Follow up patch for 25d3ee5471

This patch is a follow up patch fixing some nits left by the review
25d3ee5471.

It does:

* Fix the README file to say that the password *must* be encrypted and
  the option values *must* be quoted

* Adds Type=oneshot in the upstart service config file so that upstart
  will not try to restart the service over and over.

* Enable setu, sete and setpipefail in the dynamic-login script

Change-Id: Iee5d75daef24469ccf47ca12de6ead37bf9d8d6f

elements/dynamic-login/README.rst

@@ -27,13 +27,13 @@ rootpwd
   :Description: If the operator append rootpwd="$ENCRYPTED_PASSWORD" to the
                 kernel command line on boot, the helper script will set the
                 root password to the one specified by this option. Note that
-                this password should be **encrypted**. Encrypted passwords
+                this password must be **encrypted**. Encrypted passwords
                 can be generated using the ``openssl`` command, e.g:
                 *openssl passwd -1*.
 
 
 .. note::
-   The value of these parameters should be **quoted**, e.g: sshkey="ssh-rsa
+   The value of these parameters must be **quoted**, e.g: sshkey="ssh-rsa
    BBBA1NBzaC1yc2E ..."
 
 

elements/dynamic-login/init-scripts/systemd/dynamic-login.service

@@ -3,6 +3,7 @@ Description=Dynamic Login
 After=network.target
 
 [Service]
+Type=oneshot
 ExecStart=/usr/local/bin/dynamic-login
 
 [Install]

elements/dynamic-login/static/usr/local/bin/dynamic-login

@@ -1,5 +1,5 @@
 #!/bin/bash
-# dib-lint: disable=setu sete setpipefail dibdebugtrace
+# dib-lint: disable=dibdebugtrace
 # Copyright 2015 Red Hat, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -14,6 +14,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+set -eu
+set -o pipefail
+
 # Reads an encrypted root password from the kernel command line and set
 # it to the root user
 if [[ $(</proc/cmdline) =~ rootpwd=\"([^\"]+)\" ]]; then