假设我有一个 LUKS 分区,它加密了根文件系统,其密钥驻留在另一个文件系统中。
(mapped-devices (list
(mapped-device
(type (luks-device-mapping-with-options #:key-file "/early-mount/luks-key"))
(source "/dev/sda1")
(target "operating-system")
)
))
我如何config.scm在 LUKS 解密步骤之前通过文件指示 Guix 挂载第二个文件系统?
尝试#1
我尝试(needed-for-boot? #t)在第二个文件系统上进行设置,但检查生成的 initrd 脚本时,它仍尝试在挂载之前解密。
(file-system
(mount-point "/early-mount")
(device (file-system-label "early-mount"))
(type "ext4")
(needed-for-boot? #t) ; This doesn't move it to #:pre-mount
)
尝试#2
(filter)还尝试通过和设置根文件系统的依赖关系,(file-system-mount-point-predicate)但出现错误:
错误:文件系统:未绑定变量
这是有道理的,因为它正处于定义之中(file-systems)
(file-systems (cons*
(file-system ...) ; early-mount definition
(file-system
(mount-point "/")
(device "/dev/mapper/operating-system")
(type "ext4")
(dependencies (cons*
(filter
(file-system-mount-point-predicate "/early-mount")
file-systems ; This is currently being defined so it's not available yet
)
mapped-devices
))
)
%base-file-systems
))
尝试#3
尝试为第二个文件系统创建一个局部变量(let),目的是将其插入到(file-systems)以及下,(dependencies)但出现错误:
错误:(let ...):无效的字段说明符
(let
(
(early-mount
(file-system
(mount-point "/early-mount")
(device (file-system-label "early-mount"))
(type "ext4")
(needed-for-boot? #t)
)
)
)
(file-systems (cons*
early-mount
(file-system
(mount-point "/")
(device "/dev/mapper/operating-system")
(type "ext4")
(dependencies (cons*
early-mount
mapped-devices
))
)
%base-file-systems
))
)
尝试#4
然后尝试重复第二个文件系统(file-system)条目,这实际上允许我部署配置:
(file-systems (cons*
(file-system ...) ; early-mount definition
(file-system
(mount-point "/")
(device "/dev/mapper/operating-system")
(type "ext4")
(dependencies (cons*
(file-system ...) ; early-mount definition, copy/pasted
mapped-devices
))
)
%base-file-systems
))
/early-mount然而,这会在启动期间尝试提示我输入密码,这让我相信在尝试打开 LUKS 之前无法挂载。
