pyrox.dev
systemd-boot: Support initrd secrets
+9
-1
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
+9
-1
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
···
32
32
f.write("editor 0");
33
33
os.rename("@efiSysMountPoint@/loader/loader.conf.tmp", "@efiSysMountPoint@/loader/loader.conf")
34
34
35
+
def profile_path(generation, name):
36
+
return os.readlink("%s/%s" % (system_dir(generation), name))
37
+
35
38
def copy_from_profile(generation, name, dry_run=False):
36
-
store_file_path = os.readlink("%s/%s" % (system_dir(generation), name))
39
+
store_file_path = profile_path(generation, name)
37
40
suffix = os.path.basename(store_file_path)
38
41
store_dir = os.path.basename(os.path.dirname(store_file_path))
39
42
efi_file_path = "/efi/nixos/%s-%s.efi" % (store_dir, suffix)
···
44
47
def write_entry(generation, machine_id):
45
48
kernel = copy_from_profile(generation, "kernel")
46
49
initrd = copy_from_profile(generation, "initrd")
50
+
try:
51
+
append_initrd_secrets = profile_path(generation, "append-initrd-secrets")
52
+
subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)])
53
+
except FileNotFoundError:
54
+
pass
47
55
entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation)
48
56
generation_dir = os.readlink(system_dir(generation))
49
57
tmp_path = "%s.tmp" % (entry_file)