On 10/15/2012 04:42 AM, Jakob Hetzelein wrote: > Dear list, > > since there don't seem to be many people around worrying about the > interaction between *Truecrypt and systemd*, I recently encountered the > problem of incorporating the mounting of my home directory neatly into > systemd's start up process. Since I use Arch, I mainly found information > on the respective¹ forums². Although this helped quite a lot, there are > still some questions open and I wanted to ask for some assistance here: > > Which way would you recommend to use to mount an encrypted filesystem in > the boot process using systemd? > > 1. Instinctively, I'd go for *fstab*, but that didn't work out. The > fstab way described in the Arch wiki³ works with sysv, but not with > systemd: I presume this is due to StandarInput not being given to tty in > the mount scripts. Is that possible somehow? When using truecrypt, it is > paramount to be able to enter the password/keyfiles while mounting the > volume, thus StandardInput=tty(-force) might be necessary at some pount > in the .mount mechanism, but I don't know where. > > 2. The other way I'm using so far is by using a *truecrypt.service*. I > put my ideas into the arch wiki⁴ but think it's worth to reproduce them > here: > > ======================================================================== > [Unit] > Description=Truecrypt volume manager > ConditionPathExists=!/home/MOUNTPOUNT > #Before=mpd.service > > [Service] > Type=oneshot > StandardInput=tty-force > ExecStart=/usr/bin/truecrypt -t /dev/sdXY /home/ > RemainAfterExit=yes > ExecStop=/usr/bin/truecrypt -t -d > TimeOutSec=5 > > [Install] > WantedBy=multi-user.target > ======================================================================== > > Mounting works fine, about the unmounting I'm not so sure but according > to the logs it should be ok, too (there's not much in them except for a > few echos I put in the beginning and end of ExecStop (separated by ;) > > But here, my questions are: > > a) Do you consider this a sound service? > b) Should I change _WantedBy_ to _local-fs.target_ or any other target? > c) Should I insert an _After_ line? > d) As you can see, I use mpd and thus have included a > _Before=mpd.service_ line in order to let mpd wait for this service to > finish loading. I think that is fine and should also determine the > shutdown process to proceed in the reverse order, right? > > ¹ https://bbs.archlinux.org/viewtopic.php?id=142289 > ² https://bbs.archlinux.org/viewtopic.php?id=149269 > ³ https://wiki.archlinux.org/index.php/Truecrypt#Mount_volumes_via_fstab > ⁴ > https://wiki.archlinux.org/index.php/Systemd/Services#truecrypt_volume_manager > > Best wishes and thanks for your help in advance, > > Jakob > >
You might have more success if you treat truecrypt more like cryptsetup in that it only handles mapping a block device to /dev/mapper/*. You can do this with the --filesystem=none option. Then you can have a [email protected] which looks a lot like the [email protected]. The mounting from /dev/mapper/truecrypt* can then be placed in /etc/fstab as normal. One odd thing to note though is that truecrypt fails if the loop.ko module isn't loaded (maybe only when using a file-based container). It isn't loaded on demand as it can/should be. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
