Merge pull request #174 from Olf0/master

Commits for v1.5.0
Olf0 · Mar 20, 2021 · f0b855d · f0b855d
2 parents 883cd46 + d3f92ea
commit f0b855d
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 9 deletions.
diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec
@@ -1,6 +1,6 @@
 Name:          crypto-sdcard
 Summary:       Configuration files for unlocking and mounting encrypted SD-cards automatically
-Version:       1.4.3
+Version:       1.5.0
 # Since v1.3.1, the release version consists of two or three fields, separated by a dot ("."):
 # - The first field must contain a natural number greater than zero.
 #   This number may be prefixed by one of {alpha,beta,stable}, e.g. "alpha13".

diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=Open DM-Crypt LUKS on SD-card %I
+Description=Open %I per cryptsetup
 Documentation=https://github.com/Olf0/crypto-sdcard
 DefaultDependencies=no
 After=sysinit.target dev-%i.device
@@ -13,9 +13,24 @@ AssertFileNotEmpty=/etc/crypto-sdcard/%I.key
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-# For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS:
+# For devices, which need the qcrypto kernel module loaded to support modern cryptographic
+# schemes as e.g. XTS:
 # ExecStartPre=/sbin/modprobe qcrypto
-# For various reasons (dependency on udisks2, allow discards etc.), do not use "udisksctl unlock --key-file", call cryptsetup directly:
+# For various reasons (avoid (temporal) dependency on udisks2, allow for discards etc.), do
+# not use "udisksctl unlock --key-file", instead call cryptsetup directly:
 ExecStart=/usr/sbin/cryptsetup --allow-discards -d /etc/crypto-sdcard/%I.key luksOpen /dev/%I %I
+# "udisksctl mount" (in mount-cryptosd-luks@.service) sometimes fails when issued right after
+# "udisksd" (per "udisks2.service") has finished starting, because the udisks object for this
+# unlocked device has not been created yet.
+# Hence one might give udisksd a second to recognise the fresh device, before starting units
+# dependent on this unit instance and "udisks2.service" / "udisksd".  Side note: Letting
+# dependent units sleep for a second by an "ExecStartPre=/bin/sleep 1" in them would
+# unnecessarily waste this second most of the time; that is avoided this way.
+# Note that using ExecStartPost= for this is futile (as irrelevant for dependencies, see
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= ), but (only)
+# units of the Type=oneshot may use multiple ExecStart= lines and / or commands.  Side note:
+# For non-oneshot units a solution is to move the ExecStart= command to ExecStartPre= (that
+# is functionally equivalent!) and ...
+ExecStart=/bin/sleep 1
 ExecStop=/usr/sbin/cryptsetup close %I
 
diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=Open DM-Crypt "plain" on SD-card %I
+Description=Open %I per cryptsetup
 Documentation=https://github.com/Olf0/crypto-sdcard
 DefaultDependencies=no
 After=sysinit.target dev-%i.device
@@ -13,9 +13,27 @@ AssertFileNotEmpty=/etc/crypto-sdcard/%I.key
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-StandardInput=file:/etc/crypto-sdcard/%I.key 
-# For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS:
+# For devices, which need the qcrypto kernel module loaded to support modern cryptographic
+# schemes as e.g. XTS:
 # ExecStartPre=/sbin/modprobe qcrypto
+# With workaround for https://github.com/systemd/systemd/issues/14560 :
+StandardInput=file:/etc/crypto-sdcard/%I.key
+StandardOutput=journal
+# "udisksctl unlock --key-file" does only work with LUKS "containers", not with "plain" ones,
+# thus call cryptsetup directly:
 ExecStart=/usr/sbin/cryptsetup -d - -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I
+# "udisksctl mount" (in mount-cryptosd-luks@.service) sometimes fails when issued right after
+# this unit (instance) and "udisksd" (per "udisks2.service") have finished starting, because
+# the udisks object for this unlocked device has not been created yet.
+# Hence one might give udisksd a second to recognise the fresh device, before starting units
+# dependent on this unit instance and "udisks2.service" / "udisksd".  Side note: Letting
+# dependent units sleep for a second by an "ExecStartPre=/bin/sleep 1" in them would
+# unnecessarily waste this second most of the time; that is avoided this way.
+# Note that using ExecStartPost= for this is futile (as irrelevant for dependencies, see
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= ), but (only)
+# units of the Type=oneshot may use multiple ExecStart= lines and / or commands.  Side note:
+# For non-oneshot units a solution is to move the ExecStart= command to ExecStartPre= (that
+# is functionally equivalent!) and ...
+ExecStart=/bin/sleep 1
 ExecStop=/usr/sbin/cryptsetup close %I
 
diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=Mount LUKS encrypted SD-card (%I) with udisks
+Description=Mount %I per udisks
 Documentation=https://github.com/Olf0/crypto-sdcard
 After=udisks2.service cryptosd-luks@%i.service dev-mapper-%i.device start-user-session.service
 Requisite=dev-mapper-%i.device

diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service
@@ -1,5 +1,5 @@
 [Unit]
-Description=Mount "plain" encrypted SD-card (%I) with udisks
+Description=Mount %I per udisks
 Documentation=https://github.com/Olf0/crypto-sdcard
 After=udisks2.service cryptosd-plain@%i.service dev-mapper-%i.device start-user-session.service
 Requisite=dev-mapper-%i.device