Received: (at 77499) by debbugs.gnu.org; 16 Sep 2025 15:30:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 16 11:30:34 2025
Received: from localhost ([127.0.0.1]:49398 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uyXdZ-0006cz-OG
for submit <at> debbugs.gnu.org; Tue, 16 Sep 2025 11:30:34 -0400
Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]:56448)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
id 1uyXdW-0006Fl-PM
for 77499 <at> debbugs.gnu.org; Tue, 16 Sep 2025 11:30:31 -0400
Received: by mail-pf1-x442.google.com with SMTP id
d2e1a72fcca58-77256e75eacso4518773b3a.0
for <77499 <at> debbugs.gnu.org>; Tue, 16 Sep 2025 08:30:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1758036624; x=1758641424; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
:reply-to; bh=7/LJZVL5khogfX2cuptHvFpkjXow4Am7by0DNetpIS8=;
b=EGGYtlbCYyNfS1HrrmTHZGHWxkBQtP/S6O4FEb1ZQhkdlq+wSBkZfdOW9/qEEMGQ4b
EEX+1W1Rpp7p3XW3AD/Az7ti36lthE3CNyBI2uGGDwsO7ijOF4t2+h+tkUUX32IQ8DQy
bjZDmipWmE4Byy6YHJzNlPTGIdwNGqUleBcdaDxtydnIumyH90DeYAfJGodEgOUnil6M
uWU89Vx649a3Q9LF8lnM8MLSAM3qaisfBDp4tExEc4o7WO5LXM77VhSM6a14hZd+aEAD
36YMHCGknkm3yTaceIFRAymsFFfES3yepD/hGh5gEc+39kByMtaAWpGWWTVPkApIjZhC
ce+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1758036624; x=1758641424;
h=content-transfer-encoding:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=7/LJZVL5khogfX2cuptHvFpkjXow4Am7by0DNetpIS8=;
b=Y4iJ+vQ5jgLUahqRTgI6tLl/wVXMa+eN6nOGTOUMdPnYWEoM5ivCaH+J/sN2ZY/5k3
8o3hF9MoUghTWpS6hNkGQVArewBfFZFlqsW8Z8ZZ+0zoEHvqP6g+obp/LbGVKj4c/9Kc
rbtd9r43L+1xW5gwqXbhDO/ERufVL3bGe+BqVRKlE4hAN6CwprdnxCuzpZzw4hMT6RFf
ENQiIqFRVpHsCVSTQH0u/eft0tGhVU+A65gH+Y2+UVf/sVjJUNuh15B9RltHX/T2b+it
Rjh6dtl/Ip07UMRtDNUw2c0vmLRWTFJrpUJAgrXZ67bJZMqW/IuiyMdC3mwSI5rM25tx
zY2g==
X-Forwarded-Encrypted: i=1;
AJvYcCUA7Cjw7Cp8ueu69QbhV7xk9V8DHNEEYlAMgwdmyUJD9qppO4w/z3yedbG4KcSuWyFHIzxF6w==@debbugs.gnu.org
X-Gm-Message-State: AOJu0Yy8Rs1hneJ4X26n85jnXYsKzLjV/6y4l3eNHKYrfupToGr42O0J
OteAWt6wZ0oVr6WU4v/s75CFcpU+3vrlk4GRy8snW+2y3Nuc4sNthGWT
X-Gm-Gg: ASbGncs+/ButZxgjDTpwTPFptjVc3MJ9WoiumtxqlDwHYdt7Z1nL/ONEwGnZ5dMX4s9
pPRvJgVjLn28VOeEaxlGWSrbxTA0rYMRq3seqe0+LSFRWJm9jEUCmqPQ/vHjgMYaPVlZ575UDbm
yQf81HuFbxiwfU1b/bVeOlDOSFqunDX24ULvVCySrbK/N99btUFDtQhLeck7TwxXbHTCyDFnjTw
2Om8UdUUbnenexjbKo96/7Z2N2D7b980GB08xF9jE6rDQXq0ESK3tj+pY507zLSJsXo8laImDFE
TY5MHETaW5JGhU2Xha7OQt+mbQfMwGKOXgCK7H/ldJ1ITlW081bJpX/PelUcBzufczZPe6V9X+3
4JHKCm+Ok63ncekpHuDV2
X-Google-Smtp-Source: AGHT+IGU26WF4/Tk2JVDXkMnD91mCr2sl5MrP++T/APG2Xkm5XM8Q0HMmWuO+DPDzV1EopA2jwE52w==
X-Received: by 2002:a17:903:1b65:b0:265:47:a7b0 with SMTP id
d9443c01a7336-2650047b926mr105018325ad.10.1758036623852;
Tue, 16 Sep 2025 08:30:23 -0700 (PDT)
Received: from guix1 ([2401:4900:6323:7a15:61a1:b8ea:3653:a372])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-25ff5199a91sm110737665ad.73.2025.09.16.08.29.47
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 16 Sep 2025 08:30:23 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 45mg
<45mg.writes@HIDDEN>
Subject: Re: [PATCH v3] mapped-devices/luks: Support extra options.
In-Reply-To: <871po6biyr.fsf@HIDDEN>
References: <87cy8ypubs.fsf@HIDDEN>
<b1b89a7997c492def17e26d874d90a6d78a25c06.1758024769.git.45mg.writes@HIDDEN>
<871po6biyr.fsf@HIDDEN>
Date: Tue, 16 Sep 2025 15:29:38 +0000
Message-ID: <87h5x25sbh.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, Ludovic Courtès writes: > Hello, > > 45mg writes: > >>
Allow passing extra options to the 'cryptsetup open' command. >>
Content analysis details: (3.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2607:f8b0:4864:20:0:0:0:442 listed in]
[list.dnswl.org]
3.0 MANY_TO_CC Sent to 10+ recipients
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (45mg.writes[at]gmail.com)
X-Debbugs-Envelope-To: 77499
Cc: Gabriel Wicki <gabriel@HIDDEN>, Maxim Cournoyer <maxim@HIDDEN>,
soeren@HIDDEN, Tadhg McDonald-Jensen <tadhgmister@HIDDEN>,
Tomas Volf <~@wolfsden.cz>, 77499 <at> debbugs.gnu.org, gmail.com <at> debbugs.gnu.org,
Sisiutl <sisiutl@HIDDEN>, 70826 <at> debbugs.gnu.org,
Hilton Chain <hako@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, Ludovic Courtès writes: > Hello, > > 45mg writes: > >>
Allow passing extra options to the 'cryptsetup open' command. >>
Content analysis details: (2.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.0 MANY_TO_CC Sent to 10+ recipients
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2607:f8b0:4864:20:0:0:0:442 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (45mg.writes[at]gmail.com)
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Hi,
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> Hello,
>
> 45mg <45mg.writes@HIDDEN> writes:
>
>> Allow passing extra options to the 'cryptsetup open' command.
>>
[...]
>> +@item #:extra-options
>> +@code{extra-options} may be used to specify a list of additional
>> +command-line options for the @code{cryptsetup open} command. See the
>
> Instead of repeating the keyword name, maybe you can write:
>
> List of additional command-line options for =E2=80=A6
>
OK.
>> +@lisp
>> +(mapped-device
>> +(source "/dev/sdb1")
>> +(target "data")
>> +(type (type luks-device-mapping)
>> + (arguments '(#:allow-discards? #t
>> + #:extra-options
>> + ("--perf-no_read_workqueue"
>> + "--perf-no_write_workqueue")))))
>
> The indentation and syntax are incorrect, if I=E2=80=99m not mistaken.
Is it? `indent-region` in Emacs (C-M-\) leaves it unchanged. How should I
indent it instead?
As for the syntax,
guix shell -D guix --pure -- make check-system TESTS=3Dencrypted-root-extra=
-options-os
passes.
> Otherwise LGTM!
>
> Could you send an updated version?
>
> Thanks,
> Ludo=E2=80=99.
>
> PS: Use of guix-patches will be discontinued at the end of the year. I
> would encourage you to try out the pull request workflow on Codeberg
> and to report any questions or issues you may have.
guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
Received: (at 77499) by debbugs.gnu.org; 16 Sep 2025 13:55:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 16 09:55:46 2025
Received: from localhost ([127.0.0.1]:48812 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uyW9q-00082F-1e
for submit <at> debbugs.gnu.org; Tue, 16 Sep 2025 09:55:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34848)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>)
id 1uyW9m-0007zM-0H; Tue, 16 Sep 2025 09:55:42 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1uyW9Y-0003Kq-2P; Tue, 16 Sep 2025 09:55:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=hWTs5COkqAsRDTpAgl8oNid7HROyM6jUvwYpB+HhDfk=; b=NoOR4xMBRIut/eUx9jj/
zpqVVDkIEGJbDN6lhdIofFqlO418DAxkAxNNUKtZq8sa1SPVsTVNeMPjwGL1s5rdvL150XVB9lWrw
jkRrQ6NrtvBMlnpw5OMlHBG/QZbaosldzDRAZpsHGY/xqES7/IJjZ6R1Doihju/qzkkxXiZp8/8Tn
Uy+lpCxrDm2UUlpmQRDSQerOWw35gKM2MbhOGnQb6VMDSQtW7WWsfvckRbVJhp7yGIz1DqqqesrnL
aPoO14Sp6oQ2XmJhkEB/wbLFc1RcsjAYujYz2cTsmBxXn0PLmHzWqTzlb/FkAvhsaPsbMcF3A32ii
fM+MtdD6auf68A==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [PATCH v3] mapped-devices/luks: Support extra options.
In-Reply-To: <b1b89a7997c492def17e26d874d90a6d78a25c06.1758024769.git.45mg.writes@HIDDEN>
(45mg.writes@HIDDEN's message of "Tue, 16 Sep 2025 17:47:43 +0530")
References: <87cy8ypubs.fsf@HIDDEN>
<b1b89a7997c492def17e26d874d90a6d78a25c06.1758024769.git.45mg.writes@HIDDEN>
User-Agent: mu4e 1.12.11; emacs 30.2
X-URL: https://people.bordeaux.inria.fr/lcourtes/
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
X-Revolutionary-Date: =?utf-8?Q?D=C3=A9cadi?= 30 Fructidor an 233 de la
=?utf-8?Q?R=C3=A9volution=2C?= jour du Panier
Date: Tue, 16 Sep 2025 15:55:08 +0200
Message-ID: <871po6biyr.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: 77499
Cc: Gabriel Wicki <gabriel@HIDDEN>, Maxim Cournoyer <maxim@HIDDEN>,
soeren@HIDDEN, Tadhg McDonald-Jensen <tadhgmister@HIDDEN>,
Tomas Volf <~@wolfsden.cz>, 77499 <at> debbugs.gnu.org, gmail.com <at> debbugs.gnu.org,
Sisiutl <sisiutl@HIDDEN>, 70826 <at> debbugs.gnu.org,
Hilton Chain <hako@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)
Hello,
45mg <45mg.writes@HIDDEN> writes:
> Allow passing extra options to the 'cryptsetup open' command.
>
> * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
> [#:extra-options]: New argument.
> (open-luks-device): Use it.
> (check-luks-device): Validate it.
> * doc/guix.texi (Mapped Devices): Document it.
> * gnu/tests/install.scm (%test-encrypted-root-extra-options-os): New
> test for it, as well as the previously untested #:allow-discards?
> option.
> (%encrypted-root-extra-options-os): New os declaration for the test.
>
> Change-Id: Ibbc3cf4f2ee4d49099a3155a015f54d319515663
[...]
> +@item #:extra-options
> +@code{extra-options} may be used to specify a list of additional
> +command-line options for the @code{cryptsetup open} command. See the
Instead of repeating the keyword name, maybe you can write:
List of additional command-line options for =E2=80=A6
> +@lisp
> +(mapped-device
> +(source "/dev/sdb1")
> +(target "data")
> +(type (type luks-device-mapping)
> + (arguments '(#:allow-discards? #t
> + #:extra-options
> + ("--perf-no_read_workqueue"
> + "--perf-no_write_workqueue")))))
The indentation and syntax are incorrect, if I=E2=80=99m not mistaken.
Otherwise LGTM!
Could you send an updated version?
Thanks,
Ludo=E2=80=99.
PS: Use of guix-patches will be discontinued at the end of the year. I
would encourage you to try out the pull request workflow on Codeberg
and to report any questions or issues you may have.
guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
Received: (at 77499) by debbugs.gnu.org; 16 Sep 2025 12:18:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 16 08:18:41 2025
Received: from localhost ([127.0.0.1]:47737 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uyUds-0007mm-Jj
for submit <at> debbugs.gnu.org; Tue, 16 Sep 2025 08:18:41 -0400
Received: from mail-pj1-x1042.google.com ([2607:f8b0:4864:20::1042]:43361)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
id 1uyUdi-0007lw-W9
for 77499 <at> debbugs.gnu.org; Tue, 16 Sep 2025 08:18:33 -0400
Received: by mail-pj1-x1042.google.com with SMTP id
98e67ed59e1d1-32e74ae0306so1418483a91.1
for <77499 <at> debbugs.gnu.org>; Tue, 16 Sep 2025 05:18:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1758025104; x=1758629904; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=Aw0WFCZES8FfsEDTu0rFo1CpmrN8IH9D/x9BHB7jeOw=;
b=jBiYouGYwtTy4LnktN4sfZb5UbsCfGDZGAh2e3J0Y86uruLQwzRktlst1g97vkEJ7/
SgFtCCb2b+XrVM0PXgqaho+lpfTZHyjfg4UlsB7n5APfZkfaGsNvSkx9TU4JK+wB4q5M
eJVqlVtQP7XHxFOPppCyBDAS2CiZ0klJySjN13L0BKhRidCtvpm4lKtMAihF+GnVP9C/
JGKjIVFcTIYLZ7ral7Wl/hdJOdWY9AhLCt4OpYDdN/lulAhYvYBwZArm5VpH3pXO0UJy
BkI3/he7l+FpQiFTbJ8nqRsXSRrZ/W2St4/t4NPooOP4rvPZwG2DLt/jBVieWG3wBEJp
o+WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1758025104; x=1758629904;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=Aw0WFCZES8FfsEDTu0rFo1CpmrN8IH9D/x9BHB7jeOw=;
b=j2DqRxzwYrKgSj+eEM99oxDEDJR0AHExsgqBUdkJP1jsf/WYgZie11vuMRdcwlVajS
lB2BZJtbuk4pbMJ5xoeqjF0Cp7nE8hKICyrnggOhzoRlEnxecNCjcmNXzFYDzzcZ9EGi
enNU+ZW5n8fhDbGBpjvVgHZ8HFnz6K+rJ5xjn6Wa1X6HXXGAlFsAMgIXnyfJmKackaw6
gXot4uWyGJXuqQJuTC6hfduHw7H09QAG/zinnPqyp75DEyq+h24uLlnvgHFnebQWwDmy
GixjTb8m2RPg8IMnIZJwaVT9z4jEnPuYJoLR+l/fJgqaat8zw+J9+W0k449rI7/GIh37
i+GA==
X-Forwarded-Encrypted: i=1;
AJvYcCWUpn0NUi/BYowhPv4wh5WL0P6LW4QevNu1lKK9k7+gdaPb03j/JAwQrzvIpkO5oAA5U6XR/Q==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YyyFcwu99lUAP5/uZJUFsY2tQoV1MPMa9FslhesDCCeu8AFQy6M
jyCIgyV+kFd662K6y6Lm6mB99n8L1uJqaLkzlBrDOOTpy16hDSDX5a7v
X-Gm-Gg: ASbGncu8u2HCx5+vVWEA1ld0RLLcPeK0kCvWg8E8OyjGW0ZHxD8YRWYtee1dte/7fwO
y+5jpBHMn7UaDX6FmQ+/QzqiR6mnAoNfo/RwkDvXOqjapE0vt1A+x3kQSdF0cSa5B6Afo10gHQ+
QmY86tUj3bXBXL5J/4vT0J542wB2GDdWJ1+QwJrsF4I/z9/gzTOsrjNujiM+VKAtrse7SBGGzbj
08eKq1aUhgUCbNCxsMo4BaaRsd3Y6BObQEXUDo/guUI+KpbpKT3CUnDYOlyEqB95qa/iCOq5WqO
pwZ1Gg2dY77tMkfAkkTQTNEvqdk9l/1ZDuQ7lHv+xNeXyISqJsikGR6La0aaT2tpaiQOgc3NCSB
IiA/VtaaQI8D3VLsF8NOx
X-Google-Smtp-Source: AGHT+IFr8a+xUNR/kust7ULBL4+GuFYlnq6WbaImd4o7Ht3pQKRoQzJCB6eO+SDpNB2Db+n4mV+hQQ==
X-Received: by 2002:a17:90b:4b82:b0:32d:fd14:600b with SMTP id
98e67ed59e1d1-32ea60d5664mr2704169a91.7.1758025104259;
Tue, 16 Sep 2025 05:18:24 -0700 (PDT)
Received: from guix1 ([2401:4900:633e:c23a:e612:db2b:a44b:43bc])
by smtp.gmail.com with ESMTPSA id
98e67ed59e1d1-32dfce3c5e0sm11661586a91.9.2025.09.16.05.17.49
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 16 Sep 2025 05:18:23 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: Maxim Cournoyer <maxim@HIDDEN>,
45mg <45mg.writes@HIDDEN>
Subject: [PATCH v3] mapped-devices/luks: Support extra options.
Date: Tue, 16 Sep 2025 17:47:43 +0530
Message-ID: <b1b89a7997c492def17e26d874d90a6d78a25c06.1758024769.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.50.1
In-Reply-To: <87cy8ypubs.fsf@HIDDEN>
References: <87cy8ypubs.fsf@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Gabriel Wicki <gabriel@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 3.0 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Allow passing extra options to the 'cryptsetup open' command.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
[#:extra-options]:
New argument. (open-luks-device): Use it. (check-luks-device): Validate it.
* doc/guix.texi (Mapped Devices): Doc [...]
Content analysis details: (3.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2607:f8b0:4864:20:0:0:0:1042 listed in]
[list.dnswl.org]
3.0 MANY_TO_CC Sent to 10+ recipients
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (45mg.writes[at]gmail.com)
X-Debbugs-Envelope-To: 77499
Cc: Gabriel Wicki <gabriel@HIDDEN>, soeren@HIDDEN,
Tadhg McDonald-Jensen <tadhgmister@HIDDEN>,
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>, 77499 <at> debbugs.gnu.org,
gmail.com <at> debbugs.gnu.org, Sisiutl <sisiutl@HIDDEN>,
70826 <at> debbugs.gnu.org, Hilton Chain <hako@HIDDEN>,
Tomas Volf <~@wolfsden.cz>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Allow passing extra options to the 'cryptsetup open' command.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options): [#:extra-options]:
New argument. (open-luks-device): Use it. (check-luks-device): Validate it.
* doc/guix.texi (Mapped Devices): Doc [...]
Content analysis details: (2.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2607:f8b0:4864:20:0:0:0:1042 listed in]
[list.dnswl.org]
3.0 MANY_TO_CC Sent to 10+ recipients
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (45mg.writes[at]gmail.com)
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Allow passing extra options to the 'cryptsetup open' command.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
[#:extra-options]: New argument.
(open-luks-device): Use it.
(check-luks-device): Validate it.
* doc/guix.texi (Mapped Devices): Document it.
* gnu/tests/install.scm (%test-encrypted-root-extra-options-os): New
test for it, as well as the previously untested #:allow-discards?
option.
(%encrypted-root-extra-options-os): New os declaration for the test.
Change-Id: Ibbc3cf4f2ee4d49099a3155a015f54d319515663
---
Add default value '() as suggested by Maxim. Also, add the suggested
validation in check-luks-device.
doc/guix.texi | 21 +++++++++++
gnu/system/mapped-devices.scm | 30 ++++++++++++----
gnu/tests/install.scm | 68 +++++++++++++++++++++++++++++++++++
3 files changed, 113 insertions(+), 6 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0924aebf4a..74a6367e43 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18774,6 +18774,27 @@ Mapped Devices
file system level operations visible on the physical device. For more
information, refer to the description of the @code{--allow-discards}
option in the @code{cryptsetup-open(8)} man page.
+
+@item #:extra-options
+@code{extra-options} may be used to specify a list of additional
+command-line options for the @code{cryptsetup open} command. See the
+@code{cryptsetup-open(8)} man page for a list of supported options.
+
+For example, here is how you could specify the
+@option{--perf-no_read_workqueue} and @option{--perf-no_write_workqueue}
+options, along with @option{--allow-discards}:
+
+@lisp
+(mapped-device
+(source "/dev/sdb1")
+(target "data")
+(type (type luks-device-mapping)
+ (arguments '(#:allow-discards? #t
+ #:extra-options
+ ("--perf-no_read_workqueue"
+ "--perf-no_write_workqueue")))))
+@end lisp
+
@end table
@end defvar
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index b0a6beef28..a2d49c55a5 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -43,6 +43,7 @@ (define-module (gnu system mapped-devices)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ice-9 match)
+ #:use-module (ice-9 optargs)
#:use-module (ice-9 format)
#:export (%mapped-device
mapped-device
@@ -200,10 +201,12 @@ (define (check-device-initrd-modules device linux-modules location)
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file allow-discards?)
+(define* (open-luks-device source targets
+ #:key key-file allow-discards? (extra-options '()))
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM)
-requests is allowed for the underlying device."
+requests is allowed for the underlying device. EXTRA-OPTIONS is a list of
+additional options to be passed to the 'cryptsetup open' command."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@@ -244,10 +247,15 @@ (define* (open-luks-device source targets #:key key-file allow-discards?)
(let ((cryptsetup #$(file-append cryptsetup-static
"/sbin/cryptsetup"))
(cryptsetup-flags (cons*
- "open" "--type" "luks" partition #$target
- (if #$allow-discards?
- '("--allow-discards")
- '()))))
+ "open" "--type" "luks"
+ (append
+ (if #$allow-discards?
+ '("--allow-discards")
+ '())
+ (if (pair? '#$extra-options)
+ '#$extra-options
+ '())
+ (list partition #$target)))))
;; We want to fallback to the password unlock if the keyfile
;; fails.
(or (and keyfile
@@ -271,6 +279,16 @@ (define* (check-luks-device md #:key
"Ensure the source of MD is valid."
(let ((source (mapped-device-source md))
(location (mapped-device-location md)))
+ (let-keywords (mapped-device-arguments md) #t
+ (key-file allow-discards extra-options)
+ (unless (pair? extra-options)
+ (raise (make-compound-condition
+ (formatted-message (G_ "invalid value ~s for #:extra-options \
+argument of `open-luks-device'")
+ extra-options)
+ (condition
+ (&error-location
+ (location (source-properties->location location))))))))
(or (not (zero? (getuid)))
(if (uuid? source)
(match (find-partition-by-luks-uuid (uuid-bytevector source))
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index ec31cf2bdf..c6715484cf 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -68,6 +68,7 @@ (define-module (gnu tests install)
%test-separate-home-os
%test-raid-root-os
%test-encrypted-root-os
+ %test-encrypted-root-extra-options-os
%test-encrypted-home-os
%test-encrypted-home-os-key-file
%test-encrypted-root-not-boot-os
@@ -843,6 +844,73 @@ (define %test-encrypted-root-os
(run-basic-test %encrypted-root-os command "encrypted-root-os"
#:initialization enter-luks-passphrase)))))
+
+;;;
+;;; LUKS-encrypted root with extra options: --allow-discards,
+;;; --perf-no_read_workqueue and --perf-no_write_workqueue
+;;;
+
+;; Except for the 'mapped-devices' field, this is exactly the same as
+;; %encrypted-root-os.
+(define-os-with-source (%encrypted-root-extra-options-os
+ %encrypted-root-extra-options-os-source)
+ ;; The OS we want to install.
+ (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+ (operating-system
+ (host-name "liberigilo")
+ (timezone "Europe/Paris")
+ (locale "en_US.UTF-8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets '("/dev/vdb"))))
+
+ ;; Note: Do not pass "console=ttyS0" so we can use our passphrase prompt
+ ;; detection logic in 'enter-luks-passphrase'.
+
+ (mapped-devices (list (mapped-device
+ (source (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "the-root-device")
+ (type luks-device-mapping)
+ (arguments '(#:allow-discards? #t
+ #:extra-options
+ ("--perf-no_read_workqueue"
+ "--perf-no_write_workqueue"))))))
+ (file-systems (cons (file-system
+ (device "/dev/mapper/the-root-device")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (users (cons (user-account
+ (name "charlie")
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))
+ (services (cons (service marionette-service-type
+ (marionette-configuration
+ (imported-modules '((gnu services herd)
+ (guix combinators)))))
+ %base-services))))
+
+(define %test-encrypted-root-extra-options-os
+ (system-test
+ (name "encrypted-root-extra-options-os")
+ (description
+ "Test basic functionality of an OS installed like one would do by hand,
+with an LUKS-encrypted root partition opened with extra options
+(--allow-discards, --perf-no_read_workqueue and --perf-no_write_workqueue).
+This test is expensive in terms of CPU and storage usage since we need to
+build (current-guix) and then store a couple of full system images.")
+ (value
+ (mlet* %store-monad ((images (run-install %encrypted-root-extra-options-os
+ %encrypted-root-extra-options-os-source
+ #:script
+ %encrypted-root-installation-script))
+ (command (qemu-command* images)))
+ (run-basic-test %encrypted-root-os command "encrypted-root-extra-options-os"
+ #:initialization enter-luks-passphrase)))))
+
;;;
;;; Separate /home on LVM
base-commit: ea4a3af73940e3fd578326510eccb2d5747352b4
--
2.50.1
gabriel@HIDDEN, ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
Received: (at 77499) by debbugs.gnu.org; 14 Aug 2025 01:26:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Aug 13 21:26:50 2025
Received: from localhost ([127.0.0.1]:59388 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1umMjy-00032l-6D
for submit <at> debbugs.gnu.org; Wed, 13 Aug 2025 21:26:50 -0400
Received: from mailtransmit04.runbox.com ([2a0c:5a00:149::25]:48514)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <maxim@HIDDEN>)
id 1umMjs-00032G-GR; Wed, 13 Aug 2025 21:26:46 -0400
Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com)
by mailtransmit04.runbox.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93)
(envelope-from <maxim@HIDDEN>)
id 1umMjg-002C7s-RE; Thu, 14 Aug 2025 03:26:32 +0200
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=guixotic.coop; s=selector1; h=Content-Type:MIME-Version:Message-ID:Date:
References:In-Reply-To:Subject:Cc:To:From;
bh=YRSRnCKfV6/xpqYSPktmnL1t6/yZkfzIMrmwE4ILEj4=; b=KoQR4dVyw5t4DagFPN8CvNYr/w
Vp2tNNP5Xy9DhZAt6bTnK+epkQZJBDgMOu2hhx03mkA1KsvmsgRtSDN5N5ZIKMPO1W1HKOTi8s2Vh
5rsDCwiVZYiwvciXKCbSAAfkVFJvVZm0vRRcJMWecJ3JSuXEOgBeF0pFD3+ztudhKTWm+Q3pax6Wx
PX6PIl7p10PcCla+Z2xtWKVc9C+TzwBQEnN3gUisS3k4MbHS8vALyRnzpQxFa3DICbtuxAtuhFH+4
SE3V8Xc1+rFFU7kCW0hSkgg/zq/ppELfBZTdNbfsNB/KC8gF0pT42NNe6x6Cn2D1vl2cSToZhWWyq
UVzw06vg==;
Received: from [10.9.9.72] (helo=submission01.runbox)
by mailtransmit03.runbox with esmtp (Exim 4.86_2)
(envelope-from <maxim@HIDDEN>)
id 1umMjf-0007nm-Ub; Thu, 14 Aug 2025 03:26:32 +0200
Received: by submission01.runbox with esmtpsa [Authenticated ID (1476852)]
(TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256) (Exim 4.93)
id 1umMjX-00ElzD-2B; Thu, 14 Aug 2025 03:26:23 +0200
From: Maxim Cournoyer <maxim@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77499] [PATCH] mapped-devices/luks: Support extra options.
In-Reply-To: <85a028e86a47aec2ce943b1a81904d2916627893.1754741432.git.45mg.writes@HIDDEN>
Organization: Guixotic
References: <87selvcbb8.fsf@HIDDEN>
<85a028e86a47aec2ce943b1a81904d2916627893.1754741432.git.45mg.writes@HIDDEN>
Date: Thu, 14 Aug 2025 10:26:15 +0900
Message-ID: <87cy8ypubs.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 2.3 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi,
45mg <45mg.writes@HIDDEN> writes: > Allow passing extra
options to the 'cryptsetup open' command. > > * gnu/system/mapped-devices.scm
(open-luks-device) > [#:extra-options]: New argument. > * doc/guix.texi
(Mapped Devices): Document i [...]
Content analysis details: (2.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.0 MANY_TO_CC Sent to 10+ recipients
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust [2a0c:5a00:149:0:0:0:0:25 listed in] [list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
X-Debbugs-Envelope-To: 77499
Cc: Gabriel Wicki <gabriel@HIDDEN>, soeren@HIDDEN,
Tadhg McDonald-Jensen <tadhgmister@HIDDEN>,
Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77499 <at> debbugs.gnu.org,
gmail.com <at> debbugs.gnu.org, Sisiutl <sisiutl@HIDDEN>,
70826 <at> debbugs.gnu.org, Hilton Chain <hako@HIDDEN>,
Tomas Volf <~@wolfsden.cz>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, 45mg <45mg.writes@HIDDEN> writes: > Allow passing extra
options to the 'cryptsetup open' command. > > * gnu/system/mapped-devices.scm
(open-luks-device) > [#:extra-options]: New argument. > * doc/guix.texi (Mapped
Devices): Document i [...]
Content analysis details: (1.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[2a0c:5a00:149:0:0:0:0:25 listed in]
[list.dnswl.org]
3.0 MANY_TO_CC Sent to 10+ recipients
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Hi,
45mg <45mg.writes@HIDDEN> writes:
> Allow passing extra options to the 'cryptsetup open' command.
>
> * gnu/system/mapped-devices.scm (open-luks-device)
> [#:extra-options]: New argument.
> * doc/guix.texi (Mapped Devices): Document it.
> * gnu/tests/install.scm (%test-encrypted-root-extra-options-os): New
> test for it, as well as the previously untested #:allow-discards?
> option.
> (%encrypted-root-extra-options-os): New os declaration for the test.
>
> Change-Id: Ia9fd129d1c66cbf27abdd3064d59188083465247
> ---
>
> Took into account Maxim's review. Also, luks-device-mapping-with-options is
> now deprecated [1], so instead use the 'arguments' field of
> luks-device-mapping.
>
> [1] https://codeberg.org/guix/guix/pulls/1048
>
> doc/guix.texi | 21 +++++++++++
> gnu/system/mapped-devices.scm | 19 ++++++----
> gnu/tests/install.scm | 68 +++++++++++++++++++++++++++++++++++
> 3 files changed, 102 insertions(+), 6 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index bffaeb5bbc..4bb4f50200 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -18731,6 +18731,27 @@ Mapped Devices
> file system level operations visible on the physical device. For more
> information, refer to the description of the @code{--allow-discards}
> option in the @code{cryptsetup-open(8)} man page.
> +
> +@item #:extra-options
> +@code{extra-options} may be used to specify a list of additional
> +command-line options for the @code{cryptsetup open} command. See the
> +@code{cryptsetup-open(8)} man page for a list of supported options.
> +
> +For example, here is how you could specify the
> +@option{--perf-no_read_workqueue} and @option{--perf-no_write_workqueue}
> +options, along with @option{--allow-discards}:
> +
> +@lisp
> +(mapped-device
> +(source "/dev/sdb1")
> +(target "data")
> +(type (type luks-device-mapping)
> + (arguments '(#:allow-discards? #t
> + #:extra-options
> + ("--perf-no_read_workqueue"
> + "--perf-no_write_workqueue")))))
> +@end lisp
> +
> @end table
> @end defvar
>
> diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
> index b0a6beef28..034956c616 100644
> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -200,10 +200,12 @@ (define (check-device-initrd-modules device linux-modules location)
> ;;; Common device mappings.
> ;;;
>
> -(define* (open-luks-device source targets #:key key-file allow-discards?)
> +(define* (open-luks-device source targets
> + #:key key-file allow-discards? extra-options)
I guess it'd be nicer if the default was '() for extra-options, then you
don't need to check its value later (unless if you want to validate the
inputs).
> "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
> 'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM)
> -requests is allowed for the underlying device."
> +requests is allowed for the underlying device. EXTRA-OPTIONS is a list of
> +additional options to be passed to the 'cryptsetup open' command."
> (with-imported-modules (source-module-closure
> '((gnu build file-systems)
> (guix build utils))) ;; For mkdir-p
> @@ -244,10 +246,15 @@ (define* (open-luks-device source targets #:key key-file allow-discards?)
> (let ((cryptsetup #$(file-append cryptsetup-static
> "/sbin/cryptsetup"))
> (cryptsetup-flags (cons*
> - "open" "--type" "luks" partition #$target
> - (if #$allow-discards?
> - '("--allow-discards")
> - '()))))
> + "open" "--type" "luks"
> + (append
> + (if #$allow-discards?
> + '("--allow-discards")
> + '())
> + (if (pair? '#$extra-options)
> + '#$extra-options
> + '())
Then the if can be removed, else turned into some input validation like:
--8<---------------cut here---------------start------------->8---
(unless (pair? '#$extra-options)
(error "invalid value for #:extra-options argument of `open-luks-device'"))
--8<---------------cut here---------------end--------------->8---
I haven't reviewed where this gets used (I assume in the early boot);
perhaps it could be possible to use (guix diagnostics) as well if it's
already imported there to produce a nicer error message.
Could you send a revised version doing the above?
--
Thanks,
Maxim
guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
Received: (at 77499) by debbugs.gnu.org; 9 Aug 2025 12:17:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Aug 09 08:17:40 2025
Received: from localhost ([127.0.0.1]:40582 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ukiW3-0001xs-Uc
for submit <at> debbugs.gnu.org; Sat, 09 Aug 2025 08:17:40 -0400
Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]:47150)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
id 1ukiVz-0001xT-D9; Sat, 09 Aug 2025 08:17:36 -0400
Received: by mail-pf1-x444.google.com with SMTP id
d2e1a72fcca58-76bc61152d8so2721712b3a.2;
Sat, 09 Aug 2025 05:17:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1754741849; x=1755346649; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=3H+f+9FA5DumENvLOte3rIStTpBwz6ht7xSrD1KThcg=;
b=BQzET2gUm9Vt7CPkKcLwFoacjSZTJ0Ix+hNKdQ0VH/ObjzbM0ZUVwsccXWFr9D0BJi
/G3JnkhHy8FrdG2bM9a5fFvor2oWyQQsltHR9+mrbG9j/lHmX8q+Zom/b/4F0WE732wD
UehWAFdVtVd2t7ATyiQYTLM5eNWy5fqd5Ej3fH7NX65+asVYdA9s9u/5jGOEUuRSFaVV
uxhCjMbPmANyHNqK9WPF8rKdJiqUOB72Mt/9QnCjz6mk61dS3BDE+8FHDaD+4RSltJQz
GOjoh9NCGisgm1I1T55xnKIP/6IFT6bJjoqEezpP/KrkzaqdxxrbGZmgRIB0et08OILG
pVCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1754741849; x=1755346649;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=3H+f+9FA5DumENvLOte3rIStTpBwz6ht7xSrD1KThcg=;
b=Hc0KihAwNfW7g8BuBWBogSwznaW0u4m88suGHP76FNmd7CbiVoXsphsOWzRCN19VRH
TcSmpRx2WMa3vNKFddXYkHGnxrmWRYojI17LrhsQY2B4sG59WGO1JPmdJet18WfvOI4w
hGMHAlP/gsh8wHRX8keYFAD7xCxMw9lQ38UJbTtjd3+nDaB9P9rJuGtUQHTiAjwOKIBE
irCH4sf1Kx6VIGk2r0wh98KkjYx3/ETLcwJl2WosdWWwCV2y8y66swh2mojTgHotIL82
LOAoAFBWrksCtXtAJoEZtuOohizH5r3h2SOjYqZe9g/WJmWuIPUCebGCI9YgnGonf2lY
3EJw==
X-Forwarded-Encrypted: i=1;
AJvYcCXFNNPuTK/jNIi78OiSGOFKuxpyC3OF72wA+Nc5JjwUATyZ53Iu8XlFGLaCIx2/7uqkDr5m6Q==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YwTnDVmmZkIk1wvWg7IiTbpg3/3g4B47FXw3vvAarFakdT4D5RU
seUPwIHVE6BNjZ2Q/p1t/GhPmZnbNtnZ17+UaPgPBPgIFB25SZuott6v/9SXGbg2
X-Gm-Gg: ASbGncukdkEEzdxhpcoza/Feordc6MqpNAc9j/tXDnI+09npCzItOSKV2GDpdtisl8K
x8WSBUSFK3LGvmQRqT8mD40LFNx0qTGlfK07h2DhFV/Q7PeDD05ljj8+70IqFn77CEBaGQ/IHS1
FqRkXuebvK9/FO8vzdZFNHc7nweGgkD/ckRe7PLSXW5sYMmBjDQg+T3aHNjGAoo2MCwPjg1gK8Q
HEwrUGwu8N+6GnNv5xvhslHehU1Apwnp+7ijCoH5PXyZkxLLa2nXraISXwngs+sQ07OsvADesr/
iGCnDfxMjiNORPw25BFSH9ocSlGOy7xz4R116qfaFHhf8Q1HRAAHOcy0lDoDx8sgSMwAFx6IVNz
E6/71XsePh9x3ig==
X-Google-Smtp-Source: AGHT+IEpcc+6H5DWF3pZLTF/4dxCsgoAlgznQsp8DpevWPuoAYY18XmwCm9T4Qxh75RX5NJ6Zzqrtg==
X-Received: by 2002:a05:6a00:4fca:b0:76b:d93a:69e2 with SMTP id
d2e1a72fcca58-76c46193b5amr9934868b3a.19.1754741848893;
Sat, 09 Aug 2025 05:17:28 -0700 (PDT)
Received: from guix1 ([103.28.247.2]) by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-76bf148333dsm17114294b3a.100.2025.08.09.05.17.24
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 09 Aug 2025 05:17:28 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 70826 <at> debbugs.gnu.org,
45mg <45mg.writes@HIDDEN>
Subject: [PATCH] mapped-devices/luks: Support extra options.
Date: Sat, 9 Aug 2025 17:40:33 +0530
Message-ID: <85a028e86a47aec2ce943b1a81904d2916627893.1754741432.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.50.1
In-Reply-To: <87selvcbb8.fsf@HIDDEN>
References: <87selvcbb8.fsf@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Gabriel Wicki <gabriel@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77499
Cc: , soeren@HIDDEN, Tadhg McDonald-Jensen <tadhgmister@HIDDEN>,
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>, 77499 <at> debbugs.gnu.org,
Sisiutl <sisiutl@HIDDEN>, Hilton Chain <hako@HIDDEN>, gmail.com,
Tomas Volf <~@wolfsden.cz>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Allow passing extra options to the 'cryptsetup open' command.
* gnu/system/mapped-devices.scm (open-luks-device)
[#:extra-options]: New argument.
* doc/guix.texi (Mapped Devices): Document it.
* gnu/tests/install.scm (%test-encrypted-root-extra-options-os): New
test for it, as well as the previously untested #:allow-discards?
option.
(%encrypted-root-extra-options-os): New os declaration for the test.
Change-Id: Ia9fd129d1c66cbf27abdd3064d59188083465247
---
Took into account Maxim's review. Also, luks-device-mapping-with-options is
now deprecated [1], so instead use the 'arguments' field of
luks-device-mapping.
[1] https://codeberg.org/guix/guix/pulls/1048
doc/guix.texi | 21 +++++++++++
gnu/system/mapped-devices.scm | 19 ++++++----
gnu/tests/install.scm | 68 +++++++++++++++++++++++++++++++++++
3 files changed, 102 insertions(+), 6 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index bffaeb5bbc..4bb4f50200 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18731,6 +18731,27 @@ Mapped Devices
file system level operations visible on the physical device. For more
information, refer to the description of the @code{--allow-discards}
option in the @code{cryptsetup-open(8)} man page.
+
+@item #:extra-options
+@code{extra-options} may be used to specify a list of additional
+command-line options for the @code{cryptsetup open} command. See the
+@code{cryptsetup-open(8)} man page for a list of supported options.
+
+For example, here is how you could specify the
+@option{--perf-no_read_workqueue} and @option{--perf-no_write_workqueue}
+options, along with @option{--allow-discards}:
+
+@lisp
+(mapped-device
+(source "/dev/sdb1")
+(target "data")
+(type (type luks-device-mapping)
+ (arguments '(#:allow-discards? #t
+ #:extra-options
+ ("--perf-no_read_workqueue"
+ "--perf-no_write_workqueue")))))
+@end lisp
+
@end table
@end defvar
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index b0a6beef28..034956c616 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -200,10 +200,12 @@ (define (check-device-initrd-modules device linux-modules location)
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file allow-discards?)
+(define* (open-luks-device source targets
+ #:key key-file allow-discards? extra-options)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM)
-requests is allowed for the underlying device."
+requests is allowed for the underlying device. EXTRA-OPTIONS is a list of
+additional options to be passed to the 'cryptsetup open' command."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@@ -244,10 +246,15 @@ (define* (open-luks-device source targets #:key key-file allow-discards?)
(let ((cryptsetup #$(file-append cryptsetup-static
"/sbin/cryptsetup"))
(cryptsetup-flags (cons*
- "open" "--type" "luks" partition #$target
- (if #$allow-discards?
- '("--allow-discards")
- '()))))
+ "open" "--type" "luks"
+ (append
+ (if #$allow-discards?
+ '("--allow-discards")
+ '())
+ (if (pair? '#$extra-options)
+ '#$extra-options
+ '())
+ (list partition #$target)))))
;; We want to fallback to the password unlock if the keyfile
;; fails.
(or (and keyfile
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index ec31cf2bdf..c6715484cf 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -68,6 +68,7 @@ (define-module (gnu tests install)
%test-separate-home-os
%test-raid-root-os
%test-encrypted-root-os
+ %test-encrypted-root-extra-options-os
%test-encrypted-home-os
%test-encrypted-home-os-key-file
%test-encrypted-root-not-boot-os
@@ -843,6 +844,73 @@ (define %test-encrypted-root-os
(run-basic-test %encrypted-root-os command "encrypted-root-os"
#:initialization enter-luks-passphrase)))))
+
+;;;
+;;; LUKS-encrypted root with extra options: --allow-discards,
+;;; --perf-no_read_workqueue and --perf-no_write_workqueue
+;;;
+
+;; Except for the 'mapped-devices' field, this is exactly the same as
+;; %encrypted-root-os.
+(define-os-with-source (%encrypted-root-extra-options-os
+ %encrypted-root-extra-options-os-source)
+ ;; The OS we want to install.
+ (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+ (operating-system
+ (host-name "liberigilo")
+ (timezone "Europe/Paris")
+ (locale "en_US.UTF-8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets '("/dev/vdb"))))
+
+ ;; Note: Do not pass "console=ttyS0" so we can use our passphrase prompt
+ ;; detection logic in 'enter-luks-passphrase'.
+
+ (mapped-devices (list (mapped-device
+ (source (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "the-root-device")
+ (type luks-device-mapping)
+ (arguments '(#:allow-discards? #t
+ #:extra-options
+ ("--perf-no_read_workqueue"
+ "--perf-no_write_workqueue"))))))
+ (file-systems (cons (file-system
+ (device "/dev/mapper/the-root-device")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (users (cons (user-account
+ (name "charlie")
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))
+ (services (cons (service marionette-service-type
+ (marionette-configuration
+ (imported-modules '((gnu services herd)
+ (guix combinators)))))
+ %base-services))))
+
+(define %test-encrypted-root-extra-options-os
+ (system-test
+ (name "encrypted-root-extra-options-os")
+ (description
+ "Test basic functionality of an OS installed like one would do by hand,
+with an LUKS-encrypted root partition opened with extra options
+(--allow-discards, --perf-no_read_workqueue and --perf-no_write_workqueue).
+This test is expensive in terms of CPU and storage usage since we need to
+build (current-guix) and then store a couple of full system images.")
+ (value
+ (mlet* %store-monad ((images (run-install %encrypted-root-extra-options-os
+ %encrypted-root-extra-options-os-source
+ #:script
+ %encrypted-root-installation-script))
+ (command (qemu-command* images)))
+ (run-basic-test %encrypted-root-os command "encrypted-root-extra-options-os"
+ #:initialization enter-luks-passphrase)))))
+
;;;
;;; Separate /home on LVM
base-commit: 0697809d64d525b5b9146a57f824641f6f9f81ca
--
2.50.1
gabriel@HIDDEN, ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
Received: (at 77499) by debbugs.gnu.org; 26 Apr 2025 13:16:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Apr 26 09:16:57 2025
Received: from localhost ([127.0.0.1]:59415 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u8fOq-0008Si-Ic
for submit <at> debbugs.gnu.org; Sat, 26 Apr 2025 09:16:57 -0400
Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:49324)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1u8fOn-0008SN-RU
for 77499 <at> debbugs.gnu.org; Sat, 26 Apr 2025 09:16:54 -0400
Received: by mail-pj1-x1030.google.com with SMTP id
98e67ed59e1d1-30332dfc820so3898323a91.2
for <77499 <at> debbugs.gnu.org>; Sat, 26 Apr 2025 06:16:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1745673407; x=1746278207; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=4vn9cPhcnEAsrfl9RVj2i4KiYPQcuvHcFjmlk8aeL1g=;
b=HZ47yFCQxk/PdcAOBFGxmmP0MoYAHG1MxcXneQu8bxs+qi7SQn0FEmt9eqTndJPRoZ
8lwCUifesTs2gfa0j/SUyWFDkTnjQ+Te3s775KKRG/VCvE4YKWuTxLP/vv0faJQnSBHD
g4BVDfmyYQx2BqLjdYClWd5Y8JJdDKASb6amZnCswJ9NE8xTafHu4O46b30PoKPmsHs6
SmCSj07q/qXpVMBhAnFszm1MSVloFMDCrGays9NYJmsRzB7uJfnosQuYivZdHGG95Qm8
SmTBsHH7DCoI+YgWk2IZ95molb42Hb3C68iOBw1drMHzR+KlYBb8koIv/ADiXj2ma1zo
tB5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1745673407; x=1746278207;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
:to:cc:subject:date:message-id:reply-to;
bh=4vn9cPhcnEAsrfl9RVj2i4KiYPQcuvHcFjmlk8aeL1g=;
b=CZBfKOswRlclwbUPSNHsQIx8E9GxJil+oEtG2kgWbfTBhIvlkmA+jYLai3fMolKDEF
Sei3qYyZkBy69CbNy7EoOHmyVlWzXr2mmOs3+xTd+XTkT1gZTwGqzlIqakDQEl4TDCHH
xMWz/Teu1WrPOzi569kfvfVfyk5UWkJm7ZhxO9u0n/+/tQng40+QmdaYW6uQ/DpAVO/H
kpRJSgiRFB50xsuWXHsPAthfketuZ5pp/217VXk5ULJemxFEUgQghAyHkcDKfAwSW4gv
qm1L3QeW74G0pdfpKvAvuqr1uFYhnngJH99Nwu77Uog/vynJEAceIBdh/cwoheWFewQT
bHig==
X-Gm-Message-State: AOJu0YxKoLmA0u5oC8ponF+T6e084dP2rp2Gc1WW7jWzxZPthaeFs9U+
b/slBaDkvOeRgWCfkJkpqsbFN0AXPj5400NtIRQcsnLnS8Mt8T8h
X-Gm-Gg: ASbGncu4bwxtr9zILxeS1fUjHvIVUpcY89PrfNDOxMfnYgZ97fvMgHBFms4QnXd3+0i
4IMi1n0G+zun2ICpIfD5GOIfzXFpPXzY9MB4ByxKW7Wc9Ykf/gHwZUI0jKiG9hg1NA/t2F3xDqa
ujTI3bRqJBa5efKduot6TwK+pSy8M9QHVyAM4iHzU6R9RymcCY5n+BOvy+xlN+MitWCIF5o20OW
peiKyopHYUgYSiNoMK9Xf5SjNpte/Qpp5Qfjy2IR58boUw8wPi+8EMYXljFkda+EyIHg7Nu2aM/
aIeR1hqbBUpUOoErgGYW0ncZhqoNxPVdS/I873I=
X-Google-Smtp-Source: AGHT+IETPkiD7bw1zqssrR+Y3ab/0LZ1hxlB+j7er1gmysnJ5E0wwH/YNSQoEPopCVExTypTk9TORA==
X-Received: by 2002:a17:90b:1f89:b0:2fe:b174:31fe with SMTP id
98e67ed59e1d1-309f7da6db1mr9455172a91.2.1745673407372;
Sat, 26 Apr 2025 06:16:47 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
98e67ed59e1d1-309f7754d52sm3904539a91.19.2025.04.26.06.16.45
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 26 Apr 2025 06:16:46 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77499] [PATCH] mapped-devices/luks: Support extra options.
In-Reply-To: <fb637872bd14abe305d810b9d32e0db290b26dd6.1743702237.git.45mg.writes@HIDDEN>
(45mg.writes@HIDDEN's message of "Thu, 3 Apr 2025 23:13:57 +0530")
References: <fb637872bd14abe305d810b9d32e0db290b26dd6.1743702237.git.45mg.writes@HIDDEN>
Date: Sat, 26 Apr 2025 22:16:43 +0900
Message-ID: <87selvcbb8.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77499
Cc: soeren@HIDDEN, Sisiutl <sisiutl@HIDDEN>,
Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77499 <at> debbugs.gnu.org,
Hilton Chain <hako@HIDDEN>, Tomas Volf <~@wolfsden.cz>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi,
45mg <45mg.writes@HIDDEN> writes:
> Allow passing extra options to the 'cryptsetup open' command.
>
> * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
> [#:extra-options]: New argument.
> (open-luks-device): Use it.
> * doc/guix.texi (Mapped Devices): Document it.
> * gnu/tests/install.scm (%test-encrypted-root-extra-options-os): New
> test for it, as well as the previously untested #:allow-discards?
> option.
> (%encrypted-root-extra-options-os): New os declaration for the test.
Sounds good.
> Change-Id: Ia9fd129d1c66cbf27abdd3064d59188083465247
> ---
> CCing everyone who worked on the allow-discards option - this change is v=
ery
> similar.
>
> %encrypted-root-extra-options-os is copied from %encrypted-root-os; only
> the mapped-devices field is changed. I wish I could avoid this code
> duplication by having `(inherit %encrypted-root-os)` in the os
> definition, but when I do that, the test fails with this error in the
> build log:
>
> /mnt/etc/config.scm:1:100: error: %encrypted-root-os: unbound variable
>
> Any chance you Guile wizards know how to make this work?
I think I've probably banged my head on this at some point but don't
have an immediate idea.
>
> doc/guix.texi | 20 ++++++++++-
> gnu/system/mapped-devices.scm | 25 ++++++++-----
> gnu/tests/install.scm | 68 +++++++++++++++++++++++++++++++++++
> 3 files changed, 104 insertions(+), 9 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index bcb1f9d9cf..9cd1304522 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -18461,7 +18461,7 @@ Mapped Devices
> @code{dm-crypt} Linux kernel module.
> @end defvar
>=20=20
> -@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-=
discards?]
> +@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-=
discards? #:extra-options]
Was there a way to break a line in Texinfo?
> Return a @code{luks-device-mapping} object, which defines LUKS block
> device encryption using the @command{cryptsetup} command from the
> package with the same name. It relies on the @code{dm-crypt} Linux
> @@ -18492,6 +18492,24 @@ Mapped Devices
> information, refer to the description of the @code{--allow-discards}
> option in the @code{cryptsetup-open(8)} man page.
>=20=20
> +@code{extra-options} may be used to specify a list of additional
> +command-line options for the @code{cryptsetup open} command. See the
> +@code{cryptsetup-open(8)} man page for a list of supported options.
> +
> +For example, here is how you could specify the
> +@code{--perf-no_read_workqueue} and @code{--perf-no_write_workqueue}
> +options, along with @code{--allow-discards}:
For the command-line options, you can use @option{...}
(see: (info "(texinfo) @option")).
> +
> +@lisp
> +(mapped-device
> + (source "/dev/sdb1)
> + (target "data)
Your strings are double quoted only on the left side.
> + (type (luks-device-mapping-with-options
> + #:allow-discards? #t
> + #:extra-options '("--perf-no_read_workqueue"
> + "--perf-no_write_workqueue"))))
> +@end lisp
> +
> @end deffn
>=20=20
> @defvar raid-device-mapping
> diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
> index 667a495570..520ade9ef8 100644
> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -194,10 +194,12 @@ (define (check-device-initrd-modules device linux-m=
odules location)
> ;;; Common device mappings.
> ;;;
>=20=20
> -(define* (open-luks-device source targets #:key key-file allow-discards?)
> +(define* (open-luks-device source targets
> + #:key key-file allow-discards? extra-options)
> "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
> 'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM)
> -requests is allowed for the underlying device."
> +requests is allowed for the underlying device. EXTRA-OPTIONS is a list =
of
> +additional options to be passed to the 'cryptsetup open' command."
> (with-imported-modules (source-module-closure
> '((gnu build file-systems)
> (guix build utils))) ;; For mkdir-p
> @@ -238,10 +240,15 @@ (define* (open-luks-device source targets #:key key=
-file allow-discards?)
> (let ((cryptsetup #$(file-append cryptsetup-static
> "/sbin/cryptsetup"))
> (cryptsetup-flags (cons*
> - "open" "--type" "luks" partition #=
$target
> - (if #$allow-discards?
> - '("--allow-discards")
> - '()))))
> + "open" "--type" "luks"
> + (append
> + (if #$allow-discards?
> + '("--allow-discards")
> + '())
> + (if (pair? '#$extra-options)
> + '#$extra-options
> + '())
> + (list partition #$target)))))
> ;; We want to fallback to the password unlock if the keyf=
ile
> ;; fails.
> (or (and keyfile
> @@ -290,7 +297,8 @@ (define luks-device-mapping
> ((gnu build file-systems)
> #:select (find-partition-by-luks-uuid system*/tty))))))
>=20=20
> -(define* (luks-device-mapping-with-options #:key key-file allow-discards=
?)
> +(define* (luks-device-mapping-with-options
> + #:key key-file allow-discards? extra-options)
> "Return a luks-device-mapping object with open modified to pass the ar=
guments
> into the open-luks-device procedure."
> (mapped-device-kind
> @@ -298,7 +306,8 @@ (define* (luks-device-mapping-with-options #:key key-=
file allow-discards?)
> (open (=CE=BB (source targets)
> (open-luks-device source targets
> #:key-file key-file
> - #:allow-discards? allow-discards?)))))
> + #:allow-discards? allow-discards?
> + #:extra-options extra-options)))))
>=20=20
> (define (open-raid-device sources targets)
> "Return a gexp that assembles SOURCES (a list of devices) to the RAID =
device
> diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
> index a837637b18..fd9f17eb4d 100644
> --- a/gnu/tests/install.scm
> +++ b/gnu/tests/install.scm
> @@ -68,6 +68,7 @@ (define-module (gnu tests install)
> %test-separate-home-os
> %test-raid-root-os
> %test-encrypted-root-os
> + %test-encrypted-root-extra-options-os
> %test-encrypted-home-os
> %test-encrypted-home-os-key-file
> %test-encrypted-root-not-boot-os
> @@ -843,6 +844,73 @@ (define %test-encrypted-root-os
> (run-basic-test %encrypted-root-os command "encrypted-root-os"
> #:initialization enter-luks-passphrase)))))
>=20=20
> +
> +;;;
> +;;; LUKS-encrypted root with extra options: --allow-discards,
> +;;; --perf-no_read_workqueue and --perf-no_write_workqueue
> +;;;
> +
> +;; Except for the 'mapped-devices' field, this is exactly the same as
> +;; %encrypted-root-os.
> +(define-os-with-source (%encrypted-root-extra-options-os
> + %encrypted-root-extra-options-os-source)
> + ;; The OS we want to install.
> + (use-modules (gnu) (gnu tests) (srfi srfi-1))
> +
> + (operating-system
> + (host-name "liberigilo")
> + (timezone "Europe/Paris")
> + (locale "en_US.UTF-8")
> +
> + (bootloader (bootloader-configuration
> + (bootloader grub-bootloader)
> + (targets '("/dev/vdb"))))
> +
> + ;; Note: Do not pass "console=3DttyS0" so we can use our passphrase =
prompt
> + ;; detection logic in 'enter-luks-passphrase'.
> +
> + (mapped-devices (list (mapped-device
> + (source (uuid "12345678-1234-1234-1234-123456=
789abc"))
> + (target "the-root-device")
> + (type (luks-device-mapping-with-options
> + #:allow-discards? #t
> + #:extra-options
> + '("--perf-no_read_workqueue"
> + "--perf-no_write_workqueue"))))))
> + (file-systems (cons (file-system
> + (device "/dev/mapper/the-root-device")
> + (mount-point "/")
> + (type "ext4"))
> + %base-file-systems))
> + (users (cons (user-account
> + (name "charlie")
> + (group "users")
> + (supplementary-groups '("wheel" "audio" "video")))
> + %base-user-accounts))
> + (services (cons (service marionette-service-type
> + (marionette-configuration
> + (imported-modules '((gnu services herd)
> + (guix combinators)))))
> + %base-services))))
> +
> +(define %test-encrypted-root-extra-options-os
> + (system-test
> + (name "encrypted-root-extra-options-os")
> + (description
> + "Test basic functionality of an OS installed like one would do by ha=
nd,
> +with an LUKS-encrypted root partition opened with extra options
> +(--allow-discards, --perf-no_read_workqueue and --perf-no_write_workqueu=
e).
> +This test is expensive in terms of CPU and storage usage since we need to
> +build (current-guix) and then store a couple of full system images.")
> + (value
> + (mlet* %store-monad ((images (run-install %encrypted-root-extra-opti=
ons-os
> + %encrypted-root-extra-opti=
ons-os-source
> + #:script
> + %encrypted-root-installati=
on-script))
> + (command (qemu-command* images)))
> + (run-basic-test %encrypted-root-os command "encrypted-root-extra-o=
ptions-os"
> + #:initialization enter-luks-passphrase)))))
Looks good to me. I haven't tried running it yet; if you send a v2 with
the small problem I've seen above I'll happily try it and if it passes
merge it.
--=20
Thanks,
Maxim
guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 3 Apr 2025 17:47:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 03 13:47:52 2025
Received: from localhost ([127.0.0.1]:35539 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u0OfP-0000qI-TU
for submit <at> debbugs.gnu.org; Thu, 03 Apr 2025 13:47:52 -0400
Received: from lists.gnu.org ([2001:470:142::17]:37402)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
id 1u0OfM-0000q0-OX
for submit <at> debbugs.gnu.org; Thu, 03 Apr 2025 13:47:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <45mg.writes@HIDDEN>)
id 1u0OfC-0000fD-KU
for guix-patches@HIDDEN; Thu, 03 Apr 2025 13:47:38 -0400
Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <45mg.writes@HIDDEN>)
id 1u0OfA-00034o-0d; Thu, 03 Apr 2025 13:47:38 -0400
Received: by mail-pg1-x544.google.com with SMTP id
41be03b00d2f7-7fd35b301bdso1277951a12.2;
Thu, 03 Apr 2025 10:47:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1743702453; x=1744307253; darn=gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=PRpUokgVxkc9dlmOdTPhQ/4BB8312sSYvCSVMmhcUbs=;
b=RhDfT0HuwlIarg3uNtKLLSvvTXcG7Qn9PHpNoshfSWUHadbgvLeZ/K60jTwhfIsGAb
Ewosze9nXB64sS3jiM/SSpxFTIkUipOkjM98T1CBvFL9aMtXk4mFZcUvo7VS+AXVV3BV
ShpEm/TSVs6qgMuwkRsMtUMgcmn4xoK7KhGRcg6iiyQUHKNiykTcnYl6XOl/Jfa7bOx5
SR28QbaJsgY0ktfsxaMf01cUmQ36lhqEiZA55TE53tSJ4kIXFoAR0qkYbvtzR5kf8Rew
vrSP2AZVYd5j63RvySNqo7ZZd2Qs1OlohHY/+XjvHOIkW+LsS3/AKuDL5sJ5S9+l7uUk
jKOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1743702453; x=1744307253;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=PRpUokgVxkc9dlmOdTPhQ/4BB8312sSYvCSVMmhcUbs=;
b=o29zVQF7mRaxfrMT5jQ/2P086k2/3aTBlSedIqX9n3v4/EThS+Olj93TEebWjivG6w
pazHBXv53c8TzJruCQdaIu1cQvLwo5/paKA6zw0Al2OOdUBQwi6Uv+P/MsSUvCFd3KWt
qrXAFngCfz//XFyHzcPICjmmJLjVimVGVtDSRr7Gizzm18Ig9dtRUQCJWX35Ijk/PMpt
Ai1oJIkjM08QcMbmsnuMUBNO4C4JaCf7qp9YNpv7DOoHSX99VSc4v06Wz0+3BFPvX7NX
OW4Fz2WkzhG8lA2b43iqpq+NX4Nlf32+t4TYz9Sz3VtCCAOEjbrTDJm4Iqj3I66XUrEE
8JEw==
X-Forwarded-Encrypted: i=1;
AJvYcCXOaI7TwCg5u6wQhrxnUf6YyLDpfoj+02cwVaA4e9DDJGddebATfpA/C6oS5UIZOX5PP1FP@HIDDEN
X-Gm-Message-State: AOJu0Yyb6hoJO0YLP4yEDAsyG6G9+/Kew0HiLQJlITq0+tkW9PTOI1zQ
fFLAtuk/RPQBvsF0+eNrXRSmvBZkt7JGDsbKQueuUxBVnASQf8n+geJkOB3p
X-Gm-Gg: ASbGncs0TwNlLCCd140csz8Dwfesksg4s6VyXek7m44+MahLGWn1pbhr34KXslAW48Q
ddkSPnHzX0IDgfMJJoo64Tb+jRAEsdVyV0/kx8kkKihfF4cFEelqFV8oKAt3hIXN5/Ji5MyeJ6I
v2cfYMOl8i7L7if15ADOQDKLTIDeK7xaxtplrmV+DDuiurST88tSJU7D02xK39x33lgRRzNlX8L
mqA4hILlZVoo2/mhcNYnozXo61N5LKezMKqu20XyYaJUOyxxKEnPPGBrvxi9kxcYYL0locZ7nMM
YGfKba2Hdl/AE0KzvrmBBOGb6bANhbGLi9Edx+iVEtYVRd1SSvPpd8UYvDBav4uMcvM=
X-Google-Smtp-Source: AGHT+IFXa0PBVpu+aWKmk2941UdLZFO6JPKwg8F/N+4XAwZXvmn1v7Q5IjWWBdMffYdW5L40bwtcug==
X-Received: by 2002:a17:90a:d007:b0:2ff:6608:78cd with SMTP id
98e67ed59e1d1-306a47e0781mr790135a91.9.1743702452817;
Thu, 03 Apr 2025 10:47:32 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
by smtp.gmail.com with ESMTPSA id
98e67ed59e1d1-305827d71a4sm1820007a91.1.2025.04.03.10.47.29
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 03 Apr 2025 10:47:32 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] mapped-devices/luks: Support extra options.
Date: Thu, 3 Apr 2025 23:13:57 +0530
Message-ID: <fb637872bd14abe305d810b9d32e0db290b26dd6.1743702237.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::544;
envelope-from=45mg.writes@HIDDEN; helo=mail-pg1-x544.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, soeren@HIDDEN,
Sisiutl <sisiutl@HIDDEN>,
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>,
45mg <45mg.writes@HIDDEN>, Hilton Chain <hako@HIDDEN>,
Tomas Volf <~@wolfsden.cz>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
Allow passing extra options to the 'cryptsetup open' command.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
[#:extra-options]: New argument.
(open-luks-device): Use it.
* doc/guix.texi (Mapped Devices): Document it.
* gnu/tests/install.scm (%test-encrypted-root-extra-options-os): New
test for it, as well as the previously untested #:allow-discards?
option.
(%encrypted-root-extra-options-os): New os declaration for the test.
Change-Id: Ia9fd129d1c66cbf27abdd3064d59188083465247
---
CCing everyone who worked on the allow-discards option - this change is very
similar.
%encrypted-root-extra-options-os is copied from %encrypted-root-os; only
the mapped-devices field is changed. I wish I could avoid this code
duplication by having `(inherit %encrypted-root-os)` in the os
definition, but when I do that, the test fails with this error in the
build log:
/mnt/etc/config.scm:1:100: error: %encrypted-root-os: unbound variable
Any chance you Guile wizards know how to make this work?
doc/guix.texi | 20 ++++++++++-
gnu/system/mapped-devices.scm | 25 ++++++++-----
gnu/tests/install.scm | 68 +++++++++++++++++++++++++++++++++++
3 files changed, 104 insertions(+), 9 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index bcb1f9d9cf..9cd1304522 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18461,7 +18461,7 @@ Mapped Devices
@code{dm-crypt} Linux kernel module.
@end defvar
-@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards?]
+@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards? #:extra-options]
Return a @code{luks-device-mapping} object, which defines LUKS block
device encryption using the @command{cryptsetup} command from the
package with the same name. It relies on the @code{dm-crypt} Linux
@@ -18492,6 +18492,24 @@ Mapped Devices
information, refer to the description of the @code{--allow-discards}
option in the @code{cryptsetup-open(8)} man page.
+@code{extra-options} may be used to specify a list of additional
+command-line options for the @code{cryptsetup open} command. See the
+@code{cryptsetup-open(8)} man page for a list of supported options.
+
+For example, here is how you could specify the
+@code{--perf-no_read_workqueue} and @code{--perf-no_write_workqueue}
+options, along with @code{--allow-discards}:
+
+@lisp
+(mapped-device
+ (source "/dev/sdb1)
+ (target "data)
+ (type (luks-device-mapping-with-options
+ #:allow-discards? #t
+ #:extra-options '("--perf-no_read_workqueue"
+ "--perf-no_write_workqueue"))))
+@end lisp
+
@end deffn
@defvar raid-device-mapping
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 667a495570..520ade9ef8 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -194,10 +194,12 @@ (define (check-device-initrd-modules device linux-modules location)
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file allow-discards?)
+(define* (open-luks-device source targets
+ #:key key-file allow-discards? extra-options)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM)
-requests is allowed for the underlying device."
+requests is allowed for the underlying device. EXTRA-OPTIONS is a list of
+additional options to be passed to the 'cryptsetup open' command."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@@ -238,10 +240,15 @@ (define* (open-luks-device source targets #:key key-file allow-discards?)
(let ((cryptsetup #$(file-append cryptsetup-static
"/sbin/cryptsetup"))
(cryptsetup-flags (cons*
- "open" "--type" "luks" partition #$target
- (if #$allow-discards?
- '("--allow-discards")
- '()))))
+ "open" "--type" "luks"
+ (append
+ (if #$allow-discards?
+ '("--allow-discards")
+ '())
+ (if (pair? '#$extra-options)
+ '#$extra-options
+ '())
+ (list partition #$target)))))
;; We want to fallback to the password unlock if the keyfile
;; fails.
(or (and keyfile
@@ -290,7 +297,8 @@ (define luks-device-mapping
((gnu build file-systems)
#:select (find-partition-by-luks-uuid system*/tty))))))
-(define* (luks-device-mapping-with-options #:key key-file allow-discards?)
+(define* (luks-device-mapping-with-options
+ #:key key-file allow-discards? extra-options)
"Return a luks-device-mapping object with open modified to pass the arguments
into the open-luks-device procedure."
(mapped-device-kind
@@ -298,7 +306,8 @@ (define* (luks-device-mapping-with-options #:key key-file allow-discards?)
(open (λ (source targets)
(open-luks-device source targets
#:key-file key-file
- #:allow-discards? allow-discards?)))))
+ #:allow-discards? allow-discards?
+ #:extra-options extra-options)))))
(define (open-raid-device sources targets)
"Return a gexp that assembles SOURCES (a list of devices) to the RAID device
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index a837637b18..fd9f17eb4d 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -68,6 +68,7 @@ (define-module (gnu tests install)
%test-separate-home-os
%test-raid-root-os
%test-encrypted-root-os
+ %test-encrypted-root-extra-options-os
%test-encrypted-home-os
%test-encrypted-home-os-key-file
%test-encrypted-root-not-boot-os
@@ -843,6 +844,73 @@ (define %test-encrypted-root-os
(run-basic-test %encrypted-root-os command "encrypted-root-os"
#:initialization enter-luks-passphrase)))))
+
+;;;
+;;; LUKS-encrypted root with extra options: --allow-discards,
+;;; --perf-no_read_workqueue and --perf-no_write_workqueue
+;;;
+
+;; Except for the 'mapped-devices' field, this is exactly the same as
+;; %encrypted-root-os.
+(define-os-with-source (%encrypted-root-extra-options-os
+ %encrypted-root-extra-options-os-source)
+ ;; The OS we want to install.
+ (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+ (operating-system
+ (host-name "liberigilo")
+ (timezone "Europe/Paris")
+ (locale "en_US.UTF-8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets '("/dev/vdb"))))
+
+ ;; Note: Do not pass "console=ttyS0" so we can use our passphrase prompt
+ ;; detection logic in 'enter-luks-passphrase'.
+
+ (mapped-devices (list (mapped-device
+ (source (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "the-root-device")
+ (type (luks-device-mapping-with-options
+ #:allow-discards? #t
+ #:extra-options
+ '("--perf-no_read_workqueue"
+ "--perf-no_write_workqueue"))))))
+ (file-systems (cons (file-system
+ (device "/dev/mapper/the-root-device")
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (users (cons (user-account
+ (name "charlie")
+ (group "users")
+ (supplementary-groups '("wheel" "audio" "video")))
+ %base-user-accounts))
+ (services (cons (service marionette-service-type
+ (marionette-configuration
+ (imported-modules '((gnu services herd)
+ (guix combinators)))))
+ %base-services))))
+
+(define %test-encrypted-root-extra-options-os
+ (system-test
+ (name "encrypted-root-extra-options-os")
+ (description
+ "Test basic functionality of an OS installed like one would do by hand,
+with an LUKS-encrypted root partition opened with extra options
+(--allow-discards, --perf-no_read_workqueue and --perf-no_write_workqueue).
+This test is expensive in terms of CPU and storage usage since we need to
+build (current-guix) and then store a couple of full system images.")
+ (value
+ (mlet* %store-monad ((images (run-install %encrypted-root-extra-options-os
+ %encrypted-root-extra-options-os-source
+ #:script
+ %encrypted-root-installation-script))
+ (command (qemu-command* images)))
+ (run-basic-test %encrypted-root-os command "encrypted-root-extra-options-os"
+ #:initialization enter-luks-passphrase)))))
+
;;;
;;; Separate /home on LVM
base-commit: 4ea012fc6ddcb32574fbd4a854b11808c34fbca8
--
2.49.0
45mg <45mg.writes@HIDDEN>:ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN.
Full text available.ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77499; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.