[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: doc: Back up on the claim of encrypted root partitions.
|
From: |
Ludovic Courtès |
|
Subject: |
01/01: doc: Back up on the claim of encrypted root partitions. |
|
Date: |
Wed, 04 Nov 2015 09:55:28 +0000 |
civodul pushed a commit to branch master
in repository guix.
commit 316d65be0ca41c277349c4f0127513f98dbec680
Author: Ludovic Courtès <address@hidden>
Date: Wed Nov 4 10:27:12 2015 +0100
doc: Back up on the claim of encrypted root partitions.
Reported by å®‹æ–‡æ¦ <address@hidden>
at <https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00096.html>.
* doc/guix.texi (System Installation): Comment out encrypted root
partition commands.
* gnu/system/examples/desktop.tmpl (mapped-devices): Remove.
(file-systems): Refer to the root by label.
* NEWS: Adjust.
---
NEWS | 3 ++-
doc/guix.texi | 23 ++++++++++++-----------
gnu/system/examples/desktop.tmpl | 12 ++----------
3 files changed, 16 insertions(+), 22 deletions(-)
diff --git a/NEWS b/NEWS
index 5b884e3..269f0b8 100644
--- a/NEWS
+++ b/NEWS
@@ -74,7 +74,8 @@ Composition†in the manual.
(http://bugs.gnu.org/21354)
*** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127)
*** Compressed initrds no longer include timestamps
-*** Fix handling of encrypted root partitions (http://bugs.gnu.org/19190)
+*** Partly fix handling of encrypted root partitions
+ (http://bugs.gnu.org/19190)
*** Python now includes tkinter (http://bugs.gnu.org/20889)
*** Memoize the results of ‘package-with-python2’ (http://bugs.gnu.org/21675)
*** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7898a1d..7e5f9c7 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5310,23 +5310,24 @@ Setting up network access is almost always a
requirement because the
image does not contain all the software and tools that may be needed.
@item
-Unless this has already been done, you must partition, optionally
-encrypt, and then format the target partitions.
+Unless this has already been done, you must partition, and then format
+the target partition.
Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands.
-A typical command sequence may be:
-
address@hidden
-# fdisk /dev/sdX
address@hidden Create partitions address@hidden
-# cryptsetup luksFormat /dev/sdX1
-# cryptsetup open --type luks /dev/sdX1 my-partition
-# mkfs.ext4 -L my-root /dev/mapper/my-partition
address@hidden example
address@hidden FIXME: Uncomment this once GRUB fully supports encrypted roots.
address@hidden A typical command sequence may be:
address@hidden
address@hidden @example
address@hidden # fdisk /dev/sdX
address@hidden @dots{} Create partitions address@hidden
address@hidden # cryptsetup luksFormat /dev/sdX1
address@hidden # cryptsetup open --type luks /dev/sdX1 my-partition
address@hidden # mkfs.ext4 -L my-root /dev/mapper/my-partition
address@hidden @end example
The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 7a479d1..ee660e0 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -13,17 +13,9 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
-
- ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
- ;; root partition created with 'cryptsetup luksFormat'.
- (mapped-devices (list (mapped-device
- (source "/dev/sdX1")
- (target "root-partition")
- (type luks-device-mapping))))
-
- ;; Mount said encrypted partition.
(file-systems (cons (file-system
- (device "/dev/mapper/root-partition")
+ (device "root")
+ (title 'label)
(mount-point "/")
(type "ext4"))
%base-file-systems))