Received: (at 30922) by debbugs.gnu.org; 26 Mar 2018 13:37:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 26 09:37:09 2018
Received: from localhost ([127.0.0.1]:53750 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1f0SJA-0006lu-V2
for submit <at> debbugs.gnu.org; Mon, 26 Mar 2018 09:37:09 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:41000)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>)
id 1f0SJ6-0006le-Gn; Mon, 26 Mar 2018 09:37:05 -0400
Received: from localhost (localhost [127.0.0.1])
by hera.aquilenet.fr (Postfix) with ESMTP id 5C63812388;
Mon, 26 Mar 2018 15:37:03 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id sqtncgtjmxpE; Mon, 26 Mar 2018 15:37:02 +0200 (CEST)
Received: from ribbon (unknown [193.50.110.93])
by hera.aquilenet.fr (Postfix) with ESMTPSA id 1A24E1216A;
Mon, 26 Mar 2018 15:37:02 +0200 (CEST)
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Jan Nieuwenhuizen <janneke@HIDDEN>
Subject: Re: bug#30922: LUKS-encrypted root fails using device numbering,
needs luksUUID
References: <87tvt5dgsa.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Germinal an 226 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 26 Mar 2018 15:37:01 +0200
In-Reply-To: <87tvt5dgsa.fsf@HIDDEN> (Jan Nieuwenhuizen's message of "Sat, 24
Mar 2018 09:22:29 +0100")
Message-ID: <87efk7dkle.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 30922
Cc: 30922 <at> debbugs.gnu.org, 30604 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)
Hello,
Jan Nieuwenhuizen <janneke@HIDDEN> skribis:
> After booting I get
>
> Device /dev/nvme0n1p1 doesn't exist or access denied
This message comes from =E2=80=98cryptsetup=E2=80=99.
The =E2=80=98init=E2=80=99 script for the config you posted does this:
--8<---------------cut here---------------start------------->8---
(boot-system #:mounts (map spec->file-system
(quote (("/dev/mapper/guix"
device "/" "ext4" ()
#f #t))))
#:pre-mount (lambda ()
(and (let ((source "/dev/nvme0n1p1"))
(use-modules (rnrs bytevectors)
((gnu build file-systems)
#:select
(find-partition-by-luks-uui=
d)))
(zero? (system*
"/gnu/store/v5r0dx5v08847rcy033ky=
ish6m3b3621-cryptsetup-static-1.7.5/sbin/cryptsetup"
"open" "--type" "luks"
(if (bytevector? source)
(or (let loop ((tries-left 10=
))
(and (positive? tries-l=
eft)
(or (find-partitio=
n-by-luks-uuid source)
(begin
(sleep 1)
(loop (- tri=
es-left 1))))))
(error "LUKS partition no=
t found" source))
source)
"guix")))))
=E2=80=A6
--8<---------------cut here---------------end--------------->8---
IOW, it does the right thing whether or not you=E2=80=99re using a UUID.
However, when using a UUID, it waits for the device to show up, whereas
otherwise it assumes the /dev node is already there and invokes
=E2=80=98cryptsetup=E2=80=99 right away.
We should fix that and generalize the wait-for-device loop, which
already exists in a couple of instances.
There are connections with <https://bugs.gnu.org/30604>.
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#30922; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 24 Mar 2018 08:22:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 24 04:22:48 2018
Received: from localhost ([127.0.0.1]:50377 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ezeRo-0006bH-As
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:48 -0400
Received: from eggs.gnu.org ([208.118.235.92]:50088)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <janneke@HIDDEN>) id 1ezeRm-0006b4-As
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRf-0006Uk-UK
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:37 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_RP_MATCHES_RCVD
autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:48635)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <janneke@HIDDEN>) id 1ezeRf-0006UK-Qk
for submit <at> debbugs.gnu.org; Sat, 24 Mar 2018 04:22:35 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41045)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRe-0007PG-8q
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRc-0006RA-Ux
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:34 -0400
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:48155)
by eggs.gnu.org with esmtp (Exim 4.71)
(envelope-from <janneke@HIDDEN>) id 1ezeRc-0006R1-RH
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:32 -0400
Received: from [2001:980:1b4f:1:6944:96ac:c763:b1c9] (port=59506
helo=drakenvlieg.peder.onsbrabantnet.nl)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <janneke@HIDDEN>) id 1ezeRc-0003aS-6M
for bug-guix@HIDDEN; Sat, 24 Mar 2018 04:22:32 -0400
From: Jan Nieuwenhuizen <janneke@HIDDEN>
To: bug-guix@HIDDEN
Subject: LUKS-encrypted root fails using device numbering, needs luksUUID
Date: Sat, 24 Mar 2018 09:22:29 +0100
Message-ID: <87tvt5dgsa.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)
Hi!
Following the example in 6.2.4 Mapped Devices
(mapped-device
(source "/dev/sda3")
(target "home")
(type luks-device-mapping))
I chose not to use the UUID alternative for encrypted root; I'm terrible
at memorizing and typing UUIDs. So I used this snippet (full
bare-luks.scm below)
(mapped-device
;; This does not work
(source "/dev/nvme0n1p1")
;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
(target "guix")
(type luks-device-mapping))
For disk partitioning, I did
cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup open --type=3Dluks /dev/nvme0n1p1 guix
mkfs.ext4 -L guix /dev/mapper/guix
then install, something like
mount /dev/mapper/guix /mnt
herd start cow-store /mnt
guix system init /mnt/root/bare-luks.scm /mnt
After booting I get
Device /dev/nvme0n1p1 doesn't exist or access denied
Using the luksUUID, it works. Except for this hurdle a pleasant and
straighforward fresh install :-)
Greetings,
janneke
--8<---------------cut here---------------start------------->8---
;; lsblk.out
;; NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
;; sda 8:0 1 14.5G 0 disk=20=20
;; =E2=94=9C=E2=94=80sda1 8:1 1 1.4G 0 part=20=20
;; =E2=94=94=E2=94=80sda2 8:2 1 40M 0 part=20=20
;; nvme0n1 259:0 0 477G 0 disk=20=20
;; =E2=94=94=E2=94=80nvme0n1p1 259:1 0 477G 0 part=20=20
;; =E2=94=94=E2=94=80guix 253:0 0 477G 0 crypt /mnt
--8<---------------cut here---------------end--------------->8---
--8<---------------cut here---------------start------------->8---
;; bare-luks.scm
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh)
(define %supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "kvm"=
))
(operating-system
(host-name "dundal")
(timezone "Europe/Amsterdam")
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/nvme0n1")))
(mapped-devices
(list (mapped-device
;; This does not work
(source "/dev/nvme0n1p1")
;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
(target "guix")
(type luks-device-mapping))))
(file-systems
(cons* (file-system (title 'device)
(device "/dev/mapper/guix")
(mount-point "/")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems))
(groups
(cons* (user-group (name "janneke"))
%base-groups))
(users
(cons* (user-account
(name "janneke")
(group "janneke")
(uid 1000)
(supplementary-groups %supplementary-groups)
(home-directory "/home/janneke"))
%base-user-accounts))
(packages (cons* screen openssh wpa-supplicant-minimal %base-packages))
(services (cons* (dhcp-client-service)
(console-keymap-service "dvorak" "ctrl")
(service openssh-service-type
(openssh-configuration
(port-number 2222)
(permit-root-login #t)
(allow-empty-passwords? #f)
(password-authentication? #t)))
%base-services)))
--8<---------------cut here---------------end--------------->8---
--=20
Jan Nieuwenhuizen <janneke@HIDDEN> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com
Jan Nieuwenhuizen <janneke@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#30922; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.