From ac49c72d1e76192166757746fe8c86a2104c9e16 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Sep 26 2017 14:48:54 +0000 Subject: Backport /etc/crypttab _netdev feature from upstream --- diff --git a/0999-netdev-crypttab.patch b/0999-netdev-crypttab.patch new file mode 100644 index 0000000..ba91dee --- /dev/null +++ b/0999-netdev-crypttab.patch @@ -0,0 +1,280 @@ +From 3acb27df403c9e5772eb1d81aba1c65b6c7acc08 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 09:14:51 +0200 +Subject: [PATCH 1/3] units: order cryptsetup-pre.target before + cryptsetup.target + +Normally this happens automatically, but if it happened that both targets were +pulled in, even though there were no cryptsetup units, they could be started +in reverse order, which would be somewhat confusing. Add an explicit ordering +to avoid this potential issue. +--- + units/cryptsetup-pre.target | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target +index 65353419f..42e35dd4e 100644 +--- a/units/cryptsetup-pre.target ++++ b/units/cryptsetup-pre.target +@@ -9,3 +9,4 @@ + Description=Encrypted Volumes (Pre) + Documentation=man:systemd.special(7) + RefuseManualStart=yes ++Before=cryptsetup.target +-- +2.14.1 + + +From 51a012da40e8d0d4d8df931b3bc56ea913c3856a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 10:15:13 +0200 +Subject: [PATCH 2/3] units: add remote-cryptsetup.target and + remote-cryptsetup-pre.target + +The pair is similar to remote-fs.target and remote-fs-pre.target. Any +cryptsetup devices which require network shall be ordered after +remote-cryptsetup-pre.target and before remote-cryptsetup.target. +--- + man/systemd.special.xml | 23 +++++++++++++++++++++++ + units/cryptsetup-pre.target | 2 +- + units/cryptsetup.target | 2 +- + units/meson.build | 3 +++ + units/remote-cryptsetup-pre.target | 15 +++++++++++++++ + units/remote-cryptsetup.target | 10 ++++++++++ + 6 files changed, 53 insertions(+), 2 deletions(-) + create mode 100644 units/remote-cryptsetup-pre.target + create mode 100644 units/remote-cryptsetup.target + +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index 66c45e39a..7107b8a92 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -81,6 +81,8 @@ + poweroff.target, + printer.target, + reboot.target, ++ remote-cryptsetup-pre.target, ++ remote-cryptsetup.target, + remote-fs-pre.target, + remote-fs.target, + rescue.target, +@@ -450,6 +452,27 @@ + this target unit, for compatibility with SysV. + + ++ ++ remote-cryptsetup-pre.target ++ ++ This target unit is automatically ordered before all cryptsetup devices ++ marked with the . It can be used to execute additional ++ units before such devices are set up. ++ ++ It is ordered after network.target and ++ network-online.target, and also pulls the latter in as a ++ Wants= dependency. ++ ++ ++ ++ remote-cryptsetup.target ++ ++ Similar to cryptsetup.target, but for encrypted ++ devices which are accessed over the network. It is used for ++ crypttab8 ++ entries marked with . ++ ++ + + remote-fs.target + +diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target +index 42e35dd4e..6cb28a61a 100644 +--- a/units/cryptsetup-pre.target ++++ b/units/cryptsetup-pre.target +@@ -6,7 +6,7 @@ + # (at your option) any later version. + + [Unit] +-Description=Encrypted Volumes (Pre) ++Description=Local Encrypted Volumes (Pre) + Documentation=man:systemd.special(7) + RefuseManualStart=yes + Before=cryptsetup.target +diff --git a/units/cryptsetup.target b/units/cryptsetup.target +index 25d3e33f6..10b17fd38 100644 +--- a/units/cryptsetup.target ++++ b/units/cryptsetup.target +@@ -6,5 +6,5 @@ + # (at your option) any later version. + + [Unit] +-Description=Encrypted Volumes ++Description=Local Encrypted Volumes + Documentation=man:systemd.special(7) +diff --git a/units/meson.build b/units/meson.build +index e94add6a6..e6351c7a2 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -47,6 +47,9 @@ units = [ + ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], + ['reboot.target', '', + 'runlevel6.target ctrl-alt-del.target'], ++ ['remote-cryptsetup-pre.target', 'HAVE_LIBCRYPTSETUP'], ++ ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', ++ join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], + ['remote-fs-pre.target', ''], + ['remote-fs.target', '', + join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')], +diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target +new file mode 100644 +index 000000000..a375e6188 +--- /dev/null ++++ b/units/remote-cryptsetup-pre.target +@@ -0,0 +1,15 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Remote Encrypted Volumes (Pre) ++Documentation=man:systemd.special(7) ++RefuseManualStart=yes ++Before=remote-cryptsetup.target ++ ++After=network.target network-online.target ++Wants=network-online.target +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +new file mode 100644 +index 000000000..60943bd1c +--- /dev/null ++++ b/units/remote-cryptsetup.target +@@ -0,0 +1,10 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Remote Encrypted Volumes ++Documentation=man:systemd.special(7) +-- +2.14.1 + + +From 543a62336565c840bbda22df0eb2a1c19180a8d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 11:30:33 +0200 +Subject: [PATCH 3/3] cryptsetup-generator: use remote-cryptsetup.target when + _netdev is present + +This allows such devices to depend on the network. Their startup will +be delayed similarly to network mount units. + +Fixes #4642. +--- + man/crypttab.xml | 13 +++++++++++++ + src/cryptsetup/cryptsetup-generator.c | 36 ++++++++++++++++++----------------- + 2 files changed, 32 insertions(+), 17 deletions(-) + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 17976f370..162377ebc 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -213,6 +213,19 @@ + . + + ++ ++ ++ ++ Marks this cryptsetup device as requiring network. It will be ++ started after the network is available, similarly to ++ systemd.mount5 ++ units marked with . The service unit to set up this device ++ will be ordered between remote-cryptsetup-pre.target and ++ remote-cryptsetup.target, instead of ++ cryptsetup-pre.target and ++ cryptsetup.target. ++ ++ + + + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index b58b6db7c..8571ab06e 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -61,7 +61,7 @@ static int create_disk( + _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL, + *filtered = NULL; + _cleanup_fclose_ FILE *f = NULL; +- bool noauto, nofail, tmp, swap; ++ bool noauto, nofail, tmp, swap, netdev; + char *from; + int r; + +@@ -72,6 +72,7 @@ static int create_disk( + nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); + tmp = fstab_test_option(options, "tmp\0"); + swap = fstab_test_option(options, "swap\0"); ++ netdev = fstab_test_option(options, "_netdev\0"); + + if (tmp && swap) { + log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); +@@ -102,21 +103,22 @@ static int create_disk( + if (!f) + return log_error_errno(errno, "Failed to create unit file %s: %m", p); + +- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n" +- "[Unit]\n" +- "Description=Cryptography Setup for %I\n" +- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" +- "SourcePath=/etc/crypttab\n" +- "DefaultDependencies=no\n" +- "Conflicts=umount.target\n" +- "BindsTo=dev-mapper-%i.device\n" +- "IgnoreOnIsolate=true\n" +- "After=cryptsetup-pre.target\n", +- f); ++ fprintf(f, ++ "# Automatically generated by systemd-cryptsetup-generator\n\n" ++ "[Unit]\n" ++ "Description=Cryptography Setup for %%I\n" ++ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" ++ "SourcePath=/etc/crypttab\n" ++ "DefaultDependencies=no\n" ++ "Conflicts=umount.target\n" ++ "IgnoreOnIsolate=true\n" ++ "After=%s\n", ++ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); + + if (!nofail) + fprintf(f, +- "Before=cryptsetup.target\n"); ++ "Before=%s\n", ++ netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); + + if (password) { + if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) +@@ -200,10 +202,10 @@ static int create_disk( + return log_error_errno(errno, "Failed to create symlink %s: %m", to); + + free(to); +- if (!nofail) +- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n); +- else +- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n); ++ to = strjoin(arg_dest, ++ netdev ? "/remote-cryptsetup" : "/cryptsetup", ++ ".target.", ++ nofail ? "wants/" : "requires/", n); + if (!to) + return log_oom(); + +-- +2.14.1 + diff --git a/systemd.spec b/systemd.spec index 995edb1..1ef9152 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 234 -Release: 7%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -72,6 +72,7 @@ Patch0023: 0023-build-sys-bump-xslt-maxdepth-limit.patch Patch0024: 0024-device-make-sure-to-remove-all-device-units-sharing-.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch0999: 0999-netdev-crypttab.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -1052,6 +1053,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/tests %changelog +* Tue Sep 26 2017 Nathaniel McCallum - 234-8 +- Backport /etc/crypttab _netdev feature from upstream + * Thu Sep 21 2017 Michal Sekletar - 234-7 - Make sure to remove all device units sharing the same sysfs path (#1475570)