myg...@gmail.com writes:
> On 01/18/2018 at 10:29 Danny Milosavljevic writes:
>
> [...]
>
>> Maybe we could make the user specify the serial number in the
>> operating-system
>> bootloader-configuration. Installing the bootloader to the wrong
>> drive would be very bad otherwise. Also, it's not exactly declarative if the
>> labels sda, sdb etc can move around - and reconfiguring / booting ends up
>> like
>> a game of musical chairs.
>>
>> Although if a drive fails and an administrator replaces it by a new drive,
>> one would have to change the operating-system configuration and reconfigure
>> (which could potentially download gigabytes of data and take hours).
>>
>> Not ideal.
>>
>> Maybe store the original serial number into a file on disk and make Guix
>> fall back to checking those in a second pass (with a warning).
>>
>> (Guix could still call the bootloader's installer with the name of the
>> device file it found out - so it wouldn't be an involved change)
>>
>> We would still have to check what happens with the hard drive emulators of
>> CD-ROMs - do these have a unique persistent serial number?
>
> Hi Danny,
>
> I commented in a separate post on requiring our users to provide the
> drive SN in the config file. Here I comment on consequences of having
> the SN of a HD in a file held by that HD. IMO this is like having the
> directory name in a file held by the directory. Both raise the same
> issue: the file is no longer relocatable.
>
> In our case, as you point out, this creates a new error
> case. Unfortunately we can't possibly know the best way to handle
> it. E.G.: If the user has created an image backup of a mission-critical
> GuixSD server and if they start it on a second server as a warm-backup
> and if they have forgotten to change critical identify files (say
> hostname) and if this can cause both servers to become corrupted,
> halting on this error might be helpful.
The configuration is written in Guile, so you could run code before
returning the operating-system configuration value.
I do this in my config, because I’ve been reinstalling my system onto a
newly formatted disk:
--8<---------------cut here---------------start------------->8---
;; Get the UUID of the encrypted disk
(define %uuid
(let* ((port (open-input-pipe "blkid -s UUID -o value /dev/sda1"))
(str (read-line port)))
(close-pipe port)
str))
…
(operating-system …
(mapped-devices (list (mapped-device
(source (uuid %uuid))
(target "root")
(type luks-device-mapping))))
--8<---------------cut here---------------end--------------->8---
People who are worried about changing device identifiers when restoring
from backup could use a similar mechanism to obtain the identifier on
the target at runtime.
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
