You are not logged in.

#1 2012-05-29 00:13:50

king.flasher.dave
Member
From: Berlin
Registered: 2008-11-25
Posts: 140
Website

systemd: truecrypt -d on shutdown, etc.

Hey there,

I need a little help with a service file I want to use for unmounting truecrypt containers and devices on shutdown, poweroff & reboot. This is how I got so far:

[Unit]
Description=Truecrypt unmount on shutdown, poweroff, reboot, system halt
Before=shutdown.target systemd-modules-load.service

[Service]
Type=oneshot
ConditionPathExists=/media/truecrypt*
ExecStart=/usr/bin/truecrypt -d
TimeoutSec=5
StandardInput=tty
RemainAfterExit=yes

[Install]
#WantedBy=shutdown.target reboot.target halt.target poweroff.target
RequiredBy=shutdown.target reboot.target halt.target poweroff.target

systemd always ends up complaining about trying to detach (and failing) loopback devices (the ones needed for the containers) before the poweroff. That's why I added Before=systemd-modules-load.service
Also tried with Before=umount.target and Before=shutdown.target and whatnot.

If I add it to /etc/rc.local.shutdown (like suggested in the wiki) and use rc-local-shutdown.service it's also complaining. I think the system is going down too fast for truecrypt to unmount properly.

One culprit might be:
Some container files that are mounted reside on /media/Data, which gets unmounted, too (maybe too early?)

Is there any way of giving truecrypt the time needed to unmount and then unmount /media/Data, then unmount /media and then remove the loop module?

I've been trying several methods now, but all don't seem to succeed and I'm really not sure if the devices get unmounted the right way/at all (which can get very nasty with open files, and is absolutely no fun, when some program settings rely on it). Judging from the journal, they don't and unmount just gets killed after a while sad

Any help will be highly appreciated! smile


Speak when you are angry and you will make the best speech you'll ever regret.

Offline

#2 2012-09-19 07:00:35

tladuke
Member
Registered: 2009-07-23
Posts: 176

Re: systemd: truecrypt -d on shutdown, etc.

did you get it to work?
It seems like systemd automatically unmounts the partitions (but not the truecrypt -d part) without adding an extra script at all and so far my volume hasn't been corrupted

here's what i put together based on your script and some internetting and some debugging

[Unit]
Description=Truecrypt unmount on shutdown, poweroff, reboot, system halt
Before=local-fs-pre.target 
ConditionPathExistsGlob=/media/truecrypt*
DefaultDependencies=no

[Service]
Type=oneshot
ExecStart=/usr/bin/truecrypt -d
TimeoutSec=5
StandardInput=tty

[Install]
WantedBy=shutdown.target reboot.target halt.target poweroff.target

actually, now i can't tell if it's doing anything or not.

Offline

#3 2012-10-14 20:05:42

jakob
Member
From: Berlin
Registered: 2005-10-27
Posts: 419

Re: systemd: truecrypt -d on shutdown, etc.

Hey there, I'm currently also tinkering around a lot with systemd & truecrypt, mainlye here and in the wiki and wanted to ask whether you guys have come to any new conclusions regarding this?

For instance, how do you mount your truecrypt partitions?

When using this service for reboot etc, I encounter my system fscking root at every boot, so sth isn't going correctly there…

Additionally, it should be possible (and actually be quite sensible) to integrate mount & unmount into one service file. Maybe I'll get there today…

Offline

#4 2012-10-15 10:06:32

king.flasher.dave
Member
From: Berlin
Registered: 2008-11-25
Posts: 140
Website

Re: systemd: truecrypt -d on shutdown, etc.

@tladuke: That's where I have been already, but it didn't work.

@jakob: I don't think it is working yet over here. I've come to let it go for a while. This constant rebooting drove me crazy.
I'm mounting my partitions based on device IDs. Unmounting is a big problem because systemd doesn't seem to wait for it.

IMHO the before line has to be modded correctly, but it's really hard to find out where exactly to place the unmount operation.

Last edited by king.flasher.dave (2012-10-15 10:11:00)


Speak when you are angry and you will make the best speech you'll ever regret.

Offline

#5 2012-10-15 11:05:17

jakob
Member
From: Berlin
Registered: 2005-10-27
Posts: 419

Re: systemd: truecrypt -d on shutdown, etc.

