[jackhill/guix/guix.git] / gnu / system / mapped-devices.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017, 2018 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system mapped-devices)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (guix modules)
  #:use-module (guix i18n)
  #:use-module ((guix utils)
                #:select (source-properties->location
                          &fix-hint
                          &error-location))
  #:use-module (gnu services)
  #:use-module (gnu services shepherd)
  #:use-module (gnu system uuid)
  #:autoload   (gnu build file-systems) (find-partition-by-luks-uuid)
  #:autoload   (gnu build linux-modules)
                 (device-module-aliases matching-modules known-module-aliases)
  #:autoload   (gnu packages cryptsetup) (cryptsetup-static)
  #:autoload   (gnu packages linux) (mdadm-static)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (srfi srfi-34)
  #:use-module (srfi srfi-35)
  #:use-module (ice-9 match)
  #:export (mapped-device
            mapped-device?
            mapped-device-source
            mapped-device-target
            mapped-device-type
            mapped-device-location

            mapped-device-kind
            mapped-device-kind?
            mapped-device-kind-open
            mapped-device-kind-close
            mapped-device-kind-check

            device-mapping-service-type
            device-mapping-service

            check-device-initrd-modules           ;XXX: needs a better place

            luks-device-mapping
            raid-device-mapping))

;;; Commentary:
;;;
;;; This module supports "device mapping", a concept implemented by Linux's
;;; device-mapper.
;;;
;;; Code:

(define-record-type* <mapped-device> mapped-device
  make-mapped-device
  mapped-device?
  (source    mapped-device-source)                ;string | list of strings
  (target    mapped-device-target)                ;string
  (type      mapped-device-type)                  ;<mapped-device-kind>
  (location  mapped-device-location
             (default (current-source-location)) (innate)))

(define-record-type* <mapped-device-type> mapped-device-kind
  make-mapped-device-kind
  mapped-device-kind?
  (open      mapped-device-kind-open)             ;source target -> gexp
  (close     mapped-device-kind-close             ;source target -> gexp
             (default (const #~(const #f))))
  (check     mapped-device-kind-check             ;source -> Boolean
             (default (const #t))))

\f
;;;
;;; Device mapping as a Shepherd service.
;;;

(define device-mapping-service-type
  (shepherd-service-type
   'device-mapping
   (match-lambda
     (($ <mapped-device> source target
                         ($ <mapped-device-type> open close))
      (shepherd-service
       (provision (list (symbol-append 'device-mapping- (string->symbol target))))
       (requirement '(udev))
       (documentation "Map a device node using Linux's device mapper.")
       (start #~(lambda () #$(open source target)))
       (stop #~(lambda _ (not #$(close source target))))
       (respawn? #f))))))

(define (device-mapping-service mapped-device)
  "Return a service that sets up @var{mapped-device}."
  (service device-mapping-service-type mapped-device))

\f
;;;
;;; Static checks.
;;;

(define (check-device-initrd-modules device linux-modules location)
  "Raise an error if DEVICE needs modules beyond LINUX-MODULES to operate.
DEVICE must be a \"/dev\" file name."
  (define aliases
    ;; Attempt to load 'modules.alias' from the current kernel, assuming we're
    ;; on GuixSD, and assuming that corresponds to the kernel we'll be
    ;; installing.  Skip the whole thing if that file cannot be read.
    (catch 'system-error
      (lambda ()
        (known-module-aliases))
      (const #f)))

  (when aliases
    (let ((modules (delete-duplicates
                    (append-map (cut matching-modules <> aliases)
                                (device-module-aliases device)))))
      (unless (every (cute member <> linux-modules) modules)
        (raise (condition
                (&message
                 (message (format #f (G_ "you may need these modules \
in the initrd for ~a:~{ ~a~}")
                                  device modules)))
                (&fix-hint
                 (hint (format #f (G_ "Try adding them to the
@code{initrd-modules} field of your @code{operating-system} declaration, along
these lines:

