Control: clone -1 -2 Control: reassign -2 atuin Control: retitle -2 atuin.service should not Wants=systemd-networkd-wait-online.service
Hi Colin, thanks for pointing me at this issue. On Tue, Oct 15, 2024 at 02:08:03PM +0100, Colin Watson wrote: > I guess we could patch it to use network.target and add a comment to say > that you might need to change that if you use a different listen > address? And either way, I don't think I see a justification for > Wants=systemd-networkd-wait-online.service - that unit has > Before=network-online.target, so specifying it explicitly seems > redundant. Wants=systemd-networkd-wait-online.service is actively harmful. Installing yubihsm-connector on a system and then rebooting it may cause it to become "degraded" according to systemd. Let me detail how. In theorey ifupdown and networkd can cooperate as long as the user does not configure any interfaces in both tools at the same time. A problem arises when you try operating networkd without configuring any interfaces. systemd-networkd-wait-online only considers the system as connected when an interface managed by networkd gains a default route. If you don't configure any interfaces with it, that never happens and the unit times out. Hence it is a good idea to not enable networkd unless you actually manage a routed interface with it. I argue that service units should not impose a decision on what network management tool is in use. As you say, when networkd is enabled, systemd-networkd-wait-online.service is also enabled and orders before network-online.target, so yubihsm-connector.service will be fine even without wanting systemd-networkd-wait-online.service. Dropping the Wants is not a full solution to Rapahel's original problem, but it seems like it is part of the solution and significantly improves another niche case. Would you agree that this bears sufficiently significant benefits to try getting this change into trixie? I also researched other packages: https://codesearch.debian.net/search?q=Wants.*%3D.*systemd-networkd-wait-online&literal=0 * openfortivpn: unit not installed * waagent: unit not installed * atuin: unit installed outside search path Helmut
