razamatan/00README.md

## 00README.md

      
    Raw
  

              00README.md
            
          
    mounting dmcrypted disks/partitions using openrc in wsl2

This assumes you can find and follow other directions elsewhere.
github is silly w/ not allowing / in filenames, so i used \.


install gentoo on wsl2 and make sure your starting openrc at wsl boot


follow
https://medium.com/@stefan.berkner/automatically-starting-an-external-encrypted-ssd-in-windows-subsystem-wsl-6403c34e9680
to get your disk setup.  if you follow that, it's encrypting an entire drive,
but you can do partitions or whatever disk setup you want for your linux setup.
the key thing is that you need to pass the entire drive (--bare) to let linux
have its way with the drive.  (also, you can't just mount a single partition of
a drive due to a current limitation per wsl docs.)
tip: use the following command in windows instead of the Powershell command they use in step 1
C:> wmic diskdrive list brief


IMPORTANT: STOP following the directions when your disk(s) are prepared and you're
ready to copychange the simple mounting script that they suggest.  we are doing
something cleaner.


update /etc/fstab so that your partitions can be easily mounted.  always set the
noauto mount option on ALL encrypted partitions.  read the comments in the example
/etc/fstab file below.  the example file shows both an encrypted (/home) and
unencrypted (/scratch) mount.


test your mounts manually to make sure they work as you expect


edit /etc/conf.d/dmcrypt to decrypt any encrypted partitions.  i've included the
continuing example of /home.  again read the comments.


rc-update add dmcrypt boot


download and copychange the /etc/init.d/wslmount init script.  again, read the comments
there.


rc-update add wslmount boot


KNOWN ISSUES


microsoft/WSL#11078 when starting up, wsl gives you the
prompt before all the openrc scripts finishes.  so, give it a few seconds/minutes
before hammering away.


## \etc\conf.d\dmcrypt
# /etc/conf.d/dmcrypt

dmcrypt_key_timeout=1
dmcrypt_retries=5

target=home
source=UUID="52d05b25-6510-457c-8468-c2e3cd630fb5"
key='/path/to/your/luks/key'
# remember that we turned off automounting in /etc/fstab?
# the pre_mount* directive will mount it for us _after_ it's unlocked.
# i would get silly mount failures and printed errors when relying on
# the correct ordering to be discovered by openrc.  this approach
# guarantees the partition is unencrypted before mounting cleanly.
#  * there is a bug in gentoo: https://bugs.gentoo.org/802198
#    use post_mount if they ever support/fix things
pre_mount='mount /home'

# we don't need a scratch target b/c it's unencrypted

## \etc\fstab
# /etc/fstab: static file system information.

# use labels or UUIDs to point to the appropriate mountable (unencrypted)
# paritions
#
# here is the blkid output of what my particular drive was partitioned with
#   /dev/sdc2: UUID="52d05b25-6510-457c-8468-c2e3cd630fb5" TYPE="crypto_LUKS" PARTUUID="39330c38-2841-cd4b-a862-888942c5d24b"
#   /dev/sdc1: UUID="EC59-77F2" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="4d4ede74-e578-3e48-8023-fe0ce721b825"
#   /dev/mapper/home: LABEL="home" UUID="a35368fe-bc9e-4b1e-9a9a-b8ecf0890a68" BLOCK_SIZE="4096" TYPE="ext4"

# IMPORTANT: for encrypted drives, ALWAYS set noauto in the mounting options
# (4th field, fs_mntops).  you don't have to use noatime like i do...
LABEL=home      /home                   ext4            noauto,noatime  0 2

# for completely unencrypted drives, you can let it automount (use whatever
# mounting options you need)
UUID=EC59-77F2  /scratch                vfat            noatime         0 2

## \etc\init.d\wslmount
#!/sbin/openrc-run
# Copyright 2024 razamatan
# Distributed under the terms of the GNU General Public License v2

name="Mount WSL disks"
description="Mount WSL2 disks"

# pick one identifier that is a part of some disk that will be given to wsl
# - you can move this out to /etc/conf.d/wslmount if you really want to
test_id=UUID=EC59-77F2

depend() {
        before dmcrypt
}

start() {
        if status; then
                ebegin "WSL disks already mounted"
                eend 0
        else
                ebegin "Mounting WSL disks"
                # update with your privileged windows task name from step 2
                /mnt/c/windows/system32/schtasks.exe /run /tn MountWSLDisks
                eend $?
        fi
}

status() {
        /sbin/findfs "${test_id}" > /dev/null 2>&1
}
	# /etc/conf.d/dmcrypt

	dmcrypt_key_timeout=1
	dmcrypt_retries=5

	target=home
	source=UUID="52d05b25-6510-457c-8468-c2e3cd630fb5"
	key='/path/to/your/luks/key'
	# remember that we turned off automounting in /etc/fstab?
	# the pre_mount* directive will mount it for us _after_ it's unlocked.
	# i would get silly mount failures and printed errors when relying on
	# the correct ordering to be discovered by openrc. this approach
	# guarantees the partition is unencrypted before mounting cleanly.
	# * there is a bug in gentoo: https://bugs.gentoo.org/802198
	# use post_mount if they ever support/fix things
	pre_mount='mount /home'

	# we don't need a scratch target b/c it's unencrypted
	# /etc/fstab: static file system information.

	# use labels or UUIDs to point to the appropriate mountable (unencrypted)
	# paritions
	#
	# here is the blkid output of what my particular drive was partitioned with
	# /dev/sdc2: UUID="52d05b25-6510-457c-8468-c2e3cd630fb5" TYPE="crypto_LUKS" PARTUUID="39330c38-2841-cd4b-a862-888942c5d24b"
	# /dev/sdc1: UUID="EC59-77F2" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="4d4ede74-e578-3e48-8023-fe0ce721b825"
	# /dev/mapper/home: LABEL="home" UUID="a35368fe-bc9e-4b1e-9a9a-b8ecf0890a68" BLOCK_SIZE="4096" TYPE="ext4"

	# IMPORTANT: for encrypted drives, ALWAYS set noauto in the mounting options
	# (4th field, fs_mntops). you don't have to use noatime like i do...
	LABEL=home /home ext4 noauto,noatime 0 2

	# for completely unencrypted drives, you can let it automount (use whatever
	# mounting options you need)
	UUID=EC59-77F2 /scratch vfat noatime 0 2
	#!/sbin/openrc-run
	# Copyright 2024 razamatan
	# Distributed under the terms of the GNU General Public License v2

	name="Mount WSL disks"
	description="Mount WSL2 disks"

	# pick one identifier that is a part of some disk that will be given to wsl
	# - you can move this out to /etc/conf.d/wslmount if you really want to
	test_id=UUID=EC59-77F2

	depend() {
	before dmcrypt
	}

	start() {
	if status; then
	ebegin "WSL disks already mounted"
	eend 0
	else
	ebegin "Mounting WSL disks"
	# update with your privileged windows task name from step 2
	/mnt/c/windows/system32/schtasks.exe /run /tn MountWSLDisks
	eend $?
	fi
	}

	status() {
	/sbin/findfs "${test_id}" > /dev/null 2>&1
	}