05/05: doc: Give an example with an encrypted root partition.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

05/05: doc: Give an example with an encrypted root partition.

From:	Ludovic Court�s
Subject:	05/05: doc: Give an example with an encrypted root partition.
Date:	Sun, 01 Nov 2015 21:24:39 +0000

civodul pushed a commit to branch master
in repository guix.

commit 6d6e628119a043b3d8dd309d3e6d5a35bcd37618
Author: Ludovic Courtès <address@hidden>
Date:   Sun Nov 1 22:14:47 2015 +0100

    doc: Give an example with an encrypted root partition.
    
    * gnu/system/examples/desktop.tmpl: Add 'mapped-devices' field.
      Use it in 'file-systems'.
    * doc/guix.texi (System Installation): Suggest encrypted partitions.
      Give an example of a command sequence.
---
 doc/guix.texi                    |   14 ++++++++++++--
 gnu/system/examples/desktop.tmpl |   12 ++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index e8b79ec..bd9b42b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5237,14 +5237,24 @@ Setting up network access is almost always a 
requirement because the
 image does not contain all the software and tools that may be needed.
 
 @item
-Unless this has already been done, you must partition and format the
-target partitions.
+Unless this has already been done, you must partition, optionally
+encrypt, and then format the target partitions.
 
 Preferably, assign partitions a label so that you can easily and
 reliably refer to them in @code{file-system} declarations (@pxref{File
 Systems}).  This is typically done using the @code{-L} option of
 @command{mkfs.ext4} and related commands.
 
+A typical command sequence may be:
+
address@hidden
+# fdisk /dev/sdX
address@hidden Create partitions address@hidden
+# cryptsetup luksFormat /dev/sdX1
+# cryptsetup open --type luks /dev/sdX1 my-partition
+# mkfs.ext4 -L my-root /dev/mapper/my-partition
address@hidden example
+
 The installation image includes Parted (@pxref{Overview,,, parted, GNU
 Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk
 encryption, and e2fsprogs, the suite of tools to manipulate
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 988b8f9..41f66f6 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -13,9 +13,17 @@
   ;; Assuming /dev/sdX is the target hard disk, and "root" is
   ;; the label of the target root file system.
   (bootloader (grub-configuration (device "/dev/sdX")))
+
+  ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
+  ;; root partition created with 'cryptsetup luksFormat'.
+  (mapped-devices (list (mapped-device
+                          (source "/dev/sdX1")
+                          (target "root-partition")
+                          (type luks-device-mapping))))
+
+  ;; Mount said encrypted partition.
   (file-systems (cons (file-system
-                        (device "root")
-                        (title 'label)
+                        (device "/dev/mapper/root-partition")
                         (mount-point "/")
                         (type "ext4"))
                       %base-file-systems))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (b798dfd -> 6d6e628), Ludovic Court�s, 2015/11/01
- 01/05: Revert "services: polkit: Use the right executable name for PAM.", Ludovic Court�s, 2015/11/01
- 02/05: gnu: xz: Add alternate URL., Ludovic Court�s, 2015/11/01
- 05/05: doc: Give an example with an encrypted root partition., Ludovic Court�s <=
- 03/05: nls: Update 'da' translation., Ludovic Court�s, 2015/11/01
- 04/05: nls: Add Danish translation for packages., Ludovic Court�s, 2015/11/01

Prev by Date: branch master updated (b798dfd -> 6d6e628)
Next by Date: 03/05: nls: Update 'da' translation.
Previous by thread: 02/05: gnu: xz: Add alternate URL.
Next by thread: 03/05: nls: Update 'da' translation.
Index(es):
- Date
- Thread