obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

gocryptfs: clean session mount/unmount via systemd service #29

Merged
obel1x merged 7 commits from unbrot/fedora-OEMDRV:main into main 2026-05-07 18:07:11 +02:00
Conversation 0 Commits 7 Files Changed 8
+44 -27
unbrot commented 2026-05-07 18:05:41 +02:00
Contributor
Copy Link
Copy Source

Summary

  • mount_ecrypt_home: switch from --scope to a transient systemd user service so ExecStop can run fusermount -u on logout, cleanly unmounting gocryptfs
  • mount_ecrypt_home: add -fg flag to keep gocryptfs in foreground so the service stays active (without it, gocryptfs forks to background, the tracked process exits, and systemd immediately calls ExecStop)
  • mount_ecrypt_home: poll /proc/mounts before removing passfile, since service mode starts asynchronously and gocryptfs may not have read the file yet
  • logon_script: gate kwriteconfig5 calls on XDG_CURRENT_DESKTOP=KDE; also set loginMode=2 (empty session) so previous apps are not restored on login

Test plan

  • Login: gocryptfs mounts ~/data and gocryptfs-home.service stays active
  • Logout: fusermount -u is called via ExecStop, directory is unmounted cleanly
  • On Cinnamon: kwriteconfig5 calls are skipped
  • On KDE: new sessions start empty (no app restore)

🤖 Generated with Claude Code

## Summary - `mount_ecrypt_home`: switch from `--scope` to a transient systemd user service so `ExecStop` can run `fusermount -u` on logout, cleanly unmounting gocryptfs - `mount_ecrypt_home`: add `-fg` flag to keep gocryptfs in foreground so the service stays active (without it, gocryptfs forks to background, the tracked process exits, and systemd immediately calls `ExecStop`) - `mount_ecrypt_home`: poll `/proc/mounts` before removing passfile, since service mode starts asynchronously and gocryptfs may not have read the file yet - `logon_script`: gate `kwriteconfig5` calls on `XDG_CURRENT_DESKTOP=KDE`; also set `loginMode=2` (empty session) so previous apps are not restored on login ## Test plan - [x] Login: gocryptfs mounts `~/data` and `gocryptfs-home.service` stays active - [x] Logout: `fusermount -u` is called via `ExecStop`, directory is unmounted cleanly - [x] On Cinnamon: `kwriteconfig5` calls are skipped - [x] On KDE: new sessions start empty (no app restore) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
unbrot added 7 commits 2026-05-07 18:05:41 +02:00
0030_desktop_symbols does not need root for installing 063011d404
Mozilla_pre: Make Firefox profile customizable 49a998fc12
install: given repo url will be used intead of already existing ones fdc2a44582
mount_ecrypt_home: unmount gocryptfs cleanly on session logout 4da2a3fa69 
Switch from --scope to a transient service so systemd can run
fusermount -u via ExecStop before terminating the process.
With KillMode=none, gocryptfs exits on its own once the FUSE
filesystem is detached.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
logon_script: gate KDE-specific settings on XDG_CURRENT_DESKTOP 588f669a60 
Wrap kwriteconfig5 calls in a KDE check so they are skipped on
Cinnamon and other desktops. Also add empty-session setting so
previous apps are not restored on login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
mount_ecrypt_home: wait for FUSE mount before removing passfile 815fa46daa 
systemd-run service mode returns as soon as the start request is
accepted, before gocryptfs has read the passfile. Poll /proc/mounts
for up to 10 seconds so the passfile is only removed after the mount
is confirmed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
mount_ecrypt_home: run gocryptfs in foreground to fix premature ExecStop b9d13e821d 
Without -fg, gocryptfs forks to background and the parent exits,
causing systemd to consider the service done and immediately call
ExecStop (fusermount -u). With -fg, gocryptfs stays as the tracked
service process so ExecStop only fires on explicit service stop at
logout.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
obel1x merged commit ef5d6cbf7f into main 2026-05-07 18:07:11 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
obel1x (Daniel Pätzold)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: obel1x/fedora-OEMDRV#29
Delete Branch "unbrot/fedora-OEMDRV:main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?