Requiring the user to input their password in order to unlock a device is not
always reasonable, so having an option to unlock the device using a key file
is a nice quality of life change.
* gnu/system/mapped-devices.scm (open-luks-device): Add #:key-file argument.
(luks-device-mapping-with-options): New procedure.
* doc/guix.texi (Mapped Devices): Describe the new procedure.
Change-Id: I1de4e045f8c2c11f9a94f1656e839c785b0c11c4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/54770>.
Regression introduced in 400c9ed3d7.
Previously, for an encrypted /home (say), "cryptsetup open" would be
invoked by shepherd, with /dev/null as its standard input. It would
thus run in non-interactive mode and, instead of asking for a
passphrase, fail with:
Nothing to read on input.
This change ensures it runs in interactive mode.
* gnu/build/file-systems.scm (system*/console, system*/tty): New
procedures.
* gnu/system/mapped-devices.scm (open-luks-device): Use 'system*/tty'
instead of 'system*'.
These issues were reported by -Wformat, though they were harmless in
practice because importing (ice-9 format) changes the global 'format'
binding currently.
* gnu/services/nix.scm: Import (ice-9 format).
* gnu/services/web.scm: Likewise.
* gnu/system/mapped-devices.scm: Likewise.
Previously the warning would list all the required modules rather than
just those that are missing.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Compute
'missing' and report it.
Previously we would not strip the ".ko" suffix if present.
* gnu/build/linux-modules.scm (file-name->module-name): Export.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Use
'file-name->module-name' instead of 'normalize-module-name'.
This mostly reverts ca23693d28, which
introduced a circular dependency between (gnu system linux-initrd)
and (gnu system mapped-devices).
Reported by Eric Bavier.
* gnu/system/linux-initrd.scm (check-device-initrd-modules): Move to...
* gnu/system/mapped-devices.scm (check-device-initrd-modules): ... here.
* po/guix/POTFILES.in: Adjust accordingly.
* guix/scripts/system.scm (check-mapped-devices): Take an OS instead of
a list of <mapped-device>. Pass #:needed-for-boot? and #:initrd-modules
to CHECK.
(check-initrd-modules): New procedure.
(perform-action): Move 'check-mapped-devices' call first. Add call to
'check-initrd-modules'.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): New
procedure.
(check-luks-device): Add #:initrd-modules and #:needed-for-boot?. Use
them to call 'check-device-initrd-modules'.
Conceptually a UUID is just a bytevector. However, there's software out
there such as GRUB that relies on the string representation of different
UUID types (e.g., the string representation of DCE UUIDs differs from
that of ISO-9660 UUIDs, even if they are actually bytevectors of the
same length). This new <uuid> record type allows us to preserve
information about the type of UUID so we can eventually convert it to a
string using the right representation.
* gnu/system/uuid.scm (<uuid>): New record type.
(bytevector->uuid): New procedure.
(uuid): Return calls to 'make-uuid'.
(uuid->string): Rewrite using 'match-lambda*' to accept a single 'uuid?'
argument.
* gnu/bootloader/grub.scm (grub-root-search): Check for 'uuid?' instead
of 'bytevector?'.
* gnu/system.scm (bootable-kernel-arguments): Check whether ROOT-DEVICE
is 'uuid?'.
(read-boot-parameters): Use 'bytevector->uuid' when the
store device is a bytevector.
(read-boot-parameters-file): Check for 'uuid?' instead of 'bytevector?'.
(device->sexp): New procedure.
(operating-system-boot-parameters-file): Use it for 'root-device' and
'store'.
(operating-system-bootcfg): Remove conditional in definition of
'root-device'.
* gnu/system/file-systems.scm (file-system->spec): Check for 'uuid?' on
DEVICE and take its bytevector.
* gnu/system/mapped-devices.scm (open-luks-device): Likewise.
* gnu/system/vm.scm (iso9660-image): Call 'uuid-bytevector' for the
#:volume-uuid argument.
Fixes <https://bugs.gnu.org/27242>.
* gnu/system/mapped-devices.scm (open-luks-device): If
'find-partition-by-luks-uuid' fails, try again once per second, up to ten
times.
Reported by myglc2 <myglc2@gmail.com>.
* gnu/system/mapped-devices.scm (<mapped-device>)[source]: Update
comment to note that this can be a list of strings.
This fixes a type error introduced in
7f8ad82bf2, given that SOURCES is a list.
* gnu/system/mapped-devices.scm (open-raid-device): Add 'apply'
invocation.
* gnu/system/mapped-devices.scm (open-raid-device): Rename 'source' to
'sources'. Make 'waiting' message more informative.
(close-raid-device): Rename 'source' to 'sources'.
* gnu/services/shepherd.scm (<shepherd-service>)[imported-modules]:
Remove.
(%default-imported-modules): Make private.
(shepherd-service-file): Use 'with-imported-modules'.
(shepherd-configuration-file): Remove 'modules' and the calls to
'imported-modules' and 'compiled-modules'. Use
'with-imported-modules' instead.
* doc/guix.texi (Shepherd Services): Adjust accordingly.
* gnu/services/base.scm (file-system-shepherd-service): Use
'with-imported-modules'. Remove 'imported-modules' field.
* gnu/system/mapped-devices.scm (device-mapping-service-type): Remove
'imported-modules'.
(open-luks-device): Use 'with-imported-modules'.
* gnu/tests.scm (marionette-shepherd-service): Remove 'imported-modules'
field and use 'with-imported-modules'.
* gnu/system/mapped-devices.scm (device-mapping-service-type): Add
'modules' and 'imported-modules' fields to 'shepherd-service'.
(open-luks-device): Use 'find-partition-by-luks-uuid' to lookup the
partition when SOURCE is a bytevector.
* gnu/system/linux-initrd.scm (base-initrd): Augment 'use-modules'
form.
* doc/guix.texi (Mapped Devices): Give example with a UUID.