diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-11-04 10:27:12 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-11-04 10:54:39 +0100 |
commit | 316d65be0ca41c277349c4f0127513f98dbec680 (patch) | |
tree | 305a11b7655dc9d973ac60a441022a90934d3ccf | |
parent | 5ffea4776d33e73922aa5fdbb7ac4dafbfbf15c5 (diff) | |
download | patches-316d65be0ca41c277349c4f0127513f98dbec680.tar patches-316d65be0ca41c277349c4f0127513f98dbec680.tar.gz |
doc: Back up on the claim of encrypted root partitions.
Reported by 宋文武 <iyzsong@openmailbox.org>
at <https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00096.html>.
* doc/guix.texi (System Installation): Comment out encrypted root
partition commands.
* gnu/system/examples/desktop.tmpl (mapped-devices): Remove.
(file-systems): Refer to the root by label.
* NEWS: Adjust.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | doc/guix.texi | 23 | ||||
-rw-r--r-- | gnu/system/examples/desktop.tmpl | 12 |
3 files changed, 16 insertions, 22 deletions
@@ -74,7 +74,8 @@ Composition” in the manual. (http://bugs.gnu.org/21354) *** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127) *** Compressed initrds no longer include timestamps -*** Fix handling of encrypted root partitions (http://bugs.gnu.org/19190) +*** Partly fix handling of encrypted root partitions + (http://bugs.gnu.org/19190) *** Python now includes tkinter (http://bugs.gnu.org/20889) *** Memoize the results of ‘package-with-python2’ (http://bugs.gnu.org/21675) *** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217) diff --git a/doc/guix.texi b/doc/guix.texi index 7898a1d3fb..7e5f9c774b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5310,23 +5310,24 @@ Setting up network access is almost always a requirement because the image does not contain all the software and tools that may be needed. @item -Unless this has already been done, you must partition, optionally -encrypt, and then format the target partitions. +Unless this has already been done, you must partition, and then format +the target partition. Preferably, assign partitions a label so that you can easily and reliably refer to them in @code{file-system} declarations (@pxref{File Systems}). This is typically done using the @code{-L} option of @command{mkfs.ext4} and related commands. -A typical command sequence may be: - -@example -# fdisk /dev/sdX -@dots{} Create partitions etc.@dots{} -# cryptsetup luksFormat /dev/sdX1 -# cryptsetup open --type luks /dev/sdX1 my-partition -# mkfs.ext4 -L my-root /dev/mapper/my-partition -@end example +@c FIXME: Uncomment this once GRUB fully supports encrypted roots. +@c A typical command sequence may be: +@c +@c @example +@c # fdisk /dev/sdX +@c @dots{} Create partitions etc.@dots{} +@c # cryptsetup luksFormat /dev/sdX1 +@c # cryptsetup open --type luks /dev/sdX1 my-partition +@c # mkfs.ext4 -L my-root /dev/mapper/my-partition +@c @end example The installation image includes Parted (@pxref{Overview,,, parted, GNU Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl index 7a479d1123..ee660e0589 100644 --- a/gnu/system/examples/desktop.tmpl +++ b/gnu/system/examples/desktop.tmpl @@ -13,17 +13,9 @@ ;; Assuming /dev/sdX is the target hard disk, and "root" is ;; the label of the target root file system. (bootloader (grub-configuration (device "/dev/sdX"))) - - ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted - ;; root partition created with 'cryptsetup luksFormat'. - (mapped-devices (list (mapped-device - (source "/dev/sdX1") - (target "root-partition") - (type luks-device-mapping)))) - - ;; Mount said encrypted partition. (file-systems (cons (file-system - (device "/dev/mapper/root-partition") + (device "root") + (title 'label) (mount-point "/") (type "ext4")) %base-file-systems)) |