unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity

kwallet: remove ExecStop, stop old unit in user_run.sh instead

Browse Source 
ExecStop on the user service caused an unmount race: it fired
asynchronously after logout while the next login's install.sh had
already remounted the wallet, then unmounted it again leaving
kwalletd6 without its wallet directory.

install.sh already handles umount/remount at login start, so no
ExecStop is needed. On gocryptfs systems the wallet becomes
inaccessible at logout naturally when ~/data is unmounted.

user_run.sh now explicitly stops any leftover kwalletd6-logon unit
from a previous session before creating a new one, avoiding the
systemd-run unit-name-conflict failure.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Daniel unbrot Pätzold
2026-05-11 12:29:20 +02:00
parent b32cc96ca0
commit 5e0f268962
2 changed files with 2 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client_software/0010_kwallet/install.sh
-14
View File
@@ -39,12 +39,6 @@ WALLETFILE="${WALLETNAME}.kwl"
WALLETPATH="${DECRYPTEDDATADIR}/kwallet" WALLETPATH="${DECRYPTEDDATADIR}/kwallet"
WALLETPATH_CFG="$SUDO_HOME/.local/share/kwalletd" WALLETPATH_CFG="$SUDO_HOME/.local/share/kwalletd"
# Stop kwalletd6-logon.service first so its ExecStop (umount) fires before we remount the wallet.
# Without this, ExecStop races with the remount below and can unmount the freshly mounted wallet.
_USER_UID=$(id -u "${SUDO_USER}")
XDG_RUNTIME_DIR="/run/user/${_USER_UID}" DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/${_USER_UID}/bus" \
sudo -u "${SUDO_USER}" systemctl --user stop kwalletd6-logon.service 2>/dev/null || true
# Stop the daemon anyway if running # Stop the daemon anyway if running
# kwallet and kwalletmanager are optional and only started when an app has been using them already # kwallet and kwalletmanager are optional and only started when an app has been using them already
WALLET_PID=$( pgrep -u $SUDO_USER kwalletd6 ) WALLET_PID=$( pgrep -u $SUDO_USER kwalletd6 )
@@ -131,12 +125,4 @@ if [[ $? -ne 0 ]]; then
exit 1 exit 1
fi fi
echo "Done setting up kwallet from secure user folder." echo "Done setting up kwallet from secure user folder."
# Sudoers rule so kwalletd6-logon.service ExecStop can unmount the bind mount (needs root)
# Filename must not contain '.' or end in '~' or sudo ignores it
_SUDOUSER_SAFE=$(printf '%s' "${SUDO_USER}" | tr -dc 'a-zA-Z0-9_-')
printf '%s ALL=(root) NOPASSWD: /usr/bin/umount -l %s\n' "${SUDO_USER}" "${WALLETPATH_CFG}" \
> "/etc/sudoers.d/kwallet-umount-${_SUDOUSER_SAFE}"
chmod 440 "/etc/sudoers.d/kwallet-umount-${_SUDOUSER_SAFE}"
exit 0 exit 0
client_software/0010_kwallet/user_run.sh
+2 -3
View File
@@ -18,12 +18,11 @@ if [[ -z $(wmctrl -m | grep "KWin") ]]; then
fi fi
#Restart the service #Restart the service
WALLETPATH_CFG="${HOME}/.local/share/kwalletd" # Stop any leftover unit from a previous session before creating a new one
systemctl --user stop kwalletd6-logon.service 2>/dev/null || true
systemd-run --user --unit=kwalletd6-logon \ systemd-run --user --unit=kwalletd6-logon \
--property=RemainAfterExit=yes \ --property=RemainAfterExit=yes \
--property=SuccessExitStatus=1 \ --property=SuccessExitStatus=1 \
--property=Before=gocryptfs-home.service \
--property="ExecStop=/usr/bin/sudo /usr/bin/umount -l ${WALLETPATH_CFG}" \
kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 & kwalletd6 >${TEMPDIR}/kwalletd6.log 2>&1 &
sleep 1 sleep 1