diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-12-20 17:16:47 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-01-04 15:18:10 +0100 |
| commit | 921fc451cb7ce29467c5d87346db2b8bb72fdf18 (patch) | |
| tree | a5b95a20968323a302482187f834814511ee34a7 /units | |
| parent | 5019b0cb15d788e5e1f3c15eb7cdca6ee18a847c (diff) | |
| download | systemd-921fc451cb7ce29467c5d87346db2b8bb72fdf18.tar.gz | |
units: rename/rework systemd-boot-system-token.service → systemd-boot-random-seed.service
This renames systemd-boot-system-token.service to
systemd-boot-random-seed.service and conditions it less strictly.
Previously, the job of the service was to write a "system token" EFI
variable if it was missing. It called "bootctl --graceful random-seed"
for that. With this change we condition it more liberally: instead of
calling it only when the "system token" EFI variable isn't set, we call
it whenever a boot loader interface compatible boot loader is used. This
means, previously it was invoked on the first boot only: now it is
invoked at every boot.
This doesn#t change the command that is invoked. That's because
previously already the "bootctl --graceful random-seed" did two things:
set the system token if not set yet *and* refresh the random seed in the
ESP. Previousy we put the focus on the former, now we shift the focus to
the latter.
With this simple change we can replace the logic
f913c784ad4c93894fd6cb2590738113dff5a694 added, but from a service that
can run much later and doesn't keep the ESP pinned.
Diffstat (limited to 'units')
| -rw-r--r-- | units/meson.build | 2 | ||||
| -rw-r--r-- | units/systemd-boot-random-seed.service | 15 | ||||
| -rw-r--r-- | units/systemd-boot-update.service | 3 | ||||
| -rw-r--r-- | units/systemd-random-seed.service.in | 4 |
4 files changed, 13 insertions, 11 deletions
diff --git a/units/meson.build b/units/meson.build index 25e9209b4d..79e2935a50 100644 --- a/units/meson.build +++ b/units/meson.build @@ -105,7 +105,7 @@ units = [ ['systemd-ask-password-wall.path', '', 'multi-user.target.wants/'], ['systemd-ask-password-wall.service', ''], - ['systemd-boot-system-token.service', 'HAVE_GNU_EFI', + ['systemd-boot-random-seed.service', 'HAVE_GNU_EFI', 'sysinit.target.wants/'], ['systemd-boot-update.service', 'HAVE_GNU_EFI'], ['systemd-coredump.socket', 'ENABLE_COREDUMP', diff --git a/units/systemd-boot-random-seed.service b/units/systemd-boot-random-seed.service index ef5577549e..4fa286071d 100644 --- a/units/systemd-boot-random-seed.service +++ b/units/systemd-boot-random-seed.service @@ -8,22 +8,21 @@ # (at your option) any later version. [Unit] -Description=Store a System Token in an EFI Variable -Documentation=man:systemd-boot-system-token.service(8) +Description=Update Boot Loader Random Seed +Documentation=man:systemd-boot-random-seed.service(8) man:random(4) DefaultDependencies=no After=local-fs.target systemd-random-seed.service -Conflicts=shutdown.target initrd-switch-root.target -Before=shutdown.target initrd-switch-root.target +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionVirtualization=!container +ConditionPathExists=!/etc/initrd-release # Only run this if the boot loader can support random seed initialization. ConditionPathExists=|/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ConditionPathExists=|/sys/firmware/efi/efivars/StubFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f -# Only run this if there is no system token defined yet -ConditionPathExists=!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f - [Service] Type=oneshot RemainAfterExit=yes -ExecStart=bootctl random-seed --graceful +ExecStart=bootctl --graceful random-seed diff --git a/units/systemd-boot-update.service b/units/systemd-boot-update.service index 61ff12762a..fe63fde35a 100644 --- a/units/systemd-boot-update.service +++ b/units/systemd-boot-update.service @@ -10,9 +10,10 @@ [Unit] Description=Automatic Boot Loader Update Documentation=man:bootctl(1) + DefaultDependencies=no -Conflicts=shutdown.target After=local-fs.target +Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-update-done.service [Service] diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index 1aa9af9710..d57b2d1269 100644 --- a/units/systemd-random-seed.service.in +++ b/units/systemd-random-seed.service.in @@ -8,14 +8,16 @@ # (at your option) any later version. [Unit] -Description=Load/Save Random Seed +Description=Load/Save OS Random Seed Documentation=man:systemd-random-seed.service(8) man:random(4) + DefaultDependencies=no RequiresMountsFor={{RANDOM_SEED}} Conflicts=shutdown.target After=systemd-remount-fs.service Before=first-boot-complete.target shutdown.target Wants=first-boot-complete.target + ConditionVirtualization=!container ConditionPathExists=!/etc/initrd-release |