On 22/12/2018 16:11, Guilhem Moulin wrote: > If having a key file is acceptable to you, the following crypttab(5) > snippet should be enough for systemd to map the device once /home has > been mounted: > > some_img /home/me/luks/some.img /path/to/key/file luks > I don't really want to use keyfiles.
Actually my current setup is pretty good, I mean the real devices are opened without any issues (using the /etc/crypttab file). I also have the following systemd service for the LUKS images: ----------- [Unit] Description=Cryptography Setup for %I DefaultDependencies=no IgnoreOnIsolate=true After=cryptsetup-pre.target Before=media-luksimg.mount Before=umount.target shutdown.target Conflicts=umount.target shutdown.target RequiresMountsFor=/home/me/luks/some.img [Service] Type=oneshot RemainAfterExit=yes TimeoutSec=30 KeyringMode=shared ExecStart=/usr/sbin/cryptdisks_start luksimg ExecStop=/usr/sbin/cryptdisks_stop luksimg ----------- This simply waits for /home/me/luks/some.img to be accessible, and then it uses cryptdisks_start to unlock the image using the password from the kernel keyring, and I don't have to type the password again when the service is started. Anyways I think crypttab should have such functionality built it (if possible), so everything could be set up in the /etc/crypttab file.
signature.asc
Description: OpenPGP digital signature
