[Nix-dev] How to add file to initrd?
Bryan Gardiner
bog at khumba.net
Thu Sep 10 22:58:05 CEST 2015
On Thu, Sep 10, 2015 at 09:22:13PM +0100, Tomasz Czyż wrote:
> I have a problem with this method as you cannot copy the file outside
> extras tree.
>
> I used:
>
> ''cp /my.key $out/key" - the final file is in /nix/store/XXXXX/here
> (hard to access, if hash will change this stuff stop work.
>
> "cp /my.key $out/../../key" or "cp /my.key /key" doesn't work,
> permission error, so I cannot put key in the root of initrd.
I don't have encrypted boot going myself... I'm passing on a reply I
got off-list from Leroy (bcc'ed, thanks, hope you don't mind), whose
config works using boot.initrd.extraUtilsCommands:
On Wed, Sep 09, 2015 at 07:40:21PM +1200, Leroy Hopson wrote:
> Hi Bryan,
>
> I have a similar setup. I'm using `boot.initrd.extraUtilsCommands` as
> Evygeny suggested.
>
> Here is a link to the relevant section of my configuration:
> https://github.com/lihop/nixos/blob/7b1b0a7fd4396713573c35368791e32843feb957/devices/desktop.nix#L59-L72
>
> Regards,
> Leroy
He's putting the keyfile in the initrd's /bin, then I suspect that
$PATH is only "/bin" in his keyFile = ...; arguments. If that's the
case, then with your first cp command above, your keyfile should
simply be at "/key" in your initrd, no need to know the hash.
Cheers,
Bryan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150910/a8b8bdf5/attachment-0001.bin
More information about the nix-dev
mailing list