[systemd-devel] Questions on setting up a Truecrypt volume management service

Jakob Hetzelein nasenatmer at posteo.de
Mon Oct 15 03:42:31 PDT 2012


Dear list,

since there don't seem to be many people around worrying about the
interaction between *Truecrypt and systemd*, I recently encountered the
problem of incorporating the mounting of my home directory neatly into
systemd's start up process. Since I use Arch, I mainly found information
on the respective¹ forums². Although this helped quite a lot, there are
still some questions open and I wanted to ask for some assistance here:

Which way would you recommend to use to mount an encrypted filesystem in
the boot process using systemd?

1. Instinctively, I'd go for *fstab*, but that didn't work out. The
fstab way described in the Arch wiki³ works with sysv, but not with
systemd: I presume this is due to StandarInput not being given to tty in
the mount scripts. Is that possible somehow? When using truecrypt, it is
paramount to be able to enter the password/keyfiles while mounting the
volume, thus StandardInput=tty(-force) might be necessary at some pount
in the .mount mechanism, but I don't know where.

2. The other way I'm using so far is by using a *truecrypt.service*. I
put my ideas into the arch wiki⁴ but think it's worth to reproduce them
here:

========================================================================
[Unit]
Description=Truecrypt volume manager
ConditionPathExists=!/home/MOUNTPOUNT
#Before=mpd.service

[Service]
Type=oneshot
StandardInput=tty-force
ExecStart=/usr/bin/truecrypt -t /dev/sdXY /home/
RemainAfterExit=yes
ExecStop=/usr/bin/truecrypt -t -d
TimeOutSec=5

[Install]
WantedBy=multi-user.target
========================================================================

Mounting works fine, about the unmounting I'm not so sure but according
to the logs it should be ok, too (there's not much in them except for a
few echos I put in the beginning and end of ExecStop (separated by ;)

But here, my questions are:

a) Do you consider this a sound service?
b) Should I change _WantedBy_ to _local-fs.target_ or any other target?
c) Should I insert an _After_ line?
d) As you can see, I use mpd and thus have included a
_Before=mpd.service_ line in order to let mpd wait for this service to
finish loading. I think that is fine and should also determine the
shutdown process to proceed in the reverse order, right?

¹ https://bbs.archlinux.org/viewtopic.php?id=142289
² https://bbs.archlinux.org/viewtopic.php?id=149269
³ https://wiki.archlinux.org/index.php/Truecrypt#Mount_volumes_via_fstabhttps://wiki.archlinux.org/index.php/Systemd/Services#truecrypt_volume_manager

Best wishes and thanks for your help in advance,

Jakob
-- 
Digitally signed with PGP key 0x3D23016E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20121015/56a80171/attachment.pgp>


More information about the systemd-devel mailing list