Received: (at 73654-done) by debbugs.gnu.org; 22 Mar 2025 15:02:34 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 11:02:34 2025 Received: from localhost ([127.0.0.1]:44569 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tw0Ms-0005Pv-E4 for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 11:02:34 -0400 Received: from mail-pl1-x634.google.com ([2607:f8b0:4864:20::634]:44348) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1tw0Mq-0005Pe-0N for 73654-done <at> debbugs.gnu.org; Sat, 22 Mar 2025 11:02:32 -0400 Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-223fb0f619dso61687305ad.1 for <73654-done <at> debbugs.gnu.org>; Sat, 22 Mar 2025 08:02:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742655746; x=1743260546; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=ytmx7Qhrb61IHuzkXio+/KGKVo8FApoi1wQuosbZuJY=; b=h/rb9WOOb4vJA12+5I0aM0+dPAiI3kqFvlpujxKcNJOXOU9MsDctLK9dN1u6ZD0+8l Q0OgAF0+ozamUx2gHXA4U6reEypnrWA84hsm4cQPgSiYVooI/I9zgljLzrF6HA4ozcjR DQ2407ZCDCCiBRJoeKMyKkuEttLrbzSXJOuRWmrrr7cy7f+YhefvCZd97Kf2igG2e+yy Z2z28BYEQJ7o1jWEPSg32KrpdpaSD8AgG8wkhm//8ukI/PX6OnASm8BiUBE/G62CKTTw fkkkyH60ZqS4lz9BLPB2jvfDU/ukZNoJmb/VlaRs+8wdgHDanSt2SH2kbOVTR9EJfuqk A2Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742655746; x=1743260546; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ytmx7Qhrb61IHuzkXio+/KGKVo8FApoi1wQuosbZuJY=; b=GE5qfwNjiG20Gv7iYUK7SaeLofDOx9jzP/L5VCsboghbLxefAEbO/ypm8TEZWSzgQc iKBxMNWkDrhYEv4b7+7yFj7rGcVvAdCvIBkcSgZl9CsYcj1SXmbiKUjb070wUT/YVQPl E9OZNciHgU2JjrNw8f8iXMfE4SX89/C8XaSp023OEBSkDLuVojMpawVS9EvkcBi/kXUs PMMkW/z2+bnlV6lNLtd8hegpQdXgQF+v96fiZV5jdW7zoGIAq8HakhZs3QAhyt2ojEWv 45NU2qXv9EgTDYwCfa0ncq9cohzgT16SN/oKRTp7ynoMnmYsBXWxo5+AVWyNkYOjZ658 vJLQ== X-Gm-Message-State: AOJu0YyWr1ypRzxpAu0Sz9zVVH3Vb3Kflr9O6F16BzsMM/i74fZIdMK3 wk7VlkAy2mOvDx8vc3WsoquHWoL/rwAScE+oNbtJvW2P3sv+efNc X-Gm-Gg: ASbGncvCVJP4FbPSHAQST1aAODbYcgeMdnXyyKZQdl9hi0RzVyNcoRIaNpk0g8KNfGV dzIZslyXOOtdnic9uyeiSfCGHzqlLnIg1Qyj5LEjl8OThn9/LQuzm822NwuTFoBVViQ7xdOHIJc FmQuGSYuoRGzrbgHjOQk5agOhlDenp5FwCsjhXMWMX+QQLI6rd6zh7gTrOmTaxsXSqbR+epYEfi ssPbeWxgOR0w2lQCspK7efX4iINvRa0axYqQrw0TmN06S6OBiXKXtHwjsTmgPFBACmkza6nyO2b Id8COypEdt7YcqYf6AHOfewV23Hl+Ff4yGnR0zhs81E= X-Google-Smtp-Source: AGHT+IFsolQ56aerZA499SkqpjRHYRP/SfYV5dcS6sdOcjmV6e3aY/q+FstrvMA3xC64ChgPxIoVsQ== X-Received: by 2002:a05:6a20:7351:b0:1f5:6e00:14da with SMTP id adf61e73a8af0-1fe433195a3mr13878303637.40.1742655745562; Sat, 22 Mar 2025 08:02:25 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7390618f123sm4240462b3a.179.2025.03.22.08.02.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Mar 2025 08:02:24 -0700 (PDT) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Tomas Volf <~@wolfsden.cz> Subject: Re: bug#73654: [PATCH] gnu: luks-device-mapping-with-options: Add allow-discards? argument. In-Reply-To: <87r02pgpb8.fsf@HIDDEN> (Maxim Cournoyer's message of "Sat, 22 Mar 2025 22:36:27 +0900") References: <20241006094239.7157-1-sisiutl@HIDDEN> <94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN> <87h63nqoqj.fsf@HIDDEN> <87r02pgpb8.fsf@HIDDEN> Date: Sun, 23 Mar 2025 00:02:10 +0900 Message-ID: <87h63lglcd.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 73654-done Cc: 73654-done <at> debbugs.gnu.org, sisiutl@HIDDEN, ludo@HIDDEN, soeren@HIDDEN, hako@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hello, Pushed as commit 7aa855b05b. -- Thanks, Maxim
Sisiutl <sisiutl@HIDDEN>:Maxim Cournoyer <maxim.cournoyer@HIDDEN>:
Received: (at 73654) by debbugs.gnu.org; 22 Mar 2025 13:36:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 09:36:52 2025
Received: from localhost ([127.0.0.1]:41591 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tvz1w-00064K-29
for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:36:52 -0400
Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]:42110)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1tvz1t-000642-De
for 73654 <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:36:50 -0400
Received: by mail-pl1-x629.google.com with SMTP id
d9443c01a7336-2235189adaeso54924505ad.0
for <73654 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 06:36:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742650603; x=1743255403; darn=debbugs.gnu.org;
h=mime-version:user-agent:message-id:date:references:in-reply-to
:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=Qj7MPMeREzC5z43fqT8rVYEY0hUClsBmNc83WD3yKMs=;
b=I7ix4aWne8Wc4474nt3BZnCEWUW31f6BDeQP1rBGl80nlXcni3gG9xO1/GxBpvoYX5
HV4e/hLQx7m3sgFNwsPBSAvor1+wryp/3PGNFmMF3Lw5bCFAA9eY7YwOhVd7KY9vGwio
bEdCWzlN+cK4amkYNgAjRrHdY221PXsZkam3A3Ss/1KbAVsivdWX6swQ1Ok6qYXc6HV+
QVfrWnBl3pyLqkgtoqS1zXiMKNzKP2lYGUlsqo3TsK97CPfRFSJRU/zEAOGjX7rYVcxg
Ing0BsHawPXYEYCwUO0WADZll19BiYfNhxWlOB5nqJx3PWC3kjcZXHo4IKhgSbFyKUjC
I+ag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742650603; x=1743255403;
h=mime-version:user-agent:message-id:date:references:in-reply-to
:subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=Qj7MPMeREzC5z43fqT8rVYEY0hUClsBmNc83WD3yKMs=;
b=T9WnuiGdOb0x+qtXO4O/v0x2MlLNcHqNmpLHcB635ir1kus/8uPH+MNW+TK7lpiAqQ
0x8WLlZs5D4eGZBJVQ+aa/FDG7U50cXoGHUnhfNE70wO8eVa0xKI/VpcQoBbbHG6XtYh
Agvn6LzgPhwO2yhJgt6CBZe7gUlmv+IHLzB2n9uo1fjLSsNpQBx2OshPwMq4vifqoYDT
8jPCu34PS7nkkzfusdBywm7mXoSikycpzeOUCVBI4CnwbR7n02ijH9h8cas18yEHX3EC
vqzqKFZUeAElvbGFqoav/HL18JGvvFmqpcAujG1jI5Xpbw9sx3wqeeFwPL9Cg6cxmQD5
fhFg==
X-Forwarded-Encrypted: i=1;
AJvYcCXU1mn77/KZ0evllk7aGvWuzVimNgtWJmR/vAeR5tp4hCt5U/hFMvtw1I4OiJjj5QZOKpOmmw==@debbugs.gnu.org
X-Gm-Message-State: AOJu0Yz2Wz9hZWyTtYwfzpvzRj6SEFbeGVUVpDeg5PIJBC1d6CzNKXge
T+qybDL6sKKoQdsN2LI0MkUUS2mkQ2pdViEJBI35i2wWmESqnXcH
X-Gm-Gg: ASbGncs7iNG0Di7X7FL8iwzgBX27NQooFOJWHs2rxd8maRbhtoumVI9qjBVSJkoBIWR
D8k0CGxY2q2NulizGVfBZ5Hgr8/RPhLl5NXG2BIiBr9vgRAG1PQhv2G+dBep/YY4qAfuJeGY1pG
GnTuz2OSMZVmdoUtSniZ5RJuK1OEd8dWIE97vKyygb7xE1hLvHJjqSUvulpHvHF9su08MpfQY9T
q2HOkLhTxQ4erN8AD/kVT5Ro5Uwl6rNJwdsHsIi7fk/aexwIo6irXD09gGCE0VBRTJifoBNY+BR
Yzenu0ceFEPL/8ltMJesI2nvO8HQc+XhKwaRxeeqCFI=
X-Google-Smtp-Source: AGHT+IF5iQRAX64WwWDFx5a0I0zmjaRynVMeDa1yT3YbStGDS5jre4EJknaGpd44dljpbme6c+fe/g==
X-Received: by 2002:a17:903:1a27:b0:21f:98fc:8414 with SMTP id
d9443c01a7336-2265e7c2830mr190772525ad.26.1742650603085;
Sat, 22 Mar 2025 06:36:43 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-227811f6725sm35415115ad.236.2025.03.22.06.36.40
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 22 Mar 2025 06:36:42 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Tomas Volf <~@wolfsden.cz>
Subject: Re: [bug#73654] [PATCH v4] mapped-devices: luks: Support passing
--allow-discards during open
In-Reply-To: <87h63nqoqj.fsf@HIDDEN> (Tomas Volf's message of "Fri, 21
Mar 2025 00:14:12 +0100")
References: <20241006094239.7157-1-sisiutl@HIDDEN>
<94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
<87h63nqoqj.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 22:36:27 +0900
Message-ID: <87r02pgpb8.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 73654
Cc: 73654 <at> debbugs.gnu.org, sisiutl@HIDDEN, ludo@HIDDEN,
hako@HIDDEN, soeren@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi,
Tomas Volf <~@wolfsden.cz> writes:
[...]
>> + ;; We want to fallback to the password unlock if the keyfile fails.
>> + (or (and keyfile
>> + (zero?
>> + (apply system*/tty
>> + #$(file-append cryptsetup-static "/sbin/cryptsetup")
>> + "--key-file" keyfile
>> + cryptsetup-flags)))
>
> I am not sure about passing the --key-file before the `open' command.
> It does seem to work (currently), but I am not sure we should assume it
> always will.
It's documented as such, per 'cryptsetup --help':
--8<---------------cut here---------------start------------->8---
cryptsetup 2.6.1 flags: UDEV BLKID KEYRING KERNEL_CAPI
Usage: cryptsetup [OPTION...] <action> <action-specific>
Help options:
-?, --help Show this help message
--usage Display brief usage
-V, --version Print package version
--active-name=STRING Override device autodetection of dm device to be reencrypted
--align-payload=SECTORS Align payload at <n> sector boundaries - for luksFormat
--allow-discards Allow discards (aka TRIM) requests for device
--8<---------------cut here---------------end--------------->8---
There are many options though perhaps we should just provide a
#:extra-args escape hatch.
