summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-11-01 22:14:47 +0100
committerLudovic Courtès <ludo@gnu.org>2015-11-01 22:24:20 +0100
commit6d6e628119a043b3d8dd309d3e6d5a35bcd37618 (patch)
tree673c7fc50dce36b6d7f27096be04a8b553dc52ad
parentb8d2eda4a37a7e4c9fb529bd48899d87cefaf345 (diff)
doc: Give an example with an encrypted root partition.
* gnu/system/examples/desktop.tmpl: Add 'mapped-devices' field. Use it in 'file-systems'. * doc/guix.texi (System Installation): Suggest encrypted partitions. Give an example of a command sequence.
-rw-r--r--doc/guix.texi14
-rw-r--r--gnu/system/examples/desktop.tmpl12
2 files changed, 22 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index e8b79ecf98..bd9b42b20f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5237,14 +5237,24 @@ Setting up network access is almost always a requirement because the
image does not contain all the software and tools that may be needed.
@item
-Unless this has already been done, you must partition and format the
-target partitions.
+Unless this has already been done, you must partition, optionally
+encrypt, and then format the target partitions.
Preferably, assign partitions a label so that you can easily and
reliably refer to them in @code{file-system} declarations (@pxref{File
Systems}). This is typically done using the @code{-L} option of
@command{mkfs.ext4} and related commands.
+A typical command sequence may be:
+
+@example
+# fdisk /dev/sdX
+@dots{} Create partitions etc.@dots{}
+# cryptsetup luksFormat /dev/sdX1
+# cryptsetup open --type luks /dev/sdX1 my-partition
+# mkfs.ext4 -L my-root /dev/mapper/my-partition
+@end example
+
The installation image includes Parted (@pxref{Overview,,, parted, GNU
Parted User Manual}), @command{fdisk}, Cryptsetup/LUKS for disk
encryption, and e2fsprogs, the suite of tools to manipulate
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 988b8f937f..41f66f693a 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -13,9 +13,17 @@
;; Assuming /dev/sdX is the target hard disk, and "root" is
;; the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sdX")))
+
+ ;; Here we assume that /dev/sdX1 contains a LUKS-encrypted
+ ;; root partition created with 'cryptsetup luksFormat'.
+ (mapped-devices (list (mapped-device
+ (source "/dev/sdX1")
+ (target "root-partition")
+ (type luks-device-mapping))))
+
+ ;; Mount said encrypted partition.
(file-systems (cons (file-system
- (device "root")
- (title 'label)
+ (device "/dev/mapper/root-partition")
(mount-point "/")
(type "ext4"))
%base-file-systems))