Commit | Line | Data |
---|---|---|
060d62a7 | 1 | ;;; GNU Guix --- Functional package management for GNU |
424cea80 | 2 | ;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org> |
97c8aef1 | 3 | ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr> |
3e5783e2 | 4 | ;;; Copyright © 2017, 2018 Mark H Weaver <mhw@netris.org> |
060d62a7 LC |
5 | ;;; |
6 | ;;; This file is part of GNU Guix. | |
7 | ;;; | |
8 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
9 | ;;; under the terms of the GNU General Public License as published by | |
10 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
11 | ;;; your option) any later version. | |
12 | ;;; | |
13 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
14 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | ;;; GNU General Public License for more details. | |
17 | ;;; | |
18 | ;;; You should have received a copy of the GNU General Public License | |
19 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
20 | ||
21 | (define-module (gnu system mapped-devices) | |
374f14c2 | 22 | #:use-module (guix gexp) |
060d62a7 | 23 | #:use-module (guix records) |
239c6e27 | 24 | #:use-module (guix modules) |
42ff7d3b LC |
25 | #:use-module (guix i18n) |
26 | #:use-module ((guix utils) | |
27 | #:select (source-properties->location | |
8ab10c19 | 28 | &fix-hint |
42ff7d3b | 29 | &error-location)) |
1ea507bc LC |
30 | #:use-module (gnu services) |
31 | #:use-module (gnu services shepherd) | |
9b336338 | 32 | #:use-module (gnu system uuid) |
42ff7d3b | 33 | #:autoload (gnu build file-systems) (find-partition-by-luks-uuid) |
8ab10c19 | 34 | #:autoload (gnu build linux-modules) |
3e5783e2 | 35 | (device-module-aliases matching-modules known-module-aliases) |
b7d408ec | 36 | #:autoload (gnu packages cryptsetup) (cryptsetup-static) |
4ed2f515 | 37 | #:autoload (gnu packages linux) (mdadm-static) |
ffba7d49 | 38 | #:use-module (srfi srfi-1) |
424cea80 | 39 | #:use-module (srfi srfi-26) |
42ff7d3b LC |
40 | #:use-module (srfi srfi-34) |
41 | #:use-module (srfi srfi-35) | |
1ea507bc | 42 | #:use-module (ice-9 match) |
060d62a7 LC |
43 | #:export (mapped-device |
44 | mapped-device? | |
45 | mapped-device-source | |
46 | mapped-device-target | |
47 | mapped-device-type | |
4ca90ff5 | 48 | mapped-device-location |
060d62a7 LC |
49 | |
50 | mapped-device-kind | |
51 | mapped-device-kind? | |
52 | mapped-device-kind-open | |
374f14c2 | 53 | mapped-device-kind-close |
4ca90ff5 | 54 | mapped-device-kind-check |
374f14c2 | 55 | |
1ea507bc LC |
56 | device-mapping-service-type |
57 | device-mapping-service | |
58 | ||
8ab10c19 LC |
59 | check-device-initrd-modules ;XXX: needs a better place |
60 | ||
97c8aef1 AE |
61 | luks-device-mapping |
62 | raid-device-mapping)) | |
060d62a7 LC |
63 | |
64 | ;;; Commentary: | |
65 | ;;; | |
66 | ;;; This module supports "device mapping", a concept implemented by Linux's | |
67 | ;;; device-mapper. | |
68 | ;;; | |
69 | ;;; Code: | |
70 | ||
71 | (define-record-type* <mapped-device> mapped-device | |
72 | make-mapped-device | |
73 | mapped-device? | |
d6d1cea6 | 74 | (source mapped-device-source) ;string | list of strings |
060d62a7 | 75 | (target mapped-device-target) ;string |
4ca90ff5 LC |
76 | (type mapped-device-type) ;<mapped-device-kind> |
77 | (location mapped-device-location | |
78 | (default (current-source-location)) (innate))) | |
060d62a7 LC |
79 | |
80 | (define-record-type* <mapped-device-type> mapped-device-kind | |
81 | make-mapped-device-kind | |
82 | mapped-device-kind? | |
83 | (open mapped-device-kind-open) ;source target -> gexp | |
84 | (close mapped-device-kind-close ;source target -> gexp | |
4ca90ff5 LC |
85 | (default (const #~(const #f)))) |
86 | (check mapped-device-kind-check ;source -> Boolean | |
87 | (default (const #t)))) | |
060d62a7 | 88 | |
374f14c2 | 89 | \f |
1ea507bc LC |
90 | ;;; |
91 | ;;; Device mapping as a Shepherd service. | |
92 | ;;; | |
93 | ||
94 | (define device-mapping-service-type | |
95 | (shepherd-service-type | |
96 | 'device-mapping | |
97 | (match-lambda | |
4da8c19e LC |
98 | (($ <mapped-device> source target |
99 | ($ <mapped-device-type> open close)) | |
1ea507bc LC |
100 | (shepherd-service |
101 | (provision (list (symbol-append 'device-mapping- (string->symbol target)))) | |
102 | (requirement '(udev)) | |
103 | (documentation "Map a device node using Linux's device mapper.") | |
4da8c19e LC |
104 | (start #~(lambda () #$(open source target))) |
105 | (stop #~(lambda _ (not #$(close source target)))) | |
dfe06f6e | 106 | (respawn? #f)))))) |
1ea507bc | 107 | |
4da8c19e LC |
108 | (define (device-mapping-service mapped-device) |
109 | "Return a service that sets up @var{mapped-device}." | |
110 | (service device-mapping-service-type mapped-device)) | |
1ea507bc LC |
111 | |
112 | \f | |
8ab10c19 LC |
113 | ;;; |
114 | ;;; Static checks. | |
115 | ;;; | |
116 | ||
117 | (define (check-device-initrd-modules device linux-modules location) | |
118 | "Raise an error if DEVICE needs modules beyond LINUX-MODULES to operate. | |
119 | DEVICE must be a \"/dev\" file name." | |
120 | (define aliases | |
121 | ;; Attempt to load 'modules.alias' from the current kernel, assuming we're | |
122 | ;; on GuixSD, and assuming that corresponds to the kernel we'll be | |
123 | ;; installing. Skip the whole thing if that file cannot be read. | |
124 | (catch 'system-error | |
125 | (lambda () | |
126 | (known-module-aliases)) | |
127 | (const #f))) | |
128 | ||
129 | (when aliases | |
130 | (let ((modules (delete-duplicates | |
131 | (append-map (cut matching-modules <> aliases) | |
132 | (device-module-aliases device))))) | |
133 | (unless (every (cute member <> linux-modules) modules) | |
134 | (raise (condition | |
135 | (&message | |
136 | (message (format #f (G_ "you may need these modules \ | |
137 | in the initrd for ~a:~{ ~a~}") | |
138 | device modules))) | |
139 | (&fix-hint | |
140 | (hint (format #f (G_ "Try adding them to the | |
141 | @code{initrd-modules} field of your @code{operating-system} declaration, along | |
142 | these lines: | |
143 | ||
144 | @example | |
145 | (operating-system | |
146 | ;; @dots{} | |
147 | (initrd-modules (append (list~{ ~s~}) | |
148 | %base-initrd-modules))) | |
149 | @end example\n") | |
150 | modules))) | |
151 | (&error-location | |
152 | (location (source-properties->location location))))))))) | |
153 | ||
154 | \f | |
374f14c2 LC |
155 | ;;; |
156 | ;;; Common device mappings. | |
157 | ;;; | |
158 | ||
159 | (define (open-luks-device source target) | |
160 | "Return a gexp that maps SOURCE to TARGET as a LUKS device, using | |
161 | 'cryptsetup'." | |
239c6e27 LC |
162 | (with-imported-modules (source-module-closure |
163 | '((gnu build file-systems))) | |
9b336338 LC |
164 | #~(let ((source #$(if (uuid? source) |
165 | (uuid-bytevector source) | |
166 | source))) | |
dfe06f6e LC |
167 | ;; XXX: 'use-modules' should be at the top level. |
168 | (use-modules (rnrs bytevectors) ;bytevector? | |
169 | ((gnu build file-systems) | |
170 | #:select (find-partition-by-luks-uuid))) | |
171 | ||
b7d408ec LC |
172 | ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the |
173 | ;; whole world inside the initrd (for when we're in an initrd). | |
174 | (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") | |
a91c3fc7 LC |
175 | "open" "--type" "luks" |
176 | ||
177 | ;; Note: We cannot use the "UUID=source" syntax here | |
178 | ;; because 'cryptsetup' implements it by searching the | |
179 | ;; udev-populated /dev/disk/by-id directory but udev may | |
180 | ;; be unavailable at the time we run this. | |
181 | (if (bytevector? source) | |
f45878a8 MW |
182 | (or (let loop ((tries-left 10)) |
183 | (and (positive? tries-left) | |
184 | (or (find-partition-by-luks-uuid source) | |
185 | ;; If the underlying partition is | |
186 | ;; not found, try again after | |
187 | ;; waiting a second, up to ten | |
188 | ;; times. FIXME: This should be | |
189 | ;; dealt with in a more robust way. | |
190 | (begin (sleep 1) | |
191 | (loop (- tries-left 1)))))) | |
a91c3fc7 LC |
192 | (error "LUKS partition not found" source)) |
193 | source) | |
194 | ||
195 | #$target))))) | |
374f14c2 LC |
196 | |
197 | (define (close-luks-device source target) | |
198 | "Return a gexp that closes TARGET, a LUKS device." | |
b7d408ec | 199 | #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup") |
374f14c2 LC |
200 | "close" #$target))) |
201 | ||
424cea80 LC |
202 | (define* (check-luks-device md #:key |
203 | needed-for-boot? | |
204 | (initrd-modules '()) | |
205 | #:allow-other-keys | |
206 | #:rest rest) | |
42ff7d3b | 207 | "Ensure the source of MD is valid." |
424cea80 LC |
208 | (let ((source (mapped-device-source md)) |
209 | (location (mapped-device-location md))) | |
210 | (or (not (zero? (getuid))) | |
211 | (if (uuid? source) | |
212 | (match (find-partition-by-luks-uuid (uuid-bytevector source)) | |
213 | (#f | |
214 | (raise (condition | |
215 | (&message | |
216 | (message (format #f (G_ "no LUKS partition with UUID '~a'") | |
217 | (uuid->string source)))) | |
218 | (&error-location | |
219 | (location (source-properties->location | |
220 | (mapped-device-location md))))))) | |
221 | ((? string? device) | |
222 | (check-device-initrd-modules device initrd-modules location))) | |
223 | (check-device-initrd-modules source initrd-modules location))))) | |
42ff7d3b | 224 | |
374f14c2 LC |
225 | (define luks-device-mapping |
226 | ;; The type of LUKS mapped devices. | |
227 | (mapped-device-kind | |
228 | (open open-luks-device) | |
42ff7d3b LC |
229 | (close close-luks-device) |
230 | (check check-luks-device))) | |
374f14c2 | 231 | |
7f8ad82b LC |
232 | (define (open-raid-device sources target) |
233 | "Return a gexp that assembles SOURCES (a list of devices) to the RAID device | |
234 | TARGET (e.g., \"/dev/md0\"), using 'mdadm'." | |
10618627 LC |
235 | #~(let ((sources '#$sources) |
236 | ||
237 | ;; XXX: We're not at the top level here. We could use a | |
238 | ;; non-top-level 'use-modules' form but that doesn't work when the | |
239 | ;; code is eval'd, like the Shepherd does. | |
240 | (every (@ (srfi srfi-1) every)) | |
241 | (format (@ (ice-9 format) format))) | |
242 | (let loop ((attempts 0)) | |
243 | (unless (every file-exists? sources) | |
244 | (when (> attempts 20) | |
245 | (error "RAID devices did not show up; bailing out" | |
246 | sources)) | |
247 | ||
248 | (format #t "waiting for RAID source devices~{ ~a~}...~%" | |
249 | sources) | |
250 | (sleep 1) | |
251 | (loop (+ 1 attempts)))) | |
252 | ||
4ed2f515 LC |
253 | ;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole |
254 | ;; closure (80 MiB) in the initrd when a RAID device is needed for boot. | |
255 | (zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm") | |
6e52376d | 256 | "--assemble" #$target sources)))) |
7f8ad82b LC |
257 | |
258 | (define (close-raid-device sources target) | |
97c8aef1 | 259 | "Return a gexp that stops the RAID device TARGET." |
4ed2f515 | 260 | #~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm") |
97c8aef1 AE |
261 | "--stop" #$target))) |
262 | ||
263 | (define raid-device-mapping | |
264 | ;; The type of RAID mapped devices. | |
265 | (mapped-device-kind | |
266 | (open open-raid-device) | |
267 | (close close-raid-device))) | |
268 | ||
060d62a7 | 269 | ;;; mapped-devices.scm ends here |