* Some small documentation improvements
@ 2017-01-30 4:40 Chris Marusich
2017-01-30 4:40 ` [PATCH 1/2] doc: Clarify that 'guix pull' can't be easily rolled back Chris Marusich
2017-01-30 4:40 ` [PATCH 2/2] doc: Discuss encrypted swap space Chris Marusich
0 siblings, 2 replies; 6+ messages in thread
From: Chris Marusich @ 2017-01-30 4:40 UTC (permalink / raw)
To: guix-devel
Here are some small documentation improvements. One is for "guix pull," and
one is for encrypted swap space. I hope it helps!
--
Chris
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] doc: Clarify that 'guix pull' can't be easily rolled back.
2017-01-30 4:40 Some small documentation improvements Chris Marusich
@ 2017-01-30 4:40 ` Chris Marusich
2017-02-01 22:44 ` Ludovic Courtès
2017-01-30 4:40 ` [PATCH 2/2] doc: Discuss encrypted swap space Chris Marusich
1 sibling, 1 reply; 6+ messages in thread
From: Chris Marusich @ 2017-01-30 4:40 UTC (permalink / raw)
To: guix-devel
* doc/guix.texi (Invoking guix pull): Clarify that 'guix pull' can't be
easily rolled back.
---
doc/guix.texi | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 4ba101094..2a9b11969 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -2337,7 +2337,9 @@ instance, when user @code{root} runs @command{guix pull}, this has no
effect on the version of Guix that user @code{alice} sees, and vice
versa@footnote{Under the hood, @command{guix pull} updates the
@file{~/.config/guix/latest} symbolic link to point to the latest Guix,
-and the @command{guix} command loads code from there.}.
+and the @command{guix} command loads code from there. Currently, the
+only way to roll back an invocation of @command{guix pull} is to
+manually update this symlink to point to the previous Guix.}.
The @command{guix pull} command is usually invoked with no arguments,
but it supports the following options:
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] doc: Discuss encrypted swap space.
2017-01-30 4:40 Some small documentation improvements Chris Marusich
2017-01-30 4:40 ` [PATCH 1/2] doc: Clarify that 'guix pull' can't be easily rolled back Chris Marusich
@ 2017-01-30 4:40 ` Chris Marusich
2017-01-30 8:53 ` Hartmut Goebel
2017-02-01 22:46 ` Ludovic Courtès
1 sibling, 2 replies; 6+ messages in thread
From: Chris Marusich @ 2017-01-30 4:40 UTC (permalink / raw)
To: guix-devel
* doc/guix.texi (Preparing for Installation): Provide an example of how to
set up (encrypted) swap space using a swap file.
(operating-system Reference)[swap-devices]: Clarify that swap files are
supported, too.
(Mapped Devices): Explain how to use a mapped device with a swap file to
encrypt swap space.
---
doc/guix.texi | 36 +++++++++++++++++++++++++++++++++---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 2a9b11969..78807b0d0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7063,6 +7063,26 @@ mkswap /dev/sda2
swapon /dev/sda2
@end example
+Alternatively, you may use a swap file. For example, assuming that in
+the new system you want to use the file @file{/swapfile} as a swap file,
+you would run@footnote{This example will work for many types of file
+systems (e.g., ext4). However, for copy-on-write file systems (e.g.,
+btrfs), the required steps may be different. For details, see the
+manual pages for @command{mkswap} and @command{swapon}.}:
+
+@example
+# This is 10 GiB of swap space. Adjust "count" to change the size.
+dd if=/dev/zero of=/mnt/swapfile bs=1MiB count=10240
+# For security, make the file readable and writable only by root.
+chmod 600 /mnt/swapfile
+mkswap /mnt/swapfile
+swapon /mnt/swapfile
+@end example
+
+Note that if you have encrypted the root partition and created a swap
+file in its file system as described above, then the encryption also
+protects the swap file, just like any other file in that file system.
+
@node Proceeding with the Installation
@subsection Proceeding with the Installation
@@ -7516,9 +7536,12 @@ A list of file systems. @xref{File Systems}.
@item @code{swap-devices} (default: @code{'()})
@cindex swap devices
-A list of strings identifying devices to be used for ``swap space''
-(@pxref{Memory Concepts,,, libc, The GNU C Library Reference Manual}).
-For example, @code{'("/dev/sda3")}.
+A list of strings identifying devices or files to be used for ``swap
+space'' (@pxref{Memory Concepts,,, libc, The GNU C Library Reference
+Manual}). For example, @code{'("/dev/sda3")} or @code{'("/swapfile")}.
+It is possible to specify a swap file in a file system on a mapped
+device, provided that the necessary device mapping and file system are
+also specified. @xref{Mapped Devices} and @ref{File Systems}.
@item @code{users} (default: @code{%base-user-accounts})
@itemx @code{groups} (default: @var{%base-groups})
@@ -7861,6 +7884,13 @@ and use it as follows:
(type luks-device-mapping))
@end example
+@cindex swap encryption
+It is also desirable to encrypt swap space, since swap space may contain
+sensitive data. One way to accomplish that is to use a swap file in a
+file system on a device mapped via LUKS encryption. In this way, the
+swap file is encrypted because the entire device is encrypted.
+@xref{Preparing for Installation,,Disk Partitioning}, for an example.
+
A RAID device formed of the partitions @file{/dev/sda1} and @file{/dev/sdb1}
may be declared as follows:
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] doc: Discuss encrypted swap space.
2017-01-30 4:40 ` [PATCH 2/2] doc: Discuss encrypted swap space Chris Marusich
@ 2017-01-30 8:53 ` Hartmut Goebel
2017-02-01 22:46 ` Ludovic Courtès
1 sibling, 0 replies; 6+ messages in thread
From: Hartmut Goebel @ 2017-01-30 8:53 UTC (permalink / raw)
To: guix-devel
Am 30.01.2017 um 05:40 schrieb Chris Marusich:
> +Note that if you have encrypted the root partition and created a swap
> +file in its file system as described above, then the encryption also
> +protects the swap file, just like any other file in that file system.
Please also mention the impact on Suspend to Disk. Thanks.
--
Regards
Hartmut Goebel
| Hartmut Goebel | h.goebel@crazy-compilers.com |
| www.crazy-compilers.com | compilers which you thought are impossible |
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] doc: Clarify that 'guix pull' can't be easily rolled back.
2017-01-30 4:40 ` [PATCH 1/2] doc: Clarify that 'guix pull' can't be easily rolled back Chris Marusich
@ 2017-02-01 22:44 ` Ludovic Courtès
0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2017-02-01 22:44 UTC (permalink / raw)
To: Chris Marusich; +Cc: guix-devel
Chris Marusich <cmmarusich@gmail.com> skribis:
> * doc/guix.texi (Invoking guix pull): Clarify that 'guix pull' can't be
> easily rolled back.
Applied, thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] doc: Discuss encrypted swap space.
2017-01-30 4:40 ` [PATCH 2/2] doc: Discuss encrypted swap space Chris Marusich
2017-01-30 8:53 ` Hartmut Goebel
@ 2017-02-01 22:46 ` Ludovic Courtès
1 sibling, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2017-02-01 22:46 UTC (permalink / raw)
To: Chris Marusich; +Cc: guix-devel
Chris Marusich <cmmarusich@gmail.com> skribis:
> * doc/guix.texi (Preparing for Installation): Provide an example of how to
> set up (encrypted) swap space using a swap file.
> (operating-system Reference)[swap-devices]: Clarify that swap files are
> supported, too.
> (Mapped Devices): Explain how to use a mapped device with a swap file to
> encrypt swap space.
Applied, thanks.
Hartmut Goebel <h.goebel@crazy-compilers.com> skribis:
> Am 30.01.2017 um 05:40 schrieb Chris Marusich:
>> +Note that if you have encrypted the root partition and created a swap
>> +file in its file system as described above, then the encryption also
>> +protects the swap file, just like any other file in that file system.
>
> Please also mention the impact on Suspend to Disk. Thanks.
I agree it would be nice, but that can come in a subsequent patch.
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-02-01 22:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-30 4:40 Some small documentation improvements Chris Marusich
2017-01-30 4:40 ` [PATCH 1/2] doc: Clarify that 'guix pull' can't be easily rolled back Chris Marusich
2017-02-01 22:44 ` Ludovic Courtès
2017-01-30 4:40 ` [PATCH 2/2] doc: Discuss encrypted swap space Chris Marusich
2017-01-30 8:53 ` Hartmut Goebel
2017-02-01 22:46 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.