Backport /etc/crypttab _netdev feature from upstream

This commit is contained in:
Nathaniel McCallum 2017-09-26 10:48:54 -04:00
parent 1d5166b9df
commit ac49c72d1e
2 changed files with 285 additions and 1 deletions

280
0999-netdev-crypttab.patch Normal file
View File

@ -0,0 +1,280 @@
From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 09:14:51 +0200
Subject: [PATCH 1/3] units: order cryptsetup-pre.target before
cryptsetup.target
Normally this happens automatically, but if it happened that both targets were
pulled in, even though there were no cryptsetup units, they could be started
in reverse order, which would be somewhat confusing. Add an explicit ordering
to avoid this potential issue.
---
units/cryptsetup-pre.target | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 65353419f..42e35dd4e 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -9,3 +9,4 @@
Description=Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
+Before=cryptsetup.target
--
2.14.1
From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 10:15:13 +0200
Subject: [PATCH 2/3] units: add remote-cryptsetup.target and
remote-cryptsetup-pre.target
The pair is similar to remote-fs.target and remote-fs-pre.target. Any
cryptsetup devices which require network shall be ordered after
remote-cryptsetup-pre.target and before remote-cryptsetup.target.
---
man/systemd.special.xml | 23 +++++++++++++++++++++++
units/cryptsetup-pre.target | 2 +-
units/cryptsetup.target | 2 +-
units/meson.build | 3 +++
units/remote-cryptsetup-pre.target | 15 +++++++++++++++
units/remote-cryptsetup.target | 10 ++++++++++
6 files changed, 53 insertions(+), 2 deletions(-)
create mode 100644 units/remote-cryptsetup-pre.target
create mode 100644 units/remote-cryptsetup.target
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 66c45e39a..7107b8a92 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,6 +81,8 @@
<filename>poweroff.target</filename>,
<filename>printer.target</filename>,
<filename>reboot.target</filename>,
+ <filename>remote-cryptsetup-pre.target</filename>,
+ <filename>remote-cryptsetup.target</filename>,
<filename>remote-fs-pre.target</filename>,
<filename>remote-fs.target</filename>,
<filename>rescue.target</filename>,
@@ -450,6 +452,27 @@
this target unit, for compatibility with SysV.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup-pre.target</filename></term>
+ <listitem>
+ <para>This target unit is automatically ordered before all cryptsetup devices
+ marked with the <option>_netdev</option>. It can be used to execute additional
+ units before such devices are set up.</para>
+
+ <para>It is ordered after <filename>network.target</filename> and
+ <filename>network-online.target</filename>, and also pulls the latter in as a
+ <varname>Wants=</varname> dependency.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>remote-cryptsetup.target</filename></term>
+ <listitem>
+ <para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
+ devices which are accessed over the network. It is used for
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ entries marked with <option>_netdev</option>.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><filename>remote-fs.target</filename></term>
<listitem>
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
index 42e35dd4e..6cb28a61a 100644
--- a/units/cryptsetup-pre.target
+++ b/units/cryptsetup-pre.target
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes (Pre)
+Description=Local Encrypted Volumes (Pre)
Documentation=man:systemd.special(7)
RefuseManualStart=yes
Before=cryptsetup.target
diff --git a/units/cryptsetup.target b/units/cryptsetup.target
index 25d3e33f6..10b17fd38 100644
--- a/units/cryptsetup.target
+++ b/units/cryptsetup.target
@@ -6,5 +6,5 @@
# (at your option) any later version.
[Unit]
-Description=Encrypted Volumes
+Description=Local Encrypted Volumes
Documentation=man:systemd.special(7)
diff --git a/units/meson.build b/units/meson.build
index e94add6a6..e6351c7a2 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -47,6 +47,9 @@ units = [
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
['reboot.target', '',
'runlevel6.target ctrl-alt-del.target'],
+ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
+ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
+ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
['remote-fs-pre.target', ''],
['remote-fs.target', '',
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
new file mode 100644
index 000000000..a375e6188
--- /dev/null
+++ b/units/remote-cryptsetup-pre.target
@@ -0,0 +1,15 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
