unlocking encfs during boot (Re: systemd now appears to be only possible init system in testing)
Cameron Norman
camerontnorman at gmail.com
Mon Jul 28 17:20:06 BST 2014
El lun, 28 de jul 2014 a las 8:21 , Michael Biebl <biebl at debian.org>
escribió:
> Am 28.07.2014 16:53, schrieb Michael Biebl:
>> ------8<-----------
>> [Unit]
>> Description=Unlock EncFS
>> DefaultDependencies=no
>> After=local-fs.target
>> Before=display-manager.service getty at tty1.service
>>
>> [Service]
>> Type=oneshot
>> RemainAfterExit=true
>> Environment=RootDir=/home/.encfs/crypt
>> Environment=MountPoint=/home/crypt
>> ExecStart=/bin/sh -c "systemd-ask-password --no-tty --timeout=30
>> 'Unlock
>> EncFS' | encfs --stdinpass $RootDir $MountPoint"
>> ExecStop=/bin/umount $MountPoint
>>
>> [Install]
>> WantedBy=sysinit.target
>> ------>8-----------
>
>
> To show you some additional cool systemd features, I'm going a step
> further and make this unit file a completely generic template unit, so
> it can easily be re-used, say if you have multiple encfs file systems
> to
> unlock and you don't want to copy that file over and over again.
>
> Only 3 small modifications are necessary:
> - Rename the file unlock at .service
> - Update Description: Description=Unlock %I EncFS
> - Use EnvironmentFile=/etc/encfs/%I
>
> The %I is the instance name specfier and denotes the part between
> unlock@<instance name>.service. See man systemd.unit(5)
>
> The resulting template unit looks like this and is completely generic:
>
> ------8<-----------
> [Unit]
> Description=Unlock %I EncFS
> DefaultDependencies=no
> After=local-fs.target
> Before=display-manager.service getty at tty1.service
>
> [Service]
> Type=oneshot
> RemainAfterExit=true
> EnvironmentFile=/etc/encfs/%I
> ExecStart=/bin/sh -c "systemd-ask-password --no-tty --timeout=30
> 'Unlock
> EncFS' | encfs --stdinpass $RootDir $MountPoint"
> ExecStop=/bin/umount $MountPoint
>
> [Install]
> WantedBy=sysinit.target
> ------>8-----------
>
> So how do we create a new encfs unit now?
>
> - mkdir /etc/encfs/
> - echo -e "RootDir=/home/.encfs/crypt/\nMountPoint=/home/crypt" >
> /etc/encfs/home
> - systemctl enable unlock at home.service
> Note how the file name and the instance name match.
Maybe you could use BindsTo=/etc/encfs/%I.path (I think that would
work, right?) so that you do not have to explicitly enable it. Although
that would cause the MTPT to be unmounted if the file is deleted
(unless the ExecStop= is removed)... Anyway, pretty cool.
Thanks for sharing,
--
Cameron Norman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20140728/c899aae6/attachment-0002.html>
More information about the Pkg-systemd-maintainers
mailing list