Patches for cryptsetup _netdev

2017-10-18 15:25:26 +02:00 · 2017-10-18 15:25:26 +02:00 · ca246f98ec
commit ca246f98ec
parent 8a752251c4
5 changed files with 260 additions and 1 deletions
--- a/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
+++ b/0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
@ -0,0 +1,41 @@
 From 8f462b074eb9830d6d5029f70c9010ce50e68357 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Thu, 12 Oct 2017 22:13:03 +0200
 Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target
 This makes this target the same as remote-fs.target in this regard. In practice
 it probably doesn't make that much difference, because all encrypted devices
 that are part of remote-fs.target (marked with _netdev) will be used for mount
 points, so they will be pulled in anyway individually, but with this change any
 such device will be configured, even if it is not pulled by any other unit.
 ---
 system-preset/90-systemd.preset | 1 +
 units/remote-cryptsetup.target  | 6 ++++++
 2 files changed, 7 insertions(+)
 diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset
 index 3ba4bb760d..98bc4c3c55 100644
 --- a/system-preset/90-systemd.preset
 +++ b/system-preset/90-systemd.preset
@@ -9,6 +9,7 @@
 # generally follow a default-off policy.
 enable remote-fs.target
 +enable remote-cryptsetup.target
 enable machines.target
 enable getty@.service
 diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
 index 60943bd1cb..c306d521f7 100644
 --- a/units/remote-cryptsetup.target
 +++ b/units/remote-cryptsetup.target
@@ -8,3 +8,9 @@
 [Unit]
 Description=Remote Encrypted Volumes
 Documentation=man:systemd.special(7)
 +After=remote-cryptsetup-pre.target
 +DefaultDependencies=no
 +Conflicts=shutdown.target
 +
 +[Install]
 +WantedBy=multi-user.target
--- a/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
+++ b/0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
@ -0,0 +1,147 @@
 From a0dd209763f9e67054ee322a2dfd52bccf345c2e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Thu, 12 Oct 2017 22:34:54 +0200
 Subject: [PATCH] units: replace remote-cryptsetup-pre.target with
 remote-fs-pre.target
 remote-cryptsetup-pre.target was designed as an active unit (that pulls in
 network-online.target), the opposite of remote-fs-pre.target (a passive unit,
 with individual provider services ordering itself before it and pulling it in,
 for example iscsi.service and nfs-client.target).
 To make remote-cryptsetup-pre.target really work, those services should be
 ordered before it too. But this would require updates to all those services,
 not just changes from systemd side.
 But the requirements for remote-fs-pre.target and remote-cryptset-pre.target
 are fairly similar (e.g. iscsi devices can certainly be used for both), so
 let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses
 a bit of flexibility, but does away with the requirement for various provider
 services to know about remote-cryptsetup-pre.target.
 ---
 man/crypttab.xml                      |  2 +-
 man/systemd.special.xml               | 20 ++++----------------
 src/cryptsetup/cryptsetup-generator.c |  2 +-
 units/meson.build                     |  1 -
 units/remote-cryptsetup-pre.target    | 15 ---------------
 units/remote-cryptsetup.target        |  2 +-
 6 files changed, 7 insertions(+), 35 deletions(-)
 delete mode 100644 units/remote-cryptsetup-pre.target
 diff --git a/man/crypttab.xml b/man/crypttab.xml
 index ac7d55271c..caed04836e 100644
 --- a/man/crypttab.xml
 +++ b/man/crypttab.xml
@@ -198,7 +198,7 @@
         started after the network is available, similarly to
         <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
         units marked with <option>_netdev</option>. The service unit to set up this device
 -        will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
 +        will be ordered between <filename>remote-fs-pre.target</filename> and
         <filename>remote-cryptsetup.target</filename>, instead of
         <filename>cryptsetup-pre.target</filename> and
         <filename>cryptsetup.target</filename>.</para></listitem>
 diff --git a/man/systemd.special.xml b/man/systemd.special.xml
 index 69c24c3979..bb0c796377 100644
 --- a/man/systemd.special.xml
 +++ b/man/systemd.special.xml
@@ -81,7 +81,6 @@
     <filename>poweroff.target</filename>,
     <filename>printer.target</filename>,
     <filename>reboot.target</filename>,
 -    <filename>remote-cryptsetup-pre.target</filename>,
     <filename>remote-cryptsetup.target</filename>,
     <filename>remote-fs-pre.target</filename>,
     <filename>remote-fs.target</filename>,
@@ -494,18 +493,6 @@
           this target unit, for compatibility with SysV.</para>
         </listitem>
       </varlistentry>
 -      <varlistentry>
 -        <term><filename>remote-cryptsetup-pre.target</filename></term>
 -        <listitem>
 -          <para>This target unit is automatically ordered before all cryptsetup devices
 -          marked with the <option>_netdev</option>. It can be used to execute additional
 -          units before such devices are set up.</para>
 -
 -          <para>It is ordered after <filename>network.target</filename> and
 -          <filename>network-online.target</filename>, and also pulls the latter in as a
 -          <varname>Wants=</varname> dependency.</para>
 -        </listitem>
 -      </varlistentry>
       <varlistentry>
         <term><filename>remote-cryptsetup.target</filename></term>
         <listitem>
@@ -906,9 +893,10 @@
         <term><filename>remote-fs-pre.target</filename></term>
         <listitem>
           <para>This target unit is automatically ordered before all
 -          remote mount point units (see above). It can be used to run
 -          certain units before the remote mounts are established. Note
 -          that this unit is generally not part of the initial
 +          mount point units (see above) and cryptsetup devices
 +          marked with the <option>_netdev</option>. It can be used to run
 +          certain units before remote encrypted devices and mounts are established.
 +          Note that this unit is generally not part of the initial
           transaction, unless the unit that wants to be ordered before
           all remote mounts pulls it in via a
           <varname>Wants=</varname> type dependency. If the unit wants
 diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
 index 3752ca2ef2..040a1aa408 100644
 --- a/src/cryptsetup/cryptsetup-generator.c
 +++ b/src/cryptsetup/cryptsetup-generator.c
@@ -113,7 +113,7 @@ static int create_disk(
                 "Conflicts=umount.target\n"
                 "IgnoreOnIsolate=true\n"
                 "After=%s\n",
 -                netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
 +                netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
         if (!nofail)
                 fprintf(f,
 diff --git a/units/meson.build b/units/meson.build
 index 8494d23e9e..4e2ae3f302 100644
 --- a/units/meson.build
 +++ b/units/meson.build
@@ -48,7 +48,6 @@ units = [
         ['proc-sys-fs-binfmt_misc.mount',       'ENABLE_BINFMT'],
         ['reboot.target',                       '',
          'runlevel6.target ctrl-alt-del.target'],
 -        ['remote-cryptsetup-pre.target',        'HAVE_LIBCRYPTSETUP'],
         ['remote-cryptsetup.target',            'HAVE_LIBCRYPTSETUP',
          join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
         ['remote-fs-pre.target',                ''],
 diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
 deleted file mode 100644
 index a375e61889..0000000000
 --- a/units/remote-cryptsetup-pre.target
 +++ /dev/null
@@ -1,15 +0,0 @@
 -#  This file is part of systemd.
 -#
 -#  systemd is free software; you can redistribute it and/or modify it
 -#  under the terms of the GNU Lesser General Public License as published by
 -#  the Free Software Foundation; either version 2.1 of the License, or
 -#  (at your option) any later version.
