units: introduce systemd-udev-load-credentials.service

4 files changed, 56 insertions, 0 deletions

diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml
index b0fb70c6c5..271c495d2a 100644
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@@ -377,6 +377,31 @@
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><varname>udev.conf.*</varname></term>
+        <term><varname>udev.rules.*</varname></term>
+
+        <listitem>
+          <para>Configures udev configuration file and udev rules. Read by
+          <filename>systemd-udev-load-credentials.service</filename>, which invokes
+          <command>udevadm control --load-credentials</command>. These credentials directly translate to a
+          matching
+          <citerefentry><refentrytitle>udev.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> or
+          <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry> rules
+          file. Example: the contents of a credential
+          <filename>udev.conf.50-foobar</filename> will be copied into a file
+          <filename>/run/udev/udev.conf.d/50-foobar.conf</filename>, and
+          <filename>udev.rules.50-foobar</filename> will be copied into a file
+          <filename>/run/udev/rules.d/50-foobar.rules</filename>. See
+          <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+          <citerefentry><refentrytitle>udev.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, and
+          <citerefentry><refentrytitle>udevadm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          for details.</para>
+
+          <xi:include href="version-info.xml" xpointer="v256"/>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
diff --git a/units/meson.build b/units/meson.build
index 2f972901d4..5b2410fe93 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -688,6 +688,7 @@ units = [
           'conditions' : ['ENABLE_TMPFILES'],
           'symlinks' : ['sysinit.target.wants/'],
         },
+        { 'file' : 'systemd-udev-load-credentials.service' },
         { 'file' : 'systemd-udev-settle.service' },
         {
           'file' : 'systemd-udev-trigger.service',
diff --git a/units/systemd-udev-load-credentials.service b/units/systemd-udev-load-credentials.service
new file mode 100644
index 0000000000..70f69dcf24
--- /dev/null
+++ b/units/systemd-udev-load-credentials.service
@@ -0,0 +1,29 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Load udev Rules from Credentials
+Documentation=man:udevadm(8)
+Documentation=man:udev(7)
+Documentation=man:systemd.system-credentials(7)
+
+DefaultDependencies=no
+Before=systemd-udevd.service
+Conflicts=shutdown.target initrd-switch-root.target
+Before=shutdown.target initrd-switch-root.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=udevadm control --load-credentials
+ImportCredential=udev.conf.*
+ImportCredential=udev.rules.*
+
+[Install]
+WantedBy=sysinit.target
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index b59fdef9b0..f4a4482088 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -13,6 +13,7 @@ Documentation=man:systemd-udevd.service(8) man:udev(7)
 DefaultDependencies=no
 After=systemd-sysusers.service systemd-hwdb-update.service
 Before=sysinit.target
+Wants=systemd-udev-load-credentials.service
 ConditionPathIsReadWrite=/sys
 
 [Service]