From 9810e419425263bde86787bc21251f1ad3c35628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Sep 2022 12:39:10 +0100 Subject: [PATCH 1/6] units: reorder/split unit dependency blocks The block is reordered and split to have: 1. description + documentation 2. (optionally) conditions 3. all the dependencies I think it's easier to read the units this way. Also, the Conflicts+Before is seperated out to separate lines. The ordering dependency is "fake", because it could just as well be After=, we are adding it to force ordering wrt. shutdown.target, and it plays a different role than the other Before=, which are about a real ordering on boot. --- units/initrd-switch-root.service | 6 ++++-- units/ldconfig.service | 11 +++++++---- units/sysinit.target | 6 ++++-- units/systemd-ask-password-console.path | 12 ++++++++---- units/systemd-ask-password-console.service | 11 +++++++---- units/systemd-ask-password-wall.path | 7 +++++-- units/systemd-boot-system-token.service | 1 + units/systemd-network-generator.service.in | 1 + units/systemd-sysext.service | 11 +++++++---- units/systemd-sysusers.service | 7 +++++-- units/systemd-tmpfiles-clean.service | 1 + units/systemd-tmpfiles-setup-dev.service | 6 ++++-- units/systemd-tmpfiles-setup.service | 4 +++- 13 files changed, 57 insertions(+), 27 deletions(-) diff --git a/units/initrd-switch-root.service b/units/initrd-switch-root.service index e3d6926711..9914d26408 100644 --- a/units/initrd-switch-root.service +++ b/units/initrd-switch-root.service @@ -9,11 +9,13 @@ [Unit] Description=Switch Root -DefaultDependencies=no + AssertPathExists=/etc/initrd-release + +DefaultDependencies=no +AllowIsolate=yes OnFailure=emergency.target OnFailureJobMode=replace-irreversibly -AllowIsolate=yes [Service] Type=oneshot diff --git a/units/ldconfig.service b/units/ldconfig.service index 33824d4d4f..cb887ae865 100644 --- a/units/ldconfig.service +++ b/units/ldconfig.service @@ -10,13 +10,16 @@ [Unit] Description=Rebuild Dynamic Linker Cache Documentation=man:ldconfig(8) -DefaultDependencies=no -Conflicts=shutdown.target -After=local-fs.target -Before=sysinit.target shutdown.target systemd-update-done.service + ConditionNeedsUpdate=|/etc ConditionFileNotEmpty=|!/etc/ld.so.cache +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target +Before=shutdown.target + [Service] Type=oneshot RemainAfterExit=yes diff --git a/units/sysinit.target b/units/sysinit.target index eed3d16b45..5187605a3c 100644 --- a/units/sysinit.target +++ b/units/sysinit.target @@ -10,6 +10,8 @@ [Unit] Description=System Initialization Documentation=man:systemd.special(7) -Conflicts=emergency.service emergency.target + Wants=local-fs.target swap.target -After=local-fs.target swap.target emergency.service emergency.target +After=local-fs.target swap.target +Conflicts=emergency.service emergency.target +Before=emergency.service emergency.target diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path index 7b84923023..997fe0ff0c 100644 --- a/units/systemd-ask-password-console.path +++ b/units/systemd-ask-password-console.path @@ -10,12 +10,16 @@ [Unit] Description=Dispatch Password Requests to Console Directory Watch Documentation=man:systemd-ask-password-console.path(8) -DefaultDependencies=no -Conflicts=shutdown.target emergency.service -After=plymouth-start.service -Before=paths.target shutdown.target cryptsetup.target + ConditionPathExists=!/run/plymouth/pid +DefaultDependencies=no +After=plymouth-start.service +Before=paths.target cryptsetup.target +Conflicts=emergency.service +Conflicts=shutdown.target +Before=shutdown.target + [Path] DirectoryNotEmpty=/run/systemd/ask-password MakeDirectory=yes diff --git a/units/systemd-ask-password-console.service b/units/systemd-ask-password-console.service index d31f3fa70f..97c651f009 100644 --- a/units/systemd-ask-password-console.service +++ b/units/systemd-ask-password-console.service @@ -10,12 +10,15 @@ [Unit] Description=Dispatch Password Requests to Console Documentation=man:systemd-ask-password-console.service(8) -DefaultDependencies=no -Conflicts=shutdown.target emergency.service -After=plymouth-start.service systemd-vconsole-setup.service -Before=shutdown.target + ConditionPathExists=!