[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GuixSD encrypted root?
From: |
Ludovic Courtès |
Subject: |
Re: GuixSD encrypted root? |
Date: |
Sun, 24 Apr 2016 23:23:07 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
address@hidden (Ludovic Courtès) skribis:
> Hey,
>
> Danny Milosavljevic <address@hidden> skribis:
>
>> Yeah, but even using a non-required-for-boot encrypted filesystem (i.e. not
>> an encrypted root, just encrypted home) doesn't work. As soon as I add
>> "mount? #t" it hangs.
>>
>> I'm now using a workaround where it's specified using "mount? #f" and I
>> mount it using a autorun script in my homedir (using "mount /x"). That works
>> fine.
>>
>> You're using an encrypted home, right? Does it work for you?
>
> Yes. My configuration looks like this:
>
> (operating-system
> ;; …
> (mapped-devices (list (mapped-device
> (source (uuid
> "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
> (target "home")
> (type luks-device-mapping))))
>
> (file-systems (cons* (file-system
> (device "root")
> (title 'label)
> (mount-point "/")
> (type "ext3"))
> (file-system
> (device "/dev/mapper/home")
> (mount-point "/home")
> (type "ext3"))
> %base-file-systems)))
>
> What about yours?
>
>> It's always very broken when I try - both guix reconfigure and sometimes the
>> next boot process (!) hang.
>
> Earlier you wrote:
>
>> system reconfigure hangs at
>>
>> guix system: shepherd: Removing service 'file-system-/x'...
>> guix system: shepherd: Done.
>> guix system: loading new services: file-system-/x...
>> guix system: shepherd: Evaluating user expression (register-services
>> (primitive-load "/gnu/s...")).
>
> At this point, shepherd loads and starts the service for file system /x,
> which does what appears in ‘file-system-shepherd-service’ in (gnu
> services base). Roughly, it runs fsck and then proceeds to mount /x.
>
> If you’re out of luck, fsck could take ages. Could it be what happened
> here?
Or, as Leo suggests, it could be that shepherd starts the device-mapping
service, which runs “cryptsetup luksOpen”, which never completes because
you don’t know it’s waiting for you to enter a passphrase.
Ludo’.