From 921fc451cb7ce29467c5d87346db2b8bb72fdf18 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 20 Dec 2022 17:16:47 +0100 Subject: =?UTF-8?q?units:=20rename/rework=20systemd-boot-system-token.serv?= =?UTF-8?q?ice=20=E2=86=92=20systemd-boot-random-seed.service?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This renames systemd-boot-system-token.service to systemd-boot-random-seed.service and conditions it less strictly. Previously, the job of the service was to write a "system token" EFI variable if it was missing. It called "bootctl --graceful random-seed" for that. With this change we condition it more liberally: instead of calling it only when the "system token" EFI variable isn't set, we call it whenever a boot loader interface compatible boot loader is used. This means, previously it was invoked on the first boot only: now it is invoked at every boot. This doesn#t change the command that is invoked. That's because previously already the "bootctl --graceful random-seed" did two things: set the system token if not set yet *and* refresh the random seed in the ESP. Previousy we put the focus on the former, now we shift the focus to the latter. With this simple change we can replace the logic f913c784ad4c93894fd6cb2590738113dff5a694 added, but from a service that can run much later and doesn't keep the ESP pinned. --- units/meson.build | 2 +- units/systemd-boot-random-seed.service | 15 +++++++-------- units/systemd-boot-update.service | 3 ++- units/systemd-random-seed.service.in | 4 +++- 4 files changed, 13 insertions(+), 11 deletions(-) (limited to 'units') diff --git a/units/meson.build b/units/meson.build index 25e9209b4d..79e2935a50 100644 --- a/units/meson.build +++ b/units/meson.build @@ -105,7 +105,7 @@ units = [ ['systemd-ask-password-wall.path', '', 'multi-user.target.wants/'], ['systemd-ask-password-wall.service', ''], - ['systemd-boot-system-token.service', 'HAVE_GNU_EFI', + ['systemd-boot-random-seed.service', 'HAVE_GNU_EFI', 'sysinit.target.wants/'], ['systemd-boot-update.service', 'HAVE_GNU_EFI'], ['systemd-coredump.socket', 'ENABLE_COREDUMP', diff --git a/units/systemd-boot-random-seed.service b/units/systemd-boot-random-seed.service index ef5577549e..4fa286071d 100644 --- a/units/systemd-boot-random-seed.service +++ b/units/systemd-boot-random-seed.service @@ -8,22 +8,21 @@ # (at your option) any later version. [Unit] -Description=Store a System Token in an EFI Variable -Documentation=man:systemd-boot-system-token.service(8) +Description=Update Boot Loader Random Seed +Documentation=man:systemd-boot-random-seed.service(8) man:random(4) DefaultDependencies=no After=local-fs.target systemd-random-seed.service -Conflicts=shutdown.target initrd-switch-root.target -Before=shutdown.target initrd-switch-root.target +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionVirtualization=!container +ConditionPathExists=!/etc/initrd-release # Only run this if the boot loader can support random seed initialization. ConditionPathExists=|/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ConditionPathExists=|/sys/firmware/efi/efivars/StubFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f -# Only run this if there is no system token defined yet -ConditionPathExists=!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f - [Service] Type=oneshot RemainAfterExit=yes -ExecStart=bootctl random-seed --graceful +ExecStart=bootctl --graceful random-seed diff --git a/units/systemd-boot-update.service b/units/systemd-boot-update.service index 61ff12762a..fe63fde35a 100644 --- a/units/systemd-boot-update.service +++ b/units/systemd-boot-update.service @@ -10,9 +10,10 @@ [Unit] Description=Automatic Boot Loader Update Documentation=man:bootctl(1) + DefaultDependencies=no -Conflicts=shutdown.target After=local-fs.target +Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-update-done.service [Service] diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in index 1aa9af9710..d57b2d1269 100644 --- a/units/systemd-random-seed.service.in +++ b/units/systemd-random-seed.service.in @@ -8,14 +8,16 @@ # (at your option) any later version. [Unit] -Description=Load/Save Random Seed +Description=Load/Save OS Random Seed Documentation=man:systemd-random-seed.service(8) man:random(4) + DefaultDependencies=no RequiresMountsFor={{RANDOM_SEED}} Conflicts=shutdown.target After=systemd-remount-fs.service Before=first-boot-complete.target shutdown.target Wants=first-boot-complete.target + ConditionVirtualization=!container ConditionPathExists=!/etc/initrd-release -- cgit v1.2.1