/run/plymouth/pid +DefaultDependencies=no +After=plymouth-start.service systemd-vconsole-setup.service +Conflicts=emergency.service +Conflicts=shutdown.target +Before=shutdown.target + [Service] ExecStart=systemd-tty-ask-password-agent --watch --console SystemCallArchitectures=native diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path index 13e1dae672..e3b6c61346 100644 --- a/units/systemd-ask-password-wall.path +++ b/units/systemd-ask-password-wall.path @@ -10,9 +10,12 @@ [Unit] Description=Forward Password Requests to Wall Directory Watch Documentation=man:systemd-ask-password-wall.path(8) + DefaultDependencies=no -Conflicts=shutdown.target emergency.service -Before=paths.target shutdown.target cryptsetup.target +Before=paths.target cryptsetup.target +Conflicts=emergency.service +Conflicts=shutdown.target +Before=shutdown.target [Path] DirectoryNotEmpty=/run/systemd/ask-password diff --git a/units/systemd-boot-system-token.service b/units/systemd-boot-system-token.service index 55f05ec8d8..56d3c8ad47 100644 --- a/units/systemd-boot-system-token.service +++ b/units/systemd-boot-system-token.service @@ -10,6 +10,7 @@ [Unit] Description=Store a System Token in an EFI Variable Documentation=man:systemd-boot-system-token.service(8) + DefaultDependencies=no Conflicts=shutdown.target After=local-fs.target systemd-random-seed.service diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in index 6c65efa20e..ff95266d39 100644 --- a/units/systemd-network-generator.service.in +++ b/units/systemd-network-generator.service.in @@ -10,6 +10,7 @@ [Unit] Description=Generate network units from Kernel command line Documentation=man:systemd-network-generator.service(8) + DefaultDependencies=no Before=network-pre.target systemd-udevd.service Wants=network-pre.target diff --git a/units/systemd-sysext.service b/units/systemd-sysext.service index 35b5edca1d..245c0e5a0d 100644 --- a/units/systemd-sysext.service +++ b/units/systemd-sysext.service @@ -10,10 +10,7 @@ [Unit] Description=Merge System Extension Images into /usr/ and /opt/ Documentation=man:systemd-sysext.service(8) -DefaultDependencies=no -Conflicts=shutdown.target -After=local-fs.target -Before=sysinit.target shutdown.target systemd-tmpfiles.service + ConditionCapability=CAP_SYS_ADMIN ConditionDirectoryNotEmpty=|/etc/extensions ConditionDirectoryNotEmpty=|/run/extensions @@ -21,6 +18,12 @@ ConditionDirectoryNotEmpty=|/var/lib/extensions ConditionDirectoryNotEmpty=|/usr/local/lib/extensions ConditionDirectoryNotEmpty=|/usr/lib/extensions +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target systemd-tmpfiles.service +Conflicts=shutdown.target +Before=shutdown.target + [Service] Type=oneshot RemainAfterExit=yes diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service index 91132dafa9..8b9335ff28 100644 --- a/units/systemd-sysusers.service +++ b/units/systemd-sysusers.service @@ -10,10 +10,13 @@ [Unit] Description=Create System Users Documentation=man:sysusers.d(5) man:systemd-sysusers.service(8) + DefaultDependencies=no -Conflicts=shutdown.target After=systemd-remount-fs.service -Before=sysinit.target shutdown.target systemd-update-done.service +Before=sysinit.target systemd-update-done.service +Conflicts=shutdown.target +Before=shutdown.target + ConditionNeedsUpdate=|/etc ConditionCredential=|sysusers.extra diff --git a/units/systemd-tmpfiles-clean.service b/units/systemd-tmpfiles-clean.service index 6ae4e74ddd..7f1b7ec594 100644 --- a/units/systemd-tmpfiles-clean.service +++ b/units/systemd-tmpfiles-clean.service @@ -10,6 +10,7 @@ [Unit] Description=Cleanup of Temporary Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + DefaultDependencies=no Conflicts=shutdown.target initrd-switch-root.service After=local-fs.target time-set.target diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service index ad0e54fcc4..d202a7568f 100644 --- a/units/systemd-tmpfiles-setup-dev.service +++ b/units/systemd-tmpfiles-setup-dev.service @@ -10,10 +10,12 @@ [Unit] Description=Create Static Device Nodes in /dev Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + DefaultDependencies=no -Conflicts=shutdown.target After=systemd-sysusers.service -Before=sysinit.target local-fs-pre.target systemd-udevd.service shutdown.target +Before=sysinit.target local-fs-pre.target systemd-udevd.service +Conflicts=shutdown.target +Before=shutdown.target [Service] Type=oneshot diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service index fc6a4a0e0b..baed27df75 100644 --- a/units/systemd-tmpfiles-setup.service +++ b/units/systemd-tmpfiles-setup.service @@ -10,10 +10,12 @@ [Unit] Description=Create Volatile Files and Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + DefaultDependencies=no Conflicts=shutdown.target initrd-switch-root.service After=local-fs.target systemd-sysusers.service systemd-journald.service -Before=sysinit.target shutdown.target +Before=sysinit.target +Before=shutdown.target RefuseManualStop=yes [Service] From d5fd07cdeef104fdf4e1e1f9e60ff7ccb4669623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Sep 2022 11:22:42 +0100 Subject: [PATCH 2/6] units/systemd-network-generator.service: add forgotten ordering for shutdown --- units/systemd-network-generator.service.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in index ff95266d39..41c27c50d8 100644 --- a/units/systemd-network-generator.service.in +++ b/units/systemd-network-generator.service.in @@ -14,6 +14,8 @@ Documentation=man:systemd-network-generator.service(8) DefaultDependencies=no Before=network-pre.target systemd-udevd.service Wants=network-pre.target +Conflicts=shutdown.target +Before=shutdown.target [Service] Type=oneshot From 7c0e2b555968d70ac563a37e32a6931ee90961a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Sep 2022 12:39:10 +0100 Subject: [PATCH 3/6] units: add ordering dependencies on initrd-switch-root.target For shutdown, we queue shutdown.target/start, so in every unit which should be stopped *before* shutdown, we need both Conflicts and an ordering dependency with shutdown.target (either Before= or After= would work, because stop jobs are always ordered before start jobs). For initrd transition, we queue initrd-switch-root.service/isolate. This automatically creates a /stop job for every running unit without IgnoreOnIsolate. But no ordering dependency is created, unless the unit has a (possibly transitive) ordering dependency on initrd-switch-root.service. Since most units must stop before the transition, we should add the ordering dependency. It is nicer to use Before=initrd-switch-root.target for this. initrd-switch-root.target is ordered before initrd-switch-root.service, so the effect it the same when both are in a transaction. Fixes #23745. To also cover the case where somebody is emergency mode in the initrd and queues initrd-switch-root.service/start (not isolate), also add Conflicts=initrd-switch-root.target, so various units are stopped properly. This extends 2525682565b372b9b83c848bfe89c025fed47a1d to cover all the other services that are touched. It could be consider "operator error", but it's easy to make and it's nicer if we can make this more foolproof. --- units/ldconfig.service | 4 ++-- units/systemd-ask-password-console.service | 4 ++-- units/systemd-boot-system-token.service | 4 ++-- units/systemd-network-generator.service.in | 4 ++-- units/systemd-sysext.service | 4 ++-- units/systemd-sysusers.service | 4 ++-- units/systemd-tmpfiles-clean.service | 4 ++-- units/systemd-tmpfiles-setup-dev.service | 4 ++-- units/systemd-tmpfiles-setup.service | 4 ++-- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/units/ldconfig.service b/units/ldconfig.service index cb887ae865..53c6d4ecb1 100644 --- a/units/ldconfig.service +++ b/units/ldconfig.service @@ -17,8 +17,8 @@ ConditionFileNotEmpty=|!