From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: GuixSD encrypted root? Date: Mon, 25 Apr 2016 10:02:43 +0200 Message-ID: <87lh42azfg.fsf@gnu.org> References: <20160418230558.11a1c86f@scratchpost.org> <8760v7gk87.fsf@gnu.org> <20160424180425.69bbe050@scratchpost.org> <8737qadafh.fsf@gnu.org> <87lh42bt1g.fsf@gnu.org> <20160425032413.49810648@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43939) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aubTl-0007Ok-DT for guix-devel@gnu.org; Mon, 25 Apr 2016 04:02:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aubTi-00048J-6W for guix-devel@gnu.org; Mon, 25 Apr 2016 04:02:49 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:50451) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aubTh-00048D-S8 for guix-devel@gnu.org; Mon, 25 Apr 2016 04:02:46 -0400 In-Reply-To: <20160425032413.49810648@scratchpost.org> (Danny Milosavljevic's message of "Mon, 25 Apr 2016 03:24:13 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Danny Milosavljevic Cc: guix-devel@gnu.org Danny Milosavljevic skribis: > Hi, > >> Or, as Leo suggests, it could be that shepherd starts the device-mapping >> service, which runs =E2=80=9Ccryptsetup luksOpen=E2=80=9D, which never c= ompletes because >> you don=E2=80=99t know it=E2=80=99s waiting for you to enter a passphras= e. > > I doubt that it's that. The only change I have to do for it to work just = fine is to add "(mount? #f)". So I suspect that the cryptsetup works. (The = only thing I have to type manually is "mount /x" later - and that works, to= o) > > But I didn't know that Guix would run fsck on guix reconfigure. =E2=80=98guix system reconfigure=E2=80=99 starts new services, and that is = part of a service. > Maybe I just have to wait longer as it's a huge partition (with almost > nothing on it, though). Also, I've checked gnu/services/base.scm and > it seems to hard-code e2fsprogs. I use btrfs, though. Only ext[234] are supported currently, indeed. There=E2=80=99s and it=E2=80=99s be= en discussed on the mailing list recently (I think Tobias made progress in that direction). > My config (which is working fine because of the "(mount #f)") is: > > (define dayas-sys (mapped-device > (source (uuid "cedd378f-329c-44c4-ab40-f74f0c170= 1a2")) > (target "dayas-sys") > (type luks-device-mapping))) > > (operating-system > ;; ... > (mapped-devices (list dayas-sys)) > (file-systems (cons* (file-system > (device "/dev/sda1") > (title 'dayas:/) > (mount-point "/") > (type "ext4") > (needed-for-boot? #t)) > (file-system > (device "/dev/mapper/dayas-sys") > (mount-point "/x") > (type "btrfs") > (needed-for-boot? #f) > (mount? #f) ; otherwise does not work. > (dependencies (list dayas-sys))) > %base-file-systems)) > ;... > ) > > How come yours doesn't have a "dependencies" entry? Is it somehow compute= d by examining the "device" (/dev/mapper/...) entry? The =E2=80=98dependencies=E2=80=99 field can be omitted if you change the = =E2=80=99title=E2=80=99 field of the /x entry to 'device (info "(guix) File Systems"): However, when the source of a file system is a mapped device (*note Mapped Devices::), its =E2=80=98device=E2=80=99 field _mus= t_ refer to the mapped device name=E2=80=94e.g., =E2=80=98/dev/mapper/root-pa= rtition=E2=80=99=E2=80=94and consequently =E2=80=98title=E2=80=99 must be set to =E2=80=98'dev= ice=E2=80=99. This is required so that the system knows that mounting the file system depends on having the corresponding device mapping established. I admit this is not ideal. I=E2=80=99d rather allow the =E2=80=98device=E2= =80=99 field of to contain directly the . HTH, Ludo=E2=80=99.