confext: add initrd-specific unit

In the initrd we want to run as early as possible, before
any of the filesystems are set up, so that users can use
confexts to customize fstab/veritytab/crypttab/etc. But
in the root fs it needs to run after /var/ has been set
up. Split the unit, and have an initrd-specific one that
runs very early.

man/rules/meson.build

@@ -1093,7 +1093,10 @@ manpages = [
  ['systemd-sysctl.service', '8', ['systemd-sysctl'], ''],
  ['systemd-sysext',
   '8',
-  ['systemd-confext', 'systemd-confext.service', 'systemd-sysext.service'],
+  ['systemd-confext',
+   'systemd-confext-initrd.service',
+   'systemd-confext.service',
+   'systemd-sysext.service'],
   'ENABLE_SYSEXT'],
  ['systemd-system-update-generator', '8', [], ''],
  ['systemd-system.conf',

man/systemd-sysext.xml

@@ -21,6 +21,7 @@
     <refname>systemd-sysext.service</refname>
     <refname>systemd-confext</refname>
     <refname>systemd-confext.service</refname>
+    <refname>systemd-confext-initrd.service</refname>
     <refpurpose>Activates System Extension Images</refpurpose>
   </refnamediv>
 

units/meson.build

@@ -287,6 +287,11 @@ units = [
           'file' : 'systemd-confext.service',
           'conditions' : ['ENABLE_SYSEXT'],
         },
+        {
+          'file' : 'systemd-confext-initrd.service',
+          'conditions' : ['ENABLE_INITRD', 'ENABLE_SYSEXT'],
+          'symlinks' : ['initrd.target.wants/'],
+        },
         {
           'file' : 'systemd-coredump.socket',
           'conditions' : ['ENABLE_COREDUMP'],

units/systemd-confext-initrd.service

@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Merge System Configuration Images into /etc/
+Documentation=man:systemd-confext-initrd.service(8)
+
+ConditionCapability=CAP_SYS_ADMIN
+ConditionDirectoryNotEmpty=|/run/confexts
+ConditionDirectoryNotEmpty=|/var/lib/confexts
+ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
+ConditionDirectoryNotEmpty=|/usr/lib/confexts
+ConditionDirectoryNotEmpty=|/.extra/confext
+ConditionPathExists=/etc/initrd-release
+
+DefaultDependencies=no
+Before=local-fs-pre.target cryptsetup-pre.target systemd-tmpfiles-setup.service
+Wants=local-fs-pre.target cryptsetup-pre.target
+Conflicts=initrd-switch-root.target
+Before=initrd-switch-root.target
+Wants=modprobe@loop.service modprobe@dm_mod.service modprobe@squashfs.service modprobe@erofs.service
+After=modprobe@loop.service modprobe@dm_mod.service modprobe@squashfs.service modprobe@erofs.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=systemd-confext refresh
+ExecReload=systemd-confext refresh
+ExecStop=systemd-confext unmerge

units/systemd-confext.service

@@ -16,13 +16,13 @@ ConditionDirectoryNotEmpty=|/run/confexts
 ConditionDirectoryNotEmpty=|/var/lib/confexts
 ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
 ConditionDirectoryNotEmpty=|/usr/lib/confexts
-ConditionDirectoryNotEmpty=|/.extra/confext
+ConditionPathExists=!/etc/initrd-release
 
 DefaultDependencies=no
 After=local-fs.target
 Before=sysinit.target systemd-tmpfiles-setup.service
-Conflicts=shutdown.target initrd-switch-root.target
+Conflicts=shutdown.target
-Before=shutdown.target initrd-switch-root.target
+Before=shutdown.target
 
 [Service]
 Type=oneshot