1
Fork 0
mirror of https://https.git.savannah.gnu.org/git/guix.git/ synced 2025-07-10 16:50:43 +02:00

mapped-devices/luks: Add support for --allow-discards.

* gnu/system/mapped-devices.scm (open-luks-device): Support opening
LUKS devices with the --allow-discards option.
* gnu/system/mapped-devices.scm (luks-device-mapping-with-options):
Pass through the allow-discards? keyword argument.
* doc/guix.texi (Mapped Devices): Update documentation for the
luks-device-mapping-with-options procedure.

Co-authored-by: Sisiutl <sisiutl@egregore.fun>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: Iff82d7d548486f028d19f6aa35dd30ca194f57cc
This commit is contained in:
Sören Tempel 2025-03-16 12:49:50 +01:00 committed by Maxim Cournoyer
parent 8984d4bbb2
commit 7aa855b05b
No known key found for this signature in database
GPG key ID: 1260E46482E63562
2 changed files with 32 additions and 17 deletions

View file

@ -194,9 +194,10 @@ option of @command{guix system}.\n")
;;; Common device mappings.
;;;
(define* (open-luks-device source targets #:key key-file)
(define* (open-luks-device source targets #:key key-file allow-discards?)
"Return a gexp that maps SOURCE to TARGET as a LUKS device, using
'cryptsetup'."
'cryptsetup'. When ALLOW-DISCARDS? is true, the use of discard (TRIM)
requests is allowed for the underlying device."
(with-imported-modules (source-module-closure
'((gnu build file-systems)
(guix build utils))) ;; For mkdir-p
@ -234,17 +235,20 @@ option of @command{guix system}.\n")
(loop (- tries-left 1))))))
(error "LUKS partition not found" source))
source)))
;; We want to fallback to the password unlock if the keyfile fails.
(or (and keyfile
(zero? (system*/tty
#$(file-append cryptsetup-static "/sbin/cryptsetup")
"open" "--type" "luks"
"--key-file" keyfile
partition #$target)))
(zero? (system*/tty
#$(file-append cryptsetup-static "/sbin/cryptsetup")
"open" "--type" "luks"
partition #$target)))))))))
(let ((cryptsetup #$(file-append cryptsetup-static
"/sbin/cryptsetup"))
(cryptsetup-flags (cons*
"open" "--type" "luks" partition #$target
(if #$allow-discards?
'("--allow-discards")
'()))))
;; We want to fallback to the password unlock if the keyfile
;; fails.
(or (and keyfile
(zero? (apply system*/tty cryptsetup
"--key-file" keyfile cryptsetup-flags)))
(zero? (apply system*/tty cryptsetup
cryptsetup-flags))))))))))
(define (close-luks-device source targets)
"Return a gexp that closes TARGET, a LUKS device."
@ -286,13 +290,15 @@ option of @command{guix system}.\n")
((gnu build file-systems)
#:select (find-partition-by-luks-uuid system*/tty))))))
(define* (luks-device-mapping-with-options #:key key-file)
(define* (luks-device-mapping-with-options #:key key-file allow-discards?)
"Return a luks-device-mapping object with open modified to pass the arguments
into the open-luks-device procedure."
(mapped-device-kind
(inherit luks-device-mapping)
(open (λ (source targets) (open-luks-device source targets
#:key-file key-file)))))
(open (λ (source targets)
(open-luks-device source targets
#:key-file key-file
#:allow-discards? allow-discards?)))))
(define (open-raid-device sources targets)
"Return a gexp that assembles SOURCES (a list of devices) to the RAID device