X-Loop: help-debbugs@HIDDEN
Subject: bug#30922: LUKS-encrypted root fails using device numbering, needs luksUUID
Resent-From: Jan Nieuwenhuizen <janneke@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sat, 24 Mar 2018 08:23:01 +0000
Resent-Message-ID: <handler.30922.B.152187976825382 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 30922
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 30922 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.152187976825382
(code B ref -1); Sat, 24 Mar 2018 08:23:01 +0000
Received: (at submit) by debbugs.gnu.org; 24 Mar 2018 08:22:48 +0000
Received: from localhost ([127.0.0.1]:50377 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ezeRo-0006bH-As
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:48 -0400
Received: from eggs.gnu.org ([208.118.235.92]:50088)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <janneke@HIDDEN>) id 1ezeRm-0006b4-As
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRf-0006Uk-UK
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:37 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_RP_MATCHES_RCVD
autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:48635)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <janneke@HIDDEN>) id 1ezeRf-0006UK-Qk
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:35 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41045)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRe-0007PG-8q
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRc-0006RA-Ux
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:34 -0400
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:48155)
by eggs.gnu.org with esmtp (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRc-0006R1-RH
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:32 -0400
Received: from [2001:980:1b4f:1:6944:96ac:c763:b1c9] (port=59506
helo=drakenvlieg.peder.onsbrabantnet.nl)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <janneke@HIDDEN>) id 1ezeRc-0003aS-6M
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:32 -0400
From: Jan Nieuwenhuizen <janneke@HIDDEN>
Date: Sat, 24 Mar 2018 09:22:29 +0100
Message-ID: <87tvt5dgsa.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)
Hi!
Following the example in 6.2.4 Mapped Devices
(mapped-device
(source "/dev/sda3")
(target "home")
(type luks-device-mapping))
I chose not to use the UUID alternative for encrypted root; I'm terrible
at memorizing and typing UUIDs. So I used this snippet (full
bare-luks.scm below)
(mapped-device
;; This does not work
(source "/dev/nvme0n1p1")
;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
(target "guix")
(type luks-device-mapping))
For disk partitioning, I did
cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup open --type=3Dluks /dev/nvme0n1p1 guix
mkfs.ext4 -L guix /dev/mapper/guix
then install, something like
mount /dev/mapper/guix /mnt
herd start cow-store /mnt
guix system init /mnt/root/bare-luks.scm /mnt
After booting I get
Device /dev/nvme0n1p1 doesn't exist or access denied
Using the luksUUID, it works. Except for this hurdle a pleasant and
straighforward fresh install :-)
Greetings,
janneke
--8<---------------cut here---------------start------------->8---
;; lsblk.out
;; NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
;; sda 8:0 1 14.5G 0 disk=20=20
;; =E2=94=9C=E2=94=80sda1 8:1 1 1.4G 0 part=20=20
;; =E2=94=94=E2=94=80sda2 8:2 1 40M 0 part=20=20
;; nvme0n1 259:0 0 477G 0 disk=20=20
;; =E2=94=94=E2=94=80nvme0n1p1 259:1 0 477G 0 part=20=20
;; =E2=94=94=E2=94=80guix 253:0 0 477G 0 crypt /mnt
--8<---------------cut here---------------end--------------->8---
--8<---------------cut here---------------start------------->8---
;; bare-luks.scm
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh)
(define %supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "kvm"=
))
(operating-system
(host-name "dundal")
(timezone "Europe/Amsterdam")
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/nvme0n1")))
(mapped-devices
(list (mapped-device
;; This does not work
(source "/dev/nvme0n1p1")
;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
(target "guix")
(type luks-device-mapping))))
(file-systems
(cons* (file-system (title 'device)
(device "/dev/mapper/guix")
(mount-point "/")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems))
(groups
(cons* (user-group (name "janneke"))
%base-groups))
(users
(cons* (user-account
(name "janneke")
(group "janneke")
(uid 1000)
(supplementary-groups %supplementary-groups)
(home-directory "/home/janneke"))
%base-user-accounts))
(packages (cons* screen openssh wpa-supplicant-minimal %base-packages))
(services (cons* (dhcp-client-service)
(console-keymap-service "dvorak" "ctrl")
(service openssh-service-type
(openssh-configuration
(port-number 2222)
(permit-root-login #t)
(allow-empty-passwords? #f)
(password-authentication? #t)))
%base-services)))
--8<---------------cut here---------------end--------------->8---
--=20
Jan Nieuwenhuizen <janneke@HIDDEN> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Jan Nieuwenhuizen <janneke@HIDDEN> Subject: bug#30922: Acknowledgement (LUKS-encrypted root fails using device numbering, needs luksUUID) Message-ID: <handler.30922.B.152187976825382.ack <at> debbugs.gnu.org> References: <87tvt5dgsa.fsf@HIDDEN> X-Gnu-PR-Message: ack 30922 X-Gnu-PR-Package: guix Reply-To: 30922 <at> debbugs.gnu.org Date: Sat, 24 Mar 2018 08:23:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 30922 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 30922: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30922 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#30922: LUKS-encrypted root fails using device numbering, needs luksUUID
Resent-From: ludo@HIDDEN (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 26 Mar 2018 13:38:01 +0000
Resent-Message-ID: <handler.30922.B30922.152207142926044 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 30922
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Jan Nieuwenhuizen <janneke@HIDDEN>
Cc: 30922 <at> debbugs.gnu.org, 30604 <at> debbugs.gnu.org
Received: via spool by 30922-submit <at> debbugs.gnu.org id=B30922.152207142926044
(code B ref 30922); Mon, 26 Mar 2018 13:38:01 +0000
Received: (at 30922) by debbugs.gnu.org; 26 Mar 2018 13:37:09 +0000
Received: from localhost ([127.0.0.1]:53750 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1f0SJA-0006lu-V2
for submit <at> debbugs.gnu.org; Mon, 26 Mar 2018 09:37:09 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:41000)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>)
id 1f0SJ6-0006le-Gn; Mon, 26 Mar 2018 09:37:05 -0400
Received: from localhost (localhost [127.0.0.1])
by hera.aquilenet.fr (Postfix) with ESMTP id 5C63812388;
Mon, 26 Mar 2018 15:37:03 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id sqtncgtjmxpE; Mon, 26 Mar 2018 15:37:02 +0200 (CEST)
Received: from ribbon (unknown [193.50.110.93])
by hera.aquilenet.fr (Postfix) with ESMTPSA id 1A24E1216A;
Mon, 26 Mar 2018 15:37:02 +0200 (CEST)
From: ludo@HIDDEN (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
References: <87tvt5dgsa.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Germinal an 226 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 26 Mar 2018 15:37:01 +0200
In-Reply-To: <87tvt5dgsa.fsf@HIDDEN> (Jan Nieuwenhuizen's message of "Sat, 24
Mar 2018 09:22:29 +0100")
Message-ID: <87efk7dkle.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.0 (+)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)
Hello,
Jan Nieuwenhuizen <janneke@HIDDEN> skribis:
> After booting I get
>
> Device /dev/nvme0n1p1 doesn't exist or access denied
This message comes from =E2=80=98cryptsetup=E2=80=99.
The =E2=80=98init=E2=80=99 script for the config you posted does this:
--8<---------------cut here---------------start------------->8---
(boot-system #:mounts (map spec->file-system
(quote (("/dev/mapper/guix"
device "/" "ext4" ()
#f #t))))
#:pre-mount (lambda ()
(and (let ((source "/dev/nvme0n1p1"))
(use-modules (rnrs bytevectors)
((gnu build file-systems)
#:select
(find-partition-by-luks-uui=
d)))
(zero? (system*
"/gnu/store/v5r0dx5v08847rcy033ky=
ish6m3b3621-cryptsetup-static-1.7.5/sbin/cryptsetup"
"open" "--type" "luks"
(if (bytevector? source)
(or (let loop ((tries-left 10=
))
(and (positive? tries-l=
eft)
(or (find-partitio=
n-by-luks-uuid source)
(begin
(sleep 1)
(loop (- tri=
es-left 1))))))
(error "LUKS partition no=
t found" source))
source)
"guix")))))
=E2=80=A6
--8<---------------cut here---------------end--------------->8---
IOW, it does the right thing whether or not you=E2=80=99re using a UUID.
However, when using a UUID, it waits for the device to show up, whereas
otherwise it assumes the /dev node is already there and invokes
=E2=80=98cryptsetup=E2=80=99 right away.
We should fix that and generalize the wait-for-device loop, which
already exists in a couple of instances.
There are connections with <https://bugs.gnu.org/30604>.
Ludo=E2=80=99.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.