Patches for cryptsetup _netdev
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
parent
8a752251c4
commit
ca246f98ec
|
|
@ -0,0 +1,41 @@
|
|||
From 8f462b074eb9830d6d5029f70c9010ce50e68357 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 12 Oct 2017 22:13:03 +0200
|
||||
Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target
|
||||
|
||||
This makes this target the same as remote-fs.target in this regard. In practice
|
||||
it probably doesn't make that much difference, because all encrypted devices
|
||||
that are part of remote-fs.target (marked with _netdev) will be used for mount
|
||||
points, so they will be pulled in anyway individually, but with this change any
|
||||
such device will be configured, even if it is not pulled by any other unit.
|
||||
---
|
||||
system-preset/90-systemd.preset | 1 +
|
||||
units/remote-cryptsetup.target | 6 ++++++
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset
|
||||
index 3ba4bb760d..98bc4c3c55 100644
|
||||
--- a/system-preset/90-systemd.preset
|
||||
+++ b/system-preset/90-systemd.preset
|
||||
@@ -9,6 +9,7 @@
|
||||
# generally follow a default-off policy.
|
||||
|
||||
enable remote-fs.target
|
||||
+enable remote-cryptsetup.target
|
||||
enable machines.target
|
||||
|
||||
enable getty@.service
|
||||
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
|
||||
index 60943bd1cb..c306d521f7 100644
|
||||
--- a/units/remote-cryptsetup.target
|
||||
+++ b/units/remote-cryptsetup.target
|
||||
@@ -8,3 +8,9 @@
|
||||
[Unit]
|
||||
Description=Remote Encrypted Volumes
|
||||
Documentation=man:systemd.special(7)
|
||||
+After=remote-cryptsetup-pre.target
|
||||
+DefaultDependencies=no
|
||||
+Conflicts=shutdown.target
|
||||
+
|
||||
+[Install]
|
||||
+WantedBy=multi-user.target
|
||||
|
|
@ -0,0 +1,147 @@
|
|||
From a0dd209763f9e67054ee322a2dfd52bccf345c2e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 12 Oct 2017 22:34:54 +0200
|
||||
Subject: [PATCH] units: replace remote-cryptsetup-pre.target with
|
||||
remote-fs-pre.target
|
||||
|
||||
remote-cryptsetup-pre.target was designed as an active unit (that pulls in
|
||||
network-online.target), the opposite of remote-fs-pre.target (a passive unit,
|
||||
with individual provider services ordering itself before it and pulling it in,
|
||||
for example iscsi.service and nfs-client.target).
|
||||
|
||||
To make remote-cryptsetup-pre.target really work, those services should be
|
||||
ordered before it too. But this would require updates to all those services,
|
||||
not just changes from systemd side.
|
||||
|
||||
But the requirements for remote-fs-pre.target and remote-cryptset-pre.target
|
||||
are fairly similar (e.g. iscsi devices can certainly be used for both), so
|
||||
let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses
|
||||
a bit of flexibility, but does away with the requirement for various provider
|
||||
services to know about remote-cryptsetup-pre.target.
