From 53da564e06a01b7b9a99b34820c763072edabda0 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Fri, 19 Feb 2021 03:56:22 +0100
Subject: [PATCH 01/17] Post release version increase

---
 rpm/crypto-sdcard.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec
index e86accd0..1477b6c0 100644
--- a/rpm/crypto-sdcard.spec
+++ b/rpm/crypto-sdcard.spec
@@ -1,6 +1,6 @@
 Name:          crypto-sdcard
 Summary:       Configuration files for unlocking and mounting encrypted SD-cards automatically
-Version:       1.3.3
+Version:       1.3.4
 # Since v1.3.1, the release version consists of two or three fields, separated by a dot ("."):
 # - The first field must contain a natural number greater than zero.
 #   This number may be prefixed by one of {alpha,beta,stable}, e.g. "alpha13".

From 2fefa86cebce1d85865a7a256d1a1986239a3ce8 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Fri, 19 Feb 2021 22:36:26 +0100
Subject: [PATCH 02/17] Fix copy&paste error

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0965f0f3..dc9cd3c1 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ Thus **crypto-sdcard** solely protects "data at rest" on SD-cards and other remo
 * Start mounting encrypted (partitions on) SD-card via udisks at the earliest sensible time: Right after *udisks2.service* has started.
 * Unmount before *udisks2.service* begins stopping, hence achieving a clean unmount.
 * Also do not use SailfishOS' *udisksctl-user* script for unmounting (because it cannot work at the time ExecStop is executed), which is installed and used by SailfishOS since its release 3.2.1, and was also used by *crypto-sdcard* versions 1.1-1 to 1.3.1-5; see [details here](https://github.com/Olf0/crypto-sdcard/pull/28).
-* Since v1.3.3 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-luks.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
+* Since v1.3.3 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-plain.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
   Take a look at `ls /dev/mapper/crypto*` for the partition specific part (between the `@` and the `.conf` extension) of the file names for the partition specific configuration files. 
   These configuration files can be created by a system administrator (i.e., you), so if you want to add restricting mount options, see [here for details](https://github.com/Olf0/mount-sdcard/releases/tag/1.3.2).
 * Ensure, that AlienDalvik (specifically *alien-service-manager.service*) begins starting after mounting succeeded, to allow for [android_storage on SD-card](https://together.jolla.com/question/203539/guide-externalising-android_storage-and-other-directories-files-to-sd-card/#203539-2-externalising-homenemoandroid_storage).<br />

From 1dfae6bc2a62d2a22ad19facbb0b3d95c0b1fa36 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Fri, 19 Feb 2021 22:45:57 +0100
Subject: [PATCH 03/17] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dc9cd3c1..2b46a12d 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ Thus **crypto-sdcard** solely protects "data at rest" on SD-cards and other remo
 * Unmount before *udisks2.service* begins stopping, hence achieving a clean unmount.
 * Also do not use SailfishOS' *udisksctl-user* script for unmounting (because it cannot work at the time ExecStop is executed), which is installed and used by SailfishOS since its release 3.2.1, and was also used by *crypto-sdcard* versions 1.1-1 to 1.3.1-5; see [details here](https://github.com/Olf0/crypto-sdcard/pull/28).
 * Since v1.3.3 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-plain.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
-  Take a look at `ls /dev/mapper/crypto*` for the partition specific part (between the `@` and the `.conf` extension) of the file names for the partition specific configuration files. 
+  Take a look at `ls /dev/mapper/crypto*` for the partition specific part (between the `@` and the `.conf` extension) of the file names for the partition specific configuration files.<br />
   These configuration files can be created by a system administrator (i.e., you), so if you want to add restricting mount options, see [here for details](https://github.com/Olf0/mount-sdcard/releases/tag/1.3.2).
 * Ensure, that AlienDalvik (specifically *alien-service-manager.service*) begins starting after mounting succeeded, to allow for [android_storage on SD-card](https://together.jolla.com/question/203539/guide-externalising-android_storage-and-other-directories-files-to-sd-card/#203539-2-externalising-homenemoandroid_storage).<br />
   Even more importantly (i.e., also relevant for devices without "android_storage on SD-card") this also ensures, that unmounting occurs only after AlienDalvik has completely stopped.<br />

From bb2e0b53dedc699db01b8ba5fa27eeb5d9b017e0 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 01:07:41 +0100
Subject: [PATCH 04/17] Omit umoi

