From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 5 Sep 2017 09:14:51 +0200 Subject: [PATCH 1/3] units: order cryptsetup-pre.target before cryptsetup.target Normally this happens automatically, but if it happened that both targets were pulled in, even though there were no cryptsetup units, they could be started in reverse order, which would be somewhat confusing. Add an explicit ordering to avoid this potential issue. --- units/cryptsetup-pre.target | 1 + 1 file changed, 1 insertion(+) diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target index 65353419f..42e35dd4e 100644 --- a/units/cryptsetup-pre.target +++ b/units/cryptsetup-pre.target @@ -9,3 +9,4 @@ Description=Encrypted Volumes (Pre) Documentation=man:systemd.special(7) RefuseManualStart=yes +Before=cryptsetup.target -- 2.14.1 From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 5 Sep 2017 10:15:13 +0200 Subject: [PATCH 2/3] units: add remote-cryptsetup.target and remote-cryptsetup-pre.target The pair is similar to remote-fs.target and remote-fs-pre.target. Any cryptsetup devices which require network shall be ordered after remote-cryptsetup-pre.target and before remote-cryptsetup.target. --- man/systemd.special.xml | 23 +++++++++++++++++++++++ units/cryptsetup-pre.target | 2 +- units/cryptsetup.target | 2 +- units/meson.build | 3 +++ units/remote-cryptsetup-pre.target | 15 +++++++++++++++ units/remote-cryptsetup.target | 10 ++++++++++ 6 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 units/remote-cryptsetup-pre.target create mode 100644 units/remote-cryptsetup.target diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 66c45e39a..7107b8a92 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -81,6 +81,8 @@ poweroff.target, printer.target, reboot.target, + remote-cryptsetup-pre.target, + remote-cryptsetup.target, remote-fs-pre.target, remote-fs.target, rescue.target, @@ -450,6 +452,27 @@ this target unit, for compatibility with SysV. + + remote-cryptsetup-pre.target + + This target unit is automatically ordered before all cryptsetup devices + marked with the . It can be used to execute additional + units before such devices are set up. + + It is ordered after network.target and + network-online.target, and also pulls the latter in as a + Wants= dependency. + + + + remote-cryptsetup.target + + Similar to cryptsetup.target, but for encrypted + devices which are accessed over the network. It is used for + crypttab8 + entries marked with . + + remote-fs.target diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target index 42e35dd4e..6cb28a61a 100644 --- a/units/cryptsetup-pre.target +++ b/units/cryptsetup-pre.target @@ -6,7 +6,7 @@ # (at your option) any later version. [Unit] -Description=Encrypted Volumes (Pre) +Description=Local Encrypted Volumes (Pre) Documentation=man:systemd.special(7) RefuseManualStart=yes Before=cryptsetup.target diff --git a/units/cryptsetup.target b/units/cryptsetup.target index 25d3e33f6..10b17fd38 100644 --- a/units/cryptsetup.target +++ b/units/cryptsetup.target @@ -6,5 +6,5 @@ # (at your option) any later version. [Unit] -Description=Encrypted Volumes +Description=Local Encrypted Volumes Documentation=man:systemd.special(7) diff --git a/units/meson.build b/units/meson.build index e94add6a6..e6351c7a2 100644 --- a/units/meson.build +++ b/units/meson.build @@ -47,6 +47,9 @@ units = [ ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], ['reboot.target', '', 'runlevel6.target ctrl-alt-del.target'], + ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], ['remote-fs-pre.target', ''], ['remote-fs.target', '', join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target new file mode 100644 index 000000000..a375e6188 --- /dev/null +++ b/units/remote-cryptsetup-pre.target @@ -0,0 +1,15 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Encrypted Volumes (Pre) +Documentation=man:systemd.special(7) +RefuseManualStart=yes +Before=remote-cryptsetup.target + +After=network.target network-online.target +Wants=network-online.target diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target new file mode 100644 index 000000000..60943bd1c --- /dev/null +++ b/units/remote-cryptsetup.target @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote Encrypted Volumes +Documentation=man:systemd.special(7) -- 2.14.1 From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 5 Sep 2017 11:30:33 +0200 Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when _netdev is present This allows such devices to depend on the network. Their startup will be delayed similarly to network mount units. Fixes #4642. --- man/crypttab.xml | 13 +++++++++++++ src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++----------------- 2 files changed, 32 insertions(+), 17 deletions(-) diff --git a/man/crypttab.xml b/man/crypttab.xml index 17976f370..162377ebc 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -213,6 +213,19 @@ . + + + + Marks this cryptsetup device as requiring network. It will be + started after the network is available, similarly to + systemd.mount5 + units marked with . The service unit to set up this device + will be ordered between remote-cryptsetup-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and + cryptsetup.target. + + diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index b58b6db7c..8571ab06e 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -61,7 +61,7 @@ static int create_disk( _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL, *filtered = NULL; _cleanup_fclose_ FILE *f = NULL; - bool noauto, nofail, tmp, swap; + bool noauto, nofail, tmp, swap, netdev; char *from; int r; @@ -72,6 +72,7 @@ static int create_disk( nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); tmp = fstab_test_option(options, "tmp\0"); swap = fstab_test_option(options, "swap\0"); + netdev = fstab_test_option(options, "_netdev\0"); if (tmp && swap) { log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); @@ -102,21 +103,22 @@ static int create_disk( if (!f) return log_error_errno(errno, "Failed to create unit file %s: %m", p); - fputs("# Automatically generated by systemd-cryptsetup-generator\n\n" - "[Unit]\n" - "Description=Cryptography Setup for %I\n" - "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" - "SourcePath=/etc/crypttab\n" - "DefaultDependencies=no\n" - "Conflicts=umount.target\n" - "BindsTo=dev-mapper-%i.device\n" - "IgnoreOnIsolate=true\n" - "After=cryptsetup-pre.target\n", - f); + fprintf(f, + "# Automatically generated by systemd-cryptsetup-generator\n\n" + "[Unit]\n" + "Description=Cryptography Setup for %%I\n" + "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" + "SourcePath=/etc/crypttab\n" + "DefaultDependencies=no\n" + "Conflicts=umount.target\n" + "IgnoreOnIsolate=true\n" + "After=%s\n", + netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); if (!nofail) fprintf(f, - "Before=cryptsetup.target\n"); + "Before=%s\n", + netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); if (password) { if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) @@ -200,10 +202,10 @@ static int create_disk( return log_error_errno(errno, "Failed to create symlink %s: %m", to); free(to); - if (!nofail) - to = strjoin(arg_dest, "/cryptsetup.target.requires/", n); - else - to = strjoin(arg_dest, "/cryptsetup.target.wants/", n); + to = strjoin(arg_dest, + netdev ? "/remote-cryptsetup" : "/cryptsetup", + ".target.", + nofail ? "wants/" : "requires/", n); if (!to) return log_oom(); -- 2.14.1