summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-11-04 10:27:12 +0100
committerLudovic Courtès <ludo@gnu.org>2015-11-04 10:54:39 +0100
commit316d65be0ca41c277349c4f0127513f98dbec680 (patch)
tree305a11b7655dc9d973ac60a441022a90934d3ccf
parent5ffea4776d33e73922aa5fdbb7ac4dafbfbf15c5 (diff)
downloadguix-316d65be0ca41c277349c4f0127513f98dbec680.tar.gz
doc: Back up on the claim of encrypted root partitions.
Reported by 宋文武 <iyzsong@openmailbox.org>
at <https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00096.html>.

* doc/guix.texi (System Installation): Comment out encrypted root
  partition commands.
* gnu/system/examples/desktop.tmpl (mapped-devices): Remove.
  (file-systems): Refer to the root by label.
* NEWS: Adjust.
-rw-r--r--NEWS3
-rw-r--r--doc/guix.texi23
-rw-r--r--gnu/system/examples/desktop.tmpl12
3 files changed, 16 insertions, 22 deletions
diff --git a/NEWS b/NEWS
index 5b884e31ae..269f0b8b42 100644
--- a/NEWS
+++ b/NEWS
@@ -74,7 +74,8 @@ Composition” in the manual.
     (http://bugs.gnu.org/21354)
 *** emacs: Fix guix-guile-program default value (http://bugs.gnu.org/21127)
 *** Compressed initrds no longer include timestamps
-*** Fix handling of encrypted root partitions (http://bugs.gnu.org/19190)
+*** Partly fix handling of encrypted root partitions
+    (http://bugs.gnu.org/19190)
 *** Python now includes tkinter (http://bugs.gnu.org/20889)
 *** Memoize the results of ‘package-with-python2’ (http://bugs.gnu.org/21675)
 *** Use the daemon's substitute URLs by default (http://bugs.gnu.org/20217)
diff --git a/doc/guix.texi b/doc/guix.texi
index 7898a1d3fb..7e5f9c774b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5310,23 +5310,24 @@ Setting up network access is almost always a requirement because the
 image does not contain all the software and tools that may be needed.
 
 @item
-Unless this has already been done, you must partition, optionally
-encrypt, and then format the target partitions.
+Unless this has already been done, you must partition, and then format
+the target partition.
 
 Preferably, assign partitions a label so that you can easily and
 reliably refer to them in @code{file-system} declarations (@pxref{File
 Systems}).  This is typically done using the @code{-L} option of
 @command{mkfs.ext4} and related commands.
 
-A typical command sequence may be:
-
-@example
-# fdisk /dev/sdX
-@dots{} Create partitions etc.@dots{}
-# cryptsetup luksFormat /dev/sdX1
-# cryptsetup open --type luks /dev/sdX1 my-partition
-# mkfs.ext4 -L my-root /dev/mapper/my-partition
-@end example
+@c FIXME: Uncomment this once GRUB fully supports encrypted roots.
+@c A typical command sequence may be:
+@c
+@c @example
+@c # fdisk /dev/sdX
+@c @dots{} Create partitions etc.@dots{}
+@c # cryptsetup luksFormat /dev/sdX1
+@c # cryptsetup open --type luks /dev/sdX1 my-partition
+@c # mkfs.ext4 -L my-root /dev/mapper/my-partition
+@c @end example
 
 The installation image includes Parted (@pxref{Overview,,, parted, GNU
 Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 7a479d1123..ee660e0589 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -13,17 +13,9 @@
   ;; Assuming /dev/sdX is the target hard disk, and "root" is
   ;; the label of the target root file system.
   (bootloader (grub-configuration (device "/dev/sdX")))
-
-  ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
-  ;; root partition created with 'cryptsetup luksFormat'.
-  (mapped-devices (list (mapped-device
-                          (source "/dev/sdX1")
-                          (target "root-partition")
-                          (type luks-device-mapping))))
-
-  ;; Mount said encrypted partition.
   (file-systems (cons (file-system
-                        (device "/dev/mapper/root-partition")
+                        (device "root")
+                        (title 'label)
                         (mount-point "/")
                         (type "ext4"))
                       %base-file-systems))