From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id aI9sGQuSS2b0JwEAqHPOHw:P1 (envelope-from ) for ; Mon, 20 May 2024 20:10:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id aI9sGQuSS2b0JwEAqHPOHw (envelope-from ) for ; Mon, 20 May 2024 20:10:19 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=caminu.fr header.s=20220223 header.b=CDI+wMhf; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1716228619; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=vvh23NNtNNv7vqXr8WYWv3djPt0zeqPtBXX08Py9LTs=; b=MO9cK7y+aYSuC9eAY/i8MbL5HACuG57DbUmvPpRVGr0Op26j5odvjhYewOvukVyBTcrcW/ vvM29F/UQ/IiLU3zJ18UrdXJ6Pf7WmxYByHyCgdgBIn0HZ26H7o36zMZktfYnagESCaBHD oORM5+LolAjBFNODI70s6xKNCdJrUe4nU+gjPmeP8bGbSUdGMi5iCYIl+UUHKcP7eQzhFK 4UIDJnLhFKbzZoT+qgPzpBF6YJMks8RpuTF3fGmsiMA2MjYY6PBS8TvapW/qznFv2f5K+A R718sYcv1YCc1BxNo7UXE+X24FVYdC5pSElIBATQOkjYNDcC7Ax6eFTLEK6d5w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=caminu.fr header.s=20220223 header.b=CDI+wMhf; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1716228619; a=rsa-sha256; cv=none; b=AuCyrun2NpCcq8C4bR9qCUNEuqjPs8vpFAtumJzQuXI9FSBnW8PTWc8qtgi5EfyGG5TzKH OQWjupU/OZmIK5hGcxwrJc33H5DY7veY4Cn0nYW56ltAKOdeTWYLM7p9B59ezyngzMNTDm ij5MJRy8CTorA43LHYleW9QJmBqQOxu49RHtG+YZg9GJFPIfHH6p9T4J9ncMOrNDz/l6Tb dqMKb+I5rTpy/rlsxFIuUjbhJeSJXBlnas0xnbyABGq8XMS39D+PFxrtPVZGGmVnfPbsXR SzVDEQbC1SWjoNdsNRQ+4CmYCsJCLGlwXa99WXHOeMz2HcVt8lurl2IZZembiQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1F0EC21EDB for ; Mon, 20 May 2024 20:10:19 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s97SC-0003Ev-1K; Mon, 20 May 2024 14:09:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s97S9-0003Eg-MF for help-guix@gnu.org; Mon, 20 May 2024 14:09:41 -0400 Received: from smtp-42af.mail.infomaniak.ch ([2001:1600:7:10::42af]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s97S6-0007JK-Oh for help-guix@gnu.org; Mon, 20 May 2024 14:09:41 -0400 Received: from smtp-3-0000.mail.infomaniak.ch (smtp-3-0000.mail.infomaniak.ch [10.4.36.107]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4VjlvY2zJzzHfw for ; Mon, 20 May 2024 20:09:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=caminu.fr; s=20220223; t=1716228569; bh=3qJMerC3Nlnm9/y+Zydv+nFvWD4YHwdjJVUrGmVMjL0=; h=Date:To:From:Subject:From; b=CDI+wMhfW9Y/3sd8/GPwwHY7UWKK//t8yPeTnEGA3Oqd0ewB/JJDH0/ga4zQBbCz4 q0dblKQFxPT/kbzqLxBCWc5Dw9N8uUClZLeI0Ml3ouIcSa/9laULbQWtu/WBcw8Axw N7UG6eb3VCJKo7gaMQPKt8RKD0Zimx5qPbS8FG58= Received: from unknown by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4VjlvY0f5Hz94F for ; Mon, 20 May 2024 20:09:29 +0200 (CEST) Message-ID: Date: Mon, 20 May 2024 20:07:43 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: help-guix@gnu.org Content-Language: en-US From: Thomas Bennett Subject: luks device keyfile passed but still ask for passphrase during boot X-Infomaniak-Routing: alpha Received-SPF: pass client-ip=2001:1600:7:10::42af; envelope-from=tom@caminu.fr; helo=smtp-42af.mail.infomaniak.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -2.35 X-Migadu-Queue-Id: 1F0EC21EDB X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -2.35 X-TUID: yL/GhM2EmcBG Hello Guix comunity, I would like to be able to mount external encrypted disk pasing key-files located in the root partition. Thus it would prevent me to open those external disks manually by entering passphrases during the boot sequence.  Keeping only the passphrase for the root partition is fine for now. I have the following in my config.scm file regarding mapping and mounting one of the external disks, a backup one:  (mapped-devices (list (mapped-device                         (source (uuid "$ROOT_PARTION_UUID"))                         (target "$ROOT_PARTITION_MAPPED_NAME")                         (type luks-device-mapping))                        (mapped-device                         (source (uuid "$BACKUP_PARTITION_UUID"))                         (target "$BACKUP_PARTITION_MAPPED_NAME")                         (type (luks-device-mapping-with-options                                #:key-file "$BACKUP_PARTITION_KEY_FILE_PATH")))))  (file-systems (cons* (file-system                        (mount-point "$BOOT_PARTITION_MOUNTPOINT")                        (device (uuid "$BOOT_PARTITION_UUID" 'fat32))                        (type "vfat"))                       (file-system                        (mount-point "$ROOT_PARTITION_MOUNTPOINT")                        (device "/dev/mapper/$ROOT_PARTITION_MAPPED_NAME")                        (type "ext4")                        (dependencies mapped-devices))                       (file-system                        (create-mount-point? #t)                        (mount-point "$BACKUP_PARTITION_MOUNTPOINT")                        (type "ext4")                        (device "/dev/mapper/$BACKUP_PARTITION_MAPPED_NAME")                        (dependencies mapped-devices))                       %base-file-systems))) And it doesn't work. The configuration loads, but when I boot the system, it seems to be unable to find the key file because it stills asks for my passphrase to unlock the backup partition. May it be possible that the root partition is not yet mounted when the system tries to map the backup partition? If so, It would explain why it doesn't find the key file and asks for my passphrase. Do you know how to further investigate and/or what's wrong with the config and how to achieve the expected result? Thank you, Best, Thomas