repart: Restore early generation of fstab/crypttab

Commit 15b1c33 ("repart: Generate fstab and crypttab late") moved
fstab/crypttab generation to the late stage but this introduced a regression:
it may be necessary to include fstab and crypttab into the generated partition
(e.g. with CopyFiles=). This is incompatible with 'fixate-volume-key' option as
it is impossible to capture LUKS volume key before it gets created but all the
rest should work fine.

Generate crypttab twice: early and late to capture possible changes. There's no
need to do the same for fstab for now, so keep the status quo.

diff --git a/man/repart.d.xml b/man/repart.d.xml
index 5cdf2b0f34689a0d4f07c42c29fbe45a60eee4bf..66faa8c057a7e2703b0ea879b2182bf84600ee67 100644 (file)
--- a/man/repart.d.xml
+++ b/man/repart.d.xml
@@ -884,7 +884,9 @@
         </para>
 
         <para>Note that this setting is only taken into account when <option>--generate-crypttab=</option>
-        is specified on the <command>systemd-repart</command> command line.</para>
+        is specified on the <command>systemd-repart</command> command line. As the crypttab with the expected
+        hashes can only be generated after LUKS volumes are formatted, the crypttab itself cannot be put to
+        the generated volume.</para>
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>

diff --git a/src/repart/repart.c b/src/repart/repart.c
index a3e17cc294b2599344b6d1eb93e56b0861273f2e..b3ecb62e93e320a4fdb5cc6ada21cf8961fdf7e9 100644 (file)
--- a/src/repart/repart.c
+++ b/src/repart/repart.c
@@ -8501,7 +8501,7 @@ static bool need_crypttab(Context *context) {
         return false;
 }
 
-static int context_crypttab(Context *context) {
+static int context_crypttab(Context *context, bool late) {
         _cleanup_(unlink_and_freep) char *t = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_free_ char *path = NULL;
@@ -8544,7 +8544,7 @@ static int context_crypttab(Context *context) {
                         strempty(p->encrypted_volume->options));
         }
 
-        r = flink_tmpfile(f, t, path, 0);
+        r = flink_tmpfile(f, t, path, late ? LINK_TMPFILE_REPLACE : 0);
         if (r < 0)
                 return log_error_errno(r, "Failed to link temporary file to %s: %m", path);
 
@@ -10755,6 +10755,14 @@ static int run(int argc, char *argv[]) {
         if (r < 0)
                 return r;
 
+        r = context_fstab(context);
+        if (r < 0)
+                return r;
+
+        r = context_crypttab(context, /* late= */ false);
+        if (r < 0)
+                return r;
+
         r = context_update_verity_size(context);
         if (r < 0)
                 return r;
@@ -10810,11 +10818,7 @@ static int run(int argc, char *argv[]) {
         if (r < 0)
                 return r;
 
-        r = context_fstab(context);
-        if (r < 0)
-                return r;
-
-        r = context_crypttab(context);
+        r = context_crypttab(context, /* late= */ true);
         if (r < 0)
                 return r;