[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/11: gnu: system: Add LUKS2 support for the root file system.
|
From: |
guix-commits |
|
Subject: |
02/11: gnu: system: Add LUKS2 support for the root file system. |
|
Date: |
Wed, 1 Dec 2021 11:55:25 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit adce91a3ec0cb2912daa6eefe9324c15ff3126f7
Author: Josselin Poiret <dev@jpoiret.xyz>
AuthorDate: Mon Nov 15 20:53:39 2021 +0000
gnu: system: Add LUKS2 support for the root file system.
* gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod
luks2'.
* gnu/system/mapped-devices.scm (open-luks-device): Create
'/run/cryptsetup/' directory.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
gnu/bootloader/grub.scm | 3 +--
gnu/system/mapped-devices.scm | 10 ++++++++--
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index d8e888f..42f71aa 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -415,8 +415,7 @@ menuentry ~s {
;; Other type of devices aren't implemented.
#~()))
(let ((devices (map crypto-device->cryptomount store-crypto-devices))
- ;; XXX: Add luks2 when grub 2.06 is packaged.
- (modules #~(format port "insmod luks~%")))
+ (modules #~(format port "insmod luks~%insmod luks2~%")))
(if (null? devices)
devices
(cons modules devices))))
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 518dbc4..96a381d 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -192,7 +192,8 @@ option of @command{guix system}.\n")
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'."
(with-imported-modules (source-module-closure
- '((gnu build file-systems)))
+ '((gnu build file-systems)
+ (guix build utils))) ;; For mkdir-p
(match targets
((target)
#~(let ((source #$(if (uuid? source)
@@ -201,7 +202,12 @@ option of @command{guix system}.\n")
;; XXX: 'use-modules' should be at the top level.
(use-modules (rnrs bytevectors) ;bytevector?
((gnu build file-systems)
- #:select (find-partition-by-luks-uuid)))
+ #:select (find-partition-by-luks-uuid))
+ ((guix build utils) #:select (mkdir-p)))
+
+ ;; Create '/run/cryptsetup/' if it does not exist, as device locking
+ ;; is mandatory for LUKS2.
+ (mkdir-p "/run/cryptsetup/")
;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
;; whole world inside the initrd (for when we're in an initrd).
- branch master updated (1a0696e -> 8cc099b), guix-commits, 2021/12/01
- 01/11: inferior: 'cached-channel-instance' does not cache unauthenticated instances., guix-commits, 2021/12/01
- 03/11: doc: Document LUKS2 GRUB support and shortcomings, guix-commits, 2021/12/01
- 02/11: gnu: system: Add LUKS2 support for the root file system.,
guix-commits <=
- 04/11: installer: Make LUKS2 the default format for encrypted devices, guix-commits, 2021/12/01
- 05/11: gnu: Add python-codespell., guix-commits, 2021/12/01
- 10/11: gnu: Add libfido2., guix-commits, 2021/12/01
- 08/11: gnu: Add vim-nerdtree., guix-commits, 2021/12/01
- 06/11: gnu: Add smplayer., guix-commits, 2021/12/01
- 07/11: build-system: haskell: Add ‘hackage-uri’ procedure., guix-commits, 2021/12/01
- 11/11: gnu: openssh: Add support for ecdsa-sk, ed25519-sk ssh keys., guix-commits, 2021/12/01
- 09/11: gnu: Add libcbor., guix-commits, 2021/12/01