From c10a17a3ebfe460e713ba6b766fbdabd8c8f716c Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 3 Feb 2016 16:40:41 +0100
Subject: [PATCH] nixos/udev: Always fail if rules contain FHS paths

Partially reverts the following commits:

  9f2a61c59cc4e4ce278e6582cb4bdca9c2088755
  9c13fe6604358e5255457422acbe8e03734f1e44

As @edolstra pointed out, it would make more sense to do this by default
instead of having that allowImpurePaths option. This of course might
break systems which add extra packages to udev, but on the upside it's
hard to miss one of these paths now because it won't get buried in the
ocean of build output lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 nixos/modules/services/hardware/udev.nix | 16 +---------------
 nixos/tests/installer.nix                |  4 ----
 2 files changed, 1 insertion(+), 19 deletions(-)

diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix
index 74ec335c750..74200eec4c0 100644
--- a/nixos/modules/services/hardware/udev.nix
+++ b/nixos/modules/services/hardware/udev.nix
@@ -116,7 +116,7 @@ let
           )"
           echo "$localFile ($remoteFile) contains references to $refs."
         done
-        ${optionalString (!cfg.allowImpurePaths) "exit 1"}
+        exit 1
       fi
 
       ${optionalString config.networking.usePredictableInterfaceNames ''
@@ -232,20 +232,6 @@ in
         '';
       };
 
-      allowImpurePaths = mkOption {
-        default = true;
-        example = false;
-        type = types.bool;
-        description = ''
-          If this is disabled, the build will fail whenever one of the
-          <command>udev</command> rules contains a reference to
-          <filename>/usr/bin</filename>, <filename>/usr/sbin</filename>,
-          <filename>/bin</filename> or <filename>/sbin</filename>.
-
-          By default only a warning is printed during build.
-        '';
-      };
-
     };
 
     hardware.firmware = mkOption {
diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
index cbfdad8d76b..84fdb027ed8 100644
--- a/nixos/tests/installer.nix
+++ b/nixos/tests/installer.nix
@@ -30,8 +30,6 @@ let
 
         hardware.enableAllFirmware = lib.mkForce false;
 
-        services.udev.allowImpurePaths = false;
-
         ${replaceChars ["\n"] ["\n  "] extraConfig}
       }
     '';
@@ -187,8 +185,6 @@ let
 
             hardware.enableAllFirmware = mkForce false;
 
-            services.udev.allowImpurePaths = false;
-
             # The test cannot access the network, so any packages we
             # need must be included in the VM.
             system.extraDependencies =