From eea6165ae31ea8cc5da4cc88ec4e4b8d52a6b819 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 03:16:29 +0200 Subject: [PATCH 01/29] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index d4d9e848..3d080569 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -10,7 +10,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfosABCregular +Release: 4.sfos321regular Group: System/Base Distribution: SailfishOS Vendor: olf @@ -30,7 +30,7 @@ Requires: polkit Requires: udisks2 >= 2.8.1+git5-1.12.1.jolla # Better use direct dependencies than indirect ones (here: the line above versus the one below), but # ultimately decided to use both in this case: -Requires: sailfish-version >= 3.4.0 +Requires: sailfish-version >= 3.2.1 # Omit anti-dependency on future, untested SFOS versions, until a known conflict exists: Requires: sailfish-version < 3.4.0 Requires: cryptsetup >= 1.4.0 From 378de673ead25bdbc6e64b1f243f59120df91f47 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 03:22:32 +0200 Subject: [PATCH 02/29] No /usr before SFOS340 --- udev/rules.d/96-cryptosd.rules | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules index 4e7273cf..da5a1412 100644 --- a/udev/rules.d/96-cryptosd.rules +++ b/udev/rules.d/96-cryptosd.rules @@ -1,14 +1,14 @@ # For DM-Crypt LUKS, match sda0 to mmcblk1 to both SUBSYSTEM=="block" and ENV{ID_FS_TYPE}=="crypto_LUKS" -KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", PROGRAM=="/usr/bin/systemd-escape crypto_luks_%E{ID_FS_UUID}", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-luks@%c.service", ENV{SYSTEMD_USER_WANTS}="" +KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", PROGRAM=="/bin/systemd-escape crypto_luks_%E{ID_FS_UUID}", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-luks@%c.service", ENV{SYSTEMD_USER_WANTS}="" # For DM-Crypt "plain", also match sda0 to mmcblk1 to SUBSYSTEM=="block", but ensure (by ENV{ID_*}!= statements) that it appears to be unused space # Two rules, one for partitions and a tighter one for whole disks: -KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", PROGRAM=="/usr/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}="" -KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", PROGRAM=="/usr/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}="" +KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", PROGRAM=="/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}="" +KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", PROGRAM=="/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}="" # Carefully match resulting virtual node dm-* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details -KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/usr/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-luks@%c.service" +KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-luks@%c.service" # Ditto for DM-Crypt "plain": -KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/usr/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-plain@%c.service" +KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-plain@%c.service" From 7e5f6691eea2a4f1e7551d3716037d6e13b6c4a4 Mon Sep 17 00:00:00 2001 From: olf Date: Tue, 27 Oct 2020 01:32:38 +0100 Subject: [PATCH 03/29] Post release release version increase --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 7f6de952..e292fbb9 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -11,7 +11,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 4.sfos321regular +Release: 5.sfos321regular Group: System/Base Distribution: SailfishOS Vendor: olf From 71fa3664f662c56615bf0727f02398f339130683 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 28 Oct 2020 02:28:48 +0100 Subject: [PATCH 04/29] Reset release version to 1 after version increase. --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index cecb3e02..f6d0c325 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -11,7 +11,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 5.sfos321regular +Release: 1.sfos321regular Group: System/Base Distribution: SailfishOS Vendor: olf From 