commit 6500b4580c2a1f3d0f980d32d285739d8e156d92

pyrox.dev / nixpkgs

lol

fork atom

Revert "nixos/boot/rasbperrypi: add support for boot.initrd.secret with uboot (#240358)" (#257251)

This reverts commit 94e939985b7730fd74b1c2e03292661734b490f0.

authored by

Yureka and committed by

GitHub 2 years ago 6500b458 f6dd5a9e

+3 -35

4 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-2311.section.md

modules

system

boot

loader

generic-extlinux-compatible

extlinux-conf-builder.sh

raspberrypi

raspberrypi.nix

stage-1.nix

-2

nixos/doc/manual/release-notes/rl-2311.section.md

··· 270 270 271 271 - `services.nginx` gained a `defaultListen` option at server-level with support for PROXY protocol listeners, also `proxyProtocol` is now exposed in `services.nginx.virtualHosts.<name>.listen` option. It is now possible to run PROXY listeners and non-PROXY listeners at a server-level, see [#213510](https://github.com/NixOS/nixpkgs/pull/213510/) for more details. 272 272 273 - - `generic-extlinux-compatible` bootloader (and raspberry pi with uboot) supports appending secrets to the initramfs 274 - 275 273 - `services.restic.backups` now adds wrapper scripts to your system path, which set the same environment variables as the service, so restic operations can easly be run from the command line. This behavior can be disabled by setting `createWrapper` to `false`, per backup configuration. 276 274 277 275 - `services.prometheus.exporters` has a new exporter to monitor electrical power consumption based on PowercapRAPL sensor called [Scaphandre](https://github.com/hubblo-org/scaphandre), see [#239803](https://github.com/NixOS/nixpkgs/pull/239803) for more details.

+3 -25

nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh

··· 70 70 addEntry() { 71 71 local path=$(readlink -f "$1") 72 72 local tag="$2" # Generation number or 'default' 73 - local current="$3" # whether this is the current/latest generation 74 73 75 74 if ! test -e $path/kernel -a -e $path/initrd; then 76 75 return 77 76 fi 78 77 79 - if test -e "$path/append-initrd-secrets"; then 80 - local initrd="$target/nixos/$(basename "$path")-initramfs-with-secrets" 81 - cp $(readlink -f "$path/initrd") "$initrd" 82 - chmod 600 "${initrd}" 83 - chown 0:0 "${initrd}" 84 - filesCopied[$initrd]=1 85 - 86 - "$path/append-initrd-secrets" "$initrd" || if test "${current}" = "1"; then 87 - echo "failed to create initrd secrets for the current generation." >&2 88 - echo "are your \`boot.initrd.secrets\` still in place?" >&2 89 - exit 1 90 - else 91 - echo "warning: failed to create initrd secrets for \"$path\", an older generation" >&2 92 - echo "note: this is normal after having removed or renamed a file in \`boot.initrd.secrets\`" >&2 93 - fi 94 - else 95 - copyToKernelsDir "$path/initrd"; initrd=$result 96 - fi 97 - 98 78 copyToKernelsDir "$path/kernel"; kernel=$result 99 - 79 + copyToKernelsDir "$path/initrd"; initrd=$result 100 80 dtbDir=$(readlink -m "$path/dtbs") 101 81 if [ -e "$dtbDir" ]; then 102 82 copyToKernelsDir "$dtbDir"; dtbs=$result ··· 150 130 TIMEOUT $timeout 151 131 EOF 152 132 153 - addEntry $default default 1 >> $tmpFile 133 + addEntry $default default >> $tmpFile 154 134 155 135 if [ "$numGenerations" -gt 0 ]; then 156 136 # Add up to $numGenerations generations of the system profile to the menu, 157 137 # in reverse (most recent to least recent) order. 158 - current=1 159 138 for generation in $( 160 139 (cd /nix/var/nix/profiles && ls -d system-*-link) \ 161 140 | sed 's/system-$[0-9]\+$-link/\1/' \ 162 141 | sort -n -r \ 163 142 | head -n $numGenerations); do 164 143 link=/nix/var/nix/profiles/system-$generation-link 165 - addEntry $link $generation $current 166 - current=0 144 + addEntry $link $generation 167 145 done >> $tmpFile 168 146 fi 169 147

-1

nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix

··· 142 142 assertion = !pkgs.stdenv.hostPlatform.isAarch64 || cfg.version >= 3; 143 143 message = "Only Raspberry Pi >= 3 supports aarch64."; 144 144 }; 145 - boot.loader.supportsInitrdSecrets = cfg.uboot.enable; 146 145 147 146 system.build.installBootLoader = builder; 148 147 system.boot.loader.id = "raspberrypi";

-7

nixos/modules/system/boot/stage-1.nix

··· 610 610 path the secret should have inside the initrd, the value 611 611 is the path it should be copied from (or null for the same 612 612 path inside and out). 613 - 614 - The loader `generic-extlinux-compatible` supports this. Because 615 - it is not well know how different implementations react to 616 - concatenated cpio archives, this is disabled by default. It can be 617 - enabled by setting {option}`boot.loader.supportsInitrdSecrets` 618 - to true. If this works for you, please report your findings at 619 - https://github.com/NixOS/nixpkgs/issues/247145 . 620 613 ''; 621 614 example = literalExpression 622 615 ''