Rather than ordering systemd-random-seed-load.service after local-fs.target, start it by path-activation.
We need write access to the seed, so we order the path unit after remount-rootfs.service (in case /var is on the root fs). A better solution might be to introduce PathIsWritable=, but that is not necessary in order to solve the problem, and I don't know of any other usecases for it. Cc: Frederic Crozat <[email protected]> Cc: Michal Schmidt <[email protected]> --- This is my second attempt at solving this problem. The first one had some issues as pointed out by Frederic and Michael. Makefile.am | 7 +++++-- TODO | 2 -- units/.gitignore | 1 + units/systemd-random-seed-load.path.in | 18 ++++++++++++++++++ units/systemd-random-seed-load.service.in | 3 +-- 5 files changed, 25 insertions(+), 6 deletions(-) create mode 100644 units/systemd-random-seed-load.path.in diff --git a/Makefile.am b/Makefile.am index 170465a..5e236f0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -414,6 +414,7 @@ nodist_systemunit_DATA = \ units/systemd-update-utmp-shutdown.service \ units/systemd-random-seed-save.service \ units/systemd-random-seed-load.service \ + units/systemd-random-seed-load.path \ units/systemd-readahead-collect.service \ units/systemd-readahead-replay.service \ units/systemd-readahead-done.service \ @@ -477,6 +478,7 @@ EXTRA_DIST = \ units/systemd-update-utmp-shutdown.service.in \ units/systemd-random-seed-save.service.in \ units/systemd-random-seed-load.service.in \ + units/systemd-random-seed-load.path.in \ units/systemd-readahead-collect.service.in \ units/systemd-readahead-replay.service.in \ units/systemd-readahead-done.service.in \ @@ -1611,6 +1613,7 @@ SED_PROCESS = \ -e 's,@exec_prefix\@,$(exec_prefix),g' \ -e 's,@libdir\@,$(libdir),g' \ -e 's,@includedir\@,$(includedir),g' \ + -e 's,@localstatedir\@,$(localstatedir),g' \ < $< > $@ || rm $@ units/%: units/%.in Makefile @@ -1887,7 +1890,7 @@ endif sys-fs-fuse-connections.mount \ systemd-vconsole-setup.service \ systemd-modules-load.service \ - systemd-random-seed-load.service \ + systemd-random-seed-load.path \ systemd-tmpfiles-setup.service \ systemd-sysctl.service \ systemd-ask-password-console.path \ @@ -1901,7 +1904,7 @@ endif $(LN_S) ../sys-fs-fuse-connections.mount sys-fs-fuse-connections.mount && \ $(LN_S) ../systemd-vconsole-setup.service systemd-vconsole-setup.service && \ $(LN_S) ../systemd-modules-load.service systemd-modules-load.service && \ - $(LN_S) ../systemd-random-seed-load.service systemd-random-seed-load.service && \ + $(LN_S) ../systemd-random-seed-load.path systemd-random-seed-load.path && \ $(LN_S) ../systemd-tmpfiles-setup.service systemd-tmpfiles-setup.service && \ $(LN_S) ../systemd-sysctl.service systemd-sysctl.service && \ $(LN_S) ../systemd-ask-password-console.path systemd-ask-password-console.path && \ diff --git a/TODO b/TODO index a8ab352..ab26eaa 100644 --- a/TODO +++ b/TODO @@ -23,8 +23,6 @@ Features: * Make libselinux, libattr, libcap, libdl dependencies only of the tools which actually need them. -* as Tom Gundersen pointed out there's a always a dep loop if people use crypto file systems with random keys - * unset container= in PID1? * automatically escape unit names passed on the service (i.e. think "systemctl start serial-getty.service@serial/by-path/jshdfjsdfhkjh" being automatically escaped as necessary. diff --git a/units/.gitignore b/units/.gitignore index cc92c73..202cc62 100644 --- a/units/.gitignore +++ b/units/.gitignore @@ -31,6 +31,7 @@ systemd-vconsole-setup.service systemd-auto-serial-getty.service systemd-shutdownd.service systemd-random-seed-load.service +systemd-random-seed-load.path systemd-random-seed-save.service systemd-initctl.service systemd-stdout-syslog-bridge.service diff --git a/units/systemd-random-seed-load.path.in b/units/systemd-random-seed-load.path.in new file mode 100644 index 0000000..614c1d4 --- /dev/null +++ b/units/systemd-random-seed-load.path.in @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +[Unit] +Description=Random Seed +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target +# in case the seed is on the rootfs, we must +# wait for the rootfs to be remonuted rw +After=remount-rootfs.service + +[Path] +PathExists=@localstatedir@/lib/random-seed diff --git a/units/systemd-random-seed-load.service.in b/units/systemd-random-seed-load.service.in index a2b6a55..2bcf1aa 100644 --- a/units/systemd-random-seed-load.service.in +++ b/units/systemd-random-seed-load.service.in @@ -8,9 +8,8 @@ [Unit] Description=Load Random Seed DefaultDependencies=no -Wants=local-fs.target Conflicts=shutdown.target -After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target +After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-random-seed-load.path Before=sysinit.target shutdown.target [Service] -- 1.7.8 _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
