guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesyst

From: Ludovic Courtès
Subject: [bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesystems
Date: Wed, 05 Jan 2022 22:20:37 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) 
Hello,

One comment about the interface (the security showstopper Josselin
described would need to be addressed first, though):

chayleaf <chayleaf@pavluk.org> skribis:

> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -50,6 +50,7 @@ (define-module (gnu system mapped-devices)
>              mapped-device-target
>              mapped-device-targets
>              mapped-device-type
> +            mapped-device-crypt-key
>              mapped-device-location
>  
>              mapped-device-kind
> @@ -80,6 +81,8 @@ (define-record-type* <mapped-device> %mapped-device
>    (source    mapped-device-source)                ;string | list of strings
>    (targets   mapped-device-targets)               ;list of strings
>    (type      mapped-device-type)                  ;<mapped-device-kind>
> +  (crypt-key mapped-device-crypt-key              ;bytevector | gexp
> +             (default (const #f)))
>    (location  mapped-device-location
>               (default (current-source-location)) (innate)))

The <mapped-device> type is used for mapped devices other than LUKS,
such as RAID devices.  Thus, there’s no reason for there to be a
‘crypt-key’ field.

Instead, the extra information should be passed in some other way,
either via the ‘source’ field, or maybe via an extra ‘arguments’ field
that would be passed as-is to the mapped-device type handler.

Thanks,
Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]