From adce91a3ec0cb2912daa6eefe9324c15ff3126f7 Mon Sep 17 00:00:00 2001 From: Josselin Poiret Date: Mon, 15 Nov 2021 20:53:39 +0000 Subject: gnu: system: Add LUKS2 support for the root file system. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod luks2'. * gnu/system/mapped-devices.scm (open-luks-device): Create '/run/cryptsetup/' directory. Signed-off-by: Ludovic Courtès --- gnu/system/mapped-devices.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'gnu/system') diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 518dbc4fe8..96a381d5fe 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -192,7 +192,8 @@ option of @command{guix system}.\n") "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure - '((gnu build file-systems))) + '((gnu build file-systems) + (guix build utils))) ;; For mkdir-p (match targets ((target) #~(let ((source #$(if (uuid? source) @@ -201,7 +202,12 @@ option of @command{guix system}.\n") ;; XXX: 'use-modules' should be at the top level. (use-modules (rnrs bytevectors) ;bytevector? ((gnu build file-systems) - #:select (find-partition-by-luks-uuid))) + #:select (find-partition-by-luks-uuid)) + ((guix build utils) #:select (mkdir-p))) + + ;; Create '/run/cryptsetup/' if it does not exist, as device locking + ;; is mandatory for LUKS2. + (mkdir-p "/run/cryptsetup/") ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the ;; whole world inside the initrd (for when we're in an initrd). -- cgit v1.2.3