GNU bug report logs - #51514
[PATCH 0/2] Add support for LUKS2 root partition

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Josselin Poiret <dev@HIDDEN>; Keywords: patch; dated Sat, 30 Oct 2021 15:57:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 51514 <at> debbugs.gnu.org:


Received: (at 51514) by debbugs.gnu.org; 30 Oct 2021 16:13:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 30 12:13:08 2021
Received: from localhost ([127.0.0.1]:58280 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mgqyi-0002UA-NU
	for submit <at> debbugs.gnu.org; Sat, 30 Oct 2021 12:13:08 -0400
Received: from jpoiret.xyz ([206.189.101.64]:38114)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dev@HIDDEN>) id 1mgqyh-0002U2-9H
 for 51514 <at> debbugs.gnu.org; Sat, 30 Oct 2021 12:13:07 -0400
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
 by jpoiret.xyz (Postfix) with ESMTPA id 30EB1184F41;
 Sat, 30 Oct 2021 16:13:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
 t=1635610386;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=LljGzYt5EwyfozO9dceE8ggdtl+7SmE0+PlAT1T3Eoo=;
 b=Nwsjwurl6JN3fuZXyxRhzb7acO98UqoYvsFvyykpdEKXKQQ+UCLTqoqfbDrVwjCg9vSPpE
 4WEsHjxjdC2r2rNCLleJtS9+9D8FWxRVOZtTp8fx1F0+rlqS8nROZYTJBpkgdCZAadhBTM
 ylpZcmwGXxxktYsbm6zN0+kGtNDrN5fByVRSMFfNMPHMtLiwYAcr6Lf5lz0CgF6L9OC6+U
 ixaw/CKbkb43k/nBqRp4DLq5aeF3K9IF/BOQnV/lhZ6YrG1fVikyT/dwnO+9Tt7cTCIsIf
 L+Zqirx00EGQXAql56nBIjouE1ZuCGQ2/+X4aMFYYQrkyD3vm6FScjTbMuTK8g==
From: Josselin Poiret <dev@HIDDEN>
To: 51514 <at> debbugs.gnu.org
Subject: [PATCH 2/2] doc: Document LUKS2 Grub support and shortcomings
Date: Sat, 30 Oct 2021 16:12:37 +0000
Message-Id: <20211030161237.28298-2-dev@HIDDEN>
In-Reply-To: <20211030161237.28298-1-dev@HIDDEN>
References: <87tugypkum.fsf@HIDDEN>
 <20211030161237.28298-1-dev@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: /
Authentication-Results: jpoiret.xyz;
 auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  * doc/guix.texi (Keyboard Layout, Networking,
 and Partitioning)[Disk
 Partitioning]: Document it. --- doc/guix.texi | 19 ++++++++++++++----- 1
 file changed, 14 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi
 b/doc/guix.texi index 22215214e0..4420f67050 100644 --- a/doc/guix.texi +++
 b/doc/guix.texi @@ -2492,13 +2492,22 @@ mkfs.ext4 -L my-root /dev/sda2 If
 you are instead plannin [...] 
 Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: jpoiret.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-Debbugs-Envelope-To: 51514
Cc: Josselin Poiret <dev@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * doc/guix.texi (Keyboard Layout, Networking, and Partitioning)[Disk
    Partitioning]: Document it. --- doc/guix.texi | 19 ++++++++++++++----- 1
   file changed, 14 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi
   b/doc/guix.texi index 22215214e0..4420f67050 100644 --- a/doc/guix.texi +++
    b/doc/guix.texi @@ -2492,13 +2492,22 @@ mkfs.ext4 -L my-root /dev/sda2 If
    you are instead plannin [...] 
 
 Content analysis details:   (1.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: jpoiret.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

* doc/guix.texi (Keyboard Layout, Networking, and Partitioning)[Disk
Partitioning]: Document it.
---
 doc/guix.texi | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 22215214e0..4420f67050 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -2492,13 +2492,22 @@ mkfs.ext4 -L my-root /dev/sda2
 If you are instead planning to encrypt the root partition, you can use
 the Cryptsetup/LUKS utilities to do that (see @inlinefmtifelse{html,
 @uref{https://linux.die.net/man/8/cryptsetup, @code{man cryptsetup}},
-@code{man cryptsetup}} for more information).  Assuming you want to
-store the root partition on @file{/dev/sda2}, the command sequence would
-be along these lines:
+@code{man cryptsetup}} for more information).
+
+@quotation Warning
+Note that Grub can unlock LUKS2 devices since version 2.06, but only
+supports the PBKDF2 key derivation function, which is not the default
+for Cryptsetup on Guix.  You can check which key derivation function is
+being used by a device by running @command{cryptsetup luksDump <dev>},
+and looking for the PBKDF field of your keyslots.
+@end quotation
+
+Assuming you want to store the root partition on @file{/dev/sda2}, the
+command sequence would be along these lines:
 
 @example
-cryptsetup luksFormat /dev/sda2
-cryptsetup open --type luks /dev/sda2 my-partition
+cryptsetup luksFormat --type luks2 --pbkdf pbkdf2 /dev/sda2
+cryptsetup open /dev/sda2 my-partition
 mkfs.ext4 -L my-root /dev/mapper/my-partition
 @end example
 
-- 
2.33.1





Information forwarded to guix-patches@HIDDEN:
bug#51514; Package guix-patches. Full text available.

Message received at 51514 <at> debbugs.gnu.org:


Received: (at 51514) by debbugs.gnu.org; 30 Oct 2021 16:13:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 30 12:13:00 2021
Received: from localhost ([127.0.0.1]:58275 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mgqya-0002TP-E5
	for submit <at> debbugs.gnu.org; Sat, 30 Oct 2021 12:13:00 -0400
Received: from jpoiret.xyz ([206.189.101.64]:38042)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dev@HIDDEN>) id 1mgqyY-0002TF-4d
 for 51514 <at> debbugs.gnu.org; Sat, 30 Oct 2021 12:12:58 -0400
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
 by jpoiret.xyz (Postfix) with ESMTPA id A091C184D63;
 Sat, 30 Oct 2021 16:12:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
 t=1635610377;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=/Zv9Gcr1iv3oUQ6N1bzyDp8YYn0niE8dMNIOqrBcRmQ=;
 b=Jh6T7ZyYOdL24GusoYojrMvdu6dx+F8Wn7nCwYKzOmOXcqhJV03r7TWLMb6zCPHakjMRYE
 TFjdu8TIsTUuGdeeRQRa1PMW2JhjOo06ZcBrA42gMX8Cyqb763WVcaRFFB+UQtq8qbabIy
 ePUPO+6L9fMOulJFapUywUKbkF4F3ZANvn+1VW5TGtKtfwI+EY/EpDRaDoPSYwrAILJBMF
 y4Nu8ykJPQx0f7hER4PTWfFxNLFKs+ZOpJ06Se9Y5I8VRRPVy1eQ9qf71wDDjYx744i6OW
 k65IAywz1k0UDY1q/KDyFokmeMe3+JPKF/yC8xBC8HJsnt1Py8Qsy/oi81ijLA==
From: Josselin Poiret <dev@HIDDEN>
To: 51514 <at> debbugs.gnu.org
Subject: [PATCH 1/2] gnu: system: Add LUKS2 support for the root file system.
Date: Sat, 30 Oct 2021 16:12:36 +0000
Message-Id: <20211030161237.28298-1-dev@HIDDEN>
In-Reply-To: <87tugypkum.fsf@HIDDEN>
References: <87tugypkum.fsf@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: /
Authentication-Results: jpoiret.xyz;
 auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: * gnu/bootloader/grub.scm (grub-configuration-file): Add
 'insmod
 luks2'. * gnu/system/mapped-devices.scm (open-luks-device): Create
 '/run/cryptsetup/'
 directory. --- gnu/bootloader/grub.scm | 3 +-- gn [...] 
 Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: jpoiret.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-Debbugs-Envelope-To: 51514
Cc: Josselin Poiret <dev@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod
    luks2'. * gnu/system/mapped-devices.scm (open-luks-device): Create '/run/cryptsetup/'
    directory. --- gnu/bootloader/grub.scm | 3 +-- gn [...] 
 
 Content analysis details:   (1.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: jpoiret.xyz (xyz)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

* gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod
luks2'.
* gnu/system/mapped-devices.scm (open-luks-device): Create
'/run/cryptsetup/' directory.
---
 gnu/bootloader/grub.scm       |  3 +--
 gnu/system/mapped-devices.scm | 10 ++++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index d8e888ff40..42f71aa4db 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -415,8 +415,7 @@ (define (crypto-device->cryptomount dev)
           ;; Other type of devices aren't implemented.
           #~()))
     (let ((devices (map crypto-device->cryptomount store-crypto-devices))
-          ;; XXX: Add luks2 when grub 2.06 is packaged.
-          (modules #~(format port "insmod luks~%")))
+          (modules #~(format port "insmod luks~%insmod luks2~%")))
       (if (null? devices)
           devices
           (cons modules devices))))
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 518dbc4fe8..95944b03c8 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -192,7 +192,8 @@ (define (open-luks-device source targets)
   "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
 'cryptsetup'."
   (with-imported-modules (source-module-closure
-                          '((gnu build file-systems)))
+                          '((gnu build file-systems)
+			    (guix build utils))) ;; For mkdir-p
     (match targets
       ((target)
        #~(let ((source #$(if (uuid? source)
@@ -201,7 +202,12 @@ (define (open-luks-device source targets)
            ;; XXX: 'use-modules' should be at the top level.
            (use-modules (rnrs bytevectors) ;bytevector?
                         ((gnu build file-systems)
-                         #:select (find-partition-by-luks-uuid)))
+                         #:select (find-partition-by-luks-uuid))
+			((guix build utils) #:select (mkdir-p)))
+
+	   ;; Create '/run/cryptsetup/' if it does not exist, as device locking
+	   ;; is mandatory for LUKS2.
+	   (mkdir-p "/run/cryptsetup/")
 
            ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
            ;; whole world inside the initrd (for when we're in an initrd).
-- 
2.33.1





Information forwarded to guix-patches@HIDDEN:
bug#51514; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 30 Oct 2021 15:56:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 30 11:56:41 2021
Received: from localhost ([127.0.0.1]:58250 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1mgqin-00087v-1c
	for submit <at> debbugs.gnu.org; Sat, 30 Oct 2021 11:56:41 -0400
Received: from lists.gnu.org ([209.51.188.17]:59034)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dev@HIDDEN>) id 1mgqil-00087m-Ei
 for submit <at> debbugs.gnu.org; Sat, 30 Oct 2021 11:56:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:45512)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <dev@HIDDEN>) id 1mgqil-00029B-6S
 for guix-patches@HIDDEN; Sat, 30 Oct 2021 11:56:39 -0400
Received: from jpoiret.xyz ([206.189.101.64]:35414)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <dev@HIDDEN>) id 1mgqij-0001Ug-In
 for guix-patches@HIDDEN; Sat, 30 Oct 2021 11:56:38 -0400
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
 by jpoiret.xyz (Postfix) with ESMTPA id 7049B184BFA;
 Sat, 30 Oct 2021 15:56:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
 t=1635609394;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=I54k2tax9n5K+yDEQJejoWYRcF0HLMw5YpXn+YMIHmI=;
 b=BhudiO02s1Lc7DrK+HVA2PunND/YkOjDtzEhFdTskermyXq+icIkihhroDueZgc5ZkQVkA
 CQxcfAGtcgso8qsPv8CUWy6M2zoqjEEqqtykCPPpP+G2ekgYMFrpj37igTQkhsXQ8PY+vt
 jgOZfVlEUDKFN8XyfiM08/LyLllWBqKPJwVi7yoIqywxjRcg9paacd0kGusRxVVQ6bja2N
 DvO6P/H+gZJiJ5NbKOzRkK1aAhdgYVGsw6qlUBdBG/3vkHTllUVQLJo9nX9YUbPHIDaSpf
 AqRf7x5SzLHU2YLJ4FrNTCR3VdVuIr8kE+EjCplNpqBoXqOOb/3ADbOtM4V7pg==
From: Josselin Poiret <dev@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/2] Add support for LUKS2 root partition
Date: Sat, 30 Oct 2021 15:56:33 +0000
Message-ID: <87tugypkum.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spamd-Bar: /
Authentication-Results: jpoiret.xyz;
 auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN
Received-SPF: pass client-ip=206.189.101.64; envelope-from=dev@HIDDEN;
 helo=jpoiret.xyz
X-Spam_score_int: 5
X-Spam_score: 0.5
X-Spam_bar: /
X-Spam_report: (0.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.499,
 FROM_SUSPICIOUS_NTLD_FP=1.999, PDS_OTHER_BAD_TLD=0.076, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, This patchset adds support for a LUKS2 root partition,
 leveraging its Grub support since 2.06, and making sure that the Cryptsetup
 run-time locking directory /var/cryptsetup/ exists before trying to u [...]
 Content analysis details:   (1.7 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [209.51.188.17 listed in list.dnswl.org]
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: jpoiret.xyz (xyz)]
 0.9 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
 id=dev%40jpoiret.xyz; ip=209.51.188.17; r=debbugs.gnu.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.51.188.17 listed in wl.mailspike.net]
 0.5 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.1 (/)

Hi,

This patchset adds support for a LUKS2 root partition, leveraging its
Grub support since 2.06, and making sure that the Cryptsetup run-time
locking directory /var/cryptsetup/ exists before trying to unlock
devices (this is required for LUKS2): this used to fail in early
userspace because /var/ did not exist. I've also added some
documentation on the limited support: Grub only supports PKBDF2 and
not Argon2i which is the default key derivation function. The example
given in the Disk Partitioning section was updated as well to use
LUKS2.

My testing setup was: using a Guix VM, install onto a qcow2 disk which
is itself launched with QEMU. It felt a bit convoluted (especially
transferring the WIP guix to the VM, then building it), and I'll see if
I can simplify this workflow a bit, but everything worked fine with
those patches.

Best,
Josselin Poiret

Josselin Poiret (2):
  gnu: system: Add LUKS2 support for the root file system.
  doc: Document LUKS2 Grub support and shortcomings

 doc/guix.texi                 | 19 ++++++++++++++-----
 gnu/bootloader/grub.scm       |  3 +--
 gnu/system/mapped-devices.scm | 10 ++++++++--
 3 files changed, 23 insertions(+), 9 deletions(-)

-- 
2.33.1





Acknowledgement sent to Josselin Poiret <dev@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#51514; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sat, 30 Oct 2021 16:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.