Comments (11)
rustybird
commented on July 17, 2024
- broken dependencies
What are you referring to? Lennart said the dependencies are correct. (If you're talking about the SBIN confusion, I've changed it to @SBIN@ so it's more obvious that this is a variable.)
- Unknown lvalue 'Require' in section 'Unit'
Ouch, fixed.
- dependency cycle
That's a bug in qubes-iptables.service (also, dnf-makecache.timer and yum-makecache.timer), where WantedBy=basic.target is set but DefaultDependencies=no is missing.
from corridor.
adrelanos
commented on July 17, 2024
(--> QubesOS/qubes-issues#2209)
In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832802 I posted a similar systemd service file. One with WantedBy=multi-user.target with After=network-pre.target and Wants=network-pre.target. I was told in such cases one has to use DefaultDependencies=no. [I think he mistyped, because "DefaultDependencies=yes" is the default.]
I did sudo systemctl mask qubes-iptables and rebooted. Still got a systemd ordering cycle.
Jul 30 16:40:25 localhost systemd[1]: Found ordering cycle on basic.target/start
Jul 30 16:40:25 localhost systemd[1]: Found dependency on sysinit.target/start
Jul 30 16:40:25 localhost systemd[1]: Found dependency on networking.service/start
Jul 30 16:40:25 localhost systemd[1]: Found dependency on network-pre.target/start
Jul 30 16:40:25 localhost systemd[1]: Found dependency on corridor-init-forwarding.service/start
Jul 30 16:40:25 localhost systemd[1]: Found dependency on basic.target/start
Jul 30 16:40:25 localhost systemd[1]: Breaking ordering cycle by deleting job networking.service/start
Jul 30 16:40:25 localhost systemd[1]: Job networking.service/start deleted to break ordering cycle starting with basic.target/start
from corridor.
rustybird
commented on July 17, 2024
Ah, Debian's networking.service orders itself after network-pre.target but before sysinit.target. I suppose corridor-init-forwarding.service should use DefaultDependencies=no, have you tested this?
from corridor.
adrelanos
commented on July 17, 2024
Rusty Bird:
Ah, Debian's networking.service orders itself after
network-pre.target but before sysinit.target.
I have no /lib/systemd/system/networking.service.
However, /lib/systemd/system/networking.service.d/network-pre.conf is owned by the systemd package.
dpkg -S /lib/systemd/system/networking.service.d/network-pre.conf
systemd: /lib/systemd/system/networking.service.d/network-pre.conf
cat /lib/systemd/system/networking.service.d/network-pre.conf
[Unit]
After=network-pre.target
systemctl show -p After,Before,Wants,Requires,RequiresOverridable \
> -p Requisite,RequisiteOverridable,BindsTo,PartOf \
> -p Conflicts,DefaultDependencies networking.service
Requires=
RequiresOverridable=
Requisite=
RequisiteOverridable=
Wants=network.target system.slice
BindsTo=
PartOf=
Conflicts=shutdown.target
Before=sysinit.target shutdown.target network.target
After=mountkernfs.service local-fs.target systemd-random-seed.service network-pre.target systemd-journald.socket system.slice
DefaultDependencies=no
I suppose
corridor-init-forwarding.service should use DefaultDependencies=no,
Probably.
have you tested this?
No. ( And I would hope, and trying hard, DefaultDependencies=no could be avoided. )
No, but I am still experimenting with all of this for Qubes-Whonix purposes and trying to figure out if this is something Debian specific? A Debian bug? Or systemd bug? ( https://phabricator.whonix.org/T528 )
from corridor.
rustybird
commented on July 17, 2024
And I would hope, and trying hard, DefaultDependencies=no could be avoided.
Why, what's so bad about it?
No, but I am still experimenting with all of this for Qubes-Whonix purposes and trying to figure out if this is something Debian specific? A Debian bug? Or systemd bug?
Looks like the systemd manpages don't specify that network-pre.target, if pulled in, should be reached as part of "basic system initialization", but networking.service assumes that it is.
from corridor.
adrelanos
commented on July 17, 2024
Why, what's so bad about it?
More difficult to get right and maintain in long run.
from corridor.
rustybird
commented on July 17, 2024
I have no /lib/systemd/system/networking.service
It's generated from the SysV init script: systemctl show networking.service
And I would hope, and trying hard, DefaultDependencies=no could be avoided.
More difficult to get right and maintain in long run.
Eh, corridor-init-forwarding only uses ipset/iptables/sysctl. Should be fine, I'll try it on my end soon. Though if you have the time to try DefaultDependencies=no on Debian, I'd still appreciate it. (No worries if not.)
from corridor.
rustybird
commented on July 17, 2024
It's generated from the SysV init script: systemctl show networking.service
... never mind, I see you've checked that already
from corridor.
adrelanos
commented on July 17, 2024
I will test this soon(ish).
Btw http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2016-July/012257.html says this is not Debian specific.
from corridor.
rustybird
commented on July 17, 2024
Thanks for the link, makes sense.
from corridor.
adrelanos
commented on July 17, 2024
Works for me. systemd no longer reports an ordering cycle.
from corridor.
Related Issues (20)
- please avoid symlinks / breaks Debian packaging HOT 4
- please merge qubes subfolder HOT 2
- Qubes mkdir -p "$RELAYS_STATE" missing HOT 1
- Qubes: systemd corridor-data.service should wait for /rw HOT 2
- Qubes: also process /rw/corridor.d configuration folder HOT 2
- firewall lockdown failure mode HOT 1
- clarify alpha / beta / stable
- clarify compatibility with ufw HOT 2
- testing on Debian host HOT 17
- start corridor-data.service after tor.service HOT 2
- corridor config in /usr/local [/rw] ignored HOT 2
- corridor systemd services hang during corridor upgrades HOT 1
- corridor-init-forwarding.service use Before=shutdown.target Conflicts=shutdown.target HOT 4
- missing make all target HOT 5
- add IPv6 support / port to nftables or Berkeley Packet Filter (BPF) HOT 1
- corridor causes Tor assertion failure on Qubes-Fedora-26-minimal standalone proxyVM HOT 5
- /etc/torrc.d/ vs bridges grep? HOT 4
- systemd WantedBy=multi-user.target correct - resulting in applications using networking before corridor firewall rules are load? HOT 4
- does not fail systemd unit file if folder inaccessible HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from corridor.