[systemd-commits] 4 commits - src/core src/cryptsetup TODO
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Sun Mar 31 21:40:02 PDT 2013
TODO | 3 --
src/core/snapshot.c | 1
src/core/socket.c | 6 ++---
src/cryptsetup/cryptsetup-generator.c | 37 +++++++++++++++++++++++-----------
4 files changed, 30 insertions(+), 17 deletions(-)
New commits:
commit ceca950145f35f06938acba62af0c678f896e87d
Author: Thomas Weißschuh <thomas at t-8ch.de>
Date: Fri Mar 29 22:01:12 2013 +0000
cryptsetup: add RequiresMountsFor for keyfile
This ensures that the keyfile is available during the opening of the encrypted
device.
Also dropped the explicit ordering Before=local-fs.target, as the containers
are ordered implicitly by their content.
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index a8c856f..6b9bc55 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -118,12 +118,17 @@ static int create_disk(
fprintf(f,
"Before=cryptsetup.target\n");
- if (password && (streq(password, "/dev/urandom") ||
- streq(password, "/dev/random") ||
- streq(password, "/dev/hw_random")))
- fputs("After=systemd-random-seed-load.service\n", f);
- else
- fputs("Before=local-fs.target\n", f);
+ if (password) {
+ if (streq(password, "/dev/urandom") ||
+ streq(password, "/dev/random") ||
+ streq(password, "/dev/hw_random"))
+ fputs("After=systemd-random-seed-load.service\n", f);
+ else if (!streq(password, "-") &&
+ !streq(password, "none"))
+ fprintf(f,
+ "RequiresMountsFor=%s\n",
+ password);
+ }
if (is_device_path(u))
fprintf(f,
commit 9ece938a676eb80a9d6834c1957b85b884419f8b
Author: Thomas Weißschuh <thomas at t-8ch.de>
Date: Fri Mar 29 22:01:11 2013 +0000
cryptsetup: RequiresMountsFor if source is a file
Fixes: https://bugzilla.novell.com/show_bug.cgi?id=730496
https://bugs.freedesktop.org/show_bug.cgi?id=60821
diff --git a/TODO b/TODO
index 22caac4..5009653 100644
--- a/TODO
+++ b/TODO
@@ -365,7 +365,6 @@ Features:
* cryptsetup:
- cryptsetup-generator: warn if the password files are world-readable
- - cryptsetup-generator: add RequiresMountsFor= to cryptseup service files referencing a file, similar for devices
- cryptsetup-generator: allow specification of passwords in crypttab itself
- move cryptsetup key caching into kernel keyctl?
https://bugs.freedesktop.org/show_bug.cgi?id=54982
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 8959bf5..a8c856f 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -102,18 +102,17 @@ static int create_disk(
return -errno;
}
- fprintf(f,
+ fputs(
"# Automatically generated by systemd-cryptsetup-generator\n\n"
"[Unit]\n"
- "Description=Cryptography Setup for %%I\n"
+ "Description=Cryptography Setup for %I\n"
"Documentation=man:systemd-cryptsetup at .service(8) man:crypttab(5)\n"
"SourcePath=/etc/crypttab\n"
"Conflicts=umount.target\n"
"DefaultDependencies=no\n"
- "BindsTo=%s dev-mapper-%%i.device\n"
- "After=systemd-readahead-collect.service systemd-readahead-replay.service %s\n"
- "Before=umount.target\n",
- d, d);
+ "BindsTo=dev-mapper-%i.device\n"
+ "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
+ f);
if (!nofail)
fprintf(f,
@@ -126,6 +125,17 @@ static int create_disk(
else
fputs("Before=local-fs.target\n", f);
+ if (is_device_path(u))
+ fprintf(f,
+ "BindsTo=%s\n"
+ "After=%s\n"
+ "Before=umount.target\n",
+ d, d);
+ else
+ fprintf(f,
+ "RequiresMountsFor=%s\n",
+ u);
+
fprintf(f,
"\n[Service]\n"
"Type=oneshot\n"
commit d7607eac6318ae8ff1c00ef5705fd55a614cd495
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sun Mar 31 22:44:45 2013 -0400
core/socket: log errors when starting socket for this socket
When showing an error like 'Socket service not loaded', the
error won't show up in the status for the socket, unless it is
marked as SYSTEMD_UNIT=*.socket. Marking it as SYSTEMD_UNIT=*.service,
when the service is non-existent, is not useful.
diff --git a/src/core/socket.c b/src/core/socket.c
index 31f4bf4..d6d531d 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1634,7 +1634,7 @@ static int socket_start(Unit *u) {
service = SERVICE(UNIT_DEREF(s->service));
if (UNIT(service)->load_state != UNIT_LOADED) {
- log_error_unit(UNIT(service)->id,
+ log_error_unit(u->id,
"Socket service %s not loaded, refusing.",
UNIT(service)->id);
return -ENOENT;
@@ -1645,7 +1645,7 @@ static int socket_start(Unit *u) {
if (service->state != SERVICE_DEAD &&
service->state != SERVICE_FAILED &&
service->state != SERVICE_AUTO_RESTART) {
- log_error_unit(UNIT(service)->id,
+ log_error_unit(u->id,
"Socket service %s already active, refusing.",
UNIT(service)->id);
return -EBUSY;
@@ -1653,7 +1653,7 @@ static int socket_start(Unit *u) {
#ifdef HAVE_SYSV_COMPAT
if (service->is_sysv) {
- log_error_unit(UNIT(s)->id,
+ log_error_unit(u->id,
"Using SysV services for socket activation is not supported. Refusing.");
return -ENOENT;
}
commit aa7c3195f220968907c616e0278e3bebe6eaafbd
Author: Oleksii Shevchuk <alxchk at gmail.com>
Date: Sun Mar 31 14:40:04 2013 +0300
Add AllowIsolate=yes to snapshots
diff --git a/TODO b/TODO
index 40a9914..22caac4 100644
--- a/TODO
+++ b/TODO
@@ -52,8 +52,6 @@ Fedora 19:
Features:
-* snapshots really should be isolatable, but currently aren't.
-
* seems that when we follow symlinks to units we prefer the symlink
destination path over /etc and /usr. We shouldn't do that. Instead
/etc should always override /run+/usr and also any symlink
diff --git a/src/core/snapshot.c b/src/core/snapshot.c
index 5c2a319..a3f5e90 100644
--- a/src/core/snapshot.c
+++ b/src/core/snapshot.c
@@ -256,6 +256,7 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
}
SNAPSHOT(u)->cleanup = cleanup;
+ u->allow_isolate = true;
*_s = SNAPSHOT(u);
return 0;
More information about the systemd-commits
mailing list