From 97c8aef15de89799ac01b62dd9b91245c23eefcb Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Thu, 14 Jul 2016 15:51:59 +0200 Subject: system: Add mapped devices for RAID. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/system/mapped-devices.scm (raid-device-mapping, open-raid-device, close-raid-device): New variables. * doc/guix.texi (Mapped Devices): Add documentation for RAID devices, reorganize documentation for LUKS devices. Co-authored-by: Ludovic Courtès --- doc/guix.texi | 113 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 74 insertions(+), 39 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index ec22d94a9a..de139e6b39 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6972,6 +6972,7 @@ and unmount user-space FUSE file systems. This requires the @cindex mapped devices The Linux kernel has a notion of @dfn{device mapping}: a block device, such as a hard disk partition, can be @dfn{mapped} into another device, +usually in @code{/dev/mapper/}, with additional processing over the data that flows through it@footnote{Note that the GNU@tie{}Hurd makes no difference between the concept of a ``mapped device'' and that of a file system: both boil down @@ -6981,42 +6982,14 @@ devices, like file systems, using the generic @dfn{translator} mechanism (@pxref{Translators,,, hurd, The GNU Hurd Reference Manual}).}. A typical example is encryption device mapping: all writes to the mapped device are encrypted, and all reads are deciphered, transparently. +Guix extends this notion by considering any device or set of devices that +are @dfn{transformed} in some way to create a new device; for instance, +RAID devices are obtained by @dfn{assembling} several other devices, such +as hard disks or partitions, into a new one that behaves as one partition. +Other examples, not yet implemented, are LVM logical volumes. -Mapped devices are declared using the @code{mapped-device} form: - -@example -(mapped-device - (source "/dev/sda3") - (target "home") - (type luks-device-mapping)) -@end example - -Or, better yet, like this: - -@example -(mapped-device - (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) - (target "home") - (type luks-device-mapping)) -@end example - -@cindex disk encryption -@cindex LUKS -This example specifies a mapping from @file{/dev/sda3} to -@file{/dev/mapper/home} using LUKS---the -@url{http://code.google.com/p/cryptsetup,Linux Unified Key Setup}, a -standard mechanism for disk encryption. In the second example, the UUID -(unique identifier) is the LUKS UUID returned for the device by a -command like: - -@example -cryptsetup luksUUID /dev/sdx9 -@end example - -The @file{/dev/mapper/home} -device can then be used as the @code{device} of a @code{file-system} -declaration (@pxref{File Systems}). The @code{mapped-device} form is -detailed below. +Mapped devices are declared using the @code{mapped-device} form, +defined as follows; for examples, see below. @deftp {Data Type} mapped-device Objects of this type represent device mappings that will be made when @@ -7024,13 +6997,17 @@ the system boots up. @table @code @item source -This string specifies the name of the block device to be mapped, such as -@code{"/dev/sda3"}. +This is either a string specifying the name of the block device to be mapped, +such as @code{"/dev/sda3"}, or a list of such strings when several devices +need to be assembled for creating a new one. @item target -This string specifies the name of the mapping to be established. For -example, specifying @code{"my-partition"} will lead to the creation of +This string specifies the name of the resulting mapped device. For +kernel mappers such as encrypted devices of type @code{luks-device-mapping}, +specifying @code{"my-partition"} leads to the creation of the @code{"/dev/mapper/my-partition"} device. +For RAID devices of type @code{raid-device-mapping}, the full device name +such as @code{"/dev/md0"} needs to be given. @item type This must be a @code{mapped-device-kind} object, which specifies how @@ -7044,6 +7021,64 @@ command from the package with the same name. It relies on the @code{dm-crypt} Linux kernel module. @end defvr +@defvr {Scheme Variable} raid-device-mapping +This defines a RAID device, which is assembled using the @code{mdadm} +command from the package with the same name. It requires a Linux kernel +module for the appropriate RAID level to be loaded, such as @code{raid456} +for RAID-4, RAID-5 or RAID-6, or @code{raid10} for RAID-10. +@end defvr + +@cindex disk encryption +@cindex LUKS +The following example specifies a mapping from @file{/dev/sda3} to +@file{/dev/mapper/home} using LUKS---the +@url{http://code.google.com/p/cryptsetup,Linux Unified Key Setup}, a +standard mechanism for disk encryption. +The @file{/dev/mapper/home} +device can then be used as the @code{device} of a @code{file-system} +declaration (@pxref{File Systems}). + +@example +(mapped-device + (source "/dev/sda3") + (target "home") + (type luks-device-mapping)) +@end example + +Alternatively, to become independent of device numbering, one may obtain +the LUKS UUID (@dfn{unique identifier}) of the source device by a +command like: + +@example +cryptsetup luksUUID /dev/sda3 +@end example + +and use it as follows: + +@example +(mapped-device + (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) + (target "home") + (type luks-device-mapping)) +@end example + +A RAID device formed of the partitions @file{/dev/sda1} and @file{/dev/sdb1} +may be declared as follows: + +@example +(mapped-device + (source (list "/dev/sda1" "/dev/sdb1")) + (target "/dev/md0") + (type raid-device-mapping)) +@end example + +The @file{/dev/md0} device can then be used as the @code{device} of a +@code{file-system} declaration (@pxref{File Systems}). +Note that the RAID level need not be given; it is chosen during the +initial creation and formatting of the RAID device and is determined +automatically later. + + @node User Accounts @subsection User Accounts -- cgit v1.2.3 From 6e42660b12c006f27381e516d9e5119a64788638 Mon Sep 17 00:00:00 2001 From: ng0 Date: Sun, 10 Jul 2016 19:15:38 +0000 Subject: doc: Better illustration use of package revision numbers. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Version Numbers): Add the revision to the example of the git package used in 7.6.3. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index de139e6b39..9fb125dfea 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -21,7 +21,8 @@ Copyright @copyright{} 2015, 2016 Leo Famulari@* Copyright @copyright{} 2015, 2016 Ricardo Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016 Chris Marusich@* -Copyright @copyright{} 2016 Efraim Flashner +Copyright @copyright{} 2016 Efraim Flashner@* +Copyright @copyright{} 2016 ng0 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -11513,9 +11514,10 @@ definition may look like this: @example (define my-package - (let ((commit "c3f29bc928d5900971f65965feaae59e1272a3f7")) + (let ((commit "c3f29bc928d5900971f65965feaae59e1272a3f7") + (revision "1")) ;Guix package revision (package - (version (string-append "0.9-1." + (version (string-append "0.9-" revision "." (string-take commit 7))) (source (origin (method git-fetch) -- cgit v1.2.3 From debc6360e111e8efc8a938b2aef28e5b3616ada8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 26 Jul 2016 15:07:29 +0200 Subject: doc: Explain authentication in "System Installation". Suggested by Vincent Legoll . * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): New constant. (Binary Installation): Use it. (USB Stick Installation): Copy and adjust the authentication bit from "Binary Installation". --- doc/guix.texi | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 9fb125dfea..8ab4522140 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9,6 +9,9 @@ @include version.texi +@c Identifier of the OpenPGP key used to sign tarballs and such. +@set OPENPGP-SIGNING-KEY-ID 090B11993D9AEBB5 + @copying Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@* @@ -374,6 +377,7 @@ Download the binary tarball from where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine already running the kernel Linux, and so on. +@c The following is somewhat duplicated in ``System Installation''. Make sure to download the associated @file{.sig} file and to verify the authenticity of the tarball against it, along these lines: @@ -386,11 +390,12 @@ If that command fails because you do not have the required public key, then run this command to import it: @example -$ gpg --keyserver pgp.mit.edu --recv-keys 090B11993D9AEBB5 +$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID} @end example @noindent and rerun the @code{gpg --verify} command. +@c end authentication part @item As @code{root}, run: @@ -6134,6 +6139,26 @@ for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs; for a 32-bit GNU/Linux system on Intel-compatible CPUs. @end table +@c start duplication of authentication part from ``Binary Installation'' +Make sure to download the associated @file{.sig} file and to verify the +authenticity of the image against it, along these lines: + +@example +$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-usb-install-@value{VERSION}.@var{system}.xz.sig +$ gpg --verify guixsd-usb-install-@value{VERSION}.@var{system}.xz.sig +@end example + +If that command fails because you do not have the required public key, +then run this command to import it: + +@example +$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID} +@end example + +@noindent +and rerun the @code{gpg --verify} command. +@c end duplication + This image contains a single partition with the tools necessary for an installation. It is meant to be copied @emph{as is} to a large-enough USB stick. -- cgit v1.2.3 From 201855221fa426851556b973e39f21e5ced7dfdf Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 26 Jul 2016 17:59:25 +0200 Subject: environment: Set 'GUIX_ENVIRONMENT' to the profile. * guix/scripts/environment.scm (create-environment): Set 'GUIX_ENVIRONMENT' to PROFILE. * tests/guix-environment.sh: Test it. * doc/guix.texi (Invoking guix environment): Document it. --- doc/guix.texi | 10 +++++++++- guix/scripts/environment.scm | 5 +++-- tests/guix-environment.sh | 4 ++++ 3 files changed, 16 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 8ab4522140..786fe551ba 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5456,7 +5456,8 @@ details on Bash start-up files.}. @vindex GUIX_ENVIRONMENT @command{guix environment} defines the @code{GUIX_ENVIRONMENT} -variable in the shell it spawns. This allows users to, say, define a +variable in the shell it spawns; its value is the file name of the +profile of this environment. This allows users to, say, define a specific prompt for development environments in their @file{.bashrc} (@pxref{Bash Startup Files,,, bash, The GNU Bash Reference Manual}): @@ -5467,6 +5468,13 @@ then fi @end example +@noindent +... or to browse the profile: + +@example +$ ls "$GUIX_ENVIRONMENT/bin" +@end example + Additionally, more than one package may be specified, in which case the union of the inputs for the given packages are used. For example, the command below spawns a shell where all of the dependencies of both Guile diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index ebe966f9cf..9f72b7bf24 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -90,8 +90,9 @@ existing enviroment variables with additional search paths." (evaluate-profile-search-paths profile paths)) ;; Give users a way to know that they're in 'guix environment', so they can - ;; adjust 'PS1' accordingly, for instance. - (setenv "GUIX_ENVIRONMENT" "t")) + ;; adjust 'PS1' accordingly, for instance. Set it to PROFILE so users can + ;; conveniently access its contents. + (setenv "GUIX_ENVIRONMENT" profile)) (define (show-search-paths profile search-paths pure?) "Display SEARCH-PATHS applied to PROFILE. When PURE? is #t, do not augment diff --git a/tests/guix-environment.sh b/tests/guix-environment.sh index 0b5123ab45..68343520b0 100644 --- a/tests/guix-environment.sh +++ b/tests/guix-environment.sh @@ -57,6 +57,10 @@ else test $? = 42 fi +# Make sure 'GUIX_ENVIRONMENT' points to the profile. +guix environment --bootstrap --ad-hoc guile-bootstrap --pure \ + -- "$SHELL" -c 'test -f "$GUIX_ENVIRONMENT/bin/guile"' + case "`uname -m`" in x86_64) # On x86_64, we should be able to create a 32-bit environment. -- cgit v1.2.3