079510c391b14c5ac919b6375ffcbf0c9147b88b Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 14:42:14 +0100 Subject: [PATCH 05/29] Prepare sfos220 branch --- systemd/system/mount-cryptosd-luks@.service | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service index 66b9b4ad..bbc6e97c 100644 --- a/systemd/system/mount-cryptosd-luks@.service +++ b/systemd/system/mount-cryptosd-luks@.service @@ -1,7 +1,7 @@ [Unit] Description=Mount LUKS encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard -After=udisks2.service cryptosd-luks@%i.service cryptsetup.target dev-mapper-%i.device start-user-session.service +After=udisks2.service cryptosd-luks@%i.service cryptsetup.target dev-mapper-%i.device BindsTo=cryptsetup.target dev-mapper-%i.device Requires=udisks2.service cryptosd-luks@%i.service # Allow for rescue.target and conflict with umount.target (see @@ -15,16 +15,17 @@ Conflicts=umount.target actdead.target factory-test.target Before=alien-service-manager.service [Service] +User=nemo Type=oneshot RemainAfterExit=yes # "udisksctl mount" (below) sometimes fails when issued right after # "udisksd" (per "udisks2.service") has finished starting, as the # udisks object for an encrypted partition has not been created yet. # Hence one might give udisksd a second to settle: -# ExecStartPre=/bin/sleep 1 +ExecStartPre=/bin/sleep 1 EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf -ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I +ExecStart=/usr/bin/udisksctl mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I ExecStopPost=/bin/umount -vrq /dev/%I From 12e2998d5dab5446d1e62a752d3f85517640ef7d Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 14:44:31 +0100 Subject: [PATCH 06/29] Prepare sfos220 branch --- systemd/system/mount-cryptosd-plain@.service | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service index 7a023384..d0711b9a 100644 --- a/systemd/system/mount-cryptosd-plain@.service +++ b/systemd/system/mount-cryptosd-plain@.service @@ -1,7 +1,7 @@ [Unit] Description=Mount "plain" encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard -After=udisks2.service cryptosd-plain@%i.service cryptsetup.target dev-mapper-%i.device start-user-session.service +After=udisks2.service cryptosd-plain@%i.service cryptsetup.target dev-mapper-%i.device BindsTo=cryptsetup.target dev-mapper-%i.device Requires=udisks2.service cryptosd-plain@%i.service # Allow for rescue.target and conflict with umount.target (see @@ -15,16 +15,17 @@ Conflicts=umount.target actdead.target factory-test.target Before=alien-service-manager.service [Service] +User=nemo Type=oneshot RemainAfterExit=yes # "udisksctl mount" (below) sometimes fails when issued right after # "udisksd" (per "udisks2.service") has finished starting, as the # udisks object for an encrypted partition has not been created yet. # Hence one might give udisksd a second to settle: -# ExecStartPre=/bin/sleep 1 +ExecStartPre=/bin/sleep 1 EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf -ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I +ExecStart=/usr/bin/udisksctl mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I ExecStopPost=/bin/umount -vrq /dev/%I From de3be70793ba8d6c24c2d2ce514b02eb7ed1ab48 Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 14:50:53 +0100 Subject: [PATCH 07/29] Prepare sfos220 branch --- rpm/crypto-sdcard.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index f4ebcabb..16b1ad2f 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -11,7 +11,7 @@ Version: 1.4.0 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfos321regular +Release: 1.sfos220regular Group: System/Base Distribution: SailfishOS Vendor: olf @@ -28,12 +28,12 @@ Source: https://github.com/Olf0/%{name}/archive/%{version}-%{release}/%{n BuildArch: noarch Requires: systemd Requires: polkit -Requires: udisks2 >= 2.8.1+git5-1.12.1.jolla +Requires: udisks2 # Better use direct dependencies than indirect ones (here: the line above versus the one below), but # ultimately decided to use both in this case: -Requires: sailfish-version >= 3.2.1 +Requires: sailfish-version >= 2.2.0 # Omit anti-dependency