systemd, /etc/crypttab, SDB:Encrypted_filesystems, ...

I just upgraded to 12.3, and I learned, that /etc/init.d/boot.crypt isn’t the right way to mount my encrypted file systems any more.

I came across the SDB article on Encrypted_filesystems then:

https://en.opensuse.org/SDB:Encrypted_filesystems#systemd_support

And as that didn’t seem to fit 100% any more as well, I dared to split the section on “systemd support” into pre- and post-12.3.
12.3 may actually not quite be the right figure, and maybe I also got a few things wrong as well, but the way I described post-12.3 is how it works for me right now.

Does anybody want to shed some light on the topic?
I also felt intrigued to contact User:Lnussel to get him to review my update, but I doubted, that writing into his Discussion page would be the right way.

Cheers,
JH

12.3 part looks wrong to me. Did you actually test it? Could you show protocol of command execution that demonstrates it?

Does anybody want to shed some light on the topic?

Do you have any specific question? Recently it was discussed pretty thorough here, including extensive command examples.

On 2013-05-29 13:06, Jochen Hayek wrote:
>
> I just upgraded to 12.3, and I learned, that /etc/init.d/boot.crypt
> isn’t the right way to mount my encrypted file systems any more.

Have a look at this thread:

Managing encrypted partitions with systemd?

in this same forum. We talked about the differences, precisely :wink:

> I came across the SDB article on Encrypted_filesystems then:
>
> https://en.opensuse.org/SDB:Encrypted_filesystems#systemd_support
>
> And as that didn’t seem to fit 100% any more as well, I dared to split
> the section on “systemd support” into pre- and post-12.3.
> 12.3 may actually not quite be the right figure, and maybe I also got a
> few things wrong as well, but the way I described post-12.3 is how it
> works for me right now.

If you want comments on the wiki, there is a wiki subforum here, and
also a mail list. You may need to ping someone so that your
modifications are accepted and visible to all.

> Does anybody want to shed some light on the topic?
> I also felt intrigued to contact User:Lnussel to get him to review my
> update, but I doubted, that writing into his Discussion page would be
> the right way.

Well, it is valid way, IMHO. Anybody that has defined a “watch” on the
page would notice.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

But it works like that, and robin_listas agreed to it.

Sure! Would be silly on my side to present something, that doesn’t work.

Sure!

(No idea, why my code gets split in two.)

(2013-05-29 12:39:43) root@HY # systemctl start /media/BUFFALO_External_HDD_000014162CFE-part1


Please enter passphrase for disk External_HDD (cr--usb-BUFFALO_External_HDD_000014162CFE-0:0-part1) on /media/BUFFALO_External_HDD_000014162CFE-part1! ***********************************************

(2013-05-29 17:27:24) root@HY # systemctl status /media/BUFFALO_External_HDD_000014162CFE-part1
media-BUFFALO_External_HDD_000014162CFE\x2dpart1.mount - /media/BUFFALO_External_HDD_000014162CFE-part1
      Loaded: loaded (/etc/fstab)
      Active: active (mounted) since Wed, 2013-05-29 17:27:24 CEST; 9s ago
       Where: /media/BUFFALO_External_HDD_000014162CFE-part1
        What: /dev/mapper/cr--usb-BUFFALO_External_HDD_000014162CFE-0:0-part1
     Process: 1987 ExecUnmount=/bin/umount /media/BUFFALO_External_HDD_000014162CFE-part1 (code=exited, status=0/SUCCESS)
     Process: 2017 ExecMount=/bin/mount /dev/mapper/cr--usb-BUFFALO_External_HDD_000014162CFE-0:0-part1 /media/BUFFALO_External_HDD_000014162CFE-part1 -t ext3 -o acl,user_xattr,noauto (code=exited, status=0/SUCCESS)
      CGroup: name=systemd:/system/media-BUFFALO_External_HDD_000014162CFE\x2dpart1.mount


May 29 17:27:24 HY.site systemd[1]: Mounted /media/BUFFALO_External_HDD_000014162CFE-part1.
(2013-05-29 17:27:33) root@HY # systemctl stop /media/BUFFALO_External_HDD_000014162CFE-part1

  • Is there any document, that shows, how to use "systemctl start|status|stop
    " on encrypted filesystems resp. their mountpoints? - Did the changes to “how to use systemctl …” get posted in release notes or so?
  • Do other distributions deal with it similarly?

True, I noticed that (link).

Thank you for your attention!

Cheers,
JH

Ah, OK, I missed this heuristic.

(2013-05-29 17:27:33) root@HY # systemctl stop /media/BUFFALO_External_HDD_000014162CFE-part1

Does it also stop encrypted container?

  • Is there any document, that shows, how to use "systemctl start|status|stop
    " on encrypted filesystems resp. their mountpoints? > - Did the changes to “how to use systemctl …” get posted in release notes or so?
  • Do other distributions deal with it similarly?

Sorry, that I cannot answer.

On 2013-05-29 18:06, Jochen Hayek wrote:

> arvidjaar;2561049 Wrote:
>> Could you show protocol of command execution that demonstrates it?
> Sure!
>
> (No idea, why my code gets split in two.)

Can’t say, I do not use the web interface, because there is a
possibility of problems.

>
> Code:
> --------------------
> (2013-05-29 12:39:43) root@HY # systemctl start /media/BUFFALO_External_HDD_000014162CFE-part1
> --------------------

Huh.

Are you actually mounting manually something in /media? Don’t do that,
use /mnt instead. Leave /media to automatics.

> - Is there any document, that shows, how to use “-systemctl
> start|status|stop-” on encrypted filesystems resp. their mountpoints?

Not to my knowledge, that’s why I started that thread here, that I
pointed you to.

> - Did the changes to “how to use systemctl …” get posted in release
> notes or so?

Nope. Check for yourself:


> https://www.suse.com/releasenotes/i386/openSUSE/12.3/RELEASE-NOTES.en.html


> - Do other distributions deal with it similarly?

I’ve no idea. I hope so, all of them that use systemd at least.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)