Dear list, since there don't seem to be many people around worrying about the interaction between *Truecrypt and systemd*, I recently encountered the problem of incorporating the mounting of my home directory neatly into systemd's start up process. Since I use Arch, I mainly found information on the respective¹ forums². Although this helped quite a lot, there are still some questions open and I wanted to ask for some assistance here:
Which way would you recommend to use to mount an encrypted filesystem in the boot process using systemd? 1. Instinctively, I'd go for *fstab*, but that didn't work out. The fstab way described in the Arch wiki³ works with sysv, but not with systemd: I presume this is due to StandarInput not being given to tty in the mount scripts. Is that possible somehow? When using truecrypt, it is paramount to be able to enter the password/keyfiles while mounting the volume, thus StandardInput=tty(-force) might be necessary at some pount in the .mount mechanism, but I don't know where. 2. The other way I'm using so far is by using a *truecrypt.service*. I put my ideas into the arch wiki⁴ but think it's worth to reproduce them here: ======================================================================== [Unit] Description=Truecrypt volume manager ConditionPathExists=!/home/MOUNTPOUNT #Before=mpd.service [Service] Type=oneshot StandardInput=tty-force ExecStart=/usr/bin/truecrypt -t /dev/sdXY /home/ RemainAfterExit=yes ExecStop=/usr/bin/truecrypt -t -d TimeOutSec=5 [Install] WantedBy=multi-user.target ======================================================================== Mounting works fine, about the unmounting I'm not so sure but according to the logs it should be ok, too (there's not much in them except for a few echos I put in the beginning and end of ExecStop (separated by ;) But here, my questions are: a) Do you consider this a sound service? b) Should I change _WantedBy_ to _local-fs.target_ or any other target? c) Should I insert an _After_ line? d) As you can see, I use mpd and thus have included a _Before=mpd.service_ line in order to let mpd wait for this service to finish loading. I think that is fine and should also determine the shutdown process to proceed in the reverse order, right? ¹ https://bbs.archlinux.org/viewtopic.php?id=142289 ² https://bbs.archlinux.org/viewtopic.php?id=149269 ³ https://wiki.archlinux.org/index.php/Truecrypt#Mount_volumes_via_fstab ⁴ https://wiki.archlinux.org/index.php/Systemd/Services#truecrypt_volume_manager Best wishes and thanks for your help in advance, Jakob -- Digitally signed with PGP key 0x3D23016E
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
