From d5816b6138be788f3d3ea72359bb28dc239c3235 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 27 Oct 2020 10:49:11 +0100 Subject: [PATCH 1/3] meson: simplify with_runlevels ternany op usage --- units/meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/units/meson.build b/units/meson.build index a55e717868..670f366b92 100644 --- a/units/meson.build +++ b/units/meson.build @@ -22,7 +22,7 @@ units = [ 'multi-user.target.wants/'], ['getty-pre.target', ''], ['graphical.target', '', - (with_runlevels ? 'runlevel5.target default.target' : 'default.target')], + 'default.target' + (with_runlevels ? ' runlevel5.target' : '')], ['halt.target', ''], ['hibernate.target', 'ENABLE_HIBERNATE'], ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], @@ -61,7 +61,7 @@ units = [ 'sysinit.target.wants/'], ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], ['reboot.target', '', - (with_runlevels ? 'runlevel6.target ctrl-alt-del.target' : 'ctrl-alt-del.target')], + 'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')], ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP'], ['remote-fs-pre.target', ''], ['remote-fs.target', ''], From 6bdcb72086b681a0d42521169fdadb65ef2ac539 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 27 Oct 2020 13:26:01 +0100 Subject: [PATCH 2/3] Revert "units: add initrd-cryptsetup.target" This reverts commit 6c5496c492a8d74e54d22bf8824160cab1e63c10. sysinit.target is shared between the initrd and the host system. Pulling in initrd-cryptsetup.target into sysinit.target causes the following warning at boot: Oct 27 10:42:30 workstation-uefi systemd[1]: initrd-cryptsetup.target: Starting requested but asserts failed. Oct 27 10:42:30 workstation-uefi systemd[1]: Assertion failed for initrd-cryptsetup.target. --- man/systemd.special.xml | 21 ++++----------------- src/cryptsetup/cryptsetup-generator.c | 15 +++++---------- units/initrd-cryptsetup.target | 17 ----------------- units/meson.build | 2 -- 4 files changed, 9 insertions(+), 46 deletions(-) delete mode 100644 units/initrd-cryptsetup.target diff --git a/man/systemd.special.xml b/man/systemd.special.xml index fe40da7fbe..1434ead7d5 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -41,7 +41,6 @@ hybrid-sleep.target, suspend-then-hibernate.target, initrd.target, - initrd-cryptsetup.target, initrd-fs.target, initrd-root-device.target, initrd-root-fs.target, @@ -183,10 +182,8 @@ cryptsetup.target - A target that pulls in setup services for local encrypted block devices. - See remote-cryptsetup.target below for the equivalent target for remote - volumes, and initrd-cryptsetup.target below for the equivalent target in the - initrd. + A target that pulls in setup services for all + encrypted block devices. @@ -355,20 +352,12 @@ initrd.target - This is the default target in the initrd, similar to default.target + This is the default target in the initramfs, similar to default.target in the main system. It is used to mount the real root and transition to it. See bootup7 for more discussion. - - initrd-cryptsetup.target - - A target that pulls in setup services for all encrypted block devices. See - cryptsetup.target and remote-cryptsetup.target for the - equivalent targets in the real root. - - initrd-fs.target @@ -560,9 +549,7 @@ Similar to cryptsetup.target, but for encrypted devices which are accessed over the network. It is used for crypttab8 - entries marked with . - See cryptsetup.target for the equivalent target for local volumes, and - initrd-cryptsetup.target for the equivalent target in the initrd. + entries marked with . diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 13e9f3aedd..df589ec3e4 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -455,16 +455,10 @@ static int create_disk( } } - const char *target; - if (in_initrd()) - target = "initrd-cryptsetup.target"; - else if (netdev) - target = "remote-cryptsetup.target"; - else - target = "cryptsetup.target"; - if (!nofail) - fprintf(f, "Before=%s\n", target); + fprintf(f, + "Before=%s\n", + netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); if (password && !keydev) { r = print_dependencies(f, password); @@ -527,7 +521,8 @@ static int create_disk( return log_error_errno(r, "Failed to write unit file %s: %m", n); if (!noauto) { - r = generator_add_symlink(arg_dest, target, + r = generator_add_symlink(arg_dest, + netdev ? "remote-cryptsetup.target" : "cryptsetup.target", nofail ? "wants" : "requires", n); if (r < 0) return r; diff --git a/units/initrd-cryptsetup.target b/units/initrd-cryptsetup.target deleted file mode 100644 index 2a2938c895..0000000000 --- a/units/initrd-cryptsetup.target +++ /dev/null @@ -1,17 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1+ -# -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -[Unit] -Description=Initrd Encrypted Volumes -Documentation=man:systemd.special(7) -OnFailure=emergency.target -OnFailureJobMode=replace-irreversibly -AssertPathExists=/etc/initrd-release -DefaultDependencies=no -Conflicts=shutdown.target diff --git a/units/meson.build b/units/meson.build index 670f366b92..a8c52e96a7 100644 --- a/units/meson.build +++ b/units/meson.build @@ -28,8 +28,6 @@ units = [ ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], ['suspend-then-hibernate.target', 'ENABLE_HIBERNATE'], ['initrd-cleanup.service', 'ENABLE_INITRD'], - ['initrd-cryptsetup.target', 'HAVE_LIBCRYPTSETUP ENABLE_INITRD', - 'sysinit.target.wants/'], ['initrd-fs.target', 'ENABLE_INITRD'], ['initrd-parse-etc.service', 'ENABLE_INITRD'], ['initrd-root-device.target', 'ENABLE_INITRD'], From e921ebb57e0bc823ac167801cb5dd5f119f5d585 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 27 Oct 2020 13:29:38 +0100 Subject: [PATCH 3/3] units: unconditionally pull in remote-cryptsetup.target in the initramfs [zjs: Replaces #17149. I took half of the patch in https://github.com/systemd/systemd/pull/17149#issuecomment-698399194, hence I'm keeping Jonathan's authorship. The original reasoning for 6c5496c492a8d74e54d22bf8824160cab1e63c10 was that we enable remote-cryptsetup.target via presets, and since presets are not used for the initrd, we need a different target. But since parts of the unit and target tree are shared between the initramfs and the main system, we can't just create a separate target for the initramfs. All the targets that depend on this one would need to be split also. That condition is true for initrd-fs.target, but not for sysinit.target. So let's instead just uncoditionally pull in remote-cryptsetup.target in the initramfs. It should normally be empty, so there should be no impact on boots that don't have units in the target. Jonathan's patch used initrd-root-fs.target, this version instead uses initrd-root-device.target. initrd-root-device.target is ordered before sysroot.mount, which means that the decrypted devices will be available earlier too.] --- units/meson.build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/units/meson.build b/units/meson.build index a8c52e96a7..2f09590736 100644 --- a/units/meson.build +++ b/units/meson.build @@ -60,7 +60,8 @@ units = [ ['proc-sys-fs-binfmt_misc.mount', 'ENABLE_BINFMT'], ['reboot.target', '', 'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')], - ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP'], + ['remote-cryptsetup.target', 'HAVE_LIBCRYPTSETUP', + 'initrd-root-device.target.wants/'], ['remote-fs-pre.target', ''], ['remote-fs.target', ''], ['rescue.target', '',