From: ludo@gnu.org (Ludovic Courtès)
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: guix-devel@gnu.org
Subject: Re: GuixSD encrypted root?
Date: Sun, 24 Apr 2016 23:23:07 +0200 [thread overview]
Message-ID: <87lh42bt1g.fsf@gnu.org> (raw)
In-Reply-To: <8737qadafh.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 24 Apr 2016 22:22:10 +0200")
ludo@gnu.org (Ludovic Courtès) skribis:
> Hey,
>
> Danny Milosavljevic <dannym@scratchpost.org> skribis:
>
>> Yeah, but even using a non-required-for-boot encrypted filesystem (i.e. not an encrypted root, just encrypted home) doesn't work. As soon as I add "mount? #t" it hangs.
>>
>> I'm now using a workaround where it's specified using "mount? #f" and I mount it using a autorun script in my homedir (using "mount /x"). That works fine.
>>
>> You're using an encrypted home, right? Does it work for you?
>
> Yes. My configuration looks like this:
>
> (operating-system
> ;; …
> (mapped-devices (list (mapped-device
> (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
> (target "home")
> (type luks-device-mapping))))
>
> (file-systems (cons* (file-system
> (device "root")
> (title 'label)
> (mount-point "/")
> (type "ext3"))
> (file-system
> (device "/dev/mapper/home")
> (mount-point "/home")
> (type "ext3"))
> %base-file-systems)))
>
> What about yours?
>
>> It's always very broken when I try - both guix reconfigure and sometimes the next boot process (!) hang.
>
> Earlier you wrote:
>
>> system reconfigure hangs at
>>
>> guix system: shepherd: Removing service 'file-system-/x'...
>> guix system: shepherd: Done.
>> guix system: loading new services: file-system-/x...
>> guix system: shepherd: Evaluating user expression (register-services (primitive-load "/gnu/s...")).
>
> At this point, shepherd loads and starts the service for file system /x,
> which does what appears in ‘file-system-shepherd-service’ in (gnu
> services base). Roughly, it runs fsck and then proceeds to mount /x.
>
> If you’re out of luck, fsck could take ages. Could it be what happened
> here?
Or, as Leo suggests, it could be that shepherd starts the device-mapping
service, which runs “cryptsetup luksOpen”, which never completes because
you don’t know it’s waiting for you to enter a passphrase.
Ludo’.
next prev parent reply other threads:[~2016-04-24 21:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 21:05 GuixSD encrypted root? Danny Milosavljevic
2016-04-18 21:24 ` Danny Milosavljevic
2016-04-19 7:51 ` Danny Milosavljevic
2016-04-19 8:13 ` Danny Milosavljevic
2016-04-23 7:31 ` Danny Milosavljevic
2016-04-24 14:22 ` Ludovic Courtès
2016-04-24 16:04 ` Danny Milosavljevic
2016-04-24 18:51 ` Leo Famulari
2016-04-24 20:22 ` Ludovic Courtès
2016-04-24 21:23 ` Ludovic Courtès [this message]
2016-04-25 1:24 ` Danny Milosavljevic
2016-04-25 8:02 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lh42bt1g.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=dannym@scratchpost.org \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).