From f00e68ace070fd5240a4b5874e61c26f6e909b6c Mon Sep 17 00:00:00 2001
From: Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
Date: Mon, 21 Dec 2020 13:02:01 +0100
Subject: system: Allow separated /boot and encrypted root.

* gnu/bootloader/grub.scm (grub-configuration-file): New parameter
store-crypto-devices.
[crypto-devices]: New helper function.
[builder]: Use crypto-devices.
* gnu/machine/ssh.scm (roll-back-managed-host): Use
boot-parameters-store-crypto-devices to provide its contents to the
bootloader configuration generation process.
* gnu/tests/install.scm (%encrypted-root-not-boot-os,
%encrypted-root-not-boot-os): New os declaration.
(%encrypted-root-not-boot-installation-script): New script, whose contents
were initially taken from %encrypted-root-installation-script.
(%test-encrypted-root-not-boot-os): New test.
* gnu/system.scm (define-module): Export
operating-system-bootoader-crypto-devices and
boot-parameters-store-crypto-devices.
(<boot-parameters>): Add field store-crypto-devices.
(read-boot-parameters): Parse store-crypto-devices field.
[uuid-sexp->uuid]: New helper function extracted from
device-sexp->device.
(operating-system-bootloader-crypto-devices): New function.
(operating-system-bootcfg): Use
operating-system-bootloader-crypto-devices to provide its contents to
the bootloader configuration generation process.
(operating-system-boot-parameters): Add store-crypto-devices to the
generated boot-parameters.
(operating-system-boot-parameters-file): Likewise to the file with
the serialized structure.
* guix/scripts/system.scm (reinstall-bootloader): Use
boot-parameters-store-crypto-devices to provide its contents to the
bootloader configuration generation process.
* tests/boot-parameters.scm (%default-store-crypto-devices): New
variable.
(%grub-boot-parameters, test-read-boot-parameters): Use
%default-store-crypto-devices.
(tests store-crypto-devices): New tests.
---
 gnu/machine/ssh.scm | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'gnu/machine/ssh.scm')

diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 1b748c8da7..08c653ba17 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -484,6 +484,8 @@ an environment type of 'managed-host."
                                         (list (second boot-parameters))))
                        (locale -> (boot-parameters-locale
                                    (second boot-parameters)))
+                       (crypto-dev -> (boot-parameters-store-crypto-devices
+                                       (second boot-parameters)))
                        (store-dir -> (boot-parameters-store-directory-prefix
                                       (second boot-parameters)))
                        (old-entries -> (map boot-parameters->menu-entry
@@ -496,6 +498,7 @@ an environment type of 'managed-host."
                                     bootloader))
                                   bootloader entries
                                   #:locale locale
+                                  #:store-crypto-devices crypto-dev
                                   #:store-directory-prefix store-dir
                                   #:old-entries old-entries)))
                        (remote-result (machine-remote-eval machine remote-exp)))
-- 
cgit v1.2.3


From 61d8bd56a4644a72b964b680456da4332eb1ef6d Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Mon, 4 Jan 2021 11:29:17 +0100
Subject: machine: ssh: Do not import the host (guix config), really.

This is a followup to 70ffa8af1e93ab8a92c4622745e9cb4a2782f3c8, which
did not really solve the problem.

* gnu/machine/ssh.scm (not-config?): New procedure.
(machine-boot-parameters): Use it as an argument to
'source-module-closure'.
---
 gnu/machine/ssh.scm | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'gnu/machine/ssh.scm')

diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 08c653ba17..997d673e75 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Jakob L. Kreuze <zerodaysfordays@sdf.org>
-;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -346,6 +346,14 @@ by MACHINE."
 ;;; System deployment.
 ;;;
 
+(define not-config?
+  ;; Select (guix …) and (gnu …) modules, except (guix config).
+  (match-lambda
+    (('guix 'config) #f)
+    (('guix _ ...) #t)
+    (('gnu _ ...) #t)
+    (_ #f)))
+
 (define (machine-boot-parameters machine)
   "Monadic procedure returning a list of 'boot-parameters' for the generations
 of MACHINE's system profile, ordered from most recent to oldest."
@@ -354,9 +362,10 @@ of MACHINE's system profile, ordered from most recent to oldest."
 
   (define remote-exp
     (with-extensions (list guile-gcrypt)
-      (with-imported-modules (source-module-closure
-                              `(((guix config) => ,(make-config.scm))
-                                (guix profiles)))
+      (with-imported-modules `(((guix config) => ,(make-config.scm))
+                               ,@(source-module-closure
+                                  '((guix profiles))
+                                  #:select? not-config?))
         #~(begin
             (use-modules (guix config)
                          (guix profiles)
-- 
cgit v1.2.3