on future, untested SFOS versions, until a known conflict exists: -Requires: sailfish-version < 3.4.0 +Requires: sailfish-version < 3.2.1 Requires: cryptsetup >= 1.4.0 # Necessary counter-dependency to https://github.com/Olf0/crypto-sdcard/blob/qcrypto/rpm/crypto-sdcard.spec#L40 Conflicts: kernel-adaptation-sbj From fb315182cd9e835d51c4e4c23e8602f592dfa7f1 Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 15:20:35 +0100 Subject: [PATCH 08/29] Update mount-cryptosd-luks@.service --- systemd/system/mount-cryptosd-luks@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service index bbc6e97c..9575d12d 100644 --- a/systemd/system/mount-cryptosd-luks@.service +++ b/systemd/system/mount-cryptosd-luks@.service @@ -1,7 +1,7 @@ [Unit] Description=Mount LUKS encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard -After=udisks2.service cryptosd-luks@%i.service cryptsetup.target dev-mapper-%i.device +After=udisks2.service cryptosd-luks@%i.service cryptsetup.target dev-mapper-%i.device start-user-session.service BindsTo=cryptsetup.target dev-mapper-%i.device Requires=udisks2.service cryptosd-luks@%i.service # Allow for rescue.target and conflict with umount.target (see @@ -22,7 +22,7 @@ RemainAfterExit=yes # "udisksd" (per "udisks2.service") has finished starting, as the # udisks object for an encrypted partition has not been created yet. # Hence one might give udisksd a second to settle: -ExecStartPre=/bin/sleep 1 +# ExecStartPre=/bin/sleep 1 EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf ExecStart=/usr/bin/udisksctl mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I From b0240e8f62e49f2c59c8696a0eaf06480625cb02 Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 15:21:08 +0100 Subject: [PATCH 09/29] Update mount-cryptosd-plain@.service --- systemd/system/mount-cryptosd-plain@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service index d0711b9a..1336578c 100644 --- a/systemd/system/mount-cryptosd-plain@.service +++ b/systemd/system/mount-cryptosd-plain@.service @@ -1,7 +1,7 @@ [Unit] Description=Mount "plain" encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard -After=udisks2.service cryptosd-plain@%i.service cryptsetup.target dev-mapper-%i.device +After=udisks2.service cryptosd-plain@%i.service cryptsetup.target dev-mapper-%i.device start-user-session.service BindsTo=cryptsetup.target dev-mapper-%i.device Requires=udisks2.service cryptosd-plain@%i.service # Allow for rescue.target and conflict with umount.target (see @@ -22,7 +22,7 @@ RemainAfterExit=yes # "udisksd" (per "udisks2.service") has finished starting, as the # udisks object for an encrypted partition has not been created yet. # Hence one might give udisksd a second to settle: -ExecStartPre=/bin/sleep 1 +# ExecStartPre=/bin/sleep 1 EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf ExecStart=/usr/bin/udisksctl mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I From 0f0aff7d0e76ed72a87cb28a0669fbccd3820240 Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 16:04:51 +0100 Subject: [PATCH 10/29] Update 96-cryptosd.rules --- udev/rules.d/96-cryptosd.rules | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules index 46e8267e..5ef0cc35 100644 --- a/udev/rules.d/96-cryptosd.rules +++ b/udev/rules.d/96-cryptosd.rules @@ -1,14 +1,14 @@ # For DM-Crypt LUKS, match sda0 to mmcblk1 to both SUBSYSTEM=="block" and ENV{ID_FS_TYPE}=="crypto_LUKS" -KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-luks@.service crypto_luks_%E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'" +KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-luks@.service crypto_luks_%E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="%c" # For DM-Crypt "plain", also match sda0 to mmcblk1 to SUBSYSTEM=="block", but ensure (by ENV{ID_*}!