Patches for cryptsetup _netdev

2017-10-18 15:25:26 +02:00 · 2017-10-18 15:25:26 +02:00 · ca246f98ec
commit ca246f98ec
parent 8a752251c4
5 changed files with 260 additions and 1 deletions
--- a/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
+++ b/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
@ -0,0 +1,41 @@
+From 8f462b074eb9830d6d5029f70c9010ce50e68357 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Oct 2017 22:13:03 +0200
+Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target
+
+This makes this target the same as remote-fs.target in this regard. In practice
+it probably doesn't make that much difference, because all encrypted devices
+that are part of remote-fs.target (marked with _netdev) will be used for mount
+points, so they will be pulled in anyway individually, but with this change any
+such device will be configured, even if it is not pulled by any other unit.
+---
+ system-preset/90-systemd.preset | 1 +
+ units/remote-cryptsetup.target  | 6 ++++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset
+index 3ba4bb760d..98bc4c3c55 100644
+--- a/system-preset/90-systemd.preset
+++ b/system-preset/90-systemd.preset
+@@ -9,6 +9,7 @@
+ # generally follow a default-off policy.
+ 
+ enable remote-fs.target
+enable remote-cryptsetup.target
+ enable machines.target
+ 
+ enable getty@.service
+diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
+index 60943bd1cb..c306d521f7 100644
+--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
+@@ -8,3 +8,9 @@
+ [Unit]
+ Description=Remote Encrypted Volumes
+ Documentation=man:systemd.special(7)
+After=remote-cryptsetup-pre.target
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Install]
+WantedBy=multi-user.target
--- a/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
+++ b/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
@ -0,0 +1,147 @@
+From a0dd209763f9e67054ee322a2dfd52bccf345c2e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Oct 2017 22:34:54 +0200
+Subject: [PATCH] units: replace remote-cryptsetup-pre.target with
+ remote-fs-pre.target
+
+remote-cryptsetup-pre.target was designed as an active unit (that pulls in
+network-online.target), the opposite of remote-fs-pre.target (a passive unit,
+with individual provider services ordering itself before it and pulling it in,
+for example iscsi.service and nfs-client.target).
+
+To make remote-cryptsetup-pre.target really work, those services should be
+ordered before it too. But this would require updates to all those services,
+not just changes from systemd side.
+
+But the requirements for remote-fs-pre.target and remote-cryptset-pre.target
+are fairly similar (e.g. iscsi devices can certainly be used for both), so
+let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses
+a bit of flexibility, but does away with the requirement for various provider
+services to know about remote-cryptsetup-pre.target.
+---
+ man/crypttab.xml                      |  2 +-
+ man/systemd.special.xml               | 20 ++++----------------
+ src/cryptsetup/cryptsetup-generator.c |  2 +-
+ units/meson.build                     |  1 -
+ units/remote-cryptsetup-pre.target    | 15 ---------------
+ units/remote-cryptsetup.target        |  2 +-
+ 6 files changed, 7 insertions(+), 35 deletions(-)
+ delete mode 100644 units/remote-cryptsetup-pre.target
+
+diff --git a/man/crypttab.xml b/man/crypttab.xml
+index ac7d55271c..caed04836e 100644
+--- a/man/crypttab.xml
+++ b/man/crypttab.xml
+@@ -198,7 +198,7 @@
+         started after the network is available, similarly to
+         <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+         units marked with <option>_netdev</option>. The service unit to set up this device
+-        will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+        will be ordered between <filename>remote-fs-pre.target</filename> and
+         <filename>remote-cryptsetup.target</filename>, instead of
+         <filename>cryptsetup-pre.target</filename> and
+         <filename>cryptsetup.target</filename>.</para></listitem>
+diff --git a/man/systemd.special.xml b/man/systemd.special.xml
+index 69c24c3979..bb0c796377 100644
+--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
+@@ -81,7 +81,6 @@
+     <filename>poweroff.target</filename>,
+     <filename>printer.target</filename>,
+     <filename>reboot.target</filename>,
+-    <filename>remote-cryptsetup-pre.target</filename>,
+     <filename>remote-cryptsetup.target</filename>,
+     <filename>remote-fs-pre.target</filename>,
+     <filename>remote-fs.target</filename>,
+@@ -494,18 +493,6 @@
+           this target unit, for compatibility with SysV.</para>
+         </listitem>
+       </varlistentry>
+-      <varlistentry>
+-        <term><filename>remote-cryptsetup-pre.target</filename></term>
+-        <listitem>
+-          <para>This target unit is automatically ordered before all cryptsetup devices
+-          marked with the <option>_netdev</option>. It can be used to execute additional
+-          units before such devices are set up.</para>
+-
+-          <para>It is ordered after <filename>network.target</filename> and
+-          <filename>network-online.target</filename>, and also pulls the latter in as a
+-          <varname>Wants=</varname> dependency.</para>
+-        </listitem>
+-      </varlistentry>
+       <varlistentry>
+         <term><filename>remote-cryptsetup.target</filename></term>
+         <listitem>
+@@ -906,9 +893,10 @@
+         <term><filename>remote-fs-pre.target</filename></term>
+         <listitem>
+           <para>This target unit is automatically ordered before all
+-          remote mount point units (see above). It can be used to run
+-          certain units before the remote mounts are established. Note
+-          that this unit is generally not part of the initial
+          mount point units (see above) and cryptsetup devices
+          marked with the <option>_netdev</option>. It can be used to run
+          certain units before remote encrypted devices and mounts are established.
+          Note that this unit is generally not part of the initial
+           transaction, unless the unit that wants to be ordered before
+           all remote mounts pulls it in via a
