From 5e0f26896239639bf905d33a8cd0935b1562b89d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= Date: Mon, 11 May 2026 12:29:20 +0200 Subject: [PATCH] kwallet: remove ExecStop, stop old unit in user_run.sh instead ExecStop on the user service caused an unmount race: it fired asynchronously after logout while the next login's install.sh had already remounted the wallet, then unmounted it again leaving kwalletd6 without its wallet directory. install.sh already handles umount/remount at login start, so no ExecStop is needed. On gocryptfs systems the wallet becomes inaccessible at logout naturally when ~/data is unmounted. user_run.sh now explicitly stops any leftover kwalletd6-logon unit from a previous session before creating a new one, avoiding the systemd-run unit-name-conflict failure. Co-Authored-By: Claude Sonnet 4.6 --- client_software/0010_kwallet/install.sh | 14 -------------- client_software/0010_kwallet/user_run.sh | 5 ++--- 2 files changed, 2 insertions(+), 17 deletions(-) diff --git a/client_software/0010_kwallet/install.sh b/client_software/0010_kwallet/install.sh index 1461054..0e6bb42 100755 --- a/client_software/0010_kwallet/install.sh +++ b/client_software/0010_kwallet/install.sh @@ -39,12 +39,6 @@ WALLETFILE="${WALLETNAME}.kwl" WALLETPATH="${DECRYPTEDDATADIR}/kwallet" WALLETPATH_CFG="$SUDO_HOME/.local/share/kwalletd" -# Stop kwalletd6-logon.service first so its ExecStop (umount) fires before we remount the wallet. -# Without this, ExecStop races with the remount below and can unmount the freshly mounted wallet. -_USER_UID=$(id -u "${SUDO_USER}") -XDG_RUNTIME_DIR="/run/user/${_USER_UID}" DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/${_USER_UID}/bus" \ - sudo -u "${SUDO_USER}" systemctl --user stop kwalletd6-logon.service 2>/dev/null || true - # Stop the daemon anyway if running # kwallet and kwalletmanager are optional and only started when an app has been using them already WALLET_PID=$( pgrep -u $SUDO_USER kwalletd6 ) @@ -131,12 +125,4 @@ if [[ $? -ne 0 ]]; then exit 1 fi echo "Done setting up kwallet from secure user folder." - -# Sudoers rule so kwalletd6-logon.service ExecStop can unmount the bind mount (needs root) -# Filename must not contain '.' or end in '~' or sudo ignores it -_SUDOUSER_SAFE=$(printf '%s' "${SUDO_USER}" | tr -dc 'a-zA-Z0-9_-') -printf '%s ALL=(root) NOPASSWD: /usr/bin/umount -l %s\n' "${SUDO_USER}" "${WALLETPATH_CFG}" \ - > "/etc/sudoers.d/kwallet-umount-${_SUDOUSER_SAFE}" -chmod 440 "/etc/sudoers.d/kwallet-umount-${_SUDOUSER_SAFE}" - exit 0 diff --git a/client_software/0010_kwallet/user_run.sh b/client_software/0010_kwallet/user_run.sh index 3d258b3..108fbe2 100755 --- a/client_software/0010_kwallet/user_run.sh +++ b/client_software/0010_kwallet/user_run.sh @@ -18,12 +18,11 @@ if [[ -z $(wmctrl -m | grep "KWin") ]]; then fi #Restart the service -WALLETPATH_CFG="${HOME}/.local/share/kwalletd" +# Stop any leftover unit from a previous session before creating a new one +systemctl --user stop kwalletd6-logon.service 2>/dev/null || true systemd-run --user --unit=kwalletd6-logon \ --property=RemainAfterExit=yes \ --property=SuccessExitStatus=1 \ - --property=Before=gocryptfs-home.service \ - --property="ExecStop=/usr/bin/sudo /usr/bin/umount -l ${WALLETPATH_CFG}" \ kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 & sleep 1