I think at least that the unmounting works (I put ExecStop=/usr/bin/echo "start unmounting" ; /usr/bin/truecrypt -d ; /usr/bin/echo "unmounting done" and got both echos into the journal…)

However, I posted this to systemd mailinglist, so we'll see what they have to say about it…

Best, Jakob

Offline

#6 2012-10-15 11:06:45

Tes--
Member
Registered: 2009-11-13
Posts: 43

Re: systemd: truecrypt -d on shutdown, etc.

I don't use Truecrypt, but I would assume the correct place would be to use ExecStop in the same service file that mounts them.

Offline

#7 2012-10-15 11:09:38

jakob
Member
From: Berlin
Registered: 2005-10-27
Posts: 419

Re: systemd: truecrypt -d on shutdown, etc.

Tes-- wrote:

I don't use Truecrypt, but I would assume the correct place would be to use ExecStop in the same service file that mounts them.

Yeah, I tried to do sth like that here:

[Unit]
Description=Truecrypt volume manager
ConditionPathExists=!/home/MOUNTPOUNT
#Before=mpd.service

[Service]
Type=oneshot
StandardInput=tty-force
ExecStart=/usr/bin/truecrypt -t /dev/sdXY /home/
RemainAfterExit=yes
ExecStop=/usr/bin/truecrypt -t -d
TimeOutSec=5

[Install]
WantedBy=multi-user.target

Offline

#8 2012-10-15 11:49:24

king.flasher.dave
Member
From: Berlin
Registered: 2008-11-25
Posts: 140
Website

Re: systemd: truecrypt -d on shutdown, etc.

Hmm, it would be nice to be able to unmount ALL devices, despite how many have been mounted.
Using 'truecrypt -d' without a mount point will unmount all mounted devices. I intended to use the service file for shutdown/restart only.
I want it to be generally usable to dismount everything, even if the device/container was not mounted by a service file, but by a user.
I agree that checking for certain mount points (with ConditionPathExists) is pretty nice, but it might not be enough.


Speak when you are angry and you will make the best speech you'll ever regret.

Offline

#9 2012-10-15 12:02:01

jakob
Member
From: Berlin
Registered: 2005-10-27
Posts: 419

Re: systemd: truecrypt -d on shutdown, etc.

king.flasher.dave wrote:

Hmm, it would be nice to be able to unmount ALL devices, despite how many have been mounted.
Using 'truecrypt -d' without a mount point will unmount all mounted devices. I intended to use the service file for shutdown/restart only.
I want it to be generally usable to dismount everything, even if the device/container was not mounted by a service file, but by a user.

Maybe with this you could try if the unmount works properly:

[Unit]
Description=Truecrypt unmount on shutdown, poweroff, reboot, system halt
Before=local-fs-pre.target
ConditionPathExistsGlob=/media/truecrypt*
DefaultDependencies=no

[Service]
Type=oneshot
ExecStart=/usr/bin/echo "unmounting tc volumes… " ; /usr/bin/truecrypt -v -d ; /usr/bin/echo "unmounting tc vols done"
TimeoutSec=5
StandardOutput=journal+console

[Install]
WantedBy=shutdown.target reboot.target halt.target poweroff.target

truecrypt is set to verbose, the echos tell you when it's done and stdout is set to journal+console.

Offline

#10 2012-10-15 12:24:28

king.flasher.dave
Member
From: Berlin
Registered: 2008-11-25
Posts: 140
Website

Re: systemd: truecrypt -d on shutdown, etc.

@jakob: will do when I get back home! Thanks!


Speak when you are angry and you will make the best speech you'll ever regret.

Offline

#11 2012-10-16 08:51:23

king.flasher.dave
Member
From: Berlin
Registered: 2008-11-25
Posts: 140
Website

Re: systemd: truecrypt -d on shutdown, etc.

okay, pretty nice!
But I'd like it to happen AFTER SIGTERM, because there might be processes still using the containers/devices. How can that be accomplished?


Speak when you are angry and you will make the best speech you'll ever regret.

