From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Review of installation manual draft Date: Wed, 10 Feb 2016 22:16:00 +0100 Message-ID: <878u2sjmgf.fsf@gnu.org> References: <87io2af67v.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44745) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aTc7K-0007Mp-T1 for guix-devel@gnu.org; Wed, 10 Feb 2016 16:16:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aTc7H-00040b-De for guix-devel@gnu.org; Wed, 10 Feb 2016 16:16:06 -0500 In-Reply-To: (petter@mykolab.ch's message of "Fri, 05 Feb 2016 18:51:53 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Petter Cc: guix-devel@gnu.org Hi Petter, Thanks a lot for the additions to the manual! There was a lot more than I expected. ;-) For now, I=E2=80=99ve focused o= n the improvements to the =E2=80=9CSystem Installation=E2=80=9D section, leading = to commit dedb8d5. It turned out to be more work than I expected because I had to find out what the differences were (some paragraphs had been moved to a single line, which made it hard to spot the differences), and then ended up doing a few things differently to preserve consistency. In the future, it would be awesome if you could send more focused patches and make sure the diffs don=E2=80=99t show unrelated =E2=80=9Cnoise= .=E2=80=9D Petter skribis: > +Open the file in one of the editors. We'll now walk you through the upda= tes you need to make in the operating-system declaration in turn from top t= o bottom. > + > +@table @asis > +@item @samp{host-name} > +Will be the name for this system. It'll be used for identifying this sys= tem on the network and should be unique amongst the computers in your LAN(s= ). You may also see it in shell prompts. Use ASCII letters and digits only = unless you know what you're doing. > + > +@item @samp{timezone} > +This value must match a supported timezone exactly. To find the value yo= u need here you can run the command > +@example > +tzselect > +@end example > +and answer its questions. When it asks "Is the above information OK?" an= swer "1" (Yes). The value in the last line of output is the value to use in= your configuration. > +To get a shell prompt for running commands you can change virtual consol= e (Ctrl-Alt-F#), or close the editor. > + > +@item @samp{locale} > +This value must match a supported locale exactly. To get a list of suppo= rted locales and their typing run the command > +@example > +ls /run/current-system/locale/@var{X.Y} > +@end @samp{example} > +where X.Y is the libc version (just press TAB at this level). Find the l= ocale you want in the listed output and take note of exactly how it is type= d (trailing / is not included in the name). > +To get a shell prompt for running commands you can change virtual consol= e (Ctrl-Alt-F#), or close the editor. > + > +@item @samp{bootloader} > +Update the @samp{device} argument according to the comment in the exampl= e configuration. Typical value is @var{/dev/sda}, note there's no trailing = digit. This will instruct the installation to install GRUB to the MBR of yo= ur disk. This is fine even if you're going to use the boot loader in your b= oot firmware, it will just be unused in this case. > +@end table I did not include this as is because I think most of it is redundant with (or should be covered by) the =E2=80=9Coperating-system Reference=E2= =80=9D section. I have not yet integrated the bits about setting up an encrypted root etc. because I first want the bits below to be fixed in the code. > +@subsection Booting a fully encrypted system > + > +@emph{This chapter is only for systems with encrypted boot.} > + > +To be able to boot with encrypted boot you need a system with GRUB flash= ed into the boot firmware, like with Coreboot/Libreboot. It=E2=80=99s not clear to me how much of it is specific to Coreboot/Librebo= ot. It seems like it could equally well work when GRUB is spawned by a random proprietary BIOS no? > +@table @asis > +@item Manual steps to boot your fully encrypted system > +Press @kbd{c} in GRUB to enter command mode. Seems to me that GuixSD should automatically DTRT when installing on an encrypted root file system. See . > +menuentry "GuixSD (current)" @{ > + cryptomount @var{grub-partition} > + set root=3D(crypto0) > + set guix_system=3D/var/guix/profiles/system > + linux $@{guix_system@}/kernel/bzImage --root=3D@var{your-root-partiti= on} --system=3D$@{guix_system@} --load=3D$@{guix_system@}/boot > + initrd $@{guix_system@}/initrd > +@} I think this sort of answers the above bug report, no? Thanks a lot for your feedback on this! Ludo=E2=80=99.