|
|
923a60 |
From d09c35c48005669c4c4663e3ba8a6f979432cead Mon Sep 17 00:00:00 2001
|
|
|
923a60 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
923a60 |
Date: Tue, 5 Sep 2017 11:30:33 +0200
|
|
|
923a60 |
Subject: [PATCH] cryptsetup-generator: use remote-cryptsetup.target when
|
|
|
923a60 |
_netdev is present
|
|
|
923a60 |
|
|
|
923a60 |
This allows such devices to depend on the network. Their startup will
|
|
|
923a60 |
be delayed similarly to network mount units.
|
|
|
923a60 |
|
|
|
923a60 |
Fixes #4642.
|
|
|
923a60 |
|
|
|
923a60 |
Cherry-picked from: b001ad61e91b6499897f0c977045c7608c233bfa
|
|
|
923a60 |
Resolves: #1384014
|
|
|
923a60 |
---
|
|
|
923a60 |
man/crypttab.xml | 13 ++++++++++
|
|
|
923a60 |
src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++---------
|
|
|
923a60 |
2 files changed, 37 insertions(+), 12 deletions(-)
|
|
|
923a60 |
|
|
|
923a60 |
diff --git a/man/crypttab.xml b/man/crypttab.xml
|
|
|
923a60 |
index 3e249ad23e..7085a16234 100644
|
|
|
923a60 |
--- a/man/crypttab.xml
|
|
|
923a60 |
+++ b/man/crypttab.xml
|
|
|
923a60 |
@@ -189,6 +189,19 @@
|
|
|
923a60 |
<option>size=</option>.</para></listitem>
|
|
|
923a60 |
</varlistentry>
|
|
|
923a60 |
|
|
|
923a60 |
+ <varlistentry>
|
|
|
923a60 |
+ <term><option>_netdev</option></term>
|
|
|
923a60 |
+
|
|
|
923a60 |
+ <listitem><para>Marks this cryptsetup device as requiring network. It will be
|
|
|
923a60 |
+ started after the network is available, similarly to
|
|
|
923a60 |
+ <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
|
923a60 |
+ units marked with <option>_netdev</option>. The service unit to set up this device
|
|
|
923a60 |
+ will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
|
|
|
923a60 |
+ <filename>remote-cryptsetup.target</filename>, instead of
|
|
|
923a60 |
+ <filename>cryptsetup-pre.target</filename> and
|
|
|
923a60 |
+ <filename>cryptsetup.target</filename>.</para></listitem>
|
|
|
923a60 |
+ </varlistentry>
|
|
|
923a60 |
+
|
|
|
923a60 |
<varlistentry>
|
|
|
923a60 |
<term><option>noauto</option></term>
|
|
|
923a60 |
|
|
|
923a60 |
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
|
|
|
923a60 |
index d191def5f8..49dc8f14b4 100644
|
|
|
923a60 |
--- a/src/cryptsetup/cryptsetup-generator.c
|
|
|
923a60 |
+++ b/src/cryptsetup/cryptsetup-generator.c
|
|
|
923a60 |
@@ -60,7 +60,7 @@ static int create_disk(
|
|
|
923a60 |
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
|
|
|
923a60 |
*filtered = NULL;
|
|
|
923a60 |
_cleanup_fclose_ FILE *f = NULL;
|
|
|
923a60 |
- bool noauto, nofail, tmp, swap;
|
|
|
923a60 |
+ bool noauto, nofail, tmp, swap, netdev;
|
|
|
923a60 |
char *from;
|
|
|
923a60 |
int r;
|
|
|
923a60 |
|
|
|
923a60 |
@@ -71,6 +71,7 @@ static int create_disk(
|
|
|
923a60 |
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
|
|
|
923a60 |
tmp = fstab_test_option(options, "tmp\0");
|
|
|
923a60 |
swap = fstab_test_option(options, "swap\0");
|
|
|
923a60 |
+ netdev = fstab_test_option(options, "_netdev\0");
|
|
|
923a60 |
|
|
|
923a60 |
if (tmp && swap) {
|
|
|
923a60 |
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
|
|
|
923a60 |
@@ -101,22 +102,24 @@ static int create_disk(
|
|
|
923a60 |
if (!f)
|
|
|
923a60 |
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
|
|
|
923a60 |
|
|
|
923a60 |
- fputs(
|
|
|
923a60 |
+ fprintf(f,
|
|
|
923a60 |
"# Automatically generated by systemd-cryptsetup-generator\n\n"
|
|
|
923a60 |
"[Unit]\n"
|
|
|
923a60 |
- "Description=Cryptography Setup for %I\n"
|
|
|
923a60 |
+ "Description=Cryptography Setup for %%I\n"
|
|
|
923a60 |
"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
|
|
|
923a60 |
"SourcePath=/etc/crypttab\n"
|
|
|
923a60 |
"DefaultDependencies=no\n"
|
|
|
923a60 |
"Conflicts=umount.target\n"
|
|
|
923a60 |
- "BindsTo=dev-mapper-%i.device\n"
|
|
|
923a60 |
+ "BindsTo=dev-mapper-%%i.device\n"
|
|
|
923a60 |
"IgnoreOnIsolate=true\n"
|
|
|
923a60 |
- "After=systemd-readahead-collect.service systemd-readahead-replay.service cryptsetup-pre.target\n",
|
|
|
923a60 |
- f);
|
|
|
923a60 |
+ "After=systemd-readahead-collect.service systemd-readahead-replay.service\n"
|
|
|
923a60 |
+ "After=%s\n",
|
|
|
923a60 |
+ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
|
|
|
923a60 |
|
|
|
923a60 |
if (!nofail)
|
|
|
923a60 |
fprintf(f,
|
|
|
923a60 |
- "Before=cryptsetup.target\n");
|
|
|
923a60 |
+ "Before=%s\n",
|
|
|
923a60 |
+ netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
|
|
|
923a60 |
|
|
|
923a60 |
if (password) {
|
|
|
923a60 |
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
|
|
|
923a60 |
@@ -196,16 +199,25 @@ static int create_disk(
|
|
|
923a60 |
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
|
|
923a60 |
|
|
|
923a60 |
free(to);
|
|
|
923a60 |
- if (!nofail)
|
|
|
923a60 |
- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
|
|
|
923a60 |
- else
|
|
|
923a60 |
- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
|
|
|
923a60 |
+ if (!netdev) {
|
|
|
923a60 |
+ if (!nofail)
|
|
|
923a60 |
+ to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
|
|
|
923a60 |
+ else
|
|
|
923a60 |
+ to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
|
|
|
923a60 |
+ } else {
|
|
|
923a60 |
+ if (!nofail)
|
|
|
923a60 |
+ to = strjoin(arg_dest, "/remote-cryptsetup.target.requires/", n, NULL);
|
|
|
923a60 |
+ else
|
|
|
923a60 |
+ to = strjoin(arg_dest, "/remote-cryptsetup.target.wants/", n, NULL);
|
|
|
923a60 |
+ }
|
|
|
923a60 |
if (!to)
|
|
|
923a60 |
return log_oom();
|
|
|
923a60 |
|
|
|
923a60 |
mkdir_parents_label(to, 0755);
|
|
|
923a60 |
- if (symlink(from, to) < 0)
|
|
|
923a60 |
+ if (symlink(from, to) < 0) {
|
|
|
923a60 |
+ free(to);
|
|
|
923a60 |
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
|
|
923a60 |
+ }
|
|
|
923a60 |
}
|
|
|
923a60 |
|
|
|
923a60 |
free(to);
|