Offline

#12 2012-10-16 13:01:53

jakob
Member
From: Berlin
Registered: 2005-10-27
Posts: 419

Re: systemd: truecrypt -d on shutdown, etc.

king.flasher.dave wrote:

okay, pretty nice!
But I'd like it to happen AFTER SIGTERM, because there might be processes still using the containers/devices. How can that be accomplished?

Ok. I don't know what exactly what you mean by SIGTERM (can't find that in my journalctl logs), but I presume you simply mean it to unmount after mpd/any-other-service has been stopped?

The answers I got on the mailing list were hard to understand for me in the first place, but at least I now figured out a new way of doing the (un)mounting of tc volumes with an advantage:

As Matthew pointed out, it may be sensible to use truecrypt for the mapping (to /dev/mapper/truecrypt1) only and let the mounting be done via fstab (thus, fsck's should be more easily possible) via this service & a corresponding entry in fstab:

[Unit]
Description=Truecrypt Setup for /dev/sda4
DefaultDependencies=no
Conflicts=umount.target
Before=umount.target
Before=cryptsetup.target
After=systemd-readahead-collect.service systemd-readahead-replay.service
BindsTo=dev-mapper-truecrypt1.device

[Service]
RemainAfterExit=yes
StandardInput=tty-force
ExecStart=/usr/bin/truecrypt --filesystem=none --slot=1 /dev/sda4
ExecStop=/usr/bin/truecrypt --filesystem=none -d /dev/sda4

[Install]
WantedBy=cryptsetup.target

/etc/fstab:

/dev/mapper/truecrypt1       /home       ext4      defaults    0    0

But I think this still means that /home ts unmounted before mpd is shutdown, which I don't understand. OTOH, mpd continues playing the song it was interrupted during shutdown correctly after the reboot… weird

Offline

#13 2012-10-25 22:59:20

king.flasher.dave
Member
From: Berlin
Registered: 2008-11-25
Posts: 140
Website

Re: systemd: truecrypt -d on shutdown, etc.

hmm, wow now. This can end up pretty ugly if the processes using the containers don't get killed beforehand.
I've just had to redownload all my settings for several programs because of this (and this is not the first time).
Systemd must wait for all the programs to be killed and ONLY AFTER that unmount the containers/devices. The way it works now, it will check if they're there and unmount them whatever happens. This can lead to really ugly ugly results.
My containers use FAT (I know this is ugly too.. but I've tried to keep the settings cross-platform). Will have to see if the mounting via fstab works... but this will lead to ugly overhead when booting and I have those containers in my dropbox...
Yay, more complication.


Speak when you are angry and you will make the best speech you'll ever regret.

Offline

#14 2012-10-25 23:30:33

jakob
Member
From: Berlin
Registered: 2005-10-27
Posts: 419

Re: systemd: truecrypt -d on shutdown, etc.

king.flasher.dave wrote:

hmm, wow now. This can end up pretty ugly if the processes using the containers don't get killed beforehand.
I've just had to redownload all my settings for several programs because of this (and this is not the first time).
Systemd must wait for all the programs to be killed and ONLY AFTER that unmount the containers/devices. The way it works now, it will check if they're there and unmount them whatever happens. This can lead to really ugly ugly results.
My containers use FAT (I know this is ugly too.. but I've tried to keep the settings cross-platform). Will have to see if the mounting via fstab works... but this will lead to ugly overhead when booting and I have those containers in my dropbox...
Yay, more complication.

Shit that sounds really nasty! Which exact setup do you use right now? Doesn't sound like the latest proposal I put up here? I think with the fstab method systemd should do exactly what you want: waiting for all accesses to the mounted fs to be finished before unmounting them… I don't think that using FAT should be considered ugly in a way, apart from being not so native to linux…think using any other fs wouldn't yield a big advantage in this case…

Best, Jakob

Offline

#15 2013-01-04 22:41:22

leniviy
Member
Registered: 2009-05-23
Posts: 177

Re: systemd: truecrypt -d on shutdown, etc.

The wiki now suggests creating this service as

/etc/systemd/system/multi-user/truecrypt-unmount.service

but I can't enable it:

# vim /etc/systemd/system/multi-user/truecrypt-unmount.service
# systemctl enable truecrypt-unmount.service
Failed to issue method call: No such file or directory

Only if I place it to the parent dir, it succeeds. Why?


Arch 64, xfce4

Offline

Board footer

Powered by FluxBB