cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup

poettering · poettering · commit 9542239eaf48 · 2014-06-18T00:09:46.000+02:00
https://bugzilla.redhat.com/show_bug.cgi?id=1097938
diff --git a/Makefile.am b/Makefile.am
@@ -3933,7 +3933,8 @@ systemgenerator_PROGRAMS += \
 	systemd-cryptsetup-generator
 
 dist_systemunit_DATA += \
-	units/cryptsetup.target
+	units/cryptsetup.target \
+	units/cryptsetup-pre.target
 
 systemd_cryptsetup_SOURCES = \
 	src/cryptsetup/cryptsetup.c
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
@@ -52,6 +52,7 @@
                 <filename>bluetooth.target</filename>,
                 <filename>ctrl-alt-del.target</filename>,
                 <filename>cryptsetup.target</filename>,
+                <filename>cryptsetup-pre.target</filename>,
                 <filename>dbus.service</filename>,
                 <filename>dbus.socket</filename>,
                 <filename>default.target</filename>,
@@ -840,6 +841,27 @@
                 transaction.</para>
 
                 <variablelist>
+                        <varlistentry>
+                                <term><filename>cryptsetup-pre.target</filename></term>
+                                <listitem>
+                                        <para>This passive target unit
+                                        may be pulled in by services
+                                        that want to run before any
+                                        encrypted block device is set
+                                        up. All encrypted block
+                                        devices are set up after this
+                                        target has been reached. Since
+                                        the shutdown order is
+                                        implicitly the reverse
+                                        start-up order between units
+                                        this target is particularly
+                                        useful to ensure that a
+                                        service is shut down only
+                                        after all encrypted block
+                                        devices are fully
+                                        stopped.</para>
+                                </listitem>
+                        </varlistentry>
                         <varlistentry>
                                 <term><filename>local-fs-pre.target</filename></term>
                                 <listitem>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
@@ -127,7 +127,7 @@ static int create_disk(
                 "Conflicts=umount.target\n"
                 "BindsTo=dev-mapper-%i.device\n"
                 "IgnoreOnIsolate=true\n"
-                "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
+                "After=systemd-readahead-collect.service systemd-readahead-replay.service cryptsetup-pre.target\n",
                 f);
 
         if (!nofail)
diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target
@@ -0,0 +1,11 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Encrypted Volumes (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
