In this document, I will explain how to upgrade the default systemd version from 237 to 242.
The main reason why I needed this was related to the DNS-over-TLS that was not supported in the version 237 but available from version 242.
Later, when playing with Lynis, the security auditing tool, I then discovered that the version 242 was also providing the command systemd-analyze that is used by lynis to detect if existing systemd services are configured correctly in the security context, meaning that the existing services can run as expected but needs few or several changes in their configuration to make them safe without any exploitable attack surfaces.
You can try it once you've installed the version 242 of systemd that way:
$ systemd-analyze security [service-or-unit-to-analyze]
# Install required dependencies
sudo apt install build-essential devscripts python3-pip cmake libssl-dev libpcre2-dev
# Upgrade Meson version
sudo -H pip3 install --target=/usr/bin --upgrade meson
# Install new user Meson version
pip3 install --user meson
# Reboot to complete changes
sudo reboot# Patch sources file
sudo sed -e 's/# deb-src/deb-src/' -i /etc/apt/sources.list
# Update package cache
sudo apt update --fix-missing -ysudo apt build-dep systemd
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/systemd/242-7ubuntu3.11/systemd_242.orig.tar.gz
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/systemd/242-7ubuntu3.11/systemd_242-7ubuntu3.11.debian.tar.xz
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/systemd/242-7ubuntu3.11/systemd_242-7ubuntu3.11.dsc
It won't work with later versions
# Move to home
cd $HOME
# Uncompress orig archive
tar xvzf systemd_242.orig.tar.gz
# Move to decompressed folder
cd systemd-242
# Uncompress debian files
tar xvJf ../systemd_242-7ubuntu3.11.debian.tar.xzThis will also generate debian packages to install in next step.
dpkg-buildpackage -us -uc -d
This step is pretty long so be patient if you don't have a lot of CPU cores.
The argument
-dis required to bypass the requested Meson version.
Now we will install the new compiled systemd version.
# Move back to home
cd $HOME
# List generated debian packages
ll | grep deb
# Create dedicated folder for debian packages
mkdir -v systemd-242-debs
# Move all created packages
mv -v *.*deb systemd-242-debs/
# Move to debian packages folder
cd systemd-242-debs
# Install generated packages
sudo dpkg --auto-deconfigure -i *.deb
# Reboot to apply changes
sudo rebootYou can safely ignore this error:
Errors were encountered while processing: systemd-coredump_242-7ubuntu3.11_amd64.deb
systemd --version
It should return something similar:
systemd 242 (242)
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid
- https://wiki.archlinux.org/index.php/systemd
- https://askubuntu.com/questions/627174/how-would-i-upgrade-systemd
- https://www.freedesktop.org/wiki/Software/systemd/
- https://launchpad.net/ubuntu/+source/systemd
- https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.11
- https://github.com/systemd/systemd
- https://askubuntu.com/questions/1212424/update-meson-on-ubuntu-18-04-4-lts-force-update
nice documentation.