[systemd-devel] /etc/fstab dependences migrated between units due to automount feature

[Michael Chapman]

On Fri, 30 Aug 2019, Daniel Otero Oubiña wrote:
> Hi all!
> 
> I have found a somehow strange systemd "feature" that I'm not sure if it's
> a bug. Let me know if you prefer having this reported on GitHub instead.
> 
> First, let me explain my setup: I have a data filesystem that is split in
> two encrypted partitions (with LUKS) formated as a single btrfs raid1
> filesystem.
> I manage to make everything work just modifying fstab and crypttab.
> 
> The problem arises when I try to make the data partition mounted on demand
> (`x-systemd.automount`). That's because it makes my "decrypted partitions"
> dependences (declared with `systemd.requires=systemd-cryptsetup at xxx.service`)
> move from the .mount autogenerated unit to the .automount one. This causes
> the partitions to be decrypted even if the data filesystem is never used,
> because the .automount unit is activated on boot. Is there a reasoning for
> this behavior or I'm missing something?
> 
> Here is a link with the autogenerated units with and without the automount
> option:
>  https://pastebin.com/RkdHFt59

First, I don't think you should specify 
x-systemd.requires=systemd-cryptsetup at xxx.service explicitly.

systemd's cryptsetup-generator ensures that cryptsetup.target has 
Wants=systemd-cryptsetup at xxx.service, and systemd-cryptsetup at xxx.service 
has BindsTo=dev-yyy.device according to the contents of your crypttab 
file.

The end result is cryptsetup should be performed when the device is 
detected, not necessarily when any filesystem on it is mounted. That is 
the behaviour you're seeing already, but without any need for explicit 
dependencies.

As for whether this behaviour is intended, I would say it is. An encrypted 
block device might be used for something other than a mountable 
filesystem. You might have LVM on it, for instance.