--
Thanks,
Maxim
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 20 Mar 2025 23:14:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 20 19:14:20 2025
Received: from localhost ([127.0.0.1]:59556 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tvP5f-00017n-7Y
for submit <at> debbugs.gnu.org; Thu, 20 Mar 2025 19:14:20 -0400
Received: from wolfsden.cz ([37.205.8.62]:36562)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tvP5b-000175-5v
for 73654 <at> debbugs.gnu.org; Thu, 20 Mar 2025 19:14:17 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
id C3A3B379390; Thu, 20 Mar 2025 23:14:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1742512453; bh=ERqdoM4mnrDJTg460aXzHVVFR2XppWSj2AdP/Hc3L3k=;
h=From:To:Cc:Subject:In-Reply-To:References:Date;
b=qRs3C3nYbaonVFL3XwngFLmcPOftjUYSAiEQTAQcFH+TJ4T8YF/P3Rx8+4hjiYQca
ov3hX8+v6GdqimfQ27bn5g91hp8xGKbeAoGRLnvscyPeqRooa1zRpOd5PNTGTPCK8X
yvL7BZk2mhpzbxFO2L/gAU0TzpyKXU2aDiCOVb9jUAE+Ko0iWjLDHCtVLSKnrvVrP+
sX96hj7jbMhd2gwnmUeMI4dAlj1az0jq+pHaEyeF8Yq02TSIY/m0SCowsh1hlCmlyE
cLjLWklIgc4yjac7087b+PdDLaE76A/QGzFLrsKzaOJF1EaQ/LSYb2rcpiyzDy2Gs9
QJCwWdX7srYtGUuktquFyNsJkyleHo4aPzlISpuSmCIezu2JBtjLMEZPO3OY/Clc/n
D4utuMLbAuBxNDv7hevDKTy173J+EOXPj7a3ZKsd9sSwLpWkLlEiBQyIdByssQC8Ox
UmD+wcHT39an0g8EapRmH8yQFckE3r0iwgJRf+I8dOKfi2BQgDIxxFKXoFga3RKYY1
+4a7UTfNdA8+6HHJ4sCYfcdZPEnPGBbGvW8kgl34o6ZedQ1LUAeQmLGR1Pr94B8R4o
lkC4sQvEZAsWdv27cDwAh/RRvzk2ytdE0Z61O0aNThSavVqAGGOIEykg1K+ggmFsiJ
M0jFH7EePvu2PdoF9oTk2NEs=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level:
X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED
autolearn=ham autolearn_force=no version=3.4.6
Received: from localhost (unknown [128.0.188.242])
by wolfsden.cz (Postfix) with ESMTPSA id 2C8AD37938F;
Thu, 20 Mar 2025 23:14:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1742512453; bh=ERqdoM4mnrDJTg460aXzHVVFR2XppWSj2AdP/Hc3L3k=;
h=From:To:Cc:Subject:In-Reply-To:References:Date;
b=qRs3C3nYbaonVFL3XwngFLmcPOftjUYSAiEQTAQcFH+TJ4T8YF/P3Rx8+4hjiYQca
ov3hX8+v6GdqimfQ27bn5g91hp8xGKbeAoGRLnvscyPeqRooa1zRpOd5PNTGTPCK8X
yvL7BZk2mhpzbxFO2L/gAU0TzpyKXU2aDiCOVb9jUAE+Ko0iWjLDHCtVLSKnrvVrP+
sX96hj7jbMhd2gwnmUeMI4dAlj1az0jq+pHaEyeF8Yq02TSIY/m0SCowsh1hlCmlyE
cLjLWklIgc4yjac7087b+PdDLaE76A/QGzFLrsKzaOJF1EaQ/LSYb2rcpiyzDy2Gs9
QJCwWdX7srYtGUuktquFyNsJkyleHo4aPzlISpuSmCIezu2JBtjLMEZPO3OY/Clc/n
D4utuMLbAuBxNDv7hevDKTy173J+EOXPj7a3ZKsd9sSwLpWkLlEiBQyIdByssQC8Ox
UmD+wcHT39an0g8EapRmH8yQFckE3r0iwgJRf+I8dOKfi2BQgDIxxFKXoFga3RKYY1
+4a7UTfNdA8+6HHJ4sCYfcdZPEnPGBbGvW8kgl34o6ZedQ1LUAeQmLGR1Pr94B8R4o
lkC4sQvEZAsWdv27cDwAh/RRvzk2ytdE0Z61O0aNThSavVqAGGOIEykg1K+ggmFsiJ
M0jFH7EePvu2PdoF9oTk2NEs=
From: Tomas Volf <~@wolfsden.cz>
To: soeren@HIDDEN
Subject: Re: [bug#73654] [PATCH v4] mapped-devices: luks: Support passing
--allow-discards during open
In-Reply-To: <94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
(soeren@HIDDEN's message of "Sun, 16 Mar 2025 12:49:50
+0100")
References: <20241006094239.7157-1-sisiutl@HIDDEN>
<94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
Date: Fri, 21 Mar 2025 00:14:12 +0100
Message-ID: <87h63nqoqj.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: soeren@HIDDEN writes: > From: Sören Tempel <soeren@HIDDEN>
> > * gnu/system/mapped-devices.scm (open-luks-device): Support opening >
LUKS devices with the --allow-discards option. > * gnu/system/mapped-devices.
[...]
Content analysis details: (1.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[37.205.8.62 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[37.205.8.62 listed in bl.score.senderscore.com]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: egregore.fun (fun)]
X-Debbugs-Envelope-To: 73654
Cc: 73654 <at> debbugs.gnu.org, sisiutl@HIDDEN, ludo@HIDDEN,
maxim.cournoyer@HIDDEN, hako@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.5 (/)
soeren@HIDDEN writes:
> From: S=C3=B6ren Tempel <soeren@HIDDEN>
>
> * gnu/system/mapped-devices.scm (open-luks-device): Support opening
> LUKS devices with the --allow-discards option.
> * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
> Pass through the allow-discards? keyword argument.
> * doc/guix.texi (Mapped Devices): Update documentation for the
> luks-device-mapping-with-options procedure.
>
> Co-authored-by: Sisiutl <sisiutl@HIDDEN>
> ---
> Changes since v3: Fix replacement of =E2=80=9CSolid State Disks=E2=80=9D =
with =E2=80=9Csolid
> state disks=E2=80=9D in doc/guix.texi. That is, only perform this replac=
ement
> locally on the added text and not the whole document.
>
> doc/guix.texi | 11 +++++++++-
> gnu/system/mapped-devices.scm | 39 +++++++++++++++++++++--------------
> 2 files changed, 33 insertions(+), 17 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b1b6d98e74..6eb9fcb8ee 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -18402,7 +18402,7 @@ Mapped Devices
> @code{dm-crypt} Linux kernel module.
> @end defvar
>=20=20
> -@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
> +@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-=
discards?]
> Return a @code{luks-device-mapping} object, which defines LUKS block
> device encryption using the @command{cryptsetup} command from the
> package with the same name. It relies on the @code{dm-crypt} Linux
> @@ -18424,6 +18424,15 @@ Mapped Devices
> (type (luks-device-mapping-with-options
> #:key-file "/crypto.key")))
> @end lisp
> +
> +
> +@code{allow-discards?} allows the use of discard (TRIM) requests for the
> +underlying device. This is useful for solid state drives. However,
> +this option can have a negative security impact because it can make
> +file system level operations visible on the physical device. For more
> +information, refer to the description of the @code{--allow-discards}
> +option in the @code{cryptsetup-open(8)} man page.
> +
> @end deffn
>=20=20
> @defvar raid-device-mapping
> diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
> index 931c371425..3a8f0d66fe 100644
> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -194,9 +194,10 @@ (define (check-device-initrd-modules device linux-mo=
dules location)
> ;;; Common device mappings.
> ;;;
>=20=20
> -(define* (open-luks-device source targets #:key key-file)
> +(define* (open-luks-device source targets #:key key-file allow-discards?)
> "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
> -'cryptsetup'."
> +'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) r=
equests is
> +allowed for the underlying device."
> (with-imported-modules (source-module-closure
> '((gnu build file-systems)
> (guix build utils))) ;; For mkdir-p
> @@ -234,17 +235,21 @@ (define* (open-luks-device source targets #:key key=
-file)
> (loop (- tries-left 1))))))
> (error "LUKS partition not found" source))
> source)))
> - ;; We want to fallback to the password unlock if the keyfil=
e fails.
> - (or (and keyfile
> - (zero? (system*/tty
> - #$(file-append cryptsetup-static "/sbin/cr=
yptsetup")
> - "open" "--type" "luks"
> - "--key-file" keyfile
> - partition #$target)))
> - (zero? (system*/tty
> - #$(file-append cryptsetup-static "/sbin/cryptse=
tup")
> - "open" "--type" "luks"
> - partition #$target)))))))))
> + (let ((cryptsetup-flags (cons*
> + "open" "--type" "luks" partition =
#$target
> + (if allow-discards?
> + '("--allow-discards")
> + '()))))
> + ;; We want to fallback to the password unlock if the keyf=
ile fails.
> + (or (and keyfile
> + (zero?
> + (apply system*/tty
> + #$(file-append cryptsetup-static "/sbin=
/cryptsetup")
> + "--key-file" keyfile
> + cryptsetup-flags)))
I am not sure about passing the --key-file before the `open' command.
It does seem to work (currently), but I am not sure we should assume it
always will.
Is this type of usage documented somewhere? All manuals I found are
passing the arguments after `open'.
You could rewrite this into a lambda returning the argument list, the
lambda would splice them (both keyfile and discard) into the correct
places.
> + (zero? (apply system*/tty
> + #$(file-append cryptsetup-static "/sbin=
/cryptsetup")
> + cryptsetup-flags))))))))))
>=20=20
> (define (close-luks-device source targets)
> "Return a gexp that closes TARGET, a LUKS device."
> @@ -286,13 +291,15 @@ (define luks-device-mapping
> ((gnu build file-systems)
> #:select (find-partition-by-luks-uuid system*/tty))))))
>=20=20
> -(define* (luks-device-mapping-with-options #:key key-file)
> +(define* (luks-device-mapping-with-options #:key key-file allow-discards=
?)
> "Return a luks-device-mapping object with open modified to pass the ar=
guments
> into the open-luks-device procedure."
> (mapped-device-kind
> (inherit luks-device-mapping)
> - (open (=CE=BB (source targets) (open-luks-device source targets
> - #:key-file key-file)))))
> + (open (=CE=BB (source targets)
> + (open-luks-device source targets
> + #:key-file key-file
> + #:allow-discards? allow-discards?)))))
