guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GuixSD encrypted root?

From: Ludovic Courtès
Subject: Re: GuixSD encrypted root?
Date: Sun, 24 Apr 2016 23:23:07 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) 
address@hidden (Ludovic Courtès) skribis:

> Hey,
>
> Danny Milosavljevic <address@hidden> skribis:
>
>> Yeah, but even using a non-required-for-boot encrypted filesystem (i.e. not 
>> an encrypted root, just encrypted home) doesn't work. As soon as I add 
>> "mount? #t" it hangs.
>>
>> I'm now using a workaround where it's specified using "mount? #f" and I 
>> mount it using a autorun script in my homedir (using "mount /x"). That works 
>> fine.
>>
>> You're using an encrypted home, right? Does it work for you?
>
> Yes.  My configuration looks like this:
>
>   (operating-system
>     ;; …
>     (mapped-devices (list (mapped-device
>                            (source (uuid 
> "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
>                            (target "home")
>                            (type luks-device-mapping))))
>
>     (file-systems (cons* (file-system
>                            (device "root")
>                            (title 'label)
>                            (mount-point "/")
>                            (type "ext3"))
>                          (file-system
>                            (device "/dev/mapper/home")
>                            (mount-point "/home")
>                            (type "ext3"))
>                          %base-file-systems)))
>
> What about yours?
>
>> It's always very broken when I try - both guix reconfigure and sometimes the 
>> next boot process (!) hang.
>
> Earlier you wrote:
>
>> system reconfigure hangs at
>>
>>   guix system: shepherd: Removing service 'file-system-/x'...
>>   guix system: shepherd: Done.
>>   guix system: loading new services: file-system-/x...
>>   guix system: shepherd: Evaluating user expression (register-services 
>> (primitive-load "/gnu/s...")).
>
> At this point, shepherd loads and starts the service for file system /x,
> which does what appears in ‘file-system-shepherd-service’ in (gnu
> services base).  Roughly, it runs fsck and then proceeds to mount /x.
>
> If you’re out of luck, fsck could take ages.  Could it be what happened
> here?

Or, as Leo suggests, it could be that shepherd starts the device-mapping
service, which runs “cryptsetup luksOpen”, which never completes because
you don’t know it’s waiting for you to enter a passphrase.

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]