= statements) that it appears to be unused space # Two rules, one for partitions and a tighter one for whole disks: -KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", SYMLINK+="crypto_plain_%k", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="'%c'" -KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", SYMLINK+="crypto_plain_%k", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="'%c'" +KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", SYMLINK+="crypto_plain_%k", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c" +KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", SYMLINK+="crypto_plain_%k", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c" # Carefully match resulting virtual node dm-* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details -KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="'%c'" +KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c" # Ditto for DM-Crypt "plain": -KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-plain@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="'%c'" +KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-plain@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c" From 671494cf6871e18a1226e67cbefc4d79567a88f2 Mon Sep 17 00:00:00 2001 From: olf Date: Sun, 14 Mar 2021 21:49:28 +0100 Subject: [PATCH 11/29] Update 69-cryptosd.pkla --- polkit-1/localauthority/50-local.d/69-cryptosd.pkla | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla index 10ff7e79..3939dacc 100644 --- a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla +++ b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla @@ -1,5 +1,5 @@ [Allow primary user (e.g., nemo, defaultuser) and AlienDalvik to mount encrypted SD-cards] -Identity=unix-group:media_rw +Identity=unix-group:system Action=org.freedesktop.udisks2.filesystem-mount-system ResultAny=yes ResultInactive=yes From abf7444052febc5526508468b2fd6bc79e528168 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 15 Mar 2021 03:04:34 +0100 Subject: [PATCH 12/29] No cryptsetup.target extant on SFOS 2.2.1+ --- systemd/system/cryptosd-luks@.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service index 4cee70f8..fe4e7ea5 100644 --- a/systemd/system/cryptosd-luks@.service +++ b/systemd/system/cryptosd-luks@.service @@ -3,8 +3,7 @@ Description=Open DM-Crypt LUKS on SD-card %I Documentation=https://github.com/Olf0/crypto-sdcard After=systemd-udevd.service dev-%i.device BindsTo=dev-%i.device -PartOf=cryptsetup.target -Conflicts=actdead.target factory-test.target +Conflicts=umount.target actdead.target factory-test.target AssertFileNotEmpty=/etc/crypto-sdcard/%I.key [Service] From 65533883f065cd288f67c3a7fb737cfa2d94536f Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 15 Mar 2021 03:06:52 +0100 Subject: [PATCH 13/29] No cryptsetup.target extant on SFOS 2.2.1+ --- systemd/system/cryptosd-plain@.service | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service index 3e6e4ee8..cf31e8d0 100644 --- a/systemd/system/cryptosd-plain@.service +++ b/systemd/system/cryptosd-plain@.service @@ -3,8 +3,7 @@ Description=Open DM-Crypt "plain" on SD-card %I Documentation=https://github.com/Olf0/crypto-sdcard After=systemd-udevd.service dev-%i.device BindsTo=dev-%i.device -PartOf=cryptsetup.target -Conflicts=actdead.target factory-test.target +Conflicts=umount.target actdead.target factory-test.target AssertFileNotEmpty=/etc/crypto-sdcard/%I.key [Service] From 9d8702289cfd607964a70508ffa30e7a7575e328 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 15 Mar 2021 03:08:27 +0100 Subject: [PATCH 14/29] No cryptsetup.target extant on SFOS 2.2.1+ --- systemd/system/mount-cryptosd-luks@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service index 8dd41e43..02f921fc 100644 --- a/systemd/system/mount-cryptosd-luks@.service +++ b/systemd/system/mount-cryptosd-luks@.service @@ -1,8 +1,8 @@ [Unit] Description=Mount LUKS encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard -After=udisks2.service cryptosd-luks@%i.service cryptsetup.target dev-mapper-%i.device start-user-session.service -BindsTo=cryptsetup.target dev-mapper-%i.device +After=udisks2.service cryptosd-luks@%i.service dev-mapper-%i.device start-user-session.service +BindsTo=dev-mapper-%i.device Requires=udisks2.service cryptosd-luks@%i.service # Allow for rescue.target and conflict with umount.target (see # man 7 systemd.special; needed explicitly for the new ExecStopPost From 9ef34f2a40885daba25fa42baba8e28c16752e6c Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 15 Mar 2021 03:09:28 +0100 Subject: [PATCH 15/29] No cryptsetup.target extant on SFOS 2.2.1+ --- systemd/system/mount-cryptosd-plain@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service index e53541f1..0bd3b4de 100644 --- a/systemd/system/mount-cryptosd-plain@.service +++ b/systemd/system/mount-cryptosd-plain@.service @@ -1,8 +1,8 @@ [Unit] Description=Mount "plain" encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard -After=udisks2.service cryptosd-plain@%i.service cryptsetup.target dev-mapper-%i.device start-user-session.service -BindsTo=cryptsetup.target dev-mapper-%i.device +After=udisks2.service cryptosd-plain@%i.service dev-mapper-%i.device start-user-session.service +BindsTo=dev-mapper-%i.device Requires=udisks2.service cryptosd-plain@%i.service # Allow for rescue.target and conflict with umount.target (see # man 7 systemd.special; needed explicitly for the new ExecStopPost From 5f15b03474b732472cfca57d1bb73a8f69fab2a5 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 15 Mar 2021 03:56:18 +0100 Subject: [PATCH 16/29] Fixup last commit --- systemd/system/mount-cryptosd-luks@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service index 02f921fc..4af68467 100644 --- a/systemd/system/mount-cryptosd-luks@.service +++ b/systemd/system/mount-cryptosd-luks@.service @@ -2,8 +2,8 @@ Description=Mount LUKS encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard After=udisks2.service cryptosd-luks@%i.service dev-mapper-%i.device start-user-session.service -BindsTo=dev-mapper-%i.device -Requires=udisks2.service cryptosd-luks@%i.service +BindsTo=dev-mapper-%i.device cryptosd-luks@%i.service +Requires=udisks2.service # Allow for rescue.target and conflict with umount.target (see # man 7 systemd.special; needed explicitly for the new ExecStopPost # statement as this a mounting unit, though not a mount unit): From 7129c99705c0727a8775065700cef2934eadaaa5 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 15 Mar 2021 03:57:23 +0100 Subject: [PATCH 17/29] Fixup last commit --- systemd/system/mount-cryptosd-plain@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service index 0bd3b4de..b874f626 100644 --- a/systemd/system/mount-cryptosd-plain@.service +++ b/systemd/system/mount-cryptosd-plain@.service @@ -2,8 +2,8 @@ Description=Mount "plain" encrypted SD-card (%I) with udisks Documentation=https://github.com/Olf0/crypto-sdcard After=udisks2.service cryptosd-plain@%i.service dev-mapper-%i.device start-user-session.service -BindsTo=dev-mapper-%i.device -Requires=udisks2.service cryptosd-plain@%i.service +BindsTo=dev-mapper-%i.device cryptosd-plain@%i.service +Requires=udisks2.service # Allow for rescue.target and conflict with umount.target (see # man 7 systemd.special; needed explicitly for the new ExecStopPost # statement as this a mounting unit, though not a mount unit): From 73846dc6c483f41b5d7f16f3a531dc12a4d4e523 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 29 Mar 2021 05:46:09 +0200 Subject: [PATCH 18/29] Enable "non-system" (i.e., regular user) mounting per udisks2 --- polkit-1/localauthority/50-local.d/69-cryptosd.pkla | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla index 3939dacc..fd48d3f8 100644 --- a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla +++ b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla @@ -1,6 +1,6 @@ [Allow primary user (e.g., nemo, defaultuser) and AlienDalvik to mount encrypted SD-cards] Identity=unix-group:system -Action=org.freedesktop.udisks2.filesystem-mount-system +Action=org.freedesktop.udisks2.filesystem-mount ResultAny=yes ResultInactive=yes ResultActive=yes From 469ebf5f6f4eb029402f9035824314e7334e221e Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 29 Mar 2021 05:48:48 +0200 Subject: [PATCH 19/29] Update 69-cryptosd.pkla --- polkit-1/localauthority/50-local.d/69-cryptosd.pkla | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla index fd48d3f8..0fd4e83e 100644 --- a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla +++ b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla @@ -1,4 +1,4 @@ -[Allow primary user (e.g., nemo, defaultuser) and AlienDalvik to mount encrypted SD-cards] +[Allow primary user (e.g., nemo) and AlienDalvik to mount (encrypted) SD-cards] Identity=unix-group:system Action=org.freedesktop.udisks2.filesystem-mount ResultAny=yes From 20fe64ade151a8482f9dea9f2054d709af961cbc Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 29 Mar 2021 15:21:35 +0200 Subject: [PATCH 20/29] Create 69-cryptosd.pkla --- polkit-1/localauthority/50-local.d/69-cryptosd.pkla | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 polkit-1/localauthority/50-local.d/69-cryptosd.pkla diff --git a/polkit-1/localauthority/50-local.d/69-cryptosd.pkla b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla new file mode 100644 index 00000000..0fd4e83e --- /dev/null +++ b/polkit-1/localauthority/50-local.d/69-cryptosd.pkla @@ -0,0 +1,7 @@ +[Allow primary user (e.g., nemo) and AlienDalvik to mount (encrypted) SD-cards] +Identity=unix-group:system +Action=org.freedesktop.udisks2.filesystem-mount +ResultAny=yes +ResultInactive=yes +ResultActive=yes + From 9eb2e762709b4d0802ad8dfca0dd10f75b4722fc Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 29 Mar 2021 17:14:25 +0200 Subject: [PATCH 21/29] Revert #194 Revert #194 --- rpm/crypto-sdcard.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index d506897a..b5f2acf2 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -54,7 +54,7 @@ Provides: crypto-sdcard_sbj %install mkdir -p %{buildroot}%{_sysconfdir}/%{name} -cp -R systemd udev %{buildroot}%{_sysconfdir}/ +cp -R systemd polkit-1 udev %{buildroot}%{_sysconfdir}/ %files # Regular files: @@ -63,6 +63,7 @@ cp -R systemd udev %{buildroot}%{_sysconfdir}/ %{_sysconfdir}/systemd/system/cryptosd-plain@.service %{_sysconfdir}/systemd/system/mount-cryptosd-luks@.service %{_sysconfdir}/systemd/system/mount-cryptosd-plain@.service +%{_sysconfdir}/polkit-1/localauthority/50-local.d/69-cryptosd.pkla %{_sysconfdir}/udev/rules.d/96-cryptosd.rules # Extraordinary files / dirs: %defattr(0640,root,root,0750) From cc21025390699449b30ac2146887472d7eb519fe Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 7 Apr 2021 05:03:51 +0200 Subject: [PATCH 22/29] Fixing. --- systemd/system/cryptosd-luks@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service index d98250e9..dd90acfb 100644 --- a/systemd/system/cryptosd-luks@.service +++ b/systemd/system/cryptosd-luks@.service @@ -2,9 +2,9 @@ Description=Open %I per cryptsetup Documentation=https://github.com/Olf0/crypto-sdcard DefaultDependencies=no -After=systemd-udevd.service systemd-udev-trigger.service dev-disk-by\x2duuid-%i.device systemd-journald.service local-fs.target cryptsetup-pre.target +After=systemd-udevd.service systemd-udev-trigger.service dev-disk-by\x2duuid-%i.device systemd-journald.service local-fs.target Requisite=dev-disk-by\x2duuid-%i.device -PartOf=mount-cryptosd-luks@%i.service cryptsetup.target +PartOf=mount-cryptosd-luks@%i.service Conflicts=umount.target shutdown.target actdead.target factory-test.target Before=umount.target shutdown.target mount-cryptosd-luks@%i.service # That would allow this unit to keep on running, when switching to e.g., rescue.target From 8a060f6d41a7f9d577d0a7f99c2065cf5b12ae9d Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 7 Apr 2021 05:13:50 +0200 Subject: [PATCH 23/29] Update cryptosd-luks@.service --- systemd/system/cryptosd-luks@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service index dd90acfb..d64c589f 100644 --- a/systemd/system/cryptosd-luks@.service +++ b/systemd/system/cryptosd-luks@.service @@ -2,7 +2,7 @@ Description=Open %I per cryptsetup Documentation=https://github.com/Olf0/crypto-sdcard DefaultDependencies=no -After=systemd-udevd.service systemd-udev-trigger.service dev-disk-by\x2duuid-%i.device systemd-journald.service local-fs.target +After=sysinit.target dev-disk-by\x2duuid-%i.device Requisite=dev-disk-by\x2duuid-%i.device PartOf=mount-cryptosd-luks@%i.service Conflicts=umount.target shutdown.target actdead.target factory-test.target From d04c7c0cbae7eab6ca6da9cfbf070089140efb49 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 7 Apr 2021 05:42:41 +0200 Subject: [PATCH 24/29] No "'" --- udev/rules.d/96-cryptosd.rules | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules index 736822d5..bba27592 100644 --- a/udev/rules.d/96-cryptosd.rules +++ b/udev/rules.d/96-cryptosd.rules @@ -8,7 +8,7 @@ # For DM-Crypt LUKS, match sda0 to mmcblk1 (*) to both SUBSYSTEM=="block", plus ENV{ID_FS_TYPE}=="crypto_LUKS" KERNEL=="mmcblk1*|sd[a-z][0-9]", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add|change", PROGRAM=="/usr/bin/head -c 1 /etc/crypto-sdcard/crypto_luks_%E{ID_FS_UUID}", RESULT=="?", ENV{CRYPTOSD_TYPE}="LUKS" -KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="crypto_luks_%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="'%c'" +KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="crypto_luks_%k_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="%c" # When above detected and assigned devices are removed KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="crypto_removed", PROGRAM=="/bin/systemd-escape --template=cryptosd-luks@.service %E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/bin/systemctl stop %c" @@ -16,15 +16,15 @@ KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="LUKS", ACTION=="remove", E # Two rules, one for partitions and a tighter one for whole disks: KERNEL=="mmcblk1*|sd[a-z][0-9]", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add|change", PROGRAM=="/usr/bin/head -c 1 /etc/crypto-sdcard/crypto_plain_%k", RESULT=="?", ENV{CRYPTOSD_TYPE}="PLAIN" KERNEL=="mmcblk1*|sd[a-z][0-9]", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add|change", PROGRAM=="/usr/bin/head -c 1 /etc/crypto-sdcard/crypto_plain_%k", RESULT=="?", ENV{CRYPTOSD_TYPE}="PLAIN" -KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'cryptosd-plain@%k.service'" +KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%k.service" # When above detected and assigned devices are removed KERNEL=="mmcblk1*|sd[a-z][0-9]", ENV{CRYPTOSD_TYPE}=="PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="removed", ENV{UDISKS_NAME}="crypto_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/bin/systemctl stop cryptosd-plain@%k.service" # Carefully match resulting virtual node dm-[0-9] to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details -KERNEL=="dm-[0-9]", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="????????-????-????-????-????????????|????-????", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_crypto_luks_%E{DM_NAME}", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="'%c'" +KERNEL=="dm-[0-9]", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="????????-????-????-????-????????????|????-????", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-LUKS", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_crypto_luks_%E{DM_NAME}", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c" KERNEL=="dm-[0-9]", ENV{CRYPTOSD_TYPE}=="mount-LUKS", ACTION=="remove", ENV{CRYPTOSD_TYPE}="mount-removed", ENV{UDISKS_NAME}="mount_crypto_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", RUN{program}+="/bin/systemctl stop %c" # Ditto for DM-Crypt "plain" -KERNEL=="dm-[0-9]", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="mmcblk1*|sd[a-z][0-9]", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_crypto_plain_%E{DM_NAME}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="'mount-cryptosd-plain@%E{DM_NAME}.service'" +KERNEL=="dm-[0-9]", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[2-9]", ENV{DM_NAME}=="mmcblk1*|sd[a-z][0-9]", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", ENV{CRYPTOSD_TYPE}="mount-PLAIN", ENV{UDISKS_SYSTEM}="0", ENV{UDISKS_AUTO}="0", ENV{UDISKS_NAME}="mount_crypto_plain_%E{DM_NAME}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-plain@%E{DM_NAME}.service" KERNEL=="dm-[0-9]", ENV{CRYPTOSD_TYPE}=="mount-PLAIN", ACTION=="remove", ENV{CRYPTOSD_TYPE}="mount-removed", ENV{UDISKS_NAME}="mount_crypto_removed", ENV{SYSTEMD_WANTS}="", ENV{SYSTEMD_USER_WANTS}="", RUN{program}+="/bin/systemctl