doc: Give an example with an encrypted root partition.

* gnu/system/examples/desktop.tmpl: Add 'mapped-devices' field.
  Use it in 'file-systems'.
* doc/guix.texi (System Installation): Suggest encrypted partitions.
  Give an example of a command sequence.
This commit is contained in:
Ludovic Courtès 2015-11-01 22:14:47 +01:00
parent b8d2eda4a3
commit 6d6e628119
2 changed files with 22 additions and 4 deletions

View file

@ -5237,14 +5237,24 @@ Setting up network access is almost always a requirement because the
image does not contain all the software and tools that may be needed.
@item
Unless this has already been done, you must partition and format the
target partitions.
Unless this has already been done, you must partition, optionally
encrypt, and then format the target partitions.
Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands.
A typical command sequence may be:
@example
# fdisk /dev/sdX
@dots{} Create partitions etc.@dots{}
# cryptsetup luksFormat /dev/sdX1
# cryptsetup open --type luks /dev/sdX1 my-partition
# mkfs.ext4 -L my-root /dev/mapper/my-partition
@end example
The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk
encryption, and e2fsprogs, the suite of tools to manipulate

View file

@ -13,9 +13,17 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
;; root partition created with 'cryptsetup luksFormat'.
(mapped-devices (list (mapped-device
(source "/dev/sdX1")
(target "root-partition")
(type luks-device-mapping))))
;; Mount said encrypted partition.
(file-systems (cons (file-system
(device "root")
(title 'label)
(device "/dev/mapper/root-partition")
(mount-point "/")
(type "ext4"))
%base-file-systems))