Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: shell_down script from cryptboot-s6 cannot unmount encrypted partitions. (Read 784 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

shell_down script from cryptboot-s6 cannot unmount encrypted partitions.

Code: [Select]
#!/usr/bin/env bash

do_lock() {
        umount /dev/mapper/"$1" >/dev/null
        cryptsetup luksClose "$1" >/dev/null
}

read_crypttab() {
        local line nspo
        while read line <&3; do
                [[ $line && $line != '#'* ]] || continue
                eval nspo=("${line%#*}")
                do_lock "${nspo[0]}" "${nspo[1]}" "${nspo[2]}" "${nspo[3]}"
        done 3< /etc/crypttab
}

vgchange --sysinit -a n &>/dev/null
read_crypttab

`umount /dev/mapper/cryptboot` fails because /dev/mapper/cryptboot is mounted on /boot and /boot/efi is mounted on top of /boot.

I suggest making mount-filesystems unmount every file system before cryptsetup closes decrypted devices.

Re: shell_down script from cryptboot-s6 cannot unmount encrypted partitions.

Reply #1
Yeah this script is deceiving because it will never actually work. I should probably just remove it. Nothing gets unmounted in s6 until the very, very end via s6-linux-init. There's no sane way to do this via s6-rc (because it's inherently parallel) and it would be foolish to try.

Re: shell_down script from cryptboot-s6 cannot unmount encrypted partitions.

Reply #2
Quote from: Dudemanguy – on
Yeah this script is deceiving because it will never actually work. I should probably just remove it. Nothing gets unmounted in s6 until the very, very end via s6-linux-init. There's no sane way to do this via s6-rc (because it's inherently parallel) and it would be foolish to try.

Tightly wound dependencies can make it safe to unmount partitions and close LUKS partitions in the presence of parallelism.
Is it safe to keep LUKS partitions open by dm-crypt during shutdown?

Re: shell_down script from cryptboot-s6 cannot unmount encrypted partitions.

Reply #3
The s6-supervisors would still run even after s6-rc is brought down. So at the very minimum, the root partition will always be busy. Not doing a luksClose just means that the drives don't get unmapped from /dev/mapper which doesn't matter since the machine is being shutdown anyway.