Emily
parent
8a37c3dd1a
commit
91c6809946
@ -137,6 +137,8 @@ let
|
|||||||
''}
|
''}
|
||||||
|
|
||||||
# Copy secrets if needed.
|
# Copy secrets if needed.
|
||||||
|
#
|
||||||
|
# TODO: move out to a separate script; see #85000.
|
||||||
${optionalString (!config.boot.loader.supportsInitrdSecrets)
|
${optionalString (!config.boot.loader.supportsInitrdSecrets)
|
||||||
(concatStringsSep "\n" (mapAttrsToList (dest: source:
|
(concatStringsSep "\n" (mapAttrsToList (dest: source:
|
||||||
let source' = if source == null then dest else source; in
|
let source' = if source == null then dest else source; in
|
||||||
@ -579,6 +581,25 @@ in
|
|||||||
message = "boot.resumeDevice has to be an absolute path."
|
message = "boot.resumeDevice has to be an absolute path."
|
||||||
+ " Old \"x:y\" style is no longer supported.";
|
+ " Old \"x:y\" style is no longer supported.";
|
||||||
}
|
}
|
||||||
|
# TODO: remove when #85000 is fixed
|
||||||
|
{ assertion = !config.boot.loader.supportsInitrdSecrets ->
|
||||||
|
all (source:
|
||||||
|
builtins.isPath source ||
|
||||||
|
(builtins.isString source && hasPrefix source builtins.storeDir))
|
||||||
|
(attrValues config.boot.initrd.secrets);
|
||||||
|
message = ''
|
||||||
|
boot.loader.initrd.secrets values must be unquoted paths when
|
||||||
|
using a bootloader that doesn't natively support initrd
|
||||||
|
secrets, e.g.:
|
||||||
|
|
||||||
|
boot.initrd.secrets = {
|
||||||
|
"/etc/secret" = /path/to/secret;
|
||||||
|
};
|
||||||
|
|
||||||
|
Note that this will result in all secrets being stored
|
||||||
|
world-readable in the Nix store!
|
||||||
|
'';
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
system.build =
|
system.build =
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user