cryptsetup-generator: use remote-cryptsetup.target when _netdev is present

This allows such devices to depend on the network. Their startup will
be delayed similarly to network mount units.

Fixes #4642.

diff --git a/man/crypttab.xml b/man/crypttab.xml
index 5223e16..ac7d552 100644 (file)
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -192,6 +192,19 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>_netdev</option></term>
+
+        <listitem><para>Marks this cryptsetup device as requiring network. It will be
+        started after the network is available, similarly to
+        <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+        units marked with <option>_netdev</option>. The service unit to set up this device
+        will be ordered between <filename>remote-cryptsetup-pre.target</filename> and
+        <filename>remote-cryptsetup.target</filename>, instead of
+        <filename>cryptsetup-pre.target</filename> and
+        <filename>cryptsetup.target</filename>.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>noauto</option></term>
 
         <listitem><para>This device will not be automatically unlocked

diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 613b018..11d9892 100644 (file)
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -62,7 +62,7 @@ static int create_disk(
                 *filtered = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         const char *dmname;
-        bool noauto, nofail, tmp, swap;
+        bool noauto, nofail, tmp, swap, netdev;
         int r;
 
         assert(name);
@@ -72,6 +72,7 @@ static int create_disk(
         nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
         tmp = fstab_test_option(options, "tmp\0");
         swap = fstab_test_option(options, "swap\0");
+        netdev = fstab_test_option(options, "_netdev\0");
 
         if (tmp && swap) {
                 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
@@ -102,20 +103,22 @@ static int create_disk(
         if (!f)
                 return log_error_errno(errno, "Failed to create unit file %s: %m", p);
 
-        fputs_unlocked("# Automatically generated by systemd-cryptsetup-generator\n\n"
-                       "[Unit]\n"
-                       "Description=Cryptography Setup for %I\n"
-                       "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
-                       "SourcePath=/etc/crypttab\n"
-                       "DefaultDependencies=no\n"
-                       "Conflicts=umount.target\n"
-                       "IgnoreOnIsolate=true\n"
-                       "After=cryptsetup-pre.target\n",
-                       f);
+        fprintf(f,
+                "# Automatically generated by systemd-cryptsetup-generator\n\n"
+                "[Unit]\n"
+                "Description=Cryptography Setup for %%I\n"
+                "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
+                "SourcePath=/etc/crypttab\n"
+                "DefaultDependencies=no\n"
+                "Conflicts=umount.target\n"
+                "IgnoreOnIsolate=true\n"
+                "After=%s\n",
+                netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target");
 
         if (!nofail)
                 fprintf(f,
-                        "Before=cryptsetup.target\n");
+                        "Before=%s\n",
+                        netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
 
         if (password) {
                 if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
@@ -191,7 +194,8 @@ static int create_disk(
                 if (r < 0)
                         return r;
 
-                r = generator_add_symlink(arg_dest, "cryptsetup.target",
+                r = generator_add_symlink(arg_dest,
+                                          netdev ? "remote-cryptsetup.target" : "cryptsetup.target",
                                           nofail ? "wants" : "requires", n);
                 if (r < 0)
                         return r;