+           <varname>Wants=</varname> type dependency. If the unit wants
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 3752ca2ef2..040a1aa408 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -113,7 +113,7 @@ static int create_disk(
+                 "Conflicts=umount.target\n"
+                 "IgnoreOnIsolate=true\n"
+                 "After=%s\n",
+-                netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
+                netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
+ 
+         if (!nofail)
+                 fprintf(f,
+diff --git a/units/meson.build b/units/meson.build
+index 8494d23e9e..4e2ae3f302 100644
+--- a/units/meson.build
+++ b/units/meson.build
+@@ -48,7 +48,6 @@ units = [
+         ['proc-sys-fs-binfmt_misc.mount',       'ENABLE_BINFMT'],
+         ['reboot.target',                       '',
+          'runlevel6.target ctrl-alt-del.target'],
+-        ['remote-cryptsetup-pre.target',        'HAVE_LIBCRYPTSETUP'],
+         ['remote-cryptsetup.target',            'HAVE_LIBCRYPTSETUP',
+          join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
+         ['remote-fs-pre.target',                ''],
+diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
+deleted file mode 100644
+index a375e61889..0000000000
+--- a/units/remote-cryptsetup-pre.target
+++ /dev/null
+@@ -1,15 +0,0 @@
+-#  This file is part of systemd.
+-#
+-#  systemd is free software; you can redistribute it and/or modify it
+-#  under the terms of the GNU Lesser General Public License as published by
+-#  the Free Software Foundation; either version 2.1 of the License, or
+-#  (at your option) any later version.
+-
+-[Unit]
+-Description=Remote Encrypted Volumes (Pre)
+-Documentation=man:systemd.special(7)
+-RefuseManualStart=yes
+-Before=remote-cryptsetup.target
+-
+-After=network.target network-online.target
+-Wants=network-online.target
+diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
+index c306d521f7..d485b06726 100644
+--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
+@@ -8,7 +8,7 @@
+ [Unit]
+ Description=Remote Encrypted Volumes
+ Documentation=man:systemd.special(7)
+-After=remote-cryptsetup-pre.target
+After=remote-fs-pre.target
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+ 
--- a/0005-man-add-a-note-about-_netdev-usage.patch
+++ b/0005-man-add-a-note-about-_netdev-usage.patch
@ -0,0 +1,39 @@
+From 288c26165e0ff71857394f360f42432bc808556f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 12 Oct 2017 22:43:58 +0200
+Subject: [PATCH] man: add a note about _netdev usage
+
+---
+ man/crypttab.xml | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/man/crypttab.xml b/man/crypttab.xml
+index caed04836e..3aebd7ea90 100644
+--- a/man/crypttab.xml
+++ b/man/crypttab.xml
+@@ -201,7 +201,16 @@
+         will be ordered between <filename>remote-fs-pre.target</filename> and
+         <filename>remote-cryptsetup.target</filename>, instead of
+         <filename>cryptsetup-pre.target</filename> and
+-        <filename>cryptsetup.target</filename>.</para></listitem>
+        <filename>cryptsetup.target</filename>.</para>
+
+        <para>Hint: if this device is used for a mount point that is specified in
+        <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+        the <option>_netdev</option> option should also be used for the mount
+        point. Otherwise, a dependency loop might be created where the mount point
+        will be pulled in by <filename>local-fs.target</filename>, while the
+        service to configure the network is usually only started <emphasis>after</emphasis>
+        the local file system has been mounted.</para>
+        </listitem>
+       </varlistentry>
+ 
+       <varlistentry>
+@@ -433,6 +442,7 @@ hidden     /mnt/tc_hidden  /dev/null    tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
+       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+       <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+       <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+       <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+       <citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+       <citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
--- a/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch
+++ b/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch
@ -0,0 +1,25 @@
+From a0e030f53bad355be1084a0475eb30aae20e3e43 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 18 Oct 2017 15:14:46 +0200
+Subject: [PATCH] units: make remote-cryptsetup.target also after
+ cryptsetup-pre.target
+
+This way people can order units before cryptsetup-pre.target and
+have them run before any cryptsetup-related stuff.
+---
+ units/remote-cryptsetup.target | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
+index d485b06726..ac4e1b71db 100644
+--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
+@@ -8,7 +8,7 @@
+ [Unit]
+ Description=Remote Encrypted Volumes
+ Documentation=man:systemd.special(7)
+-After=remote-fs-pre.target
+After=remote-fs-pre.target cryptsetup-pre.target
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+ 
--- a/systemd.spec
+++ b/systemd.spec
@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        235
-Release:        1%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        2%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@ -48,6 +48,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[

 Patch0001:      0001-po-update-Polish-translation-7015.patch
 Patch0002:      0002-tests-skip-tests-when-cg_pid_get_path-fails.patch
+Patch0003:  	0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
+Patch0004:  	0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
+Patch0005:  	0005-man-add-a-note-about-_netdev-usage.patch
+Patch0006:  	0006-units-make-remote-cryptsetup.target-also-after-crypt.patch

 Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch

@ -1031,6 +1035,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
 %{pkgdir}/tests

 %changelog
+* Wed Oct 18 2017 zbyszek <zbyszek@in.waw.pl> - 235-2
+- Patches for cryptsetup _netdev
+
 * Fri Oct  6 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-1
 - Update to latest version