|
||||
---
|
||||
man/crypttab.xml | 2 +-
|
||||
man/systemd.special.xml | 20 ++++----------------
|
||||
src/cryptsetup/cryptsetup-generator.c | 2 +-
|
||||
units/meson.build | 1 -
|
||||
units/remote-cryptsetup-pre.target | 15 ---------------
|
||||
units/remote-cryptsetup.target | 2 +-
|
||||
6 files changed, 7 insertions(+), 35 deletions(-)
|
||||
delete mode 100644 units/remote-cryptsetup-pre.target
|
||||
|
||||
diff --git a/man/crypttab.xml b/man/crypttab.xml
|
||||
index ac7d55271c..caed04836e 100644
|
||||
--- a/man/crypttab.xml
|
||||
+++ b/man/crypttab.xml
|
||||
@@ -198,7 +198,7 @@
|
||||
started after the network is available, similarly to
|
||||
<citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
units marked with <option>_netdev</option>. The service unit to set up this device
|
||||
- will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
|
||||
+ will be ordered between <filename>remote-fs-pre.target</filename> and
|
||||
<filename>remote-cryptsetup.target</filename>, instead of
|
||||
<filename>cryptsetup-pre.target</filename> and
|
||||
<filename>cryptsetup.target</filename>.</para></listitem>
|
||||
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
|
||||
index 69c24c3979..bb0c796377 100644
|
||||
--- a/man/systemd.special.xml
|
||||
+++ b/man/systemd.special.xml
|
||||
@@ -81,7 +81,6 @@
|
||||
<filename>poweroff.target</filename>,
|
||||
<filename>printer.target</filename>,
|
||||
<filename>reboot.target</filename>,
|
||||
- <filename>remote-cryptsetup-pre.target</filename>,
|
||||
<filename>remote-cryptsetup.target</filename>,
|
||||
<filename>remote-fs-pre.target</filename>,
|
||||
<filename>remote-fs.target</filename>,
|
||||
@@ -494,18 +493,6 @@
|
||||
this target unit, for compatibility with SysV.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
- <varlistentry>
|
||||
- <term><filename>remote-cryptsetup-pre.target</filename></term>
|
||||
- <listitem>
|
||||
- <para>This target unit is automatically ordered before all cryptsetup devices
|
||||
- marked with the <option>_netdev</option>. It can be used to execute additional
|
||||
- units before such devices are set up.</para>
|
||||
-
|
||||
- <para>It is ordered after <filename>network.target</filename> and
|
||||
- <filename>network-online.target</filename>, and also pulls the latter in as a
|
||||
- <varname>Wants=</varname> dependency.</para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>remote-cryptsetup.target</filename></term>
|
||||
<listitem>
|
||||
@@ -906,9 +893,10 @@
|
||||
<term><filename>remote-fs-pre.target</filename></term>
|
||||
<listitem>
|
||||
<para>This target unit is automatically ordered before all
|
||||
- remote mount point units (see above). It can be used to run
|
||||
- certain units before the remote mounts are established. Note
|
||||
- that this unit is generally not part of the initial
|
||||
+ mount point units (see above) and cryptsetup devices
|
||||
+ marked with the <option>_netdev</option>. It can be used to run
|
||||
+ certain units before remote encrypted devices and mounts are established.
|
||||
+ Note that this unit is generally not part of the initial
|
||||
transaction, unless the unit that wants to be ordered before
|
||||
all remote mounts pulls it in via a
|
||||
<varname>Wants=</varname> type dependency. If the unit wants
|
||||
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
||||
index 3752ca2ef2..040a1aa408 100644
|
||||
--- a/src/cryptsetup/cryptsetup-generator.c
|
||||
+++ b/src/cryptsetup/cryptsetup-generator.c
|
||||
@@ -113,7 +113,7 @@ static int create_disk(
|
||||
"Conflicts=umount.target\n"
|
||||
"IgnoreOnIsolate=true\n"
|
||||
"After=%s\n",
|
||||
- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
|
||||
+ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
|
||||
|
||||
if (!nofail)
|
||||
fprintf(f,
|
||||
diff --git a/units/meson.build b/units/meson.build
|
||||
index 8494d23e9e..4e2ae3f302 100644
|
||||
--- a/units/meson.build
|
||||
+++ b/units/meson.build
|
||||
@@ -48,7 +48,6 @@ units = [
|
||||
['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'],
|
||||
['reboot.target', '',
|
||||
'runlevel6.target ctrl-alt-del.target'],
|
||||
- ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'],
|
||||
['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP',
|
||||
join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
|
||||
['remote-fs-pre.target', ''],
|
||||
diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
|
||||
deleted file mode 100644
|
||||
index a375e61889..0000000000
|
||||
--- a/units/remote-cryptsetup-pre.target
|
||||
+++ /dev/null
|
||||
@@ -1,15 +0,0 @@
|
||||
-# This file is part of systemd.
|
||||
-#
|
||||
-# systemd is free software; you can redistribute it and/or modify it
|
||||
-# under the terms of the GNU Lesser General Public License as published by
|
||||
-# the Free Software Foundation; either version 2.1 of the License, or
|
||||
-# (at your option) any later version.
