From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Enge <andreas@enge.fr>
Subject: bug#21843: Generated grub.cfg does not support encrypted roots
Date: Thu, 10 Mar 2016 10:48:37 +0100
Message-ID: <20160310094837.GA30197@solar>
References: <87twozi0ql.fsf@gnu.org> <20160308192104.GA22722@solar>
	<20160308193309.GA2251@solar> <8760wuy9mt.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58096)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adxDN-0002tt-7I
	for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:06 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adxDJ-0005f9-VW
	for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:05 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:45140)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adxDJ-0005f4-Rz
	for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1adxDJ-0007xI-KO
	for bug-guix@gnu.org; Thu, 10 Mar 2016 04:49:01 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.21843.B21843.145760332830562@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <8760wuy9mt.fsf@gnu.org>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 21843@debbugs.gnu.org

On Thu, Mar 10, 2016 at 10:17:46AM +0100, Ludovic Courtès wrote:
> IIUC we don’t *have* to pass the UUID to ‘cryptomount’; we could also
> pass the device name, in GRUB format

Yes, but my idea was that the uuid is something we can determine
at instantiation time. If the mapped device is /dev/sdd3, we can run
   (system* "cryptsetup" "luksUUID" "/dev/sdd3")
and obtain the uuid.

I suppose we could also use the grub device (hd3,msdos3) in this case,
but I do not know what is the mapping between /dev nodes and these devices,
and if it is actually a function that could be computed from the file name
in /dev only or not.

>    (mapped-device
>      (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID
>      (target "root")
>      (type luks-device-mapping))
> we’d have to extend <mapped-device-kind> with a method to resolve UUIDs
> (in this case, to map a UUID to a /dev node.)

We can also let the users do the work (and document this in the manual),
by having them supply all the informatin:

   (mapped-device
     (source "/dev/sdd3")
     (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44") ;LUKS UUID
     (target "root")
     (type luks-device-mapping)
     (needed-for-boot? #t))

> Besides, I think we should only worry about the mapped device(s) that
> back / and /boot, rather than any mapped device, no?

This could either be solved by determining which file systems have
needed-for-boot? #t and determine the corresponding mapped devices,
or by adding such a parameter for the mapped-device as in my suggestion
above.

Or we do it all automatically for / and /boot and drop the parameter
needed-for-boot? everywhere.

Andreas