doc: Back up on the claim of encrypted root partitions.

Reported by 宋文武 <iyzsong@openmailbox.org>
at <https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00096.html>.

* doc/guix.texi (System Installation): Comment out encrypted root
  partition commands.
* gnu/system/examples/desktop.tmpl (mapped-devices): Remove.
  (file-systems): Refer to the root by label.
* NEWS: Adjust.
This commit is contained in:
Ludovic Courtès 2015-11-04 10:27:12 +01:00
parent 5ffea4776d
commit 316d65be0c
3 changed files with 16 additions and 22 deletions

3
NEWS
View File

@ -74,7 +74,8 @@ Composition” in the manual.
(http://bugs.gnu.org/21354) (http://bugs.gnu.org/21354)
*** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127) *** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127)
*** Compressed initrds no longer include timestamps *** Compressed initrds no longer include timestamps
*** Fix handling of encrypted root partitions (http://bugs.gnu.org/19190) *** Partly fix handling of encrypted root partitions
(http://bugs.gnu.org/19190)
*** Python now includes tkinter (http://bugs.gnu.org/20889) *** Python now includes tkinter (http://bugs.gnu.org/20889)
*** Memoize the results of package-with-python2 (http://bugs.gnu.org/21675) *** Memoize the results of package-with-python2 (http://bugs.gnu.org/21675)
*** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217) *** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217)

View File

@ -5310,23 +5310,24 @@ Setting up network access is almost always a requirement because the
image does not contain all the software and tools that may be needed. image does not contain all the software and tools that may be needed.
@item @item
Unless this has already been done, you must partition, optionally Unless this has already been done, you must partition, and then format
encrypt, and then format the target partitions. the target partition.
Preferably, assign partitions a label so that you can easily and Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands. @command{mkfs.ext4} and related commands.
A typical command sequence may be: @c FIXME: Uncomment this once GRUB fully supports encrypted roots.
@c A typical command sequence may be:
@example @c
# fdisk /dev/sdX @c @example
@dots{} Create partitions etc.@dots{} @c # fdisk /dev/sdX
# cryptsetup luksFormat /dev/sdX1 @c @dots{} Create partitions etc.@dots{}
# cryptsetup open --type luks /dev/sdX1 my-partition @c # cryptsetup luksFormat /dev/sdX1
# mkfs.ext4 -L my-root /dev/mapper/my-partition @c # cryptsetup open --type luks /dev/sdX1 my-partition
@end example @c # mkfs.ext4 -L my-root /dev/mapper/my-partition
@c @end example
The installation image includes Parted (@pxref{Overview,,, parted, GNU The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk

View File

@ -13,17 +13,9 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is ;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system. ;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX"))) (bootloader (grub-configuration (device "/dev/sdX")))
;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
;; root partition created with 'cryptsetup luksFormat'.
(mapped-devices (list (mapped-device
(source "/dev/sdX1")
(target "root-partition")
(type luks-device-mapping))))
;; Mount said encrypted partition.
(file-systems (cons (file-system (file-systems (cons (file-system
(device "/dev/mapper/root-partition") (device "root")
(title 'label)
(mount-point "/") (mount-point "/")
(type "ext4")) (type "ext4"))
%base-file-systems)) %base-file-systems))