From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: GuixSD encrypted root? Date: Sun, 24 Apr 2016 23:23:07 +0200 Message-ID: <87lh42bt1g.fsf@gnu.org> References: <20160418230558.11a1c86f@scratchpost.org> <8760v7gk87.fsf@gnu.org> <20160424180425.69bbe050@scratchpost.org> <8737qadafh.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46328) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1auRUo-0003pg-8f for guix-devel@gnu.org; Sun, 24 Apr 2016 17:23:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1auRUk-0002K5-7c for guix-devel@gnu.org; Sun, 24 Apr 2016 17:23:14 -0400 In-Reply-To: <8737qadafh.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 24 Apr 2016 22:22:10 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Danny Milosavljevic Cc: guix-devel@gnu.org ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > Hey, > > Danny Milosavljevic skribis: > >> Yeah, but even using a non-required-for-boot encrypted filesystem (i.e. = not an encrypted root, just encrypted home) doesn't work. As soon as I add = "mount? #t" it hangs. >> >> I'm now using a workaround where it's specified using "mount? #f" and I = mount it using a autorun script in my homedir (using "mount /x"). That work= s fine. >> >> You're using an encrypted home, right? Does it work for you? > > Yes. My configuration looks like this: > > (operating-system > ;; =E2=80=A6 > (mapped-devices (list (mapped-device > (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30= b0f44")) > (target "home") > (type luks-device-mapping)))) > > (file-systems (cons* (file-system > (device "root") > (title 'label) > (mount-point "/") > (type "ext3")) > (file-system > (device "/dev/mapper/home") > (mount-point "/home") > (type "ext3")) > %base-file-systems))) > > What about yours? > >> It's always very broken when I try - both guix reconfigure and sometimes= the next boot process (!) hang. > > Earlier you wrote: > >> system reconfigure hangs at >> >> guix system: shepherd: Removing service 'file-system-/x'... >> guix system: shepherd: Done. >> guix system: loading new services: file-system-/x... >> guix system: shepherd: Evaluating user expression (register-services (= primitive-load "/gnu/s...")). > > At this point, shepherd loads and starts the service for file system /x, > which does what appears in =E2=80=98file-system-shepherd-service=E2=80=99= in (gnu > services base). Roughly, it runs fsck and then proceeds to mount /x. > > If you=E2=80=99re out of luck, fsck could take ages. Could it be what ha= ppened > here? Or, as Leo suggests, it could be that shepherd starts the device-mapping service, which runs =E2=80=9Ccryptsetup luksOpen=E2=80=9D, which never comp= letes because you don=E2=80=99t know it=E2=80=99s waiting for you to enter a passphrase. Ludo=E2=80=99.