[PATCH] Full encryption

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

* [PATCH] Full encryption
@ 2015-09-16 13:30 Petter
  2015-09-20 20:10 ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: Petter @ 2015-09-16 13:30 UTC (permalink / raw)
  To: guix-devel

To run a fully encrypted GuixSD, Mark and Ludo dictated the following changes for me. And i'm now only using one partition (which includes root and boot).

diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index 3081a93..0383a71 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -60,6 +60,10 @@
     (mkdir (scope "proc")))
   (mount "none" (scope "proc") "proc")
 
+  (unless (file-exists? (scope "dev"))
+    (mkdir (scope "dev")))
+  (mount "none" (scope "dev") "devtmpfs")
+
   (unless (file-exists? (scope "sys"))
     (mkdir (scope "sys")))
   (mount "none" (scope "sys") "sysfs"))
@@ -385,9 +389,6 @@ to it are lost."
          (unless (configure-qemu-networking)
            (display "network interface is DOWN\n")))
 
-       ;; Make /dev nodes.
-       (make-essential-device-nodes)
-
        ;; Prepare the real root file system under /root.
        (unless (file-exists? "/root")
          (mkdir "/root"))




In config.scm we primarily added "(define %linux-modules.." and "(initrd..". Here's my config.scm in full.

;; This is an operating system configuration template
;; for a "desktop" setup with X11.

(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
(use-package-modules xfce wicd avahi xorg certs)

(define %linux-modules
  '(
    ;; cryptsetup/LUKS
    "dm-crypt.ko" "xts.ko"))

(operating-system
  (host-name "x200")
  (timezone "Europe/Paris")
  (locale "en_US.UTF-8")

  ;; Assuming /dev/sdX is the target hard disk, and "root" is
  ;; the label of the target root file system.
  (bootloader (grub-configuration (device "/dev/sda1")))

  (initrd (lambda (fs . args)
     (apply base-initrd fs
        #:extra-modules %linux-modules
        args)))

  (mapped-devices (list (mapped-device
     (source "/dev/sda1")
     (target "guix")
     (type luks-device-mapping))))

  (file-systems (cons (file-system
                        (device "/dev/mapper/guix")
                        (title 'device)
                        (mount-point "/")
                        (type "ext4"))
                      %base-file-systems))

  (users (cons (user-account
                (name "petter")
                (comment "Petter")
                (group "users")
                (supplementary-groups '("wheel" "netdev"
                                        "audio" "video"))
                (home-directory "/home/petter"))
               %base-user-accounts))

  ;; Add Xfce and Ratpoison; that allows us to choose
  ;; sessions using either of these at the log-in screen.
  (packages (cons* xfce    ;desktop environments
                   xterm wicd avahi  ;useful tools
                   nss-certs         ;for HTTPS access
                   %base-packages))

  ;; Use the "desktop" services, which include the X11
  ;; log-in service, networking with Wicd, and more.
  (services %desktop-services)

  ;; Allow resolution of '.local' host names with mDNS.
  (name-service-switch %mdns-host-lookup-nss))

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] Full encryption
  2015-09-16 13:30 [PATCH] Full encryption Petter
@ 2015-09-20 20:10 ` Ludovic Courtès
  0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2015-09-20 20:10 UTC (permalink / raw)
  To: Petter; +Cc: guix-devel

Petter <petter@mykolab.ch> skribis:

> To run a fully encrypted GuixSD, Mark and Ludo dictated the following changes for me. And i'm now only using one partition (which includes root and boot).

Thank you & Mark for testing and debugging this!

Commit cc0e575 and 07779d0 incorporate your suggestions.  Let me know if
everything is still fine after ‘guix system reconfigure’ (and you can
now remove the custom initrd from your OS config.)

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Full encryption
@ 2015-09-20 22:19 Petter
  2015-09-21 16:10 ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: Petter @ 2015-09-20 22:19 UTC (permalink / raw)
  To: guix-devel

Happy to help! :)

I've removed the custom initrd and define %linux-modules from my config,
and done:
sudo -i guix pull
sudo -i guix system reconfigure /etc/config.scm

Then rebooted. All ok!

Petter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Full encryption
  2015-09-20 22:19 Petter
@ 2015-09-21 16:10 ` Ludovic Courtès
  0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2015-09-21 16:10 UTC (permalink / raw)
  To: Petter; +Cc: guix-devel

Petter <petter@mykolab.ch> skribis:

> I've removed the custom initrd and define %linux-modules from my config,
> and done:
> sudo -i guix pull
> sudo -i guix system reconfigure /etc/config.scm
>
> Then rebooted. All ok!

Excellent, thanks!

Ludo'.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-09-21 16:11 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-16 13:30 [PATCH] Full encryption Petter
2015-09-20 20:10 ` Ludovic Courtès
  -- strict thread matches above, loose matches on Subject: below --
2015-09-20 22:19 Petter
2015-09-21 16:10 ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).