From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#21843: Generated grub.cfg does not support encrypted roots Date: Wed, 23 Nov 2016 21:21:05 +0100 Message-ID: <877f7u6j7y.fsf@gnu.org> References: <87twozi0ql.fsf@gnu.org> <20160308192104.GA22722@solar> <20160308193309.GA2251@solar> <87y47ywyy4.fsf@gnu.org> <87vb2x8mac.fsf@gnu.org> <7778a48f-1d46-9fb6-dfa3-92e398f0bbeb@cbaines.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37968) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c9e3T-00028g-AN for bug-guix@gnu.org; Wed, 23 Nov 2016 15:22:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c9e3O-0003Tu-7q for bug-guix@gnu.org; Wed, 23 Nov 2016 15:22:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:52446) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1c9e3O-0003Tm-3t for bug-guix@gnu.org; Wed, 23 Nov 2016 15:22:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1c9e3N-0003b6-Kn for bug-guix@gnu.org; Wed, 23 Nov 2016 15:22:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <7778a48f-1d46-9fb6-dfa3-92e398f0bbeb@cbaines.net> (Christopher Baines's message of "Wed, 26 Oct 2016 07:56:12 +0100") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Christopher Baines Cc: 21843@debbugs.gnu.org Hello! (And apologies Christopher for not replying earlier!) I=E2=80=99m happy to report that this issue is finally fixed in f7f292d359e0eb77617f4ecf6b3164f868ec1784! The complete list of relevant commits is this: --8<---------------cut here---------------start------------->8--- f7f292d * install: Enable "cryptodisk" handling in GRUB. b7d408e * mapped-devices: Use 'cryptsetup-static' in 'luks-device-mapping'. fe93383 * marionette: Add 'marionette-screen-text' using OCR. f25c9eb * marionette: Delay synchronization with the host's REPL. [...] 106b389 * gnu: Add 'cryptsetup-static'. 01f94cc * gnu: Add 'lvm2-static'. 10da75d * gnu: grub: Add dependency on LVM2. --8<---------------cut here---------------end--------------->8--- Without LVM2 support, =E2=80=98grub-install=E2=80=99 and =E2=80=98grub-prob= e=E2=80=99 would fail to determine what to do with the LUKS-encrypted partition. When using =E2=80=98cryptsetup=E2=80=99 instead of =E2=80=98cryptsetup-stat= ic=E2=80=99, we were pulling the whole closure of =E2=80=98cryptsetup=E2=80=99 (105=C2=A0MiB) in the ini= trd, which was clearly unreasonable. ;-) The guts was to come up with a test strategy that would work. The difficulty here is that we have to enter a passphrase early one in GRUB, and then once again once the kernel has booted, when =E2=80=98cryptsetup=E2= =80=99 is invoked from the initrd. At this point, we have no good communication channel with the hosts, hence the screenshots with OCR! (Idea stolen from NixOS=E2=80=99 own tests.) You can run the test with: make check-system TESTS=3Dencrypted-root-os Further testing welcome! Ludo=E2=80=99.