diff --git a/dracut/29kcrypt/generator.sh b/dracut/29kcrypt/generator.sh index 37cc0c3..485cfb4 100755 --- a/dracut/29kcrypt/generator.sh +++ b/dracut/29kcrypt/generator.sh @@ -7,31 +7,29 @@ GENERATOR_DIR="$2" [ -z "$GENERATOR_DIR" ] && exit 1 [ -d "$GENERATOR_DIR" ] || mkdir "$GENERATOR_DIR" -if getargbool 0 rd.neednet; then - { - echo "[Unit]" - echo "DefaultDependencies=no" - echo "Description=kcrypt online mount" - echo "Before=cos-immutable-rootfs.service" - echo "After=network-online.target" +oem_label=$(getarg rd.cos.oemlabel=) +neednet="rd.neednet" + +# See https://github.com/kairos-io/packages/blob/d12b12b043a71d8471454f7b4fc84c3181d2bf60/packages/system/dracut/immutable-rootfs/30cos-immutable-rootfs/cos-generator.sh#L29 +{ + echo "[Unit]" + echo "DefaultDependencies=no" + echo "Description=kcrypt online mount" + echo "Before=cos-immutable-rootfs.service" + if getargbool 0 $neednet; then echo "Wants=network-online.target" - echo "[Service]" - echo "Type=oneshot" - echo "RemainAfterExit=no" - echo "ExecStart=/sbin/kcrypt-mount-local" - } > "$GENERATOR_DIR"/kcrypt.service -else - { - echo "[Unit]" - echo "DefaultDependencies=no" - echo "Description=kcrypt mount" - echo "Before=cos-immutable-rootfs.service" - echo "[Service]" - echo "Type=oneshot" - echo "RemainAfterExit=no" - echo "ExecStart=/sbin/kcrypt-mount-local" - } > "$GENERATOR_DIR"/kcrypt.service -fi + echo "After=network-online.target" + fi + # OEM is special as kcrypt plugins might need that in order to unlock other partitions and plugins can reside in /oem as well and kcrypt needs to find them + if [ -n "${oem_label}" ]; then + echo "After=oem.mount" + fi + echo "[Service]" + echo "Type=oneshot" + echo "RemainAfterExit=no" + echo "ExecStart=/sbin/kcrypt-mount-local" +} > "$GENERATOR_DIR"/kcrypt.service + if [ ! -e "$GENERATOR_DIR/initrd-fs.target.requires/kcrypt.service" ]; then mkdir -p "$GENERATOR_DIR"/initrd-fs.target.requires