Merge pull request #7078 from keszybz/cryptsetup-netdev-fixes

Cryptsetup _netdev fixes

diff --git a/man/crypttab.xml b/man/crypttab.xml
index ac7d55271cadb86e44bdf2664fbe426ab7a2e4b4..3aebd7ea9025eeb5df24cb3f69ff7ec395c7a6e8 100644 (file)
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -198,10 +198,19 @@
         started after the network is available, similarly to
         <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
         units marked with <option>_netdev</option>. The service unit to set up this device
-        will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+        will be ordered between <filename>remote-fs-pre.target</filename> and
         <filename>remote-cryptsetup.target</filename>, instead of
         <filename>cryptsetup-pre.target</filename> and
-        <filename>cryptsetup.target</filename>.</para></listitem>
+        <filename>cryptsetup.target</filename>.</para>
+
+        <para>Hint: if this device is used for a mount point that is specified in
+        <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+        the <option>_netdev</option> option should also be used for the mount
+        point. Otherwise, a dependency loop might be created where the mount point
+        will be pulled in by <filename>local-fs.target</filename>, while the
+        service to configure the network is usually only started <emphasis>after</emphasis>
+        the local file system has been mounted.</para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
@@ -433,6 +442,7 @@ hidden     /mnt/tc_hidden  /dev/null    tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
       <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>

diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 69c24c3979feb1f1d5d97b2e5124b4e33073d8dd..bb0c79637738f968ffedb395015cbfecc2b703c6 100644 (file)
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -81,7 +81,6 @@
     <filename>poweroff.target</filename>,
     <filename>printer.target</filename>,
     <filename>reboot.target</filename>,
-    <filename>remote-cryptsetup-pre.target</filename>,
     <filename>remote-cryptsetup.target</filename>,
     <filename>remote-fs-pre.target</filename>,
     <filename>remote-fs.target</filename>,
@@ -494,18 +493,6 @@
           this target unit, for compatibility with SysV.</para>
         </listitem>
       </varlistentry>
-      <varlistentry>
-        <term><filename>remote-cryptsetup-pre.target</filename></term>
-        <listitem>
-          <para>This target unit is automatically ordered before all cryptsetup devices
-          marked with the <option>_netdev</option>. It can be used to execute additional
-          units before such devices are set up.</para>
-
-          <para>It is ordered after <filename>network.target</filename> and
-          <filename>network-online.target</filename>, and also pulls the latter in as a
-          <varname>Wants=</varname> dependency.</para>
-        </listitem>
-      </varlistentry>
       <varlistentry>
         <term><filename>remote-cryptsetup.target</filename></term>
         <listitem>
@@ -906,9 +893,10 @@
         <term><filename>remote-fs-pre.target</filename></term>
         <listitem>
           <para>This target unit is automatically ordered before all
-          remote mount point units (see above). It can be used to run
-          certain units before the remote mounts are established. Note
-          that this unit is generally not part of the initial
+          mount point units (see above) and cryptsetup devices
+          marked with the <option>_netdev</option>. It can be used to run
+          certain units before remote encrypted devices and mounts are established.
+          Note that this unit is generally not part of the initial
           transaction, unless the unit that wants to be ordered before
           all remote mounts pulls it in via a
           <varname>Wants=</varname> type dependency. If the unit wants

diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 3752ca2ef2e1fc720383aec1194d9696ecea4fae..040a1aa4084b4dbdeff1a0adf4860e3ab210ce36 100644 (file)
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -113,7 +113,7 @@ static int create_disk(
                 "Conflicts=umount.target\n"
                 "IgnoreOnIsolate=true\n"
                 "After=%s\n",
-                netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
+                netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
 
         if (!nofail)
                 fprintf(f,

diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset
index 3ba4bb760df9a73b143e30407e1429666110a2bb..98bc4c3c55ad834b10b3ad76981e1ef27351e62f 100644 (file)
--- a/system-preset/90-systemd.preset
+++ b/system-preset/90-systemd.preset
@@ -9,6 +9,7 @@
 # generally follow a default-off policy.
 
 enable remote-fs.target
+enable remote-cryptsetup.target
 enable machines.target
 
 enable getty@.service

diff --git a/units/meson.build b/units/meson.build
index 8494d23e9e4058c2d8ef8dcfc9aee0a3b314bf16..4e2ae3f302198cc89d1a639427d449bec7bd31fc 100644 (file)
--- a/units/meson.build
+++ b/units/meson.build
@@ -48,7 +48,6 @@ units = [
         ['proc-sys-fs-binfmt_misc.mount',       'ENABLE_BINFMT'],
         ['reboot.target',                       '',
          'runlevel6.target ctrl-alt-del.target'],
-        ['remote-cryptsetup-pre.target',        'HAVE_LIBCRYPTSETUP'],
         ['remote-cryptsetup.target',            'HAVE_LIBCRYPTSETUP',
          join_paths(pkgsysconfdir, 'system/multi-user.target.wants/')],
         ['remote-fs-pre.target',                ''],

diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target
deleted file mode 100644 (file)
index a375e61..0000000
--- a/units/remote-cryptsetup-pre.target
+++ /dev/null
@@ -1,15 +0,0 @@
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-[Unit]
-Description=Remote Encrypted Volumes (Pre)
-Documentation=man:systemd.special(7)
-RefuseManualStart=yes
-Before=remote-cryptsetup.target
-
-After=network.target network-online.target
-Wants=network-online.target

diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target
index 60943bd1cbc1bc06220d6567593b2da296b3bcc5..ac4e1b71db5229cc3e0831e813cd870ec3e627ee 100644 (file)
--- a/units/remote-cryptsetup.target
+++ b/units/remote-cryptsetup.target
@@ -8,3 +8,9 @@
 [Unit]
 Description=Remote Encrypted Volumes
 Documentation=man:systemd.special(7)
+After=remote-fs-pre.target cryptsetup-pre.target
+DefaultDependencies=no
+Conflicts=shutdown.target
+
+[Install]
+WantedBy=multi-user.target