/etc/ld.so.cache DefaultDependencies=no After=local-fs.target Before=sysinit.target systemd-update-done.service -Conflicts=shutdown.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target [Service] Type=oneshot diff --git a/units/systemd-ask-password-console.service b/units/systemd-ask-password-console.service index 97c651f009..9360bf1d5a 100644 --- a/units/systemd-ask-password-console.service +++ b/units/systemd-ask-password-console.service @@ -16,8 +16,8 @@ ConditionPathExists=!/run/plymouth/pid DefaultDependencies=no After=plymouth-start.service systemd-vconsole-setup.service Conflicts=emergency.service -Conflicts=shutdown.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target [Service] ExecStart=systemd-tty-ask-password-agent --watch --console diff --git a/units/systemd-boot-system-token.service b/units/systemd-boot-system-token.service index 56d3c8ad47..662a1fda04 100644 --- a/units/systemd-boot-system-token.service +++ b/units/systemd-boot-system-token.service @@ -12,9 +12,9 @@ Description=Store a System Token in an EFI Variable Documentation=man:systemd-boot-system-token.service(8) DefaultDependencies=no -Conflicts=shutdown.target After=local-fs.target systemd-random-seed.service -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target # Don't run this in a VM environment, because there EFI variables are not # actually stored in NVRAM, independent of regular storage. diff --git a/units/systemd-network-generator.service.in b/units/systemd-network-generator.service.in index 41c27c50d8..2b79ca6b8a 100644 --- a/units/systemd-network-generator.service.in +++ b/units/systemd-network-generator.service.in @@ -14,8 +14,8 @@ Documentation=man:systemd-network-generator.service(8) DefaultDependencies=no Before=network-pre.target systemd-udevd.service Wants=network-pre.target -Conflicts=shutdown.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target [Service] Type=oneshot diff --git a/units/systemd-sysext.service b/units/systemd-sysext.service index 245c0e5a0d..254de2b623 100644 --- a/units/systemd-sysext.service +++ b/units/systemd-sysext.service @@ -21,8 +21,8 @@ ConditionDirectoryNotEmpty=|/usr/lib/extensions DefaultDependencies=no After=local-fs.target Before=sysinit.target systemd-tmpfiles.service -Conflicts=shutdown.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target [Service] Type=oneshot diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service index 8b9335ff28..0eb40294b2 100644 --- a/units/systemd-sysusers.service +++ b/units/systemd-sysusers.service @@ -14,8 +14,8 @@ Documentation=man:sysusers.d(5) man:systemd-sysusers.service(8) DefaultDependencies=no After=systemd-remount-fs.service Before=sysinit.target systemd-update-done.service -Conflicts=shutdown.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target ConditionNeedsUpdate=|/etc ConditionCredential=|sysusers.extra diff --git a/units/systemd-tmpfiles-clean.service b/units/systemd-tmpfiles-clean.service index 7f1b7ec594..4163aef729 100644 --- a/units/systemd-tmpfiles-clean.service +++ b/units/systemd-tmpfiles-clean.service @@ -12,9 +12,9 @@ Description=Cleanup of Temporary Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) DefaultDependencies=no -Conflicts=shutdown.target initrd-switch-root.service After=local-fs.target time-set.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target [Service] Type=oneshot diff --git a/units/systemd-tmpfiles-setup-dev.service b/units/systemd-tmpfiles-setup-dev.service index d202a7568f..c65539aa79 100644 --- a/units/systemd-tmpfiles-setup-dev.service +++ b/units/systemd-tmpfiles-setup-dev.service @@ -14,8 +14,8 @@ Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) DefaultDependencies=no After=systemd-sysusers.service Before=sysinit.target local-fs-pre.target systemd-udevd.service -Conflicts=shutdown.