GNU bug report logs - #37851
Grub installation only checks for encrypted /boot folder

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Miguel Arruga Vivas <rosen644835@HIDDEN>; Keywords: patch; merged with #25305; dated Mon, 21 Oct 2019 11:08:01 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added tag(s) patch. Request was from Miguel <rosen644835@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 37851 <at> debbugs.gnu.org:


Received: (at 37851) by debbugs.gnu.org; 27 Oct 2019 01:00:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 26 21:00:51 2019
Received: from localhost ([127.0.0.1]:41556 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iOWvL-0007YI-0g
	for submit <at> debbugs.gnu.org; Sat, 26 Oct 2019 21:00:51 -0400
Received: from mail-wm1-f53.google.com ([209.85.128.53]:35998)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rosen644835@HIDDEN>) id 1iOWvF-0007Xx-U8
 for 37851 <at> debbugs.gnu.org; Sat, 26 Oct 2019 21:00:46 -0400
Received: by mail-wm1-f53.google.com with SMTP id c22so5622644wmd.1
 for <37851 <at> debbugs.gnu.org>; Sat, 26 Oct 2019 18:00:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:cc:subject:message-id:in-reply-to:references
 :mime-version; bh=K3fDN/fVNxWspNFvfDS7iNgzaH3K+iUS6+j9/DHu3Mg=;
 b=KQ+EkX2FQjSYEgKyDwykThoXvzpvxh1uO3fB5uPwNKJ1z+1jY1qaVK0BaR8GXsExfT
 BkjI9FWKFjz43O9qfBMtJAA89qCPiaJg+ZXbKDSJsr+x2FcwGwWECxrrQmnubuP1xi6G
 k57S5kZHLbn2BiYEHBWLKdMqepZDrH6eUNomorG0td/7sqs5+E2t+10X0yG0IyDTsB8h
 JKTQtowojFyQqS4//QvlelRB8LnHXhBSpnen++U6s5SWlIXV+6d+aCtwTgQl3h7vPHiw
 yuYk1eN8X9vaDi8mUWLY5xLLX0hJVtQwDDG661zd3vi8PytIUZA9jDojkRDonmhUSgfP
 xsPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
 :references:mime-version;
 bh=K3fDN/fVNxWspNFvfDS7iNgzaH3K+iUS6+j9/DHu3Mg=;
 b=UMt55TOfoD1IncQ+QOCR747tnrnvRxLBuqNPlfI2u76eoDtZj4rSxBX7FaWMSam3G1
 QUCUevAuQaQF7oKRRVbm+5oJ7eV3l1WXEcOinK3YYA9Pq5ycNxSMM5cM68PhRSpDEmm4
 xNvYkyCO3t0Z8BbKtzAUG1p81D1MfjBLCg8zq6JluA2qsRYoYSbK7QeCQmdRdok0TQGL
 8/SmL8iqHVbcBRfKn+1AFE2KRyQSBMhpkwm6mu/H2j1ZHIyfM9H3dC7RNbLPG7JqiMqq
 Kyiu3wiRt1jDwKSwKHESYzcWCTxE3ALcAY7h9WRIzRoxMA9RXLwtOfyuGPv9xcQCCG6r
 ijGw==
X-Gm-Message-State: APjAAAUutgwzzqJGbr8++wPlcKSM3pXvmR+Zou2v5OvlGsDhD0FV4m4y
 R8aKFfUAU2NiXkZSYAXbaic=
X-Google-Smtp-Source: APXvYqywPTF1kuhBv8VmfnumYkRGtq61Nqz/3zRPX9kkopuJMqFGDu5ktCbtLSq9sCzXraYoZTtWag==
X-Received: by 2002:a1c:5542:: with SMTP id j63mr8450080wmb.119.1572138039768; 
 Sat, 26 Oct 2019 18:00:39 -0700 (PDT)
Received: from localhost (115.201.218.87.dynamic.jazztel.es. [87.218.201.115])
 by smtp.gmail.com with ESMTPSA id
 n22sm5888728wmk.19.2019.10.26.18.00.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 26 Oct 2019 18:00:39 -0700 (PDT)
Date: Sun, 27 Oct 2019 02:00:31 +0100
From: Miguel Arruga Vivas <rosen644835@HIDDEN>
To: Ludovic =?UTF-8?B?Q291cnTDqHM=?= <ludo@HIDDEN>
Subject: Re: bug#37851: Grub installation only checks for encrypted /boot
 folder
Message-ID: <20191027020031.18666b75@HIDDEN>
In-Reply-To: <87lftc27j2.fsf@HIDDEN>
References: <20191021130709.21d6ac20@HIDDEN>
 <20191021144758.3d8cfe95@HIDDEN> <87lftc27j2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MP_/OitJnvsaZ7SGEN.b_swZiR3"
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: 37851
Cc: 37851 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--MP_/OitJnvsaZ7SGEN.b_swZiR3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Ludo=E2=80=99,

El Tue, 22 Oct 2019 16:12:49 +0200
Ludovic Court=C3=A8s <ludo@HIDDEN> escribi=C3=B3:
> Hola Miguel,
>=20
> Miguel Arruga Vivas <rosen644835@HIDDEN> skribis:
> > (...)
> > +cryptomount -a =20
>=20
> Does that cause GRUB to mount all the LUKS partitions it was aware of
> at installation time, or does it cause it to scan all the partitions
> in search of a LUKS signature?

