone-binaries', type : 'boolean', value : 'false',
description : 'also build standalone versions of supported binaries')
option('sysvinit-path', type : 'string', value : '/etc/init.d',
description : 'the directory where the SysV init scripts are located')
option('sysvrcnd-path', type : 'string', value : '/etc/rc.d',
description : 'the base directory for SysV rcN.d directories')
option('telinit-path', type : 'string', value : '/lib/sysvinit/telinit',
description : 'path to telinit')
option('rc-local', type : 'string',
value : '/etc/rc.local')
option('initrd', type : 'boolean',
description : 'install services for use when running systemd in initrd')
option('compat-mutable-uid-boundaries', type : 'boolean', value : 'false',
description : 'look at uid boundaries in /etc/login.defs for compatibility')
option('nscd', type : 'boolean',
description : 'build support for flushing of the nscd caches')
option('quotaon-path', type : 'string', description : 'path to quotaon')
option('quotacheck-path', type : 'string', description : 'path to quotacheck')
option('kmod-path', type : 'string', description : 'path to kmod')
option('kexec-path', type : 'string', description : 'path to kexec')
option('sulogin-path', type : 'string', description : 'path to sulogin')
option('mount-path', type : 'string', description : 'path to mount')
option('umount-path', type : 'string', description : 'path to umount')
option('loadkeys-path', type : 'string', description : 'path to loadkeys')
option('setfont-path', type : 'string', description : 'path to setfont')
option('nologin-path', type : 'string', description : 'path to nologin')
option('debug-shell', type : 'string', value : '/bin/sh',
description : 'path to debug shell binary')
option('debug-tty', type : 'string', value : '/dev/tty9',
description : 'specify the tty device for debug shell')
option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache', 'siphash'], value : [],
description : 'enable extra debugging')
option('memory-accounting-default', type : 'boolean',
description : 'enable MemoryAccounting= by default')
option('bump-proc-sys-fs-file-max', type : 'boolean',
description : 'bump /proc/sys/fs/file-max to LONG_MAX')
option('bump-proc-sys-fs-nr-open', type : 'boolean',
description : 'bump /proc/sys/fs/nr_open to INT_MAX')
option('valgrind', type : 'boolean', value : false,
description : 'do extra operations to avoid valgrind warnings')
option('log-trace', type : 'boolean', value : false,
description : 'enable low level debug logging')
option('user-path', type : 'string',
description : '$PATH to use for user sessions')
option('utmp', type : 'boolean',
description : 'support for utmp/wtmp log handling')
option('hibernate', type : 'boolean',
description : 'support for hibernation')
option('ldconfig', type : 'boolean',
description : 'support for dynamic linker cache creation')
option('resolve', type : 'boolean',
description : 'systemd-resolved stack')
option('efi', type : 'boolean',
description : 'enable systemd-boot and bootctl')
option('tpm', type : 'boolean',
description : 'TPM should be used to log events and extend the registers')
option('environment-d', type : 'boolean',
description : 'support for environment.d')
option('binfmt', type : 'boolean',
description : 'support for custom binary formats')
option('repart', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install the systemd-repart tool')
option('coredump', type : 'boolean',
description : 'install the coredump handler')
option('pstore', type : 'boolean',
description : 'install the pstore archival tool')
option('oomd', type : 'boolean',
description : 'install the userspace oom killer')
option('logind', type : 'boolean',
description : 'install the systemd-logind stack')
option('hostnamed', type : 'boolean',
description : 'install the systemd-hostnamed stack')
option('localed', type : 'boolean',
description : 'install the systemd-localed stack')
option('machined', type : 'boolean',
description : 'install the systemd-machined stack')
option('portabled', type : 'boolean',
description : 'install the systemd-portabled stack')
option('sysext', type : 'boolean',
description : 'install the systemd-sysext stack')
option('userdb', type : 'boolean',
description : 'install the systemd-userdbd stack')
option('homed', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install the systemd-homed stack')
option('networkd', type : 'boolean',
description : 'install the systemd-networkd stack')
option('timedated', type : 'boolean',
description : 'install the systemd-timedated daemon')
option('timesyncd', type : 'boolean',
description : 'install the systemd-timesyncd daemon')
option('remote', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'support for "journal over the network"')
option('create-log-dirs', type : 'boolean',
description : 'create /var/log/journal{,/remote}')
option('nss-myhostname', type : 'boolean',
description : 'install nss-myhostname module')
option('nss-mymachines', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install nss-mymachines module')
option('nss-resolve', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install nss-resolve module')
option('nss-systemd', type : 'boolean',
description : 'install nss-systemd module')
option('firstboot', type : 'boolean',
description : 'support for firstboot mechanism')
option('randomseed', type : 'boolean',
