X-Loop: help-debbugs@HIDDEN
Subject: bug#72889: Support for root filesystem on btrfs raid1 on two LUKS devices
Resent-From: "amano.kenji" <amano.kenji@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 30 Aug 2024 08:49:04 +0000
Resent-Message-ID: <handler.72889.B.172500768919863 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 72889
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 72889 <at> debbugs.gnu.org
X-Debbugs-Original-To: "bug-guix@HIDDEN" <bug-guix@HIDDEN>
Received: via spool by submit <at> debbugs.gnu.org id=B.172500768919863
(code B ref -1); Fri, 30 Aug 2024 08:49:04 +0000
Received: (at submit) by debbugs.gnu.org; 30 Aug 2024 08:48:09 +0000
Received: from localhost ([127.0.0.1]:52485 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sjxIe-0005AD-MB
for submit <at> debbugs.gnu.org; Fri, 30 Aug 2024 04:48:09 -0400
Received: from lists.gnu.org ([209.51.188.17]:37060)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <amano.kenji@HIDDEN>) id 1sjvko-0002Lw-3I
for submit <at> debbugs.gnu.org; Fri, 30 Aug 2024 03:09:07 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <amano.kenji@HIDDEN>)
id 1sjvjt-0006CM-FC
for bug-guix@HIDDEN; Fri, 30 Aug 2024 03:08:09 -0400
Received: from mail-40132.protonmail.ch ([185.70.40.132])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <amano.kenji@HIDDEN>)
id 1sjvjp-00068X-Eg
for bug-guix@HIDDEN; Fri, 30 Aug 2024 03:08:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;
s=4owgybmdc5d4voqbf7woobxgjq.protonmail; t=1725001680; x=1725260880;
bh=yu+oUMurj72+9ZyyLVKcw0cQPoiP7yUo9XZRejkvAbg=;
h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
b=HqDtGKI4B93FhSO/Dloxkkqcb+yOIGlFh6sOJgIqVoWOQpuw/6KV8H9O1oViKuQQa
Jignn1TYp/cfnWp4ZCXbCxwv7aAMyJc02S/6tTuxv91FHJRouW+3rMce+Ua5M5ilft
hBckFVcr0Oa/yIhyzDE0uhMf8v5160GkEBAEin+w0dGYxfrBXUP1yrgUIo8PiH7POZ
QT6DPoppWl9Id3Kg0ch0W7eVfTbhxaSJjFwJnNaPWzCWQ0HJm4x9MjJ/8qhBJ35T9e
defDwGtYurXgB8sAcAL/CXyFLNe/FhlI9x0UnhBXcT8V/OUY4Mai1YHQMf3Sq5i3by
bDLW68eT0P8Kg==
Date: Fri, 30 Aug 2024 07:07:55 +0000
From: "amano.kenji" <amano.kenji@HIDDEN>
Message-ID: <-0PYKHO0ibVEYpJmDoSQAxcjyCsrp6q43lhdJeWrLK-axts_Oe8bd25m8I-URuDnpv6eBPBbmz5wb0WOqx3wonFOMYXzX9uqgpGgyc8jlYk=@proton.me>
Feedback-ID: 48725158:user:proton
X-Pm-Message-ID: c5c1d6b5ecaa067117b8d570d9e09e54dc6abfe7
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=185.70.40.132; envelope-from=amano.kenji@HIDDEN;
helo=mail-40132.protonmail.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Mailman-Approved-At: Fri, 30 Aug 2024 04:48:04 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Imagine that root filesystem is btrfs raid1 on two LUKS devices.
To mount it on initial ram disk, guix has to first unlock two LUKS devices =
with one password.
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: "amano.kenji" <amano.kenji@HIDDEN> Subject: bug#72889: Acknowledgement (Support for root filesystem on btrfs raid1 on two LUKS devices) Message-ID: <handler.72889.B.172500768919863.ack <at> debbugs.gnu.org> References: <-0PYKHO0ibVEYpJmDoSQAxcjyCsrp6q43lhdJeWrLK-axts_Oe8bd25m8I-URuDnpv6eBPBbmz5wb0WOqx3wonFOMYXzX9uqgpGgyc8jlYk=@proton.me> X-Gnu-PR-Message: ack 72889 X-Gnu-PR-Package: guix Reply-To: 72889 <at> debbugs.gnu.org Date: Fri, 30 Aug 2024 08:49:04 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 72889 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 72889: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D72889 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#72889: A new insight
References: <-0PYKHO0ibVEYpJmDoSQAxcjyCsrp6q43lhdJeWrLK-axts_Oe8bd25m8I-URuDnpv6eBPBbmz5wb0WOqx3wonFOMYXzX9uqgpGgyc8jlYk=@proton.me>
In-Reply-To: <-0PYKHO0ibVEYpJmDoSQAxcjyCsrp6q43lhdJeWrLK-axts_Oe8bd25m8I-URuDnpv6eBPBbmz5wb0WOqx3wonFOMYXzX9uqgpGgyc8jlYk=@proton.me>
Resent-From: "amano.kenji" <amano.kenji@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 05 Sep 2024 01:58:02 +0000
Resent-Message-ID: <handler.72889.B72889.172550146626610 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72889
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: "72889 <at> debbugs.gnu.org" <72889 <at> debbugs.gnu.org>
Received: via spool by 72889-submit <at> debbugs.gnu.org id=B72889.172550146626610
(code B ref 72889); Thu, 05 Sep 2024 01:58:02 +0000
Received: (at 72889) by debbugs.gnu.org; 5 Sep 2024 01:57:46 +0000
Received: from localhost ([127.0.0.1]:35799 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sm1kn-0006v8-Ni
for submit <at> debbugs.gnu.org; Wed, 04 Sep 2024 21:57:45 -0400
Received: from mail-43167.protonmail.ch ([185.70.43.167]:28289)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <amano.kenji@HIDDEN>) id 1sm1kk-0006ur-H6
for 72889 <at> debbugs.gnu.org; Wed, 04 Sep 2024 21:57:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;
s=protonmail; t=1725501391; x=1725760591;
bh=pbfiidD928k/9JZCPZpVZrjEN8RLAByszc+TTYulMBQ=;
h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
b=KeKeYCF770RRjOUjyrkGsbChPjvrtfwzjXSme7jT7MYAy3dl5EzoGMyWgUxMPqLoi
cbOCo5QxwsnzEqLi37ul+c/9qQWQOUHdbmDCxXpKESm6X54N7/6Vf6Kj3iV2hX4wrC
pQXh+2YSYcjneq/Tfx+pLpY/YNaOg0jIMJeP7OAG5qFBo5zI01YeVH/YBz1QYtoLd0
BBsbc02wERQBVjvt0zD12NsHxfqlt5gMTfG38OwXT0Uicee23O3cW0HzGJrzfK12Iw
KI7DFBymshHoen2Vk/EBSVtFPnDK9UQkmQ1UV3Ii8Xn7t4LqzrzWN66wiOr2r3z2C2
obGKpx5/Sfr8A==
Date: Thu, 05 Sep 2024 01:56:25 +0000
From: "amano.kenji" <amano.kenji@HIDDEN>
Message-ID: <A_TAuyeNIZ7YW8B-C1J0QAeOkZd2ZJFO7eybwej6N--mx3SMcWbp54afXfpr07zkyF5K3xCCT9QwCzTnvD1cl0rSS709W06f_8rzaRbPGvs=@proton.me>
Feedback-ID: 48725158:user:proton
X-Pm-Message-ID: d32c740c51664d7f1c277c87be76f5c452b30a57
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
I guess this is going to require passphrase reuse for mapped devices.
X-Loop: help-debbugs@HIDDEN
Subject: bug#72889: I thought of a possible way to do this.
References: <-0PYKHO0ibVEYpJmDoSQAxcjyCsrp6q43lhdJeWrLK-axts_Oe8bd25m8I-URuDnpv6eBPBbmz5wb0WOqx3wonFOMYXzX9uqgpGgyc8jlYk=@proton.me>
In-Reply-To: <-0PYKHO0ibVEYpJmDoSQAxcjyCsrp6q43lhdJeWrLK-axts_Oe8bd25m8I-URuDnpv6eBPBbmz5wb0WOqx3wonFOMYXzX9uqgpGgyc8jlYk=@proton.me>
Resent-From: "amano.kenji" <amano.kenji@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 10 Sep 2024 13:15:02 +0000
Resent-Message-ID: <handler.72889.B72889.172597409710312 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 72889
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: "72889 <at> debbugs.gnu.org" <72889 <at> debbugs.gnu.org>
Received: via spool by 72889-submit <at> debbugs.gnu.org id=B72889.172597409710312
(code B ref 72889); Tue, 10 Sep 2024 13:15:02 +0000
Received: (at 72889) by debbugs.gnu.org; 10 Sep 2024 13:14:57 +0000
Received: from localhost ([127.0.0.1]:35045 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1so0ht-0002gF-Es
for submit <at> debbugs.gnu.org; Tue, 10 Sep 2024 09:14:57 -0400
Received: from mail-4319.protonmail.ch ([185.70.43.19]:36815)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <amano.kenji@HIDDEN>) id 1so0hq-0002fz-8f
for 72889 <at> debbugs.gnu.org; Tue, 10 Sep 2024 09:14:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;
s=dmj3fu6mwbfcdisxr4r7weqae4.protonmail; t=1725974082; x=1726233282;
bh=aErXJncUtOy6n8zlgjvFC7HcusBauWi0a9vl+qsttSc=;
h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
b=jburpIBv2cV8hMJU/PCAJfZB6n5Z5G3wRR3oPYUU5FWtjJLkeLa2CmLtBqPpkxzZv
gsDy9oAB2f6go2p7P0JKZmb2SpFAnThhf0oUI8fp4SS0Bzre/zEG2DhVYJrBA6X6Nr
oPnaOZMwDA6Sb3qKW6P/NLswtDl9GM5O2VPmaUnCthYz4heKBKG2/dJXDC1exr+Q7T
PHO5lCZhB8kZnfYUQ25IhuwNE0MUFooyXl+3pjjln64imJ0nLblqBT1oGXC2B76RIK
5U5dTzT40Cb6EsMJfrHzy2wVlwp/8rmmePpNW/NljheCaW7I52BLOYSusO3GG4iI7N
fNWFjk00s8Jrw==
Date: Tue, 10 Sep 2024 13:14:38 +0000
From: "amano.kenji" <amano.kenji@HIDDEN>
Message-ID: <EKx5__W2YAog5dIoQd-wnv5iQT-p1MULD8UZKuYlku7QckCkfV1mY7ke59qapK33KhxA8BSBpB2JxtE12BhDC-j8IUKf9dFObhNMiXCZr5A=@proton.me>
Feedback-ID: 48725158:user:proton
X-Pm-Message-ID: ee6b70ba3d03258525e9f28024bd016271be95b0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
- /dev/sda
/dev/sda1: A tiny LUKS partition that's filled with the content of a keyfil=
e without any filesystem format.
/dev/sda2: /boot for grub. It also serves as FAT32 EFI partition.
- /dev/sdb
/dev/sdb1: /gnu/store on btrfs raid1
/dev/sdb2: / on btrfs raid1 on LUKS
- /dev/sdc
/dev/sdc1: /gnu/store on btrfs raid1
/dev/sdc2: / on btrfs raid1 on LUKS
Open /dev/sda1 as a luke device, /dev/mapper/key, with one password. It con=
tains a keyfile without any filesystem format. Use /dev/mapper/key as a key=
file for all other LUKS devices in mapped devices.
This exposes /gnu/store, but /gnu/store is not supposed to have any sensiti=
ve data. This obviously makes it practically impossible to detect physical =
tempering of data, but if you store it at a secure location, you don't have=
to worry too much about evil maid attack.
RAID1 for physically secure servers is enough to ensure some availability w=
hen a disk fails.
For laptops that you carry, you are not going to use btrfs raid1, and you c=
an just have unencrypted /boot on fat32 and / on btrfs on luks. extra-initr=
d contains a keyfile for / so that I don't have to type the password twice.
A desktop computer doesn't require server-level availability, but people wh=
o have money can still put root on encrypted btrfs raid1.
Perhaps, can this be documented in the cook book?
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.