---
 systemd/system/mount-cryptosd-luks@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service
index 0cd80e4f..894a84d0 100644
--- a/systemd/system/mount-cryptosd-luks@.service
+++ b/systemd/system/mount-cryptosd-luks@.service
@@ -26,5 +26,5 @@ EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vfrq /dev/%I
+ExecStopPost=/bin/umount -vq /dev/%I
 

From 06e13f7518d05f3fc1229786be6fd38734310e31 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 01:10:50 +0100
Subject: [PATCH 05/17] Omit umount options -fr

---
 systemd/system/mount-cryptosd-plain@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service
index 9049982d..d86eb98a 100644
--- a/systemd/system/mount-cryptosd-plain@.service
+++ b/systemd/system/mount-cryptosd-plain@.service
@@ -26,5 +26,5 @@ EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vfrq /dev/%I
+ExecStopPost=/bin/umount -vq /dev/%I
 

From e2fa6a5f71339832ae230c4269c3fdd59074c8f8 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 01:22:26 +0100
Subject: [PATCH 06/17] Remove line, which was already obsoleted for long

---
 systemd/system/cryptosd-plain@.service | 1 -
 1 file changed, 1 deletion(-)

diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
index 407e0a13..7fd54951 100644
--- a/systemd/system/cryptosd-plain@.service
+++ b/systemd/system/cryptosd-plain@.service
@@ -13,6 +13,5 @@ RemainAfterExit=yes
 # For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS:
 # ExecStartPre=/sbin/modprobe qcrypto
 ExecStart=/bin/sh -c 'cat /etc/crypto-sdcard/%I.key | /usr/sbin/cryptsetup -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I'
-# ExecStartPost=chgrp disk /dev/mapper/%I  # Moved to udev rules 96-cryptosd
 ExecStop=/usr/sbin/cryptsetup close %I
 

From 7b4948b652f3a462ee246bd3c7e5a85b25974cbf Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 01:25:20 +0100
Subject: [PATCH 07/17] Remove a line, which was already obsoleted for long

---
 systemd/system/cryptosd-luks@.service | 1 -
 1 file changed, 1 deletion(-)

diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service
index e6ae245a..bdd5922f 100644
--- a/systemd/system/cryptosd-luks@.service
+++ b/systemd/system/cryptosd-luks@.service
@@ -14,6 +14,5 @@ RemainAfterExit=yes
 # ExecStartPre=/sbin/modprobe qcrypto
 # For various reasons (dependency on udisks2, allow discards etc.), do not use "udisksctl unlock --key-file", call cryptsetup directly:
 ExecStart=/usr/sbin/cryptsetup --allow-discards -d /etc/crypto-sdcard/%I.key luksOpen /dev/%I %I
-# ExecStartPost=chgrp disk /dev/mapper/%I  # Moved to udev rules 96-cryptosd
 ExecStop=/usr/sbin/cryptsetup close %I
 

From c35de2605194a5a564b1c8b70bd4df28768ee536 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 02:35:06 +0100
Subject: [PATCH 08/17] Reintroduce umount option -r

---
 systemd/system/mount-cryptosd-luks@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service
index 894a84d0..dc237e0a 100644
--- a/systemd/system/mount-cryptosd-luks@.service
+++ b/systemd/system/mount-cryptosd-luks@.service
@@ -26,5 +26,5 @@ EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vq /dev/%I
+ExecStopPost=/bin/umount -vrq /dev/%I
 

From 66252a6c2e02fb8d26ee1e1d197ba52afcb59066 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 02:36:00 +0100
Subject: [PATCH 09/17] Reintroduce umount option -r

---
 systemd/system/mount-cryptosd-plain@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service
index d86eb98a..555bddf2 100644
--- a/systemd/system/mount-cryptosd-plain@.service
+++ b/systemd/system/mount-cryptosd-plain@.service
@@ -26,5 +26,5 @@ EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I
-ExecStopPost=/bin/umount -vq /dev/%I
+ExecStopPost=/bin/umount -vrq /dev/%I
 

From ba3ccce0c3573747fadd7b30e576159b15277513 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 03:31:18 +0100
Subject: [PATCH 10/17] Fully read "key-file" in "plain" mode

This change should read the complete "key-file", not only up to the first newline character ("\n").
1. Needs testing:
   * I faintly remember, that I could not get `-d -` and (equivalent) `--key-file -` working in conjunction with `--type plain`.  But that was with a way older Cryptsetup version.
     Note that for `--type plain`, reading from standard input with `-d -` / `--key-file -` is the only way to apply a hash algorithm to the input (entropy), see [this section of the Cryptsetup man page](https://man7.org/linux/man-pages/man8/cryptsetup.8.html#NOTES_ON_PASSPHRASE_PROCESSING_FOR_PLAIN_MODE) for details.
     =\> Retry above syntax with Cryptsetup of SFOS 3.2.1 (the currently minimal supported release), and also with the awkward, likely incorrect syntax `--key-file=-` mentioned once (in the whole man page!) in the aforementioned section.
   * I also believe to remember, that the more elegant input redirection per "`< <key-file>`" (instead of `cat <key-file> |`) did not work: Retry that, too.
2. Users have to convert their old keys for "plain" mode, i.e. cut the content of their key-files for "plain" mode at the first newline character.
    These commands (untested, yet) should perform this conversion:
    `devel-su`
    `for i in /etc/crypto-sdcard/crypto_plain_*.key; do mv "$i" "${i}.old" && sed -n 1P "${i}.old" > "$i"; done`
---
 systemd/system/cryptosd-plain@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
index 7fd54951..767790f2 100644
--- a/systemd/system/cryptosd-plain@.service
+++ b/systemd/system/cryptosd-plain@.service
@@ -12,6 +12,6 @@ Type=oneshot
 RemainAfterExit=yes
 # For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS:
 # ExecStartPre=/sbin/modprobe qcrypto
-ExecStart=/bin/sh -c 'cat /etc/crypto-sdcard/%I.key | /usr/sbin/cryptsetup -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I'
+ExecStart=/bin/sh -c 'cat /etc/crypto-sdcard/%I.key | /usr/sbin/cryptsetup -d - -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I'
 ExecStop=/usr/sbin/cryptsetup close %I
 

From c3a0e8cf82211ace57d6515e17738c2de7e64d67 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sat, 20 Feb 2021 06:04:09 +0100
Subject: [PATCH 11/17] Try to read key file properly via StdIn

Continue to follow [this route](https://github.com/Olf0/crypto-sdcard/commit/ba3ccce0c3573747fadd7b30e576159b15277513#commitcomment-47340935).
---
 systemd/system/cryptosd-plain@.service | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service
index 767790f2..9ae2859f 100644
--- a/systemd/system/cryptosd-plain@.service
+++ b/systemd/system/cryptosd-plain@.service
@@ -10,8 +10,9 @@ AssertFileNotEmpty=/etc/crypto-sdcard/%I.key
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+StandardInput=file:/etc/crypto-sdcard/%I.key 
 # For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS:
 # ExecStartPre=/sbin/modprobe qcrypto
-ExecStart=/bin/sh -c 'cat /etc/crypto-sdcard/%I.key | /usr/sbin/cryptsetup -d - -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I'
+ExecStart=/usr/sbin/cryptsetup -d - -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I
 ExecStop=/usr/sbin/cryptsetup close %I
 

From be3667c6468b370849b2aff866833b6f17c96bfd Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sun, 21 Feb 2021 01:50:28 +0100
Subject: [PATCH 12/17] Rename crypto-sd.conf to crypto-sd@.conf

---
 systemd/system/mount-cryptosd-luks@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-luks@.service b/systemd/system/mount-cryptosd-luks@.service
index dc237e0a..0dc90e59 100644
--- a/systemd/system/mount-cryptosd-luks@.service
+++ b/systemd/system/mount-cryptosd-luks@.service
@@ -22,7 +22,7 @@ RemainAfterExit=yes
 # udisks object for an encrypted partition has not been created yet.
 # Hence giving udisksd a second to settle:
 ExecStartPre=/bin/sleep 1
-EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
+EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I

From 87af7979a0bc3ec80cfd747cb34ccc6ec6f48ec7 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sun, 21 Feb 2021 01:51:03 +0100
Subject: [PATCH 13/17] Rename crypto-sd.conf to crypto-sd@.conf

---
 systemd/system/mount-cryptosd-plain@.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/mount-cryptosd-plain@.service b/systemd/system/mount-cryptosd-plain@.service
index 555bddf2..e994254e 100644
--- a/systemd/system/mount-cryptosd-plain@.service
+++ b/systemd/system/mount-cryptosd-plain@.service
@@ -22,7 +22,7 @@ RemainAfterExit=yes
 # udisks object for an encrypted partition has not been created yet.
 # Hence giving udisksd a second to settle:
 ExecStartPre=/bin/sleep 1
-EnvironmentFile=-/var/lib/environment/udisks2/%p.conf
+EnvironmentFile=-/var/lib/environment/udisks2/%p@.conf
 EnvironmentFile=-/var/lib/environment/udisks2/%p@%I.conf
 ExecStart=/usr/bin/udisksctl-user mount $UDISKS2_MOUNT_OPTIONS -b /dev/mapper/%I
 ExecStop=/usr/bin/udisksctl unmount -b /dev/mapper/%I

From fdc68bb4d8fb9a9e7ba2d34de8155362e16dc3c8 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sun, 21 Feb 2021 01:56:20 +0100
Subject: [PATCH 14/17] Rename mount-cryptosd-*.conf to mount-cryptosd-*@.conf

Rename `mount-cryptosd-luks.conf` and `mount-cryptosd-plain.conf` to `mount-cryptosd-luks@.conf` rsp. `mount-cryptosd-plain@.conf` to maintain a consistent naming scheme.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2b46a12d..46195d48 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ Thus **crypto-sdcard** solely protects "data at rest" on SD-cards and other remo
 * Start mounting encrypted (partitions on) SD-card via udisks at the earliest sensible time: Right after *udisks2.service* has started.
 * Unmount before *udisks2.service* begins stopping, hence achieving a clean unmount.
 * Also do not use SailfishOS' *udisksctl-user* script for unmounting (because it cannot work at the time ExecStop is executed), which is installed and used by SailfishOS since its release 3.2.1, and was also used by *crypto-sdcard* versions 1.1-1 to 1.3.1-5; see [details here](https://github.com/Olf0/crypto-sdcard/pull/28).
-* Since v1.3.3 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-plain.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
+* Since v1.3.4 the [Systemd EnvironmentFiles](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#EnvironmentFile=) `mount-cryptosd-luks@.conf` and `mount-cryptosd-luks@crypto_luks_<UUID>.conf` (in this order), respectively `mount-cryptosd-plain@.conf` and `mount-cryptosd-plain@crypto_plain_<device-name>.conf`, in `/var/lib/environment/udisks2/` are evaluated for additional mount options, if they exist (one or both).
   Take a look at `ls /dev/mapper/crypto*` for the partition specific part (between the `@` and the `.conf` extension) of the file names for the partition specific configuration files.<br />
   These configuration files can be created by a system administrator (i.e., you), so if you want to add restricting mount options, see [here for details](https://github.com/Olf0/mount-sdcard/releases/tag/1.3.2).
 * Ensure, that AlienDalvik (specifically *alien-service-manager.service*) begins starting after mounting succeeded, to allow for [android_storage on SD-card](https://together.jolla.com/question/203539/guide-externalising-android_storage-and-other-directories-files-to-sd-card/#203539-2-externalising-homenemoandroid_storage).<br />

From 2bf46d9d620bab2d7eb8d8b973c6450d90a3f057 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sun, 21 Feb 2021 03:10:57 +0100
Subject: [PATCH 15/17] Update 96-cryptosd.rules

Add safety measures to alleviate the breakage SFOS 4.0.1 brought, while maintaining backward compatibility (and trying to spare further analysis):
* Add `OPTIONS+="string_escape=none"` to all rules.
* Reshuffle the setting (but no matching) statements in all rules, as they have some sequential character.
* Use `systemd-escape` with its `--template=` option, instead of manually concatenating the argument string for `ENV{SYSTEMD_WANTS}=`.
---
 udev/rules.d/96-cryptosd.rules | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 4e7273cf..7cdab2da 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -1,14 +1,14 @@
 # For DM-Crypt LUKS, match sda0 to mmcblk1 to both SUBSYSTEM=="block" and ENV{ID_FS_TYPE}=="crypto_LUKS"
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", PROGRAM=="/usr/bin/systemd-escape crypto_luks_%E{ID_FS_UUID}", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-luks@%c.service", ENV{SYSTEMD_USER_WANTS}=""
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-luks@.service crypto_luks_%E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="%c"
 
