From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Enge <andreas@enge.fr>
Subject: bug#21843: Generated grub.cfg does not support encrypted roots
Date: Wed, 16 Mar 2016 21:40:00 +0100
Message-ID: <20160316204000.GA8709@solar>
References: <87twozi0ql.fsf@gnu.org> <20160308192104.GA22722@solar>
	<20160308193309.GA2251@solar> <8760wuy9mt.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51929)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1agIFf-0000iU-3c
	for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1agIFa-0006xg-4j
	for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:53349)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1agIFa-0006xc-1B
	for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1agIFZ-0002Ty-Pg
	for bug-guix@gnu.org; Wed, 16 Mar 2016 16:41:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.21843.B21843.14581608129468@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <8760wuy9mt.fsf@gnu.org>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 21843@debbugs.gnu.org

On Thu, Mar 10, 2016 at 10:17:46AM +0100, Ludovic Courtès wrote:
> Furthermore, to allow users to specify a LUKS UUID as the ‘source’ of
> their ‘mapped-device’ form, as in:
>    (mapped-device
>      (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) ;LUKS UUID
>      (target "root")
>      (type luks-device-mapping))
> we’d have to extend <mapped-device-kind> with a method to resolve UUIDs
> (in this case, to map a UUID to a /dev node.)

I just read a bit of the cryptsetup manual; we do not need to do the
resolution, in the above example we would have the line
   cryptomount -u cb67fc72-0d54-4c88-9d4b-b225f30b0f44
(as discussed previously; it works at least without the dashes, we can also
try to keep the dashes).
And then it should be possible to open the device with
   cryptsetup luksOpen UUID=cb67fc72-0d54-4c88-9d4b-b225f30b0f44 root
This looks for the given uuid in /dev/disk/by-uuid.

I wanted to give it a try with the installation image, but unfortunately it
does not contain the directory /dev/disk.

Andreas