[systemd-devel] [PATCH V3] cryptsetup-generator: add JobTimeoutSec=0 for the decrypted crypt devices

[harald at redhat.com]

From: Harald Hoyer <harald at redhat.com>

The password query for a crypto device currently times out after 90s,
which is too short to grab a cup of coffee when a machine boots	up.

The resulting decrypted device /dev/mapper/luks-<uuid> might not
be a mountpoint (but part of a LVM PV or raid array)
and therefore the timeout cannot be controlled by the settings
in /etc/fstab. For this reason this device should not carry its own timeout.

Also the encrypted device /dev/disk/by-*/* already has a timeout and
additionally the timeout for the password query is set in /etc/crypttab.

This patch disables the timeout of the resulting decrypted devices by creating
<device-unit>.d/50-job-timeout-sec-0.conf files with "JobTimeoutSec=0".
---
 src/cryptsetup/cryptsetup-generator.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 6b9bc55..fd2080b 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -213,6 +213,23 @@ static int create_disk(
                 return -errno;
         }
 
+        if (!noauto && !nofail) {
+                int r;
+                free(p);
+                p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
+                if (!p)
+                        return log_oom();
+
+                mkdir_parents_label(p, 0755);
+
+                r = write_string_file(p,
+                                "# Automatically generated by systemd-cryptsetup-generator\n\n"
+                                "[Unit]\n"
+                                "JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
+                if (r)
+                        return r;
+        }
+
         return 0;
 }
 
-- 
1.8.2