mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: system: Add LUKS2 support for the root file system.
* gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod luks2'. * gnu/system/mapped-devices.scm (open-luks-device): Create '/run/cryptsetup/' directory. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
parent
9f371f23eb
commit
adce91a3ec
2 changed files with 9 additions and 4 deletions
|
@ -415,8 +415,7 @@ (define (crypto-device->cryptomount dev)
|
||||||
;; Other type of devices aren't implemented.
|
;; Other type of devices aren't implemented.
|
||||||
#~()))
|
#~()))
|
||||||
(let ((devices (map crypto-device->cryptomount store-crypto-devices))
|
(let ((devices (map crypto-device->cryptomount store-crypto-devices))
|
||||||
;; XXX: Add luks2 when grub 2.06 is packaged.
|
(modules #~(format port "insmod luks~%insmod luks2~%")))
|
||||||
(modules #~(format port "insmod luks~%")))
|
|
||||||
(if (null? devices)
|
(if (null? devices)
|
||||||
devices
|
devices
|
||||||
(cons modules devices))))
|
(cons modules devices))))
|
||||||
|
|
|
@ -192,7 +192,8 @@ (define (open-luks-device source targets)
|
||||||
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
|
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
|
||||||
'cryptsetup'."
|
'cryptsetup'."
|
||||||
(with-imported-modules (source-module-closure
|
(with-imported-modules (source-module-closure
|
||||||
'((gnu build file-systems)))
|
'((gnu build file-systems)
|
||||||
|
(guix build utils))) ;; For mkdir-p
|
||||||
(match targets
|
(match targets
|
||||||
((target)
|
((target)
|
||||||
#~(let ((source #$(if (uuid? source)
|
#~(let ((source #$(if (uuid? source)
|
||||||
|
@ -201,7 +202,12 @@ (define (open-luks-device source targets)
|
||||||
;; XXX: 'use-modules' should be at the top level.
|
;; XXX: 'use-modules' should be at the top level.
|
||||||
(use-modules (rnrs bytevectors) ;bytevector?
|
(use-modules (rnrs bytevectors) ;bytevector?
|
||||||
((gnu build file-systems)
|
((gnu build file-systems)
|
||||||
#:select (find-partition-by-luks-uuid)))
|
#:select (find-partition-by-luks-uuid))
|
||||||
|
((guix build utils) #:select (mkdir-p)))
|
||||||
|
|
||||||
|
;; Create '/run/cryptsetup/' if it does not exist, as device locking
|
||||||
|
;; is mandatory for LUKS2.
|
||||||
|
(mkdir-p "/run/cryptsetup/")
|
||||||
|
|
||||||
;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
|
;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
|
||||||
;; whole world inside the initrd (for when we're in an initrd).
|
;; whole world inside the initrd (for when we're in an initrd).
|
||||||
|
|
Loading…
Reference in a new issue