description : 'support for restoring random seed')
option('backlight', type : 'boolean',
description : 'support for restoring backlight state')
option('vconsole', type : 'boolean',
description : 'support for vconsole configuration')
option('quotacheck', type : 'boolean',
description : 'support for the quotacheck tools')
option('sysusers', type : 'boolean',
description : 'support for the sysusers configuration')
option('tmpfiles', type : 'boolean',
description : 'support for tmpfiles.d')
option('importd', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'install the systemd-importd daemon')
option('hwdb', type : 'boolean',
description : 'support for the hardware database')
option('rfkill', type : 'boolean',
description : 'support for the rfkill tools')
option('xdg-autostart', type : 'boolean',
description : 'install the xdg-autostart-generator and unit')
option('man', type : 'combo', choices : ['auto', 'true', 'false'],
value : 'false',
description : 'build and install man pages')
option('html', type : 'combo', choices : ['auto', 'true', 'false'],
value : 'false',
description : 'build and install html pages')
option('translations', type : 'boolean', value : true,
description : 'build and install translations')
option('certificate-root', type : 'string', value : '/etc/ssl',
description : 'the prefix for TLS certificates')
option('dbuspolicydir', type : 'string',
description : 'D-Bus policy directory')
option('dbussessionservicedir', type : 'string',
description : 'D-Bus session service directory')
option('dbussystemservicedir', type : 'string',
description : 'D-Bus system service directory')
option('pkgconfigdatadir', type : 'string', value : '',
description : 'directory for arch-independent pkg-config files')
option('pkgconfiglibdir', type : 'string', value : '',
description : 'directory for standard pkg-config files')
option('xinitrcdir', type : 'string', value : '',
description : 'directory for xinitrc files')
option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d',
description : 'directory for rpm macros ["no" disables]')
option('update-helper-user-timeout', type : 'string', value : '15s',
description : 'how long to wait for user manager operations')
option('pamlibdir', type : 'string',
description : 'directory for PAM modules')
option('pamconfdir', type : 'string',
description : 'directory for PAM configuration ["no" disables]')
option('libcryptsetup-plugins-dir', type : 'string',
description : 'directory for libcryptsetup plugins')
option('docdir', type : 'string',
description : 'documentation directory')
option('install-sysconfdir', type : 'combo', choices : ['true', 'no-samples', 'false'], value : 'true',
description : 'install configuration files and directories to $sysconfdir')
option('fallback-hostname', type : 'string', value : 'localhost',
description : 'the hostname used if none configured')
option('default-hierarchy', type : 'combo',
choices : ['legacy', 'hybrid', 'unified'], value : 'unified',
description : 'default cgroup hierarchy')
option('default-net-naming-scheme', type : 'combo',
choices : ['latest', 'v238', 'v239', 'v240'],
description : 'default net.naming-scheme= value')
option('status-unit-format-default', type : 'combo',
choices : ['description', 'name', 'combined'],
description : 'use unit name or description in messages by default')
option('time-epoch', type : 'integer', value : '-1',
description : 'time epoch for time clients')
option('clock-valid-range-usec-max', type : 'integer', value : '473364000000000', # 15 years
description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error')
option('system-alloc-uid-min', type : 'integer', value : '-1',
description : 'minimum system UID used when allocating')
option('system-alloc-gid-min', type : 'integer', value : '-1',
description : 'minimum system GID used when allocating')
option('system-uid-max', type : 'integer', value : '-1',
description : 'maximum system UID')
option('system-gid-max', type : 'integer', value : '-1',
description : 'maximum system GID')
option('dynamic-uid-min', type : 'integer', value : 0x0000EF00,
description : 'minimum dynamic UID')
option('dynamic-uid-max', type : 'integer', value : 0x0000FFEF,
description : 'maximum dynamic UID')
option('container-uid-base-min', type : 'integer', value : 0x00080000,
description : 'minimum container UID base')
option('container-uid-base-max', type : 'integer', value : 0x6FFF0000,
description : 'maximum container UID base')
option('adm-group', type : 'boolean',
description : 'the ACL for adm group should be added')
option('wheel-group', type : 'boolean',
description : 'the ACL for wheel group should be added')
option('nobody-user', type : 'string',
description : 'The name of the nobody user (the one with UID 65534)',
value : 'nobody')
option('nobody-group', type : 'string',
description : 'The name of the nobody group (the one with GID 65534)',
value : 'nobody')
option('adm-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "adm" group')
option('audio-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "audio" group')
option('cdrom-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "cdrom" group')
option('dialout-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "dialout" group')
option('disk-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "disk" group')
option('input-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "input" group')
option('kmem-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "kmem" group')
option('kvm-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "kvm" group')
option('lp-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "lp" group')
option('render-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "render" group')
option('sgx-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "sgx" group')
option('tape-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "tape" group')
option('tty-gid', type : 'integer', value : 5,
description : 'the numeric GID of the "tty" group')
option('users-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "users" group')
option('utmp-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "utmp" group')
option('video-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "video" group')
option('wheel-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the "wheel" group')
option('systemd-journal-gid', type : 'integer', value : '-1',
description : 'soft-static allocation for the systemd-journal group')
option('systemd-network-uid', type : 'integer', value : '-1',
description : 'soft-static allocation for the systemd-network user')
option('systemd-resolve-uid', type : 'integer', value : '-1',
description : 'soft-static allocation for the systemd-resolve user')
option('systemd-timesync-uid', type : 'integer', value : '-1',
description : 'soft-static allocation for the systemd-timesync user')
option('dev-kvm-mode', type : 'string', value : '0666',
description : '/dev/kvm access mode')
option('group-render-mode', type : 'string', value : '0666',
description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).')
option('default-kill-user-processes', type : 'boolean',
description : 'the default value for KillUserProcesses= setting')
option('gshadow', type : 'boolean',
description : 'support for shadow group')
option('default-locale', type : 'string', value : '',
description : 'default locale used when /etc/locale.conf does not exist')
option('localegen-path', type : 'string', value : '',
description : 'absolute path to the locale-gen binary in case the system is using locale-gen')
option('service-watchdog', type : 'string', value : '3min',
description : 'default watchdog setting for systemd services')
option('default-dnssec', type : 'combo',
description : 'default DNSSEC mode',
choices : ['yes', 'allow-downgrade', 'no'],
value : 'allow-downgrade')
option('default-dns-over-tls', type : 'combo',
description : 'default DNS-over-TLS mode',
choices : ['yes', 'opportunistic', 'no'],
value : 'no')
option('default-mdns', type : 'combo',
choices : ['yes', 'resolve', 'no'],
description : 'default MulticastDNS mode',
value : 'yes')
option('default-llmnr', type : 'combo',
choices : ['yes', 'resolve', 'no'],
description : 'default LLMNR mode',
value : 'yes')
option('dns-over-tls', type : 'combo', choices : ['auto', 'gnutls', 'openssl', 'true', 'false'],
description : 'DNS-over-TLS support')
option('dns-servers', type : 'string',
description : 'space-separated list of default DNS servers',
value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google')
option('ntp-servers', type : 'string',
description : 'space-separated list of default NTP servers',
value : 'time1.google.com time2.google.com time3.google.com time4.google.com')
option('support-url', type : 'string',
description : 'the support URL to show in catalog entries included in systemd',
value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel')
option('www-target', type : 'string',
description : 'the address and dir to upload docs too',
value : 'www.freedesktop.org:/srv/www.freedesktop.org/www/software/systemd')
option('seccomp', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'SECCOMP support')
option('selinux', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'SELinux support')
option('apparmor', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'AppArmor support')
option('smack', type : 'boolean',
description : 'SMACK support')
option('smack-run-label', type : 'string',
description : 'run systemd --system itself with a specific SMACK label')
option('polkit', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'polkit support')
option('ima', type : 'boolean',
description : 'IMA support')
option('acl', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libacl support')
option('audit', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libaudit support')
option('blkid', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libblkid support')
option('fdisk', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libfdisk support')
option('kmod', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'support for loadable modules')
option('pam', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'PAM support')
option('pwquality', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libpwquality support')
option('microhttpd', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libµhttpd support')
option('libcryptsetup', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libcryptsetup support')
option('libcryptsetup-plugins', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libcryptsetup LUKS2 external token handlers support (plugins)')
option('libcurl', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libcurl support')
option('idn', type : 'boolean',
description : 'use IDN when printing hostnames')