>=20=20
> (define (open-raid-device sources targets)
> "Return a gexp that assembles SOURCES (a list of devices) to the RAID =
device
>
> base-commit: f2b3c36bee8c232b026a66de93db38e13fbd7076
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 20 Mar 2025 23:08:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 20 19:08:14 2025
Received: from localhost ([127.0.0.1]:59539 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tvOzj-0000Ji-MB
for submit <at> debbugs.gnu.org; Thu, 20 Mar 2025 19:08:14 -0400
Received: from wolfsden.cz ([37.205.8.62]:35400)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <~@wolfsden.cz>)
id 1tvOze-0000IX-KE; Thu, 20 Mar 2025 19:08:09 -0400
Received: by wolfsden.cz (Postfix, from userid 104)
id 780FB37930E; Thu, 20 Mar 2025 23:08:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1742512084; bh=uE2TfdhWVDu4xZyXi2xYaibqfT72nZt2lWMviRzeqPc=;
h=From:To:Cc:Subject:In-Reply-To:References:Date;
b=EnKUQotjz4m4R5rZgpl07yMJAKPnj+VLXhScffWbHy4gRgZAI5/8pSJiPLCLaRmJS
DGqnyiptqwArEgViUsFUda54SYLxXnDjapSLzs5PaWDWyLDGULMqf50mUGM40EoDlj
MoYEQjbn1ZW01+FLD9U7AgwNWIWODpUQWs8btzPZ6m+6KQ6ECt9ZuLf5kD0EuhWWej
EZ4U7qlBzdG//uFGnLtLdcsplzyIlR2ZszWhE8frETEEJteTU6/VRDcZI47e9hmzxb
R5Aeu7LzZDVCLs+I1ZLt7+v1Dbin821cuJAbSrukO7RsMuYo5ln+5nOkfH3BaTMex0
gfSvvZhamc4S7ZCT5APHwFdBUJ7ADfw5TEsHQBTcSQf7DodM/tKz/UPZRrEP31A58F
UDs5/WN8ueRmhSrcSO0hmJkJqhczgBmtU8qnh3bxdAGy5ltQWqRY9TCHRjIXbWxQwY
bKa91s/OKA6ABzpkO8RfPwS/DpLe5/H4z3dOvBP69IxKV+UAjZhB2ZOA8rNCP1atPL
gN+9RD2EiH3vV+GrW3eepO+WGBwP9kK9bKmiiJF4IpoIb+IJDjrRUVKk46oAzG3kg2
mbRq1CVLPArFzKbdrPWdEMSszjJ0FEQO8GQg1YAGHYryrDqNIEDbUJjtcUQjNpW8K8
ziIZ2VSvSCLHY7vO4foCnJUg=
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden
X-Spam-Level:
X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED
autolearn=ham autolearn_force=no version=3.4.6
Received: from localhost (unknown [128.0.188.242])
by wolfsden.cz (Postfix) with ESMTPSA id 846AC3780BC;
Thu, 20 Mar 2025 23:08:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail;
t=1742512083; bh=uE2TfdhWVDu4xZyXi2xYaibqfT72nZt2lWMviRzeqPc=;
h=From:To:Cc:Subject:In-Reply-To:References:Date;
b=t/nf62KLPY1+hcqOt3SbRcM5nzhkzjXXqDkyu400su5oVp0MsCEEQ0OzdUYLLzgAR
6SlxkVTCdWg3QT64tBt2goICM2l6/KwgJtIYUfMGHMF12MNFe5LwE+Iw8t6suy1to6
Ff1MrpqNI8fiB3ArARnoshgi1Ptv6+bTt/LuUGoiGUW5GARUsIXmaq+ZW4LpNjmX4m
Met9YqStjXDHNbr2qL+wK/TDDi0O4nWfzDQSq5DzNAEowcf6X9XN6lrGL+RY7MI0nf
PCz2lKMQwHCyMd5sSuVIP9Ll/sJvtYW7ioztUT/ZtCp8/4oEXWTejZx4MHKb98wS5p
0eGRXNrp76R/YvYlpwcB4WYMRuYQ9e4OYtZ8cjsdMlC3CK/LGJ/EGbcgrNw3M5NBNt
V/1gkWNNQ8axhcJ+oiVzoiuUbTiKJk3o8eUDJOqEl5WjB78bchtO83cOIjrds/HHEC
5LsESoBegQ7JrxpdcFn0TIjRXvRz1p2HTigZCZpkFtw0TqZhILfWT/t6Wkg53twcJs
lyr4GSlSz6GJ8bK74V8/jRvJ7s1KyJ3KiMjdIdQEUjRaAYVRYYfObQL26pVNKnWYmq
jupw8LpSzTJIh7Xw1Qt7pUgsp0jAwNLCplPG78x1YtLgnRZe9PWOb0YYUWr2+flqO7
8GE97XGIJeaMPXEHZe6QeTCk=
From: Tomas Volf <~@wolfsden.cz>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#73654] [PATCH v4] mapped-devices: luks: Support passing
--allow-discards during open
In-Reply-To: <87h63oqumz.fsf@HIDDEN> (Maxim Cournoyer's message of "Thu, 20
Mar 2025 11:54:28 +0900")
References: <94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
<87h63oqumz.fsf@HIDDEN>
Date: Fri, 21 Mar 2025 00:08:03 +0100
Message-ID: <87ldszqp0s.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes: > tag
73654 + moreinfo > quit > > Hi! > > soeren@HIDDEN writes: > >>
From: Sören Tempel <soeren@HIDDEN> >> >> * gnu/system/mapped-devices.scm
(open-luks-device): Support opening [...]
Content analysis details: (1.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: egregore.fun (fun)]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[37.205.8.62 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[37.205.8.62 listed in bl.score.senderscore.com]
X-Debbugs-Envelope-To: 73654
Cc: soeren@HIDDEN, sisiutl@HIDDEN, ludo@HIDDEN,
73654 <at> debbugs.gnu.org, hako@HIDDEN,
GNU Debbugs <control <at> debbugs.gnu.org>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.5 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
> tag 73654 + moreinfo
> quit
>
> Hi!
>
> soeren@HIDDEN writes:
>
>> From: S=C3=B6ren Tempel <soeren@HIDDEN>
>>
>> * gnu/system/mapped-devices.scm (open-luks-device): Support opening
>> LUKS devices with the --allow-discards option.
>> * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
>> Pass through the allow-discards? keyword argument.
>> * doc/guix.texi (Mapped Devices): Update documentation for the
>> luks-device-mapping-with-options procedure.
>>
>> Co-authored-by: Sisiutl <sisiutl@HIDDEN>
>
> I was about to apply it with the following cosmetic changes (mostly to
> meet the 80 max column width):
>
>> ---
>> Changes since v3: Fix replacement of =E2=80=9CSolid State Disks=E2=80=9D=
with =E2=80=9Csolid
>> state disks=E2=80=9D in doc/guix.texi. That is, only perform this repla=
cement
>> locally on the added text and not the whole document.
>>
>> doc/guix.texi | 11 +++++++++-
>> gnu/system/mapped-devices.scm | 39 +++++++++++++++++++++--------------
>> 2 files changed, 33 insertions(+), 17 deletions(-)
>>
>> diff --git a/doc/guix.texi b/doc/guix.texi
>> index b1b6d98e74..6eb9fcb8ee 100644
>> --- a/doc/guix.texi
>> +++ b/doc/guix.texi
>> @@ -18402,7 +18402,7 @@ Mapped Devices
>> @code{dm-crypt} Linux kernel module.
>> @end defvar
>>=20=20
>> -@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
>> +@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow=
-discards?]
>> Return a @code{luks-device-mapping} object, which defines LUKS block
>> device encryption using the @command{cryptsetup} command from the
>> package with the same name. It relies on the @code{dm-crypt} Linux
>> @@ -18424,6 +18424,15 @@ Mapped Devices
>> (type (luks-device-mapping-with-options
>> #:key-file "/crypto.key")))
>> @end lisp
>> +
>> +
>> +@code{allow-discards?} allows the use of discard (TRIM) requests for the
>> +underlying device. This is useful for solid state drives. However,
>> +this option can have a negative security impact because it can make
>> +file system level operations visible on the physical device. For more
>> +information, refer to the description of the @code{--allow-discards}
>> +option in the @code{cryptsetup-open(8)} man page.
>> +
>> @end deffn
>>=20=20
>> @defvar raid-device-mapping
>> diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.s=
cm
>> index 931c371425..3a8f0d66fe 100644
>> --- a/gnu/system/mapped-devices.scm
>> +++ b/gnu/system/mapped-devices.scm
>> @@ -194,9 +194,10 @@ (define (check-device-initrd-modules device linux-m=
odules location)
>> ;;; Common device mappings.
>> ;;;
>>=20=20
>> -(define* (open-luks-device source targets #:key key-file)
>> +(define* (open-luks-device source targets #:key key-file allow-discards=
?)
>> "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
>> -'cryptsetup'."
>> +'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) =
requests is
>> +allowed for the underlying device."
>> (with-imported-modules (source-module-closure
>> '((gnu build file-systems)
>> (guix build utils))) ;; For mkdir-p
>> @@ -234,17 +235,21 @@ (define* (open-luks-device source targets #:key ke=
y-file)
>> (loop (- tries-left 1))))))
>> (error "LUKS partition not found" source))
>> source)))
>> - ;; We want to fallback to the password unlock if the keyfi=
le fails.
>> - (or (and keyfile
>> - (zero? (system*/tty
>> - #$(file-append cryptsetup-static "/sbin/c=
ryptsetup")
>> - "open" "--type" "luks"
>> - "--key-file" keyfile
>> - partition #$target)))
>> - (zero? (system*/tty
>> - #$(file-append cryptsetup-static "/sbin/crypts=
etup")
>> - "open" "--type" "luks"
>> - partition #$target)))))))))
>> + (let ((cryptsetup-flags (cons*
>> + "open" "--type" "luks" partition=
#$target
>> + (if allow-discards?
>> + '("--allow-discards")
>> + '()))))
>> + ;; We want to fallback to the password unlock if the key=
file fails.
>> + (or (and keyfile
>> + (zero?
>> + (apply system*/tty
>> + #$(file-append cryptsetup-static "/sbi=
n/cryptsetup")
>> + "--key-file" keyfile
>> + cryptsetup-flags)))
>> + (zero? (apply system*/tty
>> + #$(file-append cryptsetup-static "/sbi=
n/cryptsetup")
>> + cryptsetup-flags))))))))))
>>=20=20
>> (define (close-luks-device source targets)
>> "Return a gexp that closes TARGET, a LUKS device."
>> @@ -286,13 +291,15 @@ (define luks-device-mapping
>> ((gnu build file-systems)
>> #:select (find-partition-by-luks-uuid system*/tty))))))
>>=20=20
>> -(define* (luks-device-mapping-with-options #:key key-file)
>> +(define* (luks-device-mapping-with-options #:key key-file allow-discard=
s?)
>> "Return a luks-device-mapping object with open modified to pass the a=
rguments
>> into the open-luks-device procedure."
>> (mapped-device-kind
>> (inherit luks-device-mapping)
>> - (open (=CE=BB (source targets) (open-luks-device source targets
>> - #:key-file key-file)))))
>> + (open (=CE=BB (source targets)
>> + (open-luks-device source targets
>> + #:key-file key-file
>> + #:allow-discards? allow-discards?)))))
>>=20=20
>> (define (open-raid-device sources targets)
>> "Return a gexp that assembles SOURCES (a list of devices) to the RAID=
device
>>
>> base-commit: f2b3c36bee8c232b026a66de93db38e13fbd7076
>
>
> But unfortunately it appears to hang at least the 'encrypted-root-os'
> system test, which you can run like:
>
> $ make check-system TESTS=3Dencrypted-root-os
> [...]
> cSeaBIOS (version 1.16.2/GNU Guix)
>
>
> iPXE (https://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+0EFCB030+0EF0B030 CA=
00
>=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20
>
>
> Booting from Hard Disk...
> GRUB loading..
> Welcome to GRUB!
>
> Enter passphrase for hd0,gpt2 (12345678-1234-1234-1234-123456789abc):=20
> Attempting to decrypt master key...
> lot 0 opened
> C-c C-cmake: *** [Makefile:7562: check-system] Interrompre
>
> Would you have an idea of why this happens and how we could avoid the
> hang in the test?
I have deployed the patch to my secondary laptop, it hangs on real
hardware as well. I am not sure it was testing before sending it.
=2D-8<---------------cut here---------------start------------->8---
Unbound variable: allow-discards?
=2D-8<---------------cut here---------------end--------------->8---
I assume #$ is missing. And indeed, this is enough to get my system to
boot again:
=2D-8<---------------cut here---------------start------------->8---
=2D-- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -239,7 +239,7 @@ (define* (open-luks-device source targets #:key key-fil=
e allow-discards?)
source)))
(let ((cryptsetup-flags (cons*
"open" "--type" "luks" partition #$=
target
=2D (if allow-discards?
+ (if #$allow-discards?
'("--allow-discards")
'()))))
;; We want to fallback to the password unlock if the keyfil=
e fails.
=2D-8<---------------cut here---------------end--------------->8---
I did not run the test case with the fix (it takes really long and I
should go to sleep), I will leave it as an exercise to the author.
>
> Thanks,
=2D-=20
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmfcn9MOHH5Ad29sZnNk
ZW4uY3oACgkQL7/ufbZ/wakA2RAAuiLqkfJvGdeyJm1N3kqEP6//peIUHD/52g2P
MkebLVRtvEqoWbCRA3lz5yfmbELydQilO0XhNiQyfzRUCp/iyRNT126Zk2bpRQ2x
yRZdSbnRV/BusEup0YFUE5vIaxvFrp0Gt/UegK+foOizH/lJgo3HBVAvzmDBRxjU
hT6sw7zQokjwUUXGb2TWZ6FSGuCJb5Y2YnJknP8gAugaagAwSifABrowVqx0Kuug
1rN0SZmtrfCqPXFMOubBC8gCjKy92GwO8zXO2HOO2gobogHlkD4IfVLLN9vnbE4x
CJAhQ0FBbV/B/wIp1KToD6TTRx1OVAeIcgqy20Lp4G4gjMNu4MSi98f480bA3nhO
v1l/HG943hE0CrEPKL2u1hY6WoVuomMTV7fXjFeZKpFkoW+4gLEWs4/r8VZP9Txo
ReX0EUMnUJSvXYHn7tk6XO+OTFk+K7MiXrzkrPZksY1efg2NWsl2c/ZacbarzdeD
jXWUaSF2FPlNAN2NNE2tOyAbT5OULTRK3bLpGm5mZOWuxnSES6EMOik9/eBAtCHe
R8zsvINjmBwTuHgA0G76V7s8V7XBk0rBpkFMz12IIjofOLxvk8A5K5lgyFLHusxB
BF3CnqWLSJLnZ+DR//vAnByv8I5lVI7zVtyWjdu+5NdBLLva+/hEp/w88MF1XAsc
TzCubgU=
=/6qE
-----END PGP SIGNATURE-----
--=-=-=--
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.Maxim Cournoyer <maxim.cournoyer@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 20 Mar 2025 02:54:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 19 22:54:58 2025
Received: from localhost ([127.0.0.1]:54573 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tv63c-00077M-Ek
for submit <at> debbugs.gnu.org; Wed, 19 Mar 2025 22:54:58 -0400
Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]:42343)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1tv63X-00076w-Ck; Wed, 19 Mar 2025 22:54:53 -0400
Received: by mail-pl1-x62c.google.com with SMTP id
d9443c01a7336-223f4c06e9fso4498285ad.1;
Wed, 19 Mar 2025 19:54:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742439285; x=1743044085; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=NG3+/6RmR+0vd66RFUUT6CCNPnrjweuU/fIIJgGvUpw=;
b=YwGSgSCR5hPV2jmhQb3sAYetWXteGPN1p9J6e770P60i8fZZNN7PrTK2CdQRoS8Pad
CZaYlk67mgE0t+N6D9udsOQTvDtN2TkUKHILIkmvEU5dmjV+KjS6cN3KvGmVcZ1urhdi
CNydxqnSI0EeSM8tVXtK/NPDH+3fId5LupkWLgFW1wKXuOBHGlH/XJ9SF0bd8spCo3xW
acp41sSCliPbXNupRI8nXU6hDcOlS33pU4e6Myk4Kw7Dt/T4iRVAUnIHepNavTcnUi5M
w8UWhciOvhuDvd6gpYD4GmZkJCLTL8zfYxHpAsqEESsbTipwPAyez1APNgvT7chRoiDq
Xaxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742439285; x=1743044085;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
:to:cc:subject:date:message-id:reply-to;
bh=NG3+/6RmR+0vd66RFUUT6CCNPnrjweuU/fIIJgGvUpw=;
b=MkSgzYPIIOVkQB0y1azhgj9G8pHawnpjHZe3feaF1IofYlxCdKJ27ENFC7UlvuFcHM
Bu+CRLNweOiO051PC9UHNMuJRjZsSyJ9+Ocu9qHk3avak4LCfJjtw/CorHlTTS3nyxsA
qdkXUHtRJ46fJkN9x7dakbaX1akhqsDkRppQ2z+kwAzmDkW645zLJMKtYUeLxiKTz2V6
69JSb728QyTqF/Us/nXCga3zbB1BiJb0fGehIn37QOltG1iso/8efJ3Rw/TIFdbWQU50
C30jak4S8yG3T2diL5K3CjOJ6yAbmgYYsOCPg+ueumBq29jzgDCSgx3HDfFltO1/vOmE
8R4Q==
X-Forwarded-Encrypted: i=1;
AJvYcCXwbJA83GlWyfW/YVaxeADkMBMK3kK1eXwCCq2s//rb4ocQopa7Vp9dB344MDYmAQfG3S22AkkW <at> debbugs.gnu.org
X-Gm-Message-State: AOJu0YywBEbmPnbiwT4QfZCHCXV8eZG6YNO6hBFzBNaYSC2vsF/smZIh
NaCBsA5tPLcOuF6WocQbmzZuc6g69NH4eHq9XO5jdq+pPAkx3l4RiPOT//6/
X-Gm-Gg: ASbGncsh9CUGlCU+VWD8tNBujLE0NgQvBCzvY02tAsqw73gu7fK8GMaJ9TXf56Bg+xA
dr/PgVQk4f7SWgBjMl1CzMEXmFXQg6CRHTvAnz92S3lRW+AIXhRWSfPAmf3x7Cmmfm3A9uwf0vh
GFC2OAZqTfhLWAwy1zhbji65ZfucpQdq2d6dCza770Un39I0Yjl/9GO2z7VoBbu4YXJqTMDK8s0
O4Yz5kNObh/pWORJI6ho4/WWOPpIHb9ZWcyadXYqkSf1FQKm3a5NJpuwKBtxJmLTcMqpGMxJKeY
sFb58memyXH7SykLtJ3Y17nwGBW03YslY1foatnFYsI=
X-Google-Smtp-Source: AGHT+IFaLZ444F2WuQm4S4racT2AS6AxAu/JmFnyntHk4KoBLI6LO/bmS33lN+GajlcEuxdXhjn5aA==
X-Received: by 2002:a17:902:d485:b0:216:4676:dfb5 with SMTP id
d9443c01a7336-2265e724998mr26805395ad.21.1742439284579;
Wed, 19 Mar 2025 19:54:44 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-225c6bd53aasm123270045ad.247.2025.03.19.19.54.42
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 19 Mar 2025 19:54:43 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: soeren@HIDDEN
Subject: Re: [PATCH v4] mapped-devices: luks: Support passing
--allow-discards during open
In-Reply-To: <94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
(soeren@HIDDEN's message of "Sun, 16 Mar 2025 12:49:50
+0100")
References: <94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
Date: Thu, 20 Mar 2025 11:54:28 +0900
Message-ID: <87h63oqumz.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: tag 73654 + moreinfo quit Hi!
Content analysis details: (1.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: egregore.fun (fun)]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (maxim.cournoyer[at]gmail.com)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2607:f8b0:4864:20:0:0:0:62c listed in]
[list.dnswl.org]
X-Debbugs-Envelope-To: 73654
Cc: 73654 <at> debbugs.gnu.org, sisiutl@HIDDEN, ludo@HIDDEN,
GNU Debbugs <control <at> debbugs.gnu.org>, hako@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.5 (/)
tag 73654 + moreinfo
quit
Hi!
soeren@HIDDEN writes:
> From: S=C3=B6ren Tempel <soeren@HIDDEN>
>
> * gnu/system/mapped-devices.scm (open-luks-device): Support opening
> LUKS devices with the --allow-discards option.
> * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
> Pass through the allow-discards? keyword argument.
> * doc/guix.texi (Mapped Devices): Update documentation for the
> luks-device-mapping-with-options procedure.
>
> Co-authored-by: Sisiutl <sisiutl@HIDDEN>
I was about to apply it with the following cosmetic changes (mostly to
meet the 80 max column width):
--8<---------------cut here---------------start------------->8---
> ---
> Changes since v3: Fix replacement of =E2=80=9CSolid State Disks=E2=80=9D =
with =E2=80=9Csolid
> state disks=E2=80=9D in doc/guix.texi. That is, only perform this replac=
ement
> locally on the added text and not the whole document.
>
> doc/guix.texi | 11 +++++++++-
> gnu/system/mapped-devices.scm | 39 +++++++++++++++++++++--------------
> 2 files changed, 33 insertions(+), 17 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index b1b6d98e74..6eb9fcb8ee 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -18402,7 +18402,7 @@ Mapped Devices
> @code{dm-crypt} Linux kernel module.
> @end defvar
>=20=20
> -@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
> +@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-=
discards?]
> Return a @code{luks-device-mapping} object, which defines LUKS block
> device encryption using the @command{cryptsetup} command from the
> package with the same name. It relies on the @code{dm-crypt} Linux
> @@ -18424,6 +18424,15 @@ Mapped Devices
> (type (luks-device-mapping-with-options
> #:key-file "/crypto.key")))
> @end lisp
> +
> +
> +@code{allow-discards?} allows the use of discard (TRIM) requests for the
> +underlying device. This is useful for solid state drives. However,
> +this option can have a negative security impact because it can make
> +file system level operations visible on the physical device. For more
> +information, refer to the description of the @code{--allow-discards}
> +option in the @code{cryptsetup-open(8)} man page.
> +
> @end deffn
>=20=20
> @defvar raid-device-mapping
> diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
> index 931c371425..3a8f0d66fe 100644
> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -194,9 +194,10 @@ (define (check-device-initrd-modules device linux-mo=
dules location)
> ;;; Common device mappings.
> ;;;
>=20=20
> -(define* (open-luks-device source targets #:key key-file)
> +(define* (open-luks-device source targets #:key key-file allow-discards?)
> "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
> -'cryptsetup'."
> +'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) r=
equests is
> +allowed for the underlying device."
> (with-imported-modules (source-module-closure
> '((gnu build file-systems)
> (guix build utils))) ;; For mkdir-p
> @@ -234,17 +235,21 @@ (define* (open-luks-device source targets #:key key=
-file)
> (loop (- tries-left 1))))))
> (error "LUKS partition not found" source))
> source)))
> - ;; We want to fallback to the password unlock if the keyfil=
e fails.
> - (or (and keyfile
> - (zero? (system*/tty
> - #$(file-append cryptsetup-static "/sbin/cr=
yptsetup")
> - "open" "--type" "luks"
> - "--key-file" keyfile
> - partition #$target)))
> - (zero? (system*/tty
> - #$(file-append cryptsetup-static "/sbin/cryptse=
tup")
> - "open" "--type" "luks"
> - partition #$target)))))))))
> + (let ((cryptsetup-flags (cons*
> + "open" "--type" "luks" partition =
#$target
> + (if allow-discards?
> + '("--allow-discards")
> + '()))))
> + ;; We want to fallback to the password unlock if the keyf=
ile fails.
> + (or (and keyfile
> + (zero?
> + (apply system*/tty
> + #$(file-append cryptsetup-static "/sbin=
/cryptsetup")
> + "--key-file" keyfile
> + cryptsetup-flags)))
> + (zero? (apply system*/tty
> + #$(file-append cryptsetup-static "/sbin=
/cryptsetup")
> + cryptsetup-flags))))))))))
>=20=20
> (define (close-luks-device source targets)
> "Return a gexp that closes TARGET, a LUKS device."
> @@ -286,13 +291,15 @@ (define luks-device-mapping
> ((gnu build file-systems)
> #:select (find-partition-by-luks-uuid system*/tty))))))
>=20=20
> -(define* (luks-device-mapping-with-options #:key key-file)
> +(define* (luks-device-mapping-with-options #:key key-file allow-discards=
?)
> "Return a luks-device-mapping object with open modified to pass the ar=
guments
> into the open-luks-device procedure."
> (mapped-device-kind
> (inherit luks-device-mapping)
> - (open (=CE=BB (source targets) (open-luks-device source targets
> - #:key-file key-file)))))
> + (open (=CE=BB (source targets)
> + (open-luks-device source targets
> + #:key-file key-file
> + #:allow-discards? allow-discards?)))))
>=20=20
> (define (open-raid-device sources targets)
> "Return a gexp that assembles SOURCES (a list of devices) to the RAID =
device
>
> base-commit: f2b3c36bee8c232b026a66de93db38e13fbd7076
--8<---------------cut here---------------end--------------->8---
But unfortunately it appears to hang at least the 'encrypted-root-os'
system test, which you can run like:
--8<---------------cut here---------------start------------->8---
$ make check-system TESTS=3Dencrypted-root-os
[...]
cSeaBIOS (version 1.16.2/GNU Guix)
iPXE (https://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+0EFCB030+0EF0B030 CA00
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
Booting from Hard Disk...
GRUB loading..
Welcome to GRUB!
Enter passphrase for hd0,gpt2 (12345678-1234-1234-1234-123456789abc):=20
Attempting to decrypt master key...
lot 0 opened
C-c C-cmake: *** [Makefile:7562: check-system] Interrompre
--8<---------------cut here---------------end--------------->8---
Would you have an idea of why this happens and how we could avoid the
hang in the test?
Thanks,
--=20
Maxim
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 16 Mar 2025 11:51:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 16 07:51:08 2025
Received: from localhost ([127.0.0.1]:45856 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ttmWJ-0006I5-9C
for submit <at> debbugs.gnu.org; Sun, 16 Mar 2025 07:51:08 -0400
Received: from magnesium.8pit.net ([2001:19f0:6c01:4ae:5400:ff:fe66:af9d]:8975)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <soeren@HIDDEN>)
id 1ttmWF-0006H7-4f; Sun, 16 Mar 2025 07:51:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=opensmtpd; bh=SheiNrvS
zWxTfavPpidV6/+1Lk2Y9xQuu+3SaMLr/oQ=; h=date:subject:cc:to:from;
d=soeren-tempel.net; b=XXWmvTBoev73DbYr0I3A2HXHAzw7c0eteHrThHMOKE170qK
NoeJ6zym11GxxazCJnoWqE6RqP1uv+2R8U20PDoJjXILjY2bhNDN/6T8lBo2pCiE86RQEa
3S575BAOSal9TxJ+q1ImZZwIbGmYPLsPp7QXJLJZyqeJJ93Y4HAQuo=
Received: from localhost (<unknown> [2a02:560:4d26:5100:f610:5d2e:3bbb:124c])
by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id 4ccfc949
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:YES);
Sun, 16 Mar 2025 12:50:58 +0100 (CET)
From: soeren@HIDDEN
To: 73654 <at> debbugs.gnu.org
Subject: [PATCH v4] mapped-devices: luks: Support passing --allow-discards
during open
Date: Sun, 16 Mar 2025 12:49:50 +0100
Message-ID: <94e28c2091f319bfdb681055b7e5bdafa0cb9120.1742125790.git.soeren@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.9 (/)
X-Debbugs-Envelope-To: 73654
Cc: sisiutl@HIDDEN, hako@HIDDEN, ludo@HIDDEN,
maxim.cournoyer@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)
From: Sören Tempel <soeren@HIDDEN>
* gnu/system/mapped-devices.scm (open-luks-device): Support opening
LUKS devices with the --allow-discards option.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
Pass through the allow-discards? keyword argument.
* doc/guix.texi (Mapped Devices): Update documentation for the
luks-device-mapping-with-options procedure.
Co-authored-by: Sisiutl <sisiutl@HIDDEN>
---
Changes since v3: Fix replacement of “Solid State Disks” with “solid
state disks” in doc/guix.texi. That is, only perform this replacement
locally on the added text and not the whole document.
doc/guix.texi | 11 +++++++++-
gnu/system/mapped-devices.scm | 39 +++++++++++++++++++++--------------
2 files changed, 33 insertions(+), 17 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index b1b6d98e74..6eb9fcb8ee 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18402,7 +18402,7 @@ Mapped Devices
@code{dm-crypt} Linux kernel module.
@end defvar
-@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
+@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards?]
Return a @code{luks-device-mapping} object, which defines LUKS block
device encryption using the @command{cryptsetup} command from the
package with the same name. It relies on the @code{dm-crypt} Linux
@@ -18424,6 +18424,15 @@ Mapped Devices
(type (luks-device-mapping-with-options
#:key-file "/crypto.key")))
@end lisp
+
+
+@code{allow-discards?} allows the use of discard (TRIM) requests for the
+underlying device. This is useful for solid state drives. However,
+this option can have a negative security impact because it can make
+file system level operations visible on the physical device. For more
+information, refer to the description of the @code{--allow-discards}
+option in the @code{cryptsetup-open(8)} man page.
+
@end deffn
@defvar raid-device-mapping
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 931c371425..3a8f0d66fe 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -194,9 +194,10 @@ (define (check-device-initrd-modules device linux-modules location)
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file)
+(define* (open-luks-device source targets #:key key-file allow-discards?)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
-'cryptsetup'."
+'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) requests is
+allowed for the underlying device."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@@ -234,17 +235,21 @@ (define* (open-luks-device source targets #:key key-file)
(loop (- tries-left 1))))))
(error "LUKS partition not found" source))
source)))
- ;; We want to fallback to the password unlock if the keyfile fails.
- (or (and keyfile
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- "--key-file" keyfile
- partition #$target)))
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- partition #$target)))))))))
+ (let ((cryptsetup-flags (cons*
+ "open" "--type" "luks" partition #$target
+ (if allow-discards?
+ '("--allow-discards")
+ '()))))
+ ;; We want to fallback to the password unlock if the keyfile fails.
+ (or (and keyfile
+ (zero?
+ (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ "--key-file" keyfile
+ cryptsetup-flags)))
+ (zero? (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ cryptsetup-flags))))))))))
(define (close-luks-device source targets)
"Return a gexp that closes TARGET, a LUKS device."
@@ -286,13 +291,15 @@ (define luks-device-mapping
((gnu build file-systems)
#:select (find-partition-by-luks-uuid system*/tty))))))
-(define* (luks-device-mapping-with-options #:key key-file)
+(define* (luks-device-mapping-with-options #:key key-file allow-discards?)
"Return a luks-device-mapping object with open modified to pass the arguments
into the open-luks-device procedure."
(mapped-device-kind
(inherit luks-device-mapping)
- (open (λ (source targets) (open-luks-device source targets
- #:key-file key-file)))))
+ (open (λ (source targets)
+ (open-luks-device source targets
+ #:key-file key-file
+ #:allow-discards? allow-discards?)))))
(define (open-raid-device sources targets)
"Return a gexp that assembles SOURCES (a list of devices) to the RAID device
base-commit: f2b3c36bee8c232b026a66de93db38e13fbd7076
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.Received: (at 73654) by debbugs.gnu.org; 14 Mar 2025 20:38:35 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 14 16:38:35 2025 Received: from localhost ([127.0.0.1]:36438 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ttBnf-0004iu-EP for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 16:38:35 -0400 Received: from magnesium.8pit.net ([45.76.88.171]:31429) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <soeren@HIDDEN>) id 1ttBnc-0004ii-0f for 73654 <at> debbugs.gnu.org; Fri, 14 Mar 2025 16:38:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=opensmtpd; bh=2sfkj9tV qNbLD9gxGiGIASOr56Y4ErnvSDakukbgKEw=; h=in-reply-to:references:from: subject:cc:to:date; d=soeren-tempel.net; b=IJBKCxkthFzAOcr0RS7wiJ3YHET 2blIcFs6OHbdw99/+JKU8ZvwlAWbFkLKT9yYr0GNh/wIkcY8kUPgLu9v6g32SyBR5SACEH 0qF3PesSGF31Wc6CU6v1fXid1U1hMu4nroYyPtkrfDH7N6PZHxD3UMeStHryHZ9quMfouM AWh4= Received: from localhost (<unknown> [2003:a:a33:8400:3ce:3f8f:e5d6:2e4d]) by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id bb0de2df (TLSv1.3:TLS_AES_256_GCM_SHA384:256:YES); Fri, 14 Mar 2025 21:38:30 +0100 (CET) Date: Fri, 14 Mar 2025 21:38:29 +0100 To: Maxim Cournoyer <maxim.cournoyer@HIDDEN> Subject: Re: [bug#73654] [PATCH v2] mapped-devices: luks: Support passing --allow-discards during open From: =?UTF-8?Q?S=C3=B6ren?= Tempel <soeren@HIDDEN> References: <20241006094239.7157-1-sisiutl@HIDDEN> <175e49381c046e500d69a4dc655258d7692d84df.1741535749.git.soeren@HIDDEN> <871pv5sip7.fsf@HIDDEN> In-Reply-To: <871pv5sip7.fsf@HIDDEN> Message-Id: <2FK4LQGI02BYM.322YYEZ2J10BG@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 73654 Cc: 73654 <at> debbugs.gnu.org, sisiutl@HIDDEN, ludo@HIDDEN, hako@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Maxim Cournoyer <maxim.cournoyer@HIDDEN> wrote: > Hi, Hi Maxim, Thanks for taking a look at the patch, I revised it as requested. > Theres' not need for a let* and reusing the same variable; you can > instead use the following list splicing trick: >=20 > --8<---------------cut here---------------start------------->8--- > (let ((options `(,@(if allow-discards? > "--allow-discards" > '()) > "open" "--type" "luks" partition #$target))) > [...]) > --8<---------------cut here---------------end--------------->8--- Implemented this slightly differently using a cons* expression, I hope that is fine as well (I find it slightly more readable), if not let me know. Greetings, S=C3=B6ren
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 14 Mar 2025 20:33:06 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 14 16:33:06 2025
Received: from localhost ([127.0.0.1]:36425 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ttBiM-0004S9-7a
for submit <at> debbugs.gnu.org; Fri, 14 Mar 2025 16:33:06 -0400
Received: from magnesium.8pit.net ([45.76.88.171]:32506)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <soeren@HIDDEN>)
id 1ttBiF-0004RQ-6C; Fri, 14 Mar 2025 16:33:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=opensmtpd; bh=GCqDOZNI
7AB8i4MjLQ+AJWVjGd/mzmCWhQe3Nw0gSQc=; h=date:subject:cc:to:from;
d=soeren-tempel.net; b=Md/JuQ/ok/ZSAzROUvSbV/A57Z8QSX4i6HOnHyYY99c21g+
ZRWdTkvrYQfPoyenGRC1ipWJnZDmZfw1A4JxDjqEGb4N7emRblu5ScjBOqK/utvOa/2RaR
PH5uP3jt+MFsHBgDllLRMEOEDTKT3+TG1ra+d+S6zr7cw/Ti3XgIUM=
Received: from localhost (<unknown> [2003:a:a33:8400:3ce:3f8f:e5d6:2e4d])
by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id eb4d8b04
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:YES);
Fri, 14 Mar 2025 21:32:55 +0100 (CET)
From: soeren@HIDDEN
To: 73654 <at> debbugs.gnu.org
Subject: [PATCH v3] mapped-devices: luks: Support passing --allow-discards
during open
Date: Fri, 14 Mar 2025 21:27:06 +0100
Message-ID: <20250314203029.13613-2-soeren@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.6 (/)
X-Debbugs-Envelope-To: 73654
Cc: sisiutl@HIDDEN, hako@HIDDEN, ludo@HIDDEN,
maxim.cournoyer@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)
From: Sören Tempel <soeren@HIDDEN>
* gnu/system/mapped-devices.scm (open-luks-device): Support opening
LUKS devices with the --allow-discards option.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
Pass through the allow-discards? keyword argument.
* doc/guix.texi (Mapped Devices): Update documentation for the
luks-device-mapping-with-options procedure.
Co-authored-by: Sisiutl <sisiutl@HIDDEN>
---
Change since v2:
* Revert doc change in luks-device-mapping-with-options procedure
* Reformat zero? expression to make it fit into the 80 characters
* Do not use let* expression
* Reword "filesystem" to "file system"
* Reword "Solid State Drives" to "solid state drives"
* Streamline description of new feature in documentation
* Use co-authored-by and swap author and co-author
doc/guix.texi | 13 ++++++++++--
gnu/system/mapped-devices.scm | 39 +++++++++++++++++++++--------------
2 files changed, 34 insertions(+), 18 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index b1b6d98e74..91588ca02f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18402,7 +18402,7 @@ command from the package with the same name. It relies on the
@code{dm-crypt} Linux kernel module.
@end defvar
-@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
+@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards?]
Return a @code{luks-device-mapping} object, which defines LUKS block
device encryption using the @command{cryptsetup} command from the
package with the same name. It relies on the @code{dm-crypt} Linux
@@ -18424,6 +18424,15 @@ given location at the time of the unlock attempt.
(type (luks-device-mapping-with-options
#:key-file "/crypto.key")))
@end lisp
+
+
+@code{allow-discards?} allows the use of discard (TRIM) requests for the
+underlying device. This is useful for Solid State Drives. However,
+this option can have a negative security impact because it can make
+file system level operations visible on the physical device. For more
+information, refer to the description of the @code{--allow-discards}
+option in the @code{cryptsetup-open(8)} man page.
+
@end deffn
@defvar raid-device-mapping
@@ -18591,7 +18600,7 @@ priority after prioritized spaces, and in the order that they appeared in
@item @code{discard?} (default: @code{#f})
Only supported by the Linux kernel. When true, the kernel will notify
the disk controller of discarded pages, for example with the TRIM
-operation on Solid State Drives.
+operation on solid state drives.
@end table
@end deftp
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 931c371425..3a8f0d66fe 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -194,9 +194,10 @@ (define missing
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file)
+(define* (open-luks-device source targets #:key key-file allow-discards?)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
-'cryptsetup'."
+'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) requests is
+allowed for the underlying device."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@@ -234,17 +235,21 @@ (define* (open-luks-device source targets #:key key-file)
(loop (- tries-left 1))))))
(error "LUKS partition not found" source))
source)))
- ;; We want to fallback to the password unlock if the keyfile fails.
- (or (and keyfile
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- "--key-file" keyfile
- partition #$target)))
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- partition #$target)))))))))
+ (let ((cryptsetup-flags (cons*
+ "open" "--type" "luks" partition #$target
+ (if allow-discards?
+ '("--allow-discards")
+ '()))))
+ ;; We want to fallback to the password unlock if the keyfile fails.
+ (or (and keyfile
+ (zero?
+ (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ "--key-file" keyfile
+ cryptsetup-flags)))
+ (zero? (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ cryptsetup-flags))))))))))
(define (close-luks-device source targets)
"Return a gexp that closes TARGET, a LUKS device."
@@ -286,13 +291,15 @@ (define luks-device-mapping
((gnu build file-systems)
#:select (find-partition-by-luks-uuid system*/tty))))))
-(define* (luks-device-mapping-with-options #:key key-file)
+(define* (luks-device-mapping-with-options #:key key-file allow-discards?)
"Return a luks-device-mapping object with open modified to pass the arguments
into the open-luks-device procedure."
(mapped-device-kind
(inherit luks-device-mapping)
- (open (λ (source targets) (open-luks-device source targets
- #:key-file key-file)))))
+ (open (λ (source targets)
+ (open-luks-device source targets
+ #:key-file key-file
+ #:allow-discards? allow-discards?)))))
(define (open-raid-device sources targets)
"Return a gexp that assembles SOURCES (a list of devices) to the RAID device
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 10 Mar 2025 02:50:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 09 22:50:22 2025
Received: from localhost ([127.0.0.1]:35562 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1trTDh-0002wu-Ms
for submit <at> debbugs.gnu.org; Sun, 09 Mar 2025 22:50:22 -0400
Received: from mail-qk1-x734.google.com ([2607:f8b0:4864:20::734]:42459)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1trTDd-0002wc-Mk
for 73654 <at> debbugs.gnu.org; Sun, 09 Mar 2025 22:50:19 -0400
Received: by mail-qk1-x734.google.com with SMTP id
af79cd13be357-7c3c9f7b1a6so362955385a.1
for <73654 <at> debbugs.gnu.org>; Sun, 09 Mar 2025 19:50:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1741575012; x=1742179812; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=nr17eBWxh/y0zV5blKOPTLAuLa+Od8aBx3DBUKzViiM=;
b=I+q4FlEFqEJdisLdp6AtxjNqDcXSaY0JQkJ4Cvlly6dSFMsBqZXCdHXkA89k4CBd7U
IjOYqPdF5qBO+0mjM/m+xMNr3yeQUV4R0un9Am5iRxyEs/wmUjDAsxbwR9H6IGIy5k5y
ZoBuksdDYSmHOEjF6JMwpAyQUgsYAj7OmMj8FeqyPdo9AVQuAUqQcOJoImwQwYpZuzIF
aUOu+AGK7u+4v24ID8exRgIYgzFqIDnfpBKRvJCG2HaY+uQc+j9nnZ3bRnZCrYePhQYk
uhLg395L50sfRcANJMqj+kKUax7QS5MrzP0lNE0c3zBHley0osZHUecR+fxEjxiU85Nd
Ct+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741575012; x=1742179812;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
:to:cc:subject:date:message-id:reply-to;
bh=nr17eBWxh/y0zV5blKOPTLAuLa+Od8aBx3DBUKzViiM=;
b=W7Q5bwCKl198fAqrT5UHqLvACvZprkAWkI6HuHyeS5VkEzyX4DPJV8ciVAcHibibFw
M/3FswayfbGkPM/V8R6bbolP6YSQ7ZuJiF1+z05tfV+8mWt4E+TGMhRGcFP1PKLqX6+p
+/sK1TQPHPhEhbbkov4GqzBC+MjcF5lUc8IQ3iL0NpxdVe2/JJGFN+QzHLmObVD08NYx
F3vIaUY5I0nKbpVV6eY6v0y9Fkaiy0PZexg9zfk0RYIzZELdaNNH9/7Ex9nwhU5SvBUG
5MDwJG2GHOyIFi4M8ViaJ2S352xPYjZ3zQBl51v07bTzW/XFO7IWBn41D5zb3ijuA+iS
ZEZg==
X-Gm-Message-State: AOJu0Yxu76lliopyt1hu/CmUnSWPfC/lJ7LeXzl4DF4s4wdpvVOtBRxY
OSQnEKM+G3y2yhaDcDGJKOcRFuKKZY1gI2EWjR8L6M8f/e5XESux
X-Gm-Gg: ASbGncs88vyjx90VHG8gszJRb8H60u3dwtgAN1pNODpzVIOLPgfDxZbnWVdRWLMM3Bd
9olhx9mzDZG633zzT3VvPZSPXzUjGRkmoLIbMLTvH94teD42C/MVbtVuIDzIHgnEfKyLcRZtXVT
a6Q6SHdy3EU0P9M5iIcTF7GMSe/A1RMEfWu3i5/gqcmqtQLpR33Lu6y6zh/gPtr5iljg0CCfHEf
VG76kQXsF713mNa+S/aoX1FacyRprtjukuSE0m6bvp8Eor1cpg7XH5Y9jic0YHMmqJJ33EdUkKV
pqY9op4NwUwA6didJC+J5kTnB4p7Vg4GUerZrpHYi1huYUJ8x6lGFUutvnTyR0v++Q==
X-Google-Smtp-Source: AGHT+IFlsTJqbDJDUxB3xmssv/FoMO4URRJYvrpcdHq5tlLCvccRsG/SwU9BKq9810LRPDgE/ksYSg==
X-Received: by 2002:a05:620a:6509:b0:7c0:b3b4:9e73 with SMTP id
af79cd13be357-7c53c8bfa35mr1247896085a.20.1741575011706;
Sun, 09 Mar 2025 19:50:11 -0700 (PDT)
Received: from terra (vps-6234970c.vps.ovh.ca. [51.222.13.224])
by smtp.gmail.com with ESMTPSA id
af79cd13be357-7c3e5370487sm597996285a.48.2025.03.09.19.50.09
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 09 Mar 2025 19:50:11 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: soeren@HIDDEN
Subject: Re: [bug#73654] [PATCH v2] mapped-devices: luks: Support passing
--allow-discards during open
In-Reply-To: <175e49381c046e500d69a4dc655258d7692d84df.1741535749.git.soeren@HIDDEN>
(soeren@HIDDEN's message of "Sun, 9 Mar 2025 16:55:49
+0100")
References: <20241006094239.7157-1-sisiutl@HIDDEN>
<175e49381c046e500d69a4dc655258d7692d84df.1741535749.git.soeren@HIDDEN>
Date: Mon, 10 Mar 2025 11:49:56 +0900
Message-ID: <871pv5sip7.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi,
> From: Sisiutl <sisiutl@HIDDEN> > > * gnu/system/mapped-devices.scm
(open-luks-device): Support opening > LUKS devices with the --allow-discards
option. > * gnu/system/mapped-devices.scm (luks- [...]
Content analysis details: (2.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (maxim.cournoyer[at]gmail.com)
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: egregore.fun (fun)]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2607:f8b0:4864:20:0:0:0:734 listed in]
[list.dnswl.org]
X-Debbugs-Envelope-To: 73654
Cc: 73654 <at> debbugs.gnu.org, sisiutl@HIDDEN, ludo@HIDDEN,
hako@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)
Hi,
soeren@HIDDEN writes:
> From: Sisiutl <sisiutl@HIDDEN>
>
> * gnu/system/mapped-devices.scm (open-luks-device): Support opening
> LUKS devices with the --allow-discards option.
> * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
> Pass through the allow-discards? keyword argument.
> * doc/guix.texi (Mapped Devices): Update documentation for the
> luks-device-mapping-with-options procedure.
>
> Signed-off-by: S=C3=B6ren Tempel <soeren@HIDDEN>
I'd use a 'Co-authored-by' if significantly modified or 'Modified-by' if
lightly touched git trailers here. Signed-off-by is currently used in
Guix to denote someone else's work pushed by a committer.
> ---
> Not the author of the original patchset, but I needed this for my
> own setup as well so I might as well pick up the slack. I made
> the following changes since the v1:
>
> * Mention allow-discards? in the docstring of open-luks-device.
> * Reference the new option in luks-device-mapping-with-options.
> * Expand the related documentation in doc/guix.texi.
> * Revise the commit message slightly.
> * Restore the linefeed.
Sounds good.
> doc/guix.texi | 11 +++++++++-
> gnu/system/mapped-devices.scm | 39 ++++++++++++++++++++---------------
> 2 files changed, 32 insertions(+), 18 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 05c855c5ea..bc3ba1f2ed 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -18461,7 +18461,7 @@ Mapped Devices
> @code{dm-crypt} Linux kernel module.
> @end defvar
>=20=20
> -@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
> +@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-=
discards?]
> Return a @code{luks-device-mapping} object, which defines LUKS block
> device encryption using the @command{cryptsetup} command from the
> package with the same name. It relies on the @code{dm-crypt} Linux
> @@ -18483,6 +18483,15 @@ Mapped Devices
> (type (luks-device-mapping-with-options
> #:key-file "/crypto.key")))
> @end lisp
> +
> +If @code{allow-discards?} is provided, then the use of discard (TRIM)
> +requests is allowed for the underlying device.
I'd streamline this sentence into:
--8<---------------cut here---------------start------------->8---
@code{allow-discards?} allows the use of discard (TRIM) requests for the
underlying device.
--8<---------------cut here---------------end--------------->8---
> + This is useful for
> +Solid State Drives.
I'd use 'solid state drives', un-capitalized or @acronym{SSD, Solid
State Drives}.
> However, this option can have a negative security
> +impact because it can make filesystem-level operations visible on the
The GNU convention is to use 'file system', not filesystem.
> +physical device. For more information, refer to the description of
> +the @code{--allow-discards} option in the @code{cryptsetup-open(8)}
> +man page.
> +
> @end deffn
>=20=20
> @defvar raid-device-mapping
> diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
> index 931c371425..c3eaf9ff6e 100644
> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -194,9 +194,10 @@ (define (check-device-initrd-modules device linux-mo=
dules location)
> ;;; Common device mappings.
> ;;;
>=20=20
> -(define* (open-luks-device source targets #:key key-file)
> +(define* (open-luks-device source targets #:key key-file allow-discards?)
> "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
> -'cryptsetup'."
> +'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) r=
equests is
> +allowed for the underlying device."
> (with-imported-modules (source-module-closure
> '((gnu build file-systems)
> (guix build utils))) ;; For mkdir-p
> @@ -234,17 +235,19 @@ (define* (open-luks-device source targets #:key key=
-file)
> (loop (- tries-left 1))))))
> (error "LUKS partition not found" source))
> source)))
> - ;; We want to fallback to the password unlock if the keyfil=
e fails.
> - (or (and keyfile
> - (zero? (system*/tty
> - #$(file-append cryptsetup-static "/sbin/cr=
yptsetup")
> - "open" "--type" "luks"
> - "--key-file" keyfile
> - partition #$target)))
> - (zero? (system*/tty
> - #$(file-append cryptsetup-static "/sbin/cryptse=
tup")
> - "open" "--type" "luks"
> - partition #$target)))))))))
> + (let* ((cryptsetup-flags (list "open" "--type" "luks" parti=
tion #$target))
> + (cryptsetup-flags (if allow-discards?
> + (cons "--allow-discards" crypt=
setup-flags)
> + cryptsetup-flags)))
Theres' not need for a let* and reusing the same variable; you can
instead use the following list splicing trick:
--8<---------------cut here---------------start------------->8---
(let ((options `(,@(if allow-discards?
"--allow-discards"
'())
"open" "--type" "luks" partition #$target)))
[...])
--8<---------------cut here---------------end--------------->8---
> + ;; We want to fallback to the password unlock if the keyf=
ile fails.
> + (or (and keyfile
> + (zero? (apply system*/tty
> + #$(file-append cryptsetup-static "=
/sbin/cryptsetup")
> + "--key-file" keyfile
> + cryptsetup-flags)))
> + (zero? (apply system*/tty
> + #$(file-append cryptsetup-static "/sbin=
/cryptsetup")
> + cryptsetup-flags))))))))))
You'll want to nest the apply under the (zero? ... call and ensure it
fits under 80 characters, which is in our coding style guidelines.
> (define (close-luks-device source targets)
> "Return a gexp that closes TARGET, a LUKS device."
> @@ -286,13 +289,15 @@ (define luks-device-mapping
> ((gnu build file-systems)
> #:select (find-partition-by-luks-uuid system*/tty))))))
>=20=20
> -(define* (luks-device-mapping-with-options #:key key-file)
> +(define* (luks-device-mapping-with-options #:key key-file allow-discards=
?)
> "Return a luks-device-mapping object with open modified to pass the ar=
guments
> -into the open-luks-device procedure."
> +(key-file and allow-discards?) into the open-luks-device procedure."
I would drop the above doc change. 'Arguments' already cover it in a
more abstract (and maintainable) fashion.
> (mapped-device-kind
> (inherit luks-device-mapping)
> - (open (=CE=BB (source targets) (open-luks-device source targets
> - #:key-file key-file)))))
> + (open (=CE=BB (source targets)
> + (open-luks-device source targets
> + #:key-file key-file
> + #:allow-discards? allow-discards?)))))
The rest LGTM. Could you please send a new revision taking into account
my review comments?
--=20
Thanks,
Maxim
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at 73654) by debbugs.gnu.org; 9 Mar 2025 15:58:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 09 11:58:18 2025
Received: from localhost ([127.0.0.1]:33893 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1trJ2f-0001ys-Mc
for submit <at> debbugs.gnu.org; Sun, 09 Mar 2025 11:58:18 -0400
Received: from magnesium.8pit.net ([45.76.88.171]:4895)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <soeren@HIDDEN>)
id 1trJ2c-0001yd-Am; Sun, 09 Mar 2025 11:58:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=opensmtpd; bh=MBka6V2p
49vR/4P0lRP0wPM2Fqwkh+be8OYQMPERQdI=; h=date:subject:cc:to:from;
d=soeren-tempel.net; b=w0TwY5o2pAP1COCzMGmiBnkbeUEc2pPNwueCJ6NiF7y86iv
HYgIgoy9GyOuiDLkoLhGvzbMHyDn8Uf/3KE/c4nY2CaiuHs3AsXgcgTC22W4o4UKdWEdtw
3TqGKvHTIbgsKRERaR/YfoTFaApizLtfYgxaBD4RnSgbERwvKhQQ6s=
Received: from localhost (<unknown> [2a02:560:4d83:4d00:ac70:7d85:2260:9eec])
by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id ba7763cc
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:YES);
Sun, 9 Mar 2025 16:58:11 +0100 (CET)
From: soeren@HIDDEN
To: 73654 <at> debbugs.gnu.org
Subject: [PATCH v2] mapped-devices: luks: Support passing --allow-discards
during open
Date: Sun, 9 Mar 2025 16:55:49 +0100
Message-ID: <175e49381c046e500d69a4dc655258d7692d84df.1741535749.git.soeren@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Sisiutl <sisiutl@HIDDEN> *
gnu/system/mapped-devices.scm
(open-luks-device): Support opening LUKS devices with the --allow-discards
option. * gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
Pass through the [...]
Content analysis details: (2.0 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[45.76.88.171 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[45.76.88.171 listed in sa-trusted.bondedsender.org]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: egregore.fun (fun)]
X-Debbugs-Envelope-To: 73654
Cc: sisiutl@HIDDEN, hako@HIDDEN, ludo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)
From: Sisiutl <sisiutl@HIDDEN>
* gnu/system/mapped-devices.scm (open-luks-device): Support opening
LUKS devices with the --allow-discards option.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
Pass through the allow-discards? keyword argument.
* doc/guix.texi (Mapped Devices): Update documentation for the
luks-device-mapping-with-options procedure.
Signed-off-by: Sören Tempel <soeren@HIDDEN>
---
Not the author of the original patchset, but I needed this for my
own setup as well so I might as well pick up the slack. I made
the following changes since the v1:
* Mention allow-discards? in the docstring of open-luks-device.
* Reference the new option in luks-device-mapping-with-options.
* Expand the related documentation in doc/guix.texi.
* Revise the commit message slightly.
* Restore the linefeed.
doc/guix.texi | 11 +++++++++-
gnu/system/mapped-devices.scm | 39 ++++++++++++++++++++---------------
2 files changed, 32 insertions(+), 18 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 05c855c5ea..bc3ba1f2ed 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18461,7 +18461,7 @@ Mapped Devices
@code{dm-crypt} Linux kernel module.
@end defvar
-@deffn {Procedure} luks-device-mapping-with-options [#:key-file]
+@deffn {Procedure} luks-device-mapping-with-options [#:key-file #:allow-discards?]
Return a @code{luks-device-mapping} object, which defines LUKS block
device encryption using the @command{cryptsetup} command from the
package with the same name. It relies on the @code{dm-crypt} Linux
@@ -18483,6 +18483,15 @@ Mapped Devices
(type (luks-device-mapping-with-options
#:key-file "/crypto.key")))
@end lisp
+
+If @code{allow-discards?} is provided, then the use of discard (TRIM)
+requests is allowed for the underlying device. This is useful for
+Solid State Drives. However, this option can have a negative security
+impact because it can make filesystem-level operations visible on the
+physical device. For more information, refer to the description of
+the @code{--allow-discards} option in the @code{cryptsetup-open(8)}
+man page.
+
@end deffn
@defvar raid-device-mapping
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 931c371425..c3eaf9ff6e 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -194,9 +194,10 @@ (define (check-device-initrd-modules device linux-modules location)
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file)
+(define* (open-luks-device source targets #:key key-file allow-discards?)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
-'cryptsetup'."
+'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM) requests is
+allowed for the underlying device."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@@ -234,17 +235,19 @@ (define* (open-luks-device source targets #:key key-file)
(loop (- tries-left 1))))))
(error "LUKS partition not found" source))
source)))
- ;; We want to fallback to the password unlock if the keyfile fails.
- (or (and keyfile
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- "--key-file" keyfile
- partition #$target)))
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- partition #$target)))))))))
+ (let* ((cryptsetup-flags (list "open" "--type" "luks" partition #$target))
+ (cryptsetup-flags (if allow-discards?
+ (cons "--allow-discards" cryptsetup-flags)
+ cryptsetup-flags)))
+ ;; We want to fallback to the password unlock if the keyfile fails.
+ (or (and keyfile
+ (zero? (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ "--key-file" keyfile
+ cryptsetup-flags)))
+ (zero? (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ cryptsetup-flags))))))))))
(define (close-luks-device source targets)
"Return a gexp that closes TARGET, a LUKS device."
@@ -286,13 +289,15 @@ (define luks-device-mapping
((gnu build file-systems)
#:select (find-partition-by-luks-uuid system*/tty))))))
-(define* (luks-device-mapping-with-options #:key key-file)
+(define* (luks-device-mapping-with-options #:key key-file allow-discards?)
"Return a luks-device-mapping object with open modified to pass the arguments
-into the open-luks-device procedure."
+(key-file and allow-discards?) into the open-luks-device procedure."
(mapped-device-kind
(inherit luks-device-mapping)
- (open (λ (source targets) (open-luks-device source targets
- #:key-file key-file)))))
+ (open (λ (source targets)
+ (open-luks-device source targets
+ #:key-file key-file
+ #:allow-discards? allow-discards?)))))
(define (open-raid-device sources targets)
"Return a gexp that assembles SOURCES (a list of devices) to the RAID device
base-commit: c4f297a664869a18126b66eb5209de1fcceb42d8
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.Received: (at 73654) by debbugs.gnu.org; 15 Dec 2024 16:31:22 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 15 11:31:22 2024 Received: from localhost ([127.0.0.1]:51748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tMrWc-0006iH-CI for submit <at> debbugs.gnu.org; Sun, 15 Dec 2024 11:31:22 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55922) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tMrWa-0006i4-KJ for 73654 <at> debbugs.gnu.org; Sun, 15 Dec 2024 11:31:21 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1tMrWS-0007KD-OZ; Sun, 15 Dec 2024 11:31:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=hUzTWOkA6XU1mCNA52VY4RjI+WXFKG6gxjeYKxDAbkE=; b=Pe9GHXH1gz4Npq3FaMZW a6zmKS/YFKWajv0XeKWseII2ISPwRtNx3OrIcFYG0AsY0AJpSw/yi4sJQrEC8F9IqTnX6SEUcRb1/ YxbjJPvH7gJSXvq/G7b29piAWx39oxQjVtvbOoPs8kddeMrJu+22B3MCsduqEZEerE0PQo9rIEw91 cB7xkbVYE/pOFrdgTSZFO9mpFnlevJg1k8wbGsSHiyy/GbQT4VfGJLNLm9LRLZiIRxAF1GlH6jRLw Sh1p16nfiogySYsiTBSgYvems5IinIY2LTxvhofUgmWfsYc7dI9RhvmD20yUAafQiY69Z4uQO1C0P kAWY7+xMC1k3SQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Sisiutl <sisiutl@HIDDEN> Subject: Re: [bug#73654] [PATCH] gnu: luks-device-mapping-with-options: Add allow-discards? argument. In-Reply-To: <20241006094239.7157-1-sisiutl@HIDDEN> (sisiutl@HIDDEN's message of "Sun, 6 Oct 2024 11:42:28 +0200") References: <20241006094239.7157-1-sisiutl@HIDDEN> Date: Sun, 15 Dec 2024 17:31:10 +0100 Message-ID: <87msgwj4c1.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.3 (/) X-Debbugs-Envelope-To: 73654 Cc: 73654 <at> debbugs.gnu.org, Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.3 (-) Hi, (Cc: Tomas, who I believe initially worked on this.) Sisiutl <sisiutl@HIDDEN> skribis: > * gnu/system/mapped-devices.scm (luks-device-mapping-with-options): Add a= llow-discards? argument. > > Change-Id: I0a43c13570a223d17698c7fe9ef4607e587bb8d0 > - > + This is a linefeed and it facilitates navigation in the file; please preserve it. :-) > +(define* (open-luks-device source targets #:key key-file allow-discards?) > "Return a gexp that maps SOURCE to TARGET as a LUKS device, using > 'cryptsetup'." Please briefly document =E2=80=98allow-discards?=E2=80=99 in the docstring= =E2=80=A6 > +(define* (luks-device-mapping-with-options #:key key-file allow-discards= ?) > "Return a luks-device-mapping object with open modified to pass the ar= guments > into the open-luks-device procedure." =E2=80=A6 also here, and also in a bit more detail in the relevant place in =E2=80=98doc/guix.texi=E2=80=99. Thanks in advance! Ludo=E2=80=99.
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.Received: (at 73654) by debbugs.gnu.org; 6 Nov 2024 15:34:05 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Nov 06 10:34:05 2024 Received: from localhost ([127.0.0.1]:45119 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1t8i2m-0005yv-GB for submit <at> debbugs.gnu.org; Wed, 06 Nov 2024 10:34:04 -0500 Received: from mail.boiledscript.com ([144.168.59.46]:55418) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <hako@HIDDEN>) id 1t8i2i-0005yQ-RC for 73654 <at> debbugs.gnu.org; Wed, 06 Nov 2024 10:34:02 -0500 Date: Wed, 06 Nov 2024 21:57:16 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space; s=dkim; t=1730907233; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YCpXCOexKzuVmkEr4oDInF0UQH1vkExOBNuwWdeuPe0=; b=Y2QIOVc65RJ5njPuz/hoj4AvqXDUEMZcphulWGIDHHGdjGzsW2XaZECBYUTH2fGoXHskMk X1JfQFDowndE0A85PEzTwM0MSpIxm18E9STGRtsbydekZn33PtBuWqjgKz8LaNU7lfGQa8 Na4G07qJV1DETraxpevALExCvbIojyOql+mVa02ns4pvshvZdXAqVrDaN1fNVNC6tm7MaQ 2ht2db48TcQMXXNtL0H7TtwhNX0hrO9jBSILlcItFwONi2DaFL9ioEvqqNpwwmqCBb4mBq NSKHH3NrRV1XWfTcf6m3wuDrSKjm5cbfDW1kNSCxe9xBBNnMwSEu+L5JrcyWFg== Authentication-Results: mail.boiledscript.com; auth=pass smtp.mailfrom=hako@HIDDEN Message-ID: <87ikt0ihxf.wl-hako@HIDDEN> From: Hilton Chain <hako@HIDDEN> To: Sisiutl <sisiutl@HIDDEN> Subject: Re: [PATCH] gnu: luks-device-mapping-with-options: Add allow-discards? argument. In-Reply-To: <20241006094239.7157-1-sisiutl@HIDDEN> References: <20241006094239.7157-1-sisiutl@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: -- X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 73654 Cc: 73654 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi Sisiutl, On Sun, 06 Oct 2024 17:42:28 +0800, Sisiutl wrote: > > * gnu/system/mapped-devices.scm (luks-device-mapping-with-options): Add a= llow-discards? argument. > > Change-Id: I0a43c13570a223d17698c7fe9ef4607e587bb8d0 > --- > gnu/system/mapped-devices.scm | 36 +++++++++++++++++++---------------- > 1 file changed, 20 insertions(+), 16 deletions(-) > > diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm > index 931c371425..674e8708a4 100644 > --- a/gnu/system/mapped-devices.scm > +++ b/gnu/system/mapped-devices.scm > @@ -189,12 +189,12 @@ (define missing > (&error-location > (location (source-properties->location location)))))))) > > -=0C > + This character (=A1=0C=A2) is a form feed, please leave it here :) > ;;; > ;;; Common device mappings. > ;;; > > -(define* (open-luks-device source targets #:key key-file) > +(define* (open-luks-device source targets #:key key-file allow-discards?) > "Return a gexp that maps SOURCE to TARGET as a LUKS device, using > 'cryptsetup'." > (with-imported-modules (source-module-closure > @@ -234,17 +234,19 @@ (define* (open-luks-device source targets #:key key= -file) > (loop (- tries-left 1)))))) > (error "LUKS partition not found" source)) > source))) > - ;; We want to fallback to the password unlock if the keyfil= e fails. > - (or (and keyfile > - (zero? (system*/tty > - #$(file-append cryptsetup-static "/sbin/cr= yptsetup") > - "open" "--type" "luks" > - "--key-file" keyfile > - partition #$target))) > - (zero? (system*/tty > - #$(file-append cryptsetup-static "/sbin/cryptse= tup") > - "open" "--type" "luks" > - partition #$target))))))))) > + (let* ((cryptsetup-flags (list "open" "--type" "luks" parti= tion #$target)) > + (cryptsetup-flags (if allow-discards? > + (cons "--allow-discards" crypt= setup-flags) > + cryptsetup-flags))) > + ;; We want to fallback to the password unlock if the keyf= ile fails. > + (or (and keyfile > + (zero? (apply system*/tty > + #$(file-append cryptsetup-static "= /sbin/cryptsetup") > + "--key-file" keyfile > + cryptsetup-flags))) > + (zero? (apply system*/tty > + #$(file-append cryptsetup-static "/sbin= /cryptsetup") > + cryptsetup-flags)))))))))) > (define (close-luks-device source targets) > "Return a gexp that closes TARGET, a LUKS device." > @@ -286,13 +288,15 @@ (define luks-device-mapping > ((gnu build file-systems) > #:select (find-partition-by-luks-uuid system*/tty)))))) > > -(define* (luks-device-mapping-with-options #:key key-file) > +(define* (luks-device-mapping-with-options #:key key-file allow-discards= ?) > "Return a luks-device-mapping object with open modified to pass the ar= guments > into the open-luks-device procedure." > (mapped-device-kind > (inherit luks-device-mapping) > - (open (=EB (source targets) (open-luks-device source targets > - #:key-file key-file))))) > + (open (=EB (source targets) > + (open-luks-device source targets > + #:key-file key-file > + #:allow-discards? allow-discards?))))) > > (define (open-raid-device sources targets) > "Return a gexp that assembles SOURCES (a list of devices) to the RAID = device > -- > 2.46.0 Can you also add documentation for this option in doc/guix.texi? Thanks
guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 6 Oct 2024 09:44:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 06 05:44:10 2024
Received: from localhost ([127.0.0.1]:40192 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sxNoA-0005Uj-2Q
for submit <at> debbugs.gnu.org; Sun, 06 Oct 2024 05:44:10 -0400
Received: from lists.gnu.org ([209.51.188.17]:58064)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <sisiutl@HIDDEN>) id 1sxNo8-0005Ub-P2
for submit <at> debbugs.gnu.org; Sun, 06 Oct 2024 05:44:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <sisiutl@HIDDEN>)
id 1sxNnz-00076J-1j
for guix-patches@HIDDEN; Sun, 06 Oct 2024 05:43:59 -0400
Received: from 2a02-8428-4716-0c01-eecc-61c0-3286-ff35.rev.sfr.net
([2a02:8428:4716:c01:eecc:61c0:3286:ff35] helo=fujo.egregore.fun)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <sisiutl@HIDDEN>) id 1sxNnu-0004uw-JF
for guix-patches@HIDDEN; Sun, 06 Oct 2024 05:43:57 -0400
Received: from localhost (2a02-8428-4716-0c01-69f4-ade7-72a4-dc0f.rev.sfr.net
[IPv6:2a02:8428:4716:c01:69f4:ade7:72a4:dc0f])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (prime256v1) server-signature ECDSA (prime256v1)
server-digest SHA256) (No client certificate requested)
(Authenticated sender: sisiutl@HIDDEN)
by fujo.egregore.fun (Postfix) with ESMTPSA id 6128C673C2;
Sun, 6 Oct 2024 11:42:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=egregore.fun;
s=fujo; t=1728207769;
bh=5lrmfn2esld5af0pvbw5lj1OtT1ysVDQkV4VxYXInpw=;
h=From:To:Cc:Subject:Date;
b=WFUTiuAkFL1hnIKS+NXglFD/oUQvVU3+qZR2S1q8mVBjd428DKcNVKGpVy0XLgSEY
kYcjIrOeyyykYBJr3vR6h2UyULBPtvq0qMqoE1L6txyOwauxmNIMkf6lq2Hr3pWSqe
98bPSvlvd6VIQAEwAYgMJ5j+NgSDZkmxp5H3gOmA=
From: Sisiutl <sisiutl@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: luks-device-mapping-with-options: Add allow-discards?
argument.
Date: Sun, 6 Oct 2024 11:42:28 +0200
Message-ID: <20241006094239.7157-1-sisiutl@HIDDEN>
X-Mailer: git-send-email 2.46.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a02:8428:4716:c01:eecc:61c0:3286:ff35;
envelope-from=sisiutl@HIDDEN; helo=fujo.egregore.fun
X-Spam_score_int: 67
X-Spam_score: 6.7
X-Spam_bar: ++++++
X-Spam_report: (6.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.499,
FROM_SUSPICIOUS_NTLD_FP=1.999, PDS_OTHER_BAD_TLD=1.999, RCVD_IN_PBL=3.335,
RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: reject
X-Spam-Score: 3.2 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/mapped-devices.scm
(luks-device-mapping-with-options):
Add allow-discards? argument. Change-Id:
I0a43c13570a223d17698c7fe9ef4607e587bb8d0
--- gnu/system/mapped-devices.scm | 36 +++++++++++++++++++ 1 file changed,
20 insertions(+), 16 deletions(-)
Content analysis details: (3.2 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.51.188.17 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.51.188.17 listed in sa-accredit.habeas.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: egregore.fun (fun)]
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.51.188.17 listed in wl.mailspike.net]
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust [209.51.188.17 listed in list.dnswl.org]
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
X-Debbugs-Envelope-To: submit
Cc: Sisiutl <sisiutl@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options): Add allow-discards? argument.
Change-Id: I0a43c13570a223d17698c7fe9ef4607e587bb8d0
---
gnu/system/mapped-devices.scm | 36 +++++++++++++++++++----------------
1 file changed, 20 insertions(+), 16 deletions(-)
diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm
index 931c371425..674e8708a4 100644
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@@ -189,12 +189,12 @@ (define missing
(&error-location
(location (source-properties->location location))))))))
-
+
;;;
;;; Common device mappings.
;;;
-(define* (open-luks-device source targets #:key key-file)
+(define* (open-luks-device source targets #:key key-file allow-discards?)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'."
(with-imported-modules (source-module-closure
@@ -234,17 +234,19 @@ (define* (open-luks-device source targets #:key key-file)
(loop (- tries-left 1))))))
(error "LUKS partition not found" source))
source)))
- ;; We want to fallback to the password unlock if the keyfile fails.
- (or (and keyfile
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- "--key-file" keyfile
- partition #$target)))
- (zero? (system*/tty
- #$(file-append cryptsetup-static "/sbin/cryptsetup")
- "open" "--type" "luks"
- partition #$target)))))))))
+ (let* ((cryptsetup-flags (list "open" "--type" "luks" partition #$target))
+ (cryptsetup-flags (if allow-discards?
+ (cons "--allow-discards" cryptsetup-flags)
+ cryptsetup-flags)))
+ ;; We want to fallback to the password unlock if the keyfile fails.
+ (or (and keyfile
+ (zero? (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ "--key-file" keyfile
+ cryptsetup-flags)))
+ (zero? (apply system*/tty
+ #$(file-append cryptsetup-static "/sbin/cryptsetup")
+ cryptsetup-flags))))))))))
(define (close-luks-device source targets)
"Return a gexp that closes TARGET, a LUKS device."
@@ -286,13 +288,15 @@ (define luks-device-mapping
((gnu build file-systems)
#:select (find-partition-by-luks-uuid system*/tty))))))
-(define* (luks-device-mapping-with-options #:key key-file)
+(define* (luks-device-mapping-with-options #:key key-file allow-discards?)
"Return a luks-device-mapping object with open modified to pass the arguments
into the open-luks-device procedure."
(mapped-device-kind
(inherit luks-device-mapping)
- (open (λ (source targets) (open-luks-device source targets
- #:key-file key-file)))))
+ (open (λ (source targets)
+ (open-luks-device source targets
+ #:key-file key-file
+ #:allow-discards? allow-discards?)))))
(define (open-raid-device sources targets)
"Return a gexp that assembles SOURCES (a list of devices) to the RAID device
--
2.46.0
Sisiutl <sisiutl@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#73654; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.