Unmount encrypted volume on logout

[tigerjack]

Is there any chance to unmount the encrypted volume on logout?

[mhogomchungu]

Will look into it.

[tigerjack]

Thanks @mhogomchungu for your work :).

[mhogomchungu]

The git version now unmounts all volumes and quit when it receives sigterm or sighup and i think this should fulfill the request.

I tried googling for a while now and i still have not find any documentation that says what signal applications receives when a user log out and i just assumed its one of the two.

What desktop environment are you using? WIll appreciate if you could test this and i will reopen the issue if the problem is still present.

[tigerjack]

@mhogomchungu I tried it, but with no success. I'm not using any desktop environment at the moment, just the i3 window manager. I just logout using loginctl kill-session $XDG_SESSION_ID. Not sure btw what a universal solution could be. Maybe using systemd or something like that?

Also, I can't reopen the issue.

[mhogomchungu]

Are you using the latest git version?

Try this:

1. Have zuluCrypt-gui running and with atleast one volume unlocked.
2. Open a terminal and run this command: kill -s 15 `pidof zuluCrypt-gui
3. Observe zuluCrypt-gui closing.
4. Start again zuluCrypt-gui.

Is the volume you originally unlocked still unlocked?

[tigerjack]

@mhogomchungu yes, it works as expected, i.e. the volume is correctly unmounted with the SIGTERM signal. This just doesn't work on logout.
Also, I'm not sure on how to test it with the cli version, given that ps aux | grep zulu doesn't return anything.

[mhogomchungu]

I dont use a systemd based system so i cant easily test your setup.

Why are you using loginctl kill-session $XDG_SESSION_ID and not loginctl terminate-session $XDG_SESSION_ID?

Without knowing anything about loginctl and based on my understanding of killing processes versus terminating them, i think you are using a wrong way of logging out,

The functionality was added only in zuluCrypt-gui and zuluMount-gui since these are the only two processes that hang around for a longer period of time.

[tigerjack]

@mhogomchungu maybe you're right, I don't remember why I used the kill command and not terminate one inside my logout script. Btw, it seems that terminate-session accomplish the goal.

The functionality was added only in zuluCrypt-gui and zuluMount-gui since these are the only two processes that hang around for a longer period of time.
What do you mean by that? zuluCrypt-cli is supposed to somehow automatically terminate after some period of time?

[mhogomchungu]

What do you mean by that? zuluCrypt-cli is supposed to somehow automatically terminate after some period of time?

zuluCrypt-cli is a backend and is the one that actually does all the heavy lifting.

When unlocking a volume, zuluCrypt-gui collects all necessary information and then it starts zuluCrypt-cli and pass it the collected information. zuluCrypt-cli uses the information to unlock a volume and them terminates.

zuluCrypt-cli is started by zuluCrypt-gui and it hangs around just to accomplish its task and then it terminates immediately after the task is complete.

Its takes a while to create and unlock VeraCrypt volumes and you will see zuluCrypt-cli in your ps output when you run it while zuluCrypt-gui is creating/unlocking a VeraCrypt volume.

[tigerjack]

@mhogomchungu zuluCrypt-cli is what I directly use most of the time, without opening the gui. So, from your high-level description, it seems that there is no way to accomplish the same goal without the gui, am I right?

[mhogomchungu]

Yes, you are right. CLI components(zuluCrypt-cli and zuluMount-cli) run for only a few second and it makes no sense to start an operation using zuluCrypt-cli and then logout within those few seconds.

[tigerjack]

@mhogomchungu I get the point, but if I run the cli version commands only, I can't automatically dismount them on logout, isn't it? So, in this case, maybe a logout script is required. Is there any command to dismount all the volumes mounted by zuluCrypt?

[tigerjack]

@mhogomchungu also, to me the problem is maybe more general and not related to the logout only. What if I suspend/hibernate the laptop and I'm physically away from it? Any other user of the system can then resume the laptop and look inside the volume (maybe if recover the password with some tricks).
There are plenty of questions on the web about the same problems, so maybe it isn't zuluCrypt specific but more general.

https://github.com/guns/go-luks-suspend
https://superuser.com/a/632780/317749

[mhogomchungu]

With help from google, i manage to create a script that somehow manages to lock all volumes opened by zuluCrypt, try it out and see if it works for you and if you can incorporate it to your logout process.

#!/bin/bash

u=`zuluCrypt-cli -L`

while read -r line; do
	if [ -z "$line" ]
	then
		a=($line) #bogus line
	else
		a=($line)
		zuluCrypt-cli -q -d "$a"
	fi

done <<< "$u"

[tigerjack]

@mhogomchungu thanks, really useful. I just suggest to replace -r with -ra to get only the first token from the line (i.e. the file path) instead of the full line (including mount point and the used crypto. This should only work in bash 3 or above IIRC and it's not portable to other shell.

EDIT: ok, I hadn't noticed the a=($line) part, so -ra should not be necessary.

[Piraty]

@tigerjack i suppose you're using a displaymanager then? else, logout would just be i3-msg exit and exit on the tty you end up at. (side note: i just use sx from the tty, no dm. and just poweroff to shutdown from i3 itself. no weird magic)
logind is a real bitch and i don't have it on my personal systems.

[tigerjack]

@Piraty yep, I'm using i3; and yes, I use i3-msg exit to simply close the i3 session. However, sometimes it is convenient to jalso logout from my session (to test something f.e.) and this is y I'm also using loginctl terminate-session in my exit script.

[VladimirCores]

I'm using 5.7.1 version and killing process does not unmount the image. Logout also does not unmount.