@example
 (operating-system
   ;; @dots{}
   (initrd-modules (append (list~{ ~s~})
                           %base-initrd-modules)))
@end example\n")
                               modules)))
                (&error-location
                 (location (source-properties->location location)))))))))

\f
;;;
;;; Common device mappings.
;;;

(define (open-luks-device source target)
  "Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'."
  (with-imported-modules (source-module-closure
                          '((gnu build file-systems)))
    #~(let ((source #$(if (uuid? source)
                          (uuid-bytevector source)
                          source)))
        ;; XXX: 'use-modules' should be at the top level.
        (use-modules (rnrs bytevectors)           ;bytevector?
                     ((gnu build file-systems)
                      #:select (find-partition-by-luks-uuid)))

        ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
        ;; whole world inside the initrd (for when we're in an initrd).
        (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
                        "open" "--type" "luks"

                        ;; Note: We cannot use the "UUID=source" syntax here
                        ;; because 'cryptsetup' implements it by searching the
                        ;; udev-populated /dev/disk/by-id directory but udev may
                        ;; be unavailable at the time we run this.
                        (if (bytevector? source)
                            (or (let loop ((tries-left 10))
                                  (and (positive? tries-left)
                                       (or (find-partition-by-luks-uuid source)
                                           ;; If the underlying partition is
                                           ;; not found, try again after
                                           ;; waiting a second, up to ten
                                           ;; times.  FIXME: This should be
                                           ;; dealt with in a more robust way.
                                           (begin (sleep 1)
                                                  (loop (- tries-left 1))))))
                                (error "LUKS partition not found" source))
                            source)

                        #$target)))))

(define (close-luks-device source target)
  "Return a gexp that closes TARGET, a LUKS device."
  #~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
                    "close" #$target)))

(define* (check-luks-device md #:key
                            needed-for-boot?
                            (initrd-modules '())
                            #:allow-other-keys
                            #:rest rest)
  "Ensure the source of MD is valid."
  (let ((source   (mapped-device-source md))
        (location (mapped-device-location md)))
    (or (not (zero? (getuid)))
        (if (uuid? source)
            (match (find-partition-by-luks-uuid (uuid-bytevector source))
              (#f
               (raise (condition
                       (&message
                        (message (format #f (G_ "no LUKS partition with UUID '~a'")
                                         (uuid->string source))))
                       (&error-location
                        (location (source-properties->location
                                   (mapped-device-location md)))))))
              ((? string? device)
               (check-device-initrd-modules device initrd-modules location)))
            (check-device-initrd-modules source initrd-modules location)))))

(define luks-device-mapping
  ;; The type of LUKS mapped devices.
  (mapped-device-kind
   (open open-luks-device)
   (close close-luks-device)
   (check check-luks-device)))

(define (open-raid-device sources target)
  "Return a gexp that assembles SOURCES (a list of devices) to the RAID device
TARGET (e.g., \"/dev/md0\"), using 'mdadm'."
  #~(let ((sources '#$sources)

          ;; XXX: We're not at the top level here.  We could use a
          ;; non-top-level 'use-modules' form but that doesn't work when the
          ;; code is eval'd, like the Shepherd does.
          (every   (@ (srfi srfi-1) every))
          (format  (@ (ice-9 format) format)))
      (let loop ((attempts 0))
        (unless (every file-exists? sources)
          (when (> attempts 20)
            (error "RAID devices did not show up; bailing out"
                   sources))

          (format #t "waiting for RAID source devices~{ ~a~}...~%"
                  sources)
          (sleep 1)
          (loop (+ 1 attempts))))

      ;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole
      ;; closure (80 MiB) in the initrd when a RAID device is needed for boot.
      (zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm")
                    "--assemble" #$target sources))))

(define (close-raid-device sources target)
  "Return a gexp that stops the RAID device TARGET."
  #~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm")
                    "--stop" #$target)))

(define raid-device-mapping
  ;; The type of RAID mapped devices.
  (mapped-device-kind
   (open open-raid-device)
   (close close-raid-device)))

;;; mapped-devices.scm ends here
Commit	Line	Data
060d62a7	1	;;; GNU Guix --- Functional package management for GNU
424cea80	2	;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
97c8aef1	3	;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
3e5783e2	4	;;; Copyright © 2017, 2018 Mark H Weaver <mhw@netris.org>
060d62a7 LC	5	;;;
	6	;;; This file is part of GNU Guix.
	7	;;;
	8	;;; GNU Guix is free software; you can redistribute it and/or modify it
	9	;;; under the terms of the GNU General Public License as published by
	10	;;; the Free Software Foundation; either version 3 of the License, or (at
	11	;;; your option) any later version.
	12	;;;
	13	;;; GNU Guix is distributed in the hope that it will be useful, but
	14	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	15	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	;;; GNU General Public License for more details.
	17	;;;
	18	;;; You should have received a copy of the GNU General Public License
	19	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	20
	21	(define-module (gnu system mapped-devices)
374f14c2	22	#:use-module (guix gexp)
060d62a7	23	#:use-module (guix records)
239c6e27	24	#:use-module (guix modules)
42ff7d3b LC	25	#:use-module (guix i18n)
	26	#:use-module ((guix utils)
	27	#:select (source-properties->location
8ab10c19	28	&fix-hint
42ff7d3b	29	&error-location))
1ea507bc LC	30	#:use-module (gnu services)
1ea507bc LC	31	#:use-module (gnu services shepherd)
9b336338	32	#:use-module (gnu system uuid)
42ff7d3b	33	#:autoload (gnu build file-systems) (find-partition-by-luks-uuid)
8ab10c19	34	#:autoload (gnu build linux-modules)
3e5783e2	35	(device-module-aliases matching-modules known-module-aliases)
b7d408ec	36	#:autoload (gnu packages cryptsetup) (cryptsetup-static)
4ed2f515	37	#:autoload (gnu packages linux) (mdadm-static)
ffba7d49	38	#:use-module (srfi srfi-1)
424cea80	39	#:use-module (srfi srfi-26)
42ff7d3b LC	40	#:use-module (srfi srfi-34)
42ff7d3b LC	41	#:use-module (srfi srfi-35)
1ea507bc	42	#:use-module (ice-9 match)
060d62a7 LC	43	#:export (mapped-device
	44	mapped-device?
	45	mapped-device-source
	46	mapped-device-target
	47	mapped-device-type
4ca90ff5	48	mapped-device-location
060d62a7 LC	49
	50	mapped-device-kind
	51	mapped-device-kind?
	52	mapped-device-kind-open
374f14c2	53	mapped-device-kind-close
4ca90ff5	54	mapped-device-kind-check
374f14c2	55
1ea507bc LC	56	device-mapping-service-type
	57	device-mapping-service
	58
8ab10c19 LC	59	check-device-initrd-modules ;XXX: needs a better place
8ab10c19 LC	60
97c8aef1 AE	61	luks-device-mapping
97c8aef1 AE	62	raid-device-mapping))
060d62a7 LC	63
	64	;;; Commentary:
	65	;;;
	66	;;; This module supports "device mapping", a concept implemented by Linux's
	67	;;; device-mapper.
	68	;;;
	69	;;; Code:
	70
	71	(define-record-type* <mapped-device> mapped-device
	72	make-mapped-device
	73	mapped-device?
d6d1cea6	74	(source mapped-device-source) ;string \| list of strings
060d62a7	75	(target mapped-device-target) ;string
4ca90ff5 LC	76	(type mapped-device-type) ;<mapped-device-kind>
	77	(location mapped-device-location
	78	(default (current-source-location)) (innate)))
060d62a7 LC	79
	80	(define-record-type* <mapped-device-type> mapped-device-kind
	81	make-mapped-device-kind
	82	mapped-device-kind?
	83	(open mapped-device-kind-open) ;source target -> gexp
	84	(close mapped-device-kind-close ;source target -> gexp
4ca90ff5 LC	85	(default (const #~(const #f))))
