diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-11-01 22:14:47 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-11-01 22:24:20 +0100 |
commit | 6d6e628119a043b3d8dd309d3e6d5a35bcd37618 (patch) | |
tree | 673c7fc50dce36b6d7f27096be04a8b553dc52ad | |
parent | b8d2eda4a37a7e4c9fb529bd48899d87cefaf345 (diff) |
doc: Give an example with an encrypted root partition.
* gnu/system/examples/desktop.tmpl: Add 'mapped-devices' field.
Use it in 'file-systems'.
* doc/guix.texi (System Installation): Suggest encrypted partitions.
Give an example of a command sequence.
-rw-r--r-- | doc/guix.texi | 14 | ||||
-rw-r--r-- | gnu/system/examples/desktop.tmpl | 12 |
2 files changed, 22 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index e8b79ecf98..bd9b42b20f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5237,14 +5237,24 @@ Setting up network access is almost always a requirement because the image does not contain all the software and tools that may be needed. @item -Unless this has already been done, you must partition and format the -target partitions. +Unless this has already been done, you must partition, optionally +encrypt, and then format the target partitions. Preferably, assign partitions a label so that you can easily and reliably refer to them in @code{file-system} declarations (@pxref{File Systems}). This is typically done using the @code{-L} option of @command{mkfs.ext4} and related commands. +A typical command sequence may be: + +@example +# fdisk /dev/sdX +@dots{} Create partitions etc.@dots{} +# cryptsetup luksFormat /dev/sdX1 +# cryptsetup open --type luks /dev/sdX1 my-partition +# mkfs.ext4 -L my-root /dev/mapper/my-partition +@end example + The installation image includes Parted (@pxref{Overview,,, parted, GNU Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk encryption, and e2fsprogs, the suite of tools to manipulate diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl index 988b8f937f..41f66f693a 100644 --- a/gnu/system/examples/desktop.tmpl +++ b/gnu/system/examples/desktop.tmpl @@ -13,9 +13,17 @@ ;; Assuming /dev/sdX is the target hard disk, and "root" is ;; the label of the target root file system. (bootloader (grub-configuration (device "/dev/sdX"))) + + ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted + ;; root partition created with 'cryptsetup luksFormat'. + (mapped-devices (list (mapped-device + (source "/dev/sdX1") + (target "root-partition") + (type luks-device-mapping)))) + + ;; Mount said encrypted partition. (file-systems (cons (file-system - (device "root") - (title 'label) + (device "/dev/mapper/root-partition") (mount-point "/") (type "ext4")) %base-file-systems)) |