From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean Louis Subject: Re: [PATCH] DISCUSSION: Jookia's Libreboot+LUKS+LVM FDE patch. Date: Mon, 14 Mar 2016 22:40:13 +0100 Message-ID: <20160314214012.GQ3088@protected.rcdrun.com> References: <56e0c4cf.08d0190a.6a127.0d35@mx.google.com> <87r3fitiu6.fsf@gnu.org> <20160310211149.GA17073@novena-choice-citizen.lan> <871t7h140d.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44992) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1afaFG-0003FP-SF for guix-devel@gnu.org; Mon, 14 Mar 2016 17:41:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1afaFF-0000eQ-RH for guix-devel@gnu.org; Mon, 14 Mar 2016 17:41:46 -0400 Content-Disposition: inline In-Reply-To: <871t7h140d.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Let me give some tips when making this: The system must be able to encrypt: - if possible whole / though I personally don't prefer it like that - to encrypt /home on a device - to encrypt /tmp (very important) - to encrypt swap On Fri, Mar 11, 2016 at 03:30:10PM +0100, Ludovic Court=C3=A8s wrote: > Jookia <166291@gmail.com> skribis: >=20 > > I'd really like to discuss how much I needed to break to get the mapp= ed-devices, > > file-systems and swap-devices to just 'work'. I even had to make a fu= nction to > > return a mapped-device type, and have swap-devices not do dependency = tests since > > I technically don't use a device I've defined. > > > > It'd be much much better if I could do something like this in my serv= ices: > > > > (devices (list (file-system > > (uses '("/dev/matrix/root")) > > (creates '("/")) > > (device "/dev/matrix/root") > > (mount-point "/") > > (type "ext4")) > > (swap-device > > (uses '("/dev/mapper/matrix-swap")) > > (creates '())) > > (device "/dev/mapper/matrix-swap") > > (lvm-device > > (uses '("/dev/mapper/hdd" "/dev/sdb")) > > (creates '("/dev/matrix/" > > "/dev/mapper/matrix-swap")) > > (devices '("/dev/mapper/hdd" "/dev/sdb"))) > > (luks-device > > (uses '("UUID=3D4dab5feb-d176-45de-b287-9b0a6e4c01= cb")) > > (creates '("/dev/mapper/hdd")) > > (device "UUID=3D4dab5feb-d176-45de-b287-9b0a6e4c01= cb") > > (name "hdd") > > (key-file "...")))) > > > > The issue is that it has a lot of duplicate information as I'm not su= re > > uses/creates could always map to device/mount-point, like LUKS names. = But this > > should satisfy most dependency issues automatically, I hope. >=20 > There are several issues being addressed here, IIUC: >=20 > 1. How to refer to block devices (in the Unix sense) using UUIDs, > labels, or /dev file names in general, and not just for > =E2=80=98file-system=E2=80=99. >=20 > 2. How to determine dependencies among all these things. >=20 > 3. How to handle mapped devices that lead to several /dev nodes, as i= s > the case with LVM. >=20 > For #1, I would like to have a general =E2=80=98device=E2=80=99 type, s= o one could > write: >=20 > (operating-system > ;; =E2=80=A6 > (file-systems (list (file-system > (source (device (title 'label) > (name "my-root"))) > (mount-point "/")))) > (swap (list (device > (title 'uuid) > (name (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")))= )) >=20 > For that to work, we ideally need code to recognize swap signatures, > similar to what we do for ext2 in (gnu build file-systems). >=20 > For #3, what about changing the =E2=80=98target=E2=80=99 field of =E2=80= =98mapped-device=E2=80=99 such > that it can be a list of /dev file names? >=20 > For #2, I=E2=80=99m not sure we need to change anything, but let=E2=80=99= s discuss it > later. :-) >=20 > Ludo=E2=80=99. >=20