Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How to properly unmount LUKS during shutdown?

  1. #1

    Default How to properly unmount LUKS during shutdown?

    Hi, I have a LUKS-encrypted file to hold my passwords and such. Most other distributions seem to be able to unmount it cleanly during shutdown, but openSUSE only shows the “stop job running for” message indefinitely long—the counter is given additional time every time it reaches the previous value. There’s no problem if and when I remember to unmount the LUKS file manually before shutdown.

    What I need is a way to automatically unmount LUKS mount(s) during shutdown.

    First I tried a /etc/rc.d/halt.local script:

    Code:
    #!/usr/bin/zsh
    
    emulate -L zsh
    
    local mountpoint owner
    local -a mountpoints
    
    mountpoints=($(mount | grep /local/private | cut -d " " -f 3))
    for mountpoint in $mountpoints; do
        owner=${mountpoint:t}
        umount $mountpoint
        cryptsetup luksClose ${owner}privatefs
    fi
    (In zsh because that’s what I know best.) This accomplished nothing. I have no idea if it was even executed but the “stop job running for” counter run just as before.

    Next I tried to remodel a SystemD solution I found in the net for NFS mounts. I created a umount-luks.service file:

    Code:
    [Unit]
    After=network.target
    
    [Service]
    RemainAfterExit=yes
    ExecStart=/bin/true
    ExecStop=/usr/local/sbin/umount-privatefss
    
    [Install]
    WantedBy=multi-user.target
    (where /usr/local/sbin/umount-privatefss is the above script). Then I enabled and activated the service.

    Now I didn’t get the “stop job running for” counters, but neither did the computer shut down! It just froze there with a blinking cursor.

    Any ideas how to accomplish this?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,624
    Blog Entries
    3

    Default Re: How to properly unmount LUKS during shutdown?

    This should be happening automatically.

    I am not seeing a problem here.

    Is there some process running, that is keeping that file system busy?

    How is the file system being mounted? Here, I have a partition that I mount as "/shared". I have an entry for it in "/etc/crypttab" and an entry in "/etc/fstab". So it is automatically mounted during boot (and I'm prompted for the key). I never see problems with this partition during shutdown.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,143

    Default Re: How to properly unmount LUKS during shutdown?

    I concur with @nrickert that it is a better idea to try and find out what goes wrong here, then, without knowing the root cause, going for a self made solution, that may run into the same problem.

    Thus yes, provide information on how you let the system mount it as asked above.
    Henk van Velden

  4. #4

    Default Re: How to properly unmount LUKS during shutdown?

    Yeah, sorry, I actually first wrote that information down but then deleted it in order to be succinct

    To use the encrypted file, I use a script to mount it in /local/private/$USER. The whole of the script is as follows.

    Code:
    #!/usr/bin/zsh
    
    emulate -L zsh
    
    if [[ $EUID -ne 0 ]]; then
        print -- ${0:t}: Cannot do that without sudo 1>&2
        exit 1
    fi
    
    local d loopdev mountpoint privfile user
    
    user=$(who am i | cut -d " " -f 1)
    mountpoint=/local/private/$user
    for d in /home /ext; do
            [[ -f $d/$user/.privatefs ]] && privfile=$d/$user/.privatefs && break
    done
    [[ ! -d $mountpoint ]] && mkdir -p $mountpoint
    loopdev=$(losetup -f)
    
    losetup $loopdev $privfile
    if cryptsetup luksOpen $loopdev ${user}privatefs; then
        mount -t ext4 /dev/mapper/${user}privatefs $mountpoint
    else
        print -- ${0:t}: Could not open the file 1>&2
    fi


    I agree the unmounting SHOULD happen automatically, and it does so in every other distro I’ve used.

    The encrypted file contains only small text files, none of which is in use during logoff and shutdown—and even if they were, closing them should be a minor detail.


  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,624
    Blog Entries
    3

    Default Re: How to properly unmount LUKS during shutdown?

    I missed that this was an encrypted file, rather than an encrypted partition.

    I'll make a wild guess. The file system (or partition) containing that file is being unmounted before the attempt to unmount the loop-mounted file. That would cause the lockup that you are experiencing. Maybe some checking of logs will help you find out whether my guess is right. And then perhaps a bug report will be in order.

    This reminds me of when I had a problem in opensuse 13.2. I was using an NFS mount (with automount). And shutdown was stopping NetworkManager before it tried to unmount the NFS mount. That caused a similar lockup.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  6. #6

    Default Re: How to properly unmount LUKS during shutdown?

    Quote Originally Posted by nrickert View Post
    I'll make a wild guess. The file system (or partition) containing that file is being unmounted before the attempt to unmount the loop-mounted file. That would cause the lockup that you are experiencing. Maybe some checking of logs will help you find out whether my guess is right.
    Sounds reasonable. I’ve already tried checking logs but I’m not sure (a) what I should look for, and (b) whether there should be anything. I mean, when the system gives the “stop job running for” message it’s only yet expecting something, not encountered an error. And since the only thing I can do (AFAIK) is to force reboot (using the SysRq keys) or shutdown (by pressing the power button long enough), I don’t think a message ever gets a chance to be recorded.

