Merge pull request #122 from Olf0/sfos321-v1.3.4

Updates for v1.3.4

README.md

@@ -24,8 +24,8 @@ Thus **crypto-sdcard** solely protects "data at rest" on SD-cards and other remo
 * Start mounting encrypted (partitions on) SD-card via udisks at the earliest sensible time: Right after *udisks2.service* has started.
 * Unmount before *udisks2.service* begins stopping, hence achieving a clean unmount.
 * Also do not use SailfishOS' *udisksctl-user* script for unmounting (because it cannot work at the time ExecStop is executed), which is installed and used by SailfishOS since its release 3.2.1, and was also used by *crypto-sdcard* versions 1.1-1 to 1.3.1-5; see [details here](https://github.com/Olf0/crypto-sdcard/pull/28).
-* Since v1.3.3 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-luks.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
-  Take a look at `ls /dev/mapper/crypto*` for the partition specific part (between the `@` and the `.conf` extension) of the file names for the partition specific configuration files. 
+* Since v1.3.4 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks@.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-plain@.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
+  Take a look at `ls /dev/mapper/crypto*` for the partition specific part (between the `@` and the `.conf` extension) of the file names for the partition specific configuration files.<br />
   These configuration files can be created by a system administrator (i.e., you), so if you want to add restricting mount options, see [here for details](https://github.com/Olf0/mount-sdcard/releases/tag/1.3.2).
 * Ensure, that AlienDalvik (specifically *alien-service-manager.service*) begins starting after mounting succeeded, to allow for [android_storage on SD-card](https://together.jolla.com/question/203539/guide-externalising-android_storage-and-other-directories-files-to-sd-card/#203539-2-externalising-homenemoandroid_storage).<br />
   Even more importantly (i.e., also relevant for devices without "android_storage on SD-card") this also ensures, that unmounting occurs only after AlienDalvik has completely stopped.<br />

rpm/crypto-sdcard.spec

@@ -1,6 +1,6 @@
 Name:          crypto-sdcard
 Summary:       Configuration files for unlocking and mounting encrypted SD-cards automatically
-Version:       1.3.3
+Version:       1.3.4
 # Since v1.3.1, the release version consists of two or three fields, separated by a dot ("."):
 # - The first field must contain a natural number greater than zero.
 #   This number may be prefixed by one of {alpha,beta,stable}, e.g. "alpha13".

systemd/system/cryptosd-luks@.service

@@ -14,6 +14,5 @@ RemainAfterExit=yes
 # ExecStartPre=/sbin/modprobe qcrypto
 # For various reasons (dependency on udisks2, allow discards etc.), do not use "udisksctl unlock --key-file", call cryptsetup directly:
 ExecStart=/usr/sbin/cryptsetup --allow-discards -d /etc/crypto-sdcard/%I.key luksOpen /dev/%I %I
-# ExecStartPost=chgrp disk /dev/mapper/%I  # Moved to udev rules 96-cryptosd
 ExecStop=/usr/sbin/cryptsetup close %I
 

systemd/system/cryptosd-plain@.service

@@ -10,9 +10,9 @@ AssertFileNotEmpty=/etc/crypto-sdcard/%I.key
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+StandardInput=file:/etc/crypto-sdcard/%I.key 
 # For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS:
 # ExecStartPre=/sbin/modprobe qcrypto
-ExecStart=/bin/sh -c 'cat /etc/crypto-sdcard/%I.key | /usr/sbin/cryptsetup -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I'
-# ExecStartPost=chgrp disk /dev/mapper/%I  # Moved to udev rules 96-cryptosd
+ExecStart=/usr/sbin/cryptsetup -d - -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I
 ExecStop=/usr/sbin/cryptsetup close %I
 

systemd/system/mount-cryptosd-luks@.service

@@ -22,9 +22,9 @@ RemainAfterExit=yes
 # udisks object for an encrypted partition has not been created yet.
 # Hence giving udisksd a second to settle:
 ExecStartPre=/bin/sleep 1
-EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
+EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vfrq /dev/%I
+ExecStopPost=/bin/umount -vrq /dev/%I
 

systemd/system/mount-cryptosd-plain@.service

@@ -22,9 +22,9 @@ RemainAfterExit=yes
 # udisks object for an encrypted partition has not been created yet.
 # Hence giving udisksd a second to settle:
 ExecStartPre=/bin/sleep 1
-EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
+EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vfrq /dev/%I
+ExecStopPost=/bin/umount -vrq /dev/%I
 

udev/rules.d/96-cryptosd.rules

@@ -1,14 +1,14 @@
 # For DM-Crypt LUKS, match sda0 to mmcblk1 to both SUBSYSTEM=="block" and ENV{ID_FS_TYPE}=="crypto_LUKS"
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", PROGRAM=="/bin/systemd-escape crypto_luks_%E{ID_FS_UUID}", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-luks@%c.service", ENV{SYSTEMD_USER_WANTS}=""
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=[email protected] crypto_luks_%E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="%c"
 
 # For DM-Crypt "plain", also match sda0 to mmcblk1 to SUBSYSTEM=="block", but ensure (by ENV{ID_*}!= statements) that it appears to be unused space
 # Two rules, one for partitions and a tighter one for whole disks:
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", PROGRAM=="/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}=""
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", PROGRAM=="/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}=""
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=[email protected] crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=[email protected] crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
 
 # Carefully match resulting virtual node dm-* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details
-KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-luks@%c.service"
+KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=[email protected] %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"
 
 # Ditto for DM-Crypt "plain":
-KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-plain@%c.service"
+KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=[email protected] %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"