option('libidn2', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libidn2 support')
option('libidn', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libidn support')
option('libiptc', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libiptc support')
option('qrencode', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libqrencode support')
option('gcrypt', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'gcrypt support')
option('gnutls', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'gnutls support')
option('openssl', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'openssl support')
option('p11kit', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'p11kit support')
option('libfido2', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'FIDO2 support')
option('tpm2', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'TPM2 support')
option('elfutils', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'elfutils support')
option('zlib', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'zlib compression support')
option('bzip2', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'bzip2 compression support')
option('xz', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'xz compression support')
option('lz4', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'lz4 compression support')
option('zstd', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'zstd compression support')
option('xkbcommon', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'xkbcommon keymap support')
option('pcre2', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'regexp matching support using pcre2')
option('glib', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libglib support (for tests only)')
option('dbus', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libdbus support (for tests only)')
option('gnu-efi', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'gnu-efi support for sd-boot')
option('efi-cc', type : 'array',
description : 'the compiler to use for EFI modules')
option('efi-ld', type : 'string', value : 'ld',
description : 'the linker to use for EFI modules')
option('efi-libdir', type : 'string',
description : 'path to the EFI lib directory')
option('efi-includedir', type : 'string', value : '/usr/include/efi',
description : 'path to the EFI header directory')
option('sbat-distro', type : 'string',
description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection')
option('sbat-distro-generation', type : 'integer', value : 1,
description : 'SBAT distribution generation')
option('sbat-distro-summary', type : 'string',
description : 'SBAT distribution summary, e.g. Fedora')
option('sbat-distro-pkgname', type : 'string',
description : 'SBAT distribution package name, e.g. systemd')
option('sbat-distro-version', type : 'string',
description : 'SBAT distribution package version, e.g. 248-7.fc34')
option('sbat-distro-url', type : 'string',
description : 'SBAT distribution URL, e.g. https://src.fedoraproject.org/rpms/systemd')
option('efi-color-normal', type : 'string', value : 'lightgray,black',
description : 'general boot loader color in "foreground,background" form, see constants from eficon.h')
option('efi-color-entry', type : 'string', value : 'lightgray,black',
description : 'boot loader color for entries')
option('efi-color-highlight', type : 'string', value : 'black,lightgray',
description : 'boot loader color for selected entries')
option('efi-color-edit', type : 'string', value : 'black,lightgray',
description : 'boot loader color for option line edit')
option('bashcompletiondir', type : 'string',
description : 'directory for bash completion scripts ["no" disables]')
option('zshcompletiondir', type : 'string',
description : 'directory for zsh completion scripts ["no" disables]')
option('tests', type : 'combo', choices : ['true', 'unsafe', 'false'],
description : 'enable extra tests with =unsafe')
option('slow-tests', type : 'boolean', value : 'false',
description : 'run the slow tests by default')
option('fuzz-tests', type : 'boolean', value : 'false',
description : 'run the fuzzer regression tests by default (with sanitizers)')
option('install-tests', type : 'boolean', value : 'false',
description : 'install test executables')
option('ok-color', type : 'combo',
choices : ['black', 'red', 'green', 'yellow', 'blue', 'magenta', 'cyan',
'white', 'highlight-black', 'highlight-red', 'highlight-green',
'highlight-yellow', 'highlight-blue', 'highlight-magenta',
'highlight-cyan', 'highlight-white'],
value : 'green',
description: 'color of the "OK" status message')
option('urlify', type : 'boolean', value : 'true',
description : 'enable pager Hyperlink ANSI sequence support')
option('fexecve', type : 'boolean', value : 'false',
description : 'use fexecve() to spawn children')
option('oss-fuzz', type : 'boolean', value : 'false',
description : 'build against oss-fuzz')
option('llvm-fuzz', type : 'boolean', value : 'false',
description : 'build against LLVM libFuzzer')
option('kernel-install', type: 'boolean', value: 'true',
description : 'install kernel-install and associated files')
option('analyze', type: 'boolean', value: 'true',
description : 'install systemd-analyze')
option('bpf-framework', type : 'combo', choices : ['auto', 'true', 'false'],
description: 'build BPF programs from source code in restricted C')