    This reminds me of when I had a problem in opensuse 13.2. I was using an NFS mount (with automount). And shutdown was stopping NetworkManager before it tried to unmount the NFS mount. That caused a similar lockup.
    Exactly. And this is what happens in most other distros if I forget to unmount the NFS shares on a laptop before I take it with me on a travel. This openSUSE handles well: when put to sleep, the laptop automatically disconnects the shares.

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,282
    Blog Entries
    2

    Default Re: How to properly unmount LUKS during shutdown?

    IMO your problem has little to do with LUKS, it's simply how to automatically mount and unmount a loopback device.

    So,
    You should know that loopback devices are flexible and can be mounted/mounted many different ways, eg manually as you've done, the Desktop, GRUB, etc. and how you'd probably want to do it, by FSTAB.

    Although a quick Google search returns numerous hits, IMO probably the best is the TLDP

    Syntax in the following(replace the squashfs device type)
    http://tldp.org/HOWTO/SquashFS-HOWTO...gandusing.html

    4.2.1. Example 1
    Code:
    /var/arch.sqsh    /var/arch    squashfs    ro,defaults    0 0
    Here is the solution again but mounting an encrypted USB stick
    https://www.linuxquestions.org/quest...evices-245505/

    But,
    If I were asked, probably the simplest solution would be to create a LUKS encrypted partition using the Partitioner(YaST module) and write your file to the partition instead of on a loop device (unlees you have a reason to deploy a loop device instead).

    When you Google for answers, be aware that there are a number of hits that are suited for SysInitV systems which describe something like what you tried to do (write an init script) which may not work in a systemd system nowadays.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #8

    Default Re: How to properly unmount LUKS during shutdown?

    Quote Originally Posted by tsu2 View Post
    IMO your problem has little to do with LUKS, it's simply how to automatically mount and unmount a loopback device.
    I guess you are correct. It was just that I encountered this problem with LUKS and tended to identify it with that.

    You should know that loopback devices are flexible and can be mounted/mounted many different ways, eg manually as you've done, the Desktop, GRUB, etc. and how you'd probably want to do it, by FSTAB.
    This much I knew, but I thought I had reasons to do it my way. (Firstly, I wanted to mount the LUKS volume only when needed. Secondly, I had an idea to make it so that if I were to have multiple usernames on the same computer, each one could mount his own LUKS volume. And so on. Mostly bogus anyway, because I’m the sole user of my computers and only want ONE encrypted place to store my secrets.)

    Syntax in the following(replace the squashfs device type)
    http://tldp.org/HOWTO/SquashFS-HOWTO...gandusing.html
    Thanks, I’ll try this one first!

    If I were asked, probably the simplest solution would be to create a LUKS encrypted partition using the Partitioner(YaST module) and write your file to the partition instead of on a loop device (unlees you have a reason to deploy a loop device instead).
    Well, yes and no. I did have a partition once but it began to seem waste of space since I had so little to store on it. Currently, the encrypted file is 4 GB of size; I even tried 650 MB in order to back it up on a CD but that was too little. As I said, mostly it consists of website passwords and such.

  9. #9

    Default Re: How to properly unmount LUKS during shutdown?

    Quote Originally Posted by SuperOscar View Post
    Thanks, I’ll try this one first!
    Well, maybe that wasn’t the solution after all. The whole thing begins with creating a new squashfs filesystem—but I already have an ext4 filesystem in the file! And then, I didn’t see one example where the new filesystem would be read/write as needed.

    I tried creating an /etc/fstab entry for the file, but of course that doesn’t work: even if the file when decrypted has an ext4 filesystem, the encrypted file doesn’t. So it’s a three-step losetup–cryptsetup–mount process (as evidenced for example by this).

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,624
    Blog Entries
    3

    Default Re: How to properly unmount LUKS during shutdown?

    Quote Originally Posted by SuperOscar View Post
    Well, yes and no. I did have a partition once but it began to seem waste of space since I had so little to store on it. Currently, the encrypted file is 4 GB of size; I even tried 650 MB in order to back it up on a CD but that was too little. As I said, mostly it consists of website passwords and such.
    In all honesty, you should set up an "ecryptfs" private directory. That will work far better for what you are trying to do.

    Install "ecryptfs-utils".

    As root, run:
    Code:
    pam-config -a --ecryptfs
    (that shouldn't be needed, but I find that I have to do it. You only need to do that once).

    Create your private directory with:
    Code:
    ecryptfs-setup-private
    You run that as yourself. It will ask for your login password, which is used as the encryption key.
    Before running that, perhaps run, as root:
    Code:
    modprobe ecryptfs
    That also shouldn't be needed, but I found that I needed it before setup. It is never needed again.

    After that, you will have a directory named "Private" in your home directory. And everything in there is really encrypted, though you will see it in unencrypted form. The actual encrypted data will be in $HOME/.Private. That is mounted at $HOME/Private on login, using your login password as key. (If you use auto-login that won't work and you will have to manually "ecryptfs-mount-private"). You do not need to pre-allocate space for a container.

    The downside -- some distros don't support it. However, Ubuntu, Fedora and Debian do support it.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •