[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Full encryption
From: |
Petter |
Subject: |
[PATCH] Full encryption |
Date: |
Wed, 16 Sep 2015 15:30:53 +0200 |
To run a fully encrypted GuixSD, Mark and Ludo dictated the following changes
for me. And i'm now only using one partition (which includes root and boot).
diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index 3081a93..0383a71 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -60,6 +60,10 @@
(mkdir (scope "proc")))
(mount "none" (scope "proc") "proc")
+ (unless (file-exists? (scope "dev"))
+ (mkdir (scope "dev")))
+ (mount "none" (scope "dev") "devtmpfs")
+
(unless (file-exists? (scope "sys"))
(mkdir (scope "sys")))
(mount "none" (scope "sys") "sysfs"))
@@ -385,9 +389,6 @@ to it are lost."
(unless (configure-qemu-networking)
(display "network interface is DOWN\n")))
- ;; Make /dev nodes.
- (make-essential-device-nodes)
-
;; Prepare the real root file system under /root.
(unless (file-exists? "/root")
(mkdir "/root"))
In config.scm we primarily added "(define %linux-modules.." and "(initrd..".
Here's my config.scm in full.
;; This is an operating system configuration template
;; for a "desktop" setup with X11.
(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
(use-package-modules xfce wicd avahi xorg certs)
(define %linux-modules
'(
;; cryptsetup/LUKS
"dm-crypt.ko" "xts.ko"))
(operating-system
(host-name "x200")
(timezone "Europe/Paris")
(locale "en_US.UTF-8")
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sda1")))
(initrd (lambda (fs . args)
(apply base-initrd fs
#:extra-modules %linux-modules
args)))
(mapped-devices (list (mapped-device
(source "/dev/sda1")
(target "guix")
(type luks-device-mapping))))
(file-systems (cons (file-system
(device "/dev/mapper/guix")
(title 'device)
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "petter")
(comment "Petter")
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video"))
(home-directory "/home/petter"))
%base-user-accounts))
;; Add Xfce and Ratpoison; that allows us to choose
;; sessions using either of these at the log-in screen.
(packages (cons* xfce ;desktop environments
xterm wicd avahi ;useful tools
nss-certs ;for HTTPS access
%base-packages))
;; Use the "desktop" services, which include the X11
;; log-in service, networking with Wicd, and more.
(services %desktop-services)
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
- [PATCH] Full encryption,
Petter <=