+Before=remote-cryptsetup.target
+
+After=network.target network-online.target
+Wants=network-online.target
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
new file mode 100644
index 000000000..60943bd1c
--- /dev/null
+++ b/units/remote-cryptsetup.target
@@ -0,0 +1,10 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remote Encrypted Volumes
+Documentation=man:systemd.special(7)
--
2.14.1
From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 5 Sep 2017 11:30:33 +0200
Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when
_netdev is present
This allows such devices to depend on the network. Their startup will
be delayed similarly to network mount units.
Fixes #4642.
---
man/crypttab.xml | 13 +++++++++++++
src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++-----------------
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 17976f370..162377ebc 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -213,6 +213,19 @@
<option>size=</option>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>_netdev</option></term>
+
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
+ started after the network is available, similarly to
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ units marked with <option>_netdev</option>. The service unit to set up this device
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+ <filename>remote-cryptsetup.target</filename>, instead of
+ <filename>cryptsetup-pre.target</filename> and
+ <filename>cryptsetup.target</filename>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>noauto</option></term>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index b58b6db7c..8571ab06e 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -61,7 +61,7 @@ static int create_disk(
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
*filtered = NULL;
_cleanup_fclose_ FILE *f = NULL;
- bool noauto, nofail, tmp, swap;
+ bool noauto, nofail, tmp, swap, netdev;
char *from;
int r;
@@ -72,6 +72,7 @@ static int create_disk(
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
tmp = fstab_test_option(options, "tmp\0");
swap = fstab_test_option(options, "swap\0");
+ netdev = fstab_test_option(options, "_netdev\0");
if (tmp && swap) {
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
@@ -102,21 +103,22 @@ static int create_disk(
if (!f)
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
- "[Unit]\n"
- "Description=Cryptography Setup for %I\n"
- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
- "SourcePath=/etc/crypttab\n"
- "DefaultDependencies=no\n"
- "Conflicts=umount.target\n"
- "BindsTo=dev-mapper-%i.device\n"
- "IgnoreOnIsolate=true\n"
- "After=cryptsetup-pre.target\n",
- f);
+ fprintf(f,
+ "# Automatically generated by systemd-cryptsetup-generator\n\n"
+ "[Unit]\n"
+ "Description=Cryptography Setup for %%I\n"
+ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
+ "SourcePath=/etc/crypttab\n"
+ "DefaultDependencies=no\n"
+ "Conflicts=umount.target\n"
+ "IgnoreOnIsolate=true\n"
+ "After=%s\n",
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
if (!nofail)
fprintf(f,
- "Before=cryptsetup.target\n");
+ "Before=%s\n",
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
if (password) {
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
@@ -200,10 +202,10 @@ static int create_disk(
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
free(to);
- if (!nofail)
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
- else
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
+ to = strjoin(arg_dest,
+ netdev ? "/remote-cryptsetup" : "/cryptsetup",
+ ".target.",
+ nofail ? "wants/" : "requires/", n);
if (!to)
return log_oom();
--
2.14.1

View File

@ -13,7 +13,7 @@
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 234 Version: 234
Release: 7%{?gitcommit:.git%{gitcommitshort}}%{?dist} Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -72,6 +72,7 @@ Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch
Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
Patch0999: 0999-netdev-crypttab.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@ -1052,6 +1053,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
%{pkgdir}/tests %{pkgdir}/tests
%changelog %changelog
* Tue Sep 26 2017 Nathaniel McCallum <npmccallum@redhat.com> - 234-8
- Backport /etc/crypttab _netdev feature from upstream
* Thu Sep 21 2017 Michal Sekletar <msekleta@redhat.com> - 234-7 * Thu Sep 21 2017 Michal Sekletar <msekleta@redhat.com> - 234-7
- Make sure to remove all device units sharing the same sysfs path (#1475570) - Make sure to remove all device units sharing the same sysfs path (#1475570)