stop mount-cryptosd-plain@%E{DM_NAME}.service" From 0fa1726411956ae15a2b30b66afffd2b66bcefa1 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 7 Apr 2021 22:58:28 +0200 Subject: [PATCH 25/29] Update cryptosd-luks@.service --- systemd/system/cryptosd-luks@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service index d64c589f..431611e5 100644 --- a/systemd/system/cryptosd-luks@.service +++ b/systemd/system/cryptosd-luks@.service @@ -4,7 +4,7 @@ Documentation=https://github.com/Olf0/crypto-sdcard DefaultDependencies=no After=sysinit.target dev-disk-by\x2duuid-%i.device Requisite=dev-disk-by\x2duuid-%i.device -PartOf=mount-cryptosd-luks@%i.service +PartOf=mount-cryptosd-luks@%i.service sysinit.target Conflicts=umount.target shutdown.target actdead.target factory-test.target Before=umount.target shutdown.target mount-cryptosd-luks@%i.service # That would allow this unit to keep on running, when switching to e.g., rescue.target From d079da510d494af5b62e615064b5f824e3f7cd24 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 7 Apr 2021 23:08:48 +0200 Subject: [PATCH 26/29] Update cryptosd-plain@.service --- systemd/system/cryptosd-plain@.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service index 5326a9e2..6f58bfdd 100644 --- a/systemd/system/cryptosd-plain@.service +++ b/systemd/system/cryptosd-plain@.service @@ -2,9 +2,9 @@ Description=Open %I per cryptsetup Documentation=https://github.com/Olf0/crypto-sdcard DefaultDependencies=no -After=systemd-udevd.service systemd-udev-trigger.service dev-%i.device systemd-journald.service local-fs.target cryptsetup-pre.target +After=sysinit.target dev-%i.device Requisite=dev-%i.device -PartOf=mount-cryptosd-plain@%i.service cryptsetup.target +PartOf=mount-cryptosd-plain@%i.service sysinit.target Conflicts=umount.target shutdown.target actdead.target factory-test.target Before=umount.target shutdown.target mount-cryptosd-plain@%i.service # That would allow this unit to keep on running, when switching to e.g., rescue.target From 359f04f73a0bfcf18244467fb6aaf7a02b771984 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 7 Apr 2021 23:13:54 +0200 Subject: [PATCH 27/29] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index c41e8ec9..b8f47665 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -11,7 +11,7 @@ Version: 1.6.0 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfos220qcrypto +Release: 2.sfos220qcrypto Group: System/Base Distribution: SailfishOS Vendor: olf From 9c5142cc024abf0093ff0a48524c1292957bec10 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 12 Apr 2021 00:04:05 +0200 Subject: [PATCH 28/29] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 94359660..2af84dad 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -11,7 +11,7 @@ Version: 1.7.0 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 2.sfos220qcrypto +Release: 1.sfos220qcrypto Group: System/Base Distribution: SailfishOS Vendor: olf From 446626bf2c88d60225f42cbf73028fff6ea34c51 Mon Sep 17 00:00:00 2001 From: olf Date: Mon, 12 Apr 2021 04:35:07 +0200 Subject: [PATCH 29/29] Update mnt-cryptosd-luks@.service --- systemd/system/mnt-cryptosd-luks@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/system/mnt-cryptosd-luks@.service b/systemd/system/mnt-cryptosd-luks@.service index 2e5a9ff2..8966d5ed 100644 --- a/systemd/system/mnt-cryptosd-luks@.service +++ b/systemd/system/mnt-cryptosd-luks@.service @@ -2,7 +2,7 @@ Description=Manually mount /dev/mapper/%I directly Documentation=https://github.com/Olf0/crypto-sdcard DefaultDependencies=no -After=systemd-udevd.service systemd-udev-trigger.service cryptosd-luks@%i.service dev-mapper-%i.device systemd-journald.service local-fs.target cryptsetup.target +After=systemd-udevd.service systemd-udev-trigger.service cryptosd-luks@%i.service dev-mapper-%i.device systemd-journald.service local-fs.target Requires=cryptosd-luks@%i.service # "Requisite=dev-mapper-%i.device" here would prevent this unit from # auto-starting its dependencies, when started manually: