Hi Petter,
Thanks a lot for the additions to the manual!
There was a lot more than I expected. ;-) For now, I’ve focused on the
improvements to the “System Installation” section, leading to commit
dedb8d5.
It turned out to be more work than I expected because I had to find out
what the differences were (some paragraphs had been moved to a single
line, which made it hard to spot the differences), and then ended up
doing a few things differently to preserve consistency.
In the future, it would be awesome if you could send more focused
patches and make sure the diffs don’t show unrelated “noise.”
Petter <pet...@mykolab.ch> skribis:
> +Open the file in one of the editors. We'll now walk you through the updates
> you need to make in the operating-system declaration in turn from top to
> bottom.
> +
> +@table @asis
> +@item @samp{host-name}
> +Will be the name for this system. It'll be used for identifying this system
> on the network and should be unique amongst the computers in your LAN(s). You
> may also see it in shell prompts. Use ASCII letters and digits only unless
> you know what you're doing.
> +
> +@item @samp{timezone}
> +This value must match a supported timezone exactly. To find the value you
> need here you can run the command
> +@example
> +tzselect
> +@end example
> +and answer its questions. When it asks "Is the above information OK?" answer
> "1" (Yes). The value in the last line of output is the value to use in your
> configuration.
> +To get a shell prompt for running commands you can change virtual console
> (Ctrl-Alt-F#), or close the editor.
> +
> +@item @samp{locale}
> +This value must match a supported locale exactly. To get a list of supported
> locales and their typing run the command
> +@example
> +ls /run/current-system/locale/@var{X.Y}
> +@end @samp{example}
> +where X.Y is the libc version (just press TAB at this level). Find the
> locale you want in the listed output and take note of exactly how it is typed
> (trailing / is not included in the name).
> +To get a shell prompt for running commands you can change virtual console
> (Ctrl-Alt-F#), or close the editor.
> +
> +@item @samp{bootloader}
> +Update the @samp{device} argument according to the comment in the example
> configuration. Typical value is @var{/dev/sda}, note there's no trailing
> digit. This will instruct the installation to install GRUB to the MBR of your
> disk. This is fine even if you're going to use the boot loader in your boot
> firmware, it will just be unused in this case.
> +@end table
I did not include this as is because I think most of it is redundant
with (or should be covered by) the “operating-system Reference” section.
I have not yet integrated the bits about setting up an encrypted root
etc. because I first want the bits below to be fixed in the code.
> +@subsection Booting a fully encrypted system
> +
> +@emph{This chapter is only for systems with encrypted boot.}
> +
> +To be able to boot with encrypted boot you need a system with GRUB flashed
> into the boot firmware, like with Coreboot/Libreboot.
It’s not clear to me how much of it is specific to Coreboot/Libreboot.
It seems like it could equally well work when GRUB is spawned by a
random proprietary BIOS no?
> +@table @asis
> +@item Manual steps to boot your fully encrypted system
> +Press @kbd{c} in GRUB to enter command mode.
Seems to me that GuixSD should automatically DTRT when installing on an
encrypted root file system. See <http://bugs.gnu.org/21843>.
> +menuentry "GuixSD (current)" @{
> + cryptomount @var{grub-partition}
> + set root=(crypto0)
> + set guix_system=/var/guix/profiles/system
> + linux $@{guix_system@}/kernel/bzImage --root=@var{your-root-partition}
> --system=$@{guix_system@} --load=$@{guix_system@}/boot
> + initrd $@{guix_system@}/initrd
> +@}
I think this sort of answers the above bug report, no?
Thanks a lot for your feedback on this!
Ludo’.
