public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #49671 from hyperfekt/bcachefs_cryptroot

Browse Source 
bcachefs root support
This commit is contained in:
Vladyslav M 2018-11-10 00:08:55 +02:00 committed by GitHub
commit eb5a932eb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/system/boot/stage-1-init.sh
View File

@ -246,10 +246,7 @@ checkFS() {
if [ "$fsType" = iso9660 -o "$fsType" = udf ]; then return 0; fi if [ "$fsType" = iso9660 -o "$fsType" = udf ]; then return 0; fi
# Don't check resilient COWs as they validate the fs structures at mount time # Don't check resilient COWs as they validate the fs structures at mount time
if [ "$fsType" = btrfs -o "$fsType" = zfs ]; then return 0; fi if [ "$fsType" = btrfs -o "$fsType" = zfs -o "$fsType" = bcachefs ]; then return 0; fi
# Skip fsck for bcachefs - not implemented yet.
if [ "$fsType" = bcachefs ]; then return 0; fi
# Skip fsck for nilfs2 - not needed by design and no fsck tool for this filesystem. # Skip fsck for nilfs2 - not needed by design and no fsck tool for this filesystem.
if [ "$fsType" = nilfs2 ]; then return 0; fi if [ "$fsType" = nilfs2 ]; then return 0; fi

61
nixos/modules/tasks/filesystems/bcachefs.nix
View File

@ -1,26 +1,65 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, utils, ... }:
with lib; with lib;
let let
inInitrd = any (fs: fs == "bcachefs") config.boot.initrd.supportedFilesystems; bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems;
commonFunctions = ''
prompt() {
local name="$1"
printf "enter passphrase for $name: "
}
tryUnlock() {
local name="$1"
local path="$2"
if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption
prompt $name
until bcachefs unlock $path 2> /dev/null; do # repeat until sucessfully unlocked
printf "unlocking failed!\n"
prompt $name
done
printf "unlocking successful.\n"
fi
}
'';
openCommand = name: fs:
let
# we need only unlock one device manually, and cannot pass multiple at once
# remove this adaptation when bcachefs implements mounting by filesystem uuid
# also, implement automatic waiting for the constituent devices when that happens
# bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671)
firstDevice = head (splitString ":" fs.device);
in
''
tryUnlock ${name} ${firstDevice}
'';
in in
{ {
config = mkIf (any (fs: fs == "bcachefs") config.boot.supportedFilesystems) { config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [
{
system.fsPackages = [ pkgs.bcachefs-tools ];
system.fsPackages = [ pkgs.bcachefs-tools ]; # use kernel package with bcachefs support until it's in mainline
boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs;
}
# use kernel package with bcachefs support until it's in mainline (mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) {
boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs; # the cryptographic modules are required only for decryption attempts
boot.initrd.availableKernelModules = mkIf inInitrd [ "bcachefs" ]; boot.initrd.availableKernelModules = [ "bcachefs" "chacha20" "poly1305" ];
boot.initrd.extraUtilsCommands = mkIf inInitrd boot.initrd.extraUtilsCommands = ''
'' copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/fsck.bcachefs '';
boot.initrd.extraUtilsCommandsTest = ''
$out/bin/bcachefs version
''; '';
}; boot.initrd.postDeviceCommands = commonFunctions + concatStrings (mapAttrsToList openCommand bootFs);
})
]);
} }