me/guix
Archived
1
0
Fork 0
Code Activity

mapped-devices: LUKS partitions can be designated by their UUID.

Browse source 
* gnu/system/mapped-devices.scm (device-mapping-service-type): Add
'modules' and 'imported-modules' fields to 'shepherd-service'.
(open-luks-device): Use 'find-partition-by-luks-uuid' to lookup the
partition when SOURCE is a bytevector.
* gnu/system/linux-initrd.scm (base-initrd): Augment 'use-modules'
form.
* doc/guix.texi (Mapped Devices): Give example with a UUID.
This commit is contained in:
Ludovic Courtès 2016-04-18 00:23:16 +02:00
parent 4da8c19e83
commit ffba7d498d
3 changed files with 51 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/guix.texi
View file

@ -6688,13 +6688,29 @@ Mapped devices are declared using the @code{mapped-device} form:
(type luks-device-mapping))
@end example
@noindent
Or, better yet, like this:
@example
(mapped-device
(source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
(target "home")
(type luks-device-mapping))
@end example
@cindex disk encryption
@cindex LUKS
This example specifies a mapping from @file{/dev/sda3} to
@file{/dev/mapper/home} using LUKS---the
@url{http://code.google.com/p/cryptsetup,Linux Unified Key Setup}, a
standard mechanism for disk encryption. The @file{/dev/mapper/home}
standard mechanism for disk encryption. In the second example, the UUID
(unique identifier) is the LUKS UUID returned for the device by a
command like:
@example
cryptsetup luksUUID /dev/sdx9
@end example
The @file{/dev/mapper/home}
device can then be used as the @code{device} of a @code{file-system}
declaration (@pxref{File Systems}). The @code{mapped-device} form is
detailed below.

9
gnu/system/linux-initrd.scm
View file

@ -229,7 +229,14 @@ loaded at boot time in the order in which they appear."
(use-modules (gnu build linux-boot)
(guix build utils)
(guix build bournish) ;add the 'bournish' meta-command
(srfi srfi-26))
(srfi srfi-26)
;; FIXME: The following modules are for
;; LUKS-DEVICE-MAPPING. We should instead propagate
;; this info via gexps.
((gnu build file-systems)
#:select (find-partition-by-luks-uuid))
(rnrs bytevectors))
(with-output-to-port (%make-void-port "w")
(lambda ()

27
gnu/system/mapped-devices.scm
View file

@ -22,6 +22,7 @@
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:autoload (gnu packages cryptsetup) (cryptsetup)
#:use-module (srfi srfi-1)
#:use-module (ice-9 match)
#:export (mapped-device
mapped-device?
@ -77,7 +78,16 @@
(documentation "Map a device node using Linux's device mapper.")
(start #~(lambda () #$(open source target)))
(stop #~(lambda _ (not #$(close source target))))
(respawn? #f))))))
(respawn? #f)
;; Add the modules needed by LUKS-DEVICE-MAPPING.
;; FIXME: This info should be propagated via gexps.
(modules `((rnrs bytevectors) ;bytevector?
((gnu build file-systems)
#:select (find-partition-by-luks-uuid))
,@%default-modules))
(imported-modules `((gnu build file-systems)
,@%default-imported-modules)))))))
(define (device-mapping-service mapped-device)
"Return a service that sets up @var{mapped-device}."
@ -91,9 +101,20 @@
(define (open-luks-device source target)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'."
#~(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
#~(let ((source #$source))
(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
"open" "--type" "luks"
#$source #$target)))
;; Note: We cannot use the "UUID=source" syntax here
;; because 'cryptsetup' implements it by searching the
;; udev-populated /dev/disk/by-id directory but udev may
;; be unavailable at the time we run this.
(if (bytevector? source)
(or (find-partition-by-luks-uuid source)
(error "LUKS partition not found" source))
source)
#$target))))
(define (close-luks-device source target)
"Return a gexp that closes TARGET, a LUKS device."