]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 678bd12)
units: Order pcrlock services after systemd-remounts-fs.service
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Fri, 26 Jan 2024 10:29:35 +0000 (11:29 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Fri, 26 Jan 2024 21:15:59 +0000 (21:15 +0000)
These write to /var and as such need to wait until after the rootfs
has been remounted read-write.

units/systemd-pcrlock-file-system.service.in patch | blob | blame | history
units/systemd-pcrlock-firmware-code.service.in patch | blob | blame | history
units/systemd-pcrlock-firmware-config.service.in patch | blob | blame | history
units/systemd-pcrlock-machine-id.service.in patch | blob | blame | history
units/systemd-pcrlock-make-policy.service.in patch | blob | blame | history
units/systemd-pcrlock-secureboot-authority.service.in patch | blob | blame | history
units/systemd-pcrlock-secureboot-policy.service.in patch | blob | blame | history

diff --git a/units/systemd-pcrlock-file-system.service.in b/units/systemd-pcrlock-file-system.service.in
index d68a42e09a6d678169b01725cd39790d4008107e..dd0d358793fa88d8b991deb3d18b1dc5a5c00cf7 100644 (file)
--- a/units/systemd-pcrlock-file-system.service.in
+++ b/units/systemd-pcrlock-file-system.service.in
@@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
 Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
+After=systemd-remount-fs.service var.mount
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
 
diff --git a/units/systemd-pcrlock-firmware-code.service.in b/units/systemd-pcrlock-firmware-code.service.in
index a24f2ba015ff198fda4e857bc69837e91d82ea14..b2716713939306631b763ca25d01220331b52429 100644 (file)
--- a/units/systemd-pcrlock-firmware-code.service.in
+++ b/units/systemd-pcrlock-firmware-code.service.in
@@ -12,7 +12,7 @@ Description=Lock Firmware Code to TPM2 PCR Policy
 Documentation=man:systemd-pcrlock(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
-After=systemd-tpm2-setup.service
+After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount
 Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
diff --git a/units/systemd-pcrlock-firmware-config.service.in b/units/systemd-pcrlock-firmware-config.service.in
index 64e63f86a68ce615ecef12d7afc388706b1ad1bd..8440f5982b9c86368c3f80768121cef330f9ba71 100644 (file)
--- a/units/systemd-pcrlock-firmware-config.service.in
+++ b/units/systemd-pcrlock-firmware-config.service.in
@@ -12,7 +12,7 @@ Description=Lock Firmware Configuration to TPM2 PCR Policy
 Documentation=man:systemd-pcrlock(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
-After=systemd-tpm2-setup.service
+After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount
 Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
diff --git a/units/systemd-pcrlock-machine-id.service.in b/units/systemd-pcrlock-machine-id.service.in
index 0ff22c586e37a76e622e357c19286ea87a3a8ac4..16c6a99251f983a03a9c10c07b6265eefe4e89f1 100644 (file)
--- a/units/systemd-pcrlock-machine-id.service.in
+++ b/units/systemd-pcrlock-machine-id.service.in
@@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
 Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
+After=systemd-remount-fs.service var.mount
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
 
diff --git a/units/systemd-pcrlock-make-policy.service.in b/units/systemd-pcrlock-make-policy.service.in
index 4127cc7c6147a7fa2a65e0bdf4ef5a8032c346cc..444e1e49f11c10b8d2141cbfe7d8b6e111a9c767 100644 (file)
--- a/units/systemd-pcrlock-make-policy.service.in
+++ b/units/systemd-pcrlock-make-policy.service.in
@@ -14,6 +14,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-tpm2-setup.service
 Before=sysinit.target shutdown.target
+After=systemd-remount-fs.service var.mount
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
 
diff --git a/units/systemd-pcrlock-secureboot-authority.service.in b/units/systemd-pcrlock-secureboot-authority.service.in
index a8d55bad3c085caa91df19d06965497d02bb67a8..d5c722cf311880504172d02299004e1e28742a3b 100644 (file)
--- a/units/systemd-pcrlock-secureboot-authority.service.in
+++ b/units/systemd-pcrlock-secureboot-authority.service.in
@@ -14,6 +14,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-tpm2-setup.service
 Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
+After=systemd-remount-fs.service var.mount
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
 
diff --git a/units/systemd-pcrlock-secureboot-policy.service.in b/units/systemd-pcrlock-secureboot-policy.service.in
index 10e603c1b6cdf3a7c75d49a2d103b44c6a333a23..fc50e17aaa5006fc99dfaa0a7938f0bc3c52f4d7 100644 (file)
--- a/units/systemd-pcrlock-secureboot-policy.service.in
+++ b/units/systemd-pcrlock-secureboot-policy.service.in
@@ -14,6 +14,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-tpm2-setup.service
 Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
+After=systemd-remount-fs.service var.mount
 ConditionPathExists=!/etc/initrd-release
 ConditionSecurity=measured-uki
 
Unnamed repository; edit this file 'description' to name the repository.