That patch is the first one, it mounts everything it can find, unlike
this one.

The only option I've seen was to modify boot-parameters (as in #35394,
wink wink nudge nudge) in order to store the needed partitions.  I've
reduced it this time to one patch, is it somehow easier to read this
way?  I could split it in two stages (one add the boot-parameters
field, the other one to make use of it) or squash the three for the
other feature into one if that easier for the review.  The main issues
I've found is that the source of the device-mappings needed for boot up
has to be declared by the UUID to ensure they are not system
dependent.  Also, the warning is shown several times and the message
isn't quite good, any idea how to fix/improve this?

Happy hacking!
Miguel

--MP_/OitJnvsaZ7SGEN.b_swZiR3
Content-Type: text/x-patch
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename=0001-system-Use-of-mapped-devices-for-boot-process.patch

=46rom f6438d1175a1d60d842ab502255a7685b05f4e7d Mon Sep 17 00:00:00 2001
From: =3D?UTF-8?q?Miguel=3D20=3DC3=3D81ngel=3D20Arruga=3D20Vivas?=3D
 <rosen644835@HIDDEN>
Date: Sun, 27 Oct 2019 01:35:59 +0200
Subject: [PATCH] system: Use of mapped-devices for boot process.

* gnu/bootloader/depthcharge.scm (depthcharge-configuration-file): New
parameter crypto-devices, not used.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Likewise.
* gnu/bootloader/grub.scm (grub-configuration-file)[declaration]: New
parameter crypto-devices, used to ensure unlock every encrypted
partition needed by the bootloader.
[device-uuid->gexp]: New function, emits cryptomount calls.
[body]: Map crypto-devices with device-uuid->gexp.
* gnu/machine/ssh.scm (roll-back-managed-host): Use the crypto-devices
stored from the selected generation in the call to the bootloader
configuration generator.
* gnu/scripts/system.scm (reinstall-bootloader): Likewise.
* gnu/system.scm (define-module)[export]: Export new accessor
boot-parameters-crypto-devices.
(boot-parameters)[crypto-devices]: New field.
(read-boot-parameters)[uuid-sexp->uuid]: New function.
(read-boot-parameters)[body]: Read new field crypto-devices.
(operating-system-boot-parameters-file): Add the new field.
(operating-system-boot-crypto-devices): New function.  Warn about
devices without an UUID.  They are ignored as they would be dependant
on the hardware configuration.
(operating-system-bootcfg): Use operating-system-boot-crypto-devices in
the call to the bootloader configuration generator.
(operating-system-boot-parameters): Use
operating-system-boot-crypto-devices to store the needed devices.
---
 gnu/bootloader/depthcharge.scm |  1 +
 gnu/bootloader/extlinux.scm    |  1 +
 gnu/bootloader/grub.scm        | 14 ++++++++++++
 gnu/machine/ssh.scm            |  3 +++
 gnu/system.scm                 | 40 ++++++++++++++++++++++++++++++++++
 guix/scripts/system.scm        |  2 ++
 6 files changed, 61 insertions(+)

