Browse Source

doc: Back up on the claim of encrypted root partitions.

Reported by 宋文武 <iyzsong@openmailbox.org>
at <https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00096.html>.

* doc/guix.texi (System Installation): Comment out encrypted root
  partition commands.
* gnu/system/examples/desktop.tmpl (mapped-devices): Remove.
  (file-systems): Refer to the root by label.
* NEWS: Adjust.
gn-latest-20200428
Ludovic Courtès 6 years ago
parent
commit
316d65be0c
  1. 3
      NEWS
  2. 23
      doc/guix.texi
  3. 12
      gnu/system/examples/desktop.tmpl

3
NEWS

@ -74,7 +74,8 @@ Composition” in the manual.
(http://bugs.gnu.org/21354)
*** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127)
*** Compressed initrds no longer include timestamps
*** Fix handling of encrypted root partitions (http://bugs.gnu.org/19190)
*** Partly fix handling of encrypted root partitions
(http://bugs.gnu.org/19190)
*** Python now includes tkinter (http://bugs.gnu.org/20889)
*** Memoize the results of ‘package-with-python2’ (http://bugs.gnu.org/21675)
*** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217)

23
doc/guix.texi

@ -5310,23 +5310,24 @@ Setting up network access is almost always a requirement because the
image does not contain all the software and tools that may be needed.
@item
Unless this has already been done, you must partition, optionally
encrypt, and then format the target partitions.
Unless this has already been done, you must partition, and then format
the target partition.
Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands.
A typical command sequence may be:
@example
# fdisk /dev/sdX
@dots{} Create partitions etc.@dots{}
# cryptsetup luksFormat /dev/sdX1
# cryptsetup open --type luks /dev/sdX1 my-partition
# mkfs.ext4 -L my-root /dev/mapper/my-partition
@end example
@c FIXME: Uncomment this once GRUB fully supports encrypted roots.
@c A typical command sequence may be:
@c
@c @example
@c # fdisk /dev/sdX
@c @dots{} Create partitions etc.@dots{}
@c # cryptsetup luksFormat /dev/sdX1
@c # cryptsetup open --type luks /dev/sdX1 my-partition
@c # mkfs.ext4 -L my-root /dev/mapper/my-partition
@c @end example
The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk

12
gnu/system/examples/desktop.tmpl

@ -13,17 +13,9 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
;; root partition created with 'cryptsetup luksFormat'.
(mapped-devices (list (mapped-device
(source "/dev/sdX1")
(target "root-partition")
(type luks-device-mapping))))
;; Mount said encrypted partition.
(file-systems (cons (file-system
(device "/dev/mapper/root-partition")
(device "root")
(title 'label)
(mount-point "/")
(type "ext4"))
%base-file-systems))

Loading…
Cancel
Save