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target [Service] Type=oneshot diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service index baed27df75..7e11eb9414 100644 --- a/units/systemd-tmpfiles-setup.service +++ b/units/systemd-tmpfiles-setup.service @@ -12,10 +12,10 @@ Description=Create Volatile Files and Directories Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) DefaultDependencies=no -Conflicts=shutdown.target initrd-switch-root.service After=local-fs.target systemd-sysusers.service systemd-journald.service Before=sysinit.target -Before=shutdown.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target RefuseManualStop=yes [Service] From 3449814b8bda96e0a7d14fe1287f85ba9b269d8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Sep 2022 14:58:25 +0200 Subject: [PATCH 4/6] units: add dependency ordering for emergency.service conflicts If we want to stop those services which would compete for access to the console, we need to have an ordering so that they are actually stopped before the other things starts, not asynchronously. --- units/systemd-ask-password-console.path | 1 + units/systemd-ask-password-console.service | 1 + units/systemd-ask-password-wall.path | 1 + 3 files changed, 3 insertions(+) diff --git a/units/systemd-ask-password-console.path b/units/systemd-ask-password-console.path index 997fe0ff0c..5277db9a8d 100644 --- a/units/systemd-ask-password-console.path +++ b/units/systemd-ask-password-console.path @@ -17,6 +17,7 @@ DefaultDependencies=no After=plymouth-start.service Before=paths.target cryptsetup.target Conflicts=emergency.service +Before=emergency.service Conflicts=shutdown.target Before=shutdown.target diff --git a/units/systemd-ask-password-console.service b/units/systemd-ask-password-console.service index 9360bf1d5a..afd0f0baad 100644 --- a/units/systemd-ask-password-console.service +++ b/units/systemd-ask-password-console.service @@ -16,6 +16,7 @@ ConditionPathExists=!/run/plymouth/pid DefaultDependencies=no After=plymouth-start.service systemd-vconsole-setup.service Conflicts=emergency.service +Before=emergency.service Conflicts=shutdown.target initrd-switch-root.target Before=shutdown.target initrd-switch-root.target diff --git a/units/systemd-ask-password-wall.path b/units/systemd-ask-password-wall.path index e3b6c61346..161562a8bd 100644 --- a/units/systemd-ask-password-wall.path +++ b/units/systemd-ask-password-wall.path @@ -14,6 +14,7 @@ Documentation=man:systemd-ask-password-wall.path(8) DefaultDependencies=no Before=paths.target cryptsetup.target Conflicts=emergency.service +Before=emergency.service Conflicts=shutdown.target Before=shutdown.target From 5b5ec138c65d587ecac1be5790ab9854e49a0446 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Sep 2022 13:00:43 +0100 Subject: [PATCH 5/6] units: make sure that initrd-switch-root.service pulls in .target Normally we queue initrd-switch-root.target/isolate, which pulls in the service via Wants= in the .target unit file. But if the service is instead started directly, there may be nothing pulling in the target. Let's make sure that the reference exists. --- units/initrd-switch-root.service | 1 + 1 file changed, 1 insertion(+) diff --git a/units/initrd-switch-root.service b/units/initrd-switch-root.service index 9914d26408..b19b7bbc21 100644 --- a/units/initrd-switch-root.service +++ b/units/initrd-switch-root.service @@ -13,6 +13,7 @@ Description=Switch Root AssertPathExists=/etc/initrd-release DefaultDependencies=no +Wants=initrd-switch-root.target AllowIsolate=yes OnFailure=emergency.target OnFailureJobMode=replace-irreversibly From 89c4dc52b3e635904e5cc6e7af500a8ea1963b64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Sep 2022 13:05:25 +0100 Subject: [PATCH 6/6] units: drop path to executable in $PATH We don't have it other places, so let's make things a bit simpler. --- units/system-update-cleanup.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/system-update-cleanup.service b/units/system-update-cleanup.service index d0878dcb0b..5a5dd725a1 100644 --- a/units/system-update-cleanup.service +++ b/units/system-update-cleanup.service @@ -32,4 +32,4 @@ ConditionPathIsSymbolicLink=|/system-update [Service] Type=oneshot -ExecStart=/bin/rm -fv /system-update +ExecStart=rm -fv /system-update