diff --git a/gnu/bootloader/depthcharge.scm b/gnu/bootloader/depthcharge.scm
index 58cc3f3932..fe4302e93c 100644
--- a/gnu/bootloader/depthcharge.scm
+++ b/gnu/bootloader/depthcharge.scm
@@ -82,6 +82,7 @@
 (define* (depthcharge-configuration-file config entries
                                          #:key
                                          (system (%current-system))
+                                         (crypto-devices '())
                                          (old-entries '()))
   (match entries
     ((entry)
diff --git a/gnu/bootloader/extlinux.scm b/gnu/bootloader/extlinux.scm
index 40108584a8..3defeab3dd 100644
--- a/gnu/bootloader/extlinux.scm
+++ b/gnu/bootloader/extlinux.scm
@@ -28,6 +28,7 @@
 (define* (extlinux-configuration-file config entries
                                       #:key
                                       (system (%current-system))
+                                      (crypto-devices '())
                                       (old-entries '()))
   "Return the U-Boot configuration file corresponding to CONFIG, a
 <u-boot-configuration> object, and where the store is available at STORE-F=
S, a
diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index d984d5f5e3..8b5cf848af 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -3,6 +3,7 @@
 ;;; Copyright =C2=A9 2016 Chris Marusich <cmmarusich@HIDDEN>
 ;;; Copyright =C2=A9 2017 Leo Famulari <leo@HIDDEN>
 ;;; Copyright =C2=A9 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
+;;; Copyright =C2=A9 2019 Miguel =C3=81ngel Arruga Vivas <rosen644835@gmai=
l.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -316,6 +317,7 @@ code."
 (define* (grub-configuration-file config entries
                                   #:key
                                   (system (%current-system))
+                                  (crypto-devices '())
                                   (old-entries '()))
   "Return the GRUB configuration file corresponding to CONFIG, a
 <bootloader-configuration> object, and where the store is available at
@@ -345,6 +347,17 @@ entries corresponding to old generations of the system=
."
                   #$(grub-root-search device kernel)
                   #$kernel (string-join (list #$@arguments))
                   #$initrd))))
+  (define (device-uuid->gexp device-uuid)
+    (let* ((uuid-string (uuid->string device-uuid))
+           ;; XXX: My tests only worked with UUID values without
+           ;; any hyphen character.
+           (filtered-uuid (string-filter (lambda (c)
+                                           (not (eqv? c #\-)))
+                                         uuid-string)))
+      #~(format port "# Unlock encrypted device ~a
+cryptomount -u ~a~%"
+                #$uuid-string
+                #$filtered-uuid)))
   (define sugar
     (eye-candy config
                (menu-entry-device (first all-entries))
@@ -370,6 +383,7 @@ keymap ~a~%" keymap)))))
                   "# This file was generated from your Guix configuration.=
  Any changes
 # will be lost upon reconfiguration.
 ")
+          #$@(map device-uuid->gexp crypto-devices)
           #$sugar
           #$keyboard-layout-config
           (format port "
diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 6e3ed0e092..e8750bbe81 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -435,11 +435,14 @@ an environment type of 'managed-host."
                                             (drop boot-parameters 2)))
                        (bootloader -> (operating-system-bootloader
                                        (machine-operating-system machine)))
+                       (crypto-devices -> (boot-parameters-crypto-devices
+                                           (second boot-parameters)))
                        (bootcfg (lower-object
                                  ((bootloader-configuration-file-generator
                                    (bootloader-configuration-bootloader
                                     bootloader))
                                   bootloader entries
+                                  #:crypto-devices crypto-devices
                                   #:old-entries old-entries)))
                        (remote-result (machine-remote-eval machine remote-=
exp)))
     (when (eqv? 'error remote-result)
diff --git a/gnu/system.scm b/gnu/system.scm
index a353b1a5c8..9835fddf89 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -5,6 +5,7 @@
 ;;; Copyright =C2=A9 2016 Chris Marusich <cmmarusich@HIDDEN>
 ;;; Copyright =C2=A9 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
 ;;; Copyright =C2=A9 2019 Meiyo Peng <meiyo.peng@HIDDEN>
+;;; Copyright =C2=A9 2019 Miguel =C3=81ngel Arruga Vivas <rosen644835@gmai=
l.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -119,6 +120,7 @@
             boot-parameters-bootloader-menu-entries
             boot-parameters-store-device
             boot-parameters-store-mount-point
+            boot-parameters-crypto-devices
             boot-parameters-kernel
             boot-parameters-kernel-arguments
             boot-parameters-initrd
@@ -256,6 +258,7 @@ directly by the user."
    boot-parameters-bootloader-menu-entries)
   (store-device     boot-parameters-store-device)
   (store-mount-point boot-parameters-store-mount-point)
+  (crypto-devices   boot-parameters-crypto-devices)
   (kernel           boot-parameters-kernel)
   (kernel-arguments boot-parameters-kernel-arguments)
   (initrd           boot-parameters-initrd))
@@ -286,6 +289,14 @@ file system labels."
            device
            (file-system-label device)))))
=20
+  (define uuid-sexp->uuid
+    (match-lambda
+      (('uuid (? symbol? type) (? bytevector? bv))
+       (bytevector->uuid bv type))
+      (x
+       (warning (G_ "unrecognized uuid ~a at '~a'~%") x (port-filename por=
t))
+       #f)))
+
   (match (read port)
     (('boot-parameters ('version 0)
                        ('label label) ('root-device root)
@@ -324,6 +335,11 @@ file system labels."
          (('initrd (? string? file))
           file)))
=20
+      (crypto-devices
+       (match (assq 'crypto-devices rest)
+         ((_ device-list) (map uuid-sexp->uuid device-list))
+         (#f              '())))
+
       (store-device
        ;; Linux device names like "/dev/sda1" are not suitable GRUB device
        ;; identifiers, so we just filter them out.
@@ -438,6 +454,23 @@ from the initrd."
                (any file-system-needed-for-boot? users)))
            devices)))
=20
+(define (operating-system-boot-crypto-devices os)
+  (define (crypto-device? device)
+    (let ((type (mapped-device-type device)))
+      (eq? type luks-device-mapping)))
+  (define (with-uuid? device)
+    (if (uuid? (mapped-device-source device))
+        #t
+        (begin
+          (warning (G_ "the source from mapped-device at ~a is not an UUID.
+It will be ignored for the bootloader configuration.~%")
+                   (mapped-device-location device))
+          #f)))
+  (let* ((mapped-devices (operating-system-boot-mapped-devices os))
+         (crypto-devices (filter crypto-device? mapped-devices))
+         (valid-devices (filter with-uuid? crypto-devices)))
+    (map mapped-device-source valid-devices)))
+
 (define (device-mapping-services os)
   "Return the list of device-mapping services for OS as a list."
   (map device-mapping-service
@@ -989,6 +1022,7 @@ entry."
 a list of <menu-entry>, to populate the \"old entries\" menu."
   (let* ((root-fs         (operating-system-root-file-system os))
          (root-device     (file-system-device root-fs))
+         (crypto-devices  (operating-system-boot-crypto-devices os))
          (params          (operating-system-boot-parameters
                            os root-device
                            #:system-kernel-arguments? #t))
@@ -999,6 +1033,7 @@ a list of <menu-entry>, to populate the \"old entries\=
" menu."
        (bootloader-configuration-bootloader bootloader-conf)))
=20
     (generate-config-file bootloader-conf (list entry)
+                          #:crypto-devices crypto-devices
                           #:old-entries old-entries)))
=20
 (define* (operating-system-boot-parameters os root-device
@@ -1011,6 +1046,7 @@ such as '--root' and '--load' to <boot-parameters>."
          (bootloader      (bootloader-configuration-bootloader
                            (operating-system-bootloader os)))
          (bootloader-name (bootloader-name bootloader))
+         (crypto-devices  (operating-system-boot-crypto-devices os))
          (label           (operating-system-label os)))
     (boot-parameters
      (label label)
@@ -1024,6 +1060,7 @@ such as '--root' and '--load' to <boot-parameters>."
      (bootloader-name bootloader-name)
      (bootloader-menu-entries
       (bootloader-configuration-menu-entries (operating-system-bootloader =
os)))
+     (crypto-devices crypto-devices)
      (store-device (ensure-not-/dev (file-system-device store)))
      (store-mount-point (file-system-mount-point store)))))
=20
@@ -1070,6 +1107,9 @@ being stored into the \"parameters\" file)."
                             (or (and=3D> (operating-system-bootloader os)
                                        bootloader-configuration-menu-entri=
es)
                                 '())))
+                    (crypto-devices
+                     #$(map device->sexp
+                            (boot-parameters-crypto-devices params)))
                     (store
                      (device
                       #$(device->sexp (boot-parameters-store-device params=
)))
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index 27b014db68..95cffec52d 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -392,12 +392,14 @@ STORE is an open connection to the store."
                        %system-profile old-generations))
          (entries (cons (boot-parameters->menu-entry params)
                         (boot-parameters-bootloader-menu-entries params)))
+         (crypto-devices (boot-parameters-crypto-devices params))
          (old-entries (map boot-parameters->menu-entry old-params)))
     (run-with-store store
       (mlet* %store-monad
           ((bootcfg (lower-object
                      ((bootloader-configuration-file-generator bootloader)
                       bootloader-config entries
+                      #:crypto-devices crypto-devices
                       #:old-entries old-entries)))
            (drvs -> (list bootcfg)))
         (mbegin %store-monad
--=20
2.23.0


--MP_/OitJnvsaZ7SGEN.b_swZiR3--




Information forwarded to bug-guix@HIDDEN:
bug#37851; Package guix. Full text available.

Message received at 37851 <at> debbugs.gnu.org:


Received: (at 37851) by debbugs.gnu.org; 22 Oct 2019 14:13:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Oct 22 10:13:00 2019
Received: from localhost ([127.0.0.1]:60245 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iMuuC-0000PH-Bv
	for submit <at> debbugs.gnu.org; Tue, 22 Oct 2019 10:13:00 -0400
Received: from eggs.gnu.org ([209.51.188.92]:35539)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1iMuuA-0000P5-EJ
 for 37851 <at> debbugs.gnu.org; Tue, 22 Oct 2019 10:12:58 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57185)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1iMuu5-0005Qx-9T; Tue, 22 Oct 2019 10:12:53 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39378 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1iMuu3-0000c3-6S; Tue, 22 Oct 2019 10:12:52 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Miguel Arruga Vivas <rosen644835@HIDDEN>
Subject: Re: bug#37851: Grub installation only checks for encrypted /boot
 folder
References: <20191021130709.21d6ac20@HIDDEN>
 <20191021144758.3d8cfe95@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 1 Brumaire an 228 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 22 Oct 2019 16:12:49 +0200
In-Reply-To: <20191021144758.3d8cfe95@HIDDEN> (Miguel Arruga Vivas's
 message of "Mon, 21 Oct 2019 14:47:58 +0200")
Message-ID: <87lftc27j2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 37851
Cc: 37851 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hola Miguel,

Miguel Arruga Vivas <rosen644835@HIDDEN> skribis:

> Attached can be found a workaround to mount all encrypted partitions.
> There is no way to tell the devices to mount without changing
> boot-parameters, where I'd add another field with the needed mapped
> devices (a traversal onto the mapped-device dependency tree
> of /gnu/store).  Do you think this is a good idea?  At least I think
> it's the best way to encode the dependencies into the grub.cfg file,
> even though the typical graph will contain 0 or 1 nodes.

> From 9b50e2d8eb8b744595a54a9543993eb4e3813742 Mon Sep 17 00:00:00 2001
> From: =3D?UTF-8?q?Miguel=3D20=3DC3=3D81ngel=3D20Arruga=3D20Vivas?=3D
>  <rosen644835@HIDDEN>
> Date: Mon, 21 Oct 2019 14:35:02 +0200
> Subject: [PATCH] system: Mount luks devices on boot.
>
> * gnu/bootloader/grub.scm (grub-configuration-file)[builder]: Mount all
> encrypted partitions.
> ---
>  gnu/bootloader/grub.scm | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
> index d984d5f5e3..b29477ec71 100644
> --- a/gnu/bootloader/grub.scm
> +++ b/gnu/bootloader/grub.scm
> @@ -369,6 +369,7 @@ keymap ~a~%" keymap)))))
>            (format port
>                    "# This file was generated from your Guix configuratio=
n.  Any changes
>  # will be lost upon reconfiguration.
> +cryptomount -a

Does that cause GRUB to mount all the LUKS partitions it was aware of at
installation time, or does it cause it to scan all the partitions in
search of a LUKS signature?

In the latter case that wouldn=E2=80=99t be great, but in the former case it
sounds like we could go ahead (well, with a comment above explaining
what this does.  :-)).

Thanks for working on it!

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#37851; Package guix. Full text available.
Merged 25305 37851. Request was from Miguel <rosen644835@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 37851 <at> debbugs.gnu.org:


Received: (at 37851) by debbugs.gnu.org; 21 Oct 2019 14:55:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 21 10:55:47 2019
Received: from localhost ([127.0.0.1]:57625 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iMZ63-00008d-In
	for submit <at> debbugs.gnu.org; Mon, 21 Oct 2019 10:55:47 -0400
Received: from mail-wm1-f48.google.com ([209.85.128.48]:37257)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rosen644835@HIDDEN>) id 1iMZ61-00008M-ES
 for 37851 <at> debbugs.gnu.org; Mon, 21 Oct 2019 10:55:46 -0400
Received: by mail-wm1-f48.google.com with SMTP id f22so13134997wmc.2
 for <37851 <at> debbugs.gnu.org>; Mon, 21 Oct 2019 07:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:subject:message-id:mime-version
 :content-transfer-encoding;
 bh=cBNoZd/aSzXBAp9W4dH8tp+B7B9Gui6DXH9ROR/yZic=;
 b=JZVfEW0NImRvVZvbLD7GCiigRwYhxeGgWMZo/H7t3r4M5xKQ3ulJr4n5X+x7P/qhiZ
 fkzNwoCWP6q5r/QIBNypM/pHPJ0rseU+H7rFBjS+eFVYutyqWt7ozhd9u3ZYs/Os1XIZ
 /oFX8UbvEonOsYh7p9FLCZdTTEpfYdqhpXmKxhAFAxKzGYpHyNgLL0Vrgo5eBDjdo4ns
 zHXL5ClpjSe37ohJ8rGGJo2NlN9ltWAgtJN/fnKH4uFG2MSGICrGPiwl5GY9sMB1FlGV
 hi4nJbvM2VvpACr4GRuYT0nQr8jcNWVBtFFhhs9qvoH6toh8ZRNR/FlRNEOOEK6qK6wO
 RBhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-transfer-encoding;
 bh=cBNoZd/aSzXBAp9W4dH8tp+B7B9Gui6DXH9ROR/yZic=;
 b=NCOGnVbmVV7BsQ1GMiGbC0D8cXjFcj9dakO0ar6N/8u7HEaeXsVDN7YndtbBNIG+d5
 s+uYM1Dp2e0c+SjMacmPTcXTs9Dtu7AuJfdNq3eXp1r8/fLPLrb1LYvY8nPv9x03HDvS
 HXLtly9/9mUCCFdIiY6o9sYnPlfqwfTxXR10aOnZkgdtseVyuNeA4cN5bAA2uqPAytaZ
 ogShi87u2hvG1BueZoepIdE7V92+coE3NR2MYtxWvGAYRUsx2nLUxC4X4Y4F5F0rYSCs
 PLmVlg8bAp7PmY1O4XlXEE9naVa/n4OkVlKH0kB2+d0cQKYUVipR8yduGl8KdCRBFjie
 ykDQ==
X-Gm-Message-State: APjAAAVdE7LPXVsv1owJkSIs5/bjWgNcOpWYsf5orjYblOZswj50GcJZ
 6mVb5l3wtW0sNocuv5RoCbm5bsP5i1Q=
X-Google-Smtp-Source: APXvYqxetOPaGe3sGY4EvJ78CYUVnC/X+LdmDPwc3gqJfcgYcywIc5N4p66sLpboyo3k75jLqvsgMw==
X-Received: by 2002:a1c:6386:: with SMTP id x128mr14656348wmb.41.1571669739068; 
 Mon, 21 Oct 2019 07:55:39 -0700 (PDT)
Received: from localhost (115.201.218.87.dynamic.jazztel.es. [87.218.201.115])
 by smtp.gmail.com with ESMTPSA id
 d8sm2075386wrr.71.2019.10.21.07.55.38 for <37851 <at> debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 21 Oct 2019 07:55:38 -0700 (PDT)
Date: Mon, 21 Oct 2019 16:55:36 +0200
From: Miguel Arruga Vivas <rosen644835@HIDDEN>
To: 37851 <at> debbugs.gnu.org
Subject: bug#37851
Message-ID: <20191021165536.2bf8cde9@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 37851
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)

merge 25305 37851
quit




Information forwarded to bug-guix@HIDDEN:
bug#37851; Package guix. Full text available.

Message received at 37851 <at> debbugs.gnu.org:


Received: (at 37851) by debbugs.gnu.org; 21 Oct 2019 12:48:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 21 08:48:12 2019
Received: from localhost ([127.0.0.1]:55910 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iMX6a-0004ny-KG
	for submit <at> debbugs.gnu.org; Mon, 21 Oct 2019 08:48:12 -0400
Received: from mail-wm1-f53.google.com ([209.85.128.53]:55299)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rosen644835@HIDDEN>) id 1iMX6X-0004nj-U4
 for 37851 <at> debbugs.gnu.org; Mon, 21 Oct 2019 08:48:10 -0400
Received: by mail-wm1-f53.google.com with SMTP id g24so4004117wmh.5
 for <37851 <at> debbugs.gnu.org>; Mon, 21 Oct 2019 05:48:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:subject:message-id:in-reply-to:references:mime-version;
 bh=xxoqhtGwfpRqv3KYcl8rQF5muCqmNiFKMNMJsmResJ4=;
 b=jnBHLBF9GLRtFBv/OnxEX2c0033Vw0xRyszFNFORMTbYcyQbouOuSXijnzh84tkpZo
 0hJXHaSk+pYma9g45RHBjNniR94iFlXO0SQeut8P1ed4Eh45spMUvKg4cmpgdHsWVEA7
 PlcabqXFzAjGzktSGMg62gaBzxu6BZ85Lo0WVMoUGmrXknSYd5SkvpWTmy23QQyTVvpx
 InMtAB2jjrw8LCUZyE0ov+IgaDwYR8kXR8B7YtVByyYkVtGBUIMKZA+s9ZeDTzmnyhD+
 GrsStqxGzY1J9wIOKNWy+RSsEPdFlAnyR6kZ8Vciuudko4wkceT54uXoIIK6KTcjRHpK
 VtWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to
 :references:mime-version;
 bh=xxoqhtGwfpRqv3KYcl8rQF5muCqmNiFKMNMJsmResJ4=;
 b=OLTJ8AcqkBSsX8ZLyeiWFAQYKB7F1bPl7rO9VjlSBFr+1uqCYI2Kda58IJsqb0HBO0
 Aa8vYhlY1XWWwmnfNiCdIwZs1i4+OS0HB4IfF5JxzYbV9cNtN1e66SqumVRr0Owr2eWa
 VAi2uvn8CKiyNmrSIywTirJLpfcpmOTCr5w5+zlJi8S4Tk7ddlsG2VZupt3nMWljtwfO
 TPsJaLjYqmvTbl1Irb4kojO6c1gXrtEYf031xMrjIUygrWnkTWiOfjs+jVM9D1sQZhPw
 nGNV9iPYcAKEy1kB9USnzzy4JzOGmXcYuSIF0VtQwCTsXCP5p5ASisP4XNfWXfy0Y2wb
 RDKg==
X-Gm-Message-State: APjAAAWnAcSivqjbKHac156pPrMNhIM7a7DtkYugkb6Mq+phQjU89pCY
 +ewvllRWOU/wVQQhcMZAj7aBT+tX
X-Google-Smtp-Source: APXvYqy7K1GgureAGGspoPR0K9VYqN4SeBDZCYfOhRR20AvYGOAhig4oWuHEYigxF5KKuhVMOfZCOA==
X-Received: by 2002:a7b:cc06:: with SMTP id f6mr18531791wmh.158.1571662083683; 
 Mon, 21 Oct 2019 05:48:03 -0700 (PDT)
Received: from localhost (115.201.218.87.dynamic.jazztel.es. [87.218.201.115])
 by smtp.gmail.com with ESMTPSA id
 x7sm17329590wrg.63.2019.10.21.05.48.03 for <37851 <at> debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 21 Oct 2019 05:48:03 -0700 (PDT)
Date: Mon, 21 Oct 2019 14:47:58 +0200
From: Miguel Arruga Vivas <rosen644835@HIDDEN>
To: 37851 <at> debbugs.gnu.org
Subject: Re: Grub installation only checks for encrypted /boot folder
Message-ID: <20191021144758.3d8cfe95@HIDDEN>
In-Reply-To: <20191021130709.21d6ac20@HIDDEN>
References: <20191021130709.21d6ac20@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MP_/h3seKrLtpx/8H6rIaw5TuPN"
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 37851
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)

--MP_/h3seKrLtpx/8H6rIaw5TuPN
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi again,

Attached can be found a workaround to mount all encrypted partitions.
There is no way to tell the devices to mount without changing
boot-parameters, where I'd add another field with the needed mapped
devices (a traversal onto the mapped-device dependency tree
of /gnu/store).  Do you think this is a good idea?  At least I think
it's the best way to encode the dependencies into the grub.cfg file,
even though the typical graph will contain 0 or 1 nodes.

Ideas?

Best regards,
Miguel

--MP_/h3seKrLtpx/8H6rIaw5TuPN
Content-Type: text/x-patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename=0001-system-Mount-luks-devices-on-boot.patch

From 9b50e2d8eb8b744595a54a9543993eb4e3813742 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
 <rosen644835@HIDDEN>
Date: Mon, 21 Oct 2019 14:35:02 +0200
Subject: [PATCH] system: Mount luks devices on boot.

* gnu/bootloader/grub.scm (grub-configuration-file)[builder]: Mount all
encrypted partitions.
---
 gnu/bootloader/grub.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index d984d5f5e3..b29477ec71 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -369,6 +369,7 @@ keymap ~a~%" keymap)))))
           (format port
                   "# This file was generated from your Guix configuration.  Any changes
 # will be lost upon reconfiguration.
+cryptomount -a
 ")
           #$sugar
           #$keyboard-layout-config
-- 
2.23.0


--MP_/h3seKrLtpx/8H6rIaw5TuPN--




Information forwarded to bug-guix@HIDDEN:
bug#37851; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 21 Oct 2019 11:07:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 21 07:07:20 2019
Received: from localhost ([127.0.0.1]:55812 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iMVWy-0006bW-B8
	for submit <at> debbugs.gnu.org; Mon, 21 Oct 2019 07:07:20 -0400
Received: from lists.gnu.org ([209.51.188.17]:38869)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rosen644835@HIDDEN>) id 1iMVWw-0006bO-C2
 for submit <at> debbugs.gnu.org; Mon, 21 Oct 2019 07:07:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47181)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <rosen644835@HIDDEN>) id 1iMVWu-0001mf-RT
 for bug-guix@HIDDEN; Mon, 21 Oct 2019 07:07:17 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: *
X-Spam-Status: No, score=1.1 required=5.0 tests=BAYES_50,
 FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <rosen644835@HIDDEN>) id 1iMVWt-0005sP-Kv
 for bug-guix@HIDDEN; Mon, 21 Oct 2019 07:07:16 -0400
Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]:35607)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <rosen644835@HIDDEN>)
 id 1iMVWs-0005ry-VD
 for bug-guix@HIDDEN; Mon, 21 Oct 2019 07:07:15 -0400
Received: by mail-wm1-x330.google.com with SMTP id 14so5671042wmu.0
 for <bug-guix@HIDDEN>; Mon, 21 Oct 2019 04:07:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:subject:message-id:mime-version
 :content-transfer-encoding;
 bh=k2DHQoIvdyDfwub8rED9KT2y2K13cpdqpQ8h9Ep9eIg=;
 b=bm+EL24Q/n1HwFTKYn785gO9TVINuUf5seSbrQrTh2TgXTqZ6+ITv1hbaAmUP4muCE
 ubK9IuJhGip5QqMUxE3hYzIUpKjcVGb3t8uaIdtBGC9dRFzkNQ3jSZwhfrVvdkTKOBfy
 Dw1zHKnb3PILNXf54vUqmi1Fpm02fP0Teqc1p8h4wiitOL87bhVAmZzlf4JNDYhTiOPv
 brn20OgNFVJwp2ONjpB1hjmm9iHh1uxin7TWldmdOKhcY5BAAuE4clp4jXMmkdfNgSZQ
 XGGtV4dHAZw2l0BIJXsg5MGttXDh9gkvLO9FGKeth5oDz+VR+uSIeX9JMBRAF6jW8bPV
 /K7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-transfer-encoding;
 bh=k2DHQoIvdyDfwub8rED9KT2y2K13cpdqpQ8h9Ep9eIg=;
 b=KXOgmMpGq2qn36sMRZUcPjL5kETQzBUyCKSzIEllb9jgTvLr/fthgteFaOvWH0GjAT
 MWBc67qLdi1rRCI1NdPHouorgkyPcgy4H2AZN7TXh5QxH1ogzgRXC6Cx0LVQmzfq/0tT
 iUI8+p43LXE1nGetxLXF1gpkUlIc1utwH8/Nvn3ob6tntceL8j9earcYPKq2+q5o2K9J
 Ac2tTlIDHRM4ONtdFEGPhYGD5LSQPYMwdjsLO9Opaa/CDW4RPF1kzKsHq+TZSJ8KaLuJ
 zd6lUzg+aF5c8Ok4mQ3LAyjB6SER88d5nT3NVgfkBmAVERd5maXblsP8gAu6eHuakXcY
 Y6Ww==
X-Gm-Message-State: APjAAAVbVGmxUS8P80xfRk2YgOwN1lx5VvgUq4YJ2gNk3omsTGaQt+4/
 5QmEWKKkwYOWzlwMmMKsZHUQHafL
X-Google-Smtp-Source: APXvYqw4o7L+8stbg1srL1HkybUYWEdU1kKI+/siDMuk7vr0S5ZfZm1f3vXkeDuntbjsBTo59Pj7Zg==
X-Received: by 2002:a1c:230e:: with SMTP id j14mr9481353wmj.156.1571656033005; 
 Mon, 21 Oct 2019 04:07:13 -0700 (PDT)
Received: from localhost (115.201.218.87.dynamic.jazztel.es. [87.218.201.115])
 by smtp.gmail.com with ESMTPSA id
 z15sm14874256wrr.19.2019.10.21.04.07.12 for <bug-guix@HIDDEN>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 21 Oct 2019 04:07:12 -0700 (PDT)
Date: Mon, 21 Oct 2019 13:07:09 +0200
From: Miguel Arruga Vivas <rosen644835@HIDDEN>
To: bug-guix@HIDDEN
Subject: Grub installation only checks for encrypted /boot folder
Message-ID: <20191021130709.21d6ac20@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:1450:4864:20::330
X-Spam-Score: 0.9 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.1 (--)

Hi,

The following configuration results in an unbootable system.  The
root partition must be manually mounted with cryptomount in order to
boot the system.

The core issue is that grub unencrypts automatically, as
GRUB_ENABLE_CRYPTODISK=y was provided during installation, the /boot
partition, but not the partition which contains /gnu/store.

Happy hacking!
Miguel

==================== config.scm ====================
;; ....
(operating-system
  ;; ...
  (bootloader
    (bootloader-configuration
      (bootloader grub-bootloader)
      (target "/dev/sda")))
  (mapped-devices
    (list (mapped-device
            (source (uuid "uuid root device"))
            (target "root")
            (type luks-device-mapping))
          (mapped-device
            (source (uuid "uuid boot device"))
            (target "boot")
            (type luks-device-mapping))))
  (file-systems
    (cons* (file-system
             (mount-point "/")
             (device "/dev/mapper/root")
             (type "btrfs")
             (dependencies mapped-devices))
           (file-system
             (mount-point "/boot")
             (device "/dev/mapper/boot")
             (type "ext4")
             (dependencies mapped-devices))
           %base-file-systems)))
==================== config.scm ====================




Acknowledgement sent to Miguel Arruga Vivas <rosen644835@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#37851; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 1 Nov 2019 12:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.