ExecStop on the user service caused an unmount race: it fired
asynchronously after logout while the next login's install.sh had
already remounted the wallet, then unmounted it again leaving
kwalletd6 without its wallet directory.
install.sh already handles umount/remount at login start, so no
ExecStop is needed. On gocryptfs systems the wallet becomes
inaccessible at logout naturally when ~/data is unmounted.
user_run.sh now explicitly stops any leftover kwalletd6-logon unit
from a previous session before creating a new one, avoiding the
systemd-run unit-name-conflict failure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kwalletd6 exits with code 1 when the Wayland compositor shuts down
during logout. Without SuccessExitStatus=1, the service is marked
failed and ExecStop (the bind mount umount) never runs. Treating
exit code 1 as success keeps the service in active-exited state so
systemd fires ExecStop cleanly on session end.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch kwalletd6-logon from --scope to a transient service with
RemainAfterExit=yes (kwalletd6 forks to background, so the service
must stay active after the main process exits). ExecStop runs
'sudo umount -l' to detach the wallet bind mount before gocryptfs
unmounts ~/data (Before=gocryptfs-home.service ordering).
install.sh adds a per-user sudoers drop-in so the user service
can call umount as root without a password.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same root cause as the gocryptfs and Nextcloud fixes: kwalletd6 is a
long-running daemon that stays alive for the entire KDE session.
Launching it with setsid keeps it in the autostart service cgroup,
preventing app-logon_script.sh@autostart from reaching finished state.
Replace setsid with systemd-run --user --scope so kwalletd6 runs in
its own transient scope cgroup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold