imds-generator: replace static Condition=initrd by a check in the generator

After looking at the unit, I'm not sure if systemd-imds-import.service
is supposed to run in the host system or not. But if it is supposed to
only run in the initrd, then the static condition in the unit file gives
as the worst behaviour: the generator does not do any checks if we are
in the initrd or not, and if it enabled the unit, it'll influence the
transaction ordering (possibly causing loops or additional work) and
then the unit will be unconditionally skipped. So replace the static
condition by a check in the generator. If the user specifies
systemd.imds.import on the commandline, it'll be honoured also in the
host.

diff --git a/src/imds/imds-generator.c b/src/imds/imds-generator.c
index 42399783faac5349c6a95ec4e9bd75c3c2d6de10..854877d40ed28f6b1e2ac3e331249af65a44276c 100644 (file)
--- a/src/imds/imds-generator.c
+++ b/src/imds/imds-generator.c
@@ -6,6 +6,7 @@
 #include "fileio.h"
 #include "generator.h"
 #include "imds-util.h"
+#include "initrd-util.h"
 #include "log.h"
 #include "parse-util.h"
 #include "proc-cmdline.h"
@@ -13,8 +14,8 @@
 #include "string-util.h"
 #include "virt.h"
 
-static int arg_enabled = -1;           /* Whether we shall offer local IMDS APIs */
-static bool arg_import = true;         /* Whether we shall import IMDS credentials, SSH keys, … into the local system */
+static int arg_enabled = -1;  /* Whether we shall offer local IMDS APIs */
+static int arg_import = -1;   /* Whether we shall import IMDS credentials, SSH keys, … into the local system */
 static ImdsNetworkMode arg_network_mode = IMDS_NETWORK_DEFAULT;
 
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
@@ -179,8 +180,10 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
         if (r < 0)
                 return log_error_errno(r, "Failed to hook DMI id device before systemd-imdsd@.service: %m");
 
-        if (arg_import) {
-                /* Enable that we import IMDS data */
+        if (arg_import < 0)
+                arg_import = in_initrd();
+        if (arg_import > 0) {
+                /* Enable the import of IMDS data */
                 r = generator_add_symlink(dest_early, SPECIAL_SYSINIT_TARGET, "wants", SYSTEM_DATA_UNIT_DIR "/systemd-imds-import.service");
                 if (r < 0)
                         return log_error_errno(r, "Failed to hook in systemd-imds-import.service: %m");

diff --git a/units/systemd-imds-import.service.in b/units/systemd-imds-import.service.in
index 24eee236b8ee7a9ec1efeebebe2e2caa954b065c..d27e59778f2c176f8f857bf5dcfea6f052c498d7 100644 (file)
--- a/units/systemd-imds-import.service.in
+++ b/units/systemd-imds-import.service.in
@@ -19,8 +19,6 @@ Before=sysinit.target systemd-firstboot.service
 Conflicts=shutdown.target
 Before=shutdown.target
 
-ConditionPathExists=/etc/initrd-release
-
 [Service]
 Type=oneshot
 RemainAfterExit=yes