nixos/udev: Add an option to fail on FHS paths

So far we were merely printing a warning if there are still references
to (/usr)/s?bin, but we actually want to make sure that we fix those
paths, especially on updates of packages that come with udev rules.

This adds a new option allowImpurePaths, which when set to false will
cause the "udev-rules" derivation to fail.

I've set this to true by default, to not break existing systems too much
and the intention is to set it to false for a few NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2016-02-03 14:45:19 +01:00
parent 80983bbe54
commit 9f2a61c59c
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
1 changed files with 15 additions and 0 deletions

View File

@ -116,6 +116,7 @@ let
)"
echo "$localFile ($remoteFile) contains references to $refs."
done
${optionalString (!cfg.allowImpurePaths) "exit 1"}
fi
${optionalString config.networking.usePredictableInterfaceNames ''
@ -231,6 +232,20 @@ in
'';
};
allowImpurePaths = mkOption {
default = true;
example = false;
type = types.bool;
description = ''
If this is disabled, the build will fail whenever one of the
<command>udev</command> rules contains a reference to
<filename>/usr/bin</filename>, <filename>/usr/sbin</filename>,
<filename>/bin</filename> or <filename>/sbin</filename>.
By default only a warning is printed during build.
'';
};
};
hardware.firmware = mkOption {