 # For DM-Crypt "plain", also match sda0 to mmcblk1 to SUBSYSTEM=="block", but ensure (by ENV{ID_*}!= statements) that it appears to be unused space
 # Two rules, one for partitions and a tighter one for whole disks:
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", PROGRAM=="/usr/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}=""
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", PROGRAM=="/usr/bin/systemd-escape crypto_plain_%k", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="cryptosd-plain@%c.service", ENV{SYSTEMD_USER_WANTS}=""
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
 
 # Carefully match resulting virtual node dm-* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details
-KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/usr/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-luks@%c.service"
+KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"
 
 # Ditto for DM-Crypt "plain":
-KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", PROGRAM=="/usr/bin/systemd-escape %E{DM_NAME}", GROUP="disk", MODE="0660", TAG+="systemd", ENV{SYSTEMD_WANTS}="mount-cryptosd-plain@%c.service"
+KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=mount-cryptosd-plain@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"
 

From fd092753ba0ffac98cdf0a8f1c565fa25c90a494 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sun, 21 Feb 2021 03:16:17 +0100
Subject: [PATCH 16/17] Fix copy'o

---
 udev/rules.d/96-cryptosd.rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 7cdab2da..186482c3 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -4,7 +4,7 @@ KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS",
 # For DM-Crypt "plain", also match sda0 to mmcblk1 to SUBSYSTEM=="block", but ensure (by ENV{ID_*}!= statements) that it appears to be unused space
 # Two rules, one for partitions and a tighter one for whole disks:
 KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
 
 # Carefully match resulting virtual node dm-* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details
 KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/usr/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"

From a9da9ac348b8c67e8d36f6e5cf96f152135bd552 Mon Sep 17 00:00:00 2001
From: olf <Olf0@users.noreply.github.com>
Date: Sun, 21 Feb 2021 13:56:06 +0100
Subject: [PATCH 17/17] Update 96-cryptosd.rules

---
 udev/rules.d/96-cryptosd.rules | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/udev/rules.d/96-cryptosd.rules b/udev/rules.d/96-cryptosd.rules
index 4c01dc5a..de96f41e 100644
--- a/udev/rules.d/96-cryptosd.rules
+++ b/udev/rules.d/96-cryptosd.rules
@@ -1,14 +1,14 @@
 # For DM-Crypt LUKS, match sda0 to mmcblk1 to both SUBSYSTEM=="block" and ENV{ID_FS_TYPE}=="crypto_LUKS"
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/systemd-escape --template=cryptosd-luks@.service crypto_luks_%E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="crypto_LUKS", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_luks_%E{ID_FS_UUID}", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=cryptosd-luks@.service crypto_luks_%E{ID_FS_UUID}", ENV{SYSTEMD_WANTS}="%c"
 
 # For DM-Crypt "plain", also match sda0 to mmcblk1 to SUBSYSTEM=="block", but ensure (by ENV{ID_*}!= statements) that it appears to be unused space
 # Two rules, one for partitions and a tighter one for whole disks:
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
-KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/usr/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ENV{ID_PART_TABLE_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="mmcblk1*|sd[a-z]*", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_USAGE}!="?*", ENV{ID_FS_TYPE}!="?*", ACTION=="add", OPTIONS+="string_escape=none", SYMLINK+="crypto_plain_%k", MODE="0660", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}="", PROGRAM=="/bin/systemd-escape --template=cryptosd-plain@.service crypto_plain_%k", ENV{SYSTEMD_WANTS}="%c"
 
 # Carefully match resulting virtual node dm-* to trigger mounting it; see /lib/udev/rules.d/10-dm.rules for details
-KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/usr/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_luks_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-luks@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"
 
 # Ditto for DM-Crypt "plain":
-KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/usr/systemd-escape --template=mount-cryptosd-plain@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"
+KERNEL=="dm-[0-9]*", SUBSYSTEM=="block", SYMLINK=="mapper/crypto_plain_*", ENV{ID_FS_USAGE}=="filesystem", ENV{DM_UDEV_RULES_VSN}=="[1-9]*", ACTION=="change", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}=="1", ENV{DM_ACTIVATION}=="1", ENV{DM_SUSPENDED}=="0", OPTIONS+="string_escape=none", GROUP="disk", MODE="0660", TAG+="systemd", PROGRAM=="/bin/systemd-escape --template=mount-cryptosd-plain@.service %E{DM_NAME}", ENV{SYSTEMD_WANTS}="%c"