 -
 -[Unit]
 -Description=Remote Encrypted Volumes (Pre)
 -Documentation=man:systemd.special(7)
 -RefuseManualStart=yes
 -Before=remote-cryptsetup.target
 -
 -After=network.target network-online.target
 -Wants=network-online.target
 diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
 index c306d521f7..d485b06726 100644
 --- a/units/remote-cryptsetup.target
 +++ b/units/remote-cryptsetup.target
@@ -8,7 +8,7 @@
 [Unit]
 Description=Remote Encrypted Volumes
 Documentation=man:systemd.special(7)
 -After=remote-cryptsetup-pre.target
 +After=remote-fs-pre.target
 DefaultDependencies=no
 Conflicts=shutdown.target
--- a/0005-man-add-a-note-about-_netdev-usage.patch
+++ b/0005-man-add-a-note-about-_netdev-usage.patch
@ -0,0 +1,39 @@
 From 288c26165e0ff71857394f360f42432bc808556f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Thu, 12 Oct 2017 22:43:58 +0200
 Subject: [PATCH] man: add a note about _netdev usage
 ---
 man/crypttab.xml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
 diff --git a/man/crypttab.xml b/man/crypttab.xml
 index caed04836e..3aebd7ea90 100644
 --- a/man/crypttab.xml
 +++ b/man/crypttab.xml
@@ -201,7 +201,16 @@
         will be ordered between <filename>remote-fs-pre.target</filename> and
         <filename>remote-cryptsetup.target</filename>, instead of
         <filename>cryptsetup-pre.target</filename> and
 -        <filename>cryptsetup.target</filename>.</para></listitem>
 +        <filename>cryptsetup.target</filename>.</para>
 +
 +        <para>Hint: if this device is used for a mount point that is specified in
 +        <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
 +        the <option>_netdev</option> option should also be used for the mount
 +        point. Otherwise, a dependency loop might be created where the mount point
 +        will be pulled in by <filename>local-fs.target</filename>, while the
 +        service to configure the network is usually only started <emphasis>after</emphasis>
 +        the local file system has been mounted.</para>
 +        </listitem>
       </varlistentry>
       <varlistentry>
@@ -433,6 +442,7 @@ hidden     /mnt/tc_hidden  /dev/null    tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
 +      <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
       <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
--- a/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch
+++ b/0006-units-make-remote-cryptsetup.target-also-after-crypt.patch
@ -0,0 +1,25 @@
 From a0e030f53bad355be1084a0475eb30aae20e3e43 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 18 Oct 2017 15:14:46 +0200
 Subject: [PATCH] units: make remote-cryptsetup.target also after
 cryptsetup-pre.target
 This way people can order units before cryptsetup-pre.target and
 have them run before any cryptsetup-related stuff.
 ---
 units/remote-cryptsetup.target | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
 index d485b06726..ac4e1b71db 100644
 --- a/units/remote-cryptsetup.target
 +++ b/units/remote-cryptsetup.target
@@ -8,7 +8,7 @@
 [Unit]
 Description=Remote Encrypted Volumes
 Documentation=man:systemd.special(7)
 -After=remote-fs-pre.target
 +After=remote-fs-pre.target cryptsetup-pre.target
 DefaultDependencies=no
 Conflicts=shutdown.target
--- a/systemd.spec
+++ b/systemd.spec
@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        235
-Release:        1%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        2%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@ -48,6 +48,10 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 Patch0001:      0001-po-update-Polish-translation-7015.patch
 Patch0002:      0002-tests-skip-tests-when-cg_pid_get_path-fails.patch
 Patch0003:  	0003-units-add-Install-section-to-remote-cryptsetup.targe.patch
 Patch0004:  	0004-units-replace-remote-cryptsetup-pre.target-with-remo.patch
 Patch0005:  	0005-man-add-a-note-about-_netdev-usage.patch
 Patch0006:  	0006-units-make-remote-cryptsetup.target-also-after-crypt.patch
 Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
@ -1031,6 +1035,9 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou
 %{pkgdir}/tests
 %changelog
 * Wed Oct 18 2017 zbyszek <zbyszek@in.waw.pl> - 235-2
 - Patches for cryptsetup _netdev
 * Fri Oct  6 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 235-1
 - Update to latest version