From adce91a3ec0cb2912daa6eefe9324c15ff3126f7 Mon Sep 17 00:00:00 2001 From: Josselin Poiret Date: Mon, 15 Nov 2021 20:53:39 +0000 Subject: gnu: system: Add LUKS2 support for the root file system. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/bootloader/grub.scm (grub-configuration-file): Add 'insmod luks2'. * gnu/system/mapped-devices.scm (open-luks-device): Create '/run/cryptsetup/' directory. Signed-off-by: Ludovic Courtès --- gnu/system/mapped-devices.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'gnu/system') diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 518dbc4fe8..96a381d5fe 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -192,7 +192,8 @@ option of @command{guix system}.\n") "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure - '((gnu build file-systems))) + '((gnu build file-systems) + (guix build utils))) ;; For mkdir-p (match targets ((target) #~(let ((source #$(if (uuid? source) @@ -201,7 +202,12 @@ option of @command{guix system}.\n") ;; XXX: 'use-modules' should be at the top level. (use-modules (rnrs bytevectors) ;bytevector? ((gnu build file-systems) - #:select (find-partition-by-luks-uuid))) + #:select (find-partition-by-luks-uuid)) + ((guix build utils) #:select (mkdir-p))) + + ;; Create '/run/cryptsetup/' if it does not exist, as device locking + ;; is mandatory for LUKS2. + (mkdir-p "/run/cryptsetup/") ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the ;; whole world inside the initrd (for when we're in an initrd). -- cgit v1.2.3 From b42bfbdfe55eea56234a91c33ef12b9fe198766d Mon Sep 17 00:00:00 2001 From: Attila Lendvai Date: Thu, 2 Dec 2021 20:18:56 +0100 Subject: guix system vm: Add --no-graphic CLI argument. It configures QEMU to use the tty it was started in for IO (as opposed to opening a separate graphical window). This enables copy-pasting and scrollback. Exit QEMU with C-a x. * gnu/system/vm.scm (system-qemu-image/shared-store-script): Also add the '-nographic' QEMU argument when called with #:graphic? #false. * guix/scripts/system.scm (system-derivation-for-action): Propagate the #:graphic? keyword arg. (perform-action): Add and propagate the #:graphic? keyword arg. (show-help): Add --no-graphic CLI arg. (%options): Process the new --no-graphic CLI arg. (process-action): Feed in the CLI arg through the #:graphic? keyword arg. * doc/guix.texi (Invoking guix system): Add example to combine guix system and invoking the vm start script into one command. Split the description of the various options into separate paragraphs. Add a paragraph to describe --no-graphic. Signed-off-by: Mathieu Othacehe --- doc/guix.texi | 23 +++++++++++++++++++---- gnu/system/vm.scm | 2 ++ guix/scripts/system.scm | 10 ++++++++++ 3 files changed, 31 insertions(+), 4 deletions(-) (limited to 'gnu/system') diff --git a/doc/guix.texi b/doc/guix.texi index a675631b79..9914829b2b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -34506,8 +34506,8 @@ passed. @cindex virtual machine @cindex VM @anchor{guix system vm} -Build a virtual machine that contains the operating system declared in -@var{file}, and return a script to run that virtual machine (VM). +Build a virtual machine (VM) that contains the operating system declared +in @var{file}, and return a script to run that VM. @quotation Note The @code{vm} action and others below @@ -34526,6 +34526,12 @@ emulated machine: $ /gnu/store/@dots{}-run-vm.sh -m 1024 -smp 2 -nic user,model=virtio-net-pci @end example +It's possible to combine the two steps into one: + +@example +$ $(guix system vm my-config.scm) -m 1024 -smp 2 -nic user,model=virtio-net-pci +@end example + The VM shares its store with the host system. Additional file systems can be shared between the host and the VM using @@ -34549,8 +34555,17 @@ store of the host can then be mounted. The @option{--full-boot} option forces a complete boot sequence, starting with the bootloader. This requires more disk space since a root image containing at least the kernel, initrd, and bootloader data files must -be created. The @option{--image-size} option can be used to specify the -size of the image. +be created. + +The @option{--image-size} option can be used to specify the size of the +image. + +The @option{--no-graphic} option will instruct @command{guix system} to +spawn a headless VM that will use the invoking tty for IO. Among other +things, this enables copy-pasting, and scrollback. Use the @kbd{ctrl-a} +prefix to issue QEMU commands; e.g. @kbd{ctrl-a h} prints a help, +@kbd{ctrl-a x} quits the VM, and @kbd{ctrl-a c} switches between the +QEMU monitor and the VM. @cindex System images, creation in various formats @cindex Creating system images in various formats diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 1e2d8b47c2..0a95302584 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -754,6 +754,8 @@ it is mostly useful when FULL-BOOT? is true." (define qemu-exec #~(list #+(file-append qemu "/bin/" (qemu-command (or target system))) + ;; Tells qemu to use the terminal it was started in for IO. + #$@(if graphic? '() #~("-nographic")) #$@(if full-boot? #~() #~("-kernel" #$(operating-system-kernel-file os) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 7faa92fd7d..1db788a534 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -689,6 +689,7 @@ checking this by themselves in their 'check' procedure." (define* (system-derivation-for-action image action #:key full-boot? + (graphic? #t) container-shared-network? mappings) "Return as a monadic value the derivation for IMAGE according to ACTION." @@ -706,6 +707,7 @@ checking this by themselves in their 'check' procedure." ((vm) (system-qemu-image/shared-store-script os #:full-boot? full-boot? + #:graphic? graphic? #:disk-image-size (if full-boot? image-size @@ -772,6 +774,7 @@ and TARGET arguments." dry-run? derivations-only? use-substitutes? target full-boot? + (graphic? #t) container-shared-network? (mappings '()) (gc-root #f)) @@ -825,6 +828,7 @@ static checks." (mlet* %store-monad ((sys (system-derivation-for-action image action #:full-boot? full-boot? + #:graphic? graphic? #:container-shared-network? container-shared-network? #:mappings mappings)) @@ -1012,6 +1016,8 @@ Some ACTIONS support additional ARGS.\n")) register it as a garbage collector root")) (display (G_ " --full-boot for 'vm', make a full boot sequence")) + (display (G_ " + --no-graphic for 'vm', use the tty that we are started in for IO")) (display (G_ " --skip-checks skip file system and initrd module safety checks")) (display (G_ " @@ -1081,6 +1087,9 @@ Some ACTIONS support additional ARGS.\n")) (option '("full-boot") #f #f (lambda (opt name arg result) (alist-cons 'full-boot? #t result))) + (option '("no-graphic") #f #f + (lambda (opt name arg result) + (alist-cons 'no-graphic? #t result))) (option '("save-provenance") #f #f (lambda (opt name arg result) (alist-cons 'save-provenance? #t result))) @@ -1266,6 +1275,7 @@ resulting from command-line parsing." #:validate-reconfigure (assoc-ref opts 'validate-reconfigure) #:full-boot? (assoc-ref opts 'full-boot?) + #:graphic? (not (assoc-ref opts 'no-graphic?)) #:container-shared-network? (assoc-ref opts 'container-shared-network?) #:mappings (filter-map (match-lambda -- cgit v1.2.3 From 3354e41c1e83a38a15df4513373ca6aa2886af1a Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Fri, 3 Dec 2021 14:25:57 +0100 Subject: system: vm: Remove the vga argument. * gnu/system/vm.scm (common-qemu-options): Remove the "-vga std" argument that is the default since QEMU 2.2. Suggested-by: Attila Lendvai --- gnu/system/vm.scm | 1 - 1 file changed, 1 deletion(-) (limited to 'gnu/system') diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 0a95302584..f1541cf30c 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -712,7 +712,6 @@ with '-virtfs' options for the host file systems listed in SHARED-FS." "-device" "virtio-rng-pci,rng=guixsd-vm-rng" #$@(map virtfs-option shared-fs) - "-vga std" (format #f "-drive file=~a,if=virtio,cache=writeback,werror=report,readonly=on" #$image))) -- cgit v1.2.3