[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GuixSD encrypted root?
From: |
Ludovic Courtès |
Subject: |
Re: GuixSD encrypted root? |
Date: |
Mon, 25 Apr 2016 10:02:43 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Danny Milosavljevic <address@hidden> skribis:
> Hi,
>
>> Or, as Leo suggests, it could be that shepherd starts the device-mapping
>> service, which runs “cryptsetup luksOpen”, which never completes because
>> you don’t know it’s waiting for you to enter a passphrase.
>
> I doubt that it's that. The only change I have to do for it to work just fine
> is to add "(mount? #f)". So I suspect that the cryptsetup works. (The only
> thing I have to type manually is "mount /x" later - and that works, too)
>
> But I didn't know that Guix would run fsck on guix reconfigure.
‘guix system reconfigure’ starts new services, and that is part of a
service.
> Maybe I just have to wait longer as it's a huge partition (with almost
> nothing on it, though). Also, I've checked gnu/services/base.scm and
> it seems to hard-code e2fsprogs. I use btrfs, though.
Only ext[234] are supported currently, indeed. There’s
<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19280> and it’s been
discussed on the mailing list recently (I think Tobias made progress in
that direction).
> My config (which is working fine because of the "(mount #f)") is:
>
> (define dayas-sys (mapped-device
> (source (uuid
> "cedd378f-329c-44c4-ab40-f74f0c1701a2"))
> (target "dayas-sys")
> (type luks-device-mapping)))
>
> (operating-system
> ;; ...
> (mapped-devices (list dayas-sys))
> (file-systems (cons* (file-system
> (device "/dev/sda1")
> (title 'dayas:/)
> (mount-point "/")
> (type "ext4")
> (needed-for-boot? #t))
> (file-system
> (device "/dev/mapper/dayas-sys")
> (mount-point "/x")
> (type "btrfs")
> (needed-for-boot? #f)
> (mount? #f) ; otherwise does not work.
> (dependencies (list dayas-sys)))
> %base-file-systems))
> ;...
> )
>
> How come yours doesn't have a "dependencies" entry? Is it somehow computed by
> examining the "device" (/dev/mapper/...) entry?
The ‘dependencies’ field can be omitted if you change the ’title’ field
of the /x entry to 'device (info "(guix) File Systems"):
However, when the source of a file system is a mapped device
(*note Mapped Devices::), its ‘device’ field _must_ refer to
the mapped device name—e.g., ‘/dev/mapper/root-partition’—and
consequently ‘title’ must be set to ‘'device’. This is
required so that the system knows that mounting the file
system depends on having the corresponding device mapping
established.
I admit this is not ideal. I’d rather allow the ‘device’ field of
<file-system> to contain directly the <mapped-device>.
HTH,
Ludo’.
- Re: GuixSD encrypted root?, (continued)