[systemd-devel] Ordering units and targets with devices
Michael Cassaniti
michael at cassaniti.id.au
Thu Aug 25 10:50:56 UTC 2022
On 25/8/22 20:43, Lennart Poettering wrote:
> On Mi, 17.08.22 13:23, Michael Cassaniti (michael at cassaniti.id.au) wrote:
>
>> Hi,
>>
>> I'm trying to order my units and targets during early boot so that:
>> 1. A symlink to the specific FIDO2 token I'm using gets created. I already
>> have a udev rule in place for this and it successfully creates the symlink
>> under /dev. Because I have two tokens I need to specify which one to use.
>> 2. The unit for systemd-cryptsetup at root.service has to wait for this unit.
>> The unit gets generated from systemd-cryptsetup-generator so I can't just
>> add Requires= stanzas to the unit. I do have a /etc/crypttab file.
> systemd-cryptsetup can wait on its own for a FIDO2 token, no need to
> do that with unit deps?
>
> Lennart
>
> --
> Lennart Poettering, Berlin
It seems to be somewhat more complicated than that, and perhaps it has
more to do with my setup. Here's my /etc/crypttab which just might
explain a bit:
# Mount root and swap
# These will initially have an empty password
root /dev/disk/by-partlabel/root -
fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-initrd.attach
swap /dev/disk/by-partlabel/swap -
fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-initrd.attach
I think the fact that both of these get setup at boot and will
concurrently try to access the FIDO2 token is causing issues. That
crypttab is included in the initrd.
Thanks,
Michael Cassaniti, Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20220825/2721c9be/attachment.sig>
More information about the systemd-devel
mailing list