From 5ce091484ee441576be5a47cb02b6809098e4f40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= <unbrot@dtext.online>
Date: Thu, 7 May 2026 17:39:55 +0200
Subject: [PATCH] mount_ecrypt_home: wait for FUSE mount before removing
 passfile

systemd-run service mode returns as soon as the start request is
accepted, before gocryptfs has read the passfile. Poll /proc/mounts
for up to 10 seconds so the passfile is only removed after the mount
is confirmed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 system_setup/mount_ecrypt_home.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/system_setup/mount_ecrypt_home.sh b/system_setup/mount_ecrypt_home.sh
index 0367822..537023a 100755
--- a/system_setup/mount_ecrypt_home.sh
+++ b/system_setup/mount_ecrypt_home.sh
@@ -99,7 +99,14 @@ systemd-run --user --unit=gocryptfs-home \
     --property=TimeoutStopSec=30 \
     gocryptfs -noprealloc -allow_other -passfile ${XDG_RUNTIME_DIR}/IPAVAULTKEY -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} >/dev/null
 RETVAL=$?
-rm ${XDG_RUNTIME_DIR}/IPAVAULTKEY
+# Service starts asynchronously - wait for the FUSE mount to appear before removing
+# the passfile, otherwise gocryptfs may not have read it yet
+_t=0
+while [ "${_t}" -lt 10 ] && ! grep -q "${DECRYPTEDDATADIR}" /proc/mounts 2>/dev/null; do
+    sleep 1
+    _t=$((_t + 1))
+done
+rm -f ${XDG_RUNTIME_DIR}/IPAVAULTKEY
 cd ${EXECDIR}
 if [ ${RETVAL} -eq 0 ]; then
     echo "Sucessfully mounted encrypted private Directory ${DECRYPTEDDATADIR}"