* [PATCH] Full encryption
@ 2015-09-16 13:30 Petter
2015-09-20 20:10 ` Ludovic Courtès
0 siblings, 1 reply; 4+ messages in thread
From: Petter @ 2015-09-16 13:30 UTC (permalink / raw)
To: guix-devel
To run a fully encrypted GuixSD, Mark and Ludo dictated the following changes for me. And i'm now only using one partition (which includes root and boot).
diff --git a/gnu/build/linux-boot.scm b/gnu/build/linux-boot.scm
index 3081a93..0383a71 100644
--- a/gnu/build/linux-boot.scm
+++ b/gnu/build/linux-boot.scm
@@ -60,6 +60,10 @@
(mkdir (scope "proc")))
(mount "none" (scope "proc") "proc")
+ (unless (file-exists? (scope "dev"))
+ (mkdir (scope "dev")))
+ (mount "none" (scope "dev") "devtmpfs")
+
(unless (file-exists? (scope "sys"))
(mkdir (scope "sys")))
(mount "none" (scope "sys") "sysfs"))
@@ -385,9 +389,6 @@ to it are lost."
(unless (configure-qemu-networking)
(display "network interface is DOWN\n")))
- ;; Make /dev nodes.
- (make-essential-device-nodes)
-
;; Prepare the real root file system under /root.
(unless (file-exists? "/root")
(mkdir "/root"))
In config.scm we primarily added "(define %linux-modules.." and "(initrd..". Here's my config.scm in full.
;; This is an operating system configuration template
;; for a "desktop" setup with X11.
(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
(use-package-modules xfce wicd avahi xorg certs)
(define %linux-modules
'(
;; cryptsetup/LUKS
"dm-crypt.ko" "xts.ko"))
(operating-system
(host-name "x200")
(timezone "Europe/Paris")
(locale "en_US.UTF-8")
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sda1")))
(initrd (lambda (fs . args)
(apply base-initrd fs
#:extra-modules %linux-modules
args)))
(mapped-devices (list (mapped-device
(source "/dev/sda1")
(target "guix")
(type luks-device-mapping))))
(file-systems (cons (file-system
(device "/dev/mapper/guix")
(title 'device)
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "petter")
(comment "Petter")
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video"))
(home-directory "/home/petter"))
%base-user-accounts))
;; Add Xfce and Ratpoison; that allows us to choose
;; sessions using either of these at the log-in screen.
(packages (cons* xfce ;desktop environments
xterm wicd avahi ;useful tools
nss-certs ;for HTTPS access
%base-packages))
;; Use the "desktop" services, which include the X11
;; log-in service, networking with Wicd, and more.
(services %desktop-services)
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Full encryption
2015-09-16 13:30 Petter
@ 2015-09-20 20:10 ` Ludovic Courtès
0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2015-09-20 20:10 UTC (permalink / raw)
To: Petter; +Cc: guix-devel
Petter <petter@mykolab.ch> skribis:
> To run a fully encrypted GuixSD, Mark and Ludo dictated the following changes for me. And i'm now only using one partition (which includes root and boot).
Thank you & Mark for testing and debugging this!
Commit cc0e575 and 07779d0 incorporate your suggestions. Let me know if
everything is still fine after ‘guix system reconfigure’ (and you can
now remove the custom initrd from your OS config.)
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Full encryption
@ 2015-09-20 22:19 Petter
2015-09-21 16:10 ` Ludovic Courtès
0 siblings, 1 reply; 4+ messages in thread
From: Petter @ 2015-09-20 22:19 UTC (permalink / raw)
To: guix-devel
Happy to help! :)
I've removed the custom initrd and define %linux-modules from my config,
and done:
sudo -i guix pull
sudo -i guix system reconfigure /etc/config.scm
Then rebooted. All ok!
Petter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Full encryption
2015-09-20 22:19 [PATCH] Full encryption Petter
@ 2015-09-21 16:10 ` Ludovic Courtès
0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2015-09-21 16:10 UTC (permalink / raw)
To: Petter; +Cc: guix-devel
Petter <petter@mykolab.ch> skribis:
> I've removed the custom initrd and define %linux-modules from my config,
> and done:
> sudo -i guix pull
> sudo -i guix system reconfigure /etc/config.scm
>
> Then rebooted. All ok!
Excellent, thanks!
Ludo'.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-09-21 16:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-20 22:19 [PATCH] Full encryption Petter
2015-09-21 16:10 ` Ludovic Courtès
-- strict thread matches above, loose matches on Subject: below --
2015-09-16 13:30 Petter
2015-09-20 20:10 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.