Hi! Pierre Neidhardt <address@hidden> skribis: This was discussed looong ago (whether/how the device-mapping code would be a good fit for LVM) but we don’t have any code. This would be nice to have
Let me give some tips when making this: The system must be able to encrypt: - if possible whole / though I personally don't prefer it like that - to encrypt /home on a device - to encrypt /tmp (very
Jookia <address@hidden> skribis: There are several issues being addressed here, IIUC: 1. How to refer to block devices (in the Unix sense) using UUIDs, labels, or /dev file names in general, and not
Jookia <address@hidden> skribis: As you note, and as discussed on IRC, this is not OK because the private key ends up being stored world-readable in the store. :-/ Am I missing the part you wanted to
Hi, Christopher Lemmer Webber <address@hidden> skribis: Yeah that’s what I do. For the record, there’s an example of LUKS device mapping here: https://gnu.org/s/guix/manual/en/html_node/Using-the
Note that full disk encryption does work without LVM in Guix, though you do need to then pretty much put everything on one partition :) I think you can also do full disk encryption from libreboot by
Tomáš Čech <address@hidden> skribis: [...] Right. OK. Note that ‘file-system-service’ has a #:requirements parameter, which is where we could pass '(udev). But maybe some of the file systems d
Thanks. Should I contact the original author for copyright purposes, or may I assume it was contributed, even if not yet integrated, and take it from there? Not exactly an option, but a complement. I
I'm pretty sure btrfs dev scan or similar must introduce each of the filesystem components to the kernel before the kernel will use them. There used to be in-kernel scanning in mdraid, but I recall t
Hi, Alexandre Oliva <address@hidden> skribis: [...] Ahem, we have a use case for the right to be forgotten. :-) I think the mapped device API was very new back then, and perhaps we weren’t initiall
[...] With BTRFS multi device activation is built in the Linux kernel AFAIU, so no need to "activate" it, just mount one of the devices of a multi-device BTRFS filesystem (using uuid id more resilien
Thanks, yeah, that's pretty much how I deal with the distro I currently use. *nod*, same here. It has given me some headaches with grub probing and config rewriting, which from what you write I concl
I see. Thank you for clarifying that! Yes, something like that might be useful. By the way, I didn't mention Kickstart because I think it's a good example that we should follow (although I'm sure we
No. LUKS is used at the bottom across the whole device (e.g. /dev/sda) and LVM is used on top of it. You’d first unlock the LUKS partition with cryptsetup luksOpen /dev/sda1 root and then create a