[systemd-devel] How to automatically decrypt a disk on connection
Orion Poplawski
orion at nwra.com
Wed Mar 27 18:49:02 UTC 2024
On 3/27/24 12:22, Andrei Borzenkov wrote:
> On 27.03.2024 20:56, Orion Poplawski wrote:
>> The only thing that's a bit funky with it is that it generates:
>>
>> Invalid unit name "clevis-luks-unlock@/dev/sda1.service" escaped as
>> "clevis-luks-unlock at -dev-sda1.service" (maybe you should use systemd-escape?).
>>
>> But I'm not sure how else to handle it.
>>
>> If I left it as ENV{SYSTEMD_WANTS}="clevis-luks-unlock@" I would get the
>> following instance:
>>
>> sys-devices-pci0000:00-0000:00:02.0-0000:05:00.0-0000:06:02.0-0000:08:00.0-usb9-9\x2d1-9\x2d1:1.0-host2-target2:0:0-2:0:0:0-block-sda-sda1
>>
>> which I can unescape with %f but not sure how to get that to the actual device
>> file.
>>
>> Any suggestions?
>>
>>
>
> Use $kernel in rule and /dev/%I in service.
Thank you, that works. udev monitor -p doesn't show the value of KERNEL so I
didn't see that as an option.
--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of IT Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3826 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240327/597551de/attachment.bin>
More information about the systemd-devel
mailing list