	86	(check mapped-device-kind-check ;source -> Boolean
	87	(default (const #t))))
060d62a7	88
374f14c2	89	\f
1ea507bc LC	90	;;;
	91	;;; Device mapping as a Shepherd service.
	92	;;;
	93
	94	(define device-mapping-service-type
	95	(shepherd-service-type
	96	'device-mapping
	97	(match-lambda
4da8c19e LC	98	(($ <mapped-device> source target
4da8c19e LC	99	($ <mapped-device-type> open close))
1ea507bc LC	100	(shepherd-service
	101	(provision (list (symbol-append 'device-mapping- (string->symbol target))))
	102	(requirement '(udev))
	103	(documentation "Map a device node using Linux's device mapper.")
4da8c19e LC	104	(start #~(lambda () #$(open source target)))
4da8c19e LC	105	(stop #~(lambda _ (not #$(close source target))))
dfe06f6e	106	(respawn? #f))))))
1ea507bc	107
4da8c19e LC	108	(define (device-mapping-service mapped-device)
	109	"Return a service that sets up @var{mapped-device}."
	110	(service device-mapping-service-type mapped-device))
1ea507bc LC	111
1ea507bc LC	112	\f
8ab10c19 LC	113	;;;
	114	;;; Static checks.
	115	;;;
	116
	117	(define (check-device-initrd-modules device linux-modules location)
	118	"Raise an error if DEVICE needs modules beyond LINUX-MODULES to operate.
	119	DEVICE must be a \"/dev\" file name."
	120	(define aliases
	121	;; Attempt to load 'modules.alias' from the current kernel, assuming we're
	122	;; on GuixSD, and assuming that corresponds to the kernel we'll be
	123	;; installing. Skip the whole thing if that file cannot be read.
	124	(catch 'system-error
	125	(lambda ()
	126	(known-module-aliases))
	127	(const #f)))
	128
	129	(when aliases
	130	(let ((modules (delete-duplicates
	131	(append-map (cut matching-modules <> aliases)
	132	(device-module-aliases device)))))
	133	(unless (every (cute member <> linux-modules) modules)
	134	(raise (condition
	135	(&message
	136	(message (format #f (G_ "you may need these modules \
	137	in the initrd for ~a:~{ ~a~}")
	138	device modules)))
	139	(&fix-hint
	140	(hint (format #f (G_ "Try adding them to the
	141	@code{initrd-modules} field of your @code{operating-system} declaration, along
	142	these lines:
	143
	144	@example
	145	(operating-system
	146	;; @dots{}
	147	(initrd-modules (append (list~{ ~s~})
	148	%base-initrd-modules)))
	149	@end example\n")
	150	modules)))
	151	(&error-location
	152	(location (source-properties->location location)))))))))
	153
	154	\f
374f14c2 LC	155	;;;
	156	;;; Common device mappings.
	157	;;;
	158
	159	(define (open-luks-device source target)
	160	"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
	161	'cryptsetup'."
239c6e27 LC	162	(with-imported-modules (source-module-closure
239c6e27 LC	163	'((gnu build file-systems)))
9b336338 LC	164	#~(let ((source #$(if (uuid? source)
	165	(uuid-bytevector source)
	166	source)))
dfe06f6e LC	167	;; XXX: 'use-modules' should be at the top level.
	168	(use-modules (rnrs bytevectors) ;bytevector?
	169	((gnu build file-systems)
	170	#:select (find-partition-by-luks-uuid)))
	171
b7d408ec LC	172	;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling the
	173	;; whole world inside the initrd (for when we're in an initrd).
	174	(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
a91c3fc7 LC	175	"open" "--type" "luks"
	176
	177	;; Note: We cannot use the "UUID=source" syntax here
	178	;; because 'cryptsetup' implements it by searching the
	179	;; udev-populated /dev/disk/by-id directory but udev may
	180	;; be unavailable at the time we run this.
	181	(if (bytevector? source)
f45878a8 MW	182	(or (let loop ((tries-left 10))
	183	(and (positive? tries-left)
	184	(or (find-partition-by-luks-uuid source)
	185	;; If the underlying partition is
	186	;; not found, try again after
	187	;; waiting a second, up to ten
	188	;; times. FIXME: This should be
	189	;; dealt with in a more robust way.
	190	(begin (sleep 1)
	191	(loop (- tries-left 1))))))
a91c3fc7 LC	192	(error "LUKS partition not found" source))
	193	source)
	194
	195	#$target)))))
374f14c2 LC	196
	197	(define (close-luks-device source target)
	198	"Return a gexp that closes TARGET, a LUKS device."
b7d408ec	199	#~(zero? (system* #$(file-append cryptsetup-static "/sbin/cryptsetup")
374f14c2 LC	200	"close" #$target)))
374f14c2 LC	201
424cea80 LC	202	(define* (check-luks-device md #:key
	203	needed-for-boot?
	204	(initrd-modules '())
	205	#:allow-other-keys
	206	#:rest rest)
42ff7d3b	207	"Ensure the source of MD is valid."
424cea80 LC	208	(let ((source (mapped-device-source md))
	209	(location (mapped-device-location md)))
	210	(or (not (zero? (getuid)))
	211	(if (uuid? source)
	212	(match (find-partition-by-luks-uuid (uuid-bytevector source))
	213	(#f
	214	(raise (condition
	215	(&message
	216	(message (format #f (G_ "no LUKS partition with UUID '~a'")
	217	(uuid->string source))))
	218	(&error-location
	219	(location (source-properties->location
	220	(mapped-device-location md)))))))
	221	((? string? device)
	222	(check-device-initrd-modules device initrd-modules location)))
	223	(check-device-initrd-modules source initrd-modules location)))))
42ff7d3b	224
374f14c2 LC	225	(define luks-device-mapping
	226	;; The type of LUKS mapped devices.
	227	(mapped-device-kind
	228	(open open-luks-device)
42ff7d3b LC	229	(close close-luks-device)
42ff7d3b LC	230	(check check-luks-device)))
374f14c2	231
7f8ad82b LC	232	(define (open-raid-device sources target)
	233	"Return a gexp that assembles SOURCES (a list of devices) to the RAID device
	234	TARGET (e.g., \"/dev/md0\"), using 'mdadm'."
10618627 LC	235	#~(let ((sources '#$sources)
	236
	237	;; XXX: We're not at the top level here. We could use a
	238	;; non-top-level 'use-modules' form but that doesn't work when the
	239	;; code is eval'd, like the Shepherd does.
	240	(every (@ (srfi srfi-1) every))
	241	(format (@ (ice-9 format) format)))
	242	(let loop ((attempts 0))
	243	(unless (every file-exists? sources)
	244	(when (> attempts 20)
	245	(error "RAID devices did not show up; bailing out"
	246	sources))
	247
	248	(format #t "waiting for RAID source devices~{ ~a~}...~%"
	249	sources)
	250	(sleep 1)
	251	(loop (+ 1 attempts))))
	252
4ed2f515 LC	253	;; Use 'mdadm-static' rather than 'mdadm' to avoid pulling its whole
	254	;; closure (80 MiB) in the initrd when a RAID device is needed for boot.
	255	(zero? (apply system* #$(file-append mdadm-static "/sbin/mdadm")
6e52376d	256	"--assemble" #$target sources))))
7f8ad82b LC	257
7f8ad82b LC	258	(define (close-raid-device sources target)
97c8aef1	259	"Return a gexp that stops the RAID device TARGET."
4ed2f515	260	#~(zero? (system* #$(file-append mdadm-static "/sbin/mdadm")
97c8aef1 AE	261	"--stop" #$target)))
	262
	263	(define raid-device-mapping
	264	;; The type of RAID mapped devices.
	265	(mapped-device-kind
	266	(open open-raid-device)
	267	(close close-raid-device)))
	268
060d62a7	269	;;; mapped-devices.scm ends here