mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 13:28:12 -05:00
mapped-devices: LUKS partitions can be designated by their UUID.
* gnu/system/mapped-devices.scm (device-mapping-service-type): Add 'modules' and 'imported-modules' fields to 'shepherd-service'. (open-luks-device): Use 'find-partition-by-luks-uuid' to lookup the partition when SOURCE is a bytevector. * gnu/system/linux-initrd.scm (base-initrd): Augment 'use-modules' form. * doc/guix.texi (Mapped Devices): Give example with a UUID.
This commit is contained in:
parent
4da8c19e83
commit
ffba7d498d
3 changed files with 51 additions and 7 deletions
|
@ -6688,13 +6688,29 @@ Mapped devices are declared using the @code{mapped-device} form:
|
||||||
(type luks-device-mapping))
|
(type luks-device-mapping))
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
@noindent
|
Or, better yet, like this:
|
||||||
|
|
||||||
|
@example
|
||||||
|
(mapped-device
|
||||||
|
(source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
|
||||||
|
(target "home")
|
||||||
|
(type luks-device-mapping))
|
||||||
|
@end example
|
||||||
|
|
||||||
@cindex disk encryption
|
@cindex disk encryption
|
||||||
@cindex LUKS
|
@cindex LUKS
|
||||||
This example specifies a mapping from @file{/dev/sda3} to
|
This example specifies a mapping from @file{/dev/sda3} to
|
||||||
@file{/dev/mapper/home} using LUKS---the
|
@file{/dev/mapper/home} using LUKS---the
|
||||||
@url{http://code.google.com/p/cryptsetup,Linux Unified Key Setup}, a
|
@url{http://code.google.com/p/cryptsetup,Linux Unified Key Setup}, a
|
||||||
standard mechanism for disk encryption. The @file{/dev/mapper/home}
|
standard mechanism for disk encryption. In the second example, the UUID
|
||||||
|
(unique identifier) is the LUKS UUID returned for the device by a
|
||||||
|
command like:
|
||||||
|
|
||||||
|
@example
|
||||||
|
cryptsetup luksUUID /dev/sdx9
|
||||||
|
@end example
|
||||||
|
|
||||||
|
The @file{/dev/mapper/home}
|
||||||
device can then be used as the @code{device} of a @code{file-system}
|
device can then be used as the @code{device} of a @code{file-system}
|
||||||
declaration (@pxref{File Systems}). The @code{mapped-device} form is
|
declaration (@pxref{File Systems}). The @code{mapped-device} form is
|
||||||
detailed below.
|
detailed below.
|
||||||
|
|
|
@ -229,7 +229,14 @@ (define device-mapping-commands
|
||||||
(use-modules (gnu build linux-boot)
|
(use-modules (gnu build linux-boot)
|
||||||
(guix build utils)
|
(guix build utils)
|
||||||
(guix build bournish) ;add the 'bournish' meta-command
|
(guix build bournish) ;add the 'bournish' meta-command
|
||||||
(srfi srfi-26))
|
(srfi srfi-26)
|
||||||
|
|
||||||
|
;; FIXME: The following modules are for
|
||||||
|
;; LUKS-DEVICE-MAPPING. We should instead propagate
|
||||||
|
;; this info via gexps.
|
||||||
|
((gnu build file-systems)
|
||||||
|
#:select (find-partition-by-luks-uuid))
|
||||||
|
(rnrs bytevectors))
|
||||||
|
|
||||||
(with-output-to-port (%make-void-port "w")
|
(with-output-to-port (%make-void-port "w")
|
||||||
(lambda ()
|
(lambda ()
|
||||||
|
|
|
@ -22,6 +22,7 @@ (define-module (gnu system mapped-devices)
|
||||||
#:use-module (gnu services)
|
#:use-module (gnu services)
|
||||||
#:use-module (gnu services shepherd)
|
#:use-module (gnu services shepherd)
|
||||||
#:autoload (gnu packages cryptsetup) (cryptsetup)
|
#:autoload (gnu packages cryptsetup) (cryptsetup)
|
||||||
|
#:use-module (srfi srfi-1)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
#:export (mapped-device
|
#:export (mapped-device
|
||||||
mapped-device?
|
mapped-device?
|
||||||
|
@ -77,7 +78,16 @@ (define device-mapping-service-type
|
||||||
(documentation "Map a device node using Linux's device mapper.")
|
(documentation "Map a device node using Linux's device mapper.")
|
||||||
(start #~(lambda () #$(open source target)))
|
(start #~(lambda () #$(open source target)))
|
||||||
(stop #~(lambda _ (not #$(close source target))))
|
(stop #~(lambda _ (not #$(close source target))))
|
||||||
(respawn? #f))))))
|
(respawn? #f)
|
||||||
|
|
||||||
|
;; Add the modules needed by LUKS-DEVICE-MAPPING.
|
||||||
|
;; FIXME: This info should be propagated via gexps.
|
||||||
|
(modules `((rnrs bytevectors) ;bytevector?
|
||||||
|
((gnu build file-systems)
|
||||||
|
#:select (find-partition-by-luks-uuid))
|
||||||
|
,@%default-modules))
|
||||||
|
(imported-modules `((gnu build file-systems)
|
||||||
|
,@%default-imported-modules)))))))
|
||||||
|
|
||||||
(define (device-mapping-service mapped-device)
|
(define (device-mapping-service mapped-device)
|
||||||
"Return a service that sets up @var{mapped-device}."
|
"Return a service that sets up @var{mapped-device}."
|
||||||
|
@ -91,9 +101,20 @@ (define (device-mapping-service mapped-device)
|
||||||
(define (open-luks-device source target)
|
(define (open-luks-device source target)
|
||||||
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
|
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
|
||||||
'cryptsetup'."
|
'cryptsetup'."
|
||||||
#~(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
|
#~(let ((source #$source))
|
||||||
"open" "--type" "luks"
|
(zero? (system* (string-append #$cryptsetup "/sbin/cryptsetup")
|
||||||
#$source #$target)))
|
"open" "--type" "luks"
|
||||||
|
|
||||||
|
;; Note: We cannot use the "UUID=source" syntax here
|
||||||
|
;; because 'cryptsetup' implements it by searching the
|
||||||
|
;; udev-populated /dev/disk/by-id directory but udev may
|
||||||
|
;; be unavailable at the time we run this.
|
||||||
|
(if (bytevector? source)
|
||||||
|
(or (find-partition-by-luks-uuid source)
|
||||||
|
(error "LUKS partition not found" source))
|
||||||
|
source)
|
||||||
|
|
||||||
|
#$target))))
|
||||||
|
|
||||||
(define (close-luks-device source target)
|
(define (close-luks-device source target)
|
||||||
"Return a gexp that closes TARGET, a LUKS device."
|
"Return a gexp that closes TARGET, a LUKS device."
|
||||||
|
|
Loading…
Reference in a new issue