<term><option>keyfile-timeout=</option></term>
<listitem><para> Specifies the timeout for the device on
- which the key file resides and falls back to a password if
- it could not be mounted. See
+ which the key file resides or the device used as the key file,
+ and falls back to a password if it could not be accessed. See
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for key files on external devices.
</para></listitem>
return 0;
}
-static int print_dependencies(FILE *f, const char* device_path) {
+static int print_dependencies(FILE *f, const char* device_path, const char* timeout_value, bool canfail) {
int r;
+ assert(!canfail || timeout_value);
+
if (STR_IN_SET(device_path, "-", "none"))
/* None, nothing to do */
return 0;
if (r < 0)
return log_error_errno(r, "Failed to generate unit name: %m");
- fprintf(f,
- "After=%1$s\n"
- "Requires=%1$s\n", unit);
+ fprintf(f, "After=%1$s\n", unit);
+ if (canfail) {
+ fprintf(f, "Wants=%1$s\n", unit);
+ r = write_drop_in_format(arg_dest, unit, 90, "device-timeout",
+ "# Automatically generated by systemd-cryptsetup-generator \n\n"
+ "[Unit]\nJobRunningTimeoutSec=%s", timeout_value);
+ if (r < 0)
+ return log_error_errno(r, "Failed to write device drop-in: %m");
+ } else
+ fprintf(f, "Requires=%1$s\n", unit);
} else {
/* Regular file, add mount dependency */
_cleanup_free_ char *escaped_path = specifier_escape(device_path);
netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
if (key_file && !keydev) {
- r = print_dependencies(f, key_file);
+ r = print_dependencies(f, key_file,
+ keyfile_timeout_value,
+ /* canfail= */ keyfile_can_timeout > 0);
if (r < 0)
return r;
}
/* Check if a header option was specified */
if (detached_header > 0 && !headerdev) {
- r = print_dependencies(f, header_path);
+ r = print_dependencies(f, header_path,
+ NULL,
+ /* canfail= */ false); /* header is always necessary */
if (r < 0)
return r;
}