From c621879e35a681e816903779217515b79790685f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 May 2026 10:15:26 +0200 Subject: [PATCH] imds-generator: replace static Condition=initrd by a check in the generator After looking at the unit, I'm not sure if systemd-imds-import.service is supposed to run in the host system or not. But if it is supposed to only run in the initrd, then the static condition in the unit file gives as the worst behaviour: the generator does not do any checks if we are in the initrd or not, and if it enabled the unit, it'll influence the transaction ordering (possibly causing loops or additional work) and then the unit will be unconditionally skipped. So replace the static condition by a check in the generator. If the user specifies systemd.imds.import on the commandline, it'll be honoured also in the host. --- src/imds/imds-generator.c | 11 +++++++---- units/systemd-imds-import.service.in | 2 -- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/imds/imds-generator.c b/src/imds/imds-generator.c index 42399783faa..854877d40ed 100644 --- a/src/imds/imds-generator.c +++ b/src/imds/imds-generator.c @@ -6,6 +6,7 @@ #include "fileio.h" #include "generator.h" #include "imds-util.h" +#include "initrd-util.h" #include "log.h" #include "parse-util.h" #include "proc-cmdline.h" @@ -13,8 +14,8 @@ #include "string-util.h" #include "virt.h" -static int arg_enabled = -1; /* Whether we shall offer local IMDS APIs */ -static bool arg_import = true; /* Whether we shall import IMDS credentials, SSH keys, … into the local system */ +static int arg_enabled = -1; /* Whether we shall offer local IMDS APIs */ +static int arg_import = -1; /* Whether we shall import IMDS credentials, SSH keys, … into the local system */ static ImdsNetworkMode arg_network_mode = IMDS_NETWORK_DEFAULT; static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { @@ -179,8 +180,10 @@ static int run(const char *dest, const char *dest_early, const char *dest_late) if (r < 0) return log_error_errno(r, "Failed to hook DMI id device before systemd-imdsd@.service: %m"); - if (arg_import) { - /* Enable that we import IMDS data */ + if (arg_import < 0) + arg_import = in_initrd(); + if (arg_import > 0) { + /* Enable the import of IMDS data */ r = generator_add_symlink(dest_early, SPECIAL_SYSINIT_TARGET, "wants", SYSTEM_DATA_UNIT_DIR "/systemd-imds-import.service"); if (r < 0) return log_error_errno(r, "Failed to hook in systemd-imds-import.service: %m"); diff --git a/units/systemd-imds-import.service.in b/units/systemd-imds-import.service.in index 24eee236b8e..d27e59778f2 100644 --- a/units/systemd-imds-import.service.in +++ b/units/systemd-imds-import.service.in @@ -19,8 +19,6 @@ Before=sysinit.target systemd-firstboot.service Conflicts=shutdown.target Before=shutdown.target -ConditionPathExists=/etc/initrd-release - [Service] Type=oneshot RemainAfterExit=yes -- 2.47.3