|
||||
-
|
||||
-[Unit]
|
||||
-Description=Remote Encrypted Volumes (Pre)
|
||||
-Documentation=man:systemd.special(7)
|
||||
-RefuseManualStart=yes
|
||||
-Before=remote-cryptsetup.target
|
||||
-
|
||||
-After=network.target network-online.target
|
||||
-Wants=network-online.target
|
||||
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
|
||||
index c306d521f7..d485b06726 100644
|
||||
--- a/units/remote-cryptsetup.target
|
||||
+++ b/units/remote-cryptsetup.target
|
||||
@@ -8,7 +8,7 @@
|
||||
[Unit]
|
||||
Description=Remote Encrypted Volumes
|
||||
Documentation=man:systemd.special(7)
|
||||
-After=remote-cryptsetup-pre.target
|
||||
+After=remote-fs-pre.target
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
From 288c26165e0ff71857394f360f42432bc808556f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Thu, 12 Oct 2017 22:43:58 +0200
|
||||
Subject: [PATCH] man: add a note about _netdev usage
|
||||
|
||||
---
|
||||
man/crypttab.xml | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/crypttab.xml b/man/crypttab.xml
|
||||
index caed04836e..3aebd7ea90 100644
|
||||
--- a/man/crypttab.xml
|
||||
+++ b/man/crypttab.xml
|
||||
@@ -201,7 +201,16 @@
|
||||
will be ordered between <filename>remote-fs-pre.target</filename> and
|
||||
<filename>remote-cryptsetup.target</filename>, instead of
|
||||
<filename>cryptsetup-pre.target</filename> and
|
||||
- <filename>cryptsetup.target</filename>.</para></listitem>
|
||||
+ <filename>cryptsetup.target</filename>.</para>
|
||||
+
|
||||
+ <para>Hint: if this device is used for a mount point that is specified in
|
||||
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
+ the <option>_netdev</option> option should also be used for the mount
|
||||
+ point. Otherwise, a dependency loop might be created where the mount point
|
||||
+ will be pulled in by <filename>local-fs.target</filename>, while the
|
||||
+ service to configure the network is usually only started <emphasis>after</emphasis>
|
||||
+ the local file system has been mounted.</para>
|
||||
+ </listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@@ -433,6 +442,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
+ <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
From a0e030f53bad355be1084a0475eb30aae20e3e43 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 18 Oct 2017 15:14:46 +0200
|
||||
Subject: [PATCH] units: make remote-cryptsetup.target also after
|
||||
cryptsetup-pre.target
|
||||
|
||||
This way people can order units before cryptsetup-pre.target and
|
||||
have them run before any cryptsetup-related stuff.
|
||||
---
|
||||
units/remote-cryptsetup.target | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
|
||||
index d485b06726..ac4e1b71db 100644
|
||||
--- a/units/remote-cryptsetup.target
|
||||
+++ b/units/remote-cryptsetup.target
|
||||
@@ -8,7 +8,7 @@
|
||||
[Unit]
|
||||
Description=Remote Encrypted Volumes
|
||||
Documentation=man:systemd.special(7)
|
||||
-After=remote-fs-pre.target
|
||||
+After=remote-fs-pre.target cryptsetup-pre.target
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 235
|
||||
Release: 1%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
Release: 2%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
|
|
@ -48,6 +48,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
|
|||
|
||||
Patch0001: 0001-po-update-Polish-translation-7015.patch
|
||||
Patch0002: 0002-tests-skip-tests-when-cg_pid_get_path-fails.patch
|
||||
Patch0003: 0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
|
||||
Patch0004: 0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
|
||||
Patch0005: 0005-man-add-a-note-about-_netdev-usage.patch
|
||||
Patch0006: 0006-units-make-remote-cryptsetup.target-also-after-crypt.patch
|
||||
|
||||
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||
|
||||
|
|
@ -1031,6 +1035,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
|
|||
%{pkgdir}/tests
|
||||
|
||||
%changelog
|
||||
* Wed Oct 18 2017 zbyszek <zbyszek@in.waw.pl> - 235-2
|
||||
- Patches for cryptsetup _netdev
|
||||
|
||||
* Fri Oct 6 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-1
|
||||
- Update to latest version
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue