bug#30922: LUKS-encrypted root fails using device numbering, needs luksUUID

Sat, 24 Mar 2018 01:24:07 -0700 

Hi!

Following the example in 6.2.4 Mapped Devices

    (mapped-device
      (source "/dev/sda3")
      (target "home")
      (type luks-device-mapping))

I chose not to use the UUID alternative for encrypted root; I'm terrible
at memorizing and typing UUIDs.  So I used this snippet (full
bare-luks.scm below)

    (mapped-device
     ;; This does not work
     (source "/dev/nvme0n1p1")
     ;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
     ;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
     (target "guix")
     (type luks-device-mapping))

For disk partitioning, I did

     cryptsetup luksFormat /dev/nvme0n1p1
     cryptsetup open --type=luks /dev/nvme0n1p1 guix
     mkfs.ext4 -L guix /dev/mapper/guix

then install, something like

     mount /dev/mapper/guix /mnt
     herd start cow-store /mnt
     guix system init /mnt/root/bare-luks.scm /mnt

After booting I get

    Device /dev/nvme0n1p1 doesn't exist or access denied

Using the luksUUID, it works.  Except for this hurdle a pleasant and
straighforward fresh install :-)

Greetings,
janneke

--8<---------------cut here---------------start------------->8---
;; lsblk.out
;; NAME        MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
;; sda           8:0    1 14.5G  0 disk  
;; ├─sda1        8:1    1  1.4G  0 part  
;; └─sda2        8:2    1   40M  0 part  
;; nvme0n1     259:0    0  477G  0 disk  
;; └─nvme0n1p1 259:1    0  477G  0 part  
;;   └─guix    253:0    0  477G  0 crypt /mnt
--8<---------------cut here---------------end--------------->8---

--8<---------------cut here---------------start------------->8---
;; bare-luks.scm
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh)

(define %supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "kvm"))

(operating-system
  (host-name "dundal")
  (timezone "Europe/Amsterdam")
  (locale "en_US.utf8")

  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (target "/dev/nvme0n1")))
  (mapped-devices
   (list (mapped-device
          ;; This does not work
          (source "/dev/nvme0n1p1")
          ;; This works (output of cryptsetup luksUUID /dev/nvme0n1p1)
          ;; (source (uuid "50d96f54-1dbb-48f8-bca5-2f1feb5ff144"))
          (target "guix")
          (type luks-device-mapping))))
  (file-systems
   (cons* (file-system (title 'device)
                       (device "/dev/mapper/guix")
                       (mount-point "/")
                       (type "ext4")
                       (dependencies mapped-devices))
          %base-file-systems))
  (groups
   (cons* (user-group (name "janneke"))
          %base-groups))
  (users
   (cons* (user-account
           (name "janneke")
           (group "janneke")
           (uid 1000)
           (supplementary-groups %supplementary-groups)
           (home-directory "/home/janneke"))
          %base-user-accounts))

  (packages (cons* screen openssh wpa-supplicant-minimal %base-packages))

  (services (cons* (dhcp-client-service)
                   (console-keymap-service "dvorak" "ctrl")
                   (service openssh-service-type
                            (openssh-configuration
                             (port-number 2222)
                             (permit-root-login #t)
                             (allow-empty-passwords? #f)
                             (password-authentication? #t)))
                   %base-services)))
--8<---------------cut here---------------end--------------->8---

-- 
Jan Nieuwenhuizen <jann...@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

Reply via email to