me
/
guix
Archived
1
0
Fork 0

doc: Back up on the claim of encrypted root partitions.

Reported by 宋文武 <iyzsong@openmailbox.org>
at <https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00096.html>.

* doc/guix.texi (System Installation): Comment out encrypted root
  partition commands.
* gnu/system/examples/desktop.tmpl (mapped-devices): Remove.
  (file-systems): Refer to the root by label.
* NEWS: Adjust.
master
Ludovic Courtès 2015-11-04 10:27:12 +01:00
parent 5ffea4776d
commit 316d65be0c
3 changed files with 16 additions and 22 deletions

3
NEWS
View File

@ -74,7 +74,8 @@ Composition” in the manual.
(http://bugs.gnu.org/21354)
*** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127)
*** Compressed initrds no longer include timestamps
*** Fix handling of encrypted root partitions (http://bugs.gnu.org/19190)
*** Partly fix handling of encrypted root partitions
(http://bugs.gnu.org/19190)
*** Python now includes tkinter (http://bugs.gnu.org/20889)
*** Memoize the results of package-with-python2 (http://bugs.gnu.org/21675)
*** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217)

View File

@ -5310,23 +5310,24 @@ Setting up network access is almost always a requirement because the
image does not contain all the software and tools that may be needed.
@item
Unless this has already been done, you must partition, optionally
encrypt, and then format the target partitions.
Unless this has already been done, you must partition, and then format
the target partition.
Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands.
A typical command sequence may be:
@example
# fdisk /dev/sdX
@dots{} Create partitions etc.@dots{}
# cryptsetup luksFormat /dev/sdX1
# cryptsetup open --type luks /dev/sdX1 my-partition
# mkfs.ext4 -L my-root /dev/mapper/my-partition
@end example
@c FIXME: Uncomment this once GRUB fully supports encrypted roots.
@c A typical command sequence may be:
@c
@c @example
@c # fdisk /dev/sdX
@c @dots{} Create partitions etc.@dots{}
@c # cryptsetup luksFormat /dev/sdX1
@c # cryptsetup open --type luks /dev/sdX1 my-partition
@c # mkfs.ext4 -L my-root /dev/mapper/my-partition
@c @end example
The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk

View File

@ -13,17 +13,9 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
;; root partition created with 'cryptsetup luksFormat'.
(mapped-devices (list (mapped-device
(source "/dev/sdX1")
(target "root-partition")
(type luks-device-mapping))))
;; Mount said encrypted partition.
(file-systems (cons (file-system
(device "/dev/mapper/root-partition")
(device "root")
(title 'label)
(mount-point "/")
(type "ext4"))
%base-file-systems))