Help for systemd-homed needed

Hello folks, i wanna try systemd-homed with a removable luks-encrypted usb stick.

But i'm not able to change the partition type to UUID 773f91ef-66d4-49b5-bd83-d683bf40ad16, which is a requirement to get things working. Also i don't get any matches for that specific uuid.

Any help is appreciated.

1 Like

You should probably use your own UUID. :slight_smile:

1 Like

You did read the wiki page?
Also see this for another user trying it:

You can do this using cgdisk - select the partition - navigate to type - input 8302 which will set the partition type to linux home - write the change and exit.

1 Like

Thank you for the tips! I managed to create 2 different users after reading the man page.
One portable user (archie) on a usb stick and one local user (janski) on a 2nd device.
The local user works fine. The portable user works fine on the original device but not
on the 2nd device:

systemd[1]: Starting Home Area Manager...
systemd-homed[511]: Successfully loaded private key pair.
systemd-homed[511]: User record janski.identity is signed only by us, accepting.
systemd-homed[511]: Added registered home for user janski.
systemd-homed[511]: User record archie.identity is not signed at all, ignoring.
systemd-homed[511]: Failed to query quota on /home/, ignoring.
systemd-homed[511]: Discovered new home for user archie through image /dev/disk/by-uuid/090fd8bd-5fe4-45b1-861b-56815d26c0ac.
systemd[1]: Started Home Area Manager.

There seems to be a problem regarding the trust level on the 2nd machine. I tried some other commands from homectl but with no success. Nevertheless I like the concept.
Does somebody knows something more on it?

I don't understand what you're doing exactly. Homed with Luks will create a /home/"user".home file container - not a luks partition. uuid is in container file.

You have to copy this container file in usb with a normal partition (ext4,...) you, you have a luks partition on usb ?

To use it on another machine, copy it from the usb to /home/ (or symlink)

ll /home
drwx------   2 root    root   4,0K "10.03.2020 16:14" coffre/
drwx--x---+ 44 patrick users  4,0K "22.03.2020 09:14" patrick/
-rw-------   1 root    root   4,0G "10.03.2020 16:33" coffre.home

coffre.home is mounted/decrypted in /home/coffre/ by homectl command or by classic connect (su,display-manager) if pam is modified

Hello @papajoke,

what you describe is the first supported storage mechanism of homed

An individual LUKS2 encrypted loopback file for a user, stored in /home/*.home.
At login the file system contained in this files is mounted, after the LUKS2 encrypted volume has been attached. etc.

That is in my use case user janski and his home-directory works great:

systemd-homed[511]: User record janski.identity is signed only by us, accepting.
systemd-homed[511]: Added registered home for user janski.

The second storage mechanism is described as this

Similar, but the LUKS2 encrypted file system is located on regular block device, such as an USB storage stick. In this mode home directories and all data they include are nicely migratable between machines, simply by plugging the USB stick into different systems at different times.

And that is what I want to achieve with user archie. For that I generated the user on a different machine (pc-2) with the homectl options --image-path=PATH_TO_USB and --storage=LUKS and with some additional groups -G wheel,storage, etc.
User archie works perfect on pc-2 but when plugging the usb device into the other machine (pc-1)
I get the following homed error message

User record archie.identity is not signed at all, ignoring.

And when trying to activate user archie manually on pc-1 I get the following message

Operation on home archie failed: Failed to execute operation: Key has been revoked

That's where I'm right now and I wonder how to get user archie working on pc-1.

At the moment the portable version of systemd-homed seems not really finished and not well documented :
post 1 https://lists.freedesktop.org/archives/systemd-devel/2020-April/044259.html
post 2 https://lists.freedesktop.org/archives/systemd-devel/2020-April/044265.html

I'll post an update when there is a reply or a solution.

Okay, today i started a new try with systemd-homed (v246)

  1. I created a new user with luks encryption on a portable device
homectl create lalala --real-name="lalala" --language=en_US.UTF-8 --member-of=sys,power,storage,network,wheel,input,lp,video,users --timezone="Europe/Berlin" --storage=luks --fs-type=ext4 --luks-discard=off --image-path=/dev/disk/by-id/usb-...
  1. modified the pam modules according to the arch-wiki

  2. copied the public key from /var/lib/systemd/homed/ to the 2nd PCs /var/lib/systemd/homed/

and IT WORKED - I was able to login at both PCs

Now I have a portable, individual encrypted home folder with all my stuff
which can simply plugged into any linux machine. VERY NICE.

3 Likes

Forum kindly sponsored by