From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id QG6tHNyugWGJCgAAgWs5BA (envelope-from ) for ; Tue, 02 Nov 2021 22:34:20 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 0Bs9GNyugWH1OQAAbx9fmQ (envelope-from ) for ; Tue, 02 Nov 2021 21:34:20 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 14EA8249F6 for ; Tue, 2 Nov 2021 22:34:20 +0100 (CET) Received: from localhost ([::1]:46702 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mi1QB-00024Y-9M for larch@yhetil.org; Tue, 02 Nov 2021 17:34:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40496) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mhWIE-0001JY-TN for bug-guix@gnu.org; Mon, 01 Nov 2021 08:20:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50585) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mhWIE-0000hg-If for bug-guix@gnu.org; Mon, 01 Nov 2021 08:20:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mhWIE-0006TG-Dj for bug-guix@gnu.org; Mon, 01 Nov 2021 08:20:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#51547: Erase / on boot References: <0eb0cb5f-2a76-08b6-1e24-ea1593b56c98@tom-fitzhenry.me.uk> In-Reply-To: <0eb0cb5f-2a76-08b6-1e24-ea1593b56c98@tom-fitzhenry.me.uk> Resent-From: Tom Fitzhenry Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 01 Nov 2021 12:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51547 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 51547@debbugs.gnu.org Received: via spool by 51547-submit@debbugs.gnu.org id=B51547.163576916224813 (code B ref 51547); Mon, 01 Nov 2021 12:20:02 +0000 Received: (at 51547) by debbugs.gnu.org; 1 Nov 2021 12:19:22 +0000 Received: from localhost ([127.0.0.1]:33898 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mhWHa-0006S9-6k for submit@debbugs.gnu.org; Mon, 01 Nov 2021 08:19:22 -0400 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:40855) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mhWHW-0006Rv-Lf for 51547@debbugs.gnu.org; Mon, 01 Nov 2021 08:19:21 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 9D441320153D for <51547@debbugs.gnu.org>; Mon, 1 Nov 2021 08:19:12 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Mon, 01 Nov 2021 08:19:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= tom-fitzhenry.me.uk; h=message-id:date:mime-version:to:from :subject:content-type:content-transfer-encoding; s=fm3; bh=8z0hX diuckiv37tH7VubT3ltsXRP5papinhCdR+knXA=; b=rWt5u0ziYJXh9f+jjH8rB tbsHoQr7g2M6ThAZyIVJ7rlLL2S+yhtVlFYxjGfpX7Xls660yPi8SLlUm3zEJNPl IuQFSt89lA1SxMru4taTBGTeUbr3rGJL3NSw/11EGk6lMWNUIHsWcpvZwwl/EOXS LfodewYZTszwXc4sbPQUKqMRacpz4ufoaGMNBNUBK3wQL2xUkii1aLRZ0TjbPebX bBrUQT5i45VZN4n4gjj9vqNy1EASQ99tllz5HnhCIOBq71clxau3/zt2xFclgaTj md4VfVGTrj8SpiTE3Lt5F3oYsNayYvan1+hDgoNjHvc2aiRyn0Bq3fuFybwf4DP+ A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=8z0hXd iuckiv37tH7VubT3ltsXRP5papinhCdR+knXA=; b=IEScTcI2Iv6yUbrUDdNqxj RZFr/pzXB0GO2fYhYVT0tAoG60XcdEeFUU0JsqV7qU9xCauE5bQIGwACwqqjCcQJ vJOogxWJc0PzxyksZiuPQ9TGXM/KF3mPuGbexN+SzY0ho06uoAtenNM43MyUJ80B kiTcPR/QH2588GCewYrHdtqD525ZMNXohYI+EC3IEzb9NF2uMefj9JK/OrzI3ERq 9gscyyRuDB72nqsWgGAW+ZJ9qWSxYHmr0lQcIL1RX/KmGHmHb+Kjg4IrR+HkDw05 +D8rb3YdJJeytiWPrhsNjKhigPqy6Ex2TQedVsb1ceLoprqVzUvwCjWm0aPk+4Mw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvdehvddgfeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfvhffutgfgsehtjeertd dtfeejnecuhfhrohhmpefvohhmucfhihhtiihhvghnrhihuceothhomhesthhomhdqfhhi thiihhgvnhhrhidrmhgvrdhukheqnecuggftrfgrthhtvghrnhepgeeludejkeeigffhle eiheeuleevkeekhfffffeiudeguedtgfehtefhtdeiieeinecuffhomhgrihhnpehgnhhu rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epthhomhesthhomhdqfhhithiihhgvnhhrhidrmhgvrdhukh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for <51547@debbugs.gnu.org>; Mon, 1 Nov 2021 08:19:10 -0400 (EDT) Message-ID: Date: Mon, 1 Nov 2021 23:19:08 +1100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.2 Content-Language: en-US From: Tom Fitzhenry Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Tue, 02 Nov 2021 17:34:09 -0400 X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1635888860; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=8z0hXdiuckiv37tH7VubT3ltsXRP5papinhCdR+knXA=; b=unKmEINDgmBRgDCgh1WsrUbg7puVv3zZapE35Km3GkIEqLMN5k++HQhyQSv2opz3NBjwsx wa6TppXZnCzQy9Euwg7iJmfMNPh/KIXWI4kCUyabddcv4PgZzinvsILatJncoVwCBM6Azf yuTVUetVLx/OAlcbd9p98cNa6T8LkxrazUeMVFDvUeNJUyCo4yso184GAIO2sKkBl5hDrb oUHX00+69XAf/ptYZ/g0UKYwU/hhXIS9gV3QKsjRuhO8NtIip8RZ3rWoaTNJJ5uBZOz7fy ok+Wd4kpRNPEwJVq7AQOASHrsVx7t7TIc0u25nnIDin9SYWpfiiTcDxSThiG0Q== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1635888860; a=rsa-sha256; cv=none; b=e/2QuH7x08mlGS+i/Q9XsU46+gVGuii8oAR4qoAnhaKHDG3u/g9t5VXgkeJpMCyHsdk6MT buI3T4LHoe4Z0tC81ieZA96hgKqCZ7c77edXnxG3le37MSOnB0oPcBX2wa2sMi1mUzqEN0 9fzlcccPELfjyOcD0+evtrEYPSohE/4oeJ21FqWBmkpA4dEJa31AQEtp2yvDlQdK0nYKQI 3/9jA/RqEdCh5b3UUPyyLH4kIb6/qnOY2FjUyD6Vde3SNlbEYeJloAD03MnFiFNdhFjans DAGhVg/TgN1txhkOIuRnnvKozYmsOJ0cAP5+CWn8chuiFMA7L3tUtr2MAQfg2Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tom-fitzhenry.me.uk header.s=fm3 header.b=rWt5u0zi; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b=IEScTcI2; dmarc=fail reason="SPF not aligned (relaxed)" header.from=tom-fitzhenry.me.uk (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -0.32 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tom-fitzhenry.me.uk header.s=fm3 header.b=rWt5u0zi; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b=IEScTcI2; dmarc=fail reason="SPF not aligned (relaxed)" header.from=tom-fitzhenry.me.uk (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 14EA8249F6 X-Spam-Score: -0.32 X-Migadu-Scanner: scn0.migadu.com X-TUID: 5jTuh9TBDMm3 Adventures so far... I've pasted a working system configuration at the bottom. The idea is to boot / as tmpfs, and to mount the minimal set of directories from persistent storage: * /boot * /gnu * /home is not strictly required, but is useful! * /var/guix What's working: * Booting to GNOME * `guix system reconfigure` * Booting previous generations * /etc and /var are empty upon boot, woo! A few issues: * Bootstrapping all this is non-trivial. It requires fiddling with partitions, and getting it wrong can easily make your system unbootable. Suggestions? Maybe the user could set up bind-mounts to map to their preferred partition scheme? A basic cookbook entry could bind-mount directories from a single ext4 partition to the required directories. * I tried setting up /gnu and /var/guix as bind-mounts per , but this didn't seem to work from initrd: the kernel panic'd on boot. I need to confirm this and raise a bug. * Mounting / as tmpfs falsely requires a device, otherwise it waits forever on boot. I need to confirm this and raise a bug. * Activation-on-boot fails due to inexistence of /run and /var/run. fixes this. Here's the config: (use-modules (gnu)) (use-service-modules desktop networking ssh xorg) (operating-system (timezone "Australia/Sydney") (host-name "test") (users (cons* (user-account (name "tom") (comment "Tom") (group "users") (home-directory "/home/tom") ;; Needed since /etc/passwd is not persisted. (password (crypt "password" "foobar")) (supplementary-groups '("wheel" "netdev" "audio" "video"))) %base-user-accounts)) (packages (append (list (specification->package "emacs-next")) %base-packages)) (services (append (list (service gnome-desktop-service-type) (set-xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout)))) %desktop-services)) (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda") (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system (mount-point "/") (device ;; TODO: Raise bug that root-as-tmpfs falsely requires a partition. (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da" 'btrfs)) (options "size=1G") (type "tmpfs")) (file-system (mount-point "/boot") (device (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da" 'btrfs)) (options "subvol=boot") (needed-for-boot? #t) (type "btrfs")) (file-system (mount-point "/home") (device (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da" 'btrfs)) (options "subvol=home") (type "btrfs")) (file-system (mount-point "/var/guix") (device (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da" 'btrfs)) (options "subvol=var/guix") ;; Needed to boot old generations, which needs /var/guix/profiles/ (needed-for-boot? #t) (type "btrfs")) (file-system (mount-point "/gnu") (device (uuid "59457d60-2b08-4f5c-b1c7-e29cd5f7a3da" 'btrfs)) (options "subvol=gnu") (needed-for-boot? #t) (type "btrfs")) %base-file-systems)))