From: Josselin Poiret via Guix-patches via <guix-patches@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Josselin Poiret <dev@jpoiret.xyz>, 51514@debbugs.gnu.org
Subject: [bug#51514] [PATCH v2 1/3] gnu: system: Add LUKS2 support for the root file system.
Date: Mon, 15 Nov 2021 20:53:39 +0000 [thread overview]
Message-ID: <20211115205341.9724-2-dev@jpoiret.xyz> (raw)
In-Reply-To: <20211115205341.9724-1-dev@jpoiret.xyz>
* gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod
luks2'.
* gnu/system/mapped-devices.scm (open-luks-device): Create
'/run/cryptsetup/' directory.
---
gnu/bootloader/grub.scm | 3 +--
gnu/system/mapped-devices.scm | 10 ++++++++--
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index d8e888ff40..42f71aa4db 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -415,8 +415,7 @@ (define (crypto-device->cryptomount dev)
;; Other type of devices aren't implemented.
#~()))
(let ((devices (map crypto-device->cryptomount store-crypto-devices))
- ;; XXX: Add luks2 when grub 2.06 is packaged.
- (modules #~(format port "insmod luks~%")))
+ (modules #~(format port "insmod luks~%insmod luks2~%")))
(if (null? devices)
devices
(cons modules devices))))
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 518dbc4fe8..96a381d5fe 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -192,7 +192,8 @@ (define (open-luks-device source targets)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'."
(with-imported-modules (source-module-closure
- '((gnu build file-systems)))
+ '((gnu build file-systems)
+ (guix build utils))) ;; For mkdir-p
(match targets
((target)
#~(let ((source #$(if (uuid? source)
@@ -201,7 +202,12 @@ (define (open-luks-device source targets)
;; XXX: 'use-modules' should be at the top level.
(use-modules (rnrs bytevectors) ;bytevector?
((gnu build file-systems)
- #:select (find-partition-by-luks-uuid)))
+ #:select (find-partition-by-luks-uuid))
+ ((guix build utils) #:select (mkdir-p)))
+
+ ;; Create '/run/cryptsetup/' if it does not exist, as device locking
+ ;; is mandatory for LUKS2.
+ (mkdir-p "/run/cryptsetup/")
;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
;; whole world inside the initrd (for when we're in an initrd).
--
2.33.1
next prev parent reply other threads:[~2021-11-15 20:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-30 15:56 [bug#51514] [PATCH 0/2] Add support for LUKS2 root partition Josselin Poiret via Guix-patches via
2021-10-30 16:12 ` [bug#51514] [PATCH 1/2] gnu: system: Add LUKS2 support for the root file system Josselin Poiret via Guix-patches via
2021-10-30 16:12 ` [bug#51514] [PATCH 2/2] doc: Document LUKS2 Grub support and shortcomings Josselin Poiret via Guix-patches via
2021-11-12 22:32 ` [bug#51514] [PATCH 0/2] Add support for LUKS2 root partition Ludovic Courtès
2021-11-15 20:53 ` [bug#51514] [PATCH v2 0/3] " Josselin Poiret via Guix-patches via
2021-11-15 20:53 ` Josselin Poiret via Guix-patches via [this message]
2021-11-15 20:53 ` [bug#51514] [PATCH v2 2/3] doc: Document LUKS2 GRUB support and shortcomings Josselin Poiret via Guix-patches via
2021-11-15 20:53 ` [bug#51514] [PATCH v2 3/3] installer: Make LUKS2 the default format for encrypted devices Josselin Poiret via Guix-patches via
2021-12-01 16:22 ` bug#51514: [PATCH 0/2] Add support for LUKS2 root partition Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211115205341.9724-2-dev@jpoiret.xyz \
--